A kind of authentication information acquisition methods, offer method and device
Technical field
The application is related to field of computer technology, more particularly to a kind of authentication information acquisition methods and dress
Put, authentication information provides method and device.
Background technology
With the development of smart machine, closely information transfer is carried out by smart machine and carried for the life of people
Many facilities are supplied.
When using smart machine short range transmission significant data, the receiving terminal for obtaining data is generally required to carrying
Identity for the transmitting terminal of data is authenticated, and whether transmitting terminal for confirmation possesses some business of progress (ratio
Such as consumer electronics reward voucher) authority.In order to reach the purpose, transmitting terminal can be by authentication information
Receiving terminal is supplied to, to allow receiving terminal or server to verify the authentication information.Need
Bright, authentication refers to the process of that computer techno-stress system confirms operator's identity;Authentication
Information, refers to be supplied to computer techno-stress system, to the information as the foundation for confirming operator's identity.
It is the important information of relational users property safety in view of the authentication information, if criminal is sharp
The property loss that the authentication information forged is likely to result in user is sent with transmitting terminal, it is therefore necessary to carry
Ensure the scheme that receiving terminal gets legal authentication information for a kind of.
The content of the invention
The embodiment of the present application provides a kind of authentication information acquisition methods, to solve in the prior art can not
Ensure the problem of receiving terminal gets legal authentication information.
The embodiment of the present application also provides a kind of authentication information acquisition device, to solve in the prior art without
Method ensures the problem of receiving terminal gets legal authentication information.
The embodiment of the present application also provides a kind of authentication information and provides method, to solve in the prior art without
Method ensures the problem of receiving terminal gets legal authentication information.
The embodiment of the present application also provides a kind of authentication information and provides device, to solve in the prior art without
Method ensures the problem of receiving terminal gets legal authentication information.
The embodiment of the present application uses following technical proposals:
A kind of authentication information acquisition methods, including:
Obtain encryption data and encryption key that transmitting terminal is provided;
Judge whether the encryption key is credible;
If the encryption key is credible, using the encryption key, judge whether the encryption data is credible,
If the encryption data is credible, the authentication letter included in the encryption key or encryption data is obtained
Breath.
A kind of authentication information provides method, including:
Obtain the second key and encryption key that server is sent;In second key and/or encryption key,
Include authentication information;
Business datum is encrypted using the second key, encryption data is obtained;
The encryption data and encryption key are supplied to receiving terminal.
A kind of authentication information acquisition device, including:
Transmitting terminal data capture unit:Encryption data and encryption key for obtaining transmitting terminal offer;
Key judging unit:For judging whether the encryption key is credible;
Data determining unit:If credible for the encryption key, using the encryption key, institute is judged
Whether credible state encryption data;If the encryption data is credible, the encryption key or encryption data are obtained
In the authentication information that includes.
A kind of authentication information provides device, including:
Key acquiring unit:The second key and encryption key for obtaining server transmission;Described second is close
In key and/or encryption key, authentication information is included;
Business datum ciphering unit:For business datum to be encrypted using the second key, obtain encrypting number
According to;
Data providing unit:For the encryption data and encryption key to be supplied into receiving terminal.
At least one above-mentioned technical scheme that the embodiment of the present application is used can reach following beneficial effect:
This programme judged by the encryption key and the confidence level of encryption data provided transmitting terminal, and then
Legal authentication information is obtained, solving prior art can not ensure that receiving terminal gets legal identity
The problem of authentication information.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, constitutes one of the application
Point, the schematic description and description of the application is used to explain the application, does not constitute to the application not
Work as restriction.In the accompanying drawings:
Fig. 1 is a kind of implementation process signal for authentication information acquisition methods that the embodiment of the present application 1 is provided
Figure;
Fig. 2 is the friendship between a kind of server, receiving terminal and the transmitting terminal three that the embodiment of the present application 1 is provided
Mutual relation schematic diagram.
Fig. 3 is a kind of a kind of implementation process for authentication information acquisition methods that the embodiment of the present application 2 is provided
Schematic diagram;
Fig. 4 is a kind of concrete structure signal for authentication information acquisition device that the embodiment of the present application 3 is provided
Figure;
Fig. 5 is the concrete structure signal that a kind of authentication information that the embodiment of the present application 4 is provided provides device
Figure.
Embodiment
It is specifically real below in conjunction with the application to make the purpose, technical scheme and advantage of the application clearer
Apply example and technical scheme is clearly and completely described corresponding accompanying drawing.Obviously, it is described
Embodiment is only some embodiments of the present application, rather than whole embodiments.Based on the implementation in the application
Example, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to the scope of the application protection.
