CN106209386B - A kind of methods, devices and systems for realizing safety certification - Google Patents
A kind of methods, devices and systems for realizing safety certification Download PDFInfo
- Publication number
- CN106209386B CN106209386B CN201610885216.XA CN201610885216A CN106209386B CN 106209386 B CN106209386 B CN 106209386B CN 201610885216 A CN201610885216 A CN 201610885216A CN 106209386 B CN106209386 B CN 106209386B
- Authority
- CN
- China
- Prior art keywords
- card
- mobile terminal
- server system
- business
- card end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
Abstract
In the embodiment of the present application, during user uses network service, dynamic password authentication between mobile terminal and server system is realized using IC card end, it specifically includes: after mobile terminal triggers the request of network service, network service request is sent to server system, server system generates random number, and by random number back to mobile terminal, the business information of the random number and description network service is sent to IC card end by NFC module by mobile terminal, the random number and business information are generated application cryptogram by IC card end, and the verification information for carrying application cryptogram is sent to mobile terminal by NFC module, the business confirmation message for carrying verification information is sent to server system by mobile terminal, server system verifies the application cryptogram according to the business confirmation message.It follows that carrying out verifying dynamic password using IC card end, it is more convenient for user's operation, is also easy to carry.
Description
Technical field
The present invention relates to technical field of network security, more particularly to a kind of method, apparatus for realizing safety certification and are
System.
Background technique
With the development of internet, occur many network services more sensitive to safety at present, such as pay or hand over
Easily wait network services.When user uses these network services, in order to avoid the risk of user password leakage, client and service
Dynamic password authentication can be used between device, guarantee the safety of network service with this.In general, dynamic password authentication is using soft
Part mode is realized.But fishing website not can avoid with the dynamic password authentication that software mode is realized, forgery base station, steal mobile phone
Etc. illegal means the malice of dynamic verification code is obtained.
In order to avoid the leakage problem of dynamic password, current some network services start to realize dynamic mouth using hardware mode
Enable certification.For example, in the prior art, as a kind of independent hardware device, electronic cipher device be used to use net in user
The dynamic password authentication between client and server is realized when network business.But for mobile phone, tablet computer that user uses
For equal mobile terminals, user is needed to be manually entered into the visitor on mobile terminal by the dynamic verification code that electronic cipher device obtains
In the end of family, which results in the problems of user's operation inconvenience.In addition, electronic cipher device is as one in the scene of mobile network
Kind needs user to carry independently of the hardware device of customer mobile terminal, and such user could use network whenever and wherever possible
Business, therefore, user need the number of devices carried also to increased.Again in addition, the cost of electronic cipher device is also higher.
Summary of the invention
The technical problem to be solved in the embodiments of the present application is that providing a kind of method, apparatus for realizing safety certification and being
System realizes caused by dynamic password authentication that user is inconvenient to carry, Yong Hucao to avoid the prior art using electronic cipher device
Make inconvenient and defect at high cost.
In a first aspect, providing a kind of method for realizing safety certification, it is applied to IC card end, comprising:
Random number and business information that mobile terminal is sent by near-field communication NFC module are received, the random number is clothes
Business device system returns to the mobile terminal for the service request that network service is initiated in response to the mobile terminal, institute
Business information is stated for describing the network service, is configured with the NFC module on the mobile terminal;
The random number and the business information are encrypted based on the IC card end preset key and Encryption Algorithm
Operation generates application cryptogram;
The verification information for carrying the application cryptogram is sent, to the mobile terminal by the NFC module with toilet
Server system is stated to receive the business confirmation message for carrying the verification information of the mobile terminal transmission and answer described
It is verified with ciphertext.
Optionally,
The key and Encryption Algorithm preset based on the IC card end carry out the random number and the business information
Cryptographic calculation generates application cryptogram, comprising: disperse using the card key at the IC card end and the counting of the network service
Process key;Kernel-based methods key carries out cryptographic calculation to the random number using symmetric key algorithm, it is close to generate the application
Text;
The verification information also carry the card serial number that the IC card uses, distributed key index DKI, cipher-text versions number and
Algorithm mark, so that the server system uses the card serial number, the DKI, the cipher-text versions number and the algorithm mark
The application cryptogram is verified in knowledge.
Optionally, further includes:
The card number at the IC card end is sent, to the mobile terminal by the NFC module so that the mobile terminal exists
Compare the card number feelings identical with the card number that the server system is returned for the service request that the IC card end is sent
The random number and the business information are sent to the IC card end by the NFC module under condition.
Optionally, the network service is online transaction business, and the IC card end configuration is in the payment for having payment function
On card, the server system is for providing the online payment system of payment function for the Payment Card.
Second aspect provides a kind of method for realizing safety certification, is applied to mobile terminal, comprising:
The service request for being directed to network service is sent to server system;
Receive the random number that the server system is returned in response to the service request;
The random number and business information are sent to IC card end by NFC module, the business information is described for describing
Network service is configured with the NFC module on the mobile terminal;
The verification information that the IC card end is sent is received by the NFC module;
The business confirmation message for carrying the verification information is sent, to the server system so as to the server system
System verifies application cryptogram;
Wherein, the verification information carries the application cryptogram, and the application cryptogram is the IC card end group in described
The preset key in IC card end and Encryption Algorithm carry out cryptographic calculation to the random number and the business information and generate.
Optionally, the verification information also carries the card serial number of the IC card, distributed key index DKI, cipher-text versions
Number and the algorithm of the symmetric key algorithm identify, so that the server system is using the card serial number, DKI, described
Cipher-text versions number and algorithm mark verify the application cryptogram;
Wherein, the application cryptogram is specifically the card key and the network industry that the IC card end utilizes the IC card end
The counting of business disperses process key out and Kernel-based methods key uses symmetric key algorithm to carry out cryptographic calculation to the random number
And generate.
Optionally, further includes:
After sending the service request to the server system, the server system is received for the business
Request the card number returned;
The card number that the IC card end is sent is received by the NFC module;
Compare the card number that the IC card end is sent and whether the card number that the server system returns be identical;
Under identical circumstances, the NFC module that passes through is executed to the IC card end transmission random number and business information.
Optionally, further includes:
After receiving the card number that the server system returns, the card number that the server returns is shown, with prompt
The mobile terminal acquires the card number that the IC card end is sent.
Optionally, further includes:
After sending the service request for network service to server system, the server system is received for institute
State the authentication mode of service request return;
It is dynamic password authentication in response to recognizing the authentication mode, executes the card that the display server returns
Number.
It is optionally, described that the business confirmation message for carrying the verification information is sent to the server system, comprising:
In response to being directed to the confirmation operation of the service request, the business confirmation inputted under the confirmation operation is obtained
Code;
The business confirmation message is generated based on the verification information and the business confirmation code;
The business confirmation message is sent to the server system.
Optionally, the network service is online transaction business, and the IC card end configuration is in the payment for having payment function
On card, the server system is for providing the online payment system of payment function for the Payment Card.
The third aspect provides a kind of device for realizing safety certification, is configured at IC card end, comprising:
Receiving unit, the random number and business information sent for receiving mobile terminal by near-field communication NFC module, institute
Stating random number is described in server system is returned in response to the mobile terminal for the service request that network service is initiated
Mobile terminal, the business information is configured with the NFC module on the mobile terminal for describing the network service;
Generation unit, for based on the IC card end preset key and Encryption Algorithm to the random number and the business
Information carries out cryptographic calculation, generates application cryptogram;
First transmission unit, for carrying the application cryptogram to mobile terminal transmission by the NFC module
Verification information, so as to receive the business for carrying the verification information that the mobile terminal is sent true for the server system
Recognize information and the application cryptogram is verified.
Fourth aspect provides a kind of device for realizing safety certification, is configured at mobile terminal, comprising:
First transmission unit, for sending the service request for being directed to network service to server system;
First receiving unit, the random number returned for receiving the server system in response to the service request;
Second transmission unit, for sending the random number and business information, the business to IC card end by NFC module
Information is configured with the NFC module on the mobile terminal for describing the network service;
Second receiving unit, for receiving the verification information that the IC card end is sent by the NFC module;
Second transmission unit, for sending the business confirmation letter for carrying the verification information to the server system
Breath, so that the server system verifies application cryptogram;
Wherein, the verification information carries the application cryptogram, and the application cryptogram is the IC card end group in described
The preset key in IC card end and Encryption Algorithm carry out cryptographic calculation to the random number and the business information and generate.
5th aspect, provides a kind of system for realizing safety certification, including IC card end, mobile terminal and server system
System;
The IC card end configures the device provided just like the aforementioned third aspect, and the mobile terminal configuration is just like the aforementioned 4th
The device that aspect provides.
In the embodiment of the present application, during user uses network service, between mobile terminal and server system
Dynamic password authentication can be realized using IC card end, wherein can moved by configuring between mobile terminal and IC card end
Near-field communication (Near Field Communication, abbreviation NFC) module in dynamic terminal realizes information exchange.Specifically,
Mobile terminal can obtain server system for this after sending the service request for network service to server system
Service request returns to random number.Later, mobile terminal can send the random number and the network to IC card end by NFC module
The corresponding business information of business.IC card end can based on preset key and Encryption Algorithm to the random number and the business information into
Row cryptographic calculation and generate application cryptogram.After again, mobile terminal can receive carrying for IC card end transmission by NFC module
The verification information of the application cryptogram, and the business confirmation message for carrying the verification information is sent to server system.In this way, clothes
Device system of being engaged in can realize the safety certification to network service by the verifying to application cryptogram.It can be seen that with IC card end
It is mobile for the mobile terminals such as mobile phone, tablet computer that user uses as the hardware device for realizing dynamic password authentication
The NFC module configured in terminal can be used to implement the information exchange between mobile terminal and IC card end, therefore, IC card end and shifting
The information of interaction is just manually entered without user between dynamic terminal, so that user's operation is more convenient.In addition, relative to electricity
For sub- scrambler, IC card is easily portable, and cost is also lower.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations as described in this application
Example, for those of ordinary skill in the art, is also possible to obtain other drawings based on these drawings.
Fig. 1 is a kind of flow diagram for the method for realizing safety certification in the embodiment of the present invention;
Fig. 2 is a kind of flow diagram for the method for realizing safety certification in the embodiment of the present invention;
Fig. 3 is a kind of flow diagram for the method for realizing safety certification in the embodiment of the present invention;
Fig. 4 is a kind of structural schematic diagram for the device for realizing safety certification in the embodiment of the present invention;
Fig. 5 is a kind of structural schematic diagram for the device for realizing safety certification in the embodiment of the present invention;
Fig. 6 is a kind of structural schematic diagram for the method for realizing safety certification in the embodiment of the present invention.
Specific embodiment
Inventor has found that when the network services such as being paid or being traded by mobile terminal, in order to hand over
Easily safety, will usually carry out dynamic password authentication, would generally be realized by the way of software in the prior art, but the side of software
Formula realizes the malice acquisition for not can avoid fishing website, forging base station, stealing the illegal means such as mobile phone to dynamic verification code.Therefore
In order to avoid dynamic password leakage, current some network services start by the way of hardware.For example, some network service mesh
The preceding crypto-device using forms such as U-shield, Ukey, the scrambler of this form need to be connected to user by USB interface
Terminal, this be for terminals such as PC, laptop computers it is applicable, still, mobile terminal usually there is no setting USB interface, because
This, the scrambler of this form is not particularly suited for mobile terminal.In addition to this at present there is also a kind of electronic cipher device of hardware,
When applying electronic scrambler is to dynamic password authentication is carried out, user is needed manually to arrive the Password Input shown on electronic cipher device
It is the operation of user although this avoids the problem of mobile terminal can not obtain password by USB interface on mobile terminal
Inconvenience is brought, also, this electronic cipher device is also unfavorable for carrying.
To solve the above-mentioned problems, in embodiments of the present invention, by configured with NFC module mobile terminal and IC card end
Between carry out information exchange and realize the safety certification traded on mobile terminals, specifically, mobile terminal is to server
System can obtain server system for service request return random number after sending the service request for network service.
Later, mobile terminal can send the random number and the corresponding business information of network service to IC card end by NFC module.IC
Card end can carry out cryptographic calculation to the random number and the business information based on preset key and Encryption Algorithm and generate application
Ciphertext.After again, mobile terminal can receive the verifying letter for carrying the application cryptogram of IC card end transmission by NFC module
Breath, and the business confirmation message for carrying the verification information is sent to server system.Based on this, server system can pass through
Application cryptogram is verified, realizes the safety certification to network service.It can be seen that dynamic password when being traded by IC card end
Safety certification, it is not only more highly-safe than the mode of pure software, moreover, the NFC module configured on mobile terminal can be used for reality
Information exchange between existing mobile terminal and IC card end, the information interacted between such IC card end and mobile terminal are just not necessarily to user
It is manually entered, for the electronic cipher device of hardware, easily facilitates user's operation.In addition, for electronic cipher device,
IC card is easily portable, and cost is also lower.
With reference to the accompanying drawing, by embodiment come a kind of side for realizing safety certification in the present invention will be described in detail embodiment
Method, the specific implementation of device and system.
Illustrative methods
With reference to Fig. 1, a kind of flow diagram for the method for realizing safety certification in the embodiment of the present invention is shown.This method
Applied to IC card end, in the present embodiment, the method for example be may comprise steps of:
Step 101: receive the mobile terminal random number and business information that send by near-field communication NFC module, it is described with
Machine number is that server system response is directed to the service request of network service initiation with the mobile terminal and returns to the movement
Terminal, the business information is configured with the NFC module on the mobile terminal for describing the network service.
When specific implementation, user can trigger network service in mobile terminal, and mobile terminal is grasped in response to the triggering of user
Make that the service request for being directed to the network service can be initiated to the corresponding server system of the network service.Server system can be with
In response to the service request, random number is fed back to mobile terminal according to the network service.Mobile terminal is receiving server system
After the random number of feedback of uniting, the business information of the random number and description network service can be sent to IC card end.It can manage
Solution is configured with NFC module in the present embodiment on mobile terminal, which can realize that near field is logical with IC card end
Letter, i.e. information exchange between mobile terminal and IC card end can be realized by the NFC module configured on mobile terminal.For example,
In a step 101, mobile terminal can be sent by its NFC module to the IC card end for having near-field communication condition described random
The several and business information.
It should be noted that the network service that the present embodiment refers to can be any one business function provided by network
Energy.For example, the network service can be online transaction business in a kind of Application Scenarios-Example.Specifically, the network is handed over
Easy business can be transferred account service, payment transaction, inquiry business or finance services etc..In addition, the business letter that the present embodiment refers to
Breath indicates the information for network service to be described, and in other words, business information can be in the network service of user's triggering
The some essential informations for including.For example, the business information may include handing over if the network service is online transaction business
Easy date, transaction amount and/or transaction currency type etc..
In the present embodiment, random number is the service request and dynamic generation that server system foundation mobile terminal is sent
Data.Wherein, there is unique corresponding relationship, i.e. server system is that different business please seek survival between random number and service request
At random number be necessarily different.
It is understood that equipment involved in the present embodiment specifically can be there are many possible implementation.For example, touching
The mobile terminal of hair network service can be mobile phone, tablet computer etc., and any one is configured with NFC module and can trigger net
The mobile terminal of network business.For another example, IC card end can be only fitted on the Payment Card with payment function.For another example, server system
It can be to provide the online payment system of payment function for the Payment Card.
In a kind of Application Scenarios-Example, the Payment Card configured with IC card end can be financial IC card (as having IC card core
The bank card of piece), server system can be the network system of financial business.Mobile terminal configured with NFC module can pacify
Client-side program equipped with financial business, the mobile terminal can pass through the client-side program and financial IC card, gold of financial business
The network system for melting business interacts.
Step 102: based on the IC card end preset key and Encryption Algorithm to the random number and the business information
Cryptographic calculation is carried out, application cryptogram is generated;
In the present embodiment, IC card end is all provided with corresponding key, for providing application cryptogram for network service.
Wherein, it for generating the Encryption Algorithm of application cryptogram, such as can be symmetric encipherment algorithm, be for another example also possible to asymmetric encryption
Algorithm.
When specific implementation, after IC card termination receives the random number and business information that mobile terminal is sent, IC card end can
To carry out cryptographic calculation to random number and business information by preset key and Encryption Algorithm.Specific step 102 for example may be used
To include: to disperse process key out using the card key at the IC card end and the counting of the network service;Kernel-based methods are close
Key carries out cryptographic calculation to the random number using symmetric key algorithm, generates the application cryptogram.
It should be noted that in view of asymmetric cryptographic key algorithm is mainly used for off line payment, and in online payment
In the case where, asymmetric cryptographic key algorithm is likely to result in the problem of missing the electronic cash in button client's card, therefore, in net
In the case that network business is online transaction business, symmetric encipherment algorithm is more suitable for IC card end and generates application cryptogram.
In some embodiments of the present embodiment, if network service is online transaction business, IC card can be set in end
There is transaction counter, for counting to network service.Specifically, in the business letter for receiving mobile terminal transmission every time
After breath, IC card end can add up the number of transaction.When IC card termination receives the random number and business of mobile terminal transmission
After information, it is close that process out is dispersed to the count results of network service using the preset card key in IC card end and applicating counter
Key;Again on the basis of process key, using symmetric key algorithm, to random number, business information and the counting of network service knot
Fruit carries out cryptographic calculation, generates application cryptogram.
Step 103: sending the verifying letter for carrying the application cryptogram to the mobile terminal by the NFC module
Breath, so that the server system receives the business confirmation message for carrying the verification information of the mobile terminal transmission simultaneously
The application cryptogram is verified.
In some embodiments of the present embodiment, the verification information can also for example carry what the IC card used
Card serial number, distributed key index DKI, cipher-text versions number and algorithm mark, so as to the server system using the card serial number,
The DKI, the cipher-text versions number and algorithm mark verify the application cryptogram.
When specific implementation, after IC card end generates application cryptogram, the verification information for carrying the application cryptogram is sent to shifting
Dynamic terminal.Wherein, verification information can also include: card serial number, the distributed key that IC card uses other than carrying application cryptogram
Index DKI, cipher-text versions number, algorithm mark etc..Then, mobile terminal sends the business confirmation message for carrying verification information
To server system.Server system can based on the verification information in business confirmation message terminal, obtain the application cryptogram,
The card serial number, the DKI, the cipher-text versions number and the algorithm mark, and can using the card serial number, the DKI,
The cipher-text versions number and algorithm mark verify the application cryptogram.
In some embodiments of the present embodiment, mobile terminal is after the verification information for receiving the transmission of IC card end, also
It may include: to show application cryptogram on mobile terminals, and prompt client to confirm network service and input and carry out network service
Business confirmation code, wherein business confirmation code is it also will be understood that at trading password.Then, the business that mobile terminal inputs user
Confirmation code and verification information are sent to server system.That is, the business confirmation message that server system receives is in addition to packet
Containing the business confirmation code that can also be inputted comprising user outside verification information.Wherein, business confirmation code can be user mobile whole
It is inputted when confirmation execution network service on end.For example, business confirmation code can be use if network service is online transaction business
The trading password of family input.
In the present embodiment, the process that server system verifies the application cryptogram received for example may include: pair
The business confirmation code of user's input is verified, and checks whether IC card reports the loss, check credit card issuer random number and IC card number whether by
It distorts;If information above is verified, adopted further according to preset credit card issuer key, the card number at the IC card end received and IC card
Card serial number disperses card key out, the meter for recycling card key and transaction counter that network service is calculated
It calculates result and disperses process key out, then on the basis of process key, using symmetric key algorithm, by random number and business information
Generate application cryptogram;It is matched by the application cryptogram generated at IC card end and in the application cryptogram that server system generates, if
Successful match, server system judges whether to be able to carry out subsequent network service operation again, if operating successfully, to mobile terminal
Feedback prompts information, to prompt customer transaction success;If operation failure, to mobile terminal feedback prompts information, to prompt user
The reason of Fail Transaction.If it fails to match, directly to mobile terminal feedback prompts information, to prompt user's verifying dynamic password to lose
It loses.
It is understood that passing through IC card end and mobile terminal in the case where network service is online transaction business
Between safety certification of the information exchange to realize online transaction business before, user can pass through sales counter, Internetbank or phone
Etc. modes bank card account number and IC card end are bound, the authentication traded using realizing signing IC card end as verifying.
It should be noted that when carrying out network service, it, can as user because certain reasons use the IC card of mistake
Network service can be will cause executes failure, for this purpose, mobile terminal is first to IC card end in some embodiments of the present embodiment
The card number of offer, which is verified, requests application cryptogram to IC card end again, specifically, before step 101 can also include: to pass through
The NFC module sends the card number at the IC card end to the mobile terminal, so that the mobile terminal is comparing the IC
By described in the card number that card end is sent situation identical with the card number that the server system is returned for the service request
NFC module sends the random number and the business information to the IC card end.In addition, if card number and the service of the transmission of IC card end
The card number that device system is returned for service request is not identical, and mobile terminal can feed back the information for indicating card number mistake.
It is understood that in the case where network service is online transaction business, if being obtained on mobile terminals from the end IC
The card number information successful match getting card number information and being obtained from server system, then it represents that the IC card end is and carries out transaction silver
The IC card end that row card account has been contracted.
It should be noted that server system for user provides a variety of authentications sometimes, if user exists in advance
Authentication mode is set to the dynamic password authentication at IC card end, mobile terminal can execute the peace at IC card end in server system
Full identifying procedure.It specifically, in some embodiments of the present embodiment, such as can also include: mobile terminal to service
After device system sends the service request for network service, receive what the server system was returned for the service request
Authentication mode;Mobile terminal is dynamic password authentication in response to recognizing the authentication mode, executes the display service
The card number that device returns.Specifically, in the case where network service is online transaction business, user initiates to trade by mobile terminal
Transaction request is sent to server system by request, mobile terminal.Server system carries out the transaction according to transaction request, judgement
Bank card account number whether contracted IC card as authentication means, if having contracted IC card, generate credit card issuer random number, wherein institute
State the random number that credit card issuer random number is namely noted above.Server system is by the IC card number of signing, credit card issuer random number
With for indicating that the authentication mode of IC card end dynamic password authentication feeds back to mobile terminal, so as to mobile terminal recognizing certification
Mode be dynamic password authentication in the case where execute IC card end security authentication process.If unsigned IC card number, server system
It may determine that user has contracted the authentication mode of which kind of form, and the authentication mode that user contracts fed back into mobile terminal.
The method provided through this embodiment, user is during carrying out network service, mobile terminal and server system
Dynamic password authentication between system realizes that mobile terminal carries out information by NFC module and IC card end using IC card end
Interaction, information such as application cryptogram that acquisition for mobile terminal IC card end generates, then IC card end is generated by server system
Application cryptogram is verified.Therefore, using IC card as the authenticating device for realizing dynamic password, the mode relative to software is come
It says, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is also lower.
With reference to Fig. 2, a kind of flow diagram for the method for realizing safety certification in the embodiment of the present invention is shown.This method
Applied to mobile terminal, in the present embodiment, the method for example be may comprise steps of:
Step 201: the service request for being directed to network service is sent to server system.
Step 202: receiving server system in response to the random number and business information, the business information is for describing
The network service is configured with the NFC module on the mobile terminal.
Step 203: the random number and business information, the business information are sent to IC card end by the NFC module
For describing the network service.
Step 204: the verification information that the IC card end is sent is received by the NFC module.
Step 205: Xiang Suoshu server system sends the business confirmation message for carrying the verification information, so as to described
Server system verifies application cryptogram.
Wherein, the verification information carries the application cryptogram, and the application cryptogram is the IC card end group in described
The preset key in IC card end and Encryption Algorithm carry out cryptographic calculation to the random number and the business information and generate.
It should be noted that network service mentioned by the present embodiment, business information, random number, mobile terminal, IC card end
And server system, it is discussed in detail and can be found in the corresponding embodiment of earlier figures 1, details are not described herein.
In some embodiments of the present embodiment, mobile terminal for example can be mobile phone, tablet computer etc. any one
Configured with NFC module and the mobile terminal of network service can be triggered, IC card end for example can be only fitted to payment function
Payment Card on, server system for example can be to provide the online payment system of payment function for the Payment Card.
In the present embodiment, the process that server system verifies application cryptogram can be found in the corresponding reality of earlier figures 1
The introduction of example is applied, details are not described herein.
In some embodiments of the present embodiment, described test is carried to server system transmission in step 205
The business confirmation message for demonstrate,proving information, can specifically include: mobile terminal is obtained in response to the confirmation operation for the service request
Take the business confirmation code inputted under the confirmation operation;Mobile terminal is based on the verification information and the business confirmation code is raw
At the business confirmation message;Mobile terminal sends the business confirmation message to the server system.It is understood that
After mobile terminal receives the verification information of IC card end transmission, mobile terminal can prompt user to confirm transaction and incoming traffic
Confirmation code.After user performs confirmation operation and incoming traffic confirmation code, mobile terminal can be by verification information and business
Confirmation code is sent to server system as business confirmation message.
It should be noted that network service be online transaction business in the case where, business confirmation code for example can be into
The trading password of the account of row network service.
In the present embodiment, before step 202, the card number at IC card end can be verified, verifying and mobile terminal
Whether interactive IC card end is the corresponding IC card of the network service.Specifically, in some embodiments of the present embodiment, also
It may include: after sending the service request to the server system, mobile terminal receives the server system needle
The card number that the service request is returned;Mobile terminal receives the card number that the IC card end is sent by the NFC module;It is mobile
Whether the card number that the terminal IC card end is sent and the card number that the server system returns are identical;In identical situation
Under, mobile terminal execution step 203.
More specifically, after mobile terminal sends the service request of network service to server, if having contracted IC card conduct
The card number of the IC card of signing is fed back to mobile terminal by the authentication means of dynamic password, server system, and mobile terminal passes through NFC
Module is interacted with IC card end, obtains the card number of IC card, by the card number of the IC card of the signing obtained from server with from IC card
It holds the card number of the IC card obtained to compare, if the card number of the two is identical, executes step 203.
It should be noted that the card number that server system returns can in the case where network service is online transaction business
To correspond to the IC card of the account binding of bankcard network business involved in online transaction business.The card number obtained from IC card end
It is the card number that the IC card end of information exchange is carried out with mobile terminal.
In the other embodiment of the present embodiment, on the basis of the card number at mobile terminal verifying IC card end, may be used also
To include: mobile terminal after receiving the card number that the server system returns, the card number that the server returns is shown,
To prompt the mobile terminal to acquire the card number that the IC card end is sent.
More specifically, after mobile terminal sends the service request of network service to server system, if having contracted IC card
As the authentication means of dynamic password, the card number of the IC card of signing is fed back to mobile terminal by server system, in mobile terminal
The card number that upper display server returns, at this point, user can select IC card and move according to the card number of the IC card shown on server
Dynamic terminal interacts, and mobile terminal obtains the IC card number interacted with mobile terminal by NFC module.
It is understood that being verified in card number of the mobile terminal to IC card end, it is also possible to user and is compared, when
When user's confirmation is compared successfully, mobile terminal execution step 203 can be triggered manually.
It, on the server systems can also be to the verifying of the card number at the end IC in the other embodiment of the present embodiment.
Specifically, after mobile terminal collects IC card end card number, using the card number at the IC card end as one in business confirmation message
Server system is given in distribution, and server system is again compared the card number in the card number of signing and business confirmation message, if
It compares successfully, then application cryptogram is verified.
In the present embodiment, server system be the authentication mode that provides of network service can there are many.For example, in addition to IC
Blocking as the authentication mode of dynamic password authentication tool can also include the authentication mode of software secret order, electronic cipher device as dynamic
Authentication mode of state password authentication tool etc. any one or more can be used for the side of the enterprising Mobile state password authentication of mobile terminal
Formula.In the case where server system provides for network service there are many authentication mode, server receive service request it
Afterwards, can be to the pre-set authentication mode of mobile terminal feedback user, such mobile terminal is according to the authentication mode received
Carry out corresponding safety certification.Specifically, after step 201, can also be wrapped in some embodiments of the present embodiment
Include: after sending the service request for network service to server system, mobile terminal receives the server system needle
The authentication mode that the service request is returned;Mobile terminal is dynamic password authentication in response to recognizing the authentication mode,
Execute the card number that the display server returns.
More specifically, after mobile terminal has sent the service request of network service to server system, server system root
The authentication mode of user's signing is determined according to the service request, and the authentication mode is fed back into mobile terminal, if mobile terminal connects
The authentication mode received is the dynamic password authentication of IC card, shows the card number of the IC card of user's signing on mobile terminals.But
If the authentication mode that mobile terminal receives is other authentication modes in addition to IC card dynamic password, according to specific authenticating party
Formula carries out corresponding verification operation.
The method provided through this embodiment, user is during carrying out network service, mobile terminal and server system
Dynamic password authentication between system realizes that mobile terminal carries out information by NFC module and IC card end using IC card end
Interaction, information such as application cryptogram that acquisition for mobile terminal IC card end generates, then IC card end is generated by server system
Application cryptogram is verified.Therefore, using IC card as the authenticating device for realizing dynamic password, the mode relative to software is come
It says, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is also lower.
With reference to Fig. 3, a kind of flow diagram for the method for realizing safety certification in the embodiment of the present invention is shown.In this reality
It applies in example, the method for example may include:
Step 301: in response to the trigger action of user, mobile terminal generates the service request for being directed to network service.
Step 302: mobile terminal sends the service request to server system.
Step 303: after server system receives the service request, judging whether authentication mode is IC card dynamic password
Certification.
In the present embodiment, the authentication mode of dynamic password can be the dynamic password authentication mode of IC card, be also possible to electricity
The authentication mode of sub- scrambler or other authentication modes that can be realized the dynamic password traded on mobile terminal.Therefore, when
After server system receives the service request, need to judge whether authentication mode is IC card dynamic password authentication.
Step 304: if authentication mode is IC card dynamic password authentication, generating random number in server system, and will signing
Card number, authentication mode and the random number back at the end IC are to mobile terminal.
Step 305: mobile terminal shows the card number at the IC card end, in response to the IC card dynamic password authentication to mention
Show that user selects corresponding IC card end to interact with the mobile terminal.
In the present embodiment, mobile terminal judges whether the authentication mode is described according to the authentication mode received
IC card dynamic password authentication, if so, the card number of the mobile terminal is shown, to prompt user to select corresponding IC card and movement eventually
End interacts.
Step 306: the random number and business information are sent to IC card end by mobile terminal.
Step 307:IC card end group carries out the random number and the business information in preset key and Encryption Algorithm
Cryptographic calculation generates application cryptogram.
In the present embodiment, each IC card is provided with corresponding key, for the random number and business received
Information is encrypted.Encryption Algorithm for example can be symmetric encipherment algorithm and be also possible to rivest, shamir, adelman.
After IC card termination receives the random number and business information that mobile terminal is sent, pass through the preset key in IC card end
Cryptographic calculation is carried out to random number and business information with Encryption Algorithm.Specific step 307 for example may include: to utilize the IC
The counting of the card key at card end and the network service disperses process key out;Kernel-based methods key, is calculated using symmetric key
Method carries out cryptographic calculation to the random number, generates the application cryptogram.
The verification information for carrying application cryptogram is sent to the mobile terminal by step 308:IC card end.
In the present embodiment, the verification information also carries the card serial number of the IC card use, distributed key indexes DKI,
Cipher-text versions number and algorithm identify, so that the server system uses the card serial number, the DKI, the cipher-text versions number
The application cryptogram is verified with algorithm mark.
Step 309: the business confirmation message for carrying verification information is sent to the network server by mobile terminal.
In the present embodiment, which includes: the confirmation operation in response to being directed to the service request,
Obtain the business confirmation code inputted under the confirmation operation;Based on described in the verification information and business confirmation code generation
Business confirmation message;The business confirmation message is sent to the server system.
In the present embodiment, after mobile terminal receives the verification information for carrying application cryptogram, verification information is shown, and
The business confirmation code of user's input validation network service is prompted, and using the business confirmation code and the verification information as industry
Business confirmation message is sent to server system.
Step 310: network server verifies the application cryptogram according to the business confirmation message.
In the present embodiment, card number of the network server after receiving business confirmation message, according to the IC card end received
Judge whether the IC card reports the loss, the business confirmation code of user's input is verified, the IC card of signing is checked and random number is
It is no to be tampered.If the IC card is not reported the loss, the business confirmation code is correct, the IC card number and random number of signing are not tampered with, root
Disperse card key out according to the card serial number that preset credit card issuer key, the card number at the IC card end and the IC card end use, according to
Disperse process key out according to the counting of the card key and network service, then according to the process key, using symmetric key
Algorithm generates application cryptogram, the application cryptogram progress that the end IC of the application cryptogram and acquisition that generate in server system is generated
Match, if the two application cryptograms are identical, indicates to be proved to be successful.
Step 311: if being proved to be successful, server system judges whether to execute network service, and transaction results are fed back to
Mobile terminal.
After being proved to be successful, server system judges whether the subsequent operations such as to execute network service, such as transfer accounts, pay, and
Final transaction results are fed back into mobile terminal, to prompt whether customer transaction succeeds.
The method provided through this embodiment, using IC card as realize dynamic password authenticating device and mobile terminal into
Row interaction generates business verification information, and test business verification information by server system during interaction
Card.Therefore, using IC card as the authenticating device for realizing dynamic password, for the mode of software, safety is higher;Phase
For electronic cipher device, it is more convenient to operate, and cost is also lower.
Example devices
With reference to Fig. 4, a kind of structural schematic diagram for the device for realizing safety certification in the embodiment of the present invention is shown.The device
It is configured at IC card end, in the present embodiment, described device can specifically include
Receiving unit 401, the random number and business sent for receiving mobile terminal by near-field communication NFC module are believed
Breath, the random number are that server system is returned in response to the mobile terminal for the service request that network service is initiated
The mobile terminal, the business information is configured with the NFC mould on the mobile terminal for describing the network service
Block.
Generation unit 402, for based on the IC card end preset key and Encryption Algorithm to the random number and described
Business information carries out cryptographic calculation, generates application cryptogram.
First transmission unit 403, it is close for carrying the application to mobile terminal transmission by the NFC module
The verification information of text, so that the server system receives the business for carrying the verification information that the mobile terminal is sent
Confirmation message simultaneously verifies the application cryptogram.
Optionally, in the present embodiment, the generation unit, comprising:
Disperse subelement, for dispersing process out using the card key at the IC card end and the counting of the network service
Key.
Subelement is generated, Kernel-based methods key is used for, cryptographic calculation is carried out to the random number using symmetric key algorithm,
Generate the application cryptogram.
Optionally, in the present embodiment, further includes:
Second transmission unit, for the card number at the IC card end to be sent to the mobile terminal by the NFC module, with
Toilet is stated mobile terminal and is returned with the server system for the service request in the card number for comparing the IC card end transmission
The random number and the business information are sent to the IC card end by the NFC module in the identical situation of card number returned.
The network service is online transaction business, and the IC card end configuration is on the Payment Card for having payment function, institute
Server system is stated as providing the online payment system of payment function for the Payment Card.
The device provided through this embodiment, user is during carrying out network service, mobile terminal and server system
Dynamic password authentication between system realizes that mobile terminal carries out information by NFC module and IC card end using IC card end
Interaction, information such as application cryptogram that acquisition for mobile terminal IC card end generates, then IC card end is generated by server system
Application cryptogram is verified.Therefore, using IC card as the authenticating device for realizing dynamic password, the mode relative to software is come
It says, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is also lower.
With reference to Fig. 5, a kind of schematic diagram for realizing safety certification device in the embodiment of the present invention is shown.In the present embodiment
In, described device includes:
First transmission unit 501, for sending the service request for being directed to network service to server system;
First receiving unit 502 returns random for receiving the server system in response to the service request
Number;
Second transmission unit 503, it is described for sending the random number and business information to IC card end by NFC module
Business information is configured with the NFC module on the mobile terminal for describing the network service;
Second receiving unit 504, for receiving the verification information that the IC card end is sent by the NFC module;
Second transmission unit 505, for sending the business confirmation for carrying the verification information to the server system
Information, so that the server system verifies application cryptogram;
Wherein, the verification information carries the application cryptogram, and the application cryptogram is the IC card end group in described
The preset key in IC card end and Encryption Algorithm carry out cryptographic calculation to the random number and the business information and generate.
In the present embodiment, the verification information also carries the card serial number of the IC card, distributed key index DKI, ciphertext
The algorithm of version number and the symmetric key algorithm mark, so as to the server system using the card serial number, the DKI,
The cipher-text versions number and algorithm mark verify the application cryptogram;
Wherein, the application cryptogram is specifically the card key and the network industry that the IC card end utilizes the IC card end
The counting of business disperses process key out and Kernel-based methods key uses symmetric key algorithm to carry out cryptographic calculation to the random number
And generate.
In the present embodiment, second transmission unit is specifically included:
Subelement is obtained, for the confirmation operation in response to being directed to the service request, is obtained under the confirmation operation
The business confirmation code of input;
Subelement is generated, for generating the business confirmation message based on the verification information and the business confirmation code;
First transmission sub-unit, for sending the business confirmation message to the server system.
In the present embodiment, further includes:
Second receiving unit, for receiving the service after sending the service request to the server system
Device system is directed to the card number that the service request returns.
Third receiving unit, for receiving the card number that the IC card end is sent by the NFC module.
Comparing unit, the card number that is returned with the server system of card number sent for the IC card end whether phase
Together.
First execution unit, under identical circumstances, execute it is described by NFC module to IC card end send it is described with
Machine number and business information.
Display unit, for after receiving the card number that the server system returns, showing that the server returns
Card number, to prompt the mobile terminal to acquire the card number that the IC card end is sent.
4th receiving unit, for receiving institute after sending the service request for network service to server system
It states server system and is directed to the authentication mode that the service request returns.
Second execution unit executes the display for being dynamic password authentication in response to recognizing the authentication mode
The card number that the server returns.
The equipment provided through this embodiment, user is during carrying out network service, mobile terminal and server system
Dynamic password authentication between system realizes that mobile terminal carries out information by NFC module and IC card end using IC card end
Interaction, information such as application cryptogram that acquisition for mobile terminal IC card end generates, then IC card end is generated by server system
Application cryptogram is verified.Therefore, using IC card as the authenticating device for realizing dynamic password, the mode relative to software is come
It says, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is also lower.
It is a kind of structural schematic diagram for the system for realizing safety certification in the embodiment of the present invention with reference to Fig. 6.In the present embodiment
In, the system comprises:
IC card end 601, mobile terminal 602 and server system 603.
Wherein, the IC card end configures the device that embodiment corresponding just like Fig. 4 provides, and the mobile terminal configuration has figure
The device that 5 corresponding embodiments provide.
The server system, the ciphertext for generating random number and generating to IC card end are verified.
In the present embodiment, after mobile terminal triggers the request of network service, network service request is sent to server system
System, server system generate random number, and by random number back to mobile terminal, mobile terminal by NFC module will described in
Machine number and the business information of description network service are sent to IC card end, and the random number and business information are generated application by IC card end
Ciphertext, and the verification information for carrying application cryptogram is sent to mobile terminal by NFC module, mobile terminal will be carried and be tested
The business confirmation message of card information is sent to server system, and server system is according to the business confirmation message to the application
Ciphertext is verified.
The system provided through this embodiment, user is during carrying out network service, mobile terminal and server system
Dynamic password authentication between system realizes that mobile terminal carries out information by NFC module and IC card end using IC card end
Interaction, information such as application cryptogram that acquisition for mobile terminal IC card end generates, then IC card end is generated by server system
Application cryptogram is verified.Therefore, using IC card as the authenticating device for realizing dynamic password, the mode relative to software is come
It says, safety is higher;For electronic cipher device, it is more convenient to operate, and cost is also lower.
" first " in the titles such as " the first transmission unit " mentioned in the embodiment of the present invention, " the first receiving unit " is only
For doing name mark, first sequentially is not represented.The rule is equally applicable to " second " etc..
As seen through the above description of the embodiments, those skilled in the art can be understood that above-mentioned implementation
All or part of the steps in example method can add the mode of general hardware platform to realize by software.Based on this understanding,
Technical solution of the present invention can be embodied in the form of software products, which can store is situated between in storage
In matter, such as read-only memory (English: read-only memory, ROM)/RAM, magnetic disk, CD etc., including some instructions to
So that a computer equipment (can be the network communication equipments such as personal computer, server, or router) executes
Method described in certain parts of each embodiment of the present invention or embodiment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for method reality
For applying example and apparatus embodiments, since it is substantially similar to system embodiment, so describe fairly simple, related place ginseng
See the part explanation of system embodiment.Equipment and system embodiment described above is only schematical, wherein making
It may or may not be physically separated for the module of separate part description, the component shown as module can be
Or it may not be physical module, it can it is in one place, or may be distributed over multiple network units.It can be with
Some or all of the modules therein is selected to achieve the purpose of the solution of this embodiment according to the actual needs.The common skill in this field
Art personnel can understand and implement without creative efforts.
The above is only a preferred embodiment of the present invention, it is not intended to limit the scope of the present invention.It should refer to
Out, for those skilled in the art, under the premise of not departing from the present invention, can also make several improvements
And retouching, these modifications and embellishments should also be considered as the scope of protection of the present invention.
Claims (14)
1. a kind of method for realizing safety certification, which is characterized in that be applied to IC card end, comprising:
Random number and business information that mobile terminal is sent by near-field communication NFC module are received, the random number is server
System returns to the mobile terminal for the service request that network service is initiated in response to the mobile terminal, the industry
Business information is configured with the NFC module on the mobile terminal for describing the network service;The network service be by with
What family was triggered on mobile terminals;
Cryptographic calculation is carried out to the random number and the business information based on the IC card end preset key and Encryption Algorithm,
Generate application cryptogram;
The verification information for carrying the application cryptogram is sent, to the mobile terminal by the NFC module so as to the clothes
Business device system receives the business confirmation message for carrying the verification information that the mobile terminal is sent and close to the application
Text is verified.
2. the method according to claim 1, wherein
The key and Encryption Algorithm preset based on the IC card end encrypt the random number and the business information
Operation generates application cryptogram, comprising: disperse process out using the card key at the IC card end and the counting of the network service
Key;Kernel-based methods key carries out cryptographic calculation to the random number using symmetric key algorithm, generates the application cryptogram;
The verification information also carries card serial number, distributed key index DKI, cipher-text versions number and the algorithm that the IC card uses
Mark, so that the server system is using the card serial number, the DKI, the cipher-text versions number and algorithm mark pair
The application cryptogram is verified.
3. the method according to claim 1, wherein further include:
The card number at the IC card end is sent, to the mobile terminal by the NFC module so that the mobile terminal is comparing
In the card number that the IC card end is sent out situation identical with the card number that the server system is returned for the service request
The random number and the business information are sent to the IC card end by the NFC module.
4. the method according to claim 1, wherein the network service is online transaction business, the IC card
End configuration is on the Payment Card for having payment function, and the server system is for providing payment function for the Payment Card
Online payment system.
5. a kind of method for realizing safety certification, which is characterized in that be applied to mobile terminal, comprising:
The service request for being directed to network service is sent to server system;The network service is touched on mobile terminals by user
Hair;
Receive the random number that the server system is returned in response to the service request;
The random number and business information are sent to IC card end by NFC module, the business information is for describing the network
Business is configured with the NFC module on the mobile terminal;
The verification information that the IC card end is sent is received by the NFC module;
The business confirmation message for carrying the verification information is sent, to the server system so as to the server system pair
Application cryptogram is verified;
Wherein, the verification information carries the application cryptogram, and the application cryptogram is the IC card end group in the IC card
It holds preset key and Encryption Algorithm to carry out cryptographic calculation to the random number and the business information and generates.
6. according to the method described in claim 5, it is characterized in that, the verification information also carries the card sequence of the IC card
Number, the algorithm mark of distributed key index DKI, cipher-text versions number and symmetric key algorithm, so as to server system use
The card serial number, the DKI, the cipher-text versions number and algorithm mark verify the application cryptogram;
Wherein, the application cryptogram is specifically the card key and the network service that the IC card end utilizes the IC card end
Counting disperses process key out and Kernel-based methods key carries out cryptographic calculation to the random number using symmetric key algorithm and gives birth to
At.
7. according to the method described in claim 5, it is characterized by further comprising:
After sending the service request to the server system, the server system is received for the service request
The card number of return;
The card number that the IC card end is sent is received by the NFC module;
Compare the card number that the IC card end is sent and whether the card number that the server system returns be identical;
Under identical circumstances, the NFC module that passes through is executed to the IC card end transmission random number and business information.
8. the method according to the description of claim 7 is characterized in that further include:
After receiving the card number that the server system returns, the card number that the server returns is shown, described in prompt
Mobile terminal acquires the card number that the IC card end is sent.
9. according to the method described in claim 8, it is characterized by further comprising:
After sending the service request for network service to server system, the server system is received for the industry
The authentication mode that business request returns;
It is dynamic password authentication in response to recognizing the authentication mode, executes the card number that the display server returns.
10. according to the method described in claim 5, it is characterized in that, it is described carried to server system transmission it is described
The business confirmation message of verification information, comprising:
In response to being directed to the confirmation operation of the service request, the business confirmation code inputted under the confirmation operation is obtained;
The business confirmation message is generated based on the verification information and the business confirmation code;
The business confirmation message is sent to the server system.
11. according to the method described in claim 5, it is characterized in that, the network service is online transaction business, the IC card
End configuration is on the Payment Card for having payment function, and the server system is for providing payment function for the Payment Card
Online payment system.
12. a kind of device for realizing safety certification, which is characterized in that be configured at IC card end, comprising:
Receiving unit, the random number and business information sent for receiving mobile terminal by near-field communication NFC module, it is described with
Machine number is that server system is directed to the service request of network service initiation in response to the mobile terminal and returns to the movement
Terminal, the business information is configured with the NFC module on the mobile terminal for describing the network service;It is described
Network service is triggered on mobile terminals by user;
Generation unit, for based on the IC card end preset key and Encryption Algorithm to the random number and the business information
Cryptographic calculation is carried out, application cryptogram is generated;
First transmission unit, for carrying testing for the application cryptogram to mobile terminal transmission by the NFC module
Information is demonstrate,proved, so that the server system receives the business confirmation letter for carrying the verification information that the mobile terminal is sent
It ceases and the application cryptogram is verified.
13. a kind of device for realizing safety certification, which is characterized in that be configured at mobile terminal, comprising:
First transmission unit, for sending the service request for being directed to network service to server system;The network service be by
What user triggered on mobile terminals;
First receiving unit, the random number returned for receiving the server system in response to the service request;
Second transmission unit, for sending the random number and business information, the business information to IC card end by NFC module
For describing the network service, the NFC module is configured on the mobile terminal;
Second receiving unit, for receiving the verification information that the IC card end is sent by the NFC module;
Second transmission unit, for sending the business confirmation message for carrying the verification information to the server system, with
Toilet is stated server system and is verified to application cryptogram;
Wherein, the verification information carries the application cryptogram, and the application cryptogram is the IC card end group in the IC card
It holds preset key and Encryption Algorithm to carry out cryptographic calculation to the random number and the business information and generates.
14. a kind of system for realizing safety certification, which is characterized in that including IC card end, mobile terminal and server system;
The IC card end is configured with device as claimed in claim 12, and the mobile terminal configuration has as claimed in claim 13
Device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610885216.XA CN106209386B (en) | 2016-10-10 | 2016-10-10 | A kind of methods, devices and systems for realizing safety certification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610885216.XA CN106209386B (en) | 2016-10-10 | 2016-10-10 | A kind of methods, devices and systems for realizing safety certification |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106209386A CN106209386A (en) | 2016-12-07 |
CN106209386B true CN106209386B (en) | 2019-09-27 |
Family
ID=57521199
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610885216.XA Active CN106209386B (en) | 2016-10-10 | 2016-10-10 | A kind of methods, devices and systems for realizing safety certification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106209386B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107330700A (en) * | 2017-07-04 | 2017-11-07 | 易联众信息技术股份有限公司 | A kind of card security certification payment system |
CN107295011B (en) * | 2017-08-04 | 2020-09-04 | 杭州安恒信息技术股份有限公司 | Webpage security authentication method and device |
CN112866228B (en) * | 2017-09-28 | 2023-04-18 | 中国银联股份有限公司 | Method and device for controlling unauthorized access of web system |
CN111062014A (en) * | 2019-12-24 | 2020-04-24 | 中国银行股份有限公司 | Security authentication method and device and electronic equipment |
CN114492489B (en) * | 2022-01-24 | 2022-10-21 | 芯电智联(北京)科技有限公司 | NFC label verification system based on dynamic data |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101131756A (en) * | 2006-08-24 | 2008-02-27 | 联想(北京)有限公司 | Security authentication system, device and method for electric cash charge of mobile paying device |
CN102542503A (en) * | 2010-12-09 | 2012-07-04 | 同方股份有限公司 | System and method for realizing bank security transaction by mobile communication terminal |
CN104320779A (en) * | 2014-11-13 | 2015-01-28 | 熊文俊 | Near field communication authentication method based on U/SIM card authentication response and time-limited feedback |
CN105046489A (en) * | 2015-06-26 | 2015-11-11 | 深圳国微技术有限公司 | Mobile payment method, mobile payment device and mobile payment |
-
2016
- 2016-10-10 CN CN201610885216.XA patent/CN106209386B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101131756A (en) * | 2006-08-24 | 2008-02-27 | 联想(北京)有限公司 | Security authentication system, device and method for electric cash charge of mobile paying device |
CN102542503A (en) * | 2010-12-09 | 2012-07-04 | 同方股份有限公司 | System and method for realizing bank security transaction by mobile communication terminal |
CN104320779A (en) * | 2014-11-13 | 2015-01-28 | 熊文俊 | Near field communication authentication method based on U/SIM card authentication response and time-limited feedback |
CN105046489A (en) * | 2015-06-26 | 2015-11-11 | 深圳国微技术有限公司 | Mobile payment method, mobile payment device and mobile payment |
Also Published As
Publication number | Publication date |
---|---|
CN106209386A (en) | 2016-12-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106209386B (en) | A kind of methods, devices and systems for realizing safety certification | |
EP1710980B1 (en) | Authentication services using mobile device | |
US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
CN101221641B (en) | On-line trading method and its safety affirmation equipment | |
US10504110B2 (en) | Application system for mobile payment and method for providing and using mobile means for payment | |
CN105897721B (en) | Verify the method and device of fiscard user identity reliability | |
CN107248075A (en) | A kind of method and device for realizing bidirectional authentication of smart secret key equipment and transaction | |
CN107609866A (en) | E-payment based on ideal money, electronic funds method and device | |
WO2012155644A1 (en) | Bill entrustment payment management method, device, and system | |
CN101340294A (en) | Cipher keyboard apparatus and implementing method thereof | |
CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
TWI591553B (en) | Systems and methods for mobile devices to trade financial documents | |
CN106716916A (en) | Authentication system and method | |
CN108234385A (en) | A kind of method for authenticating user identity and device | |
WO2015065249A1 (en) | Method and system for protecting information against unauthorized use (variants) | |
CA3040776A1 (en) | Coordinator managed payments | |
CN105989486A (en) | Payment security processing method, device and system | |
CN103268436A (en) | Method and system for touch-screen based graphical password authentication in mobile payment | |
CN106330888B (en) | The method and device of payment safety in a kind of guarantee the Internet line | |
EP2138970A1 (en) | Ordering scheme | |
CN107506998A (en) | Fingerprint password payment method, device and system based on NFC verification | |
US20160300220A1 (en) | System and method for enabling a secure transaction between users | |
CN105591746B (en) | A kind of processing method and processing system of online binding accepting terminal | |
CN101425901A (en) | Control method and device for customer identity verification in processing terminals | |
CN108768655A (en) | Dynamic password formation method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |