The content of the invention
In view of this, the embodiment of the present invention provides a kind of method and apparatus of business authentication, it is possible to increase during business authentication
Security.
To achieve the above object, first aspect according to embodiments of the present invention, should there is provided a kind of method of business authentication
For management end, including:
Service generation authentication seeds needed for selection, and the authentication seeds and authentication timeliness are sent to AUC;
Obtain the Quick Response Code link that the AUC generates according to the authentication seeds;
Quick Response Code link and the authentication seeds are sent to user terminal;
The user terminal linked according to the Quick Response Code and user's seed in the AUC in the authentication
Authentication is completed in timeliness, so that the AUC marks the corresponding business interface of the authentication seeds to pass through certification
Afterwards, the certification completion message that the AUC returns is received;Receive what the AUC pushed during business development
Business service condition.
To achieve the above object, second aspect according to embodiments of the present invention, should there is provided a kind of method of business authentication
For AUC, including:
Receive the authentication seeds and authentication timeliness of service generation that management end is sent, that selection is required;
Quick Response Code and the link of corresponding Quick Response Code are generated according to the authentication seeds, and Quick Response Code link is returned to
Management end;
Authentication is carried out to the user terminal according to the authentication seeds and authentication timeliness;
It is determined that after user terminal completion authentication, marking the corresponding business interface of the authentication seeds by recognizing
Card, and to the management end return authentication completion message;
The record traffic service condition during business development, and it is pushed to management end.
Optionally, authentication is carried out to the user terminal according to the authentication seeds and authentication timeliness, including:
The user terminal is obtained by recognizing 2 D code information that the Quick Response Code is got and being obtained from the management end
After authentication seeds, the certification factor generated according to the 2 D code information and the authentication seeds;
According to the authentication seeds and authentication timeliness, judge whether the certification factor meets authentication condition.
To achieve the above object, the third aspect according to embodiments of the present invention, should there is provided a kind of method of business authentication
For user terminal, including:
Authentication seeds that management end is sent, selecting required service generation and AUC are received according to the certification kind
Quick Response Code link that is that son is generated and returning to the management end;
Recognize that the Quick Response Code links corresponding Quick Response Code;
Authentication is carried out with the AUC according to the authentication seeds and the Quick Response Code, so as in the authentication
The heart marks the corresponding business interface of the authentication seeds by certification after it is determined that completing authentication, and to the management
Hold return authentication completion message;
Regular check authentication state, it is determined that by certification when, obtain the corresponding business interface of the authentication seeds.
Optionally, authentication is carried out with the AUC according to the authentication seeds and the Quick Response Code, including:
The Quick Response Code is recognized to obtain 2 D code information;
According to the authentication seeds, biological identification is locally completed;
According to the 2 D code information and the authentication seeds generation certification factor, and send to AUC progress
Authentication.
To achieve the above object, there is provided a kind of device of business authentication, bag for fourth aspect according to embodiments of the present invention
Include:
Authentication seeds generation module, for selecting required service generation authentication seeds, and by the authentication seeds and mirror
Temporary effect is sent to AUC;
The receiver module of management end first, for obtaining the Quick Response Code chain that the AUC generates according to the authentication seeds
Connect;
Management end sending module, for Quick Response Code link and the authentication seeds to be sent to user terminal;
The receiver module of management end second, for the user terminal linked according to the Quick Response Code and user's seed in
The AUC completes authentication in the authentication timeliness, so that the AUC marks the authentication seeds correspondence
Business interface by certification after, receive the certification completion message that the AUC returns;
The receiver module of management end the 3rd, is used for receiving the business that the AUC pushes during carrying out in business
Situation.
To achieve the above object, there is provided a kind of device of business authentication, bag for the 5th aspect according to embodiments of the present invention
Include:
AUC's receiver module, receives the authentication seeds and authentication of service generation that management end is sent, that selection is required
Timeliness;
The sending module of AUC first, generates Quick Response Code according to the authentication seeds and corresponding Quick Response Code is linked, and
Quick Response Code link is returned into management end;
Authentication module, for carrying out authentication to the user terminal according to the authentication seeds and authentication timeliness;
The sending module of AUC second, for it is determined that after user terminal completion authentication, marking the certification
The corresponding business interface of seed is by certification, and to the management end return authentication completion message;
Operating audit module, for carrying out in business during record traffic service condition, and be pushed to management end.
Optionally, the authentication module is additionally operable to:The user terminal is obtained by recognizing that the Quick Response Code gets two dimension
Code information is simultaneously obtained after authentication seeds from the management end, the certification generated according to the 2 D code information and the authentication seeds
The factor;According to the authentication seeds and authentication timeliness, judge whether the certification factor meets authentication condition.
To achieve the above object, there is provided a kind of device of business authentication, bag for the 6th aspect according to embodiments of the present invention
Include:
The receiver module of user terminal first, for receiving management end transmission, the authentication seeds of the service generation needed for selection
Quick Response Code link that is being generated with AUC according to the authentication seeds and returning to the management end;
Quick Response Code identification module, for recognizing that the Quick Response Code links corresponding Quick Response Code;
Business authentication module, recognizes for carrying out identity with the AUC according to the authentication seeds and the Quick Response Code
Card, so that the AUC is after it is determined that complete authentication, marks the corresponding business interface of the authentication seeds to pass through
Certification, and to the management end return authentication completion message;
Business acquisition module, for regular check authentication state, it is determined that by certification when, obtain the authentication seeds
Corresponding business interface.
Optionally, the business authentication module is additionally operable to:The Quick Response Code is recognized to obtain 2 D code information;According to described
Authentication seeds, locally complete biological identification;The certification factor is generated according to the 2 D code information and the authentication seeds, concurrently
Deliver to the AUC and carry out authentication.
One embodiment in foregoing invention has the following advantages that or beneficial effect:Industry is started by management end because employing
Business verification process, just from AUC to the technological means of user terminal transmission service interface after the completion of business authentication, is solved
Business is that user is visible, can not issue or hide the technical problem of business as needed in the prior art, has reached raising industry
Business issue flexibility, the technique effect of service security.
The further effect that above-mentioned non-usual optional mode has adds hereinafter in conjunction with embodiment
With explanation.
Embodiment
The one exemplary embodiment of the present invention is explained below in conjunction with accompanying drawing, including the various of the embodiment of the present invention
Details should think them only exemplary to help understanding.Therefore, those of ordinary skill in the art should recognize
Arrive, various changes and modifications can be made to the embodiments described herein, without departing from scope and spirit of the present invention.Together
Sample, for clarity and conciseness, eliminates the description to known function and structure in following description.
First embodiment
Fig. 1 is the schematic diagram of the key step of the method for business authentication according to a first embodiment of the present invention.
As shown in figure 1, first embodiment of the invention provides a kind of method of business authentication, (possesses pipe applied to management end
Authority is managed, is capable of the terminal of issuing service), including:
S10, the service generation authentication seeds needed for selection, and the authentication seeds and authentication timeliness are sent into authentication
The heart.Authentication seeds are to be selected by keeper after information task specifies object (such as a certain user name), type of service, by managing
What end was automatically generated, it can further include biometric information (such as fingerprint, iris information, face that task specifies object
Portion's identification information etc.), and encryption seed for communication encryption etc..It is a default time span to authenticate timeliness, for
AUC controls the total time-consuming maximum of user terminal finishing service identifying procedure, when user terminal is not completed in authentication timeliness
During business authentication, it is determined that the issue failure of this subtask.
S11, obtains the Quick Response Code link that AUC of institute generates according to the authentication seeds.AUC can be according to certification
Seed, generation include the Quick Response Code of authentication seeds information, and uniquely corresponding Quick Response Code is linked with the Quick Response Code, and by two
Tie up code link and return to management end.
S12, Quick Response Code link and the authentication seeds are sent to user terminal.
S13, the user terminal linked according to the Quick Response Code and user's seed in the AUC described
Authenticate and authentication is completed in timeliness, so that the AUC marks the corresponding business interface of the authentication seeds by recognizing
After card, the certification completion message that the AUC returns is received.Wherein, business interface refers to that user terminal is used for orientation business
Entrance, for example, can be a page link.
S14, receives the business service condition that the AUC pushes during business development.In the AUC
During realizing business after being finished with user terminal progress business authentication and certification, whenever AUC and user terminal
Once more important communication is carried out, when advancing operation flow, the progress that AUC returns to business authentication to management end is believed
Breath, so that management end is supervised to this business process.
From the above it can be seen that the technical scheme of the embodiment of the present invention, business is started because employing by management end
Verification process, just from AUC to the technological means of user terminal transmission service interface after the completion of business authentication, is solved existing
There is business in technology to be that user is visible, can not issue or hide the technical problem of business as needed, reached raising business
Issue flexibility, the technique effect of service security.
Second embodiment
Fig. 2 is the schematic diagram of the key step of the method for business authentication according to a second embodiment of the present invention;
As shown in Fig. 2 second embodiment of the invention provides a kind of method of business authentication, applied to AUC, including:
S20, receives the authentication seeds and authentication timeliness of service generation that management end is sent, that selection is required.Authentication seeds
It is to be selected by keeper after information task specifies object (such as a certain user name), type of service, is automatically generated by management end
, it can further include biometric information (such as fingerprint, iris information, facial recognition information that task specifies object
Deng), and encryption seed for communication encryption etc..It is a default time span to authenticate timeliness, so that AUC is controlled
The total time-consuming maximum of user terminal finishing service identifying procedure processed, when the user terminal not finishing service certification in authentication timeliness
When, it is determined that the issue failure of this subtask.
S21, generates Quick Response Code according to the authentication seeds and corresponding Quick Response Code is linked, and Quick Response Code link is returned
Back to management end.AUC can generate according to authentication seeds and include the Quick Response Code of authentication seeds information, and with the two dimension
The unique corresponding Quick Response Code link of code, and Quick Response Code link is returned into management end.
S22, authentication is carried out according to the authentication seeds and authentication timeliness to the user terminal.
S23, it is determined that after user terminal completion authentication, marking the corresponding business interface of the authentication seeds to lead to
Cross certification, and to the management end return authentication completion message.Wherein, business interface refers to that user terminal is used for entering for orientation business
Mouthful, for example can be a page link.
S24, the record traffic service condition during business development, and it is pushed to management end.The AUC with
During the user terminal progress business authentication and certification realize business after finishing, whenever AUC enters with user terminal
Row once more important communication, when advancing operation flow, AUC returns to the progress msg of business authentication to management end,
So that management end is supervised to this business process.
In some optional embodiments, S22 is carried out according to the authentication seeds and authentication timeliness to the user terminal
Authentication, including:The user terminal is obtained by recognizing 2 D code information that the Quick Response Code is got and from the management
End is obtained after authentication seeds, the certification factor generated according to the 2 D code information and the authentication seeds;According to the certification
Seed and authentication timeliness, judge whether the certification factor meets authentication condition.The certification factor includes user terminal for certification kind
The match condition comprising information, user terminal are locally carrying out the performance of other Additional Verification modes etc. information in sub, recognize
The card factor is considered as user terminal after parsing authentication seeds, the answer carried out for the information included in authentication seeds, mirror
Power center is according to the corresponding informance compared in authentication seeds and the certification factor, you can judge user terminal whether can finishing service recognize
Card.
From the above it can be seen that the technical scheme of the embodiment of the present invention, business is started because employing by management end
Verification process, just from AUC to the technological means of user terminal transmission service interface after the completion of business authentication, is solved existing
There is business in technology to be that user is visible, can not issue or hide the technical problem of business as needed, reached raising business
Issue flexibility, the technique effect of service security.
3rd embodiment
Fig. 3 is the schematic diagram of the key step of the method for business authentication according to a third embodiment of the present invention.
As shown in figure 3, third embodiment of the invention provides a kind of method of business authentication, applied to user terminal, including:
S30, the authentication seeds and AUC for receiving service generation that management end is sent, that selection is required are recognized according to
Quick Response Code link that is that card seed is generated and returning to the management end.Authentication seeds are to select task by keeper to specify object
After information (such as a certain user name), type of service, automatically generated by management end, can further include task and specify
The biometric information (such as fingerprint, iris information, facial recognition information) of object, and the encryption kind for communication encryption
Son etc..AUC can generate the Quick Response Code for including authentication seeds information according to authentication seeds, and unique with the Quick Response Code
Corresponding Quick Response Code link, and Quick Response Code link is returned into management end.
S31, recognizes that the Quick Response Code links corresponding Quick Response Code.It can be the browser using user terminal itself, also may be used
To be the browser using external equipment, as long as successful request can be linked according to the Quick Response Code to the Quick Response Code.
S32, carries out authentication, so as to the mirror according to the authentication seeds and the Quick Response Code with the AUC
Power center marks the corresponding business interface of the authentication seeds by certification after it is determined that completing authentication, and to described
Management end return authentication completion message.Business interface refers to that user terminal is used for the entrance of orientation business, for example, can be a page
Face is linked.
In some optional embodiments, S32, according to the authentication seeds and the Quick Response Code and the AUC
Authentication is carried out, including:The Quick Response Code is recognized to obtain 2 D code information;According to the authentication seeds, locally complete
Biological identification, it is ensured that be that user is operating;According to the 2 D code information and the authentication seeds generation certification factor, and
Send to the AUC and carry out authentication.The certification factor includes user terminal for including the matching of information in authentication seeds
Situation, user terminal are considered as user locally carrying out the performance of other Additional Verification modes etc. information, the certification factor
End is after parsing authentication seeds, the answer carried out for the information included in authentication seeds, and AUC is according to comparison certification
Corresponding informance in seed and the certification factor, you can judge whether user terminal being capable of finishing service certification.
In the previous embodiments it has been noted that business seed, which can include task, specifies the biometric information of object (for example
Fingerprint, iris information, facial recognition information etc.), and user terminal needs to complete to verify local according to these biometric informations,
So the current holder for having ensured user terminal is user, further increases security during authentication business, can
To be prevented effectively from business information leakage.
From the above it can be seen that the technical scheme of the embodiment of the present invention, business is started because employing by management end
Verification process, just from AUC to the technological means of user terminal transmission service interface after the completion of business authentication, is solved existing
There is business in technology to be that user is visible, can not issue or hide the technical problem of business as needed, reached raising business
Issue flexibility, the technique effect of service security;Because employing the mode of biometric information certification, existing skill is solved
Art certification authority is default, the problem of security is not enough, has reached the technique effect of further raising service security.
Fourth embodiment
Fig. 4 is the schematic diagram of the main modular of the device of business authentication according to a fourth embodiment of the present invention.
As shown in figure 4, fourth embodiment of the invention provides a kind of device 40 of business authentication, applied to management end, including
Authentication seeds generation module 401, the first receiver module of management end 402, management end sending module 403, management end second receive mould
Block 404 and the receiver module 405 of management end the 3rd, wherein:Authentication seeds generation module 401, for selecting required service generation
Authentication seeds, and the authentication seeds and authentication timeliness are sent to AUC;The first receiver module of management end 402, is used for
Obtain the Quick Response Code link that the AUC generates according to the authentication seeds;Management end sending module 403, for by described in
Quick Response Code is linked and the authentication seeds are sent to user terminal;The second receiver module of management end 404, in the user terminal root
Authentication is completed in described authenticate in timeliness in the AUC according to Quick Response Code link and user's seed, so as to
After the AUC marks the corresponding business interface of the authentication seeds by certification, receive what the AUC returned
Certification completion message;The receiver module 405 of management end the 3rd, for receiving what the AUC pushed during carrying out in business
Business service condition.
From the above it can be seen that the technical scheme of the embodiment of the present invention, business is started because employing by management end
Verification process, just from AUC to the technological means of user terminal transmission service interface after the completion of business authentication, is solved existing
There is business in technology to be that user is visible, can not issue or hide the technical problem of business as needed, reached raising business
Issue flexibility, the technique effect of service security.
5th embodiment
Fig. 5 is the schematic diagram of the main modular of the device of business authentication according to a fifth embodiment of the present invention.
As shown in figure 5, fourth embodiment of the invention provides a kind of device 50 of business authentication, applied to AUC, bag
Include AUC's receiver module 501, the first sending module of AUC 502, authentication module 503, the transmission mould of AUC second
Block 504 and operating audit module 505;Wherein:AUC's receiver module 501, receives the industry needed for management end is sent, selection
The authentication seeds and authentication timeliness of business generation;The first sending module of AUC 502, Quick Response Code is generated according to the authentication seeds
Linked with corresponding Quick Response Code, and Quick Response Code link is returned into management end;Authentication module 503, for recognizing according to
Demonstrate,prove seed and authentication timeliness carries out authentication to the user terminal;The second sending module of AUC 504, for it is determined that institute
State user terminal to complete after authentication, mark the corresponding business interface of the authentication seeds by certification, and to the management
Hold return authentication completion message;Operating audit module 505, for carrying out in business during record traffic service condition, and push away
Give management end.
In some optional embodiments, the authentication module 503 is additionally operable to:The user terminal is obtained by recognizing
State Quick Response Code to get 2 D code information and obtain after authentication seeds from the management end, according to the 2 D code information and described
The certification factor of authentication seeds generation;According to the authentication seeds and authentication timeliness, judge whether the certification factor meets mirror
Power condition.
From the above it can be seen that the technical scheme of the embodiment of the present invention, business is started because employing by management end
Verification process, just from AUC to the technological means of user terminal transmission service interface after the completion of business authentication, is solved existing
There is business in technology to be that user is visible, can not issue or hide the technical problem of business as needed, reached raising business
Issue flexibility, the technique effect of service security.
Sixth embodiment
Fig. 6 is the schematic diagram of the main modular of the device of business authentication according to a sixth embodiment of the present invention.
As shown in fig. 6, a kind of device 60 of business authentication of the embodiment of the present invention, applied to user terminal, including user terminal
First receiver module 601, Quick Response Code identification module 602, business authentication module 603 and business acquisition module 604, wherein:User
The first receiver module 601 is held, for receiving management end transmission, the authentication seeds of the service generation needed for selection and AUC
Quick Response Code link that is being generated according to the authentication seeds and returning to the management end;Quick Response Code identification module 602, for recognizing
The Quick Response Code links corresponding Quick Response Code;Business authentication module 603, for according to the authentication seeds and the Quick Response Code with
The AUC carries out authentication, so that the AUC is after it is determined that complete authentication, marks the certification kind
The corresponding business interface of son is by certification, and to the management end return authentication completion message;Business acquisition module 604, is used
In regular check authentication state, it is determined that by certification when, obtain the corresponding business interface of the authentication seeds.
In some optional embodiments, the business authentication module 603 is additionally operable to:The Quick Response Code is recognized to obtain two
Tie up code information;According to the authentication seeds, biological identification is locally completed;According to the 2 D code information and the authentication seeds
The certification factor is generated, and is sent to AUC progress authentication.
From the above it can be seen that the technical scheme of the embodiment of the present invention, business is started because employing by management end
Verification process, just from AUC to the technological means of user terminal transmission service interface after the completion of business authentication, is solved existing
There is business in technology to be that user is visible, can not issue or hide the technical problem of business as needed, reached raising business
Issue flexibility, the technique effect of service security;Because employing the mode of biometric information certification, existing skill is solved
Art certification authority is default, the problem of security is not enough, has reached the technique effect of further raising service security.
7th embodiment
Fig. 7 is the time diagram of the critical piece function of the system of business authentication according to a seventh embodiment of the present invention.
As shown in fig. 7, the embodiment of the present invention also provides a kind of system of business authentication, including authorized administrator APP, mandate
Center, user APP and user browser.System is used to complete following identifying procedure:
1. keeper's selection needs open business;
2. keeper APP automatically generates certification Seed values, and Seed values and the term of validity are sent into authorization center.In mandate
The heart, which is received, generates interim and unique certification URL and corresponding Quick Response Code after the certification Seed values of keeper APP transmissions;And will
URL returns to keeper APP;
3. keeper is as needed, selection needs to use the user of service, and now keeper APP issues certification Seed automatically
Give user APP;
4. certification URL is sent to user by keeper;
5. user opens the URL received in a browser, the Quick Response Code of certification is showed in the page;
6. user is according to the authorization prompt of the page, scans Quick Response Code with APP and recognize authentication content therein;
7.APP prompting users need to verify fingerprint;
8. fingerprint authentication is by rear, APP produces the certification factor according to two-dimentional digital content, certification Seed and submits to authorization center
Checking;
9. authorization center authentication verification information, return authentication result is to APP;
10. the user passed through for certification, then the transmission service Portal pages;It should be noted that pushing here
The Portal pages, are not intended to be pushed to specific browser, in terms of Project Realization, the 5th step open this Quick Response Code URL its
In fact can regularly go AUC detect authentication state, when certification by after, browser automatically will obtain business service
To and show, therefore, essence be browser go acquisition;As for which kind of browser of use, if use browsing for user terminal
Device, then need not be limited.
11. authorization center notifies keeper, the user selected starts access service by certification;
12. during access service is performed, monitor user behavior according to preset rules and generate behavior auditing message
Return to keeper.
Additional description:
In the 8th step, follow-up identifying procedure is not continued to if fingerprint authentication failure;
In the 9th step, if authorization center authentication failed, user's APP authentification failures are returned to.
Above-mentioned embodiment, does not constitute limiting the scope of the invention.Those skilled in the art should be bright
It is white, depending on design requirement and other factors, can occur various modifications, combination, sub-portfolio and replacement.It is any
Modification, equivalent and improvement for being made within the spirit and principles in the present invention etc., should be included in the scope of the present invention
Within.