CN106209386A - A kind of methods, devices and systems realizing safety certification - Google Patents
A kind of methods, devices and systems realizing safety certification Download PDFInfo
- Publication number
- CN106209386A CN106209386A CN201610885216.XA CN201610885216A CN106209386A CN 106209386 A CN106209386 A CN 106209386A CN 201610885216 A CN201610885216 A CN 201610885216A CN 106209386 A CN106209386 A CN 106209386A
- Authority
- CN
- China
- Prior art keywords
- card
- mobile terminal
- server system
- business
- card end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Telephonic Communication Services (AREA)
- Telephone Function (AREA)
Abstract
In the embodiment of the present application, during user uses Network, dynamic password authentication between mobile terminal and server system uses IC-card end to realize, specifically include: after mobile terminal triggers the request of Network, network service request is sent to server system, server system generates random number, and by random number back to mobile terminal, the business information of described random number and description Network is sent to IC-card end by NFC module by mobile terminal, described random number and business information are generated application cryptogram by IC-card end, and the checking information carrying application cryptogram is sent to mobile terminal by NFC module, the business confirmation carrying checking information is sent to server system by mobile terminal, described application cryptogram is verified by server system according to described business confirmation.It follows that use IC-card end to carry out verifying dynamic password, it is more convenient for user operation, is also easy to carry.
Description
Technical field
The present invention relates to technical field of network security, particularly relate to a kind of realize the method for safety certification, device and be
System.
Background technology
Along with the development of the Internet, occur in that many Networks more sensitive to safety at present, as paid or handing over
Easily wait Network.When user uses these Networks, the risk revealed in order to avoid user cipher, client and service
Dynamic password authentication can be used between device, ensure the safety of Network with this.Generally, dynamic password authentication uses soft
Part mode realizes.But the dynamic password authentication realized with software mode cannot be avoided fishing website, forgery base station, steal mobile phone
Etc. illegal means, the malice of dynamic verification code is obtained.
In order to avoid the leakage problem of dynamic password, some Networks at present begin with hardware mode and realize dynamic mouth
Make certification.Such as, in the prior art, as a kind of independent hardware device, electronic cipher device is used for using net user
The dynamic password authentication between client and server is realized during network business.But, for mobile phone, the panel computer of user's use
For mobile terminal, the dynamic verification code obtained by electronic cipher device needs the visitor that user is manually entered on mobile terminal
In the end of family, which results in the problem that user operation is inconvenient.Additionally, in the scene of mobile network, electronic cipher device is as one
Planting the hardware device independent of customer mobile terminal needs user to carry with, and such user could use network whenever and wherever possible
Business, therefore, user needs the number of devices carried also to increased.Again additionally, the cost of electronic cipher device is the highest.
Summary of the invention
The embodiment of the present application technical problem to be solved is to provide and a kind of realize the method for safety certification, device and be
System, Yong Hucao inconvenient to carry with the user avoiding prior art to use electronic cipher device to cause to realize dynamic password authentication
Make inconvenient and that cost is high defect.
First aspect, it is provided that a kind of method realizing safety certification, is applied to IC-card end, including:
Receiving random number and business information that mobile terminal is sent by near-field communication NFC module, described random number is clothes
The business service request initiated for Network in response to described mobile terminal of device system and return to described mobile terminal, institute
State business information for describing described Network, described mobile terminal is configured with described NFC module;
Described random number and described business information are encrypted by the key preset based on described IC-card end and AES
Computing, generates application cryptogram;
The checking information of described application cryptogram is carried to the transmission of described mobile terminal, in order to institute by described NFC module
State server system receive the business confirmation carrying described checking information of described mobile terminal transmission and answer described
Verify by ciphertext.
Optionally,
Described random number and described business information are carried out by the described key preset based on described IC-card end and AES
Cryptographic calculation, generates application cryptogram, including: utilize the card key of described IC-card end and the counting of described Network to disperse
Process key;Kernel-based methods key, uses symmetric key algorithm that described random number is encrypted computing, generates described application close
Literary composition;
Described checking information also carry described IC-card use card sequence number, distributed key index DKI, cipher-text versions number and
Algorithm identifies, in order to described server system uses described card sequence number, described DKI, described cipher-text versions number and described algorithm mark
Know and described application cryptogram is verified.
Optionally, also include:
The card number of described IC-card end is sent to described mobile terminal, in order to described mobile terminal exists by described NFC module
Compare the feelings that card number that card number and described server system that described IC-card end sends return for described service request is identical
Described random number and described business information is sent by described NFC module to described IC-card end under condition.
Optionally, described Network is online transaction business, and described IC-card end is arranged in the payment possessing payment function
On card, described server system is the online payment system for providing payment function for described Payment Card.
Second aspect, it is provided that a kind of method realizing safety certification, is applied to mobile terminal, including:
The service request for Network is sent to server system;
Receive the random number that described server system returns in response to described service request;
Sending described random number and business information by NFC module to IC-card end, described business information is used for describing described
Network, described mobile terminal is configured with described NFC module;
The checking information that described IC-card end sends is received by described NFC module;
The business confirmation carrying described checking information is sent, in order to described server system to described server system
Application cryptogram is verified by system;
Wherein, described checking information carries described application cryptogram, and described application cryptogram is that described IC-card end group is in described
Key and AES that IC-card end is preset are encrypted computing to described random number and described business information and generate.
Optionally, described checking information also carries the card sequence number of described IC-card, distributed key index DKI, cipher-text versions
Number and the algorithm mark of described symmetric key algorithm, in order to described server system uses described card sequence number, described DKI, described
Described application cryptogram is verified by cipher-text versions number and described algorithm mark;
Wherein, described application cryptogram the most described IC-card end utilizes the card key of described IC-card end and described network industry
The counting of business disperses process key Kernel-based methods key to use symmetric key algorithm that described random number is encrypted computing
And generate.
Optionally, also include:
After sending described service request to described server system, receive described server system for described business
The card number that request returns;
The card number that described IC-card end sends is received by described NFC module;
The card number that relatively described IC-card end sends is the most identical with the card number that described server system returns;
Under identical circumstances, perform described NFC module of passing through and send described random number and business information to IC-card end.
Optionally, also include:
After receiving the card number that described server system returns, show the card number that described server returns, with prompting
Described mobile terminal gathers the card number that described IC-card end sends.
Optionally, also include:
After sending for the service request of Network to server system, receive described server system for institute
State the authentication mode that service request returns;
It is dynamic password authentication in response to recognizing described authentication mode, performs the card that the described server of described display returns
Number.
Optionally, the described business confirmation carrying described checking information to the transmission of described server system, including:
Operate in response to the confirmation for described service request, obtain and confirm that under operation, the business of input confirms described
Code;
Described business confirmation is generated based on described checking information and described business confirmation code;
Described business confirmation is sent to described server system.
Optionally, described Network is online transaction business, and described IC-card end is arranged in the payment possessing payment function
On card, described server system is the online payment system for providing payment function for described Payment Card.
