CN106952096A - Security certification system, method and the credible identifying device of client of client device - Google Patents
Security certification system, method and the credible identifying device of client of client device Download PDFInfo
- Publication number
- CN106952096A CN106952096A CN201710122559.5A CN201710122559A CN106952096A CN 106952096 A CN106952096 A CN 106952096A CN 201710122559 A CN201710122559 A CN 201710122559A CN 106952096 A CN106952096 A CN 106952096A
- Authority
- CN
- China
- Prior art keywords
- client
- information
- fingerprint
- authentication
- credible
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Theoretical Computer Science (AREA)
- Power Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides a kind of security certification system of client device, method and the credible identifying device of client, it is related to client secure authentication techniques field.Method includes:Identifying device that client is credible gathers the fingerprint element information of client device, generates authentication information;Certificate server equipment parses authentication information, and matching request is sent to fingerprint characteristic library facilities;Fingerprint characteristic library facilities inquiry client identity identifies corresponding each customer historical device-fingerprint information, determines the matching degree of authentication information and each customer historical equipment;Maximum of the certificate server equipment in matching degree determines the authentication state of client device;When authentication state is certification success, client identity mark and trusted identities are sent to the credible identifying device of client;When authentication state is state to be certified, new equipment authentic authentication is carried out according to authenticated client information library facilities;Make it that transaction application server apparatus, according to Client Device Authentication result, is handled transaction session request.
Description
Technical field
The present invention relates to the safety certification system in client secure authentication techniques field, more particularly to a kind of client device
System, method and the credible identifying device of client.
Background technology
Currently, with the fast development of internet finance, the risk control of financial transaction will also face huge challenge.Crime
Molecule can by assault, hit the illegal means such as storehouse, fishing, obtain customer's identity card, name, transaction clip pin, mobile phone
Number sensitive information is waited, on various client devices, counterfeit actual customer is logged in, paid, money transfer transactions etc. are operated, to visitor
Family fund security brings great risk.In order to effectively control this kind of risk, it is necessary to carry out credible identification to client device, if
Judge to client device it is believable, explanation is that client itself is traded operation;If it is determined that client device is insincere
, illustrate that transactional operation has risk, and then need to take refusal illegal operation measure.
At present, the most frequently used credible recognition methods is main in the prior art is used as knowledge using the network address and hardware address binding
Other key element, but there are the following problems for this identification method:On the one hand, the network address can be changed with hardware address, also very
Easily it is forged, offender can be logged in using dummy address, causes credible identifying system to miss illegitimate client equipment
It is judged to credible equipment.On the other hand, because identifying feature is relatively simple, recognition accuracy is not high, it may appear that the situation of erroneous judgement,
Such as client's modification operating system parameter, or device hardware change cause network or hardware address to change, credible identifying system meeting
Legal client device is mistaken for non-trusted device, so as to influence client's arm's length dealing.It can be seen that, currently need badly a kind of fast
Speed, the method for accurately identifying security client end equipment, improve security effect, protect the fund property safety of client.
The content of the invention
Embodiments of the invention provide a kind of security certification system of client device, method and the credible identification dress of client
Put, it is single to solve identifying feature in credible recognition methods of the prior art, and can change, cause recognition result inaccurate
Problem.
To reach above-mentioned purpose, the present invention is adopted the following technical scheme that:
A kind of security certification system of client device, including:Client device, client are credible identifying device, transaction
Application server equipment, certificate server equipment, fingerprint characteristic library facilities, authenticated client information library facilities;The client is set
It is standby to be connected with the credible identifying device of the client;The client device passes through external network and the transaction application server
Equipment communication is connected;The credible identifying device of client is connected by external network with the certificate server equipment communication;
The certificate server equipment is logical with the fingerprint characteristic library facilities and authenticated client information library facilities respectively by LAN
Letter connection;
The credible identifying device of client, for monitoring client device, and is monitoring client device to described
When transaction application server apparatus sends transaction session request, the fingerprint element information of the collection client device, and according to
Client identity mark and the fingerprint element information of identifying device that client is credible binding generate authentication information, by the certification
Information is sent to the certificate server equipment;
The certificate server equipment, sends for parsing the authentication information, and to the fingerprint characteristic library facilities
With request;
The fingerprint characteristic library facilities, for inquiring about the corresponding each customer historical device-fingerprint letter of the client identity mark
Breath, and matched according to the customer historical device-fingerprint information with each fingerprint key element in fingerprint element information, determine institute
The matching degree of authentication information and each customer historical equipment is stated, and the maximum in each matching degree is sent to the certificate server
Equipment;
The certificate server equipment, is additionally operable to the certification that the maximum in the matching degree determines client device
State;When the authentication state is certification success, sends the client identity to the credible identifying device of the client and identify
And trusted identities;When the authentication state is state to be certified, carrying out new equipment according to authenticated client information library facilities can
Believe certification;In the success of new equipment authentic authentication, to the credible identifying device of the client send the client identity mark with
And trusted identities;When new equipment authentic authentication fails, the client identity mark is sent to the credible identifying device of the client
Know and insincere mark;
The credible identifying device of client, is additionally operable to send out to transaction application server apparatus by the client device
Client device authentication result is sent, to cause the transaction application server apparatus according to Client Device Authentication result, to institute
Transaction session request is stated to be handled;The Client Device Authentication result includes client identity mark and can not beacon
Know, or client identity mark and trusted identities.
Specifically, the fingerprint element information includes software elements, hardware elements and network element;The software elements bag
Include operation system information, browser name information, screen resolution information;The hardware elements include CPU class informations, hard disk
Number information;The network element includes network type information, mac address information.
In addition, the credible identifying device of client, specifically for:
Each fingerprint element information is generated as by fingerprint string code according to the string code form pre-set;
The client identity mark of the credible identifying device binding of client is encapsulated into the fingerprint string code, and added
It is close, generate authentication information character string.
In addition, record has client identity to identify corresponding each customer historical device-fingerprint in the fingerprint characteristic library facilities
Information, the client identity, which identifies corresponding each customer historical device-fingerprint information, includes each key element fingerprint in fingerprint element information
The actual value of characteristic item and the corresponding fiducial probability value of each key element fingerprint characteristic;
The fingerprint characteristic library facilities, specifically for:
Inquire about the client identity and identify corresponding each customer historical device-fingerprint information;
By the value of each fingerprint key element in fingerprint element information each key element fingerprint characteristic corresponding to each customer historical equipment
The actual value of item is matched;If the value of the fingerprint key element in fingerprint element information key element fingerprint characteristic corresponding to its
Actual value differ, then choose the corresponding fiducial probability value of corresponding key element fingerprint characteristic;
According to formula:P=P1·P2·...·PkDetermine the matching degree of the authentication information and each customer historical equipment;Its
In, P is the authentication information and the matching degree of each customer historical equipment;PkRepresent each phase chosen in same customer historical equipment
Answer the corresponding fiducial probability value of key element fingerprint characteristic.
In addition, the certificate server equipment, specifically for:
Judge whether the maximum in the matching degree is more than the matching degree threshold value pre-set;In the matching degree
When maximum is more than the matching degree threshold value, it is certification success to determine the authentication state of client device, can to the client
Believe that identifying device sends the client identity mark and trusted identities;Maximum in the matching degree is less than or equal to described
During matching degree threshold value, the authentication state for determining client device is state to be certified.
Further, the certificate server equipment, is specifically additionally operable to:
When it is determined that the authentication state of client device is state to be certified, send described to the credible identifying device of client
Client identity is identified and mark to be certified;
The credible identifying device of client, is specifically additionally operable to after the mark to be certified is received, and receives user defeated
The authenticated client information entered, and the client identity is identified and the authenticated client information is sent to the certificate server
Equipment;
The certificate server equipment, being specifically additionally operable to please to authenticated client information library facilities transmission new equipment authentic authentication
Seek information;The new equipment authentic authentication solicited message includes the client identity and identified and the authenticated client information;
The authenticated client information library facilities, specifically for being set according to client identity mark in authenticated client information bank
Client identity described in standby local search identifies corresponding authentication information content, by the authenticated client information and the authentication information
Content is matched, and generates matching result, and the matching result is sent into the certificate server equipment;The matching knot
Fruit includes the match is successful result and it fails to match result;
The certificate server equipment, is specifically additionally operable to when the matching result is the match is successful result, it is determined that newly setting
Standby authentic authentication success, sends the client identity mark and trusted identities, and lead to the credible identifying device of the client
Cross fingerprint characteristic library facilities and store the corresponding authentication information of the client identity mark, it is corresponding each to update client identity mark
Customer historical device-fingerprint information;When the matching result is it fails to match result, determine that new equipment authentic authentication fails, to
The credible identifying device of client sends the client identity mark and insincere mark.
Specifically, the authenticated client information includes medium number or biological information;The medium number is recognized including client
Demonstrate,prove password;The biological information includes client's finger print information, client's palm palmprint information, client's recognition of face letter
Breath, voice of customers identification information or client's eyeball identification information.
A kind of safety certifying method of client device, applied to the security certification system of above-mentioned client device, institute
The method of stating includes:
Identifying device that client is credible monitors client device, and is monitoring client device to transaction application server
When equipment sends transaction session request, the fingerprint element information of the client device is gathered, and according to the credible identification of client
Client identity mark and the fingerprint element information of device binding generate authentication information, and the authentication information is sent into certification
Server apparatus;
The certificate server equipment parses the authentication information, and sends matching request to fingerprint characteristic library facilities;
The fingerprint characteristic library facilities inquires about the client identity and identifies corresponding each customer historical device-fingerprint information, and
Matched according to the customer historical device-fingerprint information with each fingerprint key element in fingerprint element information, determine the certification
The matching degree of information and each customer historical equipment, and the maximum in each matching degree is sent to the certificate server equipment;
Maximum of the certificate server equipment in the matching degree determines the authentication state of client device;
When the authentication state is certification success, the client identity mark is sent and credible to the credible identifying device of the client
Mark;When the authentication state is state to be certified, new equipment authentic authentication is carried out according to authenticated client information library facilities;
During the success of new equipment authentic authentication, the client identity mark is sent to the credible identifying device of the client and can beacon
Know;When new equipment authentic authentication fails, to the client credible identifying device transmission client identity mark and not
Trusted identities;
The credible identifying device of client sends client by the client device to transaction application server apparatus
End equipment authentication result, to cause the transaction application server apparatus according to Client Device Authentication result, to the transaction
Session request is handled;The Client Device Authentication result includes the client identity and identified and insincere mark, or
Client identity mark and trusted identities described in person.
Specifically, the fingerprint element information includes software elements, hardware elements and network element;The software elements bag
Include operating method information, browser name information, screen resolution information;The hardware elements include CPU class informations, hard disk
Number information;The network element includes network type information, mac address information.
Specifically, the fingerprint element information of the collection client device, and according to the credible identifying device of client
Client identity mark and the fingerprint element information of binding generate authentication information, including:
Each fingerprint element information is generated as by fingerprint string code according to the string code form pre-set;
The client identity mark of the credible identifying device binding of client is encapsulated into the fingerprint string code, and added
It is close, generate authentication information character string.
Specifically, record has the corresponding each customer historical equipment of client identity mark to refer in the fingerprint characteristic library facilities
Line information, the client identity identifies corresponding each customer historical device-fingerprint information and referred to including each key element in fingerprint element information
The actual value of line characteristic item and the corresponding fiducial probability value of each key element fingerprint characteristic;
The fingerprint characteristic library facilities inquires about the client identity and identifies corresponding each customer historical device-fingerprint information, and
Matched according to the customer historical device-fingerprint information with each fingerprint key element in fingerprint element information, determine the certification
The matching degree of information and each customer historical equipment, including:
Inquire about the client identity and identify corresponding each customer historical device-fingerprint information;
By the value of each fingerprint key element in fingerprint element information each key element fingerprint characteristic corresponding to each customer historical equipment
The actual value of item is matched;If the value of the fingerprint key element in fingerprint element information key element fingerprint characteristic corresponding to its
Actual value differ, then choose the corresponding fiducial probability value of corresponding key element fingerprint characteristic;
According to formula:P=P1·P2·...·PkDetermine the matching degree of the authentication information and each customer historical equipment;Its
In, P is the authentication information and the matching degree of each customer historical equipment;PkRepresent each phase chosen in same customer historical equipment
Answer the corresponding fiducial probability value of key element fingerprint characteristic.
Specifically, maximum of the certificate server equipment in the matching degree determines the certification of client device
State;When the authentication state is certification success, sends the client identity to the credible identifying device of the client and identify
And trusted identities, including:
Judge whether the maximum in the matching degree is more than the matching degree threshold value pre-set;In the matching degree
When maximum is more than the matching degree threshold value, it is certification success to determine the authentication state of client device, can to the client
Believe that identifying device sends the client identity mark and trusted identities;Maximum in the matching degree is less than or equal to described
During matching degree threshold value, the authentication state for determining client device is state to be certified.
Specifically, when the authentication state is state to be certified, new equipment is carried out according to authenticated client information library facilities
Authentic authentication, including:
When it is determined that the authentication state of client device is state to be certified, send described to the credible identifying device of client
Client identity is identified and mark to be certified;
The credible identifying device of client receives the authenticated client of user input after the mark to be certified is received
Information, and the client identity is identified and the authenticated client information is sent to the certificate server equipment;
The certificate server equipment sends new equipment authentic authentication solicited message to authenticated client information library facilities;It is described
New equipment authentic authentication solicited message includes the client identity and identified and the authenticated client information;
The authenticated client information library facilities is locally looked into according to client identity mark in authenticated client information library facilities
Ask the client identity and identify corresponding authentication information content, the authenticated client information and the authentication information content are carried out
Matching, generates matching result, and the matching result is sent into the certificate server equipment;The matching result include
With successful result and it fails to match result;
Methods described also includes:
The certificate server equipment when the matching result is the match is successful result, determine new equipment authentic authentication into
Work(, sends the client identity mark and trusted identities, and pass through fingerprint characteristic storehouse to the credible identifying device of the client
Equipment stores the client identity and identifies corresponding authentication information, and corresponding each customer historical equipment is identified to update client identity
Finger print information;When the matching result is it fails to match result, determine that new equipment authentic authentication fails, can to the client
Believe that identifying device sends the client identity mark and insincere mark.
Specifically, the authenticated client information includes medium number or biological information;The medium number is recognized including client
Demonstrate,prove password;The biological information includes client's finger print information, client's palm palmprint information, client's recognition of face letter
Breath, voice of customers identification information or client's eyeball identification information.
A kind of credible identifying device of client, including:
Client device monitors unit, for monitoring client device;
Fingerprint element information collecting unit, for monitoring client device to the transmission friendship of transaction application server apparatus
During easy session request, the fingerprint element information of the client device is gathered, and according to the credible identifying device binding of client
Client identity is identified generates authentication information with the fingerprint element information;
Information security communication unit, for the authentication information to be sent into certificate server equipment;Receive authentication service
Client identity mark and trusted identities that device equipment is sent, or receive the client identity mark that certificate server equipment is sent
And insincere mark;Client Device Authentication result is sent to transaction application server apparatus by client device, so that
The transaction application server apparatus is obtained according to Client Device Authentication result, transaction session request is handled;Institute
State Client Device Authentication result including the client identity identify and insincere mark, or the client identity identify with
And trusted identities.
Further, the credible identifying device of described client, also includes:
Information integration ciphering unit, for each fingerprint element information to be generated as into fingerprint according to the string code form pre-set
String code;The client identity mark of the credible identifying device binding of client is encapsulated into the fingerprint string code, and is encrypted, it is raw
Into authentication information character string.
Further, described information safety communication unit, is additionally operable to receive the client identity that certificate server equipment is sent
Mark and mark to be certified;The authenticated client information of user input is received, and the client identity is identified and the visitor
Family authentication information is sent to the certificate server equipment.
Security certification system, method and the credible identification dress of client of a kind of client device provided in an embodiment of the present invention
Put, the fingerprint element information of the client device by gathering diversification, with the customer historical device-fingerprint in fingerprint characteristic storehouse
Information matches, the credibility to client device is authenticated;Client device certification first not by when, one can also be entered
Step carries out new equipment authentic authentication, it is ensured that the reliability of client device, while transaction risk is reduced, and also lifts visitor
The operating experience at family, can improve security effect, protect the fund property safety of client, it is to avoid it is of the prior art can
Believe that identifying feature is single in recognition methods, and can change, cause the problem of recognition result is inaccurate.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, without having to pay creative labor, may be used also
To obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is a kind of structural representation of the security certification system of client device provided in an embodiment of the present invention;
Fig. 2 is a kind of flow chart one of the safety certifying method of client device provided in an embodiment of the present invention;
Fig. 3 is a kind of flowchart 2 of the safety certifying method of client device provided in an embodiment of the present invention;
Fig. 4 is a kind of structural representation of the credible identifying device of client provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
As shown in figure 1, the embodiment of the present invention provides a kind of security certification system of client device, including:Client is set
Standby 11, identifying device 12 that client is credible, transaction application server apparatus 13, certificate server equipment 14, fingerprint characteristic storehouse are set
Standby 15, authenticated client information library facilities 16.The client device 11 is connected with the credible identifying device of the client 12;It is described
Client device 11 is communicated to connect by external network with the transaction application server apparatus 13;Identification that the client is credible
Device 12 is communicated to connect by external network with the certificate server equipment 14;The certificate server equipment 14 passes through local
Network is communicated to connect with the fingerprint characteristic library facilities 15 and authenticated client information library facilities 16 respectively.What deserves to be explained is,
In the embodiment of the present invention, identifying device 12 that client is credible can be deployed in as hardware device the inside of client device 11 or with
Interface mode (hardware port such as serial port, USB port, but be not only limited to this) is connected on client device 11.
Client device herein can be smart mobile phone, panel computer, notebook computer etc..
The credible identifying device 12 of client, for monitoring client device 11, and is monitoring client device 11
When sending transaction session request to the transaction application server apparatus 13, the fingerprint key element letter of the client device 11 is gathered
Breath, and the client identity mark and fingerprint element information generation certification letter bound according to the credible identifying device 12 of client
Breath, the certificate server equipment 14 is sent to by the authentication information.Herein, the credible identifying device 12 of the client is bound
Client identity mark can be the protocol binding or visitor that are carried out in the credible identifying device 12 of customer pickup client
Changed and bound by cabinet face (such as bank counter business) in family.In addition, the credible identifying device collection client device 11 of client
Fingerprint element information can be realized by multiple technologies, for example plug-in unit/control, javascript, analysis HTTP/HTTPS agreements
Deng, but it is not only limited to this.
The certificate server equipment 14, sends out for parsing the authentication information, and to the fingerprint characteristic library facilities 15
Send matching request.
The fingerprint characteristic library facilities 15, corresponding each customer historical device-fingerprint is identified for inquiring about the client identity
Information, and matched according to the customer historical device-fingerprint information with each fingerprint key element in fingerprint element information, it is determined that
The authentication information and the matching degree of each customer historical equipment, and the maximum in each matching degree is sent to the authentication service
Device equipment 14.
The certificate server equipment 14, is additionally operable to the maximum in the matching degree and determines client device 11
Authentication state;When the authentication state is certification success, client's body is sent to the credible identifying device 12 of the client
Part mark and trusted identities;When the authentication state is state to be certified, carried out according to authenticated client information library facilities 16
New equipment authentic authentication;In the success of new equipment authentic authentication, the client is sent to the credible identifying device 12 of the client
Identity and trusted identities;When new equipment authentic authentication fails, institute is sent to the credible identifying device 12 of the client
State client identity mark and insincere mark.
The credible identifying device 12 of client, is additionally operable to set to transaction application server by the client device 11
Standby 13 send the authentication result of client device 11, make it that the transaction application server apparatus 13 is recognized according to client device 11
Result is demonstrate,proved, transaction session request is handled;The authentication result of client device 11 includes the client identity mark
Know and insincere mark, or client identity mark and trusted identities.
Specifically, the fingerprint element information can include software elements, hardware elements and network element;The software will
Element includes operation system information (such as Linux, Window7), browser name information (such as IE, Chrome), screen
Resolution information (such as 1024 × 768,1440 × 900);The hardware elements include central processing unit (Central
Processing Unit, abbreviation CPU) class information, hard disk serial number information (such as N34568888);The network element includes
Network type information (such as optical fiber), MAC Address (Media Access Control addresses) information, IP address information are (for example
210.213.45.6) etc..
In addition, the credible identifying device 12 of client, specifically for:
Each fingerprint element information is generated as by fingerprint string code according to the string code form pre-set.
The client identity mark that the credible identifying device 12 of client is bound is encapsulated into the fingerprint string code, and is added
It is close, generate authentication information character string.
In addition, record has the corresponding each customer historical equipment of client identity mark to refer in the fingerprint characteristic library facilities 15
Line information, the client identity identifies corresponding each customer historical device-fingerprint information and referred to including each key element in fingerprint element information
The actual value of line characteristic item and the corresponding fiducial probability value of each key element fingerprint characteristic.
The fingerprint characteristic library facilities 15, specifically for:
Inquire about the client identity and identify corresponding each customer historical device-fingerprint information.
By the value of each fingerprint key element in fingerprint element information each key element fingerprint characteristic corresponding to each customer historical equipment
The actual value of item is matched;If the value of the fingerprint key element in fingerprint element information key element fingerprint characteristic corresponding to its
Actual value differ, then choose the corresponding fiducial probability value of corresponding key element fingerprint characteristic.
According to formula:P=P1·P2·...·PkDetermine the matching degree of the authentication information and each customer historical equipment;Its
In, P is the authentication information and the matching degree of each customer historical equipment;PkRepresent each phase chosen in same customer historical equipment
Answer the corresponding fiducial probability value of key element fingerprint characteristic.
In addition, the certificate server equipment 14, specifically for:
Judge whether the maximum in the matching degree is more than the matching degree threshold value pre-set;In the matching degree
When maximum is more than the matching degree threshold value, it is certification success to determine the authentication state of client device 11, to the client
Credible identifying device 12 sends the client identity mark and trusted identities;Maximum in the matching degree is less than or equal to
During the matching degree threshold value, the authentication state for determining client device 11 is state to be certified.
Further, the certificate server equipment 14, is specifically additionally operable to:
When it is determined that the authentication state of client device 11 is state to be certified, sent to the credible identifying device 12 of client
The client identity mark and mark to be certified.
The credible identifying device 12 of client, is specifically additionally operable to after the mark to be certified is received, and receives user
The authenticated client information of input, and the client identity is identified and the authenticated client information is sent to the authentication service
Device equipment 14.
Herein, the hardware for being mutually applied to collection authenticated client information can be set in the credible identifying device 12 of client,
Such as touching display screen, miniature keyboard, or the integrated circuit modules of biological information, such as Fingerprint Identification Unit can be gathered
Deng.
The certificate server equipment 14, is specifically additionally operable to send that new equipment is credible recognizes to authenticated client information library facilities 16
Demonstrate,prove solicited message;The new equipment authentic authentication solicited message includes the client identity and identified and authenticated client letter
Breath.
The authenticated client information library facilities 16, specifically for being identified according to the client identity in authenticated client information bank
Client identity described in the local search of equipment 16 identifies corresponding authentication information content, by the authenticated client information and the certification
The information content is matched, and generates matching result, and the matching result is sent into the certificate server equipment 14;It is described
Matching result includes the match is successful result and it fails to match result.
The certificate server equipment 14, is specifically additionally operable to when the matching result is the match is successful result, it is determined that newly
The success of equipment authentic authentication, the client identity mark and trusted identities are sent to the credible identifying device 12 of the client,
And the corresponding authentication information of the client identity mark is stored by fingerprint characteristic library facilities 15, to update client identity mark pair
Each customer historical device-fingerprint information answered;When the matching result is it fails to match result, new equipment authentic authentication is determined
Failure, the client identity mark and insincere mark are sent to the credible identifying device 12 of the client.
Specifically, the authenticated client information includes medium number or biological information;The medium number is recognized including client
Demonstrate,prove password;The biological information includes client's finger print information, client's palm palmprint information, client's recognition of face letter
Breath, voice of customers identification information or client's eyeball identification information.
The security certification system of a kind of client device provided in an embodiment of the present invention, by the client for gathering diversification
The fingerprint element information of equipment, and customer historical device-fingerprint information matches in fingerprint characteristic storehouse, to client device can
Letter property is authenticated;Client device certification first not by when, can also further carry out new equipment authentic authentication, it is ensured that
The reliability of client device, while transaction risk is reduced, also lifts the operating experience of client, can improve safety
Control effect, protects the fund property safety of client, it is to avoid identifying feature is single in credible recognition methods of the prior art,
And can change, cause the problem of recognition result is inaccurate.
Corresponding to the security certification system of the client device shown in above-mentioned Fig. 1, as shown in Fig. 2 the embodiment of the present invention is carried
For a kind of safety certifying method of client device, applied to the security certification system of above-mentioned client device, methods described
Including:
Identifying device that step 201, client are credible monitors client device, and is monitoring that client device should to transaction
When sending transaction session request with server apparatus, the fingerprint element information of the client device is gathered, and according to client
The client identity mark of credible identifying device binding generates authentication information with the fingerprint element information, and the authentication information is sent out
It is sent to certificate server equipment.
Step 202, the certificate server equipment parse the authentication information, and send matching to fingerprint characteristic library facilities
Request.
Step 203, the fingerprint characteristic library facilities are inquired about the corresponding each customer historical equipment of the client identity mark and referred to
Line information, and matched according to the customer historical device-fingerprint information with each fingerprint key element in fingerprint element information, really
The fixed authentication information and the matching degree of each customer historical equipment, and the maximum in each matching degree is sent to the certification clothes
Business device equipment.
The maximum of step 204, the certificate server equipment in the matching degree determines recognizing for client device
Card state;When the authentication state is certification success, the client identity mark is sent to the credible identifying device of the client
Know and trusted identities;When the authentication state is state to be certified, new equipment is carried out according to authenticated client information library facilities
Authentic authentication;In the success of new equipment authentic authentication, send the client identity to the credible identifying device of the client and identify
And trusted identities;When new equipment authentic authentication fails, the client identity is sent to the credible identifying device of the client
Mark and insincere mark.
Step 205, the client is credible identifying device are by the client device to transaction application server apparatus
Client Device Authentication result is sent, it is right to cause the transaction application server apparatus according to Client Device Authentication result
The transaction session request is handled;The Client Device Authentication result includes the client identity and identified and insincere
Mark, or client identity mark and trusted identities.
The safety certifying method of a kind of client device provided in an embodiment of the present invention, by the client for gathering diversification
The fingerprint element information of equipment, and customer historical device-fingerprint information matches in fingerprint characteristic storehouse, to client device can
Letter property is authenticated;Client device certification first not by when, can also further carry out new equipment authentic authentication, it is ensured that
The reliability of client device, while transaction risk is reduced, also lifts the operating experience of client, can improve safety
Control effect, protects the fund property safety of client, it is to avoid identifying feature is single in credible recognition methods of the prior art,
And can change, cause the problem of recognition result is inaccurate.
In order that those skilled in the art is better understood by the present invention, be set forth below one it is specifically and specific real
Example is applied, as shown in figure 3, the embodiment of the present invention provides a kind of safety certifying method of client device, including:
Identifying device that step 301, client are credible monitors client device.
Step 302, monitor client device to transaction application server apparatus send transaction session request when, collection
The fingerprint element information of the client device, fingerprint is generated as according to the string code form pre-set by each fingerprint element information
String code, the client identity mark of the credible identifying device binding of client is encapsulated into the fingerprint string code, and is encrypted, raw
Into authentication information character string, the authentication information that authentication information character string is formed is sent to certificate server equipment.
Herein, the fingerprint element information can include software elements, hardware elements and network element;The software elements
Including operating method information, browser name information, screen resolution information;The hardware elements include CPU class informations, hard
Disk number information;The network element includes network type information, mac address information.
Herein, the fingerprint key element for for example failing to obtain can leave a blank, and form the corresponding fingerprint string code of client device, such as
Linux, optical fiber ...;Client identity is identified again, such as (0234567) is encapsulated into fingerprint string code;Finally it is encrypted,
Composition authentication information character string, such as { 0234567 } Linux, optical fiber ....
In addition, transaction session herein can according to different transaction business characteristics different, such as Net silver, Mobile banking
To publish as a transaction session, and Web bank's payment transaction can be used as a transaction session using every payment.
Step 303, the certificate server equipment parse the authentication information, and send matching to fingerprint characteristic library facilities
Request.
Step 304, the fingerprint characteristic library facilities are inquired about the corresponding each customer historical equipment of the client identity mark and referred to
Line information.
Specifically, record has the corresponding each customer historical equipment of client identity mark to refer in the fingerprint characteristic library facilities
Line information, the client identity identifies corresponding each customer historical device-fingerprint information and referred to including each key element in fingerprint element information
The actual value of line characteristic item and the corresponding fiducial probability value of each key element fingerprint characteristic.
It is as shown in table 1 below:
Table 1:
For example, the key element fingerprint characteristic of a customer historical equipment is browser, its actual value is IE, other key elements
Fingerprint characteristic is the same with the device-fingerprint in the said equipment authentication information, then it is 0.99 to obtain matching degree.If foregoing
On the basis of, its operating system is Windows7, then matching degree should be 0.99 × 0.95=0.9405.
Step 305, by the value of each fingerprint key element in fingerprint element information each key element corresponding to each customer historical equipment
The actual value of fingerprint characteristic is matched;If value key element corresponding to its of the fingerprint key element in fingerprint element information refers to
The actual value of line characteristic item is differed, then chooses the corresponding fiducial probability value of corresponding key element fingerprint characteristic.
Herein, such as one customer historical equipment has I key element fingerprint characteristic Ni (i=1, I), Mei Gete
One fiducial probability value Pi of item correspondence (i=1, I) is levied, the fiducial probability value is exactly this key element fingerprint characteristic
To the influence degree of equipment uniqueness, influence degree and fiducial probability value to equipment uniqueness are in reverse trend.For example, to
Plain fingerprint characteristic is IP address, and when IP address is changed, the influence degree to equipment uniqueness is small, then its fiducial probability
Value is just than larger;The numerical value of the key element fingerprint characteristic is determined, is typically that numerical value is set according to the experience of business scope, generally
Key element fingerprint characteristic is that the fiducial probability value of IP address is 0.98, but is not only limited to this.
Step 306, according to formula:P=P1·P2·...·PkDetermine the authentication information and each customer historical equipment
Matching degree.
Wherein, P is the authentication information and the matching degree of each customer historical equipment;PkRepresent in same customer historical equipment
The corresponding fiducial probability value of each corresponding key element fingerprint characteristic chosen.Herein, P≤I.
Step 307, the maximum in each matching degree is sent to the certificate server equipment.
Step 308, the certificate server equipment judge whether the maximum in the matching degree is more than what is pre-set
Matching degree threshold value.
The matching degree threshold value pre-set can be configured according to the actual demand of business, be usually arranged as 75%.
When maximum in the matching degree is more than the matching degree threshold value, step 309 is performed.Otherwise, at described
When being less than or equal to the matching degree threshold value with the maximum in degree, step 310 is performed.
Step 309, determine that the authentication state of client device is certification success, sent out to the credible identifying device of the client
The client identity is sent to identify and trusted identities.Step 316 is continued executing with after step 309.
Step 310, the authentication state for determining client device are state to be certified, are sent to the credible identifying device of client
The client identity mark and mark to be certified.
Identifying device that step 311, client are credible receives the client of user input after the mark to be certified is received
Authentication information, and the client identity is identified and the authenticated client information is sent to the certificate server equipment.
Step 312, certificate server equipment send new equipment authentic authentication solicited message to authenticated client information library facilities.
Wherein, the new equipment authentic authentication solicited message includes client identity mark and authenticated client letter
Breath.
Herein, the authenticated client information includes medium number or biological information;The medium number includes authenticated client
Password;The biological information include client's finger print information, client's palm palmprint information, client's face identification information,
Voice of customers identification information or client's eyeball identification information.
Step 313, authenticated client information library facilities are identified in authenticated client information library facilities sheet according to the client identity
Ground inquires about the client identity and identifies corresponding authentication information content, by the authenticated client information and the authentication information content
Matched, generate matching result, and the matching result is sent to the certificate server equipment.
Wherein, the matching result includes the match is successful result and it fails to match result.Step is performed after step 313
314 or step 315.
Step 314, certificate server equipment determine that new equipment is credible and recognized when the matching result is the match is successful result
Demonstrate,prove successfully, the client identity mark and trusted identities are sent to the credible identifying device of the client, and it is special by fingerprint
Levy library facilities and store the corresponding authentication information of the client identity mark, corresponding each customer historical is identified to update client identity
Device-fingerprint information.
Step 315, certificate server equipment determine that new equipment is credible and recognized when the matching result is it fails to match result
Card failure, the client identity mark and insincere mark are sent to the credible identifying device of the client.
After step 314 and step 315, step 316 is continued executing with.
Step 316, the client is credible identifying device are by the client device to transaction application server apparatus
Client Device Authentication result is sent, it is right to cause the transaction application server apparatus according to Client Device Authentication result
The transaction session request is handled.
Wherein, the Client Device Authentication result includes client identity mark and insincere mark, Huo Zhesuo
State client identity mark and trusted identities.
Herein, when there are trusted identities in the authentication result that transaction application server apparatus is obtained, then client is allowed to set
It is standby to be traded session with it.Otherwise, when there is insincere mark in the authentication result that transaction application server apparatus is obtained, then
Refuse transaction session.
The safety certifying method of a kind of client device provided in an embodiment of the present invention, by the client for gathering diversification
The fingerprint element information of equipment, and customer historical device-fingerprint information matches in fingerprint characteristic storehouse, to client device can
Letter property is authenticated;Client device certification first not by when, can also further carry out new equipment authentic authentication, it is ensured that
The reliability of client device, while transaction risk is reduced, also lifts the operating experience of client, can improve safety
Control effect, protects the fund property safety of client, it is to avoid identifying feature is single in credible recognition methods of the prior art,
And can change, cause the problem of recognition result is inaccurate.
As shown in figure 4, the embodiment of the present invention provides a kind of credible identifying device of client, including:
Client device monitors unit 41, for monitoring client device.
Fingerprint element information collecting unit 42, for monitoring client device to the transmission of transaction application server apparatus
When transaction session is asked, the fingerprint element information of the client device is gathered, and bind according to the credible identifying device of client
Client identity mark with the fingerprint element information generate authentication information.
Information security communication unit 43, for the authentication information to be sent into certificate server equipment;Receive certification clothes
Client identity mark and trusted identities that device equipment of being engaged in is sent, or receive the client identity mark that certificate server equipment is sent
Know and insincere mark;Client Device Authentication result is sent to transaction application server apparatus by client device, with
So that the transaction application server apparatus is handled transaction session request according to Client Device Authentication result;
The Client Device Authentication result includes the client identity and identified and insincere mark, or client identity mark
And trusted identities.
Further, as shown in figure 4, the credible identifying device of described client, also includes:
Information integration ciphering unit 44, for being generated as each fingerprint element information to refer to according to the string code form pre-set
Line string code;The client identity mark of the credible identifying device binding of client is encapsulated into the fingerprint string code, and is encrypted,
Generate authentication information character string.
Further, described information safety communication unit 43, is additionally operable to receive client's body that certificate server equipment is sent
Part mark and mark to be certified;The authenticated client information of user input is received, and the client identity is identified and described
Authenticated client information is sent to the certificate server equipment.
The credible identifying device of a kind of client provided in an embodiment of the present invention, by the client device for gathering diversification
Customer historical device-fingerprint information matches in fingerprint element information, with fingerprint characteristic storehouse, the credibility to client device is entered
Row certification;Client device certification first not by when, can also further carry out new equipment authentic authentication, it is ensured that client
The reliability of end equipment, while transaction risk is reduced, also lifts the operating experience of client, can improve security effect
Really, the fund property safety of client is protected, it is to avoid identifying feature is single in credible recognition methods of the prior art, and can repair
Change, cause the problem of recognition result is inaccurate.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that every one stream in flow chart and/or block diagram can be realized by computer program instructions
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
Apply specific embodiment in the present invention to be set forth the principle and embodiment of the present invention, above example
Explanation be only intended to help and understand the method for the present invention and its core concept;Simultaneously for those of ordinary skill in the art,
According to the thought of the present invention, it will change in specific embodiments and applications, in summary, in this specification
Appearance should not be construed as limiting the invention.
Claims (17)
1. a kind of security certification system of client device, it is characterised in that including:Identification that client device, client are credible
Device, transaction application server apparatus, certificate server equipment, fingerprint characteristic library facilities, authenticated client information library facilities;It is described
Client device is connected with the credible identifying device of the client;The client device should by external network and the transaction
Communicated to connect with server apparatus;The credible identifying device of client is led to by external network and the certificate server equipment
Letter connection;The certificate server equipment by LAN respectively with the fingerprint characteristic library facilities and authenticated client information bank
Equipment communication is connected;
The credible identifying device of client, for monitoring client device, and is monitoring client device to the transaction
When application server equipment sends transaction session request, the fingerprint element information of the client device is gathered, and according to client
The client identity mark of credible identifying device binding is held to generate authentication information with the fingerprint element information, by the authentication information
It is sent to the certificate server equipment;
The certificate server equipment, is asked for parsing the authentication information, and sending matching to the fingerprint characteristic library facilities
Ask;
The fingerprint characteristic library facilities, corresponding each customer historical device-fingerprint information is identified for inquiring about the client identity,
And matched according to the customer historical device-fingerprint information with each fingerprint key element in fingerprint element information, it is determined that described recognize
The matching degree of information and each customer historical equipment is demonstrate,proved, and the maximum in each matching degree is sent to the certificate server and is set
It is standby;
The certificate server equipment, is additionally operable to the certification shape that the maximum in the matching degree determines client device
State;When the authentication state is certification success, to the credible identifying device of the client send the client identity mark with
And trusted identities;When the authentication state is state to be certified, new equipment is carried out according to authenticated client information library facilities credible
Certification;In the success of new equipment authentic authentication, to the credible identifying device of the client send the client identity mark and
Trusted identities;When new equipment authentic authentication fails, send the client identity to the credible identifying device of the client and identify
And insincere mark;
The credible identifying device of client, is additionally operable to send visitor to transaction application server apparatus by the client device
Family end equipment authentication result, make it that the transaction application server apparatus, according to Client Device Authentication result, is handed over described
Easy session request is handled;The Client Device Authentication result includes the client identity and identified and insincere mark,
Or the client identity mark and trusted identities.
2. the security certification system of client device according to claim 1, it is characterised in that the fingerprint element information
Including software elements, hardware elements and network element;The software elements include operation system information, browser name information,
Screen resolution information;The hardware elements include CPU class informations, hard disk serial number information;The network element includes network
Type information, mac address information.
3. the security certification system of client device according to claim 2, it is characterised in that the client is credible to be known
Other device, specifically for:
Each fingerprint element information is generated as by fingerprint string code according to the string code form pre-set;
The client identity mark of the credible identifying device binding of client is encapsulated into the fingerprint string code, and is encrypted, it is raw
Into authentication information character string.
4. the security certification system of client device according to claim 3, it is characterised in that in the fingerprint characteristic storehouse
Record has client identity to identify corresponding each customer historical device-fingerprint information in equipment, and the client identity mark is corresponding each
The actual value and each key element that customer historical device-fingerprint information includes each key element fingerprint characteristic in fingerprint element information refer to
The corresponding fiducial probability value of line characteristic item;
The fingerprint characteristic library facilities, specifically for:
Inquire about the client identity and identify corresponding each customer historical device-fingerprint information;
By the value of each fingerprint key element in fingerprint element information each key element fingerprint characteristic corresponding to each customer historical equipment
Actual value is matched;If the reality of the value of the fingerprint key element in fingerprint element information key element fingerprint characteristic corresponding to its
Border value is differed, then chooses the corresponding fiducial probability value of corresponding key element fingerprint characteristic;
According to formula:P=P1·P2·...·PkDetermine the matching degree of the authentication information and each customer historical equipment;Wherein, P
For the authentication information and the matching degree of each customer historical equipment;PkRepresent to choose in same customer historical equipment each accordingly will
The corresponding fiducial probability value of plain fingerprint characteristic.
5. the security certification system of client device according to claim 4, it is characterised in that the certificate server is set
It is standby, specifically for:
Judge whether the maximum in the matching degree is more than the matching degree threshold value pre-set;Maximum in the matching degree
When value is more than the matching degree threshold value, it is certification success to determine the authentication state of client device, is known to the client is credible
Other device sends the client identity mark and trusted identities;Maximum in the matching degree is less than or equal to the matching
When spending threshold value, the authentication state for determining client device is state to be certified.
6. the security certification system of client device according to claim 5, it is characterised in that the certificate server is set
It is standby, specifically it is additionally operable to:
When it is determined that the authentication state of client device is state to be certified, the client is sent to the credible identifying device of client
Identity and mark to be certified;
The credible identifying device of client, is specifically additionally operable to after the mark to be certified is received, and receives user input
Authenticated client information, and the client identity is identified and the authenticated client information is sent to the certificate server and set
It is standby;
The certificate server equipment, is specifically additionally operable to send new equipment authentic authentication request letter to authenticated client information library facilities
Breath;The new equipment authentic authentication solicited message includes the client identity and identified and the authenticated client information;
The authenticated client information library facilities, specifically for being identified according to the client identity in authenticated client information library facilities sheet
Ground inquires about the client identity and identifies corresponding authentication information content, by the authenticated client information and the authentication information content
Matched, generate matching result, and the matching result is sent to the certificate server equipment;The matching result bag
The result that includes that the match is successful and it fails to match result;
The certificate server equipment, is specifically additionally operable to, when the matching result is the match is successful result, determine that new equipment can
Believe certification success, the client identity mark and trusted identities are sent to the credible identifying device of the client, and by referring to
Line feature library facilities stores the client identity and identifies corresponding authentication information, and corresponding each client is identified to update client identity
Historical Device finger print information;When the matching result is it fails to match result, determine that new equipment authentic authentication fails, to described
Identifying device that client is credible sends the client identity mark and insincere mark.
7. the security certification system of client device according to claim 6, it is characterised in that the authenticated client information
Including medium number or biological information;The medium number includes authenticated client password;The biological information includes client
Finger print information, client's palm palmprint information, client's face identification information, voice of customers identification information or client's eyeball are known
Other information.
8. a kind of safety certifying method of client device, it is characterised in that applied to the client device described in claim 1
Security certification system, methods described includes:
Identifying device that client is credible monitors client device, and is monitoring client device to transaction application server apparatus
When sending transaction session request, the fingerprint element information of the client device is gathered, and according to the credible identifying device of client
Client identity mark and the fingerprint element information of binding generate authentication information, and the authentication information is sent into authentication service
Device equipment;
The certificate server equipment parses the authentication information, and sends matching request to fingerprint characteristic library facilities;
The fingerprint characteristic library facilities inquires about the client identity and identifies corresponding each customer historical device-fingerprint information, and according to
The customer historical device-fingerprint information is matched with each fingerprint key element in fingerprint element information, determines the authentication information
With the matching degree of each customer historical equipment, and the maximum in each matching degree is sent to the certificate server equipment;
Maximum of the certificate server equipment in the matching degree determines the authentication state of client device;Described
When authentication state is certification success, the client identity mark is sent to the credible identifying device of the client and can beacon
Know;When the authentication state is state to be certified, new equipment authentic authentication is carried out according to authenticated client information library facilities;New
During the success of equipment authentic authentication, the client identity mark and trusted identities are sent to the credible identifying device of the client;
When new equipment authentic authentication fails, the client identity mark is sent and insincere to the credible identifying device of the client
Mark;
The credible identifying device of client sends client to transaction application server apparatus by the client device and set
Standby authentication result, to cause the transaction application server apparatus according to Client Device Authentication result, to the transaction session
Request is handled;The Client Device Authentication result includes the client identity and identified and insincere mark, Huo Zhesuo
State client identity mark and trusted identities.
9. the safety certifying method of client device according to claim 8, it is characterised in that the fingerprint element information
Including software elements, hardware elements and network element;The software elements include operating method information, browser name information,
Screen resolution information;The hardware elements include CPU class informations, hard disk serial number information;The network element includes network
Type information, mac address information.
10. the safety certifying method of client device according to claim 9, it is characterised in that the collection visitor
The fingerprint element information of family end equipment, and the client identity mark bound according to the credible identifying device of client will with the fingerprint
Prime information generates authentication information, including:
Each fingerprint element information is generated as by fingerprint string code according to the string code form pre-set;
The client identity mark of the credible identifying device binding of client is encapsulated into the fingerprint string code, and is encrypted, it is raw
Into authentication information character string.
11. the safety certifying method of client device according to claim 10, it is characterised in that in the fingerprint characteristic
Record has client identity to identify corresponding each customer historical device-fingerprint information in library facilities, and the client identity mark is corresponding
Each customer historical device-fingerprint information includes the actual value and each key element of each key element fingerprint characteristic in fingerprint element information
The corresponding fiducial probability value of fingerprint characteristic;
The fingerprint characteristic library facilities inquires about the client identity and identifies corresponding each customer historical device-fingerprint information, and according to
The customer historical device-fingerprint information is matched with each fingerprint key element in fingerprint element information, determines the authentication information
With the matching degree of each customer historical equipment, including:
Inquire about the client identity and identify corresponding each customer historical device-fingerprint information;
By the value of each fingerprint key element in fingerprint element information each key element fingerprint characteristic corresponding to each customer historical equipment
Actual value is matched;If the reality of the value of the fingerprint key element in fingerprint element information key element fingerprint characteristic corresponding to its
Border value is differed, then chooses the corresponding fiducial probability value of corresponding key element fingerprint characteristic;
According to formula:P=P1·P2·...·PkDetermine the matching degree of the authentication information and each customer historical equipment;Wherein, P
For the authentication information and the matching degree of each customer historical equipment;PkRepresent to choose in same customer historical equipment each accordingly will
The corresponding fiducial probability value of plain fingerprint characteristic.
12. the safety certifying method of client device according to claim 11, it is characterised in that the certificate server
Maximum of the equipment in the matching degree determines the authentication state of client device;It is certification success in the authentication state
When, the client identity mark and trusted identities are sent to the credible identifying device of the client, including:
Judge whether the maximum in the matching degree is more than the matching degree threshold value pre-set;Maximum in the matching degree
When value is more than the matching degree threshold value, it is certification success to determine the authentication state of client device, is known to the client is credible
Other device sends the client identity mark and trusted identities;Maximum in the matching degree is less than or equal to the matching
When spending threshold value, the authentication state for determining client device is state to be certified.
13. the safety certifying method of client device according to claim 12, it is characterised in that in the authentication state
During for state to be certified, new equipment authentic authentication is carried out according to authenticated client information library facilities, including:
When it is determined that the authentication state of client device is state to be certified, the client is sent to the credible identifying device of client
Identity and mark to be certified;
The credible identifying device of client receives the authenticated client letter of user input after the mark to be certified is received
Breath, and the client identity is identified and the authenticated client information is sent to the certificate server equipment;
The certificate server equipment sends new equipment authentic authentication solicited message to authenticated client information library facilities;It is described newly to set
Standby authentic authentication solicited message includes the client identity and identified and the authenticated client information;
The authenticated client information library facilities is identified in authenticated client information library facilities local search institute according to the client identity
State client identity and identify corresponding authentication information content, by the authenticated client information and authentication information content progress
Match somebody with somebody, generate matching result, and the matching result is sent to the certificate server equipment;The matching result includes matching
Successful result and it fails to match result;
Methods described also includes:
The certificate server equipment determines the success of new equipment authentic authentication when the matching result is the match is successful result,
The client identity mark and trusted identities are sent to the credible identifying device of the client, and passes through fingerprint characteristic library facilities
Store the client identity and identify corresponding authentication information, corresponding each customer historical device-fingerprint is identified to update client identity
Information;When the matching result is it fails to match result, determine that new equipment authentic authentication fails, know to the client is credible
Other device sends the client identity mark and insincere mark.
14. the safety certifying method of client device according to claim 13, it is characterised in that the authenticated client letter
Breath includes medium number or biological information;The medium number includes authenticated client password;The biological information includes visitor
Family finger print information, client's palm palmprint information, client's face identification information, voice of customers identification information or client's eyeball
Identification information.
15. a kind of credible identifying device of client, it is characterised in that including:
Client device monitors unit, for monitoring client device;
Fingerprint element information collecting unit, for monitoring client device to the transmission trade fair of transaction application server apparatus
During words request, the fingerprint element information of the client device, and the client bound according to the credible identifying device of client are gathered
Identity generates authentication information with the fingerprint element information;
Information security communication unit, for the authentication information to be sent into certificate server equipment;Certificate server is received to set
Client identity that preparation is sent mark and trusted identities, or receive client identity mark that certificate server equipment sends and
Insincere mark;Client Device Authentication result is sent to transaction application server apparatus by client device, to cause
Transaction application server apparatus is stated according to Client Device Authentication result, transaction session request is handled;The visitor
Family end equipment authentication result include the client identity identify and insincere mark, or the client identity identify and can
Beacon is known.
16. the credible identifying device of client according to claim 15, it is characterised in that also include:
Information integration ciphering unit, for each fingerprint element information to be generated as into fingerprint string according to the string code form pre-set
Code;The client identity mark of the credible identifying device binding of client is encapsulated into the fingerprint string code, and is encrypted, is generated
Authentication information character string.
17. the credible identifying device of client according to claim 16, it is characterised in that described information safety communication list
Member, is additionally operable to receive client identity mark and mark to be certified that certificate server equipment is sent;Receive the visitor of user input
Family authentication information, and the client identity is identified and the authenticated client information is sent to the certificate server equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710122559.5A CN106952096A (en) | 2017-03-03 | 2017-03-03 | Security certification system, method and the credible identifying device of client of client device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710122559.5A CN106952096A (en) | 2017-03-03 | 2017-03-03 | Security certification system, method and the credible identifying device of client of client device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106952096A true CN106952096A (en) | 2017-07-14 |
Family
ID=59467176
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710122559.5A Pending CN106952096A (en) | 2017-03-03 | 2017-03-03 | Security certification system, method and the credible identifying device of client of client device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106952096A (en) |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107911364A (en) * | 2017-11-16 | 2018-04-13 | 国网山东省电力公司 | A kind of Verification System based on fingerprint recognition caching |
| CN108055273A (en) * | 2017-12-22 | 2018-05-18 | 北京启明星辰信息安全技术有限公司 | A kind of intranet server finds method, system and Network Security Audit System |
| CN108092975A (en) * | 2017-12-07 | 2018-05-29 | 上海携程商务有限公司 | Recognition methods, system, storage medium and the electronic equipment of abnormal login |
| CN109002733A (en) * | 2018-06-20 | 2018-12-14 | 阿里巴巴集团控股有限公司 | A kind of pair of equipment carries out the method and device of reliability evaluation |
| WO2019018952A1 (en) * | 2017-07-25 | 2019-01-31 | 律碁科技股份有限公司 | Authentication method, authentication software, and authentication device with designated condition |
| CN110198328A (en) * | 2018-03-05 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Client recognition methods, device, computer equipment and storage medium |
| CN111245782A (en) * | 2019-12-29 | 2020-06-05 | 航天信息股份有限公司广州航天软件分公司 | System and method for intelligently monitoring entry-exit self-service acceptance equipment |
| WO2020119157A1 (en) * | 2018-12-14 | 2020-06-18 | 北京京东尚科信息技术有限公司 | Authentication method and apparatus, and computer readable storage medium |
| CN111552945A (en) * | 2020-05-27 | 2020-08-18 | 支付宝(杭州)信息技术有限公司 | Resource processing method, device and equipment |
| CN111614684A (en) * | 2020-05-25 | 2020-09-01 | 中京天裕科技(北京)有限公司 | Industrial equipment security terminal authentication system and authentication method |
| CN111786966A (en) * | 2020-06-15 | 2020-10-16 | 中国建设银行股份有限公司 | Method and device for browsing webpage |
| CN112073407A (en) * | 2020-09-04 | 2020-12-11 | 上海浦东发展银行股份有限公司 | System, method and storage medium for real-time judgment of abnormal equipment in high-concurrency service |
| CN112152997A (en) * | 2020-08-20 | 2020-12-29 | 同济大学 | Equipment identification-oriented double-factor authentication method, system, medium and server |
| CN112491836A (en) * | 2020-11-16 | 2021-03-12 | 新华三技术有限公司合肥分公司 | Communication system, method, device and electronic equipment |
| CN112669585A (en) * | 2020-12-15 | 2021-04-16 | 广州极飞科技有限公司 | Method for device pairing, processor, mobile terminal and server |
| CN113572773A (en) * | 2021-07-27 | 2021-10-29 | 迈普通信技术股份有限公司 | Access equipment and terminal access control method |
| CN113849802A (en) * | 2021-06-30 | 2021-12-28 | 五八有限公司 | Equipment authentication method and device, electronic equipment and storage medium |
| CN113923012A (en) * | 2021-09-30 | 2022-01-11 | 杭州默安科技有限公司 | Fingerprint generation method and tamper-proof method for client device |
| CN114499994A (en) * | 2021-12-30 | 2022-05-13 | 科大讯飞股份有限公司 | Device fingerprint identification method and device, electronic device and medium |
| WO2023124958A1 (en) * | 2021-12-31 | 2023-07-06 | 中兴通讯股份有限公司 | Key update method, server, client and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994105A (en) * | 2015-07-09 | 2015-10-21 | 国网智能电网研究院 | Android intelligent terminal security authentication method |
-
2017
- 2017-03-03 CN CN201710122559.5A patent/CN106952096A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104994105A (en) * | 2015-07-09 | 2015-10-21 | 国网智能电网研究院 | Android intelligent terminal security authentication method |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019018952A1 (en) * | 2017-07-25 | 2019-01-31 | 律碁科技股份有限公司 | Authentication method, authentication software, and authentication device with designated condition |
| CN107911364A (en) * | 2017-11-16 | 2018-04-13 | 国网山东省电力公司 | A kind of Verification System based on fingerprint recognition caching |
| CN108092975A (en) * | 2017-12-07 | 2018-05-29 | 上海携程商务有限公司 | Recognition methods, system, storage medium and the electronic equipment of abnormal login |
| CN108092975B (en) * | 2017-12-07 | 2020-09-22 | 上海携程商务有限公司 | Abnormal login identification method, system, storage medium and electronic equipment |
| CN108055273A (en) * | 2017-12-22 | 2018-05-18 | 北京启明星辰信息安全技术有限公司 | A kind of intranet server finds method, system and Network Security Audit System |
| CN108055273B (en) * | 2017-12-22 | 2020-08-28 | 北京启明星辰信息安全技术有限公司 | Method and system for discovering intranet server and network security audit system |
| CN110198328B (en) * | 2018-03-05 | 2021-09-21 | 腾讯科技(深圳)有限公司 | Client identification method and device, computer equipment and storage medium |
| CN110198328A (en) * | 2018-03-05 | 2019-09-03 | 腾讯科技(深圳)有限公司 | Client recognition methods, device, computer equipment and storage medium |
| CN109002733A (en) * | 2018-06-20 | 2018-12-14 | 阿里巴巴集团控股有限公司 | A kind of pair of equipment carries out the method and device of reliability evaluation |
| WO2020119157A1 (en) * | 2018-12-14 | 2020-06-18 | 北京京东尚科信息技术有限公司 | Authentication method and apparatus, and computer readable storage medium |
| US11899770B2 (en) | 2018-12-14 | 2024-02-13 | Beijing Jingdong Shangke Information Technology Co., Ltd. | Verification method and apparatus, and computer readable storage medium |
| CN111245782A (en) * | 2019-12-29 | 2020-06-05 | 航天信息股份有限公司广州航天软件分公司 | System and method for intelligently monitoring entry-exit self-service acceptance equipment |
| CN111245782B (en) * | 2019-12-29 | 2023-01-10 | 航天信息股份有限公司广州航天软件分公司 | System and method for intelligently monitoring entry-exit self-service acceptance equipment |
| CN111614684A (en) * | 2020-05-25 | 2020-09-01 | 中京天裕科技(北京)有限公司 | Industrial equipment security terminal authentication system and authentication method |
| CN111552945A (en) * | 2020-05-27 | 2020-08-18 | 支付宝(杭州)信息技术有限公司 | Resource processing method, device and equipment |
| CN111786966A (en) * | 2020-06-15 | 2020-10-16 | 中国建设银行股份有限公司 | Method and device for browsing webpage |
| CN112152997A (en) * | 2020-08-20 | 2020-12-29 | 同济大学 | Equipment identification-oriented double-factor authentication method, system, medium and server |
| CN112073407A (en) * | 2020-09-04 | 2020-12-11 | 上海浦东发展银行股份有限公司 | System, method and storage medium for real-time judgment of abnormal equipment in high-concurrency service |
| CN112491836B (en) * | 2020-11-16 | 2022-04-22 | 新华三技术有限公司合肥分公司 | Communication system, method, device and electronic equipment |
| CN112491836A (en) * | 2020-11-16 | 2021-03-12 | 新华三技术有限公司合肥分公司 | Communication system, method, device and electronic equipment |
| CN112669585A (en) * | 2020-12-15 | 2021-04-16 | 广州极飞科技有限公司 | Method for device pairing, processor, mobile terminal and server |
| CN113849802A (en) * | 2021-06-30 | 2021-12-28 | 五八有限公司 | Equipment authentication method and device, electronic equipment and storage medium |
| CN113572773A (en) * | 2021-07-27 | 2021-10-29 | 迈普通信技术股份有限公司 | Access equipment and terminal access control method |
| CN113923012A (en) * | 2021-09-30 | 2022-01-11 | 杭州默安科技有限公司 | Fingerprint generation method and tamper-proof method for client device |
| CN113923012B (en) * | 2021-09-30 | 2024-01-26 | 杭州默安科技有限公司 | Fingerprint generation method and tamper-proof method of client device |
| CN114499994A (en) * | 2021-12-30 | 2022-05-13 | 科大讯飞股份有限公司 | Device fingerprint identification method and device, electronic device and medium |
| CN114499994B (en) * | 2021-12-30 | 2024-06-04 | 科大讯飞股份有限公司 | Equipment fingerprint identification method and device, electronic equipment and medium |
| WO2023124958A1 (en) * | 2021-12-31 | 2023-07-06 | 中兴通讯股份有限公司 | Key update method, server, client and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106952096A (en) | Security certification system, method and the credible identifying device of client of client device | |
| JP6653268B2 (en) | System and method for communicating strong authentication events on different channels | |
| CN106357612B (en) | Authentication record checking method and device based on publicly-owned block chain | |
| EP1875653B1 (en) | System and method for fraud monitoring, detection, and tiered user authentication | |
| JP4778899B2 (en) | System and method for risk-based authentication | |
| RU2635275C1 (en) | System and method of identifying user's suspicious activity in user's interaction with various banking services | |
| EP2652688B1 (en) | Authenticating transactions using a mobile device identifier | |
| EP1922632B1 (en) | Extended one-time password method and apparatus | |
| US10484426B2 (en) | Auto-generated synthetic identities for simulating population dynamics to detect fraudulent activity | |
| US20120150748A1 (en) | System and method for authenticating transactions through a mobile device | |
| CN106716343A (en) | Transaction verification through enhanced authentication | |
| WO2015136800A1 (en) | Authentication device, authentication system and authentication method | |
| CN106416189A (en) | Systems, apparatus and methods for improved authentication | |
| CN105229596A (en) | High level of authentication technology and application | |
| CN104769914A (en) | Method of processing requests for digital services | |
| US9639689B1 (en) | User authentication | |
| KR102076473B1 (en) | Secure identity verification | |
| CN106651372A (en) | Data processing method and system | |
| Pandey et al. | Case study on online fraud detection using machine learning | |
| CN108122108A (en) | Mobile device authentication system and mobile equipment authentication method | |
| CN103400070A (en) | Secure online banking method based on USB (universal serial bus) shield | |
| JP2011150494A (en) | Ip access log analysis device and method thereof | |
| WO2018226500A1 (en) | Biometric identification system and associated methods | |
| US12010113B1 (en) | Authorizing front-end devices with tokens | |
| JP6009521B2 (en) | User identification system, method and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170714 |
|
| RJ01 | Rejection of invention patent application after publication |