CN106533695B - A kind of safety certifying method and equipment - Google Patents

A kind of safety certifying method and equipment Download PDF

Info

Publication number
CN106533695B
CN106533695B CN201611004636.9A CN201611004636A CN106533695B CN 106533695 B CN106533695 B CN 106533695B CN 201611004636 A CN201611004636 A CN 201611004636A CN 106533695 B CN106533695 B CN 106533695B
Authority
CN
China
Prior art keywords
server
target
target terminal
terminal
business information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611004636.9A
Other languages
Chinese (zh)
Other versions
CN106533695A (en
Inventor
靳松
张强
陈良
周飞
赵广
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Huada Zhibao Electronic System Co Ltd
Original Assignee
Beijing Huada Zhibao Electronic System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Huada Zhibao Electronic System Co Ltd filed Critical Beijing Huada Zhibao Electronic System Co Ltd
Priority to CN201611004636.9A priority Critical patent/CN106533695B/en
Publication of CN106533695A publication Critical patent/CN106533695A/en
Application granted granted Critical
Publication of CN106533695B publication Critical patent/CN106533695B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

The embodiment of the invention discloses a kind of safety certifying method and equipment, wherein method includes: that target terminal is established target with first terminal and connect, and is carried out data transmission between server so that target terminal is connected by the target;Target terminal sends online registration request to server, so that server determines that target terminal is online according to the online registration request;Target terminal receives the business information that server is sent, which is generated by server according to the service request that second terminal is sent, and the service request is associated with target terminal;The target terminal generates Target Signature result according to business information;The Target Signature result is fed back to server by the target terminal, so that server is according to the Target Signature result treatment service request.

Description

A kind of safety certifying method and equipment
Technical field
The present invention relates to the communications field more particularly to a kind of safety certifying method and equipment.
Background technique
In the case where Network Security Vulnerabilities are increasingly serious, the KEY that has been born (intelligent code key) this authentication is produced Product are mainly used for the fields such as e-commerce, E-Government, such as Web bank, e-payment, identify as network user identity With " intelligent code key " of data protection.Its built-in intelligence card chip, has certain secure memory space, can store user Private key and digital certificate, the certification to user identity may be implemented using the public key algorithm built in intelligent card chip.
In the prior art, it being limited by terminal form, different terminals needs to be adapted to the KEY of different shape, such as: mobile phone It is adapted to audio KEY, and the end PC is then adapted to USB KEY, bluetooth equipment is adapted to bluetooth KEY, and NFC device is adapted to NFC KEY.Work as mobile phone Data interaction is carried out with bank's background server, when bank's background server needs to verify user identity, user is needed in advance will Audio KEY is inserted into the audio interface of mobile phone, and handset identity audio KEY simultaneously downloads the corresponding driver of installation audio KEY And management software, to realize that audio KEY issues a verifying in the operation of mobile phone terminal, then from mobile phone to bank's background server Request, server are connected to after this request signature message issuing mobile phone, and message transmissions of signing are given the sound of mobile phone connection by mobile phone Frequency KEY, audio KEY pass through mobile phone back to bank's background server after executing signature operation to signature message.In the above process, The certification channel and mobile phone of audio KEY and bank's background server and the service channel of bank's background server require to lead to Cross mobile phone transmission data.Likewise, number when to the progress authentication of PC end subscriber between USB KEY and bank's background server User is also required in advance for the USB interface at the USB KEY insertion end PC according to interaction, and downloads installation driver operation at the end PC The USB KEY, then data interaction is carried out by the end PC and bank's background server, USB KEY also needs to transmit by the end PC Data.
As can be seen from the above scheme, existing KEY service channel and certification channel are same channel, and there are certain safety Hidden danger, how to efficiently separate two channels to improve the safety of KEY is that the technical program will solve the problems, such as.
In addition, existing KEY is when in use, need while online and the service request that server end issues is located in time Reason, otherwise the request is invalid, needs user to resubmit application when reusing, brings some inconvenience to user, this is also The technical program needs the problem solved.
Summary of the invention
The embodiment of the invention provides a kind of safety certifying method and equipment, it is intended to improve the safety of existing KEY transaction The convenience that property and user use.
In view of this, first aspect present invention provides a kind of safety certifying method, comprising:
Target terminal is established target with first terminal and is connect so that target terminal by the target connection with server it Between carry out data transmission;
Target terminal sends online registration request to server, so that server determines mesh according to the online registration request It is online to mark terminal;
Target terminal receives the business information that server is sent, which is sent by server according to second terminal Service request generates, and the service request is associated with target terminal;
Target terminal generates Target Signature result according to the business information;
The Target Signature result is fed back to server by target terminal so that server according to the Target Signature result at Manage service request.
Optionally, target connection includes wireless connection and wired connection.
It optionally, include target device sequence number in the online registration request, so that server is according to the target device Sequence number determines that target terminal is online, and the target device sequence number is associated with target terminal, and pre-saves in server.
Optionally, target terminal includes: according to business information generation Target Signature result
Target terminal shows the business information;
When user's operation target terminal, which receives the operational order of user's input;
The target terminal signs business information according to the operational order to obtain Target Signature result.
Second aspect of the present invention provides a kind of safety certifying method, comprising:
Server receives the online registration request that target terminal is sent, which passes through first by target terminal Terminal to server is sent, and establishing between the target terminal and first terminal has target connection;
Server determines that target terminal is online according to the online registration request;
Server searches the associated business information of the target terminal, which is sent by server according to second terminal Service request generate, the service request is associated with target terminal;
The business information is sent to target terminal by server, so that target terminal generates target according to the business information Signature result;
Server receives the Target Signature result of target terminal feedback;
Server is according to the Target Signature result treatment service request.
Optionally, which determines target terminal online according to the online registration request and includes:
Server determines that target terminal is online according to the target device sequence number carried in the online registration request, the target Equipment Serial Number is associated with target terminal.
Optionally, this method further include:
If server determines that target terminal is online, which is written online list of devices for target terminal.
Optionally, the server lookup associated business information of target terminal includes:
Server receives the service request that second terminal is sent, and includes user account information in the service request;
Server searches the target device sequence number with user account information binding, the mesh according to the user account information Marking device sequence number is stored in the server;
Server determines target terminal according to the target device sequence number;
Server determines that the associated business information of target terminal, the business information are raw according to service request by server At.
Optionally, this method further include:
If target terminal is not online, which is written transaction list to be processed by server;
The server poll online equipment list is until target terminal is online;
Server extracts business information in the transaction list to be processed;
The business information is sent to target terminal by server.
Optionally, after server is according to the Target Signature result treatment service request, this method further include:
The service request processing result is fed back to target terminal by server.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
In the embodiment of the present invention, target terminal is established target with first terminal and is connect first, so that target terminal passes through Carry out data transmission between target connection and server;Secondly, target terminal sends online registration request to server, so that It obtains server and determines that target terminal is online according to the online registration request;Again, target terminal receives the business that server is sent Information, the business information are generated by server according to the service request that second terminal is sent, the service request and target terminal phase Association;The target terminal generates Target Signature result according to business information;The target terminal feeds back to the Target Signature result Server, so that server is according to the Target Signature result treatment service request.It follows that target terminal is by with first The target connection that terminal is established, the target terminal can handle the service request that second terminal is initiated to server, can be improved The convenience that the safety and user that existing target terminal KEY trades use.
Detailed description of the invention
Fig. 1 is one architecture diagram of security certification system in the embodiment of the present invention;
Fig. 2 is safety certifying method one embodiment schematic diagram in the embodiment of the present invention;
Fig. 3 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;
Fig. 4 is another architecture diagram of security certification system in the embodiment of the present invention;
Fig. 5 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;
Fig. 6 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;
Fig. 7 is target terminal one embodiment schematic diagram in the embodiment of the present invention;
Fig. 8 is server one embodiment schematic diagram in the embodiment of the present invention;
Fig. 9 is another embodiment schematic diagram of server in the embodiment of the present invention.
Specific embodiment
The embodiment of the invention provides a kind of safety certifying method and equipment, it is intended to improve the safety of existing KEY transaction The convenience that property and user use.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those skilled in the art's every other implementation obtained without creative efforts Example, shall fall within the protection scope of the present invention.
Description and claims of this specification and term " first ", " second ", " third ", " in above-mentioned attached drawing The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiments described herein can be in addition to illustrating herein Or the sequence other than the content of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that Cover it is non-exclusive include, for example, containing the process, method, system, product or equipment of a series of steps or units need not limit In step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, produce The other step or units of product or equipment inherently.
It should be understood that the present invention is applied to security certification system, referring to Fig. 1, Fig. 1 is safety certification in the embodiment of the present invention System architecture diagram.As shown in Figure 1, having included at least a target terminal, a first terminal, one in the security certification system Second terminal and a server, wherein target connection is constructed between target terminal and first terminal, target connection can To be that wired connection is also possible to be wirelessly connected, target terminal can be carried out data transmission by target connection with server, It is constructed between target terminal, first terminal and server three for authentication data (including Target Signature result, business Information etc.) interaction certification channel;And service channel is built between second terminal and server, which is used for business Data (including service request, business information processing result etc.) interaction.
It should be noted that first terminal and second terminal include but is not limited to personal computer (Personal Computer, PC), mobile phone, tablet computer, point-of-sale terminal (Point Of Sale, POS), intelligent gateway, ATM Terminal devices such as (Automatic Teller Machine, ATM).In practical application, second terminal and first terminal are generally not It is the same equipment, but may be same equipment.
For ease of understanding, the safety certifying method in the embodiment of the present invention is introduced below, it should be noted that In the embodiment of the present invention, the business that user's operation second terminal is carried out includes but is not limited to the on-line payment function of Web bank Can, the present embodiment is illustrated by taking the on-line payment function of Web bank as an example, referring to Fig. 2, safety in the embodiment of the present invention Authentication method one embodiment includes:
201, target terminal and first terminal establish target connection;
In the present embodiment, target terminal can establish target with first terminal and connect, wherein target connection can be nothing Line connection, such as: bluetooth, Wireless Fidelity WIFI, purple honeybee ZigBee and the short distance wireless communication technology (Near Field Communication, NFC) etc., target connection can also be wired connection, such as: universal serial bus (Universal Serial Bus, USB), audio interface etc., specifically herein without limitation.
It should be noted that such as bluetooth connection, the target terminal can pass through search when target is connected as being wirelessly connected First terminal establishes connection, is also possible to establish connection by first terminal search target terminal;When target is connected as wired company When connecing, such as USB connection, target terminal also can be inserted first terminal and establish connection, specifically herein without limitation.
It can also include a start button on the target terminal, user can be by pressing the starting in the present embodiment Button starts the target terminal.It should be noted that the start button can be fingerprint recognition button, iris recognition can also be Button, specifically herein without limitation.
It is understood that personal identification number (Personal Identification can also be arranged in target terminal Number, PIN), which can be as set by user.
202, target terminal sends online registration request to server;
In the present embodiment, by connecting with the target that first terminal is established, which can send to server Line registration request, wherein may include target device sequence number in the online registration request, the target device sequence number, that is, target The equipment Serial Number of terminal.
It should be noted that network protocol (the Internet of server can be previously stored in target terminal Protocol, IP) address, by the IP address of the server, target terminal can send online registration request to the server.
203, server determines that target terminal is online according to online registration request;
In the present embodiment, server can receive the online registration request of target terminal transmission, wherein server can be with The target device sequence number carried in the online registration request is detected, i.e. server can be by the target device sequence number and service Equipment Serial Number in device in pre-stored equipment Serial Number list is matched, if successful match, which can be with Determine that the target device sequence number is effective.
It should be noted that the target device sequence number can from user to server application by user information (user Account information etc.) with target terminal bind when, which is uploaded in server, which can be by the target device Sequence number is stored into equipment Serial Number list;Alternatively, generated by the server and be issued in the target terminal, the server The target device sequence number can also be stored into equipment Serial Number list, specifically herein without limitation.
In the present embodiment, if the server determines that the target device sequence number is effective, which can determine target end End is online.
It should be noted that when the server judges whether the target device sequence number is effective, which can also be with Challenge code is generated, which can be the random number that server generates at random, be also possible to current time, specifically herein not It limits.
Wherein, which can be sent to target terminal by server, which can carry out the challenge code It signs and signature result is fed back into server, if the server is to signature result sign test success, which can be true The fixed target terminal is effective, and then determines that the target terminal is online;If server is unsuccessful to the signature result sign test, the clothes Business device can refuse the online registration request of the target terminal.
It should be noted that the sign test result can also be fed back to target terminal by the server, which can also To show the sign test as a result, specifically herein without limitation.
In the present embodiment, if server determines that the target terminal is online, which can be written in the target terminal In line list of devices, i.e., server the target device sequence number of the target terminal can be written in online list of devices, service Device can determine that the target terminal is online by searching for the target device sequence number in the online equipment list.It is understood that It is that, if the server refuses the online registration request of the target terminal, which can refuse for the target terminal to be written in In line list of devices.
204, server is searched and the associated business information of target terminal and is sent to target terminal;
In the present embodiment, if server determines that the target terminal is online, which can pass through the mesh of the target terminal Marking device sequence number is searched and the associated business information of the target terminal.
Wherein, which can be the service request that second terminal is sent to server, should by server foundation What service request generated.For example, the second terminal can be sent to server when user's operation second terminal carries out on-line payment (i.e. service request) is requested in on-line payment, and server can extract transaction number entrained in on-line payment request, payment Account, Payment Amount and collecting account and generate the on-line payment and request corresponding business information, the wherein Send only Account It can be the user account, server can extract the user account information.
Server can inquire target device sequence number bound in the user account information, which also can detecte Whether target device sequence number bound in the user account information is effective, i.e., the server by the target device sequence number and takes Equipment Serial Number in business device in pre-stored equipment Serial Number list is matched, if successful match, the server is true The fixed target device sequence number is effective.
It should be noted that user is when applying for target terminal, can by the target device sequence number of the target terminal with User account information binding saves in the server.
It should be noted that the target device sequence number based on the target terminal, when received server-side to second terminal After the service request of transmission, while generating business information corresponding with the service request, it can be generated corresponding with target terminal Transaction list to be processed, and business information is written in the transaction list to be processed.Server can be arranged with poll online equipment Table searches in the online equipment list target device sequence number to determine the target terminal, if online, which can will Business information in the corresponding transaction list to be processed of the target terminal is sent to the target terminal.
If the target terminal is not online, server can be hung up the affairs to be processed, and can be with the poll online equipment List, until the target terminal is online.
It is worth noting that: the server can not also establish transaction list to be processed corresponding with the target terminal, and It is whether direct detection target terminal is online, if online be directly sent to target terminal processing for business information, if do not existed Line then establishes transaction list to be processed and hangs up the affairs to be processed, and poll online equipment list, until on the target terminal Line.
205, target terminal generates Target Signature result according to the business information received;
In the present embodiment, target terminal can receive the business information of server transmission, wherein target terminal can be The display screen display of the target terminal business information.It should be noted that the server is sent to the business of target terminal Information can request corresponding business information for above-mentioned on-line payment, i.e., may include transaction number in the business information, pay Money account, Payment Amount and collecting account, the target terminal can show above- mentioned information.
In the present embodiment, user can check the business information that the target terminal is shown, wherein the target terminal can wrap Containing acknowledgement key and cancel key, when the user clicks when acknowledgement key, which can be determined that user confirmed the business information, Receive the business information;When the user clicks when cancel key, which can be determined that user does not confirm the business information, Refuse the business information.It is understood that above-mentioned acknowledgement key is also possible to fingerprint acknowledgement key, pass through pre-stored user Fingerprint can identify whether user clicks confirmation.Also, if user's time-out does not operate target terminal, and which can also sentence Determine user and refuse the business information, which can be the pre-set time.
It should be noted that when the user clicks acknowledgement key when, the target terminal can be signed to the business information and Generate Target Signature result.It should be understood that the target terminal can be used based on public keys system (Public Key Infrastructure, PKI) certification mode sign to business information.
And when the user clicks after cancel key, which can be generated cancellation operational order and feeds back to server, service Device can refuse the service request that processing second terminal is submitted according to the cancellation operational order.It is understood that if target is whole End is done nothing within scheduled operating time or server does not receive target terminal within effective time Feedback, server equally can be determined that time-out and carry out cancellation operation, refusal processing second terminal submit service request.Its In, which can be by the raw manufacturer's factory preset of target terminal, and the effective time of the server can be by server Operator according to operation demand setting, specifically herein without limitation.
Optionally, which can also be shown containing upturning key and downturning key with the multipage for realizing display screen, be used Family can click upturning key or downturning key checks whole business information.
Optionally, which can also store the business information received, user can by upturning key or under It turns over key and transfers the historical record for consulting business information.
206, Target Signature result is fed back to server by target terminal;
In the present embodiment, Target Signature result can be fed back to server by target terminal, it should be noted that if user It operates target terminal and clicks cancel key, which also can be generated cancellation operational order and feed back to server.
207, server is according to Target Signature result treatment service request.
In the present embodiment, server can receive the Target Signature of target terminal feedback as a result, simultaneously according to the Target Signature The above-mentioned service request of result treatment.
Specifically, server is after the Target Signature result for receiving target terminal transmission, to the Target Signature result Sign test is carried out, if server confirmation sign test passes through, server can execute service request transmitted by second terminal.Wherein, Server is also possible to carry out sign test to the Target Signature result using the certification mode based on PKI herein.
It should be noted that if server does not pass through Target Signature result sign test, alternatively, server receives target end The cancellation operational order sent is held, which can refuse to execute the service request that above-mentioned second terminal is submitted.It is understood that , server can also refuse to execute the industry of second terminal submission when time-out does not obtain any feedback of target terminal Business request.
Optionally, as shown in figure 3, the service request processing result can be fed back to second terminal, Yi Jiye by server Target terminal can be fed back to, may include that server executes the service request in result, also may include server refusal Execute the service request.
It should be noted that the second terminal can be when receiving the service request processing result of server transmission, it can Showing the service request processing result on the display screen of second terminal, i.e., business is submitted to ask to server in second terminal The service request processing result is shown on the page asked.
It is understood that the target terminal can also show received service request processing result.
Based on safety certifying method shown in Fig. 2, which can also be by cloud platform server and background server Composition, the system architecture diagram of security certification system can be as shown in Figure 4.
The safety certifying method comprising cloud platform server is described below, referring to Fig. 5, in the embodiment of the present invention Another embodiment of safety certifying method includes:
In the present embodiment, step 501 is identical as step 201 in embodiment illustrated in fig. 2, is not repeated herein.
502, target terminal sends online registration request to cloud platform server;
In the present embodiment, by connecting with the target that first terminal is established, which can be to cloud platform server Send online registration request, wherein may include target device sequence number in the online registration request, the target device sequence number That is the equipment Serial Number of target terminal.
It should be noted that network protocol (the Internet of cloud platform server can be previously stored in target terminal Protocol, IP) address, by the IP address of the server, target terminal can send online note to the cloud platform server Volume request.
503, cloud platform server determines that target terminal is online according to online registration request;
In the present embodiment, cloud platform server can receive the online registration request of target terminal transmission, wherein Yun Ping Platform server can detecte the target device sequence number carried in the online registration request, i.e. cloud platform server can be by the mesh Marking device sequence number is matched with the equipment Serial Number in equipment Serial Number list pre-stored in cloud platform server, if Successful match, then the cloud platform server can determine that the target device sequence number is effective.
It should be noted that the target device sequence number can from user to background server application by user information When (user account information etc.) and target terminal are bound, which is uploaded in background server;Alternatively, being taken by the backstage Business device is generated and is issued in the target terminal.The target device sequence number can be sent to cloud platform clothes by the background server Business device, which is stored into equipment Serial Number list, do not limit herein specifically by the cloud platform server It is fixed.
In the present embodiment, if the cloud platform server determines that the target device sequence number is effective, which can To determine that target terminal is online.
It should be noted that when the cloud platform server judges that the target device sequence number is effective, the cloud platform service Challenge code also can be generated in device, which can be the random number that cloud platform server generates at random, is also possible to current Time, specifically herein without limitation.
Wherein, which can be sent to target terminal by cloud platform server, which can be to the challenge Code carry out sign and signature result is fed back into cloud platform server, if the cloud platform server to the signature result sign test at Function, then the cloud platform server can determine that the target terminal is effective, and then determine that the target terminal is online;If cloud platform service Device is unsuccessful to the signature result sign test, then the cloud platform server can refuse the online registration request of the target terminal.
It should be noted that the sign test result can also be fed back to target terminal by the cloud platform server, the target is whole End can also show the sign test as a result, specifically herein without limitation.
In the present embodiment, if cloud platform server determines that the target terminal is online, which can be by the mesh It marks terminal to be written in online list of devices, i.e., the target device sequence number of the target terminal can be written in by cloud platform server In line list of devices, cloud platform server can determine the mesh by searching for the target device sequence number in the online equipment list It is online to mark terminal.It is understood that if the cloud platform server refuses the online registration request of the target terminal, the cloud platform Server can be refused the target terminal to be written in online list of devices.
504, cloud platform server is searched and the associated business information of target terminal and is sent to target terminal;
In the present embodiment, if cloud platform server determines that the target terminal is online, which can be by this The target device sequence number of target terminal is searched and the associated business information of the target terminal.
Wherein, which can be the service request that second terminal is sent to background server, by the background service Device generates and sends according to the service request to cloud platform server.For example, when user's operation second terminal carries out on-line payment, The second terminal can send online payment request (i.e. service request) to background server, which can extract this Entrained transaction number, Send only Account, Payment Amount and collecting account in on-line payment request and generate the on-line payment Corresponding business information is requested, and the business information is sent to cloud platform server, wherein the Send only Account can be to be somebody's turn to do User account extracts the user account information by the background server and is sent to cloud platform server.
It should be noted that cloud platform server can inquire target device sequence bound in the user account information Number, whether which also can detecte target device sequence number bound in the user account information effective, i.e., should Cloud platform server is by the target device sequence number and setting in equipment Serial Number list pre-stored in cloud platform server Standby sequence number is matched, if successful match, which determines that the target device sequence number is effective.
It should be noted that the target device sequence number based on the target terminal, after cloud platform received server-side arrives While the business information that platform server is sent, transaction list to be processed corresponding with target terminal can be generated, and by business Information is written in the transaction list to be processed.Cloud platform server can search online equipment column with poll online equipment list The target device sequence number is in table to determine the target terminal, if online, which can be by the target terminal pair The business information in transaction list to be processed answered is sent to the target terminal.
If the target terminal is not online, cloud platform server can be hung up the affairs to be processed, and can be somebody's turn to do with poll Line list of devices, until the target terminal is online.
It is worth noting that: the cloud platform server can not also establish affairs column to be processed corresponding with the target terminal Table, but whether directly detection target terminal is online, if online be directly sent to target terminal processing for business information, if It is not online, then it establishes transaction list to be processed and hangs up the affairs to be processed, and poll online equipment list, until target end It holds online.
In the present embodiment, step 505 is identical as step 205 in embodiment illustrated in fig. 2, is not repeated herein.
506, Target Signature result is fed back to cloud platform server by target terminal;
In the present embodiment, Target Signature result can be fed back to cloud platform server by target terminal, it should be noted that If user's operation target terminal clicks cancel key, which also can be generated cancellation operational order and feeds back to cloud platform service Device.
507, Target Signature result is sent to background server by cloud platform server;
In the present embodiment, Target Signature result can be forwarded to background server by cloud platform server, need to illustrate It is that, if cloud platform server receives the cancellation operational order of target terminal feedback, which can also should Cancel operational order and is forwarded to background server.
508, background server is according to Target Signature result treatment service request.
In the present embodiment, background server can receive the Target Signature of cloud platform server forwarding as a result, simultaneously foundation should The above-mentioned service request of Target Signature result treatment.
Specifically, background server carries out sign test to the Target Signature result after receiving Target Signature result, if Background server confirmation sign test passes through, then background server can execute service request transmitted by second terminal.Wherein, herein Background server is also possible to carry out sign test to the Target Signature result using the certification mode based on PKI.
It should be noted that if background server does not pass through Target Signature result sign test, alternatively, background server receives The cancellation operational order forwarded to cloud platform server, the background server can be refused to execute the industry that above-mentioned second terminal is submitted Business request.It is understood that the background server can also be refused when time-out does not obtain any feedback of cloud platform server The service request of second terminal submission is executed absolutely.
Optionally, as shown in fig. 6, the service request processing result can be fed back to second terminal by background server, with And target terminal can also be fed back to, it may include that background server executes the service request in result, after also may include Platform server refusal executes the service request.
It should be noted that the second terminal can upon receipt platform server send service request processing result When, which can be shown on the display screen of second terminal, i.e., in second terminal to background server It submits and shows the service request processing result on the page of service request.
It is understood that the target terminal can also show received service request processing result.
The target terminal in the embodiment of the present invention is introduced below, referring to Fig. 7, Fig. 7 is in the embodiment of the present invention Target terminal one embodiment includes:
Link block 701 is connect for establishing target with first terminal so that target terminal by the target connection with Carry out data transmission between server;
Sending module 702, for sending online registration request to server, so that server is asked according to the online registration Ask determining target terminal online;
Receiving module 703, for receiving the business information of server transmission, the business information is whole according to second by server The service request that end is sent generates, and the service request is associated with target terminal;
Generation module 704, for generating Target Signature result according to business information;
Feedback module 705, for Target Signature result to be fed back to server, so that server is according to Target Signature knot Fruit handles the service request.
Optionally, in some embodiments of the invention, target connection includes wireless connection and wired connection.
It optionally, in some embodiments of the invention, include target device sequence number in the online registration request, so that It obtains server and determines that target terminal is online according to the target device sequence number, the target device sequence number is related to target terminal Connection, and pre-save in server.
Optionally, in some embodiments of the invention, generation module 704 is specifically used for display business information;
When user's operation, the operational order of user's input is received;
Business information is signed according to the operational order to obtain Target Signature result.
The server in the embodiment of the present invention is introduced below, wherein the server can be real as shown in Figure 5 above The server in example is applied, can be made of cloud platform server and background server.Though being serviced in the present embodiment with one Device is illustrated, but does not limit it as a server, and module therein can also be located in different servers.
Referring to Fig. 8, Fig. 8 is that server one embodiment includes: in the embodiment of the present invention
First receiving module 801, for receiving the online registration request of target terminal transmission, the online registration request is by mesh It marks terminal and is sent by first terminal to server, establishing between the target terminal and first terminal has target connection;
Determining module 802, for determining that target terminal is online according to online registration request;
Searching module 803, for searching the associated business information of target terminal, the business information is by server according to second The service request that terminal is sent generates, and the service request is associated with target terminal;
Sending module 804, for business information to be sent to target terminal, so that target terminal is raw according to business information At Target Signature result;
Second receiving module 805, for receiving the Target Signature result of target terminal feedback;
Processing module 806, for according to Target Signature result treatment service request.
Optionally, in some embodiments of the invention, determining module 802 is specifically used for taking according in online registration request The target device sequence number of band determines that target terminal is online, and the target device sequence number is associated with target terminal.
Optionally, in some embodiments of the invention, determining module 802 is specifically also used to if it is determined that target terminal exists Then online list of devices is written in target terminal by line.
Optionally, in some embodiments of the invention, searching module 803 is specifically used for receiving the industry that second terminal is sent Business is requested, and includes user account information in the service request;
The target device sequence number with user account information binding, the target device sequence are searched according to user account information Number it is stored in server;
Target terminal is determined according to target device sequence number;
Determine that the associated business information of target terminal, the business information are generated by server according to service request.
Optionally, in some embodiments of the invention, if the specific target terminal that is also used to of determining module 802 is not online, Transaction list to be processed then is written into business information;
The list of poll online equipment is until target terminal is online;
Extract business information in transaction list to be processed;
Business information is sent to target terminal.
Optionally, in some embodiments of the invention, as shown in figure 9, the server can also include:
Feedback module 807, for service request processing result to be fed back to target terminal.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention Portion or part steps.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. are various can store program The medium of code.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these It modifies or replaces, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.

Claims (8)

1. a kind of safety certifying method characterized by comprising
Target terminal is established target with first terminal and is connect, so that the target terminal is connected by the target and server Between carry out data transmission;
The target terminal sends online registration request to the server, includes target device sequence in the online registration request Row number, so that the server determines that the target terminal is online according to the target device sequence number, the target device Sequence number is associated with the target terminal, and pre-saves in the server;
The target terminal receives the business information that the server is sent, and the business information is by the server according to second The service request that terminal is sent generates, and the service request is associated with the target terminal;
The target terminal generates Target Signature result according to the business information;
The Target Signature result is fed back to the server by the target terminal, so that the server is according to the mesh Service request described in tag name result treatment;
Wherein, it is constructed between the target terminal, the first terminal and server three for authentication data interaction Authenticate channel;
The service channel for service data interaction is built between the second terminal and the server.
2. safety certifying method according to claim 1, which is characterized in that target connection include be wirelessly connected and Wired connection.
3. safety certifying method according to claim 1 or 2, which is characterized in that the target terminal is according to the business Information generates Target Signature result
The target terminal shows the business information;
When the target terminal described in the user's operation, the target terminal receives the operational order of user's input;
The target terminal signs the business information according to the operational order to obtain the Target Signature result.
4. a kind of safety certifying method characterized by comprising
Server receives the online registration request that target terminal is sent, and the online registration request passes through the by the target terminal One terminal is sent to the server, and establishing between the target terminal and the first terminal has target connection;
The server determines that the target terminal is online according to the target device sequence number carried in the online registration request, The target device sequence number is associated with the target terminal;
The server searches the associated business information of target terminal, and the business information is by the server according to second The service request that terminal is sent generates, and the service request is associated with the target terminal;
The business information is sent to the target terminal by the server, so that the target terminal is according to the business Information generates Target Signature result;
The server receives the Target Signature result of the target terminal feedback;
Server service request according to the Target Signature result treatment;
Wherein, it is constructed between the target terminal, the first terminal and server three for authentication data interaction Authenticate channel;
The service channel for service data interaction is built between the second terminal and the server.
5. safety certifying method according to claim 4, which is characterized in that the method also includes:
If the server determines that the target terminal is online, the online equipment is written in the target terminal by the server List.
6. safety certifying method according to claim 4, which is characterized in that the server is searched the target terminal and closed The business information of connection includes:
The server receives the service request that second terminal is sent, and includes user account information in the service request;
The server searches the target device sequence number with user account information binding according to the user account information, The target device sequence number is stored in the server;
The server determines the target terminal according to the target device sequence number;
The server determines the associated business information of the target terminal, and the business information is by the server according to institute State service request generation.
7. safety certifying method according to claim 5 or 6, which is characterized in that the method also includes:
If the target terminal is not online, transaction list to be processed is written in the business information by the server;
Online equipment list described in the server poll is until the target terminal is online;
The server extracts business information described in the transaction list to be processed;
The business information is sent to the target terminal by the server.
8. safety certifying method according to claim 7, which is characterized in that the server is according to the Target Signature knot After fruit handles the service request, the method also includes:
The service request processing result is fed back to the target terminal by the server.
CN201611004636.9A 2016-11-15 2016-11-15 A kind of safety certifying method and equipment Active CN106533695B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611004636.9A CN106533695B (en) 2016-11-15 2016-11-15 A kind of safety certifying method and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611004636.9A CN106533695B (en) 2016-11-15 2016-11-15 A kind of safety certifying method and equipment

Publications (2)

Publication Number Publication Date
CN106533695A CN106533695A (en) 2017-03-22
CN106533695B true CN106533695B (en) 2019-10-25

Family

ID=58351880

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611004636.9A Active CN106533695B (en) 2016-11-15 2016-11-15 A kind of safety certifying method and equipment

Country Status (1)

Country Link
CN (1) CN106533695B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108023794B (en) * 2017-12-04 2020-12-15 四川长虹电器股份有限公司 Equipment access control method and device
CN114500237A (en) * 2022-01-05 2022-05-13 北京世格电讯科技有限公司 Communication method and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616146A (en) * 2009-07-28 2009-12-30 西安电子科技大学 Based on third-party digital signature identification system and authentication method
CN103220281A (en) * 2013-04-03 2013-07-24 天地融科技股份有限公司 Information processing method and system
CN103366278A (en) * 2013-06-04 2013-10-23 天地融科技股份有限公司 Method and system for processing operation request
CN104601327A (en) * 2013-12-30 2015-05-06 腾讯科技(深圳)有限公司 Safe verification method, relative apparatus and system
CN104751334A (en) * 2013-12-31 2015-07-01 腾讯科技(深圳)有限公司 Service processing method, device and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002074223A (en) * 2000-08-25 2002-03-15 Fujitsu Ltd Authentication processing method, authentication processing system, settlement method, user device, and storage medium in which program to perform authentication processing is stored
CN101840549A (en) * 2010-05-17 2010-09-22 成都中联信通科技有限公司 System and method for realizing mobile payment in internet sales

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101616146A (en) * 2009-07-28 2009-12-30 西安电子科技大学 Based on third-party digital signature identification system and authentication method
CN103220281A (en) * 2013-04-03 2013-07-24 天地融科技股份有限公司 Information processing method and system
CN103366278A (en) * 2013-06-04 2013-10-23 天地融科技股份有限公司 Method and system for processing operation request
CN104601327A (en) * 2013-12-30 2015-05-06 腾讯科技(深圳)有限公司 Safe verification method, relative apparatus and system
CN104751334A (en) * 2013-12-31 2015-07-01 腾讯科技(深圳)有限公司 Service processing method, device and system

Also Published As

Publication number Publication date
CN106533695A (en) 2017-03-22

Similar Documents

Publication Publication Date Title
CN104836780B (en) Data interactive method, checking terminal, server and system
CN104077689B (en) A kind of method of Information Authentication, relevant apparatus and system
CN104063644B (en) The method of fingerprint recognition, terminal and server
CN104599121B (en) Information transmission method, device and system
CN103747012B (en) Safe verification method, the apparatus and system of network trading
CN105992306B (en) Binding method of terminal and home gateway
CN106169993A (en) A kind of safety certifying method, equipment and server
CN105337740B (en) A kind of auth method, client, trunking and server
CN110930147B (en) Offline payment method and device, electronic equipment and computer-readable storage medium
CN110932924B (en) Message pushing method and device for communication between APP and server
CN105898418A (en) Intelligent terminal, remote controller, and intelligent terminal payment method
CN101448257A (en) Control system for validating user terminal and control method thereof
CN105701692A (en) Electronic transaction writing-off method, electronic transaction writing-off client, electronic transaction writing-off server and electronic transaction writing-off system
CN103839160B (en) A kind of network trading digital signature method and device
CN106375444B (en) A kind of data processing method and cloud platform server
CN110278083A (en) ID authentication request treating method and apparatus, equipment replacement method and apparatus
CN106656969A (en) Payment state management method and system thereof, and network payment system
CN106533695B (en) A kind of safety certifying method and equipment
CN105447997A (en) Method for drawing money from ATM without card and intelligent terminal
CN108537532B (en) Resource transfer method, device and system based on near field communication and electronic equipment
CN109948370A (en) A kind of method for processing business based on block chain, device and electronic equipment
US20200372489A1 (en) Resource transfer based on near field communication
CN111385611B (en) Account login method of smart television, smart television and terminal equipment
CN107318100A (en) Method, apparatus and system for binding phone number
KR20170051916A (en) Mobile simple payment support device based on the connection information and operating method thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20170322

Assignee: HENGBAO Corp.

Assignor: BEIJING HUADA ZHIBAO ELECTRONIC SYSTEM Co.,Ltd.

Contract record no.: X2020990000515

Denomination of invention: A security authentication method and equipment

Granted publication date: 20191025

License type: Common License

Record date: 20200923