The third aspect, it is provided that a kind of device realizing safety certification, is configured at IC-card end, including:
Receive unit, for receiving random number and the business information that mobile terminal is sent, institute by near-field communication NFC module
State random number to be the service request initiated for Network in response to described mobile terminal of server system and return to described
Mobile terminal, described business information is used for describing described Network, and described mobile terminal is configured with described NFC module;
Signal generating unit, is used for the key preset based on described IC-card end and AES to described random number and described business
Information is encrypted computing, generates application cryptogram;
First transmitting element, for carrying described application cryptogram by described NFC module to the transmission of described mobile terminal
Checking information, in order to described server system receive described mobile terminal send the business carrying described checking information true
Recognize information and described application cryptogram is verified.
Fourth aspect, it is provided that a kind of device realizing safety certification, is configured at mobile terminal, including:
First transmitting element, for sending the service request for Network to server system;
First receives unit, for receiving the random number that described server system returns in response to described service request;
Second transmitting element, for sending described random number and business information, described business by NFC module to IC-card end
Information is used for describing described Network, and described mobile terminal is configured with described NFC module;
Second receives unit, for receiving, by described NFC module, the checking information that described IC-card end sends;
Second transmitting element, for sending the business confirmation letter carrying described checking information to described server system
Breath, in order to application cryptogram is verified by described server system;
Wherein, described checking information carries described application cryptogram, and described application cryptogram is that described IC-card end group is in described
Key and AES that IC-card end is preset are encrypted computing to described random number and described business information and generate.
5th aspect, it is provided that a kind of system realizing safety certification, including IC-card end, mobile terminal and server system
System;
Described IC-card end configures the device provided just like the aforementioned third aspect, and described mobile terminal configuration is just like the aforementioned 4th
The device that aspect provides.
In the embodiment of the present application, during user uses Network, between mobile terminal and server system
Dynamic password authentication IC-card end can be used to realize, wherein, can be by being arranged in shifting between mobile terminal and IC-card end
It is mutual that near-field communication (Near Field Communication is called for short NFC) module in dynamic terminal realizes information.Specifically,
Mobile terminal can obtain server system for this after sending for the service request of Network to server system
Service request returns random number.Afterwards, mobile terminal can send this random number and this network by NFC module to IC-card end
The business information that business is corresponding.This random number and this business information can be entered by IC-card end based on preset key and AES
Row cryptographic calculation and generate application cryptogram.After again, mobile terminal can receive carrying of IC-card end transmission by NFC module
The checking information of this application cryptogram, and the business confirmation carrying this checking information is sent to server system.So, clothes
Business device system just can be by the checking to application cryptogram, it is achieved the safety certification to Network.As can be seen here, with IC-card end
As realizing the hardware device of dynamic password authentication, for the mobile terminal such as mobile phone that user is used, panel computer, mobile
The information that in terminal, the NFC module of configuration may be used for realizing between mobile terminal and IC-card end is mutual, therefore, and IC-card end and shifting
Mutual information between terminal of moving is no need for user and is manually entered, so that user operation is more convenient.Additionally, relative to electricity
For sub-scrambler, IC-card is easily portable, and cost is the lowest.
Accompanying drawing explanation
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, in embodiment being described below required for make
Accompanying drawing be briefly described, it should be apparent that, below describe in accompanying drawing be only described in the application some implement
Example, for those of ordinary skill in the art, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of a kind of method realizing safety certification in the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of a kind of method realizing safety certification in the embodiment of the present invention;
Fig. 3 is the schematic flow sheet of a kind of method realizing safety certification in the embodiment of the present invention;
Fig. 4 is the structural representation of a kind of device realizing safety certification in the embodiment of the present invention;
Fig. 5 is the structural representation of a kind of device realizing safety certification in the embodiment of the present invention;
Fig. 6 is the structural representation of a kind of method realizing safety certification in the embodiment of the present invention.
Detailed description of the invention
Inventor finds through research, carrying out paying by mobile terminal or during the Network such as transaction, in order to hand over
Easily safety, dynamic password authentication to be carried out, would generally use the mode of software to realize in prior art, but the side of software
Formula realizes to avoid fishing website, forgery base station, stealing the malice acquisition to dynamic verification code of the illegal means such as mobile phone.Therefore
In order to avoid dynamic password is revealed, some Networks at present have begun with the mode of hardware.Such as, some Network mesh
Before have employed the crypto-device of the form such as U-shield, Ukey, the scrambler of this form needs to be connected to user by USB interface
Terminal, this is applicable for the terminal such as PC, kneetop computer, but, mobile terminal does not the most arrange USB interface, because of
This, the scrambler of this form is not particularly suited for mobile terminal.There is also the electronic cipher device of a kind of hardware the most at present,
Applying electronic scrambler, to when carrying out dynamic password authentication, needs user manually to be arrived by the Password Input shown on electronic cipher device
On mobile terminal, although this avoids mobile terminal cannot be obtained the problem of password by USB interface, but it is the operation of user
Bring inconvenience, and, this electronic cipher device is also unfavorable for carrying with.
In order to solve the problems referred to above, in embodiments of the present invention, by being configured with mobile terminal and the IC-card end of NFC module
Between carry out the safety certification that information realizes concluding the business on mobile terminals alternately, specifically, mobile terminal is to server
System sends for obtaining server system after the service request of Network for this service request return random number.
Afterwards, mobile terminal can send this random number and business information corresponding to Network by NFC module to IC-card end.IC
Card end can be encrypted computing based on preset key and AES to this random number and this business information and generate application
Ciphertext.After again, mobile terminal can receive, by NFC module, the checking letter carrying this application cryptogram that IC-card end sends
Breath, and the business confirmation carrying this checking information is sent to server system.Based on this, server system can pass through
Checking application cryptogram, it is achieved the safety certification to Network.As can be seen here, dynamic password when being traded by IC-card end
Safety certification, not only high than the mode safety of pure software, and, on mobile terminal configuration NFC module may be used for reality
Existing information between mobile terminal and IC-card end is mutual, and information mutual between such IC-card end and mobile terminal is no need for user
It is manually entered, for comparing the electronic cipher device of hardware, easily facilitates user operation.Additionally, for electronic cipher device,
IC-card is easily portable, and cost is the lowest.
Below in conjunction with the accompanying drawings, a kind of side realizing safety certification in the embodiment of the present invention is described in detail by embodiment
The specific implementation of method, device and system.
Illustrative methods
With reference to Fig. 1, it is shown that the schematic flow sheet of a kind of method realizing safety certification in the embodiment of the present invention.The method
Being applied to IC-card end, in the present embodiment, described method such as may comprise steps of:
Step 101: receive the random number that sent by near-field communication NFC module of mobile terminal and business information, described with
Machine number is that server system responds the service request initiated for Network with described mobile terminal and returns to described movement
Terminal, described business information is used for describing described Network, and described mobile terminal is configured with described NFC module.
When implementing, user can trigger Network at mobile terminal, and mobile terminal is grasped in response to the triggering of user
Work can initiate the service request for this Network to the server system that this Network is corresponding.Server system is permissible
In response to this service request, feed back random number according to this Network to mobile terminal.Mobile terminal is receiving server system
After the random number of system feedback, the business information of this random number and description Network can be sent to IC-card end.Can manage
Solving, in the present embodiment, mobile terminal is configured with NFC module, this NFC module can realize near field with IC-card end and lead to
Letter, i.e. information between mobile terminal and IC-card end can be realized by the NFC module of configuration on mobile terminal alternately.Such as,
In a step 101, mobile terminal can by its NFC module to possess near-field communication condition IC-card end send described at random
Number and described business information.
It should be noted that the Network that the present embodiment is mentioned can be any one business merit provided by network
Energy.Such as, in a kind of Application Scenarios-Example, described Network can be online transaction business.Specifically, described network is handed over
Easily business can be transferred account service, payment transaction, inquiry business or finance services etc..It addition, the business letter that the present embodiment is mentioned
Breath represents that in other words, business information can be in the Network that user triggers for the information being described Network
Some essential informations comprised.Such as, if described Network is online transaction business, the most described business information can include handing over
Easily date, dealing money and/or transaction currency type etc..
In the present embodiment, random number is that server system dynamically generates according to the service request of mobile terminal transmission
Data.Wherein, having unique corresponding relation, i.e. server system between random number and service request is that different business please be sought survival
The random number become is the most different.
It is understood that the equipment involved by the present embodiment specifically can have multiple possible implementation.Such as, touch
Send out Network mobile terminal can be mobile phone, panel computer etc. any one be configured with NFC module and net can be triggered
The mobile terminal of network business.And for example, IC-card end can be only fitted to have on the Payment Card of payment function.For another example, server system
It can be the online payment system that payment function is provided for described Payment Card.
In a kind of Application Scenarios-Example, the Payment Card being configured with IC-card end can be that financial IC card (such as has IC-card core
The bank card of sheet), server system can be the network system of financial business.The mobile terminal being configured with NFC module can be pacified
Equipped with the client-side program of financial business, this mobile terminal can be by the client-side program of financial business and financial IC card, gold
The network system melting business interacts.
Step 102: the key preset based on described IC-card end and AES are to described random number and described business information
It is encrypted computing, generates application cryptogram;
In the present embodiment, IC-card end is all provided with corresponding key, provides application cryptogram for for Network.
Wherein, for generating the AES of application cryptogram, such as, can be symmetric encipherment algorithm, can also be and for example asymmetric encryption
Algorithm.
When implementing, after IC-card termination receives the next random number of mobile terminal transmission and business information, IC-card end can
Random number and business information are encrypted computing by preset key and AES.Concrete step 102 such as may be used
To include: utilize the card key of described IC-card end and the counting of described Network to disperse process key;Kernel-based methods is close
Key, uses symmetric key algorithm that described random number is encrypted computing, generates described application cryptogram.
Pay it should be noted that be mainly used for off line in view of asymmetric cryptographic key algorithm, and in online payment
In the case of, asymmetric cryptographic key algorithm is likely to result in the problem of the electronic cash by mistake detained in client's card, therefore, at net
In the case of network business is online transaction business, symmetric encipherment algorithm is more suitable for IC-card end and generates application cryptogram.
In some embodiments of the present embodiment, if Network is online transaction business, IC-card end can be arranged
There is transaction counter, count for Network.Specifically, receiving the business letter that mobile terminal sends every time
After breath, the number of times of transaction can be added up by IC-card end.When IC-card termination receives random number and the business that mobile terminal sends
After information, utilize IC-card end preset card key and applicating counter disperse process close the count results of Network
Key;Again on the basis of process key, use symmetric key algorithm, the counting of random number, business information and Network is tied
Fruit is encrypted computing, generates application cryptogram.
Step 103: the checking carrying described application cryptogram to the transmission of described mobile terminal by described NFC module is believed
Breath, in order to described server system receives the business confirmation carrying described checking information of described mobile terminal transmission also
Described application cryptogram is verified.
In some embodiments of the present embodiment, described checking information such as can also carry what described IC-card used
Card sequence number, distributed key index DKI, cipher-text versions number and algorithm mark, in order to the described server system described card sequence number of employing,
Described application cryptogram is verified by described DKI, described cipher-text versions number and described algorithm mark.
When implementing, after IC-card end generates application cryptogram, it is sent to the checking information carrying this application cryptogram move
Dynamic terminal.Wherein, checking information is in addition to carrying application cryptogram, it is also possible to including: the card sequence number of IC-card employing, distributed key
Index DKI, cipher-text versions number, algorithm mark etc..Then, the business confirmation carrying checking information is sent by mobile terminal
To server system.Server system can be based on the checking information in business confirmation terminal, it is thus achieved that described application cryptogram,
Described card sequence number, described DKI, described cipher-text versions number and described algorithm mark, it is possible to use described card sequence number, described DKI,
Described application cryptogram is verified by described cipher-text versions number and described algorithm mark.
In some embodiments of the present embodiment, mobile terminal is after receiving the checking information that IC-card end sends, also
May include that and show application cryptogram on mobile terminals, and Network input carry out Network to point out client to confirm
Business confirmation code, wherein, business confirmation code is it also will be understood that become trading password.Then, the business that user is inputted by mobile terminal
Confirmation code and checking information are sent to server system.It is to say, the business confirmation that server system receives is except bag
Containing the business confirmation code that can also comprise user's input outside checking information.Wherein, business confirmation code can be that user is mobile whole
Confirm to perform input during Network on end.Such as, if Network is online transaction business, business confirmation code can be to use
The trading password of family input.
In the present embodiment, it is right that the process that the application cryptogram received is verified by server system such as may include that
The business confirmation code of user's input is verified, checks whether IC-card is reported the loss, check credit card issuer random number and IC-card number whether by
Distort;If information above is all verified, the card number of IC-card end and the IC-card that further according to default credit card issuer key, receive are adopted
Card sequence number disperse card key, recycling card key and transaction counter carry out calculated meter to Network
Calculate result and disperse process key, then on the basis of process key, use symmetric key algorithm, by random number and business information
Generate application cryptogram;The application cryptogram generated at IC-card end and the application cryptogram generated at server system are mated, if
The match is successful, and server system judges whether to carry out follow-up Network operation, if operating successfully, to mobile terminal again
Feedback prompts information, to point out customer transaction success;If operation failure, to mobile terminal feedback prompts information, to point out user
The reason of Fail Transaction.If it fails to match, directly to mobile terminal feedback prompts information, to point out user's verifying dynamic password to lose
Lose.
It is understood that in the case of Network is online transaction business, by IC-card end and mobile terminal
Between information realize online transaction business alternately safety certification before, user can pass through sales counter, Net silver or phone
Etc. mode, bank card account number and IC-card end are bound, to realize the signing IC-card end authentication as checking transaction.
It should be noted that when carrying out Network, as user because some reason uses the IC-card of mistake, can
That can cause Network performs failure, to this end, in some embodiments of the present embodiment, mobile terminal is first to IC-card end
The card number provided carries out verifying asks application cryptogram to IC-card end again, concrete, can also include before step 101: pass through
Described NFC module sends the card number of described IC-card end to described mobile terminal, in order to described mobile terminal is comparing described IC
Pass through described in the case of card number that card number and the described server system that card end sends returns for described service request is identical
NFC module sends described random number and described business information to described IC-card end.If additionally, the card number of IC-card end transmission and service
The card number that device system returns for service request differs, and mobile terminal can feed back the information for representing card number mistake.
It is understood that in the case of Network is online transaction business, if obtaining from IC end on mobile terminals
Get card number information and from server system obtain card number information the match is successful, then it represents that this IC-card end is and is traded silver
The IC-card end that row card account has been contracted.
It should be noted that server system has provided the user multiple authentication sometimes, if user exists in advance
Authentication mode has been set in server system the dynamic password authentication of IC-card end, and mobile terminal can perform the peace of IC-card end
Full identifying procedure.Specifically, in some embodiments of the present embodiment, such as, can also include: mobile terminal is to service
After device system sends for the service request of Network, receive what described server system returned for described service request
Authentication mode;Mobile terminal is dynamic password authentication in response to recognizing described authentication mode, performs the described described service of display
The card number that device returns.Specifically, in the case of Network is online transaction business, user initiates transaction by mobile terminal
Request, transaction request is sent to server system by mobile terminal.Server system is according to transaction request, it is judged that carry out this transaction
Bank card account number IC-card of whether having contracted as authentication means, if having contracted IC-card, then generate credit card issuer random number, Qi Zhongsuo
State credit card issuer random number i.e. random number noted above.Server system is by the IC-card number of signing, credit card issuer random number
With for representing that the authentication mode of IC-card end dynamic password authentication feeds back to mobile terminal, in order to mobile terminal is recognizing certification
Mode is the security authentication process performing IC-card end in the case of dynamic password authentication.If not contracting IC-card number, server system
May determine that user has contracted the authentication mode of which kind of form, and the authentication mode that user contracts is fed back to mobile terminal.
The method provided by the present embodiment, user during carrying out Network, mobile terminal and server system
Dynamic password authentication between system uses IC-card end and realizes, and mobile terminal carries out information by NFC module and IC-card end
Mutual, the information such as application cryptogram that acquisition for mobile terminal IC-card end generates, then IC-card end is generated by server system
Application cryptogram is verified.Therefore, use IC-card as realizing the authenticating device of dynamic password, come relative to the mode of software
Saying, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is the lowest.
With reference to Fig. 2, it is shown that the schematic flow sheet of a kind of method realizing safety certification in the embodiment of the present invention.The method
Being applied to mobile terminal, in the present embodiment, described method such as may comprise steps of:
Step 201: send the service request for Network to server system.
Step 202: receive server system and be used for describing in response to described random number and business information, described business information
Described Network, described mobile terminal is configured with described NFC module.
Step 203: send described random number and business information, described business information to IC-card end by described NFC module
For describing described Network.
Step 204: receive the checking information that described IC-card end sends by described NFC module.
Step 205: send the business confirmation carrying described checking information to described server system, in order to described
Application cryptogram is verified by server system.
Wherein, described checking information carries described application cryptogram, and described application cryptogram is that described IC-card end group is in described
Key and AES that IC-card end is preset are encrypted computing to described random number and described business information and generate.
It should be noted that Network mentioned by the present embodiment, business information, random number, mobile terminal, IC-card end
And server system, the embodiment that can be found in earlier figures 1 correspondence is discussed in detail, does not repeats them here.
In some embodiments of the present embodiment, mobile terminal can be such as mobile phone, panel computer etc. any one
Being configured with NFC module and can trigger the mobile terminal of Network, IC-card end such as can be only fitted to have payment function
Payment Card on, server system can be such as described Payment Card provide payment function online payment system.
In the present embodiment, the process that application cryptogram is verified by server system can be found in the reality of earlier figures 1 correspondence
Execute the introduction of example, do not repeat them here.
In some embodiments of the present embodiment, step 205 sends to described server system and tests described in carrying
The business confirmation of card information, specifically may include that mobile terminal operates in response to the confirmation for described service request, obtains
It is taken at the described business confirmation code confirming the lower input of operation;Mobile terminal is raw based on described checking information and described business confirmation code
Become described business confirmation;Mobile terminal sends described business confirmation to described server system.It is understood that
After mobile terminal receives the checking information that IC-card end sends, mobile terminal can point out user to confirm transaction incoming traffic
Confirmation code.After user performs confirmation operation incoming traffic confirmation code, mobile terminal can be by checking information and business
Confirmation code is sent to server system as business confirmation.
It should be noted that in the case of Network is online transaction business, business confirmation code can be such as into
The trading password of the account of row Network.
In the present embodiment, before step 202, the card number of IC-card end can be verified, checking and mobile terminal
Whether mutual IC-card end is the IC-card that this Network is corresponding.Concrete, in some embodiments of the present embodiment, also
May include that, after sending described service request to described server system, mobile terminal receives described server system pin
The card number that described service request is returned;Mobile terminal receives, by described NFC module, the card number that described IC-card end sends;Mobile
The card number that terminal more described IC-card end sends is the most identical with the card number that described server system returns;In identical situation
Under, mobile terminal performs step 203.
More specifically, mobile terminal is after server sends the service request of Network, if having contracted IC-card conduct
The authentication means of dynamic password, the card number of the IC-card of signing is fed back to mobile terminal by server system, and mobile terminal passes through NFC
Module interacts with IC-card end, obtains the card number of IC-card, by the card number of the IC-card of signing that obtains from server with from IC-card
The card number of the IC-card that end obtains contrasts, if the card number of the two is identical, performs step 203.
It should be noted that in the case of Network is online transaction business, the card number that server system returns can
The IC-card bound with the account corresponding to the bankcard network business involved by online transaction business.The card number obtained from IC-card end
It is to carry out the card number of the mutual IC-card end of information with mobile terminal.
In the other embodiment of the present embodiment, on the basis of the card number of mobile terminal checking IC-card end, also may be used
To include: mobile terminal, after receiving the card number that described server system returns, shows the card number that described server returns,
To point out described mobile terminal to gather the card number that described IC-card end sends.
More specifically, mobile terminal is after server system sends the service request of Network, if having contracted IC-card
As the authentication means of dynamic password, the card number of the IC-card of signing is fed back to mobile terminal by server system, at mobile terminal
The card number that upper display server returns, now, user can select IC-card and shifting according to the card number of the IC-card of display on server
Dynamic terminal interacts, and mobile terminal obtains the IC-card number interacted with mobile terminal by NFC module.
It is understood that the card number of IC-card end is verified at mobile terminal, it is also possible to be that user compares, when
When user confirms comparison success, can manually trigger mobile terminal and perform step 203.
In the other embodiment of the present embodiment, on the server systems can also be to the checking of the card number of IC end.
Concrete, after mobile terminal collects IC-card end card number, using the card number of this IC-card end as in business confirmation
Server system is given in distribution, and the card number in the card number contracted and business confirmation is compared by server system again, if
Comparison success, then application cryptogram is verified.
In the present embodiment, the authentication mode that server system provides for Network can have multiple.Such as, except IC
Block the authentication mode as dynamic password authentication instrument and can also include that the authentication mode of software secret order, electronic cipher device are as dynamic
Any one or more such as the authentication mode of state password authentication instrument can be used for the side of mobile terminal enterprising Mobile state password authentication
Formula.Be in the case of Network is provided with multiple authentication mode at server system, server receive service request it
After, the authentication mode that can pre-set to mobile terminal feedback user, such mobile terminal is according to the authentication mode received
Carry out corresponding safety certification.Concrete, in some embodiments of the present embodiment, after step 201, it is also possible to bag
Including: after sending for the service request of Network to server system, mobile terminal receives described server system pin
The authentication mode that described service request is returned;Mobile terminal is dynamic password authentication in response to recognizing described authentication mode,
Perform the card number that the described server of described display returns.
More specifically, after mobile terminal have sent the service request of Network to server system, server system root
Determine, according to this service request, the authentication mode that user contracts, and this authentication mode is fed back to mobile terminal, if mobile terminal connects
The authentication mode received is the dynamic password authentication of IC-card, shows the card number of the IC-card that user contracts on mobile terminals.But,
If the authentication mode that mobile terminal receives is other authentication mode in addition to IC-card dynamic password, according to concrete authenticating party
Formula, carries out corresponding verification operation.
The method provided by the present embodiment, user during carrying out Network, mobile terminal and server system
Dynamic password authentication between system uses IC-card end and realizes, and mobile terminal carries out information by NFC module and IC-card end
Mutual, the information such as application cryptogram that acquisition for mobile terminal IC-card end generates, then IC-card end is generated by server system
Application cryptogram is verified.Therefore, use IC-card as realizing the authenticating device of dynamic password, come relative to the mode of software
Saying, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is the lowest.
With reference to Fig. 3, it is shown that the schematic flow sheet of a kind of method realizing safety certification in the embodiment of the present invention.In this reality
Executing in example, described method such as may include that
Step 301: in response to the trigger action of user, mobile terminal generates the service request for Network.
Step 302: mobile terminal sends described service request to server system.
Step 303: after server system receives described service request, it is judged that whether authentication mode is IC-card dynamic password
Certification.
In the present embodiment, the authentication mode of dynamic password can be in the dynamic password authentication mode being IC-card, it is also possible to be electricity
The authentication mode of sub-scrambler or other be capable of on mobile terminal the authentication mode of dynamic password of transaction.Therefore, when
After server system receives described service request, need to judge whether authentication mode is IC-card dynamic password authentication.
Step 304: if authentication mode is IC-card dynamic password authentication, generates random number at server system, and will signing
The card number of IC end, authentication mode and described random number back are to mobile terminal.
Step 305: mobile terminal, in response to described IC-card dynamic password authentication, shows the card number of described IC-card end, to carry
Show that user selects corresponding IC-card end to interact with described mobile terminal.
In the present embodiment, mobile terminal is according to the authentication mode received, it may be judged whether whether this authentication mode is described
IC-card dynamic password authentication, if so, shows the card number of described mobile terminal, to point out user to select corresponding IC-card whole with mobile
End interacts.
Step 306: described random number and business information are sent to IC-card end by mobile terminal.
Described random number and described business information are carried out by step 307:IC card end group in preset key and AES
Cryptographic calculation, generates application cryptogram.
In the present embodiment, each IC-card is provided with corresponding key, is used for the random number received and business
Information is encrypted.AES can be such as symmetric encipherment algorithm can also be rivest, shamir, adelman.
After IC-card termination receives the next random number of mobile terminal transmission and business information, by the key that IC-card end is preset
With AES, random number and business information are encrypted computing.Concrete step 307 such as may include that and utilizes described IC
The card key of card end and the counting of described Network disperse process key;Kernel-based methods key, uses symmetric key to calculate
Method is encrypted computing to described random number, generates described application cryptogram.
The checking information carrying application cryptogram is sent to described mobile terminal by step 308:IC card end.
In the present embodiment, described checking information also carries the card sequence number of described IC-card employing, distributed key indexes DKI,
Cipher-text versions number and algorithm identify, in order to described server system uses described card sequence number, described DKI, described cipher-text versions number
With described algorithm mark, described application cryptogram is verified.
Step 309: the business confirmation carrying checking information is sent to the described webserver by mobile terminal.
In the present embodiment, this step concrete implementation method includes: operate in response to the confirmation for described service request,
Obtain and confirm the business confirmation code of input under operation described;Generate described based on described checking information and described business confirmation code
Business confirmation;Described business confirmation is sent to described server system.
In the present embodiment, after mobile terminal receives and carries the checking information of application cryptogram, show checking information, and
The business confirmation code of prompting user's this Network of input validation, and using described business confirmation code and described checking information as industry
Business confirmation is sent to server system.
Step 310: described application cryptogram is verified by the webserver according to described business confirmation.
In the present embodiment, the webserver is after receiving business confirmation, according to the card number of the IC-card end received
Judge whether described IC-card is reported the loss, the business confirmation code of user's input is verified, check that the IC-card of signing and random number are
No it is tampered.If described IC-card is not reported the loss, described business confirmation code correct, the IC-card number of signing and random number are not tampered with, root
The card sequence number used according to preset credit card issuer key, the card number of described IC-card end and described IC-card end disperses card key, depends on
Disperse process key according to the counting of described card key and Network, then according to described process key, use symmetric key
Algorithm generates application cryptogram, the application cryptogram of the IC end of the application cryptogram generated at server system and acquisition generation is carried out
Joining, if the two application cryptogram is identical, expression is proved to be successful.
Step 311: if being proved to be successful, server system judges whether to perform Network, and transaction results is fed back to
Mobile terminal.
After being proved to be successful, server system judges whether to perform Network, such as, transfer accounts, the subsequent operation such as payment, and
Final transaction results is fed back to mobile terminal, to point out customer transaction the most successful.
The method provided by the present embodiment, uses IC-card to enter with mobile terminal as the authenticating device realizing dynamic password
Row is mutual, during mutual, generate business checking information, and is tested business checking information by server system
Card.Therefore, using IC-card as realizing the authenticating device of dynamic password, for the mode of software, safety is higher;Phase
For electronic cipher device, it is more convenient to operate, and cost is the lowest.