In the embodiment of the present application, information encryption can be based on, data are authenticated, information encryption
Technology is the most frequently used Information Security means.Specifically, in cryptography, information encryption is
Important data are changed into mess code (encryption) using technological means to be transmitted afterwards, used again after arriving at
Identical or different means are reduced the significant data (decryption).Wherein, the encryption of data is conciliate
It is close to be realized by key.
According to the difference of cipher mode, information encryption can be divided into symmetric cryptosystem and asymmetric encryption
Technology.
Wherein, symmetric cryptosystem employs symmetric cryptography coding techniques, and its feature is that file encryption is conciliate
Secret emissary uses identical key, i.e. encryption key to be also used as decruption key.Symmetric cryptosystem is used
Simple and fast, as long as key is not revealed, encrypted data are difficult to be stolen in transmitting procedure.
And it is not same key that asymmetric encryption techniques, which refer to used when data are encrypted and decrypted,.
Specifically, two keys would generally be used in asymmetric encryption techniques, public key and private key is referred to as.It is public
Key exists with private key in paired form, if data are encrypted with public key, only with corresponding private key
Can decryption;If data are encrypted with private key, then could only be decrypted with corresponding public key.It is asymmetric
Key holder can be disclosed public key, it is possible to by private key to the data that are encrypted using public key
It is decrypted.The data by public key encryption can only can just be untied by private key, compared to symmetric cryptography
Technology, greatly reduces the risk that encrypted Data Data is stolen in transmitting procedure.
In the embodiment of the present application, the client and server mentioned hereinafter can be adopted when carrying out data transmission
It is transmitted again after data are encrypted with information encryption.In the embodiment of the present application, different clients
Between information transfer data can be also encrypted using information encryption after be transmitted again.
It should be noted that in the embodiment of the present application, can be reached by the judgement to data credibility to body
The effect that the credibility of part authentication information is judged, in order to improve between data authentication efficiency, client
Data transfer mode can be the unidirectional closely information transmission mode of single.For ease of description, by client it
Between data providing referred to as transmitting terminal when carrying out data transmission, data acquisition side is referred to as receiving terminal.
The unidirectional closely information transmission mode of the single, refers to transmitting terminal and receiving terminal by short range transmission
When the mode of data carries out business processing, it is only necessary to which transmitting terminal provides a data to receiving terminal, just can be with complete
Into the process of whole business processing.That is, the authentication information acquisition methods that the embodiment of the present application is provided,
In verification process, transmitting terminal only can provide a data to receiving terminal.
The application scenarios that the embodiment of the present application provides scheme are not limited to using the unidirectional closely information of single
The scene that transmission means carries out data transmission, such as can be applied in progress between transmitting terminal and receiving terminal many
Secondary data interaction is to complete the scene of a certain business.
Below in conjunction with accompanying drawing, the technical scheme that each embodiment of the application is provided is described in detail.
Embodiment 1
To solve that the problem of receiving terminal gets legal authentication information can not be ensured in the prior art, this
Application embodiment 1 provides a kind of authentication information acquisition methods.The authentication that the embodiment of the present application is provided
The executive agent of information acquisition method can be the intelligent terminal as receiving terminal in data transmission procedure, institute
State receiving terminal can be, but not limited to for mobile phone, tablet personal computer, PC (Personal Computer, PC),
Intelligent watch etc. is any can to carry out at least one of intelligent terminal of data receiver.It is described to perform master
Body does not constitute the restriction to the application, and for the ease of description, the embodiment of the present application is intelligence with executive agent
It can be illustrated exemplified by terminal.
In the embodiment of the present application, the interactive relation schematic diagram between server, receiving terminal and transmitting terminal three is such as
Shown in Fig. 2.
The implementation process schematic diagram of this method is as shown in figure 1, comprise the steps:
Step 11:Obtain encryption data and encryption key that transmitting terminal is provided;
In the embodiment of the present application, transmitting terminal can be obtained and provided using the unidirectional closely information transmission mode of single
Encryption data and encryption key.The closely information transmission mode such as can be to be based on exhibition information figure
The information transmission mode of case.Wherein, information waiting for transmission is included in described information pattern, receiving terminal can be with
The information pattern of transmitting terminal displaying is scanned, the information included in information pattern is obtained.
Described information pattern, such as can be two-dimension code pattern.
Step 12:Judge whether the encryption key is credible;
To clearly describe the implementation process of step 12, it is necessary to first to taken in the embodiment of the present application one
A little data encryption process are discussed in detail as follows:
In the embodiment of the present application, in order to ensure safety of the information in transmission, transmitting terminal is being transferred data to
During receiving terminal, it can be encrypted by data key, obtain encryption data.The data such as can be with
It is business datum, the business datum is the data for carrying business information, such as when the business is preferential
When certificate is checked and write off, then the business datum is the data for carrying coupon information.For the ease of describing, we
By transmitting terminal before receiving terminal is transmitted data to, data are encrypted used in key to be referred to as second close
Key.After receiving terminal receives the encryption data, the second data key can be used to be decrypted, therefore,
Second key can be together sent to receiving terminal by transmitting terminal.Second key can be generated by server, and
It is handed down in transmitting terminal, second key and includes the first authentication information.First authentication information is to open
Hair personnel's self-defining be used for judge the whether believable authentication information of second key.
In actual applications, it can be used when transmitting terminal and receiving terminal are encrypted and decrypted using the second key
Symmetric key technique, i.e., described second key can be symmetric key.Herein, we are by the second key list
It is shown as Ka。
Meanwhile, in order to prevent the second key from being revealed during being transmitted by transmitting terminal to receiving terminal, server
The second key can be encrypted as after encryption key using key, be then forwarded to transmitting terminal, for the ease of description,
The key referred to as first key that server is used to the second key is encrypted by we.Receiving terminal is receiving hair
After the encryption key that sending end is sent, after encryption key being decrypted using first key, the could be obtained
Two keys.
In actual applications, the first key can be the public key of unsymmetrical key.Used in receiving terminal
The public key, can be sent to receiving terminal by server.Based on the public key, when receiving terminal gets transmission
After the encryption key at end, it is possible to use encryption key is decrypted the public key of the unsymmetrical key.It is described
Encryption key, can be unsymmetrical key corresponding with the public key of the unsymmetrical key by server by utilizing
Private key pair encryption key is encrypted what is obtained.Herein, if the private key of unsymmetrical key is expressed as by we
Kpr, the public key of unsymmetrical key is expressed as Kpu, encryption key is expressed as Ke, then server by utilizing is non-
The private key K of symmetric keyprTo symmetric key KaThe process being encrypted can be represented with equation below (1):
In the embodiment of the present application, it may be let out during long-term use in order to avoid there is the second key
The problem of dew, server can periodically issue the second new key according to the predetermined time cycle to transmitting terminal.
For example, server can arrange a period of time T s with transmitting terminal, when transmitting terminal detects last service
The time interval that device issues the time gap current time of the second key is more than after period of time T s, transmitting terminal
The second cipher key acquisition request can be sent to server, server is receiving second cipher key acquisition request
Afterwards, the second new key can be generated, and the second new key is encrypted to first key to obtain encryption close
Key, then together sends the second new key and encryption key to transmitting terminal.
In the embodiment of the present application, because transmitting terminal can be entered using the second key being acquired periodically to business datum
Row encryption, and encryption data is supplied to receiving terminal, therefore, transmitting terminal is being encrypted and provided to data
During the encryption data, data interaction can not be carried out with server, i.e., described transmitting terminal may be at offline
State.Herein, encryption data is expressed as Enc by us, and business datum is expressed as into D, then using pair
Claim key KaThe process that business datum D is encrypted can be represented with equation below (2):
Based on above-mentioned data encryption process, whether receiving terminal is credible in the encryption key for judging to get
When, it is possible to use the public key (first key) of the unsymmetrical key obtained from server is carried out to encryption key
Decryption, obtains encryption key decryption result, if the encryption key decryption result is the second key, judges
The encryption key is credible.Whether judge the encryption key decryption result is that the method for the second key can be wrapped
Include:Judge whether the form of the encryption key decryption result meets the form of the second key, if so, then sentencing
The fixed encryption key decryption result is the second key, if it is not, then judging the encryption key decryption result not
It is the second key.
(K is expressed as using the public key of unsymmetrical keypu) to encryption key KeThe process being decrypted can be with
Represented with equation below (3):
After the second key is obtained, whether receiving terminal can may be used according to the first authentication information included in the second key
Letter, to judge whether second key is credible.If judging, the second key is credible, judges the encryption
Key is credible;If judging, the second key is insincere, judges that the encryption key is insincere.
Specifically, first authentication information can be by developer's self-defining.Such as, described first recognizes
It can be the time related to second key to demonstrate,prove information, such as can be that server issues the second key
Time or server reclaim the time of the second key.Receiving terminal can be according to first included in the second key
Whether authentication information meets default first Rule of judgment, to judge whether second key is credible.If institute
State the first authentication information credible, then judge that second key is credible;If first authentication information is insincere,
Then judge that second key is insincere.
Such as, in actual applications, when first authentication information is the time that server issues the second key
When, when the time gap that receiving terminal can issue the second key according to the server included in the second key is current
Between time interval whether be more than default time interval, to judge whether second key credible, if institute
The time interval for stating the time gap current time that the server included in the second key generates the second key is big
In default very first time interval, then it can determine that the first authentication information meets default first Rule of judgment,
So as to judge that second key is insincere.
Step 13:If the encryption key is credible, using the encryption key, the encryption data is judged
It is whether credible;
, can also profit after judging that the encryption key is credible by performing step 12 in the embodiment of the present application
Judge whether the encryption data is credible with the encryption key.
Such as, receiving terminal can utilize the second key for being decrypted and obtaining to encryption key, to the encryption
Data are decrypted, and obtain the second authentication information.After second authentication information is obtained, receiving terminal can root
It is whether credible according to second authentication information, to judge whether the encryption data is credible.If judging described
Second authentication information is credible, then judges that the encryption data is credible;If judging second authentication information not
It is credible, then judge that the encryption data is insincere.
Herein, the second authentication information is expressed as C2, when second key is symmetric key KaWhen,
Utilize symmetric key KaThe process that encryption data Enc is decrypted can be represented with equation below (4):
Second authentication information can be by developer's self-defining.Such as, second authentication information can
With the business datum offer instruction for being to transmitting terminal the is received related time;Or, the second certification letter
Breath can also be the arbitrary parameter for the credibility height that can reflect the encryption data that transmitting terminal is provided, this Shen
Please embodiment to the particular content of the second authentication information without limiting.
Wherein, the business datum that the transmitting terminal is received provides instruction the related time, such as can be hair
Sending end receives the time of business datum offer instruction or transmitting terminal is receiving business datum offer
After instruction, the time that data are encrypted.The business datum offer instruction refers to be carried for triggering transmitting terminal
For the instruction of the business datum.The business datum that the transmitting terminal is received provides the instruction related time can
By developer's self-defining, it is related that the business datum that the embodiment of the present application is received to transmitting terminal provides instruction
Time particular content without limit.
Whether receiving terminal can meet default second according to the second authentication information included in encryption data is sentenced
Broken strip part, to judge whether second key is credible.If second authentication information is credible, institute is judged
State encryption data credible;If second authentication information is insincere, judge that the encryption data is insincere.
Such as, in actual applications, provided when second authentication information receives business datum for transmitting terminal
During the time of instruction, receiving terminal can receive business datum offer according to the transmitting terminal included in encryption data
Whether the time interval of the time gap current time of instruction is more than default time interval, to judge described the
Whether two keys are credible, if the transmitting terminal included in the encryption data receives business datum and provides instruction
The time interval of time gap current time is more than default second time interval, then can determine the second certification
Information is unsatisfactory for default second Rule of judgment, so as to judge that second key is insincere.
In the embodiment of the present application, after judging that the encryption data is credible by the above method, receiving terminal just may be used
To trust all data in encryption data.Therefore, transmitting terminal can be by business datum and second certification
Information is encrypted as encryption data together, and sends jointly to receiving terminal together with encryption key, based on above-mentioned identity
Authentication information acquisition methods, transmitting terminal is after the encryption data is got, if it is determined that second certification is believed
Breath is credible, just can trust the business datum, after judging that second authentication information is credible, receiving terminal
Just all data included in the encryption data can be preserved.
For example, user is in consumer electronics reward voucher, the business datum is electronic coupon data, is sent
The electronic coupon data and the second authentication information are encrypted as after encryption data by end using the second key, even
Receiving terminal is sent jointly to encryption key, after receiving terminal judges that the encryption data is credible, and then institute is judged
State electronic coupon data credible, then receiving terminal can point out electronic coupon information described in businessman credible, enter
And businessman can service according to the prompting of receiving terminal there is provided corresponding with the electronic coupons.
In the embodiment of the present application, after judging that the encryption data is credible, it can also be held according to transmitting terminal request
Capable business, obtains the business datum corresponding with the business that transmitting terminal asks receiving terminal to perform.
For example, user is when by subway gate, the business datum can user's current request pass through
The site information of subway station where subway gate, transmitting terminal encrypts the second authentication information using the second key
After encryption data, receiving terminal is sent jointly to together with encryption key, receiving terminal judges that the encryption data can
After letter, user current state out of the station and current subway station shop information are just obtained, and allow user to pass through
Subway gate.
In the embodiment of the present application, receiving terminal when judging whether the encryption data credible based on the above method,
Data interaction, i.e. receiving terminal can not be carried out with server carry out data authentication in the data provided transmitting terminal
When, it may be at off-line state.
Step 14:If the encryption data is credible, obtain what is included in the encryption key or encryption data
Authentication information.
In actual applications, after judging the credibility of encryption data, if it is determined that the encryption data
It is credible, then it can obtain the encryption data.Specifically, the encryption data can be saved in default
In memory, the memory can be volatile memory or nonvolatile memory, volatile
Property memory includes but is not limited to internal memory, and nonvolatile memory includes but is not limited to flash memory, read-only storage.
If it is determined that the encryption data is insincere, then the encryption data can not be obtained, can also be by institute
State insincere encryption data to upload onto the server, so that server does respective handling, the embodiment of the present application is not right
The processing mode of insincere encryption data is defined.
After encryption data is trusted by above-mentioned data message acquisition methods, if transmitting terminal and receiving terminal are passing through
Server is needed to perform corresponding data manipulation after above-mentioned data authentication process, then receiving terminal can be utilized from clothes
Be engaged in device obtain unsymmetrical key public key, by after the data encryption related to data manipulation of receiving terminal (plus
Claim " upload encryption data " after close obtained data) it is sent to server.Corresponding data manipulation ratio
It such as can be generation service order, check and write off reward voucher data manipulation.Server can utilize unsymmetrical key
Private key the upload encryption data is decrypted, obtain the data related to data manipulation, and then
Perform corresponding data manipulation.
In actual applications, receiving terminal periodically can send described according to the predetermined time cycle to server
Upload encryption data.For example, server can arrange a period of time T r with receiving terminal, when receiving terminal inspection
Measure the current time interval of the last time gap for sending upload encryption data to server and be equal to the time
During cycle T r, receiving terminal can send the upload encryption data to server.
The data related to data manipulation can such as include business datum.For example, when the business number
During according to for coupon data, transmitting terminal by above-mentioned authentication information acquisition methods consume reward voucher after,
Server needs to record the consumption information.
Server, may can also be to sending out when according to related to the data manipulation data execution data manipulation
The authentication of sending end, it is thus possible to can use the identity information of transmitting terminal, therefore, transmitting terminal, which is supplied to, to be connect
In the encryption data of receiving end, the authentication information for being used to recognize transmitting terminal user identity can also be included.Institute
Authentication information is stated to be sent to transmitting terminal by server, in order to prevent the authentication information from revealing, the body
Part authentication information can be contained in the second key, i.e., the first authentication information can be included in described second key
And authentication information.
In order to avoid disabled user is got after the data of transmitting terminal, by the first authentication information in the data
Being revised as with the second authentication information can be by the information of receiving terminal certification, and then brings damage to validated user
Lose.In the embodiment of the present application, it can be generated and identity by server when being interacted every time with transmitting terminal
The related associated key of authentication information, and it is sent to transmitting terminal.The form of the associated key can be by developing
Personnel's self-defining, the associated key such as can be that authentication information is generated by symmetric key encryption
Ciphertext or a cryptographic Hash relevant with authentication information.It is described in the embodiment of the present application
The associated key is may each comprise in encryption data and upload encryption data.
The upload encryption data is decrypted in the private key using unsymmetrical key for server, obtains described
After authentication information and associated key, it is possible to use method when associated key is generated judges the identity
Whether authentication information and associated key match, and then judge whether the business datum is provided by validated user.
If the authentication information and associated key matching, are performed and the business datum and authentication
The related operation of information.For example, when the business datum is that reward voucher checks and writes off the data of business, the identity
When authentication information represents user A, then the reward voucher is checked and write off from user A account, and in user A
Account in generation reward voucher consumption order.
In order to more fully hereinafter record the data in each step real-time process of this programme in the server, in reality
In, the data related to data manipulation can also include data authentication passage time, receiving terminal body
Part authentication information etc., the particular content of the embodiment of the present application pair data related to data manipulation is without limit
It is fixed.
Herein, authentication information is expressed as C by us, and associated key is expressed as into Ks, then encryption is worked as
When in data comprising authentication information, the second authentication information and associated key, symmetric key K is utilizedaIt is right
Authentication information C, the second authentication information C2With associated key KsThe process being encrypted can be used as follows
Formula (5) is represented:
It should be noted that the executive agent that embodiment 1 provides each step of method may each be same and set
It is standby, or, this method is also used as executive agent by distinct device.Such as, step 11 and step 12 are held
Row main body can be equipment 1, and the executive agent of step 13 can be equipment 2;Again such as, step 11
Executive agent can be equipment 1, and the executive agent of step 12 and step 13 can be equipment 2;Etc..
The authentication information acquisition methods that the embodiment of the present application 1 is provided, using the second key by data encryption
For encryption data, and it is close by first key the second key comprising authentication information to be encrypted as into encryption
Key, is judged by the confidence level to the encryption key and encryption data, obtains legal authentication
Information, the problem of receiving terminal gets legal authentication information can not be ensured by solving prior art.
Embodiment 2
The embodiment of the present application 2, mainly introduces one of the above method of the offer of the embodiment of the present application 1 in practice
Plant application scheme.
Before being described in detail to the implementation of the program, first the implement scene to the program is carried out simply
Introduce:
In the embodiment of the present application, reward vouchers of the user A in certain businessman consumes oneself account.
Based on above-mentioned implement scene, authentication information acquisition process that embodiment 2 is provided as shown in figure 3,
Comprise the steps:
Step 201:Server sends the public key K of unsymmetrical key to receiving terminalpu;
Wherein, the private key K of unsymmetrical keyprIt is stored in server local.
Step 202:Server sent a symmetric key K according to 6 hours mobile phones to user AaFrequency
Rate, symmetric key K is sent to user A mobile phoneaWith encryption key Ke;
Wherein, the symmetric key KaInclude for identify user A mobile phone in account identity information
Authentication information C, symmetric key send time t.
The encryption key Ke, it is private key K of the server by the unsymmetrical keyprTo symmetric key
KaIt is encrypted what is obtained.
Step 203:When user A is interacted by mobile phone and server, server can be sent out to transmitting terminal
Send an associated key K related to authentication information Cs;
Wherein, the associated key KsIt is the cryptographic Hash generated according to authentication information C.
Step 204:User sends coupon data to mobile phone and provides instruction;
Step 205:Mobile phone responds the business datum and provides instruction, using symmetric key to coupon data
Related data is encrypted as encryption data, and generates the Quick Response Code progress comprising the encryption data and encryption key
Displaying;
The coupon data related data includes associated key Ks, mobile phone receive business datum provide instruction
Time t0, coupon data D.
Step 206:The Quick Response Code is scanned using merchant client in businessman, obtains the encryption data and adds
Key.
Step 207:Merchant client utilizes the public key K of the unsymmetrical keypuThe encryption key is entered
Row decryption, obtains symmetric key Ka, the symmetric key KaInclude authentication information C and symmetric key
Transmission time t.Merchant client finds that the symmetric key sends time intervals of the time t apart from current time
Less than default 6 hours of time interval, and then judge that the encryption key is credible;
Step 208:Merchant client utilizes the symmetric key K for being decrypted and obtaining to the encryption keya
The encryption data that merchant client is obtained is decrypted, associated key K is obtaineds、t0, coupon data D.
Merchant client finds t0Time interval apart from current time is less than default time interval 3 minutes, and then
Judge that the encryption data is credible, so as to will be preserved from all data that the mobile phone is got to being locally stored
In medium.
Step 209:Merchant client sends the believable reminder message of coupon information, so that businessman is according to this
Reminder message, provides the reward voucher corresponding service to user A;
Step 210:Merchant client utilizes public key K when data upload the cycle and arrivedpuTo preservation from
All data that the mobile phone is got are encrypted, and obtain uploading encryption data, and described upload is encrypted
Data are sent to server;
Step 211:Server by utilizing private key KprThe upload encryption data got is decrypted, verified
The C and K obtained after decryptionsBetween relation whether meet server last time generation KsWhen the rule that use
Then.If meeting, generation reward voucher consumption order.
The authentication information acquisition methods that the embodiment of the present application 2 is provided, using symmetric key by data encryption
For encryption data, and the second key comprising authentication information is encrypted as by the private key of unsymmetrical key
Encryption key, is judged by the confidence level to the encryption key and encryption data, obtains legal body
Part authentication information, solving prior art can not ensure that receiving terminal gets asking for legal authentication information
Topic.
Embodiment 3
To solve that the problem of receiving terminal gets legal authentication information can not be ensured in the prior art, this
Application embodiment 3 provides a kind of authentication information acquisition device.The knot of the authentication information acquisition device
Structure schematic diagram is as shown in figure 4, mainly include following function unit:
Transmitting terminal data capture unit 31:Encryption data and encryption key for obtaining transmitting terminal offer;
Key judging unit 32:For judging whether the encryption key is credible;
Data determining unit 33:If credible for the encryption key, using the encryption key, judge
Whether the encryption data is credible;If the encryption data is credible, the encryption key or encryption number are obtained
The authentication information included in.
In order to improve the efficiency of transmission of data, in one embodiment, the data capture unit 33, tool
Body is used to obtain encryption data and the encryption that transmitting terminal is provided using the unidirectional closely information transmission mode of single
Key.
The unidirectional closely information transmission mode of the single, including:Show the mode of Quick Response Code.
In one embodiment, the key judging unit 32, specifically for utilizing what is obtained from server
Encryption key is decrypted first key, obtains the second key;Judge whether the second key is credible;If sentencing
Breaking, it is credible the second key, then judges that the encryption key is credible;If judging, the second key is insincere,
Judge that the encryption key is insincere.
In one embodiment, the key judging unit 32, specifically for judging second key packet
Whether the first authentication information contained is credible;If first authentication information is credible, second key is judged
It is credible;If first authentication information is insincere, judge that second key is insincere.
First authentication information, including:The time related to second key.
In one embodiment, the data determining unit, specifically for utilizing to enter the encryption key
The second key that row decryption is obtained, is decrypted to the encryption data, obtains the second authentication information;Judge
Whether second authentication information is credible;If second authentication information is credible, the encryption data is judged
It is credible;If second authentication information is insincere, judge that the encryption data is insincere.
Second authentication information, including:To business datum that transmitting terminal is received provide instruction it is related when
Between.
Server is sent in order to which the legal authentication information got will be obtained, in a kind of embodiment
In, described device also includes:
Data transmission unit 34:If credible for the encryption data, by the authentication information and its
He is sent to server at related data;
Wherein, other described related datas include the business datum related to the business of transmitting terminal request processing.
Other described related datas, in addition to:
By decrypting the associated key that the encryption data is obtained;
Wherein, the authentication information and associated key are recognized the identity of transmitting terminal for server
Card.
In one embodiment, the data transmission unit, it is specific close using obtained from server first
Key, the service that is sent to is sent to after server is encrypted by the authentication information and other related datas
Device.
The business datum, is obtained by following at least one modes:
By decrypting the encryption data, the business datum that transmitting terminal is provided is obtained;
The business for asking to perform according to transmitting terminal, obtains corresponding with the business that transmitting terminal asks receiving terminal to perform
Business datum.
In one embodiment, the transmitting terminal data capture unit, specifically under off-line state,
Obtain encryption data and encryption key that transmitting terminal is provided under off-line state;
Wherein, the off-line state, refers to not set up the state being connected with the server.
The authentication information acquisition device that the embodiment of the present application 3 is provided, using the second key by data encryption
For encryption data, and it is close by first key the second key comprising authentication information to be encrypted as into encryption
Key, is judged by the confidence level to the encryption key and encryption data, obtains legal authentication
Information, the problem of receiving terminal gets legal authentication information can not be ensured by solving prior art.
Embodiment 4
To solve that the problem of receiving terminal gets legal authentication information can not be ensured in the prior art, this
Application embodiment 4 provides a kind of authentication information and provides device.The authentication information provides the knot of device
Structure schematic diagram is as shown in figure 5, mainly include following function unit:
Key acquiring unit 41:The second key and encryption key for obtaining server transmission;Described second
In key and/or encryption key, authentication information is included;
Business datum ciphering unit 42:For business datum to be encrypted using the second key, encrypted
Data;
Data providing unit 43:For the encryption data and encryption key to be supplied into receiving terminal.
In order to improve the efficiency of transmission of data, in one embodiment, the data providing unit, specifically
For using the unidirectional closely information transmission modes of single, the encryption data and encryption key being supplied to and connect
Receiving end.
In second key, the first authentication information is included.
First authentication information, including the time related to second key.
In one embodiment, business datum ciphering unit 42, specifically for utilizing the second key to business
Data and the second authentication information are encrypted, and obtain encryption data.
Second authentication information, including the time related to the business datum offer instruction received.
In one embodiment, described device also includes:
Authentication information acquiring unit 44, associated key and transmitting terminal authentication for obtaining server transmission
Information;Then
The business datum ciphering unit 42, specifically for:
Using the second key, business datum, associated key and transmitting terminal authentication information are encrypted,
Obtain encryption data.
The authentication information acquisition device that the embodiment of the present application 4 is provided, using the second key by data encryption
For encryption data, and it is close by first key the second key comprising authentication information to be encrypted as into encryption
Key, is judged by the confidence level to the encryption key and encryption data, obtains legal authentication
Information, the problem of receiving terminal gets legal authentication information can not be ensured by solving prior art.
Embodiment 5
The embodiment of the present application 5, mainly introduces one of the above method of the offer of the embodiment of the present application 1 in practice
Plant application scheme.
Before being described in detail to the implementation of the program, first the implement scene to the program is carried out simply
Introduce:
In the embodiment of the present application, user A enters the station by bus from subway a stations, is got off at subway b stations outbound.With
Family A can utilize the Quick Response Code that mobile phone terminal is shown to pass through the gate of subway station, then, the reception in embodiment 1
End is subway station gate system in the embodiment of the present application, and transmitting terminal is in the embodiment of the present application for user A's
Mobile phone.
Based on above-mentioned implement scene, the information displaying process that embodiment 5 is provided comprises the steps:
Step 501:Server sends the public key K of unsymmetrical key to subway station gate systempu;
Wherein, the private key K of unsymmetrical keyprIt is stored in server local.
Step 502:Server sent a symmetric key K according to the every 6 hours mobile phones to user Aa's
Frequency, symmetric key K is sent to user A mobile phoneaWith encryption key Ke;
Wherein, the symmetric key KaInclude for identify user A mobile phone in account identity information
Authentication information C, symmetric key KaTransmission time t.
The encryption key Ke, it is private key K of the server by the unsymmetrical keyprTo symmetric key
KaIt is encrypted what is obtained.
Step 503:When mobile phone and server are interacted, server can be to the mobile phone as transmitting terminal
Send an associated key K related to authentication information Cs;
Wherein, mobile phone and server are interacted, such as can refer to that mobile phone (can be installed on mobile phone
Client) periodically and server interact, or mobile phone accessed under the operation of user server so that
Realize interaction, etc..In the embodiment of the present application, when mobile phone only can preserve the last and server interaction
The associated key K related to authentication information C receiveds.The key signature Ks, such as can be with
It is the cryptographic Hash generated according to authentication information C.
Step 504:When user is entered the station at subway a stations by subway gate, to mobile phone input Quick Response Code displaying
Instruction;
Wherein described Quick Response Code is used to be supplied to subway gate, so that user passes through subway gate.
Step 505:Mobile phone responds the Quick Response Code displaying instruction, utilizes symmetric key KaBy associated key
Ks, mobile phone receive Quick Response Code displaying instruction time t0Encryption data is encrypted as, and generation adds comprising described
Ciphertext data and encryption key KeQuick Response Code be shown;
Step 506:The Quick Response Code that mobile phone is generated is showed subway gate by user, so that subway gate is obtained
The data included in the Quick Response Code.
Step 507:Subway gate gets the encryption data included in Quick Response Code and encryption key Ke;
Step 508:Subway gate utilizes the public key K of the unsymmetrical keypuTo the encryption key KeEnter
Row decryption, obtains symmetric key Ka, the symmetric key KaInclude authentication information C and symmetric key
Transmission time t.It is small apart from the time interval of current time that subway gate finds that the symmetric key sends time t
In default 6 hours of time interval, and then judge that the encryption key is credible;
Step 509:Subway gate is utilized to the encryption key KeObtained symmetric key K is decrypteda
Encryption data to acquisition is decrypted, and obtains associated key Ks、t0.Merchant client finds t0Distance is worked as
The time interval of preceding time is less than default time interval 3 minutes, and then judges that the encryption data is credible,
Then obtain subway a station related data and user state out of the station (those contents got equivalent to
What is referred in the embodiment of the present application 1 asks the related business datum of business of processing to transmitting terminal), and will be from
All data that the mobile phone is got are preserved into local storage medium.
The related data at subway a station, which is included, is used to determining that user to be entered the station the information of website, the subway a
The related data stood such as can be the network address of subway a websites.Because now user is in the state that enters the station,
Then the state out of the station of the user is the state that enters the station.
Step 510:Subway a stations gate allows user to pass through.
Step 511:User A from subway b station it is outbound when, user A using the mobile phone and subway b station lock
Handed over when the process that machine is interacted enters the station with user A from a stations using the mobile phone and subway a stations gate
Mutual process is similar, will not be repeated here.Now subway gate will obtain the related data and use at subway b stations
The state out of the station at family, and will be preserved from all data that the mobile phone is got into local storage medium.
Step 512:The gate of subway station utilizes public key K when data upload the cycle and arrivedpuTo preservation
All data got from the mobile phone are encrypted, and obtain uploading encryption data, and described upload is added
Ciphertext data is sent to server;
Step 513:Server by utilizing private key KprThe upload encryption data got is decrypted, verified
The C and K obtained after decryptionsBetween relation whether meet server last time according to C generate KsWhen make
Rule.If meeting, according to the related data at the subway a stations got and the dependency number at subway b stations
According to, business information is generated, and according to the account of the C determination generations business information.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can be using complete hardware embodiment, complete software embodiment or knot
The form of embodiment in terms of conjunction software and hardware.Wherein wrapped one or more moreover, the present invention can be used
Containing computer usable program code computer-usable storage medium (include but is not limited to magnetic disk storage,
CD-ROM, optical memory etc.) on the form of computer program product implemented.
The present invention is with reference to the production of method according to embodiments of the present invention, equipment (system) and computer program
The flow chart and/or block diagram of product is described.It should be understood that can by computer program instructions implementation process figure and
/ or each flow and/or square frame in block diagram and the flow in flow chart and/or block diagram and/
Or the combination of square frame.These computer program instructions can be provided to all-purpose computer, special-purpose computer, insertion
Formula processor or the processor of other programmable data processing devices are to produce a machine so that pass through and calculate
The instruction of the computing device of machine or other programmable data processing devices is produced for realizing in flow chart one
The device for the function of being specified in individual flow or multiple flows and/or one square frame of block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or the processing of other programmable datas to set
In the standby computer-readable memory worked in a specific way so that be stored in the computer-readable memory
Instruction produce include the manufacture of command device, the command device realization in one flow or multiple of flow chart
The function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices, made
Obtain and perform series of operation steps on computer or other programmable devices to produce computer implemented place
Reason, so that the instruction performed on computer or other programmable devices is provided for realizing in flow chart one
The step of function of being specified in flow or multiple flows and/or one square frame of block diagram or multiple square frames.
Embodiments herein is the foregoing is only, the application is not limited to.For this area skill
For art personnel, the application can have various modifications and variations.All institutes within spirit herein and principle
Any modification, equivalent substitution and improvements of work etc., should be included within the scope of claims hereof.