CN106899551A - Authentication method, certification terminal and system - Google Patents
Authentication method, certification terminal and system Download PDFInfo
- Publication number
- CN106899551A CN106899551A CN201510961755.2A CN201510961755A CN106899551A CN 106899551 A CN106899551 A CN 106899551A CN 201510961755 A CN201510961755 A CN 201510961755A CN 106899551 A CN106899551 A CN 106899551A
- Authority
- CN
- China
- Prior art keywords
- trusted application
- transaction information
- shield
- sent
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 230000004044 response Effects 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 claims description 11
- 230000001815 facial effect Effects 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 abstract description 17
- 230000010354 integration Effects 0.000 abstract description 8
- 230000008569 process Effects 0.000 description 6
- 230000008933 bodily movement Effects 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000035479 physiological effects, processes and functions Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses a kind of authentication method, certification terminal and system, it is related to mobile internet technical field.The method includes:Bio-identification trusted application receives checking request and the Transaction Information that applications client sends, and user identity is authenticated by biological information, if certification success, Transaction Information is sent to U-shield trusted application;U-shield trusted application sends key and carries out authentication to U-shield module, if be proved to be successful, Transaction Information is sent to U-shield module, and U-shield module is signed and returned to Transaction Information;Bio-identification trusted application and U-shield trusted application are respectively positioned in the credible performing environment of terminal, the key outside inaccessible of U-shield trusted application.The present invention realizes effective combination of biometric authentication technology and U-shield technology in terminal, make the integration in flow of two kinds of technologies, it is to avoid by the possibility of middle attack, while solving the problems, such as password authentification, user improves the security and convenience of move transaction using more facilitating.
Description
Technical field
The present invention relates to mobile internet technical field, more particularly to a kind of authentication method, certification
Terminal and system.
Background technology
With mobile Internet high speed development, mobile terminal transaction security faces increasing prestige
The side of body, it would be highly desirable to safe to use and experience good technical approach and solve.
With the release and the upgrading of associated terminal or tabulating equipment of operator's mobile phone wallet business,
Have been able to use SIM (Subscriber Identity Module, client identification module) at present
Card or UIM (User Identify Module, subscriber identification module) cards realize mobile phone U-shield
Business, multiple Application Certificates can be stored on SIM or UIM cards, complete mobile branch
Pay the signature authentication for waiting transaction.Meanwhile, the user identity identification technology of mobile phone terminal is particularly given birth to
Thing identification authentication techniques are increasingly mature, for example, replace Password Input using modes such as fingerprints, greatly
Simplify authentication operation of the user in process of exchange so that more convenient when user is paid.
However, in actual application, mobile phone U-shield needs input PIN (Personal
Identification Number, personal recognition code) code, troublesome poeration, password easily lets out
Leakage;The technologies such as fingerprint recognition are easy to use, but are only capable of testing user identity in mobile terminal
Card, it is impossible to subscriber authentication is completed between server end.If simply two schemes are folded
Plus, then there is problems with:Replace Password Input using fingerprint identification technology, but in mobile phone
In U-shield scheme, the verification of PIN code is the precondition for performing signature operation, otherwise card meeting
Think that safety condition is unsatisfactory for, do not allow to perform signature operation.Therefore how PIN code is realized
Replacement is a key.Also, the processes such as mobile phone U-shield and finger print identifying be it is separate,
Fingerprint recognition is returned only to whether finger print identifying succeeds, and calling mobile phone U is accomplished to from fingerprint recognition
Shield carries out signature pilot process and is easily tampered with or counterfeit.
The content of the invention
An embodiment of the present invention technical problem to be solved is:How to be realized in terminal biological
The effective integration of identification authentication techniques and U-shield technology.
One side according to embodiments of the present invention, there is provided a kind of authentication method, including:It is biological
Identification trusted application (Trusted Application, TA) passes through application client in response to user
The checking request and Transaction Information for sending are held, user identity is recognized by biological information
Card, if certification success, Transaction Information is sent to U-shield trusted application;U-shield trusted application connects
The Transaction Information that bio-identification trusted application sends is received, sending key to U-shield module carries out identity
Checking, if be proved to be successful, sends Transaction Information, so as to U-shield module pair to U-shield module
Transaction Information is signed and is returned;U-shield trusted application receives the Transaction Information after signature, and
Applications client is transmitted to by bio-identification trusted application;Wherein, bio-identification trusted application
With credible performing environment (the Trusted Execution that U-shield trusted application is respectively positioned on terminal
Environment, TEE) in, the key outside inaccessible of U-shield trusted application.
In one embodiment, bio-identification trusted application is fingerprint trusted application;Fingerprint is credible
Using the checking request and Transaction Information that are sent by applications client in response to user, by with
The fingerprint of family input is authenticated to user identity, if certification success, to U-shield trusted application
Send Transaction Information;Or, bio-identification trusted application is iris trusted application;Iris is credible
Using the checking request and Transaction Information that are sent by applications client in response to user, by with
The iris information of family input is authenticated to user identity, if certification success, credible to U-shield
Using transmission Transaction Information;Or, bio-identification trusted application is face trusted application;Face
Checking request and Transaction Information that trusted application is sent in response to user by applications client, lead to
The facial information for crossing user input is authenticated to user identity, if certification success, to U-shield
Trusted application sends Transaction Information.
In one embodiment, U-shield module is signed using private key for user to Transaction Information;
Authentication method also includes:After server receives the Transaction Information and signature of applications client transmission
Transaction Information, is decrypted using client public key to the Transaction Information after signature, and decryption is tied
Fruit is compared with Transaction Information, and transaction is effective if consistent.
In one embodiment, Transaction Information includes transaction critical data.
In one embodiment, terminal is mobile phone, and U-shield module is arranged in Mobile phone card.
Second aspect according to embodiments of the present invention, there is provided a kind of certification terminal, including:It is raw
Thing recognizes trusted application, for the checking request that is sent by applications client in response to user with
Transaction Information, is authenticated by biological information to user identity, if certification success,
Transaction Information is sent to U-shield trusted application;U-shield trusted application, can for receiving bio-identification
The Transaction Information that letter application sends, sending key to U-shield module carries out authentication, if tested
Demonstrate,prove successfully, then Transaction Information is sent to U-shield module, so that U-shield module is carried out to Transaction Information
Sign and return;And for receiving the Transaction Information after signature, by bio-identification trusted application
It is transmitted to applications client;Wherein, bio-identification trusted application and U-shield trusted application are respectively positioned on
In the credible performing environment of terminal, the key outside inaccessible of U-shield trusted application.
In one embodiment, bio-identification trusted application is fingerprint trusted application;Fingerprint is credible
Using, for the checking request and Transaction Information that are sent by applications client in response to user,
User identity is authenticated by the fingerprint of user input, if certification success, can to U-shield
Letter application sends Transaction Information;Or, bio-identification trusted application is iris trusted application;Rainbow
Film trusted application, for the checking request sent by applications client in response to user and transaction
Information, is authenticated by the iris information of user input to user identity, if certification success,
Transaction Information is sent to U-shield trusted application;Or, bio-identification trusted application is credible face
Using;Face trusted application, for being asked by the checking that applications client sends in response to user
Summation Transaction Information, is authenticated by the facial information of user input to user identity, if
Certification success, Transaction Information is sent to U-shield trusted application.
In one embodiment, U-shield module, for being carried out to Transaction Information using private key for user
Signature.
In one embodiment, Transaction Information includes transaction critical data.
In one embodiment, terminal is mobile phone, and U-shield module is arranged in Mobile phone card.
The 3rd aspect according to embodiments of the present invention, there is provided a kind of Verification System, it is including foregoing
Certification terminal and server in any one embodiment;Server, for receiving applications client
Transaction Information after the Transaction Information and signature of transmission, using client public key to the transaction after signature
Information is decrypted, and decrypted result is compared with Transaction Information, is concluded the business if consistent
Effectively.
The present invention, and can by bio-identification trusted application and U-shield by introducing credible performing environment
Letter application is both placed in credible performing environment so that authentication and transaction authentication are credible
Completed in environment, so as to realize that biometric authentication technology and the effective of U-shield technology are melted in terminal
Close, make the integration in flow of two kinds of technologies, it is to avoid by the possibility of middle attack, while using special
Key substitutes PIN checkings, solves the problems, such as password authentification, and user uses and more facilitates,
Improve the security and convenience of move transaction.
By referring to the drawings to the detailed description of exemplary embodiment of the invention, the present invention
Further feature and its advantage will be made apparent from.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will
The accompanying drawing to be used needed for embodiment or description of the prior art is briefly described, it is clear that
Ground, drawings in the following description are only some embodiments of the present invention, for the common skill in this area
For art personnel, on the premise of not paying creative work, can also be obtained according to these accompanying drawings
Other accompanying drawings.
Fig. 1 shows the application schematic diagram of the authentication method of the disclosure.
Fig. 2 shows the schematic flow sheet of the authentication method of the exemplary embodiment of the disclosure.
Fig. 3 shows the structural representation of the certification terminal of the exemplary embodiment of the disclosure.
Fig. 4 shows the structural representation of the Verification System of the exemplary embodiment of the disclosure.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, to the technical scheme in the embodiment of the present invention
It is clearly and completely described, it is clear that described embodiment is only a real part of the invention
Example is applied, rather than whole embodiments.Below to the description reality of at least one exemplary embodiment
It is merely illustrative on border, never as to the present invention and its application or any limitation for using.
Based on the embodiment in the present invention, those of ordinary skill in the art are not before creative work is made
The every other embodiment for being obtained is put, the scope of protection of the invention is belonged to.
For how realizing the effective integration of user identity identification and U-shield function in terminal, and protect
The problem of the security of transaction is demonstrate,proved, this programme is proposed.With reference to Fig. 1 to of the invention substantially square
Case is described.
As shown in figure 1, the present invention is by introducing credible performing environment, and by bio-identification is credible should
It is both placed in credible performing environment with (by taking fingerprint identification technology as an example) and U-shield trusted application,
So that authentication and transaction authentication are completed in trusted context, so as to realize life in terminal
Thing recognizes the effective integration of authentication techniques and U-shield technology, makes the integration in flow of two kinds of technologies,
Avoid by the possibility of middle attack, while substitute PIN using special key verifying, solve close
Code validation problem, and user improves the security and facility of move transaction using more facilitating
Property.Verification process is detailed below.
One embodiment of authentication method of the present invention is described with reference to Fig. 2.
Fig. 2 is the flow chart of authentication method one embodiment of the present invention.As shown in Fig. 2 the implementation
The method of example includes:
Step S202, applications client sends checking request and friendship to bio-identification trusted application
Easy information, accordingly, bio-identification trusted application receives what user was sent by applications client
Checking request and Transaction Information.
Wherein, applications client is, for example, application program for being installed on mobile phone terminal etc..Using
Client sends checking request and transaction by user authentication interface to bio-identification trusted application
Information.Transaction Information be by application side's self-defining, be in process of exchange client need to
The transaction critical data of server transmission, such as tradable commodity numbering, quantity, amount of money etc. can
It is transmitted with the form of binary data blocks.Bio-identification trusted application is used for user
Identity verified, the information for representing user's bodily movement of practising Wushu is carried in the checking request of reception,
Such as fingerprint, iris, sound, facial information etc..Bio-identification trusted application is arranged at terminal
Credible performing environment in, user shifts to an earlier date typing and is stored in this for the information of identifying user identity
In credible performing environment, such as fingerprint, iris, sound, facial information etc., it is impossible to outside
Access and distort, it is ensured that the reliability and security of checking.
Step S204, bio-identification trusted application is sent in response to user by applications client
Checking request and Transaction Information, user identity is authenticated by biological information.Such as
Fruit certification success, then perform step S206.
Wherein, bio-identification trusted application will be carried for representing user's bodily movement of practising Wushu in checking request
Information compare with the information being stored in credible performing environment and can verify that the body of user
Part.For example, bio-identification trusted application is fingerprint trusted application, then user is needed to believe fingerprint
Breath typing and is stored in credible performing environment when initial, when checking user identity is needed,
User input fingerprint, applications client carries the finger print information of user in fingerprint trusted application,
Fingerprint trusted application is contrasted the finger print information in checking request with the finger print information for preserving
Can verify that the identity of user.Bio-identification trusted application can also be iris trusted application, people
Face trusted application or sound trusted application etc., by recognizing the intrinsic physiology of human body or behavior etc.
Feature is verified to the identity of user, but is not limited to examples cited.
Step S206, bio-identification trusted application sends Transaction Information to U-shield trusted application,
Accordingly, U-shield trusted application receives the Transaction Information that bio-identification trusted application sends.
Wherein, U-shield trusted application is arranged in the credible performing environment of terminal.
Step S208, U-shield trusted application sends key and carries out authentication to U-shield module,
If be proved to be successful, step S210 is performed.
Wherein, U-shield module can be included in Mobile phone card such as SIM or UIM cards etc.,
The function of mobile phone U-shield is realized, U-shield module can also be arranged at other and can realize U-shield work(
In the device of energy.Key storage by outside access or can not be distorted in credible performing environment, U
Shield trusted application carries out authentication using key to U-shield module, can be adjusted after being proved to be successful
With the data signature interface of U-shield module.
Step S210, U-shield trusted application sends Transaction Information, corresponding U to U-shield module
Shield module receives Transaction Information.
Step S212, U-shield module Transaction Information is signed and returned to U-shield it is credible should
With.
Wherein, U-shield module is signed using private key for user to Transaction Information.
Step S214, U-shield trusted application receives the Transaction Information after signature, and by biology
Identification trusted application is transmitted to applications client.
Transaction Information after Transaction Information and signature is sent to clothes by step S216, applications client
The validity of business device checking transaction.
Wherein, server receives the transaction letter after the Transaction Information and signature of applications client transmission
Breath, is decrypted using client public key to the Transaction Information after signature, and by decrypted result and is handed over
Easy information is compared, and transaction is effective if consistent.
The method of above-described embodiment by introducing credible performing environment, and by bio-identification trusted application
It is both placed in credible performing environment with U-shield trusted application so that authentication and transaction authentication
Completed in trusted context, so as to realize biometric authentication technology and U-shield technology in terminal
Effective integration, make the integration in flow of two kinds of technologies, it is to avoid by the possibility of middle attack, together
When substitute PIN using special key and verify, solve the problems, such as password authentification, and user uses
More facilitate, improve the security and convenience of move transaction.
The present invention also provides a kind of certification terminal, is described with reference to Fig. 3.
Fig. 3 is the structure chart of certification terminal one embodiment of the present invention.As shown in figure 3, the certification
Terminal 30 includes:Applications client 302, bio-identification trusted application 304, U-shield trusted application
306 and U-shield module 308.
Bio-identification trusted application 304, for being sent out by applications client 302 in response to user
The checking request and Transaction Information sent, are authenticated by biological information to user identity,
If certification success, Transaction Information is sent to U-shield trusted application 306.
U-shield trusted application 306, the transaction for receiving the transmission of bio-identification trusted application 304
Information, sending key to U-shield module 308 carries out authentication, if be proved to be successful, to
U-shield module 308 sends Transaction Information, so that U-shield module 308 is signed to Transaction Information
And return;And for receiving the Transaction Information after signature, by bio-identification trusted application 304
It is transmitted to applications client 302.
Wherein, bio-identification trusted application 304 and U-shield trusted application 306 are respectively positioned on terminal
Can be the software function module for accessing credible performing environment in credible performing environment.U-shield can
The key outside inaccessible of letter application 306.U-shield module 308, for using private key for user
Transaction Information is signed.When terminal is mobile phone, U-shield module 308 can be arranged at mobile phone
In card, it is also possible to be arranged in the device that other can realize U-shield function.
Wherein, bio-identification trusted application 304 can be fingerprint trusted application;Fingerprint is credible should
With, for the checking request and Transaction Information that are sent by applications client in response to user, lead to
The fingerprint for crossing user input is authenticated to user identity, if certification success, credible to U-shield
Using transmission Transaction Information;Or, bio-identification trusted application 304 is iris trusted application;
Iris trusted application, for the checking request sent by applications client in response to user and friendship
Easy information, is authenticated by the iris information of user input to user identity, if certification into
Work(, Transaction Information is sent to U-shield trusted application;Or, bio-identification trusted application 304 is
Face trusted application;Face trusted application, for being sent by applications client in response to user
Checking request and Transaction Information, user identity is recognized by the facial information of user input
Card, if certification success, Transaction Information is sent to U-shield trusted application.Bio-identification is credible should
With for sound trusted application etc., but examples cited can also be not limited to.
Wherein, it, by application side's self-defining, is client need in process of exchange that Transaction Information is
The transaction critical data to be transmitted to server, such as tradable commodity numbering, quantity, amount of money etc.,
Can be transmitted in the form of binary data blocks.
The present invention also provides a kind of Verification System, is described with reference to Fig. 4.
Fig. 4 is the structure chart of present inventive verification system one embodiment.As shown in figure 4, the certification
System 40 includes:Certification terminal 30 and server 402 in foregoing any one embodiment.
Wherein, server 402, for receive applications client 302 transmission Transaction Information and
Transaction Information after signature, is decrypted using client public key to the Transaction Information after signature, and
Decrypted result is compared with Transaction Information, transaction is effective if consistent.
One of ordinary skill in the art will appreciate that realizing that all or part of step of above-described embodiment can
To be completed by hardware, it is also possible to instruct the hardware of correlation to complete by program, described journey
Sequence can be stored in a kind of computer-readable recording medium, and storage medium mentioned above can be
Read-only storage, disk or CD etc..
Presently preferred embodiments of the present invention is the foregoing is only, is not intended to limit the invention, it is all at this
Within the spirit and principle of invention, any modification, equivalent substitution and improvements made etc. all should be wrapped
It is contained within protection scope of the present invention.
Claims (11)
1. a kind of authentication method, it is characterised in that including:
Checking request that bio-identification trusted application is sent by applications client in response to user and
Transaction Information, is authenticated by biological information to user identity, if certification success,
The Transaction Information is sent to U-shield trusted application;
U-shield trusted application receives the Transaction Information that bio-identification trusted application sends, to U
Shield module sends key and carries out authentication, if be proved to be successful, institute is sent to U-shield module
Transaction Information is stated, so that U-shield module is signed and returned to the Transaction Information;
U-shield trusted application receives the Transaction Information after signature, and by bio-identification trusted application
It is transmitted to applications client;
Wherein, bio-identification trusted application and U-shield trusted application are respectively positioned on the credible execution of terminal
In environment, the key outside inaccessible of U-shield trusted application.
2. method according to claim 1, it is characterised in that wherein, it is described biological to know
Other trusted application is fingerprint trusted application;
Checking request and transaction that fingerprint trusted application is sent in response to user by applications client
Information, is authenticated by the fingerprint of user input to user identity, if certification success, to
U-shield trusted application sends the Transaction Information;
Or, the bio-identification trusted application is iris trusted application;
Checking request and transaction that iris trusted application is sent in response to user by applications client
Information, is authenticated by the iris information of user input to user identity, if certification success,
The Transaction Information is sent to U-shield trusted application;
Or, the bio-identification trusted application is face trusted application;
Checking request and transaction that face trusted application is sent in response to user by applications client
Information, is authenticated by the facial information of user input to user identity, if certification success,
The Transaction Information is sent to U-shield trusted application.
3. method according to claim 1, it is characterised in that wherein, U-shield module makes
The Transaction Information is signed with private key for user;
Methods described also includes:
Server receives the Transaction Information after the Transaction Information and signature of applications client transmission,
The Transaction Information after signature is decrypted using client public key, and by decrypted result and the friendship
Easy information is compared, and transaction is effective if consistent.
4. the method according to claim any one of 1-3, it is characterised in that wherein, institute
Stating Transaction Information includes transaction critical data.
5. the method according to claim any one of 1-3, wherein, the terminal is mobile phone,
U-shield module is arranged in Mobile phone card.
6. a kind of certification terminal, it is characterised in that including:
Bio-identification trusted application, for the checking sent by applications client in response to user
Request and Transaction Information, are authenticated, if certification by biological information to user identity
Success, the Transaction Information is sent to U-shield trusted application;
U-shield trusted application, the Transaction Information for receiving the transmission of bio-identification trusted application,
Sending key to U-shield module carries out authentication, if be proved to be successful, is sent out to U-shield module
The Transaction Information is sent, so that U-shield module is signed and returned to the Transaction Information;And
For receiving the Transaction Information after signature, application client is transmitted to by bio-identification trusted application
End;
Wherein, bio-identification trusted application and U-shield trusted application are respectively positioned on the credible execution of terminal
In environment, the key outside inaccessible of U-shield trusted application.
7. terminal according to claim 6, it is characterised in that
Wherein, the bio-identification trusted application is fingerprint trusted application;
Fingerprint trusted application, for the checking request sent by applications client in response to user
And Transaction Information, user identity is authenticated by the fingerprint of user input, if certification into
Work(, the Transaction Information is sent to U-shield trusted application;
Or, the bio-identification trusted application is iris trusted application;
Iris trusted application, for the checking request sent by applications client in response to user
And Transaction Information, user identity is authenticated by the iris information of user input, if recognized
Demonstrate,prove successfully, the Transaction Information is sent to U-shield trusted application;
Or, the bio-identification trusted application is face trusted application;
Face trusted application, for the checking request sent by applications client in response to user
And Transaction Information, user identity is authenticated by the facial information of user input, if recognized
Demonstrate,prove successfully, the Transaction Information is sent to U-shield trusted application.
8. terminal according to claim 6, it is characterised in that wherein, U-shield module,
For being signed to the Transaction Information using private key for user.
9. the terminal according to claim any one of 6-8, it is characterised in that wherein, institute
Stating Transaction Information includes transaction critical data.
10. the terminal according to claim any one of 6-8, it is characterised in that wherein,
The terminal is mobile phone, and U-shield module is arranged in Mobile phone card.
11. a kind of Verification Systems, it is characterised in that including described in claim any one of 6-10
Certification terminal, and server;
The server, for after the Transaction Information and signature that receive applications client transmission
Transaction Information, the Transaction Information after signature is decrypted using client public key, and will decryption
Result is compared with the Transaction Information, and transaction is effective if consistent.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510961755.2A CN106899551B (en) | 2015-12-21 | 2015-12-21 | Authentication method, authentication terminal and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510961755.2A CN106899551B (en) | 2015-12-21 | 2015-12-21 | Authentication method, authentication terminal and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106899551A true CN106899551A (en) | 2017-06-27 |
CN106899551B CN106899551B (en) | 2020-04-17 |
Family
ID=59190641
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510961755.2A Active CN106899551B (en) | 2015-12-21 | 2015-12-21 | Authentication method, authentication terminal and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106899551B (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107370601A (en) * | 2017-09-18 | 2017-11-21 | 山东确信信息产业股份有限公司 | A kind of intelligent terminal, system and method for integrating a variety of safety certifications |
CN107995170A (en) * | 2017-11-21 | 2018-05-04 | 重庆金融资产交易所有限责任公司 | Auth method, device, computer equipment and computer-readable recording medium |
CN108154361A (en) * | 2017-12-22 | 2018-06-12 | 恒宝股份有限公司 | A kind of mobile terminal embeds the access method and mobile terminal of U-shield |
CN108229142A (en) * | 2017-12-28 | 2018-06-29 | 中国人民银行数字货币研究所 | A kind of method and apparatus upgraded based on digital cash wallet terminal-pair wallet |
CN108540457A (en) * | 2018-03-20 | 2018-09-14 | 深圳市文鼎创数据科技有限公司 | A kind of safety equipment and its biological identification control method and device |
CN109327429A (en) * | 2017-07-31 | 2019-02-12 | 佳能株式会社 | Verification System, apparatus management system and its method |
CN109389402A (en) * | 2018-08-20 | 2019-02-26 | 天地融科技股份有限公司 | Cipher-code input method and system, mobile terminal |
CN110998581A (en) * | 2019-03-26 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Program execution and data attestation scheme using multiple key pairs for signatures |
CN111382713A (en) * | 2020-03-12 | 2020-07-07 | 展讯通信(上海)有限公司 | Biometric identification method, biometric identification system, electronic device, and storage medium |
US20200412535A1 (en) * | 2018-08-16 | 2020-12-31 | Tencent Technology (Shenzhen) Company Limited | Authentication information transmission method, apparatus, and storage medium |
CN112491844A (en) * | 2020-11-18 | 2021-03-12 | 西北大学 | Voiceprint and face recognition verification system and method based on trusted execution environment |
CN113191778A (en) * | 2021-05-20 | 2021-07-30 | 中国农业银行股份有限公司 | Identity authentication method and identity authentication device |
CN113190816A (en) * | 2021-05-08 | 2021-07-30 | 国民认证科技(北京)有限公司 | Man-machine interaction verification method and system using system biological characteristics |
CN114493595A (en) * | 2022-01-27 | 2022-05-13 | 远光软件股份有限公司 | Ukey-based fund payment method, related device, storage medium and system |
CN118094510A (en) * | 2024-04-23 | 2024-05-28 | 北财在线科技(北京)有限公司 | System for centralized management of identity authentication and security enhancement of U shield and implementation method |
CN118228235A (en) * | 2024-05-24 | 2024-06-21 | 北京恩威特科技有限公司 | Intelligent management system for online banking U shield |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
CN102708318A (en) * | 2012-04-28 | 2012-10-03 | 鹤山世达光电科技有限公司 | Bank U-shield based fingerprint adapting method, fingerprint adapter and system |
CN202551163U (en) * | 2012-04-01 | 2012-11-21 | 杭州晟元芯片技术有限公司 | Fingerprint identification mobile phone with secure digital key (SDKEY) function |
CN102880960A (en) * | 2012-09-26 | 2013-01-16 | 深圳市亚略特生物识别科技有限公司 | Short message payment method and system based on fingerprint identifying mobile phone |
US20130179944A1 (en) * | 2012-01-11 | 2013-07-11 | Douglas Everett Kozlay | Personal area network (PAN) ID-authenticating systems, apparatus, method |
CN103793640A (en) * | 2012-11-01 | 2014-05-14 | 北京握奇数据系统有限公司 | Method and system for applying biological identification technology to USB Key |
GB2517732A (en) * | 2013-08-29 | 2015-03-04 | Sim & Pin Ltd | System for accessing data from multiple devices |
CN104639315A (en) * | 2013-11-10 | 2015-05-20 | 航天信息股份有限公司 | Dual-authentication method and device based on identity passwords and fingerprint identification |
CN104700268A (en) * | 2015-03-30 | 2015-06-10 | 中科创达软件股份有限公司 | Mobile payment method and mobile device |
-
2015
- 2015-12-21 CN CN201510961755.2A patent/CN106899551B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
US20130179944A1 (en) * | 2012-01-11 | 2013-07-11 | Douglas Everett Kozlay | Personal area network (PAN) ID-authenticating systems, apparatus, method |
CN202551163U (en) * | 2012-04-01 | 2012-11-21 | 杭州晟元芯片技术有限公司 | Fingerprint identification mobile phone with secure digital key (SDKEY) function |
CN102708318A (en) * | 2012-04-28 | 2012-10-03 | 鹤山世达光电科技有限公司 | Bank U-shield based fingerprint adapting method, fingerprint adapter and system |
CN102880960A (en) * | 2012-09-26 | 2013-01-16 | 深圳市亚略特生物识别科技有限公司 | Short message payment method and system based on fingerprint identifying mobile phone |
CN103793640A (en) * | 2012-11-01 | 2014-05-14 | 北京握奇数据系统有限公司 | Method and system for applying biological identification technology to USB Key |
GB2517732A (en) * | 2013-08-29 | 2015-03-04 | Sim & Pin Ltd | System for accessing data from multiple devices |
CN104639315A (en) * | 2013-11-10 | 2015-05-20 | 航天信息股份有限公司 | Dual-authentication method and device based on identity passwords and fingerprint identification |
CN104700268A (en) * | 2015-03-30 | 2015-06-10 | 中科创达软件股份有限公司 | Mobile payment method and mobile device |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109327429A (en) * | 2017-07-31 | 2019-02-12 | 佳能株式会社 | Verification System, apparatus management system and its method |
CN109327429B (en) * | 2017-07-31 | 2021-08-17 | 佳能株式会社 | Authentication system, device management system and method thereof |
US10984084B2 (en) | 2017-07-31 | 2021-04-20 | Canon Kabushiki Kaisha | System, device management system, and methods for the same |
CN107370601A (en) * | 2017-09-18 | 2017-11-21 | 山东确信信息产业股份有限公司 | A kind of intelligent terminal, system and method for integrating a variety of safety certifications |
CN107370601B (en) * | 2017-09-18 | 2023-09-05 | 确信信息股份有限公司 | Intelligent terminal, system and method integrating multiple security authentications |
CN107995170A (en) * | 2017-11-21 | 2018-05-04 | 重庆金融资产交易所有限责任公司 | Auth method, device, computer equipment and computer-readable recording medium |
CN108154361A (en) * | 2017-12-22 | 2018-06-12 | 恒宝股份有限公司 | A kind of mobile terminal embeds the access method and mobile terminal of U-shield |
CN108229142A (en) * | 2017-12-28 | 2018-06-29 | 中国人民银行数字货币研究所 | A kind of method and apparatus upgraded based on digital cash wallet terminal-pair wallet |
CN108540457A (en) * | 2018-03-20 | 2018-09-14 | 深圳市文鼎创数据科技有限公司 | A kind of safety equipment and its biological identification control method and device |
US20200412535A1 (en) * | 2018-08-16 | 2020-12-31 | Tencent Technology (Shenzhen) Company Limited | Authentication information transmission method, apparatus, and storage medium |
CN109389402A (en) * | 2018-08-20 | 2019-02-26 | 天地融科技股份有限公司 | Cipher-code input method and system, mobile terminal |
CN110998581B (en) * | 2019-03-26 | 2024-05-24 | 创新先进技术有限公司 | Program execution and data attestation scheme using multiple key pair signatures |
CN110998581A (en) * | 2019-03-26 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Program execution and data attestation scheme using multiple key pairs for signatures |
CN111382713B (en) * | 2020-03-12 | 2022-10-04 | 展讯通信(上海)有限公司 | Biometric identification method, biometric identification system, electronic device, and storage medium |
CN111382713A (en) * | 2020-03-12 | 2020-07-07 | 展讯通信(上海)有限公司 | Biometric identification method, biometric identification system, electronic device, and storage medium |
CN112491844A (en) * | 2020-11-18 | 2021-03-12 | 西北大学 | Voiceprint and face recognition verification system and method based on trusted execution environment |
CN113190816A (en) * | 2021-05-08 | 2021-07-30 | 国民认证科技(北京)有限公司 | Man-machine interaction verification method and system using system biological characteristics |
CN113191778A (en) * | 2021-05-20 | 2021-07-30 | 中国农业银行股份有限公司 | Identity authentication method and identity authentication device |
CN114493595A (en) * | 2022-01-27 | 2022-05-13 | 远光软件股份有限公司 | Ukey-based fund payment method, related device, storage medium and system |
CN118094510A (en) * | 2024-04-23 | 2024-05-28 | 北财在线科技(北京)有限公司 | System for centralized management of identity authentication and security enhancement of U shield and implementation method |
CN118228235A (en) * | 2024-05-24 | 2024-06-21 | 北京恩威特科技有限公司 | Intelligent management system for online banking U shield |
CN118228235B (en) * | 2024-05-24 | 2024-07-26 | 北京恩威特科技有限公司 | Intelligent management system for online banking U shield |
Also Published As
Publication number | Publication date |
---|---|
CN106899551B (en) | 2020-04-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106899551A (en) | Authentication method, certification terminal and system | |
CN106688004B (en) | Transaction authentication method and device, mobile terminal, POS terminal and server | |
JP2006504167A (en) | Method for performing secure electronic transactions using portable data storage media | |
CN101895513A (en) | Log-in authentication system for service website and implementation method | |
WO2008127431A2 (en) | Systems and methods for identification and authentication of a user | |
US20200143377A1 (en) | Systems and methods for user identity authentication | |
CN107592308A (en) | A kind of two server multiple-factor authentication method towards mobile payment scene | |
CN110084586B (en) | Mobile terminal secure payment system and method | |
CN101299254A (en) | Payment system and payment method thereof | |
CN108683667A (en) | Account protection method, device, system and storage medium | |
CN108335108A (en) | A kind of two-dimension code safe method of mobile payment and system | |
CN105978855A (en) | System and method for protecting personal information security in real-name system | |
Siddiqui | Biometrics to control ATM scams: A study | |
Paul et al. | IEDs on the Road to Fingerprint Authentication: Biometrics have vulnerabilities that PINs and passwords don't | |
CN110084021A (en) | Cabinet surface terminal, client, cabinet face data exchange method and system | |
JP4802670B2 (en) | Cardless authentication system, cardless authentication method used in the system, and cardless authentication program | |
Singhal | Security analysis of aadhaar authentication process and way forward | |
KR102348823B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
CN106056388A (en) | Fingerprint password dynamic password device and using method thereof | |
El Madhoun et al. | The EMV Payment System: Is It Reliable? | |
EP3217593A1 (en) | Two-factor authentication method for increasing the security of transactions between a user and a transaction point or system | |
JP2008269511A (en) | User authentication method | |
CN107491967B (en) | Method and system for inputting password through network payment | |
CN102779302A (en) | Payment method and payment system | |
US20150288684A1 (en) | Device assembly for carrying out or enabling an electronic service and a method for securely inputting authorization data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170627 Assignee: Tianyiyun Technology Co.,Ltd. Assignor: CHINA TELECOM Corp.,Ltd. Contract record no.: X2024110000040 Denomination of invention: Authentication methods, authentication terminals, and systems Granted publication date: 20200417 License type: Common License Record date: 20240914 |