Example devices
With reference to Fig. 4, it is shown that the structural representation of a kind of device realizing safety certification in the embodiment of the present invention.This device
Being configured at IC-card end, in the present embodiment, described device specifically can include
Receive unit 401, for receiving random number and the business letter that mobile terminal is sent by near-field communication NFC module
Breath, described random number is the service request initiated for Network in response to described mobile terminal of server system and returns to
Described mobile terminal, described business information is used for describing described Network, and described mobile terminal is configured with described NFC mould
Block.
Signal generating unit 402, for based on the preset key of described IC-card end and AES to described random number and described
Business information is encrypted computing, generates application cryptogram.
First transmitting element 403, close for carrying described application by described NFC module to the transmission of described mobile terminal
The checking information of literary composition, in order to described server system receives the business carrying described checking information that described mobile terminal sends
Described application cryptogram is also verified by confirmation.
Optionally, in the present embodiment, described signal generating unit, including:
Dispersion subelement, for utilizing the card key of described IC-card end and the counting of described Network to disperse process
Key.
Generate subelement, for Kernel-based methods key, use symmetric key algorithm that described random number is encrypted computing,
Generate described application cryptogram.
Optionally, in the present embodiment, also include:
Second transmitting element, for being sent the card number of described IC-card end to described mobile terminal by described NFC module, with
Toilet is stated mobile terminal and is returned for described service request with described server system at the card number comparing the transmission of described IC-card end
By described NFC module to described IC-card end transmission described random number and described business information in the case of the card number that returns is identical.
Described Network is online transaction business, and described IC-card end is arranged on the Payment Card possessing payment function, institute
State server system for the online payment system for providing payment function for described Payment Card.
The device provided by the present embodiment, user during carrying out Network, mobile terminal and server system
Dynamic password authentication between system uses IC-card end and realizes, and mobile terminal carries out information by NFC module and IC-card end
Mutual, the information such as application cryptogram that acquisition for mobile terminal IC-card end generates, then IC-card end is generated by server system
Application cryptogram is verified.Therefore, use IC-card as realizing the authenticating device of dynamic password, come relative to the mode of software
Saying, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is the lowest.
With reference to Fig. 5, it is shown that a kind of schematic diagram realizing safety certification device in the embodiment of the present invention.At the present embodiment
In, described device includes:
First transmitting element 501, for sending the service request for Network to server system;
First receives unit 502, random for receive that described server system returns in response to described service request
Number;
Second transmitting element 503, for sending described random number and business information by NFC module to IC-card end, described
Business information is used for describing described Network, and described mobile terminal is configured with described NFC module;
Second receives unit 504, for receiving, by described NFC module, the checking information that described IC-card end sends;
Second transmitting element 505, confirms for sending the business carrying described checking information to described server system
Information, in order to application cryptogram is verified by described server system;
Wherein, described checking information carries described application cryptogram, and described application cryptogram is that described IC-card end group is in described
Key and AES that IC-card end is preset are encrypted computing to described random number and described business information and generate.
In the present embodiment, described checking information also carries the card sequence number of described IC-card, distributed key index DKI, ciphertext
Version number and described symmetric key algorithm algorithm mark, in order to described server system use described card sequence number, described DKI,
Described application cryptogram is verified by described cipher-text versions number and described algorithm mark;
Wherein, described application cryptogram the most described IC-card end utilizes the card key of described IC-card end and described network industry
The counting of business disperses process key Kernel-based methods key to use symmetric key algorithm that described random number is encrypted computing
And generate.
In the present embodiment, described second transmitting element specifically includes:
Obtain subelement, for operating in response to the confirmation for described service request, obtain and confirm under operation described
The business confirmation code of input;
Generate subelement, for generating described business confirmation based on described checking information and described business confirmation code;
First sends subelement, for sending described business confirmation to described server system.
In the present embodiment, also include:
Second receives unit, for, after sending described service request to described server system, receiving described service
The card number that device system returns for described service request.
3rd receives unit, for receiving, by described NFC module, the card number that described IC-card end sends.
Comparing unit, the card number that the card number sent for relatively described IC-card end and described server system return whether phase
With.
First performance element, under identical circumstances, perform described by NFC module to IC-card end send described with
Machine number and business information.
Display unit, for, after receiving the card number that described server system returns, showing that described server returns
Card number, with point out described mobile terminal gather described IC-card end send card number.
4th receives unit, for after sending for the service request of Network to server system, receives institute
State the authentication mode that server system returns for described service request.
Second performance element, for being dynamic password authentication in response to recognizing described authentication mode, performs described display
The card number that described server returns.
The equipment provided by the present embodiment, user during carrying out Network, mobile terminal and server system
Dynamic password authentication between system uses IC-card end and realizes, and mobile terminal carries out information by NFC module and IC-card end
Mutual, the information such as application cryptogram that acquisition for mobile terminal IC-card end generates, then IC-card end is generated by server system
Application cryptogram is verified.Therefore, use IC-card as realizing the authenticating device of dynamic password, come relative to the mode of software
Saying, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is the lowest.
With reference to Fig. 6, for the structural representation of the system realizing safety certification a kind of in the embodiment of the present invention.At the present embodiment
In, described system includes:
IC-card end 601, mobile terminal 602 and server system 603.
Wherein, the device of the embodiment offer that the configuration of described IC-card end is corresponding just like Fig. 4, described mobile terminal configuration has figure
The device that the embodiment of 5 correspondences provides.
Described server system, is used for generating random number and the ciphertext generating IC-card end is verified.
In the present embodiment, after mobile terminal triggers the request of Network, network service request is sent to server system
System, server system generates random number, and by random number back to mobile terminal, mobile terminal by NFC module by described with
The business information of machine number and description Network is sent to IC-card end, and described random number and business information are generated application by IC-card end
Ciphertext, and the checking information carrying application cryptogram is sent to mobile terminal by NFC module, mobile terminal will carry and test
The business confirmation of card information is sent to server system, server system according to described business confirmation to described application
Ciphertext is verified.
The system provided by the present embodiment, user during carrying out Network, mobile terminal and server system
Dynamic password authentication between system uses IC-card end and realizes, and mobile terminal carries out information by NFC module and IC-card end
Mutual, the information such as application cryptogram that acquisition for mobile terminal IC-card end generates, then IC-card end is generated by server system
Application cryptogram is verified.Therefore, use IC-card as realizing the authenticating device of dynamic password, come relative to the mode of software
Saying, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is the lowest.
" the first transmitting element " mentioned in the embodiment of the present invention is, " first " in titles such as " first receive unit " is
It is used for doing name mark, does not represent first sequentially.This rule is equally applicable to " second " etc..
As seen through the above description of the embodiments, those skilled in the art is it can be understood that arrive above-mentioned enforcement
All or part of step in example method can add the mode of general hardware platform by software and realize.Based on such understanding,
Technical scheme can embody with the form of software product, and this computer software product can be stored in storage and be situated between
In matter, such as read only memory (English: read-only memory, ROM)/RAM, magnetic disc, CD etc., including some instructions in order to
One computer equipment (can be personal computer, server, or the network communication equipment such as such as router) is performed
Each embodiment of the present invention or the method described in some part of embodiment.
Each embodiment in this specification all uses the mode gone forward one by one to describe, identical similar portion between each embodiment
Dividing and see mutually, what each embodiment stressed is the difference with other embodiments.Real especially for method
For executing example and apparatus embodiments, owing to it is substantially similar to system embodiment, so describing fairly simple, relevant part ginseng
See that the part of system embodiment illustrates.Equipment described above and system embodiment are only schematically, Qi Zhongzuo
The module illustrated for separating component can be or may not be physically separate, and the parts shown as module can be
Or may not be physical module, i.e. may be located at a place, or can also be distributed on multiple NE.Permissible
Select some or all of module therein to realize the purpose of the present embodiment scheme according to the actual needs.The common skill in this area
Art personnel, in the case of not paying creative work, are i.e. appreciated that and implement.
The above is only the preferred embodiment of the present invention, is not intended to limit protection scope of the present invention.Should refer to
Go out, for those skilled in the art, under the premise of not departing from the present invention, it is also possible to make some improvement
And retouching, these improvements and modifications also should be regarded as protection scope of the present invention.
Claims (14)
1. the method realizing safety certification, it is characterised in that be applied to IC-card end, including:
Receiving random number and business information that mobile terminal is sent by near-field communication NFC module, described random number is server
Service request that system is initiated for Network in response to described mobile terminal and return to described mobile terminal, described industry
Business information is used for describing described Network, and described mobile terminal is configured with described NFC module;
The key preset based on described IC-card end and AES are encrypted computing to described random number and described business information,
Generate application cryptogram;
The checking information of described application cryptogram is carried to the transmission of described mobile terminal, in order to described clothes by described NFC module
Business device system receives the business confirmation carrying described checking information close to described application that described mobile terminal sends
Literary composition is verified.
Method the most according to claim 1, it is characterised in that
Described random number and described business information are encrypted by the described key preset based on described IC-card end and AES
Computing, generates application cryptogram, including: utilize the card key of described IC-card end and the counting of described Network to disperse process
Key;Kernel-based methods key, uses symmetric key algorithm that described random number is encrypted computing, generates described application cryptogram;
Described checking information also carries card sequence number, distributed key index DKI, cipher-text versions number and the algorithm that described IC-card uses
Mark, in order to described server system uses described card sequence number, described DKI, described cipher-text versions number and described algorithm mark right
Described application cryptogram is verified.
Method the most according to claim 1, it is characterised in that also include:
The card number of described IC-card end is sent to described mobile terminal, in order to described mobile terminal is comparing by described NFC module
Go out card number that card number and described server system that described IC-card end sends return for described service request identical in the case of
Described random number and described business information is sent to described IC-card end by described NFC module.
Method the most according to claim 1, it is characterised in that described Network is online transaction business, described IC-card
End is arranged on the Payment Card possessing payment function, and described server system is for for providing payment function for described Payment Card
Online payment system.
5. the method realizing safety certification, it is characterised in that be applied to mobile terminal, including:
The service request for Network is sent to server system;
Receive the random number that described server system returns in response to described service request;
Sending described random number and business information by NFC module to IC-card end, described business information is used for describing described network
Business, described mobile terminal is configured with described NFC module;
The checking information that described IC-card end sends is received by described NFC module;
The business confirmation carrying described checking information is sent, in order to described server system pair to described server system
Application cryptogram is verified;
Wherein, described checking information carries described application cryptogram, and described application cryptogram is that described IC-card end group is in described IC-card
Hold preset key and AES that described random number and described business information are encrypted computing and are generated.
Method the most according to claim 5, it is characterised in that described checking information also carries the card sequence of described IC-card
Number, distributed key index DKI, the algorithm mark of cipher-text versions number and described symmetric key algorithm, in order to described server system
Use described card sequence number, described DKI, described cipher-text versions number and described algorithm mark that described application cryptogram is verified;
Wherein, described application cryptogram the most described IC-card end utilizes the card key of described IC-card end and described Network
Counting disperses process key Kernel-based methods key to use symmetric key algorithm described random number to be encrypted computing and gives birth to
Become.
Method the most according to claim 5, it is characterised in that also include:
After sending described service request to described server system, receive described server system for described service request
The card number returned;
The card number that described IC-card end sends is received by described NFC module;
The card number that relatively described IC-card end sends is the most identical with the card number that described server system returns;
Under identical circumstances, perform described NFC module of passing through and send described random number and business information to IC-card end.
Method the most according to claim 7, it is characterised in that also include:
After receiving the card number that described server system returns, show the card number that described server returns, described with prompting
Mobile terminal gathers the card number that described IC-card end sends.
Method the most according to claim 8, it is characterised in that also include:
After sending for the service request of Network to server system, receive described server system for described industry
The authentication mode that business request returns;
It is dynamic password authentication in response to recognizing described authentication mode, performs the card number that the described server of described display returns.
Method the most according to claim 5, it is characterised in that described send to described server system carry described
The business confirmation of checking information, including:
Operate in response to the confirmation for described service request, obtain and confirm the business confirmation code of input under operation described;
Described business confirmation is generated based on described checking information and described business confirmation code;
Described business confirmation is sent to described server system.
11. methods according to claim 5, it is characterised in that described Network is online transaction business, described IC-card
End is arranged on the Payment Card possessing payment function, and described server system is for for providing payment function for described Payment Card
Online payment system.
12. 1 kinds of devices realizing safety certification, it is characterised in that be configured at IC-card end, including:
Receive unit, for receiving random number and the business information that mobile terminal is sent by near-field communication NFC module, described with
Machine number is the service request initiated for Network in response to described mobile terminal of server system and returns to described movement
Terminal, described business information is used for describing described Network, and described mobile terminal is configured with described NFC module;
Signal generating unit, is used for the key preset based on described IC-card end and AES to described random number and described business information
It is encrypted computing, generates application cryptogram;
First transmitting element, for carrying testing of described application cryptogram by described NFC module to the transmission of described mobile terminal
Card information, in order to described server system receives the business confirmation letter carrying described checking information that described mobile terminal sends
Described application cryptogram is also verified by breath.
13. 1 kinds of devices realizing safety certification, it is characterised in that be configured at mobile terminal, including:
First transmitting element, for sending the service request for Network to server system;
First receives unit, for receiving the random number that described server system returns in response to described service request;
Second transmitting element, for sending described random number and business information, described business information by NFC module to IC-card end
For describing described Network, described mobile terminal is configured with described NFC module;
Second receives unit, for receiving, by described NFC module, the checking information that described IC-card end sends;
Second transmitting element, for sending the business confirmation carrying described checking information to described server system, with
Toilet is stated server system and is verified application cryptogram;
Wherein, described checking information carries described application cryptogram, and described application cryptogram is that described IC-card end group is in described IC-card
Hold preset key and AES that described random number and described business information are encrypted computing and are generated.
14. 1 kinds of systems realizing safety certification, it is characterised in that include IC-card end, mobile terminal and server system;
Described IC-card end is configured with device as claimed in claim 12, and described mobile terminal configuration has as claimed in claim 13
Device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610885216.XA CN106209386B (en) | 2016-10-10 | 2016-10-10 | A kind of methods, devices and systems for realizing safety certification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610885216.XA CN106209386B (en) | 2016-10-10 | 2016-10-10 | A kind of methods, devices and systems for realizing safety certification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106209386A true CN106209386A (en) | 2016-12-07 |
| CN106209386B CN106209386B (en) | 2019-09-27 |
Family
ID=57521199
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610885216.XA Active CN106209386B (en) | 2016-10-10 | 2016-10-10 | A kind of methods, devices and systems for realizing safety certification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106209386B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107295011A (en) * | 2017-08-04 | 2017-10-24 | 杭州安恒信息技术有限公司 | The safety certifying method and device of webpage |
| CN107330700A (en) * | 2017-07-04 | 2017-11-07 | 易联众信息技术股份有限公司 | A kind of card security certification payment system |
| CN111062014A (en) * | 2019-12-24 | 2020-04-24 | 中国银行股份有限公司 | Security authentication method and device and electronic equipment |
| CN112866228A (en) * | 2017-09-28 | 2021-05-28 | 中国银联股份有限公司 | Method and device for controlling unauthorized access of web system |
| CN114492489A (en) * | 2022-01-24 | 2022-05-13 | 芯电智联(北京)科技有限公司 | NFC label verification system based on dynamic data |
| US12010519B2 (en) | 2019-08-09 | 2024-06-11 | Huawei Technologies Co., Ltd. | Information sharing method, terminal device, storage medium, and computer program product |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101131756A (en) * | 2006-08-24 | 2008-02-27 | 联想(北京)有限公司 | Security authentication system, device and method for electric cash charge of mobile paying device |
| CN102542503A (en) * | 2010-12-09 | 2012-07-04 | 同方股份有限公司 | System and method for realizing bank security transaction by mobile communication terminal |
| CN104320779A (en) * | 2014-11-13 | 2015-01-28 | 熊文俊 | Near field communication authentication method based on U/SIM card authentication response and time-limited feedback |
| CN105046489A (en) * | 2015-06-26 | 2015-11-11 | 深圳国微技术有限公司 | Mobile payment method, mobile payment device and mobile payment |
-
2016
- 2016-10-10 CN CN201610885216.XA patent/CN106209386B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101131756A (en) * | 2006-08-24 | 2008-02-27 | 联想(北京)有限公司 | Security authentication system, device and method for electric cash charge of mobile paying device |
| CN102542503A (en) * | 2010-12-09 | 2012-07-04 | 同方股份有限公司 | System and method for realizing bank security transaction by mobile communication terminal |
| CN104320779A (en) * | 2014-11-13 | 2015-01-28 | 熊文俊 | Near field communication authentication method based on U/SIM card authentication response and time-limited feedback |
| CN105046489A (en) * | 2015-06-26 | 2015-11-11 | 深圳国微技术有限公司 | Mobile payment method, mobile payment device and mobile payment |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107330700A (en) * | 2017-07-04 | 2017-11-07 | 易联众信息技术股份有限公司 | A kind of card security certification payment system |
| CN107295011A (en) * | 2017-08-04 | 2017-10-24 | 杭州安恒信息技术有限公司 | The safety certifying method and device of webpage |
| CN107295011B (en) * | 2017-08-04 | 2020-09-04 | 杭州安恒信息技术股份有限公司 | Webpage security authentication method and device |
| CN112866228A (en) * | 2017-09-28 | 2021-05-28 | 中国银联股份有限公司 | Method and device for controlling unauthorized access of web system |
| CN112866228B (en) * | 2017-09-28 | 2023-04-18 | 中国银联股份有限公司 | Method and device for controlling unauthorized access of web system |
| US12010519B2 (en) | 2019-08-09 | 2024-06-11 | Huawei Technologies Co., Ltd. | Information sharing method, terminal device, storage medium, and computer program product |
| CN111062014A (en) * | 2019-12-24 | 2020-04-24 | 中国银行股份有限公司 | Security authentication method and device and electronic equipment |
| CN114492489A (en) * | 2022-01-24 | 2022-05-13 | 芯电智联(北京)科技有限公司 | NFC label verification system based on dynamic data |
| CN114492489B (en) * | 2022-01-24 | 2022-10-21 | 芯电智联(北京)科技有限公司 | NFC label verification system based on dynamic data |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106209386B (en) | 2019-09-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106209386A (en) | A kind of methods, devices and systems realizing safety certification | |
| CN107230049B (en) | Method and system for providing digital currency | |
| CN105897721B (en) | Verify the method and device of fiscard user identity reliability | |
| CN107230068B (en) | Method and system for paying digital currency using a visual digital currency chip card | |
| CN107230050B (en) | Method and system for paying digital currency based on visible digital currency chip card | |
| CN107230053B (en) | Method and system for exchanging digital currency by cash | |
| CN107256484B (en) | Mobile payment authorization transfer method and payment system realized by using same | |
| CN104794613B (en) | A kind of mobile device authentication method based on point-of-sale terminal | |
| CN105989466A (en) | Method of payment with mobile phone | |
| CN105162607A (en) | Authentication method and system of payment bill voucher | |
| CN108234385A (en) | A kind of method for authenticating user identity and device | |
| CN105590194A (en) | Offline payment method and payment system | |
| CN104463576A (en) | NFC mobile payment communication method based on online payment | |
| JP2015537399A (en) | Application system for mobile payment and method for providing and using mobile payment means | |
| CN104933565A (en) | IC card transaction method and IC card transaction system | |
| WO2018187634A1 (en) | Digital property remittance via telephone numbers through telecom carriers | |
| CN104182875A (en) | Payment method and payment system | |
| CN109598494A (en) | Transaction request based on open platform executes method, apparatus, equipment and medium | |
| CN103959312A (en) | Method of paying for a product or service on a commercial website via an internet connection and a corresponding terminal | |
| CN109754240A (en) | Method and system, payment platform and the bank's platform of payment platform binding bank card | |
| CN103268436A (en) | Method and system for touch-screen based graphical password authentication in mobile payment | |
| CN106330888B (en) | The method and device of payment safety in a kind of guarantee the Internet line | |
| CN107506998A (en) | Fingerprint password payment method, device and system based on NFC verification | |
| CN106251145A (en) | Electronic fare payment system, electronic payment devices and electric paying method | |
| TW201317911A (en) | Cloud credit card transaction system and transaction method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |