CN107977564A - A kind of transaction authentication processing method, certificate server, terminal and traction equipment - Google Patents
A kind of transaction authentication processing method, certificate server, terminal and traction equipment Download PDFInfo
- Publication number
- CN107977564A CN107977564A CN201610920935.0A CN201610920935A CN107977564A CN 107977564 A CN107977564 A CN 107977564A CN 201610920935 A CN201610920935 A CN 201610920935A CN 107977564 A CN107977564 A CN 107977564A
- Authority
- CN
- China
- Prior art keywords
- sign
- clf
- transaction
- certifications
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
- G06F21/445—Program or device authentication by mutual authentication, e.g. between devices or programs
Abstract
The present invention provides a kind of transaction authentication processing method, and transaction authentication processing method includes:Obtain the user media certification request and CLF certification requests sent after terminal downloads intended application;The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, is indicated according to the CLF certifications corresponding to the terminal distribution of CLF certification requests;Secure unique application sign, media authentication sign and the CLF certifications for establishing the intended application indicate corresponding binding relationship, and send to the terminal and traction equipment, for the terminal and the media authentication is indicated traction equipment and CLF certifications sign is authenticated.The invention also discloses certificate server, terminal and traction equipment.The present invention improves the security of terminal transaction.
Description
Technical field
The present invention relates to mobile payment field, more particularly to a kind of transaction authentication processing method, certificate server, terminal and
Traction equipment.
Background technology
With the development of intelligent terminal, existing intelligent terminal on the market supports double card (such as SIM card) mostly, or even double
The virtual soft card (soft SIM card) of operating system simulated implementation is supported on the basis of card.So so that the secure storage of intelligent terminal
Medium will occur multiple, but the corresponding secure storage medium of different applications is really multifarious, its different application corresponds to
Different secure storage mediums be also (user can voluntarily configure) that can become at random so that lead to not to secure storage be situated between
Matter carries out safety certification so that the security of transaction is poor.
The content of the invention
The embodiment of the present invention provides a kind of transaction authentication processing method, certificate server, terminal and traction equipment, to improve
The security of terminal transaction.
In a first aspect, an embodiment of the present invention provides a kind of transaction authentication processing method, the transaction authentication processing method
Including:
Obtain the user media certification request and CLF certification requests sent after terminal downloads intended application;
The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to CLF certifications
Request CLF certifications sign corresponding to the terminal distribution;
Secure unique application sign, media authentication sign and the CLF certifications for establishing the intended application indicate corresponding tie up
Determine relation, and send to the terminal and traction equipment, so that the terminal and traction equipment are to the media authentication mark
Show and be authenticated with CLF certifications sign.
Preferably, it is described to obtain the user media certification request and CLF certification requests sent after terminal downloads intended application
The step of before further include:
Obtain business platform and send the corresponding application issue request of the intended application;
Corresponding safety applications sign is distributed according to the intended application.
Second aspect, the embodiment of the present invention also provide a kind of transaction authentication processing method, the transaction authentication processing method
Including:
Detect the business transaction request that service application is sent;The business transaction request includes safety applications sign, medium
Certification indicates and CLF certifications sign;
What the media authentication sign and CLF stored according to the business transaction acquisition request subscriber identification card stored
CLF certifications indicate;
Media authentication sign and CLF of the binding relationship for obtaining and preserving from certificate server according to intended application to acquisition
Certification sign is verified that the binding relationship includes the corresponding safety applications sign of the intended application, media authentication sign
With the incidence relation of CLF certifications sign;
When being verified, the CLF certifications are notified to indicate corresponding CLF and initiate transaction connection request to traction equipment,
So that traction equipment is to the transaction connection request verification.
Preferably, the transaction connection request includes the corresponding binding relationship of the intended application.
Preferably, further included before the business transaction request that the detecting service application is sent:
Subscriber identity information checking request according to receiving verifies subscriber identity information;
After identity information is verified, the business transaction that detecting service application is sent is asked.
Preferably, further included before the business transaction request that the detecting service application is sent:
Obtain and store the safety applications sign sent from certificate server, media authentication sign and CLF certifications sign
Binding relationship;
Media authentication sign is written in corresponding subscriber identification card according to the binding relationship, and by institute
CLF certifications sign is stated to be written in corresponding CLF;Wherein,
The certificate server is used to be recognized according to the transmitted user media of service application application sign safe to carry
Card request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF certification marks
Show to be associated with safety applications sign and establish binding relationship.
The third aspect, the embodiment of the present invention also provide a kind of transaction authentication processing method, the transaction authentication processing method
Including:
Traction equipment obtains and stores the binding relationship sent from certificate server, and the binding relationship includes safety applications
The incidence relation of sign, media authentication sign and CLF certifications sign;
The transaction connection request that traction equipment detecting real-time terminal is sent, the transaction connection request are handed over including initiation business
The easily binding relationship of the corresponding safety applications sign of request;
The traction equipment is authenticated the binding relationship in the transaction connection request according to the binding relationship of storage;
When certification by when, the traction equipment is established based on NFC communications protocol and is connected with the transaction of the terminal.
Fourth aspect, the embodiment of the present invention also provide a kind of transaction authentication processing method, the transaction authentication processing method
Including:
User media certification request and CLF certification requests are sent to certificate server;The user media certification request and
CLF certification requests carry the corresponding safety applications sign of intended application;
The media authentication that the certificate server is distributed according to the user media certification request is received to indicate, and it is described
The CLF certifications that certificate server is distributed according to CLF certification requests indicate;With based on intended application be transmitted business transaction please
When asking, carry the corresponding safety applications sign of the intended application, media authentication sign and CLF certifications sign and send business transaction
Request.
5th aspect, the embodiment of the present invention also provide a kind of certificate server, and the certificate server includes:
First acquisition module, recognizes for obtaining the user media certification request sent after terminal downloads intended application and CLF
Card request;
First distribution module, for according to the user media certification request to the corresponding media authentication of the terminal distribution
Sign, indicates according to the CLF certifications corresponding to the terminal distribution of CLF certification requests;
Processing module, for establishing secure unique application sign, media authentication sign and the CLF certifications of the intended application
Indicate corresponding binding relationship, and send to the terminal and traction equipment, so that the terminal and traction equipment are to institute
State media authentication sign and CLF certifications sign is authenticated.
Preferably, the certificate server further includes:
Second acquisition module, the corresponding application issue request of the intended application is sent for obtaining business platform;
Second distribution module, indicates for distributing corresponding safety applications according to the intended application.
6th aspect, the embodiment of the present invention also provide a kind of terminal, and the terminal includes:
First detecting module, for detecting the business transaction request of service application transmission;The business transaction request includes
Safety applications sign, media authentication sign and CLF certifications sign;
3rd acquisition module, for the media authentication stored according to the business transaction acquisition request subscriber identification card
Sign and the CLF certifications sign of CLF storages;
First authentication module, for the binding relationship that obtains and preserve from certificate server according to intended application to acquisition
Media authentication indicates and CLF certifications sign is verified that the binding relationship includes the corresponding safety applications of the intended application
The incidence relation of sign, media authentication sign and CLF certifications sign;
Notification module, for when being verified, notifying the CLF certifications indicate corresponding CLF initiations transaction connection please
Ask to traction equipment, so that traction equipment is to the transaction connection request verification.
Preferably, the transaction connection request includes the corresponding binding relationship of the intended application.
Preferably, the terminal further includes:
Second authentication module, for being tested according to the subscriber identity information checking request received subscriber identity information
Card;
After identity information is verified, triggers the business transaction that the first detecting module detecting service application is sent and ask
Ask.
Preferably, the terminal further includes:
4th acquisition module, for obtaining and storing the safety applications sign sent from certificate server, media authentication mark
Show the binding relationship with CLF certifications sign;
Memory module, knows for media authentication sign to be written to corresponding user identity according to the binding relationship
Not Ka in, and by the CLF certifications sign be written in corresponding CLF;Wherein,
The certificate server is used to be recognized according to the transmitted user media of service application application sign safe to carry
Card request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF certification marks
Show to be associated with safety applications sign and establish binding relationship.
7th aspect, the embodiment of the present invention also provide a kind of traction equipment, and the traction equipment includes:
5th acquisition module, for obtaining and storing the binding relationship sent from certificate server, the binding relationship bag
Include the incidence relation of safety applications sign, media authentication sign and CLF certifications sign;
Second detecting module, the transaction connection request sent for detecting real-time terminal, the transaction connection request include
Initiate the binding relationship of the corresponding safety applications sign of business transaction request;
Authentication module, recognizes the binding relationship in the transaction connection request for the binding relationship according to storage
Card;
Link block, for when certification by when, established based on NFC communications protocol and be connected with the transaction of the terminal.
Eighth aspect, the embodiment of the present invention also provide a kind of terminal, which includes:
Sending module, for sending user media certification request and CLF certification requests to certificate server;The user is situated between
Matter certification request and CLF certification requests carry the corresponding safety applications sign of intended application;
Receiving module, the media authentication distributed for receiving the certificate server according to the user media certification request
Sign, and the CLF certifications that the certificate server is distributed according to CLF certification requests indicate;To be carried out based on intended application
When sending business transaction request, the corresponding safety applications sign of the intended application, media authentication sign and CLF certification marks are carried
Show and send business transaction request.
The user media certification request and CLF certifications that the embodiment of the present invention is sent by obtaining after terminal downloads intended application
Request;The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to CLF certification requests
CLF certifications sign corresponding to the terminal distribution;Establish secure unique application sign, the media authentication mark of the intended application
Show and indicate corresponding binding relationship with CLF certifications, and send to the terminal and traction equipment, for the terminal and friendship
Easy equipment indicates the media authentication and CLF certifications sign is authenticated, and then improves the security of transaction.It ensure that
The reliability merchandised in transaction system under multi-user's secure storage medium, under more NFC connections.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, needed in being described below to the embodiment of the present invention
Attached drawing to be used is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention,
For those of ordinary skill in the art, without having to pay creative labor, can also be obtained according to these attached drawings
Obtain other attached drawings.
Fig. 1 is the flow chart for the transaction authentication processing method that first embodiment of the invention provides;
Fig. 2 is the flow chart for the transaction authentication processing method that second embodiment of the invention provides;
Fig. 3 is the flow chart for the transaction authentication processing method that third embodiment of the invention provides;
Fig. 4 is the flow chart for the transaction authentication processing method that fourth embodiment of the invention provides;
Fig. 5 is the flow chart for the transaction authentication processing method that fifth embodiment of the invention provides;
Fig. 6 is the flow chart for the transaction authentication processing method that sixth embodiment of the invention provides;
Fig. 7 is that installation process flow chart is applied in transaction authentication processing method provided in an embodiment of the present invention;
Fig. 8 is the identifying procedure produced in transaction authentication processing method provided in an embodiment of the present invention before transaction connection request
Figure;
Fig. 9 is the identifying procedure produced in transaction authentication processing method provided in an embodiment of the present invention after transaction connection request
Figure;
Figure 10 is the structure chart of the certificate server provided in seventh embodiment of the invention;
Figure 11 is one of structure chart of terminal provided in seventh embodiment of the invention;
Figure 12 is the two of the structure chart of the terminal provided in seventh embodiment of the invention;
Figure 13 is the three of the structure chart of the terminal provided in seventh embodiment of the invention;
Figure 14 is the functional module structure figure of the traction equipment provided in seventh embodiment of the invention;
Figure 15 is the four of the structure chart of the terminal provided in seventh embodiment of the invention;
Figure 16 is the structure chart of the mobile terminal of seventh embodiment of the invention application.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, instead of all the embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without creative efforts
Example, belongs to the scope of protection of the invention.
First embodiment
Referring to Fig. 1, Fig. 1 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in Figure 1, bag
Include following steps:
Step 101, the user media certification request and CLF certification requests sent after terminal downloads intended application is obtained;
Transaction authentication processing method provided in this embodiment is mainly used in terminal transaction system, for the friendship to terminal
Safety applications sign, media authentication sign and CLF certifications sign in easy verification process are managed distribution.
In the present embodiment, above-mentioned terminal is based on TEE (Trusted Execution Environment, credible execution ring
Border) technology NFC (Near Field Communication, wireless near field communication) terminal, be, for example, mobile phone.In the mobile phone
With multiple storage mediums, which is preferably subscriber identification card, such as can be SIM card and/or UIM cards;Tool
Body, the user's identification card are the card with NFC function, such as NFC-SIM cards.NFC transaction chips are equipped with the terminal
(CLF), which is used to establish communication connection with traction equipment.
In the step, above-mentioned intended application is the application of business platform issue, this is applied before issue, it is necessary first to is carried out
Certification.Optionally, above-mentioned transaction authentication processing method further includes the verification process to application, specifically, obtaining terminal downloads
Further included before the step of user media certification request and CLF certification requests for being sent after intended application:
Obtain business platform and send the corresponding application issue request of the intended application;
Corresponding safety applications sign is distributed according to the intended application.
Specifically, business platform is issued to certificate server application intended application ask first, when recognizing before issue is applied
Server is demonstrate,proved to the intended application certification by rear, is distributed by certificate server for the intended application that will be issued of business platform
Legal unique safety applications sign.
There is service application in the terminal, the intended application that can be issued by the service application with downloading service platform.And
And service application can be indicated according to the safety applications of the intended application of download, sending user media certification to certificate server please
Summation CLF certification requests.
Step 102, the corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to
CLF certification requests CLF certifications sign corresponding to the terminal distribution;
In the step, certificate server will distribute corresponding media authentication sign to industry according to user media certification request
Business application, while corresponding CLF certifications sign is distributed to service application according to CLF certifications sign;So as to be sent when service application
When business transaction is asked, it will application sign, media authentication sign and CLF certifications sign safe to carry.And then can be according to industry
Safety applications sign, media authentication sign and the CLF certifications sign carried in business transaction request, to the legal of business transaction request
Property is verified, this is described in detail in following embodiments.
Step 103, secure unique application sign, media authentication sign and the CLF certifications sign of the intended application are established
Corresponding binding relationship, and sending to the terminal and traction equipment, so that the terminal and traction equipment are to being given an account of
Matter certification indicates and CLF certifications sign is authenticated.
In the step, since the service application of terminal is when sending user media certification request and CLF certification requests, take
With the corresponding safety applications sign of intended application, so as to establish safety applications sign, media authentication sign and CLF certifications
Indicate corresponding binding relationship.
It is understood that the information of storage medium should be included in above-mentioned user media certification request, i.e. SIM card
Information, when certificate server is first authenticated SIM card, then passes through rear in certification, you can distributes corresponding Jie to SIM card
Matter certification indicates;If being authenticated before SIM card on certificate server, certification when institute before being distributed directly to SIM card
The media authentication sign of distribution.Likewise, the information of CLF is contained in CLF certification requests, in certificate server first to CLF
When being authenticated, then pass through in certification rear, you can distribute corresponding media authentication sign to CLF;If in authentication service before CLF
It is authenticated on device, then the media authentication distributed before being distributed directly to CLF during certification indicates.
Closed when certificate server establishes safety applications sign, media authentication sign and the corresponding binding of CLF certifications sign
System, it will the binding relationship is pushed in terminal and traction equipment, so that terminal and traction equipment are in the process being traded
In to media authentication sign and CLF certifications sign be authenticated, with improve transaction security.
It should be noted that above-mentioned terminal can include a CLF, multiple CLF can also be included.When terminal, there are multiple
In the case of CLF, the corresponding safe classes of different CLF, business operation type are different, are isolated from physical connection and open not TongAn
The transaction data of congruent level, therefore different transaction may be distinguished by different NFC physical connections and realized.But in this implementation
In example, due to being respectively provided with CLF certifications sign and safety applications sign to CLF and intended application, and establish both
Binding relationship, therefore the CLF used in process of exchange can be authenticated, improve the safety merchandised in complex transaction scene
Property.
It should be noted that above-mentioned traction equipment concrete structure can be configured according to actual needs, it is excellent in the present invention
Elect POS (point of sale) equipment as, can also be other traction equipments with POS machine tool.
The user media certification request and CLF certifications that the embodiment of the present invention is sent by obtaining after terminal downloads intended application
Request;The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to CLF certification requests
CLF certifications sign corresponding to the terminal distribution;Establish secure unique application sign, the media authentication mark of the intended application
Show and indicate corresponding binding relationship with CLF certifications, and send to the terminal and traction equipment, for the terminal and friendship
Easy equipment indicates the media authentication and CLF certifications sign is authenticated, and then improves the security of transaction.It ensure that
The reliability merchandised in transaction system under multi-user's secure storage medium, under more NFC connections.
Second embodiment
With reference to Fig. 2, Fig. 2 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in Fig. 2, should
Transaction authentication processing method comprises the following steps:
Step 201, the business transaction request that service application is sent is detected;The business transaction request includes safety applications mark
Show, media authentication sign and CLF certifications indicate;
Transaction authentication processing method provided in this embodiment is mainly used in terminal transaction system, for being carried out to terminal
Transaction flow certification.
Specifically, service application can initiate business transaction request to authentication module, when authentication module receives the business
During transaction request, it will be authenticated operating.Wherein, authentication module is stored with the binding relationship of above-mentioned certificate server push,
The binding relationship includes the incidence relation of safety applications sign, media authentication sign and CLF certifications sign;Closed according to the binding
System, asks corresponding transactional operation to be authenticated this initiation business transaction, this is described in detail below.
Step 202, according to the business transaction acquisition request subscriber identification card store media authentication sign and
The CLF certifications sign of CLF storages;
Step 203, the binding relationship for obtaining and preserving from certificate server according to intended application authentication phase is to acquisition
Media authentication indicates and CLF certifications sign is verified that the binding relationship includes the corresponding safety applications of the intended application
The incidence relation of sign, media authentication sign and CLF certifications sign;
After authentication module detects above-mentioned business transaction request, it will ask corresponding medium to be recognized according to the business transaction
The media authentication that card sign obtains its storage to corresponding subscriber identification card indicates, and corresponding according to business transaction request
Media authentication indicates to corresponding subscriber identification card and obtains media authentication sign, and corresponding CLF is asked according to business transaction
Certification indicates to corresponding CLF and obtains CLF certifications sign;When can obtain the media authentication consistent with binding relationship indicate and
CLF certifications indicate, then the certification to media authentication sign and CLF certifications sign is by assert that business transaction request is legal.
Step 204, when being verified, the CLF certifications are notified to indicate corresponding CLF and initiate transaction connection request to transaction
Equipment, so that traction equipment is to the transaction connection request verification.
It is rear asking business transaction progress legitimate verification to pass through, it will to notify corresponding CLF to initiate to hand in the step
Easy connection request connects, into transactional operation flow to traction equipment so that traction equipment is established with terminal.
Alternatively, in order to further improve the security of transaction flow, in the present embodiment, traction equipment can also be set
Above-mentioned transaction connection request is verified.The mode of this verification operation can be configured according to actual needs, such as can
To be verified to above-mentioned binding relationship.Optionally, in the present embodiment, above-mentioned transaction connection request includes the intended application pair
The binding relationship answered.
Above-mentioned transaction connection request includes initiating binding relationship of the business transaction request to intended application, and merchandises and set
It is standby then the binding relationship is verified.Specifically, above-mentioned certificate server is by binding relationship while terminal is pushed to,
Traction equipment is pushed to, it is whether correct by the traction equipment matching above-mentioned transaction connection request of certification, prevent that other people are pseudo- in terminal
Make binding relationship.Due to being verified on traction equipment to the binding relationship in transaction connection request, to realize that transaction connects
The legitimate verification of request is connect, therefore improves the security of transaction.
The embodiment of the present invention during transaction by terminal-pair media authentication sign and CLF certifications sign due to being recognized
Demonstrate,prove, while safety applications are indicated, the transaction that media authentication indicates and the binding relationship loading of CLF certifications sign is sent in CLF
In connection request, binding relationship certification is carried out for traction equipment, so that ensure that subscriber identification card and the legitimacy of CLF,
It ensure that the legitimacy of binding relationship at the same time, therefore improve the security of transaction.
3rd embodiment
With reference to Fig. 3, Fig. 3 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in figure 3, base
In transaction authentication processing method second embodiment of the present invention, in the third embodiment, further included before above-mentioned steps 201:
Step 205, subscriber identity information is verified according to the subscriber identity information checking request received;
Above-mentioned steps 201 are specially:After identity information is verified, the business transaction that detecting service application is sent please
Ask.
In the present embodiment, user identity is unique, certification can be identified by biotechnology.For the side of certification
Formula can be configured according to actual needs, and in the present embodiment preferably, which can be start certification, at other
In embodiment, the startup certification of safety applications can also be.Specifically, can the certification by way of character password, can be with
Pass through iris authentication, recognition of face certification etc..When certification by after, then it is assumed that all operations be owner operation, that is, recognize
Pass through for the identity information certification of all applications.
Fourth embodiment
Further, with reference to Fig. 4, based on above-described embodiment, in the present embodiment, before flow is traded, need first
Installation targets application is wanted, and sets the binding relationship of safety applications sign, media authentication sign and CLF certifications sign, it is right below
This is described in detail.Specifically, further included in the present embodiment, above-mentioned transaction authentication processing method:
Step 206, obtain and the safety applications of authentication storage server transmission indicate, media authentication indicates and CLF certifications
The binding relationship of sign;The certificate server is used for according to the transmitted user of service application application sign safe to carry
Media authentication request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF
Certification indicates and safety applications sign is associated and establishes binding relationship.
Step 207, media authentication sign is written to by corresponding subscriber identification card according to the binding relationship
In, and CLF certifications sign is written in corresponding CLF.
Business platform is issues the platform of above-mentioned intended application, before intended application is issued, first to certificate server Shen
Please intended application issue request, when certificate server to the intended application certification by after, be business platform by certificate server
The legal unique safety applications sign of the intended application that will be issued distribution.Then user can be put down using terminal access business
Platform, so as to be downloaded by service application and be installed the intended application issued by business platform.
After service application is downloaded, it will the safety applications for carrying intended application are indicated to certificate server transmission user Jie
Matter certification request and CLF certification requests, so as to be the corresponding media authentication sign of terminal distribution and CLF certifications by certificate server
Sign, should so as to establish safety since user media certification request and CLF certification requests carry safety applications sign
Corresponding binding relationship is indicated with sign, media authentication sign and CLF certifications.Then the binding relationship is pushed to terminal and friendship
In easy equipment, after terminal gets the binding relationship, it will the media authentication sign in the binding relationship is written to corresponding
In subscriber identification card, CLF certifications sign is written in CLF, for being authenticated operating in subsequent transaction flow.
5th embodiment
With reference to Fig. 5, Fig. 5 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in figure 5, should
Transaction authentication processing method comprises the following steps:
Step 301, traction equipment obtains and stores the binding relationship sent from certificate server, and the binding relationship includes
The incidence relation of safety applications sign, media authentication sign and CLF certifications sign;
Step 302, the transaction connection request that traction equipment detecting real-time terminal is sent, the transaction connection request include hair
Play the binding relationship of the corresponding safety applications sign of business transaction request;
Step 303, the traction equipment according to the binding relationship of storage to the binding relationship in the transaction connection request
It is authenticated;
Step 304, when certification by when, the traction equipment is established and the transaction of the terminal based on NFC communications protocol
Connection.
In the present embodiment, after the binding relationship that traction equipment gets that above-mentioned certificate server is sent, it will detecting is eventually
The transaction connection request sent is held, when detecting transaction connection request, which verifies transaction connection request.
After being verified, you can establish transaction connection using NFC communication modes, carry out user authentication after transaction connection is established, hand over
Easy reference authentication (transaction MAC etc., original NFC transaction flows);When finally completing transaction, business datum is updated.
The embodiment of the present invention is due to verifying binding relationship in traction equipment, so as to effectively prevent other people
Binding relationship is forged in terminal, therefore improves the security of transaction.Further, since the present invention is ensureing existing transaction agent
While flow, the legitimacy verification process of request increase only.Therefore in the case where ensureing that transactions velocity is basically unchanged, carry
The high security of transaction flow.
Sixth embodiment
With reference to Fig. 6, Fig. 6 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in fig. 6, should
Transaction authentication processing method comprises the following steps:
Step 401, user media certification request and CLF certification requests are sent to certificate server;The user media is recognized
Card request and CLF certification requests carry the corresponding safety applications of intended application and indicate;
Step 402, the media authentication that the certificate server is distributed according to the user media certification request is received to indicate,
And the CLF certifications that the certificate server is distributed according to CLF certification requests indicate;To be transmitted industry based on intended application
During transaction request of being engaged in, carry the corresponding safety applications sign of the intended application, media authentication sign and CLF certifications sign and send
Business transaction is asked.
In the step, after service application has downloaded above-mentioned intended application, it will according to the corresponding safety of the intended application
User media certification request and CLF certification requests, and the application sign safe to carry in certification request are sent using sign, with
Corresponding media authentication sign and CLF certifications sign are distributed after user media and CLF certifications is carried out for certificate server, and is built
The binding relationship of vertical three.Meanwhile service application works as business after above-mentioned media authentication sign and CLF certifications sign is got
Apply when sending business transaction request, according to the corresponding application of type of service, it will carry the safety applications sign of application, be situated between
Matter certification indicates and CLF certifications sign, so that the legitimacy that follow-up process asks the business transaction that this sends is verified.
Further, as shown in Figure 7 to 9, it is traded below using transaction authentication processing method provided by the invention
The idiographic flow of operation is described in detail.
As shown in fig. 7, being applied before operation is traded firstly the need of installation, it specifically includes:
Step 601, business platform is asked to intelligent identification system application application issue;
Step 602, intelligent identification system distribution safety applications sign;
Step 603, carried out by service application using download installation;
Step 604, service application application user media certification request;
Step 605, the certification of intelligent identification system distribution media indicates;
Step 606, service application application CLF certification requests;
Step 607, intelligent identification system distribution CLF certifications sign;
Step 608, intelligent identification system establishes the binding of safety applications sign, media authentication sign and CLF certification requests
Relation, and it is written to the intelligent authentication module of terminal.
Step 609, the intelligent authentication module of terminal indicates media authentication in write-in NFC-SIM cards;
Step 610, CLF certifications sign is written in CLF by the intelligent authentication module of terminal;
Step 611, above-mentioned binding relationship is synchronized in traction equipment by intelligent identification system.
By above-mentioned steps 601 to step 611 so as to complete the installation of application, in the verification process of transaction after installation is complete
In, the flow before terminal initiation transaction connection request is as shown in figure 8, it is specifically included:
Step 701, user identity safety applications verification user identity;
Step 702, service application user identity safety applications verify user identity by when, initiate business transaction request
To the intelligent authentication module of terminal;
Step 703, intelligent authentication module according to business transaction request will transmitting medium certification request to user media
Safety applications, are indicated with obtaining the media authentication in NFC-SIM cards by the application of user's media security, and return to media authentication mark
Show intelligent authentication module, media authentication is carried out for intelligent authentication module;
Step 704, intelligent authentication module obtains the CLF certifications sign in CLF, to carry out CLF certifications;
Step 705, intelligent authentication module notifies corresponding CLF to initiate NFC connections;
Step 706, CLF carries binding relationship and initiates transaction connection request.
As shown in figure 9, after terminal initiates transaction connection request to traction equipment, traction equipment is traded the stream of certification
Journey is specific as follows:
Step 801, NFC connectors communicate according to transaction connection request with the intelligent authentication module in traction equipment,
To be authenticated to binding relationship in transaction connection request;
Step 802, when certification by when, transaction connection is established by NFC connectors and the CLF of terminal;
Step 803, after being successfully connected, user is carried out by the NFC-SIM cards of the authentication management in traction equipment and terminal
Certification, parameter transaction certification (transaction MAC etc., original NFC transaction flows);
Step 804, the business datum after NFC-SIM cards write-in transaction, so as to complete to merchandise.
7th embodiment
Referring to Figure 10, Figure 10 is the structure chart for the certificate server that the present invention implements offer, as shown in figure 9, the certification
Server includes:
First acquisition module 1001, for obtain the user media certification request sent after terminal downloads intended application and
CLF certification requests;
First distribution module 1002, for according to the user media certification request to the corresponding medium of the terminal distribution
Certification indicates, and is indicated according to the CLF certifications corresponding to the terminal distribution of CLF certification requests;
Processing module 1003, for establishing secure unique application sign, media authentication sign and the CLF of the intended application
Certification indicates corresponding binding relationship, and sends to the terminal and traction equipment, for the terminal and traction equipment
Media authentication sign and CLF certifications sign are authenticated.
Optionally, above-mentioned certificate server further includes
Second acquisition module, the corresponding application issue request of the intended application is sent for obtaining business platform;
Second distribution module, indicates for distributing corresponding safety applications according to the intended application.
Further, with reference to Figure 11, Figure 11 is the structure chart for the terminal that the present invention implements offer, as shown in figure 11, the end
End includes:
First detecting module 1101, for detecting the business transaction request of service application transmission;The business transaction request
Including safety applications sign, media authentication sign and CLF certifications sign;
3rd acquisition module 1102, for the medium stored according to the business transaction acquisition request subscriber identification card
Certification indicates and the CLF certifications sign of CLF storages;
First authentication module 1103, for the binding relationship that obtains and preserve from certificate server according to intended application to obtaining
The media authentication sign and CLF certifications sign taken is verified that the binding relationship includes the corresponding safety of the intended application
Using the incidence relation of sign, media authentication sign and CLF certifications sign;
Notification module 1104, for when being verified, notifying the CLF certifications indicate corresponding CLF to initiate transaction company
Request is connect to traction equipment, so that traction equipment is to the transaction connection request verification.
Optionally, above-mentioned transaction connection request includes the corresponding binding relationship of the intended application.
Further, with reference to Figure 12, in the present embodiment, in order to realize subscriber authentication, above-mentioned terminal further includes:
Second authentication module 1105, for according to the subscriber identity information checking request that receives to subscriber identity information into
Row verification;
After identity information is verified, triggers first detecting module 1101 and detect the business friendship that service application is sent
Easily request.
Further, before being traded, it is also necessary to by certificate server to safety applications, subscriber identification card and
CLF is authenticated, and distributes corresponding certification sign.Specifically, with reference to Figure 13, in the present embodiment, above-mentioned terminal further includes:
4th acquisition module 1106, for obtaining and storing the safety applications sign sent from certificate server, medium is recognized
The binding relationship of card sign and CLF certifications sign;
Memory module 1107, for media authentication sign to be written to corresponding user's body according to the binding relationship
In part identification card, and CLF certifications sign is written in corresponding CLF;Wherein,
The certificate server is used to be recognized according to the transmitted user media of service application application sign safe to carry
Card request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF certification marks
Show to be associated with safety applications sign and establish binding relationship.
Further, with reference to Figure 14, Figure 14 is the structure chart for the traction equipment that the present invention implements offer, as shown in figure 14,
Traction equipment includes:
5th acquisition module 1401, for obtaining and storing the binding relationship sent from certificate server, the binding is closed
System includes the incidence relation of safety applications sign, media authentication sign and CLF certifications sign;
Second detecting module 1402, the transaction connection request sent for detecting real-time terminal, the transaction connection request
Binding relationship including initiating the corresponding safety applications sign of business transaction request;
Authentication module 1403, carries out the binding relationship in the transaction connection request for the binding relationship according to storage
Certification;
Link block 1404, for when certification by when, established based on NFC communications protocol and connected with the transaction of the terminal
Connect.
Further, with reference to Figure 15, Figure 15 is the structure chart for the terminal that the present invention implements offer, as shown in figure 15, terminal
Including:
Sending module 1501, for sending user media certification request and CLF certification requests to certificate server;The use
The request of family media authentication and CLF certification requests carry the corresponding safety applications of intended application and indicate;
Receiving module 1502, the medium distributed for receiving the certificate server according to the user media certification request
Certification indicates, and the CLF certifications that the certificate server is distributed according to CLF certification requests indicate;With based on intended application
When being transmitted business transaction request, carry the corresponding safety applications sign of the intended application, media authentication sign and CLF and recognize
Card sign sends business transaction request.
Recognize it is understood that certificate server provided by the invention, terminal and traction equipment are used for realization above-mentioned transaction
Processing method is demonstrate,proved, and it is corresponding with transaction authentication processing method, wherein the implementation of each function module is referred to above-mentioned implementation
Example, details are not described herein.
8th embodiment
Further, referring to Figure 16, Figure 16 is the structure chart of the mobile terminal of application of the embodiment of the present invention, such as Figure 16 institutes
Show, mobile terminal 1600 includes:At least one processor 1601, memory 1602, at least one network interface 1604 and user
Interface 1603.Various components in mobile terminal 1600 are coupled by bus system 1605.It is understood that bus system
1605 are used for realization the connection communication between these components.Bus system 1605 further includes power supply in addition to including data/address bus
Bus, controlling bus and status signal bus in addition.But for the sake of clear explanation, various buses are all designated as bus in figure 16
System 1605.
Wherein, user interface 1603 can include display, keyboard or pointing device (for example, mouse, trace ball
(trackball), touch-sensitive plate or touch-screen etc..
It is appreciated that the memory 1602 in the embodiment of the present invention can be volatile memory or non-volatile memories
Device, or may include both volatile and non-volatile memories.Wherein, nonvolatile memory can be read-only storage
(Read-Only Memory, ROM), programmable read only memory (Programmable ROM, PROM), erasable programmable are only
Read memory (Erasable PROM, EPROM), electrically erasable programmable read-only memory (Electrically EPROM,
) or flash memory EEPROM.Volatile memory can be random access memory (Random Access Memory, RAM), it is used
Make External Cache.By exemplary but be not restricted explanation, the RAM of many forms can use, such as static random-access
Memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous dynamic random-access
Memory (Synchronous DRAM, SDRAM), double data speed synchronous dynamic RAM (Double Data
Rate SDRAM, DDRSDRAM), it is enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), synchronous
Connect dynamic random access memory (Synch link DRAM, SLDRAM) and direct rambus random access memory
(Direct Rambus RAM, DRRAM).The memory 1602 of system and method described herein be intended to including but not limited to this
A little and any other suitable type memory.
In some embodiments, memory 1602 stores following element, executable modules or data structures, or
Their subset of person, or their superset:Operating system 16021 and application program 16022.
Wherein, operating system 16021, comprising various system programs, such as ccf layer, core library layer, driving layer etc., are used for
Realize various basic businesses and the hardware based task of processing.Application program 16022, includes various application programs, such as matchmaker
Body player (Media Player), browser (Browser) etc., are used for realization various applied business.Realize that the present invention is implemented
The program of example method may be embodied in application program 16022.
In embodiments of the present invention, by calling program or the instruction of the storage of memory 1602, specifically, can be application
The program stored in program 16022 or instruction, processor 1601 are used for:Detect the business transaction request that service application is sent;Institute
Stating business transaction request includes safety applications sign, media authentication sign and CLF certifications sign;
What the media authentication sign and CLF stored according to the business transaction acquisition request subscriber identification card stored
CLF certifications indicate;
Media authentication sign and CLF of the binding relationship for obtaining and preserving from certificate server according to intended application to acquisition
Certification sign is verified that the binding relationship includes the corresponding safety applications sign of the intended application, media authentication sign
With the incidence relation of CLF certifications sign;
When being verified, the CLF certifications are notified to indicate corresponding CLF and initiate transaction connection request to traction equipment,
So that traction equipment is to the transaction connection request verification.
The method that the embodiments of the present invention disclose can be applied in processor 1601, or real by processor 1601
It is existing.Processor 1601 is probably a kind of IC chip, has the disposal ability of signal.During realization, the above method
Each step can be completed by the instruction of the integrated logic circuit of the hardware in processor 1601 or software form.Above-mentioned
Processor 1601 can be general processor, digital signal processor (Digital Signal Processor, DSP), special
Integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components.It can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.It is general
Processor can be microprocessor or the processor can also be any conventional processor etc..With reference to institute of the embodiment of the present invention
The step of disclosed method, can be embodied directly in hardware decoding processor and perform completion, or with the hardware in decoding processor
And software module combination performs completion.Software module can be located at random access memory, and flash memory, read-only storage, may be programmed read-only
In the storage medium of this area such as memory or electrically erasable programmable memory, register maturation.The storage medium is located at
The step of memory 1602, processor 1601 reads the information in memory 1602, the above method is completed with reference to its hardware.
It is understood that embodiments described herein can use hardware, software, firmware, middleware, microcode or its
Combine to realize.For hardware realization, processing unit can be realized in one or more application-specific integrated circuit (Application
Specific Integrated Circuits, ASIC), digital signal processor (Digital Signal Processing,
DSP), digital signal processing appts (DSP Device, DSPD), programmable logic device (Programmable Logic
Device, PLD), field programmable gate array (Field-Programmable Gate Array, FPGA), general processor,
In controller, microcontroller, microprocessor, other electronic units for performing herein described function or its combination.
Realize, can be realized herein by performing the module (such as process, function etc.) of function described herein for software
The technology.Software code is storable in memory and is performed by processor.Memory can within a processor or
Realized outside processor.
Optionally, above-mentioned transaction connection request includes the corresponding binding relationship of the intended application.
Optionally, following operation is performed by the program or instruction of calling the storage of memory 1602:
Subscriber identity information checking request according to receiving verifies subscriber identity information;
After identity information is verified, the business transaction that detecting service application is sent is asked.
Optionally, following operation is performed by the program or instruction of calling the storage of memory 1602:
Obtain and store the safety applications sign sent from certificate server, media authentication sign and CLF certifications sign
Binding relationship;
Media authentication sign is written in corresponding subscriber identification card according to the binding relationship, and by institute
CLF certifications sign is stated to be written in corresponding CLF;Wherein,
The certificate server is used to be recognized according to the transmitted user media of service application application sign safe to carry
Card request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF certification marks
Show to be associated with safety applications sign and establish binding relationship.
Those of ordinary skill in the art may realize that each exemplary list described with reference to the embodiments described herein
Member and algorithm steps, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
Performed with hardware or software mode, application-specific and design constraint depending on technical solution.Professional technician
Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed
The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, details are not described herein.
In embodiment provided herein, it should be understood that disclosed apparatus and method, can pass through others
Mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, is only
A kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or
Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, device or unit
Connect, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit
Component may or may not be physical location, you can with positioned at a place, or can also be distributed to multiple networks
On unit.Some or all of unit therein can be selected to realize the mesh of the embodiment of the present invention according to the actual needs
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units integrate in a unit.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part to contribute to the prior art or the part of the technical solution can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment the method for the present invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, ROM, RAM, magnetic disc or CD etc. are various can be with store program codes
Medium.
The above description is merely a specific embodiment, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be subject to scope of the claims.
Claims (16)
1. a kind of transaction authentication processing method, it is characterised in that the transaction authentication processing method includes:
Obtain the user media certification request and CLF certification requests sent after terminal downloads intended application;
The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to CLF certification requests
CLF certifications sign corresponding to the terminal distribution;
The secure unique application sign, media authentication sign and the corresponding binding of CLF certifications sign for establishing the intended application are closed
System, and sending to the terminal and traction equipment, for the terminal and traction equipment to media authentication sign and
CLF certifications sign is authenticated.
2. transaction authentication processing method as claimed in claim 1, it is characterised in that after the acquisition terminal downloads intended application
Further included before the step of user media certification request and CLF certification requests of transmission:
Obtain business platform and send the corresponding application issue request of the intended application;
Corresponding safety applications sign is distributed according to the intended application.
3. a kind of transaction authentication processing method, it is characterised in that the transaction authentication processing method includes:
Detect the business transaction request that service application is sent;The business transaction request includes safety applications sign, media authentication
Sign and CLF certifications sign;
The CLF that the media authentication sign and CLF stored according to the business transaction acquisition request subscriber identification card stores
Certification indicates;
The binding relationship for obtaining and preserving from certificate server according to intended application is to the media authentication sign of acquisition and CLF certifications
Sign is verified that the binding relationship includes the corresponding safety applications sign of the intended application, media authentication sign and CLF
The incidence relation of certification sign;
When being verified, the CLF certifications are notified to indicate corresponding CLF and initiate transaction connection request to traction equipment, for
Traction equipment is to the transaction connection request verification.
4. transaction authentication processing method as claimed in claim 3, it is characterised in that the transaction connection request includes the mesh
Mark applies corresponding binding relationship.
5. transaction authentication processing method as claimed in claim 3, it is characterised in that the business that the detecting service application is sent
Further included before transaction request:
Subscriber identity information checking request according to receiving verifies subscriber identity information;
After identity information is verified, the business transaction that detecting service application is sent is asked.
6. transaction authentication processing method as claimed in claim 3, it is characterised in that the business that the detecting service application is sent
Further included before transaction request:
Obtain and store the binding of the safety applications sign sent from certificate server, media authentication sign and CLF certifications sign
Relation;
Media authentication sign is written in corresponding subscriber identification card according to the binding relationship, and by described in
CLF certifications sign is written in corresponding CLF;Wherein,
The certificate server is used for please according to the transmitted user media certification of service application application sign safe to carry
Summation CLF certification requests corresponds to distribution media certification sign and CLF certifications sign, media authentication is indicated, CLF certifications indicate and
The safety applications sign, which is associated, establishes binding relationship.
7. a kind of transaction authentication processing method, it is characterised in that the transaction authentication processing method includes:
Traction equipment obtains and stores the binding relationship sent from certificate server, and the binding relationship includes safety applications mark
Show, media authentication indicates and the incidence relation of CLF certifications sign;
The transaction connection request that traction equipment detecting real-time terminal is sent, the transaction connection request includes initiation business transaction please
Seek the binding relationship of corresponding safety applications sign;
The traction equipment is authenticated the binding relationship in the transaction connection request according to the binding relationship of storage;
When certification by when, the traction equipment is established based on NFC communications protocol and is connected with the transaction of the terminal.
8. a kind of transaction authentication processing method, it is characterised in that the transaction authentication processing method includes:
User media certification request and CLF certification requests are sent to certificate server;The user media certification request and CLF recognize
Card request carries the corresponding safety applications sign of intended application;
The media authentication that the certificate server is distributed according to the user media certification request is received to indicate, and the certification
The CLF certifications that server is distributed according to CLF certification requests indicate;To be transmitted business transaction request based on intended application
When, carry the corresponding safety applications sign of the intended application, media authentication sign and CLF certifications sign and send business transaction and ask
Ask.
9. a kind of certificate server, it is characterised in that the certificate server includes:
First acquisition module, please for obtaining the user media certification request sent after terminal downloads intended application and CLF certifications
Ask;
First distribution module, for according to the user media certification request to the corresponding media authentication mark of the terminal distribution
Show, indicated according to the CLF certifications corresponding to the terminal distribution of CLF certification requests;
Processing module, for establishing secure unique application sign, media authentication sign and the CLF certifications sign of the intended application
Corresponding binding relationship, and sending to the terminal and traction equipment, so that the terminal and traction equipment are to being given an account of
Matter certification indicates and CLF certifications sign is authenticated.
10. certificate server as claimed in claim 9, it is characterised in that the certificate server further includes:
Second acquisition module, the corresponding application issue request of the intended application is sent for obtaining business platform;
Second distribution module, indicates for distributing corresponding safety applications according to the intended application.
11. a kind of terminal, it is characterised in that the terminal includes:
First detecting module, for detecting the business transaction request of service application transmission;The business transaction request includes safety
Using sign, media authentication sign and CLF certifications sign;
3rd acquisition module, for the media authentication sign stored according to the business transaction acquisition request subscriber identification card
And the CLF certifications sign of CLF storages;
First authentication module, the medium for the binding relationship that obtains and preserve from certificate server according to intended application to acquisition
Certification indicates and CLF certifications sign is verified, the binding relationship include the intended application corresponding safety applications sign,
Media authentication indicates and the incidence relation of CLF certifications sign;
Notification module, for when being verified, notifying the CLF certifications indicate corresponding CLF to initiate transaction connection request extremely
Traction equipment, so that traction equipment is to the transaction connection request verification.
12. terminal as claimed in claim 11, it is characterised in that the transaction connection request is corresponded to including the intended application
Binding relationship.
13. terminal as claimed in claim 11, it is characterised in that the terminal further includes:
Second authentication module, for being verified according to the subscriber identity information checking request received to subscriber identity information;
After identity information is verified, the business transaction request that the first detecting module detecting service application is sent is triggered.
14. terminal as claimed in claim 11, it is characterised in that the terminal further includes:
4th acquisition module, for obtain and store from certificate server send safety applications sign, media authentication sign and
The binding relationship of CLF certifications sign;
Memory module, for media authentication sign to be written to corresponding subscriber identification card according to the binding relationship
In, and CLF certifications sign is written in corresponding CLF;Wherein,
The certificate server is used for please according to the transmitted user media certification of service application application sign safe to carry
Summation CLF certification requests corresponds to distribution media certification sign and CLF certifications sign, media authentication is indicated, CLF certifications indicate and
The safety applications sign, which is associated, establishes binding relationship.
15. a kind of traction equipment, it is characterised in that the traction equipment includes:
5th acquisition module, for obtaining and storing the binding relationship sent from certificate server, the binding relationship includes peace
The incidence relation of full application sign, media authentication sign and CLF certifications sign;
Second detecting module, the transaction connection request sent for detecting real-time terminal, the transaction connection request include initiating
The binding relationship of the corresponding safety applications sign of business transaction request;
Authentication module, is authenticated the binding relationship in the transaction connection request for the binding relationship according to storage;
Link block, for when certification by when, established based on NFC communications protocol and be connected with the transaction of the terminal.
16. a kind of terminal, it is characterised in that the terminal includes:
Sending module, for sending user media certification request and CLF certification requests to certificate server;The user media is recognized
Card request and CLF certification requests carry the corresponding safety applications of intended application and indicate;
Receiving module, the media authentication mark distributed for receiving the certificate server according to the user media certification request
Show, and the CLF certifications that the certificate server is distributed according to CLF certification requests indicate;To be sent out based on intended application
When sending the business transaction to ask, the corresponding safety applications sign of the intended application, media authentication sign and CLF certifications sign are carried
Send business transaction request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610920935.0A CN107977564B (en) | 2016-10-21 | 2016-10-21 | Transaction authentication processing method, authentication server, terminal and transaction equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610920935.0A CN107977564B (en) | 2016-10-21 | 2016-10-21 | Transaction authentication processing method, authentication server, terminal and transaction equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107977564A true CN107977564A (en) | 2018-05-01 |
CN107977564B CN107977564B (en) | 2020-07-10 |
Family
ID=62004603
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610920935.0A Active CN107977564B (en) | 2016-10-21 | 2016-10-21 | Transaction authentication processing method, authentication server, terminal and transaction equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107977564B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110443613A (en) * | 2019-08-02 | 2019-11-12 | 中国工商银行股份有限公司 | Transaction security authentication method and device |
CN111401672A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Block chain based validity checking method, equipment and system |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090170432A1 (en) * | 2007-12-31 | 2009-07-02 | Victor Lortz | Service provisioning utilizing near field communication |
CN101866463A (en) * | 2009-04-14 | 2010-10-20 | 中兴通讯股份有限公司 | eNFC terminal, eNFC intelligent card and communication method thereof |
CN102314576A (en) * | 2010-07-08 | 2012-01-11 | 英赛瑟库尔公司 | In NFC equipment, carry out the method for Secure Application |
CN102792722A (en) * | 2010-03-09 | 2012-11-21 | 质子世界国际公司 | Protection against rerouting in an NFC circuit communication channel |
CN103116844A (en) * | 2013-03-06 | 2013-05-22 | 李锦风 | Near field communication payment method authenticated by both sides of deal |
CN103139210A (en) * | 2013-02-06 | 2013-06-05 | 平安银行股份有限公司 | Method of safety authentication |
CN104717599A (en) * | 2013-12-13 | 2015-06-17 | 中国移动通信集团公司 | NFC event reporting method for mobile terminal and device |
CN104915834A (en) * | 2014-03-10 | 2015-09-16 | 北京同方微电子有限公司 | Mobile payment system based on high-capacity USIM card, and implementation method thereof |
CN105722005A (en) * | 2014-12-04 | 2016-06-29 | 中国移动通信集团公司 | Near-field communication method and device |
-
2016
- 2016-10-21 CN CN201610920935.0A patent/CN107977564B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090170432A1 (en) * | 2007-12-31 | 2009-07-02 | Victor Lortz | Service provisioning utilizing near field communication |
CN101866463A (en) * | 2009-04-14 | 2010-10-20 | 中兴通讯股份有限公司 | eNFC terminal, eNFC intelligent card and communication method thereof |
CN102792722A (en) * | 2010-03-09 | 2012-11-21 | 质子世界国际公司 | Protection against rerouting in an NFC circuit communication channel |
CN102314576A (en) * | 2010-07-08 | 2012-01-11 | 英赛瑟库尔公司 | In NFC equipment, carry out the method for Secure Application |
CN103139210A (en) * | 2013-02-06 | 2013-06-05 | 平安银行股份有限公司 | Method of safety authentication |
CN103116844A (en) * | 2013-03-06 | 2013-05-22 | 李锦风 | Near field communication payment method authenticated by both sides of deal |
CN104717599A (en) * | 2013-12-13 | 2015-06-17 | 中国移动通信集团公司 | NFC event reporting method for mobile terminal and device |
CN104915834A (en) * | 2014-03-10 | 2015-09-16 | 北京同方微电子有限公司 | Mobile payment system based on high-capacity USIM card, and implementation method thereof |
CN105722005A (en) * | 2014-12-04 | 2016-06-29 | 中国移动通信集团公司 | Near-field communication method and device |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111401672A (en) * | 2019-01-02 | 2020-07-10 | 中国移动通信有限公司研究院 | Block chain based validity checking method, equipment and system |
CN111401672B (en) * | 2019-01-02 | 2023-11-28 | 中国移动通信有限公司研究院 | Block chain-based validity verification method, device and system |
CN110443613A (en) * | 2019-08-02 | 2019-11-12 | 中国工商银行股份有限公司 | Transaction security authentication method and device |
Also Published As
Publication number | Publication date |
---|---|
CN107977564B (en) | 2020-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
AU2019226230B2 (en) | Method and apparatus for providing secure services using a mobile device | |
US11743721B2 (en) | Protection of a communication channel between a security module and an NFC circuit | |
RU2427917C2 (en) | Device, system and method to reduce time of interaction in contactless transaction | |
KR102010355B1 (en) | Nfc transaction server | |
US11963004B2 (en) | Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit | |
US10716007B2 (en) | Protection of a security module in a telecommunication device coupled to an NFC circuit | |
US9219745B2 (en) | Assessing the resistance of a security module against attacks by communication pipe diversion | |
US9225687B2 (en) | Access control mechanism for a secure element coupled to an NFC circuit | |
US9185561B2 (en) | Protection against rerouting in an NFC circuit communication channel | |
CA2955197A1 (en) | Mobile communication device with proximity based communication circuitry | |
JP2015136121A (en) | Updating mobile devices with additional elements | |
KR20160030342A (en) | Method of paying for a product or service on a commercial website via an internet connection and a corresponding terminal | |
EP2705455B1 (en) | Determination of apparatus configuration and programming data | |
CN107977564A (en) | A kind of transaction authentication processing method, certificate server, terminal and traction equipment | |
KR101648506B1 (en) | Service System and Service Providing Method for Complex Settlement | |
CN111756703A (en) | Debugging interface management method and device and electronic equipment | |
Pourghomi et al. | Ecosystem scenarios for cloud-based NFC payments | |
JP7461564B2 (en) | Secure end-to-end pairing of secure elements with mobile devices | |
CN103457730B (en) | Safety information interaction device and method and for the mutual IC-card of safety information | |
KR20140013810A (en) | Mobile billing method | |
Bank | Payments Security White Paper | |
CN105205665A (en) | Method and apparatus for providing credit for load states | |
KR20120089884A (en) | Smart phone and method for providing card transaction by mutual consent of certification value | |
CN106204047A (en) | A kind of mobile terminal payment device | |
KR20180017296A (en) | Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Affiliated Store's Mobile Device with Sound Signal Sending |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |