CN106899551A - Authentication method, certification terminal and system - Google Patents

Authentication method, certification terminal and system Download PDF

Info

Publication number
CN106899551A
CN106899551A CN201510961755.2A CN201510961755A CN106899551A CN 106899551 A CN106899551 A CN 106899551A CN 201510961755 A CN201510961755 A CN 201510961755A CN 106899551 A CN106899551 A CN 106899551A
Authority
CN
China
Prior art keywords
trusted application
transaction information
shield
sent
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510961755.2A
Other languages
Chinese (zh)
Other versions
CN106899551B (en
Inventor
张湘东
张文安
黄泽龙
李庆艳
李洪波
杨光
杨豫湘
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201510961755.2A priority Critical patent/CN106899551B/en
Publication of CN106899551A publication Critical patent/CN106899551A/en
Application granted granted Critical
Publication of CN106899551B publication Critical patent/CN106899551B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses a kind of authentication method, certification terminal and system, it is related to mobile internet technical field.The method includes:Bio-identification trusted application receives checking request and the Transaction Information that applications client sends, and user identity is authenticated by biological information, if certification success, Transaction Information is sent to U-shield trusted application;U-shield trusted application sends key and carries out authentication to U-shield module, if be proved to be successful, Transaction Information is sent to U-shield module, and U-shield module is signed and returned to Transaction Information;Bio-identification trusted application and U-shield trusted application are respectively positioned in the credible performing environment of terminal, the key outside inaccessible of U-shield trusted application.The present invention realizes effective combination of biometric authentication technology and U-shield technology in terminal, make the integration in flow of two kinds of technologies, it is to avoid by the possibility of middle attack, while solving the problems, such as password authentification, user improves the security and convenience of move transaction using more facilitating.

Description

Authentication method, certification terminal and system
Technical field
The present invention relates to mobile internet technical field, more particularly to a kind of authentication method, certification Terminal and system.
Background technology
With mobile Internet high speed development, mobile terminal transaction security faces increasing prestige The side of body, it would be highly desirable to safe to use and experience good technical approach and solve.
With the release and the upgrading of associated terminal or tabulating equipment of operator's mobile phone wallet business, Have been able to use SIM (Subscriber Identity Module, client identification module) at present Card or UIM (User Identify Module, subscriber identification module) cards realize mobile phone U-shield Business, multiple Application Certificates can be stored on SIM or UIM cards, complete mobile branch Pay the signature authentication for waiting transaction.Meanwhile, the user identity identification technology of mobile phone terminal is particularly given birth to Thing identification authentication techniques are increasingly mature, for example, replace Password Input using modes such as fingerprints, greatly Simplify authentication operation of the user in process of exchange so that more convenient when user is paid.
However, in actual application, mobile phone U-shield needs input PIN (Personal Identification Number, personal recognition code) code, troublesome poeration, password easily lets out Leakage;The technologies such as fingerprint recognition are easy to use, but are only capable of testing user identity in mobile terminal Card, it is impossible to subscriber authentication is completed between server end.If simply two schemes are folded Plus, then there is problems with:Replace Password Input using fingerprint identification technology, but in mobile phone In U-shield scheme, the verification of PIN code is the precondition for performing signature operation, otherwise card meeting Think that safety condition is unsatisfactory for, do not allow to perform signature operation.Therefore how PIN code is realized Replacement is a key.Also, the processes such as mobile phone U-shield and finger print identifying be it is separate, Fingerprint recognition is returned only to whether finger print identifying succeeds, and calling mobile phone U is accomplished to from fingerprint recognition Shield carries out signature pilot process and is easily tampered with or counterfeit.
The content of the invention
An embodiment of the present invention technical problem to be solved is:How to be realized in terminal biological The effective integration of identification authentication techniques and U-shield technology.
One side according to embodiments of the present invention, there is provided a kind of authentication method, including:It is biological Identification trusted application (Trusted Application, TA) passes through application client in response to user The checking request and Transaction Information for sending are held, user identity is recognized by biological information Card, if certification success, Transaction Information is sent to U-shield trusted application;U-shield trusted application connects The Transaction Information that bio-identification trusted application sends is received, sending key to U-shield module carries out identity Checking, if be proved to be successful, sends Transaction Information, so as to U-shield module pair to U-shield module Transaction Information is signed and is returned;U-shield trusted application receives the Transaction Information after signature, and Applications client is transmitted to by bio-identification trusted application;Wherein, bio-identification trusted application With credible performing environment (the Trusted Execution that U-shield trusted application is respectively positioned on terminal Environment, TEE) in, the key outside inaccessible of U-shield trusted application.
In one embodiment, bio-identification trusted application is fingerprint trusted application;Fingerprint is credible Using the checking request and Transaction Information that are sent by applications client in response to user, by with The fingerprint of family input is authenticated to user identity, if certification success, to U-shield trusted application Send Transaction Information;Or, bio-identification trusted application is iris trusted application;Iris is credible Using the checking request and Transaction Information that are sent by applications client in response to user, by with The iris information of family input is authenticated to user identity, if certification success, credible to U-shield Using transmission Transaction Information;Or, bio-identification trusted application is face trusted application;Face Checking request and Transaction Information that trusted application is sent in response to user by applications client, lead to The facial information for crossing user input is authenticated to user identity, if certification success, to U-shield Trusted application sends Transaction Information.
In one embodiment, U-shield module is signed using private key for user to Transaction Information; Authentication method also includes:After server receives the Transaction Information and signature of applications client transmission Transaction Information, is decrypted using client public key to the Transaction Information after signature, and decryption is tied Fruit is compared with Transaction Information, and transaction is effective if consistent.
In one embodiment, Transaction Information includes transaction critical data.
In one embodiment, terminal is mobile phone, and U-shield module is arranged in Mobile phone card.
Second aspect according to embodiments of the present invention, there is provided a kind of certification terminal, including:It is raw Thing recognizes trusted application, for the checking request that is sent by applications client in response to user with Transaction Information, is authenticated by biological information to user identity, if certification success, Transaction Information is sent to U-shield trusted application;U-shield trusted application, can for receiving bio-identification The Transaction Information that letter application sends, sending key to U-shield module carries out authentication, if tested Demonstrate,prove successfully, then Transaction Information is sent to U-shield module, so that U-shield module is carried out to Transaction Information Sign and return;And for receiving the Transaction Information after signature, by bio-identification trusted application It is transmitted to applications client;Wherein, bio-identification trusted application and U-shield trusted application are respectively positioned on In the credible performing environment of terminal, the key outside inaccessible of U-shield trusted application.
In one embodiment, bio-identification trusted application is fingerprint trusted application;Fingerprint is credible Using, for the checking request and Transaction Information that are sent by applications client in response to user, User identity is authenticated by the fingerprint of user input, if certification success, can to U-shield Letter application sends Transaction Information;Or, bio-identification trusted application is iris trusted application;Rainbow Film trusted application, for the checking request sent by applications client in response to user and transaction Information, is authenticated by the iris information of user input to user identity, if certification success, Transaction Information is sent to U-shield trusted application;Or, bio-identification trusted application is credible face Using;Face trusted application, for being asked by the checking that applications client sends in response to user Summation Transaction Information, is authenticated by the facial information of user input to user identity, if Certification success, Transaction Information is sent to U-shield trusted application.
In one embodiment, U-shield module, for being carried out to Transaction Information using private key for user Signature.
In one embodiment, Transaction Information includes transaction critical data.
In one embodiment, terminal is mobile phone, and U-shield module is arranged in Mobile phone card.
The 3rd aspect according to embodiments of the present invention, there is provided a kind of Verification System, it is including foregoing Certification terminal and server in any one embodiment;Server, for receiving applications client Transaction Information after the Transaction Information and signature of transmission, using client public key to the transaction after signature Information is decrypted, and decrypted result is compared with Transaction Information, is concluded the business if consistent Effectively.
The present invention, and can by bio-identification trusted application and U-shield by introducing credible performing environment Letter application is both placed in credible performing environment so that authentication and transaction authentication are credible Completed in environment, so as to realize that biometric authentication technology and the effective of U-shield technology are melted in terminal Close, make the integration in flow of two kinds of technologies, it is to avoid by the possibility of middle attack, while using special Key substitutes PIN checkings, solves the problems, such as password authentification, and user uses and more facilitates, Improve the security and convenience of move transaction.
By referring to the drawings to the detailed description of exemplary embodiment of the invention, the present invention Further feature and its advantage will be made apparent from.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will The accompanying drawing to be used needed for embodiment or description of the prior art is briefly described, it is clear that Ground, drawings in the following description are only some embodiments of the present invention, for the common skill in this area For art personnel, on the premise of not paying creative work, can also be obtained according to these accompanying drawings Other accompanying drawings.
Fig. 1 shows the application schematic diagram of the authentication method of the disclosure.
Fig. 2 shows the schematic flow sheet of the authentication method of the exemplary embodiment of the disclosure.
Fig. 3 shows the structural representation of the certification terminal of the exemplary embodiment of the disclosure.
Fig. 4 shows the structural representation of the Verification System of the exemplary embodiment of the disclosure.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical scheme in the embodiment of the present invention It is clearly and completely described, it is clear that described embodiment is only a real part of the invention Example is applied, rather than whole embodiments.Below to the description reality of at least one exemplary embodiment It is merely illustrative on border, never as to the present invention and its application or any limitation for using. Based on the embodiment in the present invention, those of ordinary skill in the art are not before creative work is made The every other embodiment for being obtained is put, the scope of protection of the invention is belonged to.
For how realizing the effective integration of user identity identification and U-shield function in terminal, and protect The problem of the security of transaction is demonstrate,proved, this programme is proposed.With reference to Fig. 1 to of the invention substantially square Case is described.
As shown in figure 1, the present invention is by introducing credible performing environment, and by bio-identification is credible should It is both placed in credible performing environment with (by taking fingerprint identification technology as an example) and U-shield trusted application, So that authentication and transaction authentication are completed in trusted context, so as to realize life in terminal Thing recognizes the effective integration of authentication techniques and U-shield technology, makes the integration in flow of two kinds of technologies, Avoid by the possibility of middle attack, while substitute PIN using special key verifying, solve close Code validation problem, and user improves the security and facility of move transaction using more facilitating Property.Verification process is detailed below.
One embodiment of authentication method of the present invention is described with reference to Fig. 2.
Fig. 2 is the flow chart of authentication method one embodiment of the present invention.As shown in Fig. 2 the implementation The method of example includes:
Step S202, applications client sends checking request and friendship to bio-identification trusted application Easy information, accordingly, bio-identification trusted application receives what user was sent by applications client Checking request and Transaction Information.
Wherein, applications client is, for example, application program for being installed on mobile phone terminal etc..Using Client sends checking request and transaction by user authentication interface to bio-identification trusted application Information.Transaction Information be by application side's self-defining, be in process of exchange client need to The transaction critical data of server transmission, such as tradable commodity numbering, quantity, amount of money etc. can It is transmitted with the form of binary data blocks.Bio-identification trusted application is used for user Identity verified, the information for representing user's bodily movement of practising Wushu is carried in the checking request of reception, Such as fingerprint, iris, sound, facial information etc..Bio-identification trusted application is arranged at terminal Credible performing environment in, user shifts to an earlier date typing and is stored in this for the information of identifying user identity In credible performing environment, such as fingerprint, iris, sound, facial information etc., it is impossible to outside Access and distort, it is ensured that the reliability and security of checking.
Step S204, bio-identification trusted application is sent in response to user by applications client Checking request and Transaction Information, user identity is authenticated by biological information.Such as Fruit certification success, then perform step S206.
Wherein, bio-identification trusted application will be carried for representing user's bodily movement of practising Wushu in checking request Information compare with the information being stored in credible performing environment and can verify that the body of user Part.For example, bio-identification trusted application is fingerprint trusted application, then user is needed to believe fingerprint Breath typing and is stored in credible performing environment when initial, when checking user identity is needed, User input fingerprint, applications client carries the finger print information of user in fingerprint trusted application, Fingerprint trusted application is contrasted the finger print information in checking request with the finger print information for preserving Can verify that the identity of user.Bio-identification trusted application can also be iris trusted application, people Face trusted application or sound trusted application etc., by recognizing the intrinsic physiology of human body or behavior etc. Feature is verified to the identity of user, but is not limited to examples cited.
Step S206, bio-identification trusted application sends Transaction Information to U-shield trusted application, Accordingly, U-shield trusted application receives the Transaction Information that bio-identification trusted application sends.
Wherein, U-shield trusted application is arranged in the credible performing environment of terminal.
Step S208, U-shield trusted application sends key and carries out authentication to U-shield module, If be proved to be successful, step S210 is performed.
Wherein, U-shield module can be included in Mobile phone card such as SIM or UIM cards etc., The function of mobile phone U-shield is realized, U-shield module can also be arranged at other and can realize U-shield work( In the device of energy.Key storage by outside access or can not be distorted in credible performing environment, U Shield trusted application carries out authentication using key to U-shield module, can be adjusted after being proved to be successful With the data signature interface of U-shield module.
Step S210, U-shield trusted application sends Transaction Information, corresponding U to U-shield module Shield module receives Transaction Information.
Step S212, U-shield module Transaction Information is signed and returned to U-shield it is credible should With.
Wherein, U-shield module is signed using private key for user to Transaction Information.
Step S214, U-shield trusted application receives the Transaction Information after signature, and by biology Identification trusted application is transmitted to applications client.
Transaction Information after Transaction Information and signature is sent to clothes by step S216, applications client The validity of business device checking transaction.
Wherein, server receives the transaction letter after the Transaction Information and signature of applications client transmission Breath, is decrypted using client public key to the Transaction Information after signature, and by decrypted result and is handed over Easy information is compared, and transaction is effective if consistent.
The method of above-described embodiment by introducing credible performing environment, and by bio-identification trusted application It is both placed in credible performing environment with U-shield trusted application so that authentication and transaction authentication Completed in trusted context, so as to realize biometric authentication technology and U-shield technology in terminal Effective integration, make the integration in flow of two kinds of technologies, it is to avoid by the possibility of middle attack, together When substitute PIN using special key and verify, solve the problems, such as password authentification, and user uses More facilitate, improve the security and convenience of move transaction.
The present invention also provides a kind of certification terminal, is described with reference to Fig. 3.
Fig. 3 is the structure chart of certification terminal one embodiment of the present invention.As shown in figure 3, the certification Terminal 30 includes:Applications client 302, bio-identification trusted application 304, U-shield trusted application 306 and U-shield module 308.
Bio-identification trusted application 304, for being sent out by applications client 302 in response to user The checking request and Transaction Information sent, are authenticated by biological information to user identity, If certification success, Transaction Information is sent to U-shield trusted application 306.
U-shield trusted application 306, the transaction for receiving the transmission of bio-identification trusted application 304 Information, sending key to U-shield module 308 carries out authentication, if be proved to be successful, to U-shield module 308 sends Transaction Information, so that U-shield module 308 is signed to Transaction Information And return;And for receiving the Transaction Information after signature, by bio-identification trusted application 304 It is transmitted to applications client 302.
Wherein, bio-identification trusted application 304 and U-shield trusted application 306 are respectively positioned on terminal Can be the software function module for accessing credible performing environment in credible performing environment.U-shield can The key outside inaccessible of letter application 306.U-shield module 308, for using private key for user Transaction Information is signed.When terminal is mobile phone, U-shield module 308 can be arranged at mobile phone In card, it is also possible to be arranged in the device that other can realize U-shield function.
Wherein, bio-identification trusted application 304 can be fingerprint trusted application;Fingerprint is credible should With, for the checking request and Transaction Information that are sent by applications client in response to user, lead to The fingerprint for crossing user input is authenticated to user identity, if certification success, credible to U-shield Using transmission Transaction Information;Or, bio-identification trusted application 304 is iris trusted application; Iris trusted application, for the checking request sent by applications client in response to user and friendship Easy information, is authenticated by the iris information of user input to user identity, if certification into Work(, Transaction Information is sent to U-shield trusted application;Or, bio-identification trusted application 304 is Face trusted application;Face trusted application, for being sent by applications client in response to user Checking request and Transaction Information, user identity is recognized by the facial information of user input Card, if certification success, Transaction Information is sent to U-shield trusted application.Bio-identification is credible should With for sound trusted application etc., but examples cited can also be not limited to.
Wherein, it, by application side's self-defining, is client need in process of exchange that Transaction Information is The transaction critical data to be transmitted to server, such as tradable commodity numbering, quantity, amount of money etc., Can be transmitted in the form of binary data blocks.
The present invention also provides a kind of Verification System, is described with reference to Fig. 4.
Fig. 4 is the structure chart of present inventive verification system one embodiment.As shown in figure 4, the certification System 40 includes:Certification terminal 30 and server 402 in foregoing any one embodiment.
Wherein, server 402, for receive applications client 302 transmission Transaction Information and Transaction Information after signature, is decrypted using client public key to the Transaction Information after signature, and Decrypted result is compared with Transaction Information, transaction is effective if consistent.
One of ordinary skill in the art will appreciate that realizing that all or part of step of above-described embodiment can To be completed by hardware, it is also possible to instruct the hardware of correlation to complete by program, described journey Sequence can be stored in a kind of computer-readable recording medium, and storage medium mentioned above can be Read-only storage, disk or CD etc..
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, it is all at this Within the spirit and principle of invention, any modification, equivalent substitution and improvements made etc. all should be wrapped It is contained within protection scope of the present invention.

Claims (11)

1. a kind of authentication method, it is characterised in that including:
Checking request that bio-identification trusted application is sent by applications client in response to user and Transaction Information, is authenticated by biological information to user identity, if certification success, The Transaction Information is sent to U-shield trusted application;
U-shield trusted application receives the Transaction Information that bio-identification trusted application sends, to U Shield module sends key and carries out authentication, if be proved to be successful, institute is sent to U-shield module Transaction Information is stated, so that U-shield module is signed and returned to the Transaction Information;
U-shield trusted application receives the Transaction Information after signature, and by bio-identification trusted application It is transmitted to applications client;
Wherein, bio-identification trusted application and U-shield trusted application are respectively positioned on the credible execution of terminal In environment, the key outside inaccessible of U-shield trusted application.
2. method according to claim 1, it is characterised in that wherein, it is described biological to know Other trusted application is fingerprint trusted application;
Checking request and transaction that fingerprint trusted application is sent in response to user by applications client Information, is authenticated by the fingerprint of user input to user identity, if certification success, to U-shield trusted application sends the Transaction Information;
Or, the bio-identification trusted application is iris trusted application;
Checking request and transaction that iris trusted application is sent in response to user by applications client Information, is authenticated by the iris information of user input to user identity, if certification success, The Transaction Information is sent to U-shield trusted application;
Or, the bio-identification trusted application is face trusted application;
Checking request and transaction that face trusted application is sent in response to user by applications client Information, is authenticated by the facial information of user input to user identity, if certification success, The Transaction Information is sent to U-shield trusted application.
3. method according to claim 1, it is characterised in that wherein, U-shield module makes The Transaction Information is signed with private key for user;
Methods described also includes:
Server receives the Transaction Information after the Transaction Information and signature of applications client transmission, The Transaction Information after signature is decrypted using client public key, and by decrypted result and the friendship Easy information is compared, and transaction is effective if consistent.
4. the method according to claim any one of 1-3, it is characterised in that wherein, institute Stating Transaction Information includes transaction critical data.
5. the method according to claim any one of 1-3, wherein, the terminal is mobile phone, U-shield module is arranged in Mobile phone card.
6. a kind of certification terminal, it is characterised in that including:
Bio-identification trusted application, for the checking sent by applications client in response to user Request and Transaction Information, are authenticated, if certification by biological information to user identity Success, the Transaction Information is sent to U-shield trusted application;
U-shield trusted application, the Transaction Information for receiving the transmission of bio-identification trusted application, Sending key to U-shield module carries out authentication, if be proved to be successful, is sent out to U-shield module The Transaction Information is sent, so that U-shield module is signed and returned to the Transaction Information;And For receiving the Transaction Information after signature, application client is transmitted to by bio-identification trusted application End;
Wherein, bio-identification trusted application and U-shield trusted application are respectively positioned on the credible execution of terminal In environment, the key outside inaccessible of U-shield trusted application.
7. terminal according to claim 6, it is characterised in that
Wherein, the bio-identification trusted application is fingerprint trusted application;
Fingerprint trusted application, for the checking request sent by applications client in response to user And Transaction Information, user identity is authenticated by the fingerprint of user input, if certification into Work(, the Transaction Information is sent to U-shield trusted application;
Or, the bio-identification trusted application is iris trusted application;
Iris trusted application, for the checking request sent by applications client in response to user And Transaction Information, user identity is authenticated by the iris information of user input, if recognized Demonstrate,prove successfully, the Transaction Information is sent to U-shield trusted application;
Or, the bio-identification trusted application is face trusted application;
Face trusted application, for the checking request sent by applications client in response to user And Transaction Information, user identity is authenticated by the facial information of user input, if recognized Demonstrate,prove successfully, the Transaction Information is sent to U-shield trusted application.
8. terminal according to claim 6, it is characterised in that wherein, U-shield module, For being signed to the Transaction Information using private key for user.
9. the terminal according to claim any one of 6-8, it is characterised in that wherein, institute Stating Transaction Information includes transaction critical data.
10. the terminal according to claim any one of 6-8, it is characterised in that wherein, The terminal is mobile phone, and U-shield module is arranged in Mobile phone card.
11. a kind of Verification Systems, it is characterised in that including described in claim any one of 6-10 Certification terminal, and server;
The server, for after the Transaction Information and signature that receive applications client transmission Transaction Information, the Transaction Information after signature is decrypted using client public key, and will decryption Result is compared with the Transaction Information, and transaction is effective if consistent.
CN201510961755.2A 2015-12-21 2015-12-21 Authentication method, authentication terminal and system Active CN106899551B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510961755.2A CN106899551B (en) 2015-12-21 2015-12-21 Authentication method, authentication terminal and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510961755.2A CN106899551B (en) 2015-12-21 2015-12-21 Authentication method, authentication terminal and system

Publications (2)

Publication Number Publication Date
CN106899551A true CN106899551A (en) 2017-06-27
CN106899551B CN106899551B (en) 2020-04-17

Family

ID=59190641

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510961755.2A Active CN106899551B (en) 2015-12-21 2015-12-21 Authentication method, authentication terminal and system

Country Status (1)

Country Link
CN (1) CN106899551B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107370601A (en) * 2017-09-18 2017-11-21 山东确信信息产业股份有限公司 A kind of intelligent terminal, system and method for integrating a variety of safety certifications
CN107995170A (en) * 2017-11-21 2018-05-04 重庆金融资产交易所有限责任公司 Auth method, device, computer equipment and computer-readable recording medium
CN108154361A (en) * 2017-12-22 2018-06-12 恒宝股份有限公司 A kind of mobile terminal embeds the access method and mobile terminal of U-shield
CN108229142A (en) * 2017-12-28 2018-06-29 中国人民银行数字货币研究所 A kind of method and apparatus upgraded based on digital cash wallet terminal-pair wallet
CN108540457A (en) * 2018-03-20 2018-09-14 深圳市文鼎创数据科技有限公司 A kind of safety equipment and its biological identification control method and device
CN109327429A (en) * 2017-07-31 2019-02-12 佳能株式会社 Verification System, apparatus management system and its method
CN109389402A (en) * 2018-08-20 2019-02-26 天地融科技股份有限公司 Cipher-code input method and system, mobile terminal
CN110998581A (en) * 2019-03-26 2020-04-10 阿里巴巴集团控股有限公司 Program execution and data attestation scheme using multiple key pairs for signatures
CN111382713A (en) * 2020-03-12 2020-07-07 展讯通信(上海)有限公司 Biometric identification method, biometric identification system, electronic device, and storage medium
US20200412535A1 (en) * 2018-08-16 2020-12-31 Tencent Technology (Shenzhen) Company Limited Authentication information transmission method, apparatus, and storage medium
CN112491844A (en) * 2020-11-18 2021-03-12 西北大学 Voiceprint and face recognition verification system and method based on trusted execution environment
CN113191778A (en) * 2021-05-20 2021-07-30 中国农业银行股份有限公司 Identity authentication method and identity authentication device
CN113190816A (en) * 2021-05-08 2021-07-30 国民认证科技(北京)有限公司 Man-machine interaction verification method and system using system biological characteristics
CN114493595A (en) * 2022-01-27 2022-05-13 远光软件股份有限公司 Ukey-based fund payment method, related device, storage medium and system
CN118094510A (en) * 2024-04-23 2024-05-28 北财在线科技(北京)有限公司 System for centralized management of identity authentication and security enhancement of U shield and implementation method
CN118228235A (en) * 2024-05-24 2024-06-21 北京恩威特科技有限公司 Intelligent management system for online banking U shield

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340285A (en) * 2007-07-05 2009-01-07 杭州中正生物认证技术有限公司 Method and system for identity authentication by finger print USBkey
CN102708318A (en) * 2012-04-28 2012-10-03 鹤山世达光电科技有限公司 Bank U-shield based fingerprint adapting method, fingerprint adapter and system
CN202551163U (en) * 2012-04-01 2012-11-21 杭州晟元芯片技术有限公司 Fingerprint identification mobile phone with secure digital key (SDKEY) function
CN102880960A (en) * 2012-09-26 2013-01-16 深圳市亚略特生物识别科技有限公司 Short message payment method and system based on fingerprint identifying mobile phone
US20130179944A1 (en) * 2012-01-11 2013-07-11 Douglas Everett Kozlay Personal area network (PAN) ID-authenticating systems, apparatus, method
CN103793640A (en) * 2012-11-01 2014-05-14 北京握奇数据系统有限公司 Method and system for applying biological identification technology to USB Key
GB2517732A (en) * 2013-08-29 2015-03-04 Sim & Pin Ltd System for accessing data from multiple devices
CN104639315A (en) * 2013-11-10 2015-05-20 航天信息股份有限公司 Dual-authentication method and device based on identity passwords and fingerprint identification
CN104700268A (en) * 2015-03-30 2015-06-10 中科创达软件股份有限公司 Mobile payment method and mobile device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101340285A (en) * 2007-07-05 2009-01-07 杭州中正生物认证技术有限公司 Method and system for identity authentication by finger print USBkey
US20130179944A1 (en) * 2012-01-11 2013-07-11 Douglas Everett Kozlay Personal area network (PAN) ID-authenticating systems, apparatus, method
CN202551163U (en) * 2012-04-01 2012-11-21 杭州晟元芯片技术有限公司 Fingerprint identification mobile phone with secure digital key (SDKEY) function
CN102708318A (en) * 2012-04-28 2012-10-03 鹤山世达光电科技有限公司 Bank U-shield based fingerprint adapting method, fingerprint adapter and system
CN102880960A (en) * 2012-09-26 2013-01-16 深圳市亚略特生物识别科技有限公司 Short message payment method and system based on fingerprint identifying mobile phone
CN103793640A (en) * 2012-11-01 2014-05-14 北京握奇数据系统有限公司 Method and system for applying biological identification technology to USB Key
GB2517732A (en) * 2013-08-29 2015-03-04 Sim & Pin Ltd System for accessing data from multiple devices
CN104639315A (en) * 2013-11-10 2015-05-20 航天信息股份有限公司 Dual-authentication method and device based on identity passwords and fingerprint identification
CN104700268A (en) * 2015-03-30 2015-06-10 中科创达软件股份有限公司 Mobile payment method and mobile device

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327429A (en) * 2017-07-31 2019-02-12 佳能株式会社 Verification System, apparatus management system and its method
CN109327429B (en) * 2017-07-31 2021-08-17 佳能株式会社 Authentication system, device management system and method thereof
US10984084B2 (en) 2017-07-31 2021-04-20 Canon Kabushiki Kaisha System, device management system, and methods for the same
CN107370601A (en) * 2017-09-18 2017-11-21 山东确信信息产业股份有限公司 A kind of intelligent terminal, system and method for integrating a variety of safety certifications
CN107370601B (en) * 2017-09-18 2023-09-05 确信信息股份有限公司 Intelligent terminal, system and method integrating multiple security authentications
CN107995170A (en) * 2017-11-21 2018-05-04 重庆金融资产交易所有限责任公司 Auth method, device, computer equipment and computer-readable recording medium
CN108154361A (en) * 2017-12-22 2018-06-12 恒宝股份有限公司 A kind of mobile terminal embeds the access method and mobile terminal of U-shield
CN108229142A (en) * 2017-12-28 2018-06-29 中国人民银行数字货币研究所 A kind of method and apparatus upgraded based on digital cash wallet terminal-pair wallet
CN108540457A (en) * 2018-03-20 2018-09-14 深圳市文鼎创数据科技有限公司 A kind of safety equipment and its biological identification control method and device
US20200412535A1 (en) * 2018-08-16 2020-12-31 Tencent Technology (Shenzhen) Company Limited Authentication information transmission method, apparatus, and storage medium
CN109389402A (en) * 2018-08-20 2019-02-26 天地融科技股份有限公司 Cipher-code input method and system, mobile terminal
CN110998581B (en) * 2019-03-26 2024-05-24 创新先进技术有限公司 Program execution and data attestation scheme using multiple key pair signatures
CN110998581A (en) * 2019-03-26 2020-04-10 阿里巴巴集团控股有限公司 Program execution and data attestation scheme using multiple key pairs for signatures
CN111382713B (en) * 2020-03-12 2022-10-04 展讯通信(上海)有限公司 Biometric identification method, biometric identification system, electronic device, and storage medium
CN111382713A (en) * 2020-03-12 2020-07-07 展讯通信(上海)有限公司 Biometric identification method, biometric identification system, electronic device, and storage medium
CN112491844A (en) * 2020-11-18 2021-03-12 西北大学 Voiceprint and face recognition verification system and method based on trusted execution environment
CN113190816A (en) * 2021-05-08 2021-07-30 国民认证科技(北京)有限公司 Man-machine interaction verification method and system using system biological characteristics
CN113191778A (en) * 2021-05-20 2021-07-30 中国农业银行股份有限公司 Identity authentication method and identity authentication device
CN114493595A (en) * 2022-01-27 2022-05-13 远光软件股份有限公司 Ukey-based fund payment method, related device, storage medium and system
CN118094510A (en) * 2024-04-23 2024-05-28 北财在线科技(北京)有限公司 System for centralized management of identity authentication and security enhancement of U shield and implementation method
CN118228235A (en) * 2024-05-24 2024-06-21 北京恩威特科技有限公司 Intelligent management system for online banking U shield
CN118228235B (en) * 2024-05-24 2024-07-26 北京恩威特科技有限公司 Intelligent management system for online banking U shield

Also Published As

Publication number Publication date
CN106899551B (en) 2020-04-17

Similar Documents

Publication Publication Date Title
CN106899551A (en) Authentication method, certification terminal and system
CN106688004B (en) Transaction authentication method and device, mobile terminal, POS terminal and server
JP2006504167A (en) Method for performing secure electronic transactions using portable data storage media
CN101895513A (en) Log-in authentication system for service website and implementation method
WO2008127431A2 (en) Systems and methods for identification and authentication of a user
US20200143377A1 (en) Systems and methods for user identity authentication
CN107592308A (en) A kind of two server multiple-factor authentication method towards mobile payment scene
CN110084586B (en) Mobile terminal secure payment system and method
CN101299254A (en) Payment system and payment method thereof
CN108683667A (en) Account protection method, device, system and storage medium
CN108335108A (en) A kind of two-dimension code safe method of mobile payment and system
CN105978855A (en) System and method for protecting personal information security in real-name system
Siddiqui Biometrics to control ATM scams: A study
Paul et al. IEDs on the Road to Fingerprint Authentication: Biometrics have vulnerabilities that PINs and passwords don't
CN110084021A (en) Cabinet surface terminal, client, cabinet face data exchange method and system
JP4802670B2 (en) Cardless authentication system, cardless authentication method used in the system, and cardless authentication program
Singhal Security analysis of aadhaar authentication process and way forward
KR102348823B1 (en) System and Method for Identification Based on Finanace Card Possessed by User
CN106056388A (en) Fingerprint password dynamic password device and using method thereof
El Madhoun et al. The EMV Payment System: Is It Reliable?
EP3217593A1 (en) Two-factor authentication method for increasing the security of transactions between a user and a transaction point or system
JP2008269511A (en) User authentication method
CN107491967B (en) Method and system for inputting password through network payment
CN102779302A (en) Payment method and payment system
US20150288684A1 (en) Device assembly for carrying out or enabling an electronic service and a method for securely inputting authorization data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20170627

Assignee: Tianyiyun Technology Co.,Ltd.

Assignor: CHINA TELECOM Corp.,Ltd.

Contract record no.: X2024110000040

Denomination of invention: Authentication methods, authentication terminals, and systems

Granted publication date: 20200417

License type: Common License

Record date: 20240914