CN106713232A - Device and method of authenticating eID on mobile terminal - Google Patents
Device and method of authenticating eID on mobile terminal Download PDFInfo
- Publication number
- CN106713232A CN106713232A CN201510779655.8A CN201510779655A CN106713232A CN 106713232 A CN106713232 A CN 106713232A CN 201510779655 A CN201510779655 A CN 201510779655A CN 106713232 A CN106713232 A CN 106713232A
- Authority
- CN
- China
- Prior art keywords
- eid
- application program
- certifications
- information
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention provides a device and a method of authenticating an eID on a mobile terminal. The device is located in a browser kernel, the browser kernel provides an interface, and one or more applications of the mobile terminal can be accessed. The device comprises an authentication request receiving assembly, a reader calling assembly, an eID information acquisition assembly, an eID information authentication assembly and an authentication result receiving assembly. According to the embodiment of the invention, directly through the browser kernel to which the application itself is accessed, the eID authentication device is called, the eID information in an eID terminal carrier is acquired, the acquired eID information is transmitted to an eID unified authentication server for realizing eID authentication, special eID authentication software does not need to be developed or called, the eID authentication speed can be improved, and system resources consumed by operating the eID authentication software are saved.
Description
Technical field
The present invention relates to technical field of internet application, particularly a kind of dress of the eID of certification on mobile terminals
Put and method.
Background technology
Domestic network remote authentication at present commonly uses " association is compared " method, will user input
The personal information such as " name+identification card number ", pass to backstage and the correctness of personal information compared to come
Assert its identity." association is compared " method is primarily present Railway Project under the scene of large-scale application:(1)
Personal information is compared and can not correctly represent my actual wishes, it is impossible to is taken precautions against personal identification and is falsely used or usurped
Risk;(2) leakage of personal information is easily caused.Gather the network english teaching mechanism peace of personal information
Full level differs, the risk more and more higher that personal information is revealed on a large scale.
In face of problem above, based on cryptographic technique, with intelligent and safe chip as carrier, by the " Ministry of Public Security
Citizen's network identity identifying system " is signed and issued to eID (the Electronic Identity, network electronic body of citizen
Part mark), online on the premise of identity information is not revealed identity can be remotely recognized, citizen can be met and existed
Many security assurance requirements such as individual privacy, network trading and virtual assets.Thus, how to eID
It is authenticated turning into technical problem urgently to be resolved hurrily at present.
The content of the invention
In view of the above problems, it is proposed that the present invention overcomes above mentioned problem or at least in part to provide one kind
The device and corresponding method of the eID of certification on mobile terminals for solving the above problems.
According to an aspect of of the present present invention, there is provided a kind of device of the eID of certification on mobile terminals, positioned at clear
Look at device kernel, the browser kernel is accessed in the application program of the mobile terminal, and described device includes:
Certification request receiving unit, is suitable to receive the eID certification requests from the application program;
Reader has adjusted component, is suitable to adjust the reader of the eID information that can be read in eID terminals;
EID acquisition of information components, are suitable to obtain the eID information that the reader reads from eID terminals;
EID authentification of message components, are suitable to send the eID information for obtaining to eID unified certifications service
Device carries out authentification of message;
Authentication result receiving unit, is suitable to receive the authentication result that the eID unified certifications server is returned.
Alternatively, the eID certification requests are asked to initiate by the application program according to mobile payment.
Alternatively, described device also includes:
EID certification authorities determine component, and being suitable to have adjusted component to adjust in the reader can read eID ends
Before the reader of the eID information in the carrier of end, determine whether the application program has the power of eID certifications
Limit;Operation has been adjusted if so, then triggering the reader and having adjusted component to perform.
Alternatively, the eID certifications authority determines that component is further adapted for:
The application program is inquired about in eID certification white lists;
If inquiring, it is determined that the application program has the authority of eID certifications;
If not inquiring, it is determined that authority of the application program without eID certifications.
Alternatively, described device also includes:
Prompt message formation component, if being suitable to the eID certifications authority determines that component determines the application program
Authority without eID certifications, then generate the prompting letter of authority of the application program without eID certifications
Breath, and it is prompted to user.
Alternatively, the prompt message formation component is further adapted for:
After the prompt message for generating authority of the application program without eID certifications, described browsing has been adjusted
It is used to render the component of webpage in device kernel, is rendered comprising the prompting for rendering the component of webpage by described
The Webpage of information, and it is supplied to user.
Alternatively, described device also includes:
Authentication result processing assembly, is suitable to receive the eID unified certifications in the authentication result receiving unit
After the authentication result that server is returned, the treatment of specify information form is carried out to the authentication result;
Authentication result output precision, the authentication result after being suitable to treatment returns to the application program,
To enable that the application program determines whether that performing follow-up business grasps according to the authentication result after treatment
Make.
Alternatively, the eID terminals are the contactless eID cards based on NFC technique, the reading
It is the NFC unit on the mobile terminal to take device.
Alternatively, each component is the component increased newly in the browser kernel.
According to another aspect of the present invention, a kind of method of the eID of certification on mobile terminals is additionally provided, should
For browser kernel, the browser kernel is accessed in the application program of the mobile terminal, methods described
Including:
The eID certification requests from the application program are received, has been adjusted in can reading eID terminals
The reader of eID information;
Obtain the eID information that the reader reads from eID terminals;
The eID information for obtaining is sent to eID unified certifications server carries out authentification of message, and receives
The authentication result that the eID unified certifications server is returned.
Alternatively, the eID certification requests are asked to initiate by the application program according to mobile payment.
Alternatively, it is described before the reader for having adjusted the eID information in can reading eID terminals
Method also includes:
Determine whether the application program has the authority of eID certifications;
If so, then operation has been adjusted in triggering execution.
Optionally it is determined that whether the application program has the authority of eID certifications, including:
The application program is inquired about in eID certification white lists;
If inquiring, it is determined that the application program has the authority of eID certifications;
If not inquiring, it is determined that authority of the application program without eID certifications.
Alternatively, methods described also includes:
If it is determined that authority of the application program without eID certifications, then generate the application program and do not have
The prompt message of the authority of eID certifications;
The prompt message is prompted to user.
Alternatively, the prompt message is prompted to user, including:
Adjust for rendering the component of webpage in the browser kernel, by the component for rendering webpage
The Webpage comprising the prompt message is rendered, and is supplied to user.
Alternatively, after the authentication result that the eID unified certifications server is returned is received, also include:
The treatment of specify information form is carried out to the authentication result;
The authentication result after by treatment returns to the application program, to enable the application program
Determined whether to perform follow-up business operation according to the authentication result after treatment.
Alternatively, the eID terminals are the contactless eID cards based on NFC technique, the reading
It is the NFC unit on the mobile terminal to take device.
Alternatively, the browser kernel is the browser rendering engine based on Webkit depth optimizations of increasing income.
The device of the eID of certification on mobile terminals provided in an embodiment of the present invention, positioned at browser kernel, should
Browser kernel provides interface, in having access to one or more application programs of mobile terminal so that each
Application program can carry out eID certifications using the said apparatus in browser kernel, can apply various
EID certification scenes, such as mobile payment, so as to improve the security of mobile payment.Also, it is of the invention real
The browser kernel that example can be accessed directly by application program itself is applied, the device of its certification eID is called,
The eID information in eID terminals is obtained, and then the eID information of acquisition is sent to eID unified certifications
Server is realized to eID certifications, without developing or calling special eID certification softwares, it is possible to increase eID
Certification speed, saves the system resource that operation eID certification softwares are consumed.
Described above is only the general introduction of technical solution of the present invention, in order to better understand technology of the invention
Means, and being practiced according to the content of specification, and in order to allow above and other objects of the present invention,
Feature and advantage can become apparent, below especially exemplified by specific embodiment of the invention.
According to the accompanying drawings to the detailed description of the specific embodiment of the invention, those skilled in the art will
More understand of the invention above-mentioned and other purposes, advantages and features.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit are for ability
Domain those of ordinary skill will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and simultaneously
It is not considered as limitation of the present invention.And in whole accompanying drawing, identical is denoted by the same reference numerals
Part.In the accompanying drawings:
Fig. 1 shows the structure of the device of the eID of certification on mobile terminals according to an embodiment of the invention
Schematic diagram;
Fig. 2 shows the knot of the device of the eID of certification on mobile terminals in accordance with another embodiment of the present invention
Structure schematic diagram;
Fig. 3 shows the flow of the method for the eID of certification on mobile terminals according to an embodiment of the invention
Figure;And
Fig. 4 shows the stream of the method for the eID of certification on mobile terminals in accordance with another embodiment of the present invention
Cheng Tu.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although being shown in accompanying drawing
The exemplary embodiment of the disclosure, it being understood, however, that may be realized in various forms the disclosure without should be by
Embodiments set forth here is limited.Conversely, there is provided these embodiments are able to be best understood from this
It is open, and can by the scope of the present disclosure it is complete convey to those skilled in the art.
EID can be in a string of electronic information of one user identity of cyberspace unique mark.EID systems according to
The national citizenship information bank of support Ministry of Public Security covering, generates one group of unique network identifier and numeral is demonstrate,proved
Book, it is ensured that the authenticity and uniqueness of user identity, at the same itself and do not include any personal identification privacy
Information.EID related identification informations are created and management by unifying mechanism, so both ensure that the true of personal identification
Reality, and it is possible to prevente effectively from exposed when subscriber identity information is carried at various Virtual network operators and revealed
Risk.User can be avoided to frequently enter username and password using eID, ensureing identity security reliability
On the premise of realize quick login and other trusted operations.
EID the embodiment of the invention provides a kind of dress of the eID of certification on mobile terminals with terminal as carrier
Put, the device is located at browser kernel, and the browser kernel is based on Webkit depth optimizations of increasing income
Browser rendering engine, it provides interface, in having access to one or more application programs of mobile terminal.
Fig. 1 shows the structural representation of the device of the eID of certification on mobile terminals according to an embodiment of the invention
Figure.As shown in figure 1, the device 100 can at least be adjusted including certification request receiving unit 110, reader
Component 120, eID acquisition of information component 130, eID authentification of messages component 140 and authentication result is played to receive
Component 150.
Now introduce each composition or device of the device 100 of the eID of certification on mobile terminals of the embodiment of the present invention
Function and each several part between annexation:
Certification request receiving unit 110, is suitable to receive the eID certification requests from application program;
Reader has adjusted component 120, is coupled with certification request receiving unit 110, and being suitable to adjust to read
Take the reader of the eID information in eID terminals;
EID acquisition of information component 130, has adjusted component 120 to be coupled with reader, is suitable to obtain reader
From the eID information that eID terminals read;
EID authentification of messages component 140, is coupled with eID acquisition of information component 130, is suitable to acquisition
EID information sends to eID unified certifications server and carries out authentification of message;
Authentication result receiving unit 150, is coupled with eID authentification of messages component 140, is suitable to receive eID
The authentication result that unified certification server is returned.
The device of the eID of certification on mobile terminals provided in an embodiment of the present invention, positioned at browser kernel, should
Browser kernel provides interface, in having access to one or more application programs of mobile terminal so that each
Application program can carry out eID certifications using the said apparatus in browser kernel, can apply various
EID certification scenes, such as mobile payment, so as to improve the security of mobile payment.Also, it is of the invention real
The browser kernel that example can be accessed directly by application program itself is applied, the device of its certification eID is called,
The eID information in eID terminals is obtained, and then the eID information of acquisition is sent to eID unified certifications
Server is realized to eID certifications, without developing or calling special eID certification softwares, it is possible to increase eID
Certification speed, saves the system resource that operation eID certification softwares are consumed.
In an embodiment of the present invention, eID is authenticated can be under various the Internet, applications scenes,
Such as Account Logon, mobile payment, instant messaging, the present invention is without limitation.When application program is carried out
During mobile payment, eID certification requests can be asked to initiate by application program according to mobile payment;When application journey
When sequence carries out Internet chat, eID certification requests can be asked to initiate by application program according to Internet chat.
In order to further improve the level of security of certification, before eID certifications are carried out, can be to application program
EID certification authorities judged.As shown in Fig. 2 the eID of certification on mobile terminals of Fig. 1 displayings
Device 100 can also determine component 160 including eID certification authorities, with certification request receiving unit 110 and
Reader has adjusted component 120 to be coupled, and being suitable to have adjusted component 120 to adjust in reader can read eID ends
Before the reader of the eID information in the carrier of end, determine whether application program has the authority of eID certifications;
If so, then triggering reader has adjusted the execution of component 120 to adjust operation.
Further, prompt message formation component 170 can also be included in Fig. 2, is determined with eID certifications authority
Component 160 is coupled, if being suitable to authority of the application program without eID certifications, generation application program is not
The prompt message of the authority with eID certifications, and it is prompted to user.In another embodiment of the invention,
After the prompt message of authority of the generation application program without eID certifications of prompt message formation component 170,
Prompt message formation component 170 has been adjusted for rendering the component of webpage in browser kernel, by for rendering net
The component of page renders the Webpage comprising prompt message, and is supplied to user.
Further, when it is determined that whether application program has the authority of eID certifications, the invention provides one kind
Optional scheme, in this scenario, pre-sets an eID certification white lists, and tool is provided with the white list
Have the application program of the authority of eID certifications, can in eID certification white lists inquiry application, if looking into
Ask, it is determined that application program has the authority of eID certifications;If not inquiring, it is determined that application program is not
Authority with eID certifications.Here, eID certifications white list can be set by local user or high in the clouds takes
Business device rogue program storehouse is updated.
In the optional scheme of another kind that the present invention is provided, it is determined that whether application program has eID certifications
Authority when, can be determined by eID unified certifications server or apps server, i.e., to eID unite
Whether one certificate server or apps server transmission lookup application program have the authority of eID certifications
Request, determines according to eID unified certifications server or the lookup result of apps server return.
The birth of NFC (Near Field Communication, near-field communication) technology is on mobile terminal
Authentication brings new opportunity, and NFC is that a kind of mobile terminals such as mobile phone that are based on realize that near radio leads to
The technology of letter, it is allowed to the data transfer of contactless point-to-point (in ten centimetres) is carried out between electronic equipment,
Ensure that the privacy and security in information exchanging process.NFC information is by wireless frequency portion in frequency spectrum
The electromagnetic induction coupled modes transmission for dividing, the signal attenuation technique of uniqueness is taken due to NFC, relative to
NFC has apart near, band for RFID (Radio Frequency Identification, radio frequency identification)
High, the low feature of energy consumption wide.NFC is compatible with existing contactless smart card technology, has become obtain at present
The official standard that more and more leading firms support.
In an embodiment of the present invention, eID terminals can be the contactless eID based on NFC technique
Card, then reader is the NFC unit on mobile terminal.
EID cards can include information storage module, three modules of message processing module and information communication module,
Wherein, information storage module by the personal unique eID certificates of the memory storage on piece, private key and
PIN (Personal Identification Number, PIN) etc., and not comprising any identity letter
Breath (such as ID card information, telephone number), does not result in the leakage of personal information.Due to storing these
Space needed for information is smaller (such as 512KB-1024KB), the NFC chip that can write direct itself
On-chip memory in.
Message processing module, can include encryption chip and CPU, in passive power supply, before transmission information
The content stored on piece is encrypted using specific cryptographic algorithm, enciphering rate is fast, facilitates eID cards
Safety storage and convenient use.The Encryption Decryption module that directly can also be provided using NFC chip is added
It is close.EID cards based on NFC technique are a reading mode, are identified using specific label, and user can not change
Its content.
Information communication module, can include NFC chip and antenna, and antenna is except for transmitting corresponding data
Outward, while receiving the radiofrequency field of the NFC device generation of mobile terminal for digital processing is powered, it is ensured that eID
The complete procedure of the encryption of information and NFC communication unit transmitting and receiving datas on card.
User only needs to card is placed near mobile phone (within 10 centimetres) several seconds when using eID cards
The characteristics such as the reading of eID information, the distinctive safe and efficient convenience of NFC near-field communications can be completed and ensure that use
Experience at family.
Further, the NFC unit on mobile terminal reads the contactless eID cards based on NFC technique
In eID information, eID acquisition of information component 130 obtains eID information from NFC unit, and eID information recognizes
Card component 140 requires the prompting of input PIN, and the PIN of preliminary identification user input to user's display
Correctness, if the PIN of the continuous n times of user (e.g., 3 is inferior) input error, then lock corresponding eID
The function of card, after PIN is verified, the eID information that eID authentification of messages component 140 will be obtained sends
Authentification of message is carried out to eID unified certifications server.In such manner, it is possible to solving eID cards loses what is be likely to result in
The problem of eID information leakages.
After eID acquisition of information component 130 gets eID information from reader, eID authentification of message components
The eID information of acquisition is sent to eID unified certifications server and carries out authentification of message by 140.The present invention is implemented
The authentication result that example can be returned according to eID unified certifications server determines follow-up operation, i.e. in this hair
In a bright embodiment, as shown in Fig. 2 the device 100 of certification eID can also include on mobile terminals:
Authentication result processing assembly 180, is coupled with authentication result receiving unit 150, is suitable in certification knot
Fruit receiving unit 150 is received after the authentication result that eID unified certifications server is returned, and authentication result is entered
The treatment of row specify information form;
Authentication result output precision 190, is coupled with authentication result processing assembly 180, is suitable to after treatment
Authentication result return to application program, with after allowing the application to according to treatment authentication result determine
Whether follow-up business operation is performed.
Further, if authentication result is the expression successful result of certification, it is determined that perform follow-up business operation;
If conversely, authentication result is the result for representing authentification failure, it is determined that do not perform follow-up business operation.
The device of the eID of certification on mobile terminals being discussed in detail based on each embodiment above, based on same
Inventive concept, the embodiment of the present invention additionally provides a kind of method of the eID of certification on mobile terminals, the method
Be applied to browser kernel, and the browser kernel provides interface, have access to one of mobile terminal or
In multiple application programs.Fig. 3 shows certification eID on mobile terminals according to an embodiment of the invention
Method flow chart.As shown in figure 3, the method at least comprises the following steps S302 to step S306:
Step S302, receives the eID certification requests from application program, and having adjusted can read eID terminals
The reader of the eID information in carrier;
Step S304, obtains the eID information that reader reads from eID terminals;
Step S306, the eID information of acquisition is sent to eID unified certifications server carries out authentification of message,
And receive the authentication result of eID unified certifications server return.
In order to ensure secure and trusted, the personally identifiable information of user is not included in whole identifying procedure (such as
Identity card, telephone number etc.), the transmitting procedure of authentication information also uses the encryption mechanism of dual key system.
In an embodiment of the present invention, eID is authenticated can be under various the Internet, applications scenes,
Such as Account Logon, mobile payment, instant messaging, the present invention is without limitation.In above step S302
In, when application program moves payment, eID certification requests can be by application program according to mobile payment
Request is initiated;When application program carries out Internet chat, eID certification requests can be by application program according to net
Network chat request is initiated.
In order to further improve the level of security of certification, before eID certifications are carried out, can be to application program
EID certification authorities judged, i.e. in step S302 has been adjusted and can have been read eID terminals
Before the reader of eID information, determine whether application program has the authority of eID certifications;If so, then touching
Hair is performed and has adjusted operation.If conversely, authority of the application program without eID certifications, generates application program
The prompt message of the authority without eID certifications, will be prompted to information alert to user.
In another embodiment of the invention, in the prompting of authority of the generation application program without eID certifications
After information, can adjust for rendering the component of webpage in browser kernel, by the component for rendering webpage
The Webpage comprising prompt message is rendered, and is supplied to user.
Further, when it is determined that whether application program has the authority of eID certifications, the invention provides one kind
Optional scheme, in this scenario, pre-sets an eID certification white lists, and tool is provided with the white list
Have the application program of the authority of eID certifications, can in eID certification white lists inquiry application, if looking into
Ask, it is determined that application program has the authority of eID certifications;If not inquiring, it is determined that application program is not
Authority with eID certifications.Here, eID certifications white list can be set by local user or high in the clouds takes
Business device rogue program storehouse is updated.
In the optional scheme of another kind that the present invention is provided, it is determined that whether application program has eID certifications
Authority when, can be determined by eID unified certifications server or apps server, i.e., to eID unite
Whether one certificate server or apps server transmission lookup application program have the authority of eID certifications
Request, determines according to eID unified certifications server or the lookup result of apps server return.
In embodiments of the present invention, eID terminals can be the contactless eID based on NFC technique
Card, then reader is the NFC unit on mobile terminal.Introduction on NFC technique and eID cards can
So that referring to above, here is omitted.
User only needs to card is placed near mobile phone (within 10 centimetres) several seconds when using eID cards
The characteristics such as the reading of eID information, the distinctive safe and efficient convenience of NFC near-field communications can be completed and ensure that use
Experience at family.Now, in step s 304, the eID that can be read from eID cards with direct access NFC unit
Information.
Further, the NFC unit on mobile terminal reads the contactless eID cards based on NFC technique
In eID information, and then from NFC unit obtain eID information, now, to user display require input
The prompting of PIN, and the PIN of preliminary identification user input correctness, if the continuous n times of user are (e.g.,
3 is inferior) PIN of input error, then the function of corresponding eID cards is locked, after PIN is verified,
The eID information of acquisition is sent to eID unified certifications server carries out authentification of message.In such manner, it is possible to solve
EID cards lose the problem of the eID information leakages being likely to result in.
After step S306 receives the authentication result that eID unified certifications server is returned, the present invention is implemented
The authentication result that example can be returned according to eID unified certifications server determines follow-up operation.Fig. 4 shows
The flow chart of the method for the eID of certification on mobile terminals in accordance with another embodiment of the present invention.Such as Fig. 4 institutes
Show, the method at least comprises the following steps S402 to step S412.
Step S402, when the eID certification requests of the application program on mobile terminal are received, it is determined that using
Whether program has the authority of eID certifications, if so, then continuing executing with step S404;Conversely, then continuing to hold
Row step step S406.
In this step, determine whether the authority with eID certifications can utilize previously described to application program
EID certification white lists are determined, and here is omitted.
Step S404, has adjusted the NFC unit of the eID information that can be read in eID cards, continues executing with step
Rapid S408.
Step S406, the prompt message of authority of the generation application program without eID certifications, and it is prompted to use
Family, terminates this flow.
In this step, if user forces to carry out eID certifications, step S404 is continued executing with.
Step S408, obtains the eID information that NFC unit reads from eID cards.
Step S410, the eID information of acquisition is sent to eID unified certifications server carries out authentification of message,
And receive the authentication result of eID unified certifications server return.
In the step, authentification of message is carried out the eID information of acquisition is sent to eID unified certifications server
Before, the prompting of input PIN, and the PIN of preliminary identification user input can be required to user's display
Correctness, if the PIN of the continuous n times of user (e.g., 3 is inferior) input error, then lock corresponding eID
The function of card, after PIN is verified, the eID information of acquisition is sent to eID unified certification servers
Carry out authentification of message.In such manner, it is possible to solve the problems, such as that eID cards lose the eID information leakages being likely to result in.
Step S412, carries out the treatment of specify information form to authentication result, and by the authentication result after treatment
Application program is returned to, after determining whether to perform with the authentication result after allowing the application to according to treatment
Continuous business operation.
In this step, if authentication result is the expression successful result of certification, it is determined that perform follow-up business
Operation;If conversely, authentication result is the result for representing authentification failure, it is determined that do not perform follow-up business behaviour
Make.
In order to further improve safe class, the embodiment of the present invention performs follow-up in step S412 application programs
Business operation before, the window of generation prompting user input secure password, and then to the safety of user input
Password is verified, if being verified, performs follow-up business operation;If not passing through conversely, verifying,
Follow-up business operation is not performed then.
According to the combination of above-mentioned any one preferred embodiment or multiple preferred embodiments, embodiment of the present invention energy
Enough reach following beneficial effect:
The device of the eID of certification on mobile terminals provided in an embodiment of the present invention, positioned at browser kernel, should
Browser kernel provides interface, in having access to one or more application programs of mobile terminal so that each
Application program can carry out eID certifications using the said apparatus in browser kernel, can apply various
EID certification scenes, such as mobile payment, so as to improve the security of mobile payment.Also, it is of the invention real
The browser kernel that example can be accessed directly by application program itself is applied, the device of its certification eID is called,
The eID information in eID terminals is obtained, and then the eID information of acquisition is sent to eID unified certifications
Server is realized to eID certifications, without developing or calling special eID certification softwares, it is possible to increase eID
Certification speed, saves the system resource that operation eID certification softwares are consumed.
In specification mentioned herein, numerous specific details are set forth.It is to be appreciated, however, that this hair
Bright embodiment can be put into practice in the case of without these details.In some instances, not in detail
Known method, structure and technology are shown, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help understand one in each inventive aspect or
Multiple, in above to the description of exemplary embodiment of the invention, each feature of the invention is sometimes by one
Rise and be grouped into single embodiment, figure or descriptions thereof.However, should not be by the method for the disclosure
It is construed to reflect following intention:I.e. the present invention for required protection requirement ratio institute in each claim is clear and definite
The more features of feature of record.More precisely, as the following claims reflect, hair
Bright aspect is all features less than single embodiment disclosed above.Therefore, it then follows specific embodiment
Claims be thus expressly incorporated in the specific embodiment, wherein each claim conduct in itself
Separate embodiments of the invention.
Those skilled in the art be appreciated that the module in the equipment in embodiment can be carried out it is adaptive
Change to answering property and they are arranged in one or more equipment different from the embodiment.Can be reality
Apply module or unit or component in example and be combined into a module or unit or component, and in addition can be it
Be divided into multiple submodule or subelement or sub-component.Except in such feature and/or process or unit
It is at least some exclude each other outside, can using any combinations to this specification (including adjoint right will
Ask, make a summary and accompanying drawing) disclosed in all features and so disclosed any method or equipment it is all
Process or unit are combined.Unless expressly stated otherwise, this specification (including adjoint claim,
Summary and accompanying drawing) disclosed in each feature can or similar purpose identical, equivalent by offer alternative features
To replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other
Some included features are rather than further feature, but the combination meaning of the feature of different embodiments in embodiment
Taste and is within the scope of the present invention and is formed different embodiments.For example, in detail in the claims,
The one of any of embodiment required for protection mode can use in any combination.
All parts embodiment of the invention can realize with hardware, or with one or more processor
The software module of upper operation is realized, or is realized with combinations thereof.It will be understood by those of skill in the art that
Can be realized using microprocessor or digital signal processor (DSP) in practice according to of the invention real
The some or all work(of some or all parts in the device of the eID of certification on mobile terminals for applying example
Energy.The present invention is also implemented as some or all equipment for performing method as described herein
Or program of device (for example, computer program and computer program product).It is such realize it is of the invention
Program can be stored on a computer-readable medium, or can have the form of one or more signal.
Such signal can be downloaded from internet website and obtained, or be provided on carrier signal, or to appoint
What other forms is provided.
It should be noted that above-described embodiment the present invention will be described rather than limiting the invention, and
And those skilled in the art can design replacement implementation without departing from the scope of the appended claims
Example.In the claims, any reference symbol being located between bracket should not be configured to claim
Limitation.Word "comprising" does not exclude the presence of element or step not listed in the claims.Positioned at element it
Preceding word "a" or "an" does not exclude the presence of element as multiple.The present invention can be by means of bag
Include the hardware of some different elements and realized by means of properly programmed computer.It is some listing
In the unit claim of device, several in these devices can be come specific by same hardware branch
Embody.The use of word first, second, and third does not indicate that any order.Can be by these word solutions
It is interpreted as title.
So far, although those skilled in the art will appreciate that herein it is detailed have shown and described it is of the invention
Multiple exemplary embodiments, but, without departing from the spirit and scope of the present invention, still can be according to this
Disclosure of invention directly determines or derives many other variations or modifications for meeting the principle of the invention.Cause
This, the scope of the invention should be understood and defined as covering all these other variations or modifications.
The embodiment of the invention also discloses:A1, a kind of device of the eID of certification on mobile terminals, positioned at clear
Look at device kernel, the browser kernel is accessed in the application program of the mobile terminal, and described device includes:
Certification request receiving unit, is suitable to receive the eID certification requests from the application program;
Reader has adjusted component, is suitable to adjust the reader of the eID information that can be read in eID terminals;
EID acquisition of information components, are suitable to obtain the eID information that the reader reads from eID terminals;
EID authentification of message components, are suitable to send the eID information for obtaining to eID unified certifications service
Device carries out authentification of message;
Authentication result receiving unit, is suitable to receive the authentication result that the eID unified certifications server is returned.
A2, the device according to A1, wherein, the eID certification requests by the application program according to
Mobile payment request is initiated.
A3, the device according to A1 or A2, wherein, also include:
EID certification authorities determine component, and being suitable to have adjusted component to adjust in the reader can read eID ends
Before the reader of the eID information in the carrier of end, determine whether the application program has the power of eID certifications
Limit;Operation has been adjusted if so, then triggering the reader and having adjusted component to perform.
A4, the device according to A3, wherein, the eID certifications authority determines that component is further adapted for:
The application program is inquired about in eID certification white lists;
If inquiring, it is determined that the application program has the authority of eID certifications;
If not inquiring, it is determined that authority of the application program without eID certifications.
A5, the device according to A4, wherein, also include:
Prompt message formation component, if being suitable to the eID certifications authority determines that component determines the application program
Authority without eID certifications, then generate the prompting letter of authority of the application program without eID certifications
Breath, and it is prompted to user.
A6, according to A5 described devices, wherein, the prompt message formation component is further adapted for:
After the prompt message for generating authority of the application program without eID certifications, described browsing has been adjusted
It is used to render the component of webpage in device kernel, is rendered comprising the prompting for rendering the component of webpage by described
The Webpage of information, and it is supplied to user.
A7, the device according to any one of A1-A6, wherein, also include:
Authentication result processing assembly, is suitable to receive the eID unified certifications in the authentication result receiving unit
After the authentication result that server is returned, the treatment of specify information form is carried out to the authentication result;
Authentication result output precision, the authentication result after being suitable to treatment returns to the application program,
To enable that the application program determines whether that performing follow-up business grasps according to the authentication result after treatment
Make.
A8, the device according to any one of A1-A7, wherein, the eID terminals are based on NFC
The contactless eID cards of technology, the reader is the NFC unit on the mobile terminal.
A9, the device according to any one of A1-A8, wherein, each component is in the browser kernel
Newly-increased component.
B10, a kind of method of the eID of certification on mobile terminals, are applied to browser kernel, described to browse
Device kernel is accessed in the application program of the mobile terminal, and methods described includes:
The eID certification requests from the application program are received, has been adjusted in can reading eID terminals
The reader of eID information;
Obtain the eID information that the reader reads from eID terminals;
The eID information for obtaining is sent to eID unified certifications server carries out authentification of message, and receives
The authentication result that the eID unified certifications server is returned.
B11, the method according to B10, wherein, the eID certification requests are by the application program root
Ask to initiate according to mobile payment.
B12, the method according to B10 or B11, wherein, can read eID terminals having adjusted
In eID information reader before, methods described also includes:
Determine whether the application program has the authority of eID certifications;
If so, then operation has been adjusted in triggering execution.
B13, the method according to B12, wherein it is determined that whether the application program has eID certifications
Authority, including:
The application program is inquired about in eID certification white lists;
If inquiring, it is determined that the application program has the authority of eID certifications;
If not inquiring, it is determined that authority of the application program without eID certifications.
B14, the method according to B13, wherein, also include:
If it is determined that authority of the application program without eID certifications, then generate the application program and do not have
The prompt message of the authority of eID certifications;
The prompt message is prompted to user.
B15, the method according to B14, wherein, the prompt message is prompted to user, including:
Adjust for rendering the component of webpage in the browser kernel, by the component for rendering webpage
The Webpage comprising the prompt message is rendered, and is supplied to user.
B16, the method according to any one of B10-B15, wherein, receiving the eID unified certifications
After the authentication result that server is returned, also include:
The treatment of specify information form is carried out to the authentication result;
The authentication result after by treatment returns to the application program, to enable the application program
Determined whether to perform follow-up business operation according to the authentication result after treatment.
B17, the method according to any one of B10-B16, wherein, the eID terminals be based on
The contactless eID cards of NFC technique, the reader is the NFC unit on the mobile terminal.
B18, the method according to any one of B10-B17, wherein, the browser kernel is to be based on opening
The browser rendering engine of source Webkit depth optimizations.
Claims (10)
1. a kind of device of the eID of certification on mobile terminals, positioned at browser kernel, in the browser
Core is accessed in the application program of the mobile terminal, and described device includes:
Certification request receiving unit, is suitable to receive the eID certification requests from the application program;
Reader has adjusted component, is suitable to adjust the reader of the eID information that can be read in eID terminals;
EID acquisition of information components, are suitable to obtain the eID information that the reader reads from eID terminals;
EID authentification of message components, are suitable to send the eID information for obtaining to eID unified certifications service
Device carries out authentification of message;
Authentication result receiving unit, is suitable to receive the authentication result that the eID unified certifications server is returned.
2. device according to claim 1, wherein, the eID certification requests are by the application journey
Sequence asks to initiate according to mobile payment.
3. device according to claim 1 and 2, wherein, also include:
EID certification authorities determine component, and being suitable to have adjusted component to adjust in the reader can read eID ends
Before the reader of the eID information in the carrier of end, determine whether the application program has the power of eID certifications
Limit;Operation has been adjusted if so, then triggering the reader and having adjusted component to perform.
4. device according to claim 3, wherein, the eID certifications authority determines that component is also fitted
In:
The application program is inquired about in eID certification white lists;
If inquiring, it is determined that the application program has the authority of eID certifications;
If not inquiring, it is determined that authority of the application program without eID certifications.
5. device according to claim 4, wherein, also include:
Prompt message formation component, if being suitable to the eID certifications authority determines that component determines the application program
Authority without eID certifications, then generate the prompting letter of authority of the application program without eID certifications
Breath, and it is prompted to user.
6. device according to claim 5, wherein, the prompt message formation component is further adapted for:
After the prompt message for generating authority of the application program without eID certifications, described browsing has been adjusted
It is used to render the component of webpage in device kernel, is rendered comprising the prompting for rendering the component of webpage by described
The Webpage of information, and it is supplied to user.
7. the device according to claim any one of 1-6, wherein, also include:
Authentication result processing assembly, is suitable to receive the eID unified certifications in the authentication result receiving unit
After the authentication result that server is returned, the treatment of specify information form is carried out to the authentication result;
Authentication result output precision, the authentication result after being suitable to treatment returns to the application program,
To enable that the application program determines whether that performing follow-up business grasps according to the authentication result after treatment
Make.
8. the device according to claim any one of 1-7, wherein, the eID terminals be based on
The contactless eID cards of NFC technique, the reader is the NFC unit on the mobile terminal.
9. the device according to claim any one of 1-8, wherein, each component is the browser kernel
In increase newly component.
10. a kind of method of the eID of certification on mobile terminals, is applied to browser kernel, the browser
Kernel is accessed in the application program of the mobile terminal, and methods described includes:
The eID certification requests from the application program are received, has been adjusted in can reading eID terminals
The reader of eID information;
Obtain the eID information that the reader reads from eID terminals;
The eID information for obtaining is sent to eID unified certifications server carries out authentification of message, and receives
The authentication result that the eID unified certifications server is returned.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510779655.8A CN106713232A (en) | 2015-11-13 | 2015-11-13 | Device and method of authenticating eID on mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510779655.8A CN106713232A (en) | 2015-11-13 | 2015-11-13 | Device and method of authenticating eID on mobile terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106713232A true CN106713232A (en) | 2017-05-24 |
Family
ID=58931847
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510779655.8A Pending CN106713232A (en) | 2015-11-13 | 2015-11-13 | Device and method of authenticating eID on mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106713232A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080168118A1 (en) * | 2006-08-10 | 2008-07-10 | Avocent Huntsville Corporation | USB based virtualized media system |
| CN103259667A (en) * | 2013-06-07 | 2013-08-21 | 北京邮电大学 | Method and system for eID authentication on mobile terminal |
| CN103366111A (en) * | 2013-07-10 | 2013-10-23 | 公安部第三研究所 | Two-dimensional code based method for realizing extended authentication control of smart card on mobile equipment |
| US20140040975A1 (en) * | 2009-01-28 | 2014-02-06 | Headwater Partners I Llc | Virtualized Policy & Charging System |
| CN104243461A (en) * | 2014-09-04 | 2014-12-24 | 大唐微电子技术有限公司 | Mobile terminal network security authentication method, whole SD card and mobile terminal |
| CN104506509A (en) * | 2014-12-15 | 2015-04-08 | 广东汇卡商务服务有限公司 | Multifunctional security authentication terminal and authentication method based on terminal |
| CN105791279A (en) * | 2016-02-29 | 2016-07-20 | 中国人民解放军信息工程大学 | Mimic SDN controller construction method |
-
2015
- 2015-11-13 CN CN201510779655.8A patent/CN106713232A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080168118A1 (en) * | 2006-08-10 | 2008-07-10 | Avocent Huntsville Corporation | USB based virtualized media system |
| US20140040975A1 (en) * | 2009-01-28 | 2014-02-06 | Headwater Partners I Llc | Virtualized Policy & Charging System |
| CN103259667A (en) * | 2013-06-07 | 2013-08-21 | 北京邮电大学 | Method and system for eID authentication on mobile terminal |
| CN103366111A (en) * | 2013-07-10 | 2013-10-23 | 公安部第三研究所 | Two-dimensional code based method for realizing extended authentication control of smart card on mobile equipment |
| CN104243461A (en) * | 2014-09-04 | 2014-12-24 | 大唐微电子技术有限公司 | Mobile terminal network security authentication method, whole SD card and mobile terminal |
| CN104506509A (en) * | 2014-12-15 | 2015-04-08 | 广东汇卡商务服务有限公司 | Multifunctional security authentication terminal and authentication method based on terminal |
| CN105791279A (en) * | 2016-02-29 | 2016-07-20 | 中国人民解放军信息工程大学 | Mimic SDN controller construction method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103259667B (en) | The method and system of eID authentication on mobile terminal | |
| CN106161359B (en) | It authenticates the method and device of user, register the method and device of wearable device | |
| CA2838763C (en) | Credential authentication methods and systems | |
| US9979703B2 (en) | Updating software on a secure element | |
| CN113711211A (en) | First-factor contactless card authentication system and method | |
| CN106658493A (en) | Key management method, device and system | |
| CN104662864A (en) | User-convenient authentication method and apparatus using a mobile authentication application | |
| CN107231331A (en) | Obtain, issue the implementation method and device of electronic certificate | |
| JP2022502888A (en) | Systems and methods for cryptographic authentication of non-contact cards | |
| KR101125088B1 (en) | System and Method for Authenticating User, Server for Authenticating User and Recording Medium | |
| CN109660353A (en) | A kind of application program installation method and device | |
| CN115668180A (en) | Application-based point-of-sale system in mobile operating system | |
| CN106779672A (en) | The method and device that mobile terminal safety pays | |
| CN106779711A (en) | Safe payment method and device based on eID | |
| CN107294988A (en) | A kind of auth method and its system based on bank's identity information and eID | |
| CN108234125A (en) | For the system and method for authentication | |
| CN106776621A (en) | Generate the method and device of bill | |
| JP2015228570A (en) | Authentication system and portable communication terminal | |
| CN106713231A (en) | Browser for authenticating eID and method thereof | |
| CN106713232A (en) | Device and method of authenticating eID on mobile terminal | |
| CN108270741A (en) | Mobile terminal authentication method and system | |
| CN106789838A (en) | The method and device of the management account based on eID | |
| US11620646B2 (en) | Method for carrying out a transaction, terminal, server and corresponding computer program | |
| CN106789839A (en) | The method and device that mobile terminal safety pays | |
| da Fonte | Host Card Emulation with Tokenisation: Security Risk Assessments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170524 |
|
| RJ01 | Rejection of invention patent application after publication |