CN106899551B - Authentication method, authentication terminal and system - Google Patents
Authentication method, authentication terminal and system Download PDFInfo
- Publication number
- CN106899551B CN106899551B CN201510961755.2A CN201510961755A CN106899551B CN 106899551 B CN106899551 B CN 106899551B CN 201510961755 A CN201510961755 A CN 201510961755A CN 106899551 B CN106899551 B CN 106899551B
- Authority
- CN
- China
- Prior art keywords
- transaction information
- application
- user
- shield
- trusted application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses an authentication method, an authentication terminal and an authentication system, and relates to the technical field of mobile internet. The method comprises the following steps: the biological identification trusted application receives a verification request and transaction information sent by an application client, authenticates the identity of a user through biological characteristic information, and sends the transaction information to the U shield trusted application if the authentication is successful; the U shield trusted application sends a secret key to the U shield module for identity verification, if the verification is successful, transaction information is sent to the U shield module, and the U shield module signs the transaction information and returns the signature; the biometric identification trusted application and the U-shield trusted application are both located in a trusted execution environment of the terminal, and the outside of a secret key of the U-shield trusted application is inaccessible. The invention realizes the effective combination of the biometric authentication technology and the U shield technology on the terminal, integrates the two technologies on the flow, avoids the possibility of being attacked in the middle, solves the problem of password verification, is more convenient for users to use, and improves the safety and the convenience of mobile transaction.
Description
Technical Field
The present invention relates to the field of mobile internet technologies, and in particular, to an authentication method, an authentication terminal, and a system.
Background
With the rapid development of the mobile internet, the transaction security of the mobile terminal faces more and more threats, and a technical way with high security and good experience is urgently needed to solve the problem.
With the push-out of the mobile wallet service of the operator and the upgrade of the related terminal or card device, the service of the mobile phone U shield can be realized by using a Subscriber Identity Module (SIM) card or a User Identity Module (UIM) card, and a plurality of application certificates can be stored on the SIM card or the UIM card to complete signature authentication of transactions such as mobile payment. Meanwhile, the user identity identification technology, especially the biometric identification authentication technology, of the mobile phone terminal is increasingly mature, for example, the password input is replaced by using a fingerprint mode and the like, so that the authentication operation of the user in the transaction process is greatly simplified, and the user can pay more conveniently.
However, in practical applications, the mobile phone U shield needs to input a PIN (Personal identification number) code, which is troublesome to operate and easy to leak; techniques such as fingerprint identification are simple and convenient to use, but the user identity can only be verified on the mobile terminal, and the user identity verification cannot be completed between the mobile terminal and the server. If the two schemes are simply superimposed, the following problems exist: the fingerprint identification technology is used for replacing password input, but in the U shield scheme of the mobile phone, the verification of the PIN code is a precondition for executing signature operation, otherwise, the card considers that the security condition is not satisfied, and the signature operation is not allowed to be executed. It is therefore critical how PIN code substitution is implemented. Moreover, the processes of the U shield of the mobile phone, the fingerprint authentication and the like are mutually independent, the fingerprint identification only returns whether the fingerprint authentication is successful, and the processes from the completion of the fingerprint identification to the calling of the U shield of the mobile phone for signature are easily tampered or counterfeited.
Disclosure of Invention
The embodiment of the invention aims to solve the technical problem that: how to realize the effective integration of the biometric identification authentication technology and the U shield technology on the terminal.
According to an aspect of the embodiments of the present invention, there is provided an authentication method, including: a biological identification Trusted Application (TA) responds to a verification request and transaction information sent by a user through an Application client, authenticates the identity of the user through biological characteristic information, and sends the transaction information to the USB key Trusted Application if the authentication is successful; the method comprises the steps that a U shield trusted application receives transaction information sent by a biological recognition trusted application, sends a secret key to a U shield module for identity verification, and if verification is successful, sends the transaction information to the U shield module so that the U shield module can sign and return the transaction information; the trusted application of the U shield receives the signed transaction information and forwards the transaction information to the application client through the biometric identification trusted application; the biometric Trusted application and the U-shield Trusted application are both located in a Trusted Execution Environment (TEE) of the terminal, and a secret key of the U-shield Trusted application is not accessible from the outside.
In one embodiment, the biometric trusted application is a fingerprint trusted application; the fingerprint credible application responds to a verification request and transaction information sent by a user through an application client, the user identity is authenticated through a fingerprint input by the user, and if the authentication is successful, the transaction information is sent to the U shield credible application; alternatively, the biometric trusted application is an iris trusted application; the iris credible application responds to a verification request and transaction information sent by a user through an application client, the user identity is authenticated through iris information input by the user, and if the authentication is successful, the transaction information is sent to the U shield credible application; alternatively, the biometric trusted application is a face trusted application; the face credible application responds to a verification request and transaction information sent by a user through an application client, the identity of the user is authenticated through face information input by the user, and if the authentication is successful, the transaction information is sent to the U shield credible application.
In one embodiment, the U shield module signs the transaction information by using a user private key; the authentication method further comprises: the server receives the transaction information sent by the application client and the signed transaction information, decrypts the signed transaction information by using the user public key, compares the decryption result with the transaction information, and if the decryption result is consistent with the transaction information, the transaction is valid.
In one embodiment, the transaction information includes transaction critical data.
In one embodiment, the terminal is a mobile phone, and the U shield module is arranged in a mobile phone card.
According to a second aspect of the embodiments of the present invention, there is provided an authentication terminal, including: the biometric identification trusted application is used for responding to a verification request and transaction information sent by a user through an application client, authenticating the identity of the user through the biometric characteristic information, and if the authentication is successful, sending the transaction information to the U shield trusted application; the U shield trusted application is used for receiving the transaction information sent by the biological identification trusted application, sending a secret key to the U shield module for identity verification, and if the verification is successful, sending the transaction information to the U shield module so that the U shield module signs the transaction information and returns the transaction information; the system is used for receiving the signed transaction information and forwarding the transaction information to the application client through the biological identification trusted application; the biometric identification trusted application and the U-shield trusted application are both located in a trusted execution environment of the terminal, and the outside of a secret key of the U-shield trusted application is inaccessible.
In one embodiment, the biometric trusted application is a fingerprint trusted application; the fingerprint credibility application is used for responding to a verification request and transaction information sent by a user through an application client, authenticating the identity of the user through a fingerprint input by the user, and sending the transaction information to the U shield credibility application if the authentication is successful; alternatively, the biometric trusted application is an iris trusted application; the iris credibility application is used for responding to a verification request and transaction information sent by a user through an application client, authenticating the identity of the user through the iris information input by the user, and sending the transaction information to the Ushield credibility application if the authentication is successful; alternatively, the biometric trusted application is a face trusted application; and the face credibility application is used for responding to a verification request and transaction information sent by the user through the application client, authenticating the identity of the user through the face information input by the user, and sending the transaction information to the U shield credibility application if the authentication is successful.
In one embodiment, the device comprises a U shield module for signing the transaction information by using a user private key.
In one embodiment, the transaction information includes transaction critical data.
In one embodiment, the terminal is a mobile phone, and the U shield module is arranged in a mobile phone card.
According to a third aspect of the embodiments of the present invention, there is provided an authentication system, including the authentication terminal and the server in any one of the foregoing embodiments; and the server is used for receiving the transaction information sent by the application client and the signed transaction information, decrypting the signed transaction information by using the user public key, comparing the decryption result with the transaction information, and if the decryption result is consistent with the transaction information, the transaction is valid.
According to the invention, by introducing the trusted execution environment and placing the biometric identification trusted application and the U shield trusted application in the trusted execution environment, identity authentication and transaction authentication are both completed in the trusted environment, so that the biometric identification authentication technology and the U shield technology are effectively integrated on the terminal, the two technologies are integrated on the flow, the possibility of being attacked by the middle is avoided, meanwhile, a special secret key is used for replacing PIN (personal identification number) verification, the password verification problem is solved, the use of a user is more convenient, and the safety and the convenience of mobile transaction are improved.
Other features of the present invention and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 shows an application diagram of the authentication method of the present disclosure.
Fig. 2 shows a flow diagram of an authentication method of an exemplary embodiment of the present disclosure.
Fig. 3 shows a schematic configuration diagram of an authentication terminal of an exemplary embodiment of the present disclosure.
Fig. 4 shows a schematic structural diagram of an authentication system of an exemplary embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The scheme is provided for solving the problems of how to realize the effective fusion of the user identity recognition and the U shield function on the terminal and ensure the safety of transaction. The basic scheme of the present invention is described below with reference to fig. 1.
As shown in fig. 1, the present invention introduces a trusted execution environment, and places both a biometric authentication trusted application (taking a fingerprint identification technology as an example) and a U-shield trusted application in the trusted execution environment, so that both the identity authentication and the transaction authentication are completed in the trusted environment, thereby implementing effective fusion of the biometric authentication technology and the U-shield technology on the terminal, integrating the two technologies in the process, avoiding the possibility of being attacked by the middle, and using a dedicated key to replace PIN authentication, solving the password authentication problem, facilitating the use of the user, and improving the security and convenience of mobile transactions. The authentication process is described in detail below.
An embodiment of the authentication method of the present invention is described below with reference to fig. 2.
Fig. 2 is a flowchart of an embodiment of an authentication method of the present invention. As shown in fig. 2, the method of this embodiment includes:
step S202, the application client sends a verification request and transaction information to the biometric trusted application, and correspondingly, the biometric trusted application receives the verification request and the transaction information sent by the user through the application client.
The application client is, for example, an application program installed on the mobile phone terminal. The application client sends a verification request and transaction information to the biometric trusted application through the user authentication interface. The transaction information is self-defined by the application party, and is transaction key data such as transaction commodity numbers, quantities, amounts and the like which are required to be transmitted to the server by the client in the transaction process, and can be transmitted in the form of binary data blocks. The biometric trusted application is used for verifying the identity of the user, and the received verification request carries information representing the identity of the user, such as fingerprints, irises, voice, facial information and the like. The biological identification trusted application is arranged in a trusted execution environment of the terminal, information for identifying the identity of the user is input in advance by the user and stored in the trusted execution environment, such as fingerprints, irises, voice, facial information and the like, and cannot be accessed and tampered by the outside, so that the reliability and safety of verification are guaranteed.
Step S204, the biological identification credible application responds to the verification request and the transaction information sent by the user through the application client, and the user identity is authenticated through the biological characteristic information. If the authentication is successful, step S206 is performed.
The biometric identification trusted application compares the information used for representing the identity of the user and carried in the verification request with the information stored in the trusted execution environment, and the identity of the user can be verified. For example, if the biometric identification trusted application is a fingerprint trusted application, the user is required to initially input and store fingerprint information in the trusted execution environment, when the user identity needs to be verified, the user inputs a fingerprint, the application client carries the fingerprint information of the user in the fingerprint trusted application, and the fingerprint trusted application compares the fingerprint information in the verification request with the stored fingerprint information to verify the identity of the user. The biometric identification trusted application may also be an iris trusted application, a human face trusted application, or a voice trusted application, and the identity of the user is verified by identifying the inherent physiological or behavioral characteristics of the human body, but is not limited to the examples given.
In step S206, the biometric trusted application sends transaction information to the U-shield trusted application, and accordingly, the U-shield trusted application receives the transaction information sent by the biometric trusted application.
The U-shield trusted application is arranged in a trusted execution environment of the terminal.
And step S208, the U shield trusted application sends a key to the U shield module for identity verification, and if the verification is successful, the step S210 is executed.
The mobile phone card, such as the SIM card or the UIM card, may include a U shield module to implement the U shield function of the mobile phone, and the U shield module may also be disposed in other devices that can implement the U shield function. The secret key is stored in the trusted execution environment and cannot be accessed or tampered by the outside, the U shield trusted application uses the secret key to carry out identity verification on the U shield module, and the data signature interface of the U shield module can be called after the verification is successful.
Step S210, the trusted application of the U shield sends transaction information to the U shield module, and the corresponding U shield module receives the transaction information.
In step S212, the U shield module signs the transaction information and returns the signed transaction information to the U shield trusted application.
The U shield module signs the transaction information by using a user private key.
In step S214, the U-shield trusted application receives the signed transaction information and forwards the transaction information to the application client through the biometric identification trusted application.
And step S216, the application client sends the transaction information and the signed transaction information to the server to verify the validity of the transaction.
The server receives the transaction information sent by the application client and the signed transaction information, decrypts the signed transaction information by using the user public key, compares a decryption result with the transaction information, and if the decryption result is consistent with the transaction information, the transaction is valid.
According to the method, the trusted execution environment is introduced, the biometric identification trusted application and the U shield trusted application are placed in the trusted execution environment, identity authentication and transaction authentication are completed in the trusted environment, effective fusion of the biometric identification authentication technology and the U shield technology is achieved on the terminal, the two technologies are integrated in the process, the possibility of being attacked in the middle is avoided, meanwhile, a special secret key is used for replacing PIN authentication, the password authentication problem is solved, the user can use the mobile terminal more conveniently, and the safety and the convenience of mobile transaction are improved.
The present invention also provides an authentication terminal, which is described below with reference to fig. 3.
Fig. 3 is a block diagram of an authentication terminal according to an embodiment of the present invention. As shown in fig. 3, the authentication terminal 30 includes: an application client 302, a biometric trusted application 304, a U-shield trusted application 306, and a U-shield module 308.
And the biometric identification trusted application 304 is used for responding to the verification request and the transaction information sent by the user through the application client 302, authenticating the identity of the user through the biometric information, and sending the transaction information to the Udun trusted application 306 if the authentication is successful.
The U shield trusted application 306 is configured to receive transaction information sent by the biometric trusted application 304, send a secret key to the U shield module 308 for identity verification, and if the verification is successful, send the transaction information to the U shield module 308 so that the U shield module 308 signs and returns the transaction information; and is configured to receive signed transaction information for forwarding to the application client 302 via the biometric trusted application 304.
The biometric trusted application 304 and the U-shield trusted application 306 are both located in the trusted execution environment of the terminal, and are software functional modules that can access the trusted execution environment. The key of the U shield trusted application 306 is not externally accessible. And the U shield module 308 is configured to sign the transaction information using a user private key. When the terminal is a mobile phone, the U shield module 308 may be disposed in a mobile phone card, or may be disposed in another device capable of implementing a U shield function.
Wherein the biometric trusted application 304 may be a fingerprint trusted application; the fingerprint credibility application is used for responding to a verification request and transaction information sent by a user through an application client, authenticating the identity of the user through a fingerprint input by the user, and sending the transaction information to the U shield credibility application if the authentication is successful; alternatively, the biometric trusted application 304 is an iris trusted application; the iris credibility application is used for responding to a verification request and transaction information sent by a user through an application client, authenticating the identity of the user through the iris information input by the user, and sending the transaction information to the Ushield credibility application if the authentication is successful; alternatively, the biometric trusted application 304 is a face trusted application; and the face credibility application is used for responding to a verification request and transaction information sent by the user through the application client, authenticating the identity of the user through the face information input by the user, and sending the transaction information to the U shield credibility application if the authentication is successful. The biometric trusted application may also be a voice trusted application, and the like, but is not limited to the illustrated example.
The transaction information is self-defined by the application party, and is transaction key data, such as transaction commodity numbers, quantities, amounts and the like, which are required to be transmitted to the server by the client in the transaction process, and can be transmitted in the form of binary data blocks.
The present invention also provides an authentication system, which is described below with reference to fig. 4.
Fig. 4 is a block diagram of an embodiment of an authentication system of the present invention. As shown in fig. 4, the authentication system 40 includes: the authentication terminal 30 and the server 402 in any of the foregoing embodiments.
The server 402 is configured to receive the transaction information and the signed transaction information sent by the application client 302, decrypt the signed transaction information using the user public key, compare the decryption result with the transaction information, and if the decryption result is consistent with the transaction information, the transaction is valid.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (9)
1. An authentication method, comprising:
the biometric identification trusted application responds to a verification request and transaction information sent by a user through an application client, authenticates the identity of the user through the biometric characteristic information, and sends the transaction information to the Ushield trusted application if the authentication is successful;
the U shield trusted application receives the transaction information sent by the biological identification trusted application, sends a secret key to the U shield module for identity verification, and if the verification is successful, sends the transaction information to the U shield module so that the U shield module signs and returns the transaction information;
the trusted application of the U shield receives the signed transaction information and forwards the transaction information to the application client through the biometric identification trusted application;
the biometric identification trusted application and the U-shield trusted application are both located in a trusted execution environment of the terminal, the outside of a secret key of the U-shield trusted application is inaccessible, and the U-shield module is arranged in the mobile phone card.
2. The method of claim 1, wherein the biometric trusted application is a fingerprint trusted application;
the fingerprint trusted application responds to a verification request and transaction information sent by a user through an application client, authenticates the identity of the user through a fingerprint input by the user, and sends the transaction information to the Ushield trusted application if the authentication is successful;
alternatively, the biometric trusted application is an iris trusted application;
the iris credible application responds to a verification request and transaction information sent by a user through an application client, the user identity is authenticated through iris information input by the user, and if the authentication is successful, the transaction information is sent to the U shield credible application;
or, the biometric trusted application is a face trusted application;
the face credibility application responds to a verification request and transaction information sent by a user through an application client, the user identity is authenticated through face information input by the user, and if the authentication is successful, the transaction information is sent to the U shield credibility application.
3. The method of claim 1, wherein the Udun module signs the transaction information using a user private key;
the method further comprises the following steps:
the server receives the transaction information and the signed transaction information sent by the application client, decrypts the signed transaction information by using the user public key, compares the decryption result with the transaction information, and if the decryption result is consistent with the transaction information, the transaction is valid.
4. The method of any one of claims 1-3, wherein the transaction information includes transaction critical data.
5. An authentication terminal, comprising:
the biometric identification trusted application is used for responding to a verification request and transaction information sent by a user through an application client, authenticating the identity of the user through the biometric characteristic information, and if the authentication is successful, sending the transaction information to the U shield trusted application;
the U shield trusted application is used for receiving the transaction information sent by the biological identification trusted application, sending a secret key to the U shield module for identity verification, and if the verification is successful, sending the transaction information to the U shield module so that the U shield module signs and returns the transaction information; the system is used for receiving the signed transaction information and forwarding the transaction information to the application client through the biological identification trusted application;
the biometric identification trusted application and the U-shield trusted application are both located in a trusted execution environment of the terminal, the outside of a secret key of the U-shield trusted application is inaccessible, and the U-shield module is arranged in the mobile phone card.
6. The terminal of claim 5,
wherein the biometric trusted application is a fingerprint trusted application;
the fingerprint credibility application is used for responding to a verification request and transaction information sent by a user through an application client, authenticating the identity of the user through a fingerprint input by the user, and sending the transaction information to the U shield credibility application if the authentication is successful;
alternatively, the biometric trusted application is an iris trusted application;
the iris credibility application is used for responding to a verification request and transaction information sent by a user through an application client, authenticating the identity of the user through the iris information input by the user, and if the authentication is successful, sending the transaction information to the U shield credibility application;
or, the biometric trusted application is a face trusted application;
and the face credibility application is used for responding to a verification request and transaction information sent by the user through the application client, authenticating the identity of the user through the face information input by the user, and sending the transaction information to the U shield credibility application if the authentication is successful.
7. The terminal of claim 5, wherein the Ushield module is configured to sign the transaction information using a user private key.
8. A terminal according to any of claims 5 to 7, wherein the transaction information includes transaction critical data.
9. An authentication system comprising the authentication terminal of any one of claims 5 to 8, and a server;
the server is used for receiving the transaction information and the signed transaction information sent by the application client, decrypting the signed transaction information by using the user public key, comparing the decryption result with the transaction information, and if the decryption result is consistent with the transaction information, the transaction is valid.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510961755.2A CN106899551B (en) | 2015-12-21 | 2015-12-21 | Authentication method, authentication terminal and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510961755.2A CN106899551B (en) | 2015-12-21 | 2015-12-21 | Authentication method, authentication terminal and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106899551A CN106899551A (en) | 2017-06-27 |
| CN106899551B true CN106899551B (en) | 2020-04-17 |
Family
ID=59190641
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510961755.2A Active CN106899551B (en) | 2015-12-21 | 2015-12-21 | Authentication method, authentication terminal and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106899551B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6991773B2 (en) | 2017-07-31 | 2022-01-13 | キヤノン株式会社 | Systems, device management systems, and methods |
| CN107370601B (en) * | 2017-09-18 | 2023-09-05 | 确信信息股份有限公司 | Intelligent terminal, system and method integrating multiple security authentications |
| CN107995170B (en) * | 2017-11-21 | 2021-05-28 | 重庆金融资产交易所有限责任公司 | Identity verification method and device, computer equipment and computer-readable storage medium |
| CN108154361B (en) * | 2017-12-22 | 2020-08-14 | 恒宝股份有限公司 | Access method of U shield embedded in mobile terminal and mobile terminal |
| CN108229142B (en) * | 2017-12-28 | 2020-12-15 | 中国人民银行数字货币研究所 | Method and device for upgrading wallet based on digital currency wallet terminal |
| CN108540457B (en) * | 2018-03-20 | 2021-09-17 | 深圳市文鼎创数据科技有限公司 | Safety equipment and biological authentication control method and device thereof |
| CN109040088B (en) * | 2018-08-16 | 2022-02-25 | 腾讯科技(深圳)有限公司 | Authentication information transmission method, key management client and computer equipment |
| CN109389402A (en) * | 2018-08-20 | 2019-02-26 | 天地融科技股份有限公司 | Cipher-code input method and system, mobile terminal |
| WO2019120317A2 (en) * | 2019-03-26 | 2019-06-27 | Alibaba Group Holding Limited | Program execution and data proof scheme using multiple key pair signatures |
| CN111382713B (en) * | 2020-03-12 | 2022-10-04 | 展讯通信(上海)有限公司 | Biometric identification method, biometric identification system, electronic device, and storage medium |
| CN112491844A (en) * | 2020-11-18 | 2021-03-12 | 西北大学 | Voiceprint and face recognition verification system and method based on trusted execution environment |
| CN113190816A (en) * | 2021-05-08 | 2021-07-30 | 国民认证科技(北京)有限公司 | Man-machine interaction verification method and system using system biological characteristics |
| CN113191778A (en) * | 2021-05-20 | 2021-07-30 | 中国农业银行股份有限公司 | Identity authentication method and identity authentication device |
| CN118094510A (en) * | 2024-04-23 | 2024-05-28 | 北财在线科技(北京)有限公司 | System for centralized management of identity authentication and security enhancement of U shield and implementation method |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
| US20130179944A1 (en) * | 2012-01-11 | 2013-07-11 | Douglas Everett Kozlay | Personal area network (PAN) ID-authenticating systems, apparatus, method |
| CN202551163U (en) * | 2012-04-01 | 2012-11-21 | 杭州晟元芯片技术有限公司 | Fingerprint identification mobile phone with secure digital key (SDKEY) function |
| CN102708318B (en) * | 2012-04-28 | 2015-10-14 | 鹤山世达光电科技有限公司 | A kind of fingerprint adaptation method based on U shield for bank, fingerprint adapter and system |
| CN102880960B (en) * | 2012-09-26 | 2016-01-13 | 深圳市亚略特生物识别科技有限公司 | Based on the payment by using short messages method and system of fingerprint recognition mobile phone |
| CN103793640A (en) * | 2012-11-01 | 2014-05-14 | 北京握奇数据系统有限公司 | Method and system for applying biological identification technology to USB Key |
| GB2517732A (en) * | 2013-08-29 | 2015-03-04 | Sim & Pin Ltd | System for accessing data from multiple devices |
| CN104639315B (en) * | 2013-11-10 | 2018-06-05 | 航天信息股份有限公司 | The method and apparatus of ID-based cryptosystem and fingerprint recognition double authentication |
| CN104700268B (en) * | 2015-03-30 | 2018-10-16 | 中科创达软件股份有限公司 | A kind of method of mobile payment and mobile device |
-
2015
- 2015-12-21 CN CN201510961755.2A patent/CN106899551B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106899551A (en) | 2017-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106899551B (en) | Authentication method, authentication terminal and system | |
| JP6586446B2 (en) | Method for confirming identification information of user of communication terminal and related system | |
| EP2819050B1 (en) | Electronic signature system for an electronic document using a third-party authentication circuit | |
| CA2838763C (en) | Credential authentication methods and systems | |
| US20140093144A1 (en) | More-Secure Hardware Token | |
| US20080305769A1 (en) | Device Method & System For Facilitating Mobile Transactions | |
| US20170364911A1 (en) | Systems and method for enabling secure transaction | |
| US10810585B2 (en) | Systems and methods for authenticating users in connection with mobile operations | |
| US20110185181A1 (en) | Network authentication method and device for implementing the same | |
| CN102542449B (en) | A kind of radio communication device and payment authentication method | |
| CN105427099A (en) | Network authentication method for secure electronic transactions | |
| CN111431719A (en) | Mobile terminal password protection module, mobile terminal and password protection method | |
| CN109474437B (en) | Method for applying digital certificate based on biological identification information | |
| KR20180013710A (en) | Public key infrastructure based service authentication method and system | |
| KR101741917B1 (en) | Apparatus and method for authenticating using speech recognition | |
| CN112651036A (en) | Identity authentication method based on collaborative signature and computer readable storage medium | |
| CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
| CN107005573B (en) | Method for accessing a service, corresponding first device, second device and system | |
| CN111062059B (en) | Method and device for service processing | |
| KR101792220B1 (en) | Method, mobile terminal, device and program for providing user authentication service of combining biometric authentication | |
| KR102122555B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
| KR101799517B1 (en) | A authentication server and method thereof | |
| EP2985712A1 (en) | Application encryption processing method, apparatus, and terminal | |
| KR102348823B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
| CN106533685B (en) | Identity authentication method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |