CN107977564A - A kind of transaction authentication processing method, certificate server, terminal and traction equipment - Google Patents

A kind of transaction authentication processing method, certificate server, terminal and traction equipment Download PDF

Info

Publication number
CN107977564A
CN107977564A CN201610920935.0A CN201610920935A CN107977564A CN 107977564 A CN107977564 A CN 107977564A CN 201610920935 A CN201610920935 A CN 201610920935A CN 107977564 A CN107977564 A CN 107977564A
Authority
CN
China
Prior art keywords
sign
clf
transaction
certifications
certification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610920935.0A
Other languages
Chinese (zh)
Other versions
CN107977564B (en
Inventor
王钊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201610920935.0A priority Critical patent/CN107977564B/en
Publication of CN107977564A publication Critical patent/CN107977564A/en
Application granted granted Critical
Publication of CN107977564B publication Critical patent/CN107977564B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs

Abstract

The present invention provides a kind of transaction authentication processing method, and transaction authentication processing method includes:Obtain the user media certification request and CLF certification requests sent after terminal downloads intended application;The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, is indicated according to the CLF certifications corresponding to the terminal distribution of CLF certification requests;Secure unique application sign, media authentication sign and the CLF certifications for establishing the intended application indicate corresponding binding relationship, and send to the terminal and traction equipment, for the terminal and the media authentication is indicated traction equipment and CLF certifications sign is authenticated.The invention also discloses certificate server, terminal and traction equipment.The present invention improves the security of terminal transaction.

Description

A kind of transaction authentication processing method, certificate server, terminal and traction equipment
Technical field
The present invention relates to mobile payment field, more particularly to a kind of transaction authentication processing method, certificate server, terminal and Traction equipment.
Background technology
With the development of intelligent terminal, existing intelligent terminal on the market supports double card (such as SIM card) mostly, or even double The virtual soft card (soft SIM card) of operating system simulated implementation is supported on the basis of card.So so that the secure storage of intelligent terminal Medium will occur multiple, but the corresponding secure storage medium of different applications is really multifarious, its different application corresponds to Different secure storage mediums be also (user can voluntarily configure) that can become at random so that lead to not to secure storage be situated between Matter carries out safety certification so that the security of transaction is poor.
The content of the invention
The embodiment of the present invention provides a kind of transaction authentication processing method, certificate server, terminal and traction equipment, to improve The security of terminal transaction.
In a first aspect, an embodiment of the present invention provides a kind of transaction authentication processing method, the transaction authentication processing method Including:
Obtain the user media certification request and CLF certification requests sent after terminal downloads intended application;
The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to CLF certifications Request CLF certifications sign corresponding to the terminal distribution;
Secure unique application sign, media authentication sign and the CLF certifications for establishing the intended application indicate corresponding tie up Determine relation, and send to the terminal and traction equipment, so that the terminal and traction equipment are to the media authentication mark Show and be authenticated with CLF certifications sign.
Preferably, it is described to obtain the user media certification request and CLF certification requests sent after terminal downloads intended application The step of before further include:
Obtain business platform and send the corresponding application issue request of the intended application;
Corresponding safety applications sign is distributed according to the intended application.
Second aspect, the embodiment of the present invention also provide a kind of transaction authentication processing method, the transaction authentication processing method Including:
Detect the business transaction request that service application is sent;The business transaction request includes safety applications sign, medium Certification indicates and CLF certifications sign;
What the media authentication sign and CLF stored according to the business transaction acquisition request subscriber identification card stored CLF certifications indicate;
Media authentication sign and CLF of the binding relationship for obtaining and preserving from certificate server according to intended application to acquisition Certification sign is verified that the binding relationship includes the corresponding safety applications sign of the intended application, media authentication sign With the incidence relation of CLF certifications sign;
When being verified, the CLF certifications are notified to indicate corresponding CLF and initiate transaction connection request to traction equipment, So that traction equipment is to the transaction connection request verification.
Preferably, the transaction connection request includes the corresponding binding relationship of the intended application.
Preferably, further included before the business transaction request that the detecting service application is sent:
Subscriber identity information checking request according to receiving verifies subscriber identity information;
After identity information is verified, the business transaction that detecting service application is sent is asked.
Preferably, further included before the business transaction request that the detecting service application is sent:
Obtain and store the safety applications sign sent from certificate server, media authentication sign and CLF certifications sign Binding relationship;
Media authentication sign is written in corresponding subscriber identification card according to the binding relationship, and by institute CLF certifications sign is stated to be written in corresponding CLF;Wherein,
The certificate server is used to be recognized according to the transmitted user media of service application application sign safe to carry Card request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF certification marks Show to be associated with safety applications sign and establish binding relationship.
The third aspect, the embodiment of the present invention also provide a kind of transaction authentication processing method, the transaction authentication processing method Including:
Traction equipment obtains and stores the binding relationship sent from certificate server, and the binding relationship includes safety applications The incidence relation of sign, media authentication sign and CLF certifications sign;
The transaction connection request that traction equipment detecting real-time terminal is sent, the transaction connection request are handed over including initiation business The easily binding relationship of the corresponding safety applications sign of request;
The traction equipment is authenticated the binding relationship in the transaction connection request according to the binding relationship of storage;
When certification by when, the traction equipment is established based on NFC communications protocol and is connected with the transaction of the terminal.
Fourth aspect, the embodiment of the present invention also provide a kind of transaction authentication processing method, the transaction authentication processing method Including:
User media certification request and CLF certification requests are sent to certificate server;The user media certification request and CLF certification requests carry the corresponding safety applications sign of intended application;
The media authentication that the certificate server is distributed according to the user media certification request is received to indicate, and it is described The CLF certifications that certificate server is distributed according to CLF certification requests indicate;With based on intended application be transmitted business transaction please When asking, carry the corresponding safety applications sign of the intended application, media authentication sign and CLF certifications sign and send business transaction Request.
5th aspect, the embodiment of the present invention also provide a kind of certificate server, and the certificate server includes:
First acquisition module, recognizes for obtaining the user media certification request sent after terminal downloads intended application and CLF Card request;
First distribution module, for according to the user media certification request to the corresponding media authentication of the terminal distribution Sign, indicates according to the CLF certifications corresponding to the terminal distribution of CLF certification requests;
Processing module, for establishing secure unique application sign, media authentication sign and the CLF certifications of the intended application Indicate corresponding binding relationship, and send to the terminal and traction equipment, so that the terminal and traction equipment are to institute State media authentication sign and CLF certifications sign is authenticated.
Preferably, the certificate server further includes:
Second acquisition module, the corresponding application issue request of the intended application is sent for obtaining business platform;
Second distribution module, indicates for distributing corresponding safety applications according to the intended application.
6th aspect, the embodiment of the present invention also provide a kind of terminal, and the terminal includes:
First detecting module, for detecting the business transaction request of service application transmission;The business transaction request includes Safety applications sign, media authentication sign and CLF certifications sign;
3rd acquisition module, for the media authentication stored according to the business transaction acquisition request subscriber identification card Sign and the CLF certifications sign of CLF storages;
First authentication module, for the binding relationship that obtains and preserve from certificate server according to intended application to acquisition Media authentication indicates and CLF certifications sign is verified that the binding relationship includes the corresponding safety applications of the intended application The incidence relation of sign, media authentication sign and CLF certifications sign;
Notification module, for when being verified, notifying the CLF certifications indicate corresponding CLF initiations transaction connection please Ask to traction equipment, so that traction equipment is to the transaction connection request verification.
Preferably, the transaction connection request includes the corresponding binding relationship of the intended application.
Preferably, the terminal further includes:
Second authentication module, for being tested according to the subscriber identity information checking request received subscriber identity information Card;
After identity information is verified, triggers the business transaction that the first detecting module detecting service application is sent and ask Ask.
Preferably, the terminal further includes:
4th acquisition module, for obtaining and storing the safety applications sign sent from certificate server, media authentication mark Show the binding relationship with CLF certifications sign;
Memory module, knows for media authentication sign to be written to corresponding user identity according to the binding relationship Not Ka in, and by the CLF certifications sign be written in corresponding CLF;Wherein,
The certificate server is used to be recognized according to the transmitted user media of service application application sign safe to carry Card request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF certification marks Show to be associated with safety applications sign and establish binding relationship.
7th aspect, the embodiment of the present invention also provide a kind of traction equipment, and the traction equipment includes:
5th acquisition module, for obtaining and storing the binding relationship sent from certificate server, the binding relationship bag Include the incidence relation of safety applications sign, media authentication sign and CLF certifications sign;
Second detecting module, the transaction connection request sent for detecting real-time terminal, the transaction connection request include Initiate the binding relationship of the corresponding safety applications sign of business transaction request;
Authentication module, recognizes the binding relationship in the transaction connection request for the binding relationship according to storage Card;
Link block, for when certification by when, established based on NFC communications protocol and be connected with the transaction of the terminal.
Eighth aspect, the embodiment of the present invention also provide a kind of terminal, which includes:
Sending module, for sending user media certification request and CLF certification requests to certificate server;The user is situated between Matter certification request and CLF certification requests carry the corresponding safety applications sign of intended application;
Receiving module, the media authentication distributed for receiving the certificate server according to the user media certification request Sign, and the CLF certifications that the certificate server is distributed according to CLF certification requests indicate;To be carried out based on intended application When sending business transaction request, the corresponding safety applications sign of the intended application, media authentication sign and CLF certification marks are carried Show and send business transaction request.
The user media certification request and CLF certifications that the embodiment of the present invention is sent by obtaining after terminal downloads intended application Request;The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to CLF certification requests CLF certifications sign corresponding to the terminal distribution;Establish secure unique application sign, the media authentication mark of the intended application Show and indicate corresponding binding relationship with CLF certifications, and send to the terminal and traction equipment, for the terminal and friendship Easy equipment indicates the media authentication and CLF certifications sign is authenticated, and then improves the security of transaction.It ensure that The reliability merchandised in transaction system under multi-user's secure storage medium, under more NFC connections.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, needed in being described below to the embodiment of the present invention Attached drawing to be used is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, For those of ordinary skill in the art, without having to pay creative labor, can also be obtained according to these attached drawings Obtain other attached drawings.
Fig. 1 is the flow chart for the transaction authentication processing method that first embodiment of the invention provides;
Fig. 2 is the flow chart for the transaction authentication processing method that second embodiment of the invention provides;
Fig. 3 is the flow chart for the transaction authentication processing method that third embodiment of the invention provides;
Fig. 4 is the flow chart for the transaction authentication processing method that fourth embodiment of the invention provides;
Fig. 5 is the flow chart for the transaction authentication processing method that fifth embodiment of the invention provides;
Fig. 6 is the flow chart for the transaction authentication processing method that sixth embodiment of the invention provides;
Fig. 7 is that installation process flow chart is applied in transaction authentication processing method provided in an embodiment of the present invention;
Fig. 8 is the identifying procedure produced in transaction authentication processing method provided in an embodiment of the present invention before transaction connection request Figure;
Fig. 9 is the identifying procedure produced in transaction authentication processing method provided in an embodiment of the present invention after transaction connection request Figure;
Figure 10 is the structure chart of the certificate server provided in seventh embodiment of the invention;
Figure 11 is one of structure chart of terminal provided in seventh embodiment of the invention;
Figure 12 is the two of the structure chart of the terminal provided in seventh embodiment of the invention;
Figure 13 is the three of the structure chart of the terminal provided in seventh embodiment of the invention;
Figure 14 is the functional module structure figure of the traction equipment provided in seventh embodiment of the invention;
Figure 15 is the four of the structure chart of the terminal provided in seventh embodiment of the invention;
Figure 16 is the structure chart of the mobile terminal of seventh embodiment of the invention application.
Embodiment
Below in conjunction with the attached drawing in the embodiment of the present invention, the technical solution in the embodiment of the present invention is carried out clear, complete Site preparation describes, it is clear that described embodiment is part of the embodiment of the present invention, instead of all the embodiments.Based on this hair Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained without creative efforts Example, belongs to the scope of protection of the invention.
First embodiment
Referring to Fig. 1, Fig. 1 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in Figure 1, bag Include following steps:
Step 101, the user media certification request and CLF certification requests sent after terminal downloads intended application is obtained;
Transaction authentication processing method provided in this embodiment is mainly used in terminal transaction system, for the friendship to terminal Safety applications sign, media authentication sign and CLF certifications sign in easy verification process are managed distribution.
In the present embodiment, above-mentioned terminal is based on TEE (Trusted Execution Environment, credible execution ring Border) technology NFC (Near Field Communication, wireless near field communication) terminal, be, for example, mobile phone.In the mobile phone With multiple storage mediums, which is preferably subscriber identification card, such as can be SIM card and/or UIM cards;Tool Body, the user's identification card are the card with NFC function, such as NFC-SIM cards.NFC transaction chips are equipped with the terminal (CLF), which is used to establish communication connection with traction equipment.
In the step, above-mentioned intended application is the application of business platform issue, this is applied before issue, it is necessary first to is carried out Certification.Optionally, above-mentioned transaction authentication processing method further includes the verification process to application, specifically, obtaining terminal downloads Further included before the step of user media certification request and CLF certification requests for being sent after intended application:
Obtain business platform and send the corresponding application issue request of the intended application;
Corresponding safety applications sign is distributed according to the intended application.
Specifically, business platform is issued to certificate server application intended application ask first, when recognizing before issue is applied Server is demonstrate,proved to the intended application certification by rear, is distributed by certificate server for the intended application that will be issued of business platform Legal unique safety applications sign.
There is service application in the terminal, the intended application that can be issued by the service application with downloading service platform.And And service application can be indicated according to the safety applications of the intended application of download, sending user media certification to certificate server please Summation CLF certification requests.
Step 102, the corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to CLF certification requests CLF certifications sign corresponding to the terminal distribution;
In the step, certificate server will distribute corresponding media authentication sign to industry according to user media certification request Business application, while corresponding CLF certifications sign is distributed to service application according to CLF certifications sign;So as to be sent when service application When business transaction is asked, it will application sign, media authentication sign and CLF certifications sign safe to carry.And then can be according to industry Safety applications sign, media authentication sign and the CLF certifications sign carried in business transaction request, to the legal of business transaction request Property is verified, this is described in detail in following embodiments.
Step 103, secure unique application sign, media authentication sign and the CLF certifications sign of the intended application are established Corresponding binding relationship, and sending to the terminal and traction equipment, so that the terminal and traction equipment are to being given an account of Matter certification indicates and CLF certifications sign is authenticated.
In the step, since the service application of terminal is when sending user media certification request and CLF certification requests, take With the corresponding safety applications sign of intended application, so as to establish safety applications sign, media authentication sign and CLF certifications Indicate corresponding binding relationship.
It is understood that the information of storage medium should be included in above-mentioned user media certification request, i.e. SIM card Information, when certificate server is first authenticated SIM card, then passes through rear in certification, you can distributes corresponding Jie to SIM card Matter certification indicates;If being authenticated before SIM card on certificate server, certification when institute before being distributed directly to SIM card The media authentication sign of distribution.Likewise, the information of CLF is contained in CLF certification requests, in certificate server first to CLF When being authenticated, then pass through in certification rear, you can distribute corresponding media authentication sign to CLF;If in authentication service before CLF It is authenticated on device, then the media authentication distributed before being distributed directly to CLF during certification indicates.
Closed when certificate server establishes safety applications sign, media authentication sign and the corresponding binding of CLF certifications sign System, it will the binding relationship is pushed in terminal and traction equipment, so that terminal and traction equipment are in the process being traded In to media authentication sign and CLF certifications sign be authenticated, with improve transaction security.
It should be noted that above-mentioned terminal can include a CLF, multiple CLF can also be included.When terminal, there are multiple In the case of CLF, the corresponding safe classes of different CLF, business operation type are different, are isolated from physical connection and open not TongAn The transaction data of congruent level, therefore different transaction may be distinguished by different NFC physical connections and realized.But in this implementation In example, due to being respectively provided with CLF certifications sign and safety applications sign to CLF and intended application, and establish both Binding relationship, therefore the CLF used in process of exchange can be authenticated, improve the safety merchandised in complex transaction scene Property.
It should be noted that above-mentioned traction equipment concrete structure can be configured according to actual needs, it is excellent in the present invention Elect POS (point of sale) equipment as, can also be other traction equipments with POS machine tool.
The user media certification request and CLF certifications that the embodiment of the present invention is sent by obtaining after terminal downloads intended application Request;The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to CLF certification requests CLF certifications sign corresponding to the terminal distribution;Establish secure unique application sign, the media authentication mark of the intended application Show and indicate corresponding binding relationship with CLF certifications, and send to the terminal and traction equipment, for the terminal and friendship Easy equipment indicates the media authentication and CLF certifications sign is authenticated, and then improves the security of transaction.It ensure that The reliability merchandised in transaction system under multi-user's secure storage medium, under more NFC connections.
Second embodiment
With reference to Fig. 2, Fig. 2 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in Fig. 2, should Transaction authentication processing method comprises the following steps:
Step 201, the business transaction request that service application is sent is detected;The business transaction request includes safety applications mark Show, media authentication sign and CLF certifications indicate;
Transaction authentication processing method provided in this embodiment is mainly used in terminal transaction system, for being carried out to terminal Transaction flow certification.
Specifically, service application can initiate business transaction request to authentication module, when authentication module receives the business During transaction request, it will be authenticated operating.Wherein, authentication module is stored with the binding relationship of above-mentioned certificate server push, The binding relationship includes the incidence relation of safety applications sign, media authentication sign and CLF certifications sign;Closed according to the binding System, asks corresponding transactional operation to be authenticated this initiation business transaction, this is described in detail below.
Step 202, according to the business transaction acquisition request subscriber identification card store media authentication sign and The CLF certifications sign of CLF storages;
Step 203, the binding relationship for obtaining and preserving from certificate server according to intended application authentication phase is to acquisition Media authentication indicates and CLF certifications sign is verified that the binding relationship includes the corresponding safety applications of the intended application The incidence relation of sign, media authentication sign and CLF certifications sign;
After authentication module detects above-mentioned business transaction request, it will ask corresponding medium to be recognized according to the business transaction The media authentication that card sign obtains its storage to corresponding subscriber identification card indicates, and corresponding according to business transaction request Media authentication indicates to corresponding subscriber identification card and obtains media authentication sign, and corresponding CLF is asked according to business transaction Certification indicates to corresponding CLF and obtains CLF certifications sign;When can obtain the media authentication consistent with binding relationship indicate and CLF certifications indicate, then the certification to media authentication sign and CLF certifications sign is by assert that business transaction request is legal.
Step 204, when being verified, the CLF certifications are notified to indicate corresponding CLF and initiate transaction connection request to transaction Equipment, so that traction equipment is to the transaction connection request verification.
It is rear asking business transaction progress legitimate verification to pass through, it will to notify corresponding CLF to initiate to hand in the step Easy connection request connects, into transactional operation flow to traction equipment so that traction equipment is established with terminal.
Alternatively, in order to further improve the security of transaction flow, in the present embodiment, traction equipment can also be set Above-mentioned transaction connection request is verified.The mode of this verification operation can be configured according to actual needs, such as can To be verified to above-mentioned binding relationship.Optionally, in the present embodiment, above-mentioned transaction connection request includes the intended application pair The binding relationship answered.
Above-mentioned transaction connection request includes initiating binding relationship of the business transaction request to intended application, and merchandises and set It is standby then the binding relationship is verified.Specifically, above-mentioned certificate server is by binding relationship while terminal is pushed to, Traction equipment is pushed to, it is whether correct by the traction equipment matching above-mentioned transaction connection request of certification, prevent that other people are pseudo- in terminal Make binding relationship.Due to being verified on traction equipment to the binding relationship in transaction connection request, to realize that transaction connects The legitimate verification of request is connect, therefore improves the security of transaction.
The embodiment of the present invention during transaction by terminal-pair media authentication sign and CLF certifications sign due to being recognized Demonstrate,prove, while safety applications are indicated, the transaction that media authentication indicates and the binding relationship loading of CLF certifications sign is sent in CLF In connection request, binding relationship certification is carried out for traction equipment, so that ensure that subscriber identification card and the legitimacy of CLF, It ensure that the legitimacy of binding relationship at the same time, therefore improve the security of transaction.
3rd embodiment
With reference to Fig. 3, Fig. 3 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in figure 3, base In transaction authentication processing method second embodiment of the present invention, in the third embodiment, further included before above-mentioned steps 201:
Step 205, subscriber identity information is verified according to the subscriber identity information checking request received;
Above-mentioned steps 201 are specially:After identity information is verified, the business transaction that detecting service application is sent please Ask.
In the present embodiment, user identity is unique, certification can be identified by biotechnology.For the side of certification Formula can be configured according to actual needs, and in the present embodiment preferably, which can be start certification, at other In embodiment, the startup certification of safety applications can also be.Specifically, can the certification by way of character password, can be with Pass through iris authentication, recognition of face certification etc..When certification by after, then it is assumed that all operations be owner operation, that is, recognize Pass through for the identity information certification of all applications.
Fourth embodiment
Further, with reference to Fig. 4, based on above-described embodiment, in the present embodiment, before flow is traded, need first Installation targets application is wanted, and sets the binding relationship of safety applications sign, media authentication sign and CLF certifications sign, it is right below This is described in detail.Specifically, further included in the present embodiment, above-mentioned transaction authentication processing method:
Step 206, obtain and the safety applications of authentication storage server transmission indicate, media authentication indicates and CLF certifications The binding relationship of sign;The certificate server is used for according to the transmitted user of service application application sign safe to carry Media authentication request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF Certification indicates and safety applications sign is associated and establishes binding relationship.
Step 207, media authentication sign is written to by corresponding subscriber identification card according to the binding relationship In, and CLF certifications sign is written in corresponding CLF.
Business platform is issues the platform of above-mentioned intended application, before intended application is issued, first to certificate server Shen Please intended application issue request, when certificate server to the intended application certification by after, be business platform by certificate server The legal unique safety applications sign of the intended application that will be issued distribution.Then user can be put down using terminal access business Platform, so as to be downloaded by service application and be installed the intended application issued by business platform.
After service application is downloaded, it will the safety applications for carrying intended application are indicated to certificate server transmission user Jie Matter certification request and CLF certification requests, so as to be the corresponding media authentication sign of terminal distribution and CLF certifications by certificate server Sign, should so as to establish safety since user media certification request and CLF certification requests carry safety applications sign Corresponding binding relationship is indicated with sign, media authentication sign and CLF certifications.Then the binding relationship is pushed to terminal and friendship In easy equipment, after terminal gets the binding relationship, it will the media authentication sign in the binding relationship is written to corresponding In subscriber identification card, CLF certifications sign is written in CLF, for being authenticated operating in subsequent transaction flow.
5th embodiment
With reference to Fig. 5, Fig. 5 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in figure 5, should Transaction authentication processing method comprises the following steps:
Step 301, traction equipment obtains and stores the binding relationship sent from certificate server, and the binding relationship includes The incidence relation of safety applications sign, media authentication sign and CLF certifications sign;
Step 302, the transaction connection request that traction equipment detecting real-time terminal is sent, the transaction connection request include hair Play the binding relationship of the corresponding safety applications sign of business transaction request;
Step 303, the traction equipment according to the binding relationship of storage to the binding relationship in the transaction connection request It is authenticated;
Step 304, when certification by when, the traction equipment is established and the transaction of the terminal based on NFC communications protocol Connection.
In the present embodiment, after the binding relationship that traction equipment gets that above-mentioned certificate server is sent, it will detecting is eventually The transaction connection request sent is held, when detecting transaction connection request, which verifies transaction connection request. After being verified, you can establish transaction connection using NFC communication modes, carry out user authentication after transaction connection is established, hand over Easy reference authentication (transaction MAC etc., original NFC transaction flows);When finally completing transaction, business datum is updated.
The embodiment of the present invention is due to verifying binding relationship in traction equipment, so as to effectively prevent other people Binding relationship is forged in terminal, therefore improves the security of transaction.Further, since the present invention is ensureing existing transaction agent While flow, the legitimacy verification process of request increase only.Therefore in the case where ensureing that transactions velocity is basically unchanged, carry The high security of transaction flow.
Sixth embodiment
With reference to Fig. 6, Fig. 6 is the flow chart of transaction authentication processing method provided in an embodiment of the present invention, as shown in fig. 6, should Transaction authentication processing method comprises the following steps:
Step 401, user media certification request and CLF certification requests are sent to certificate server;The user media is recognized Card request and CLF certification requests carry the corresponding safety applications of intended application and indicate;
Step 402, the media authentication that the certificate server is distributed according to the user media certification request is received to indicate, And the CLF certifications that the certificate server is distributed according to CLF certification requests indicate;To be transmitted industry based on intended application During transaction request of being engaged in, carry the corresponding safety applications sign of the intended application, media authentication sign and CLF certifications sign and send Business transaction is asked.
In the step, after service application has downloaded above-mentioned intended application, it will according to the corresponding safety of the intended application User media certification request and CLF certification requests, and the application sign safe to carry in certification request are sent using sign, with Corresponding media authentication sign and CLF certifications sign are distributed after user media and CLF certifications is carried out for certificate server, and is built The binding relationship of vertical three.Meanwhile service application works as business after above-mentioned media authentication sign and CLF certifications sign is got Apply when sending business transaction request, according to the corresponding application of type of service, it will carry the safety applications sign of application, be situated between Matter certification indicates and CLF certifications sign, so that the legitimacy that follow-up process asks the business transaction that this sends is verified.
Further, as shown in Figure 7 to 9, it is traded below using transaction authentication processing method provided by the invention The idiographic flow of operation is described in detail.
As shown in fig. 7, being applied before operation is traded firstly the need of installation, it specifically includes:
Step 601, business platform is asked to intelligent identification system application application issue;
Step 602, intelligent identification system distribution safety applications sign;
Step 603, carried out by service application using download installation;
Step 604, service application application user media certification request;
Step 605, the certification of intelligent identification system distribution media indicates;
Step 606, service application application CLF certification requests;
Step 607, intelligent identification system distribution CLF certifications sign;
Step 608, intelligent identification system establishes the binding of safety applications sign, media authentication sign and CLF certification requests Relation, and it is written to the intelligent authentication module of terminal.
Step 609, the intelligent authentication module of terminal indicates media authentication in write-in NFC-SIM cards;
Step 610, CLF certifications sign is written in CLF by the intelligent authentication module of terminal;
Step 611, above-mentioned binding relationship is synchronized in traction equipment by intelligent identification system.
By above-mentioned steps 601 to step 611 so as to complete the installation of application, in the verification process of transaction after installation is complete In, the flow before terminal initiation transaction connection request is as shown in figure 8, it is specifically included:
Step 701, user identity safety applications verification user identity;
Step 702, service application user identity safety applications verify user identity by when, initiate business transaction request To the intelligent authentication module of terminal;
Step 703, intelligent authentication module according to business transaction request will transmitting medium certification request to user media Safety applications, are indicated with obtaining the media authentication in NFC-SIM cards by the application of user's media security, and return to media authentication mark Show intelligent authentication module, media authentication is carried out for intelligent authentication module;
Step 704, intelligent authentication module obtains the CLF certifications sign in CLF, to carry out CLF certifications;
Step 705, intelligent authentication module notifies corresponding CLF to initiate NFC connections;
Step 706, CLF carries binding relationship and initiates transaction connection request.
As shown in figure 9, after terminal initiates transaction connection request to traction equipment, traction equipment is traded the stream of certification Journey is specific as follows:
Step 801, NFC connectors communicate according to transaction connection request with the intelligent authentication module in traction equipment, To be authenticated to binding relationship in transaction connection request;
Step 802, when certification by when, transaction connection is established by NFC connectors and the CLF of terminal;
Step 803, after being successfully connected, user is carried out by the NFC-SIM cards of the authentication management in traction equipment and terminal Certification, parameter transaction certification (transaction MAC etc., original NFC transaction flows);
Step 804, the business datum after NFC-SIM cards write-in transaction, so as to complete to merchandise.
7th embodiment
Referring to Figure 10, Figure 10 is the structure chart for the certificate server that the present invention implements offer, as shown in figure 9, the certification Server includes:
First acquisition module 1001, for obtain the user media certification request sent after terminal downloads intended application and CLF certification requests;
First distribution module 1002, for according to the user media certification request to the corresponding medium of the terminal distribution Certification indicates, and is indicated according to the CLF certifications corresponding to the terminal distribution of CLF certification requests;
Processing module 1003, for establishing secure unique application sign, media authentication sign and the CLF of the intended application Certification indicates corresponding binding relationship, and sends to the terminal and traction equipment, for the terminal and traction equipment Media authentication sign and CLF certifications sign are authenticated.
Optionally, above-mentioned certificate server further includes
Second acquisition module, the corresponding application issue request of the intended application is sent for obtaining business platform;
Second distribution module, indicates for distributing corresponding safety applications according to the intended application.
Further, with reference to Figure 11, Figure 11 is the structure chart for the terminal that the present invention implements offer, as shown in figure 11, the end End includes:
First detecting module 1101, for detecting the business transaction request of service application transmission;The business transaction request Including safety applications sign, media authentication sign and CLF certifications sign;
3rd acquisition module 1102, for the medium stored according to the business transaction acquisition request subscriber identification card Certification indicates and the CLF certifications sign of CLF storages;
First authentication module 1103, for the binding relationship that obtains and preserve from certificate server according to intended application to obtaining The media authentication sign and CLF certifications sign taken is verified that the binding relationship includes the corresponding safety of the intended application Using the incidence relation of sign, media authentication sign and CLF certifications sign;
Notification module 1104, for when being verified, notifying the CLF certifications indicate corresponding CLF to initiate transaction company Request is connect to traction equipment, so that traction equipment is to the transaction connection request verification.
Optionally, above-mentioned transaction connection request includes the corresponding binding relationship of the intended application.
Further, with reference to Figure 12, in the present embodiment, in order to realize subscriber authentication, above-mentioned terminal further includes:
Second authentication module 1105, for according to the subscriber identity information checking request that receives to subscriber identity information into Row verification;
After identity information is verified, triggers first detecting module 1101 and detect the business friendship that service application is sent Easily request.
Further, before being traded, it is also necessary to by certificate server to safety applications, subscriber identification card and CLF is authenticated, and distributes corresponding certification sign.Specifically, with reference to Figure 13, in the present embodiment, above-mentioned terminal further includes:
4th acquisition module 1106, for obtaining and storing the safety applications sign sent from certificate server, medium is recognized The binding relationship of card sign and CLF certifications sign;
Memory module 1107, for media authentication sign to be written to corresponding user's body according to the binding relationship In part identification card, and CLF certifications sign is written in corresponding CLF;Wherein,
The certificate server is used to be recognized according to the transmitted user media of service application application sign safe to carry Card request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF certification marks Show to be associated with safety applications sign and establish binding relationship.
Further, with reference to Figure 14, Figure 14 is the structure chart for the traction equipment that the present invention implements offer, as shown in figure 14, Traction equipment includes:
5th acquisition module 1401, for obtaining and storing the binding relationship sent from certificate server, the binding is closed System includes the incidence relation of safety applications sign, media authentication sign and CLF certifications sign;
Second detecting module 1402, the transaction connection request sent for detecting real-time terminal, the transaction connection request Binding relationship including initiating the corresponding safety applications sign of business transaction request;
Authentication module 1403, carries out the binding relationship in the transaction connection request for the binding relationship according to storage Certification;
Link block 1404, for when certification by when, established based on NFC communications protocol and connected with the transaction of the terminal Connect.
Further, with reference to Figure 15, Figure 15 is the structure chart for the terminal that the present invention implements offer, as shown in figure 15, terminal Including:
Sending module 1501, for sending user media certification request and CLF certification requests to certificate server;The use The request of family media authentication and CLF certification requests carry the corresponding safety applications of intended application and indicate;
Receiving module 1502, the medium distributed for receiving the certificate server according to the user media certification request Certification indicates, and the CLF certifications that the certificate server is distributed according to CLF certification requests indicate;With based on intended application When being transmitted business transaction request, carry the corresponding safety applications sign of the intended application, media authentication sign and CLF and recognize Card sign sends business transaction request.
Recognize it is understood that certificate server provided by the invention, terminal and traction equipment are used for realization above-mentioned transaction Processing method is demonstrate,proved, and it is corresponding with transaction authentication processing method, wherein the implementation of each function module is referred to above-mentioned implementation Example, details are not described herein.
8th embodiment
Further, referring to Figure 16, Figure 16 is the structure chart of the mobile terminal of application of the embodiment of the present invention, such as Figure 16 institutes Show, mobile terminal 1600 includes:At least one processor 1601, memory 1602, at least one network interface 1604 and user Interface 1603.Various components in mobile terminal 1600 are coupled by bus system 1605.It is understood that bus system 1605 are used for realization the connection communication between these components.Bus system 1605 further includes power supply in addition to including data/address bus Bus, controlling bus and status signal bus in addition.But for the sake of clear explanation, various buses are all designated as bus in figure 16 System 1605.
Wherein, user interface 1603 can include display, keyboard or pointing device (for example, mouse, trace ball (trackball), touch-sensitive plate or touch-screen etc..
It is appreciated that the memory 1602 in the embodiment of the present invention can be volatile memory or non-volatile memories Device, or may include both volatile and non-volatile memories.Wherein, nonvolatile memory can be read-only storage (Read-Only Memory, ROM), programmable read only memory (Programmable ROM, PROM), erasable programmable are only Read memory (Erasable PROM, EPROM), electrically erasable programmable read-only memory (Electrically EPROM, ) or flash memory EEPROM.Volatile memory can be random access memory (Random Access Memory, RAM), it is used Make External Cache.By exemplary but be not restricted explanation, the RAM of many forms can use, such as static random-access Memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous dynamic random-access Memory (Synchronous DRAM, SDRAM), double data speed synchronous dynamic RAM (Double Data Rate SDRAM, DDRSDRAM), it is enhanced Synchronous Dynamic Random Access Memory (Enhanced SDRAM, ESDRAM), synchronous Connect dynamic random access memory (Synch link DRAM, SLDRAM) and direct rambus random access memory (Direct Rambus RAM, DRRAM).The memory 1602 of system and method described herein be intended to including but not limited to this A little and any other suitable type memory.
In some embodiments, memory 1602 stores following element, executable modules or data structures, or Their subset of person, or their superset:Operating system 16021 and application program 16022.
Wherein, operating system 16021, comprising various system programs, such as ccf layer, core library layer, driving layer etc., are used for Realize various basic businesses and the hardware based task of processing.Application program 16022, includes various application programs, such as matchmaker Body player (Media Player), browser (Browser) etc., are used for realization various applied business.Realize that the present invention is implemented The program of example method may be embodied in application program 16022.
In embodiments of the present invention, by calling program or the instruction of the storage of memory 1602, specifically, can be application The program stored in program 16022 or instruction, processor 1601 are used for:Detect the business transaction request that service application is sent;Institute Stating business transaction request includes safety applications sign, media authentication sign and CLF certifications sign;
What the media authentication sign and CLF stored according to the business transaction acquisition request subscriber identification card stored CLF certifications indicate;
Media authentication sign and CLF of the binding relationship for obtaining and preserving from certificate server according to intended application to acquisition Certification sign is verified that the binding relationship includes the corresponding safety applications sign of the intended application, media authentication sign With the incidence relation of CLF certifications sign;
When being verified, the CLF certifications are notified to indicate corresponding CLF and initiate transaction connection request to traction equipment, So that traction equipment is to the transaction connection request verification.
The method that the embodiments of the present invention disclose can be applied in processor 1601, or real by processor 1601 It is existing.Processor 1601 is probably a kind of IC chip, has the disposal ability of signal.During realization, the above method Each step can be completed by the instruction of the integrated logic circuit of the hardware in processor 1601 or software form.Above-mentioned Processor 1601 can be general processor, digital signal processor (Digital Signal Processor, DSP), special Integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components.It can realize or perform disclosed each method, step and the logic diagram in the embodiment of the present invention.It is general Processor can be microprocessor or the processor can also be any conventional processor etc..With reference to institute of the embodiment of the present invention The step of disclosed method, can be embodied directly in hardware decoding processor and perform completion, or with the hardware in decoding processor And software module combination performs completion.Software module can be located at random access memory, and flash memory, read-only storage, may be programmed read-only In the storage medium of this area such as memory or electrically erasable programmable memory, register maturation.The storage medium is located at The step of memory 1602, processor 1601 reads the information in memory 1602, the above method is completed with reference to its hardware.
It is understood that embodiments described herein can use hardware, software, firmware, middleware, microcode or its Combine to realize.For hardware realization, processing unit can be realized in one or more application-specific integrated circuit (Application Specific Integrated Circuits, ASIC), digital signal processor (Digital Signal Processing, DSP), digital signal processing appts (DSP Device, DSPD), programmable logic device (Programmable Logic Device, PLD), field programmable gate array (Field-Programmable Gate Array, FPGA), general processor, In controller, microcontroller, microprocessor, other electronic units for performing herein described function or its combination.
Realize, can be realized herein by performing the module (such as process, function etc.) of function described herein for software The technology.Software code is storable in memory and is performed by processor.Memory can within a processor or Realized outside processor.
Optionally, above-mentioned transaction connection request includes the corresponding binding relationship of the intended application.
Optionally, following operation is performed by the program or instruction of calling the storage of memory 1602:
Subscriber identity information checking request according to receiving verifies subscriber identity information;
After identity information is verified, the business transaction that detecting service application is sent is asked.
Optionally, following operation is performed by the program or instruction of calling the storage of memory 1602:
Obtain and store the safety applications sign sent from certificate server, media authentication sign and CLF certifications sign Binding relationship;
Media authentication sign is written in corresponding subscriber identification card according to the binding relationship, and by institute CLF certifications sign is stated to be written in corresponding CLF;Wherein,
The certificate server is used to be recognized according to the transmitted user media of service application application sign safe to carry Card request corresponds to distribution media certification sign and CLF certifications sign with CLF certification requests, media authentication is indicated, CLF certification marks Show to be associated with safety applications sign and establish binding relationship.
Those of ordinary skill in the art may realize that each exemplary list described with reference to the embodiments described herein Member and algorithm steps, can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually Performed with hardware or software mode, application-specific and design constraint depending on technical solution.Professional technician Described function can be realized using distinct methods to each specific application, but this realization is it is not considered that exceed The scope of the present invention.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, details are not described herein.
In embodiment provided herein, it should be understood that disclosed apparatus and method, can pass through others Mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, is only A kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, device or unit Connect, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separate, be shown as unit Component may or may not be physical location, you can with positioned at a place, or can also be distributed to multiple networks On unit.Some or all of unit therein can be selected to realize the mesh of the embodiment of the present invention according to the actual needs 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units integrate in a unit.
If the function is realized in the form of SFU software functional unit and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part to contribute to the prior art or the part of the technical solution can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be People's computer, server, or network equipment etc.) perform all or part of step of each embodiment the method for the present invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, ROM, RAM, magnetic disc or CD etc. are various can be with store program codes Medium.
The above description is merely a specific embodiment, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be subject to scope of the claims.

Claims (16)

1. a kind of transaction authentication processing method, it is characterised in that the transaction authentication processing method includes:
Obtain the user media certification request and CLF certification requests sent after terminal downloads intended application;
The corresponding media authentication of the terminal distribution is indicated according to the user media certification request, according to CLF certification requests CLF certifications sign corresponding to the terminal distribution;
The secure unique application sign, media authentication sign and the corresponding binding of CLF certifications sign for establishing the intended application are closed System, and sending to the terminal and traction equipment, for the terminal and traction equipment to media authentication sign and CLF certifications sign is authenticated.
2. transaction authentication processing method as claimed in claim 1, it is characterised in that after the acquisition terminal downloads intended application Further included before the step of user media certification request and CLF certification requests of transmission:
Obtain business platform and send the corresponding application issue request of the intended application;
Corresponding safety applications sign is distributed according to the intended application.
3. a kind of transaction authentication processing method, it is characterised in that the transaction authentication processing method includes:
Detect the business transaction request that service application is sent;The business transaction request includes safety applications sign, media authentication Sign and CLF certifications sign;
The CLF that the media authentication sign and CLF stored according to the business transaction acquisition request subscriber identification card stores Certification indicates;
The binding relationship for obtaining and preserving from certificate server according to intended application is to the media authentication sign of acquisition and CLF certifications Sign is verified that the binding relationship includes the corresponding safety applications sign of the intended application, media authentication sign and CLF The incidence relation of certification sign;
When being verified, the CLF certifications are notified to indicate corresponding CLF and initiate transaction connection request to traction equipment, for Traction equipment is to the transaction connection request verification.
4. transaction authentication processing method as claimed in claim 3, it is characterised in that the transaction connection request includes the mesh Mark applies corresponding binding relationship.
5. transaction authentication processing method as claimed in claim 3, it is characterised in that the business that the detecting service application is sent Further included before transaction request:
Subscriber identity information checking request according to receiving verifies subscriber identity information;
After identity information is verified, the business transaction that detecting service application is sent is asked.
6. transaction authentication processing method as claimed in claim 3, it is characterised in that the business that the detecting service application is sent Further included before transaction request:
Obtain and store the binding of the safety applications sign sent from certificate server, media authentication sign and CLF certifications sign Relation;
Media authentication sign is written in corresponding subscriber identification card according to the binding relationship, and by described in CLF certifications sign is written in corresponding CLF;Wherein,
The certificate server is used for please according to the transmitted user media certification of service application application sign safe to carry Summation CLF certification requests corresponds to distribution media certification sign and CLF certifications sign, media authentication is indicated, CLF certifications indicate and The safety applications sign, which is associated, establishes binding relationship.
7. a kind of transaction authentication processing method, it is characterised in that the transaction authentication processing method includes:
Traction equipment obtains and stores the binding relationship sent from certificate server, and the binding relationship includes safety applications mark Show, media authentication indicates and the incidence relation of CLF certifications sign;
The transaction connection request that traction equipment detecting real-time terminal is sent, the transaction connection request includes initiation business transaction please Seek the binding relationship of corresponding safety applications sign;
The traction equipment is authenticated the binding relationship in the transaction connection request according to the binding relationship of storage;
When certification by when, the traction equipment is established based on NFC communications protocol and is connected with the transaction of the terminal.
8. a kind of transaction authentication processing method, it is characterised in that the transaction authentication processing method includes:
User media certification request and CLF certification requests are sent to certificate server;The user media certification request and CLF recognize Card request carries the corresponding safety applications sign of intended application;
The media authentication that the certificate server is distributed according to the user media certification request is received to indicate, and the certification The CLF certifications that server is distributed according to CLF certification requests indicate;To be transmitted business transaction request based on intended application When, carry the corresponding safety applications sign of the intended application, media authentication sign and CLF certifications sign and send business transaction and ask Ask.
9. a kind of certificate server, it is characterised in that the certificate server includes:
First acquisition module, please for obtaining the user media certification request sent after terminal downloads intended application and CLF certifications Ask;
First distribution module, for according to the user media certification request to the corresponding media authentication mark of the terminal distribution Show, indicated according to the CLF certifications corresponding to the terminal distribution of CLF certification requests;
Processing module, for establishing secure unique application sign, media authentication sign and the CLF certifications sign of the intended application Corresponding binding relationship, and sending to the terminal and traction equipment, so that the terminal and traction equipment are to being given an account of Matter certification indicates and CLF certifications sign is authenticated.
10. certificate server as claimed in claim 9, it is characterised in that the certificate server further includes:
Second acquisition module, the corresponding application issue request of the intended application is sent for obtaining business platform;
Second distribution module, indicates for distributing corresponding safety applications according to the intended application.
11. a kind of terminal, it is characterised in that the terminal includes:
First detecting module, for detecting the business transaction request of service application transmission;The business transaction request includes safety Using sign, media authentication sign and CLF certifications sign;
3rd acquisition module, for the media authentication sign stored according to the business transaction acquisition request subscriber identification card And the CLF certifications sign of CLF storages;
First authentication module, the medium for the binding relationship that obtains and preserve from certificate server according to intended application to acquisition Certification indicates and CLF certifications sign is verified, the binding relationship include the intended application corresponding safety applications sign, Media authentication indicates and the incidence relation of CLF certifications sign;
Notification module, for when being verified, notifying the CLF certifications indicate corresponding CLF to initiate transaction connection request extremely Traction equipment, so that traction equipment is to the transaction connection request verification.
12. terminal as claimed in claim 11, it is characterised in that the transaction connection request is corresponded to including the intended application Binding relationship.
13. terminal as claimed in claim 11, it is characterised in that the terminal further includes:
Second authentication module, for being verified according to the subscriber identity information checking request received to subscriber identity information;
After identity information is verified, the business transaction request that the first detecting module detecting service application is sent is triggered.
14. terminal as claimed in claim 11, it is characterised in that the terminal further includes:
4th acquisition module, for obtain and store from certificate server send safety applications sign, media authentication sign and The binding relationship of CLF certifications sign;
Memory module, for media authentication sign to be written to corresponding subscriber identification card according to the binding relationship In, and CLF certifications sign is written in corresponding CLF;Wherein,
The certificate server is used for please according to the transmitted user media certification of service application application sign safe to carry Summation CLF certification requests corresponds to distribution media certification sign and CLF certifications sign, media authentication is indicated, CLF certifications indicate and The safety applications sign, which is associated, establishes binding relationship.
15. a kind of traction equipment, it is characterised in that the traction equipment includes:
5th acquisition module, for obtaining and storing the binding relationship sent from certificate server, the binding relationship includes peace The incidence relation of full application sign, media authentication sign and CLF certifications sign;
Second detecting module, the transaction connection request sent for detecting real-time terminal, the transaction connection request include initiating The binding relationship of the corresponding safety applications sign of business transaction request;
Authentication module, is authenticated the binding relationship in the transaction connection request for the binding relationship according to storage;
Link block, for when certification by when, established based on NFC communications protocol and be connected with the transaction of the terminal.
16. a kind of terminal, it is characterised in that the terminal includes:
Sending module, for sending user media certification request and CLF certification requests to certificate server;The user media is recognized Card request and CLF certification requests carry the corresponding safety applications of intended application and indicate;
Receiving module, the media authentication mark distributed for receiving the certificate server according to the user media certification request Show, and the CLF certifications that the certificate server is distributed according to CLF certification requests indicate;To be sent out based on intended application When sending the business transaction to ask, the corresponding safety applications sign of the intended application, media authentication sign and CLF certifications sign are carried Send business transaction request.
CN201610920935.0A 2016-10-21 2016-10-21 Transaction authentication processing method, authentication server, terminal and transaction equipment Active CN107977564B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610920935.0A CN107977564B (en) 2016-10-21 2016-10-21 Transaction authentication processing method, authentication server, terminal and transaction equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610920935.0A CN107977564B (en) 2016-10-21 2016-10-21 Transaction authentication processing method, authentication server, terminal and transaction equipment

Publications (2)

Publication Number Publication Date
CN107977564A true CN107977564A (en) 2018-05-01
CN107977564B CN107977564B (en) 2020-07-10

Family

ID=62004603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610920935.0A Active CN107977564B (en) 2016-10-21 2016-10-21 Transaction authentication processing method, authentication server, terminal and transaction equipment

Country Status (1)

Country Link
CN (1) CN107977564B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110443613A (en) * 2019-08-02 2019-11-12 中国工商银行股份有限公司 Transaction security authentication method and device
CN111401672A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Block chain based validity checking method, equipment and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090170432A1 (en) * 2007-12-31 2009-07-02 Victor Lortz Service provisioning utilizing near field communication
CN101866463A (en) * 2009-04-14 2010-10-20 中兴通讯股份有限公司 eNFC terminal, eNFC intelligent card and communication method thereof
CN102314576A (en) * 2010-07-08 2012-01-11 英赛瑟库尔公司 In NFC equipment, carry out the method for Secure Application
CN102792722A (en) * 2010-03-09 2012-11-21 质子世界国际公司 Protection against rerouting in an NFC circuit communication channel
CN103116844A (en) * 2013-03-06 2013-05-22 李锦风 Near field communication payment method authenticated by both sides of deal
CN103139210A (en) * 2013-02-06 2013-06-05 平安银行股份有限公司 Method of safety authentication
CN104717599A (en) * 2013-12-13 2015-06-17 中国移动通信集团公司 NFC event reporting method for mobile terminal and device
CN104915834A (en) * 2014-03-10 2015-09-16 北京同方微电子有限公司 Mobile payment system based on high-capacity USIM card, and implementation method thereof
CN105722005A (en) * 2014-12-04 2016-06-29 中国移动通信集团公司 Near-field communication method and device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090170432A1 (en) * 2007-12-31 2009-07-02 Victor Lortz Service provisioning utilizing near field communication
CN101866463A (en) * 2009-04-14 2010-10-20 中兴通讯股份有限公司 eNFC terminal, eNFC intelligent card and communication method thereof
CN102792722A (en) * 2010-03-09 2012-11-21 质子世界国际公司 Protection against rerouting in an NFC circuit communication channel
CN102314576A (en) * 2010-07-08 2012-01-11 英赛瑟库尔公司 In NFC equipment, carry out the method for Secure Application
CN103139210A (en) * 2013-02-06 2013-06-05 平安银行股份有限公司 Method of safety authentication
CN103116844A (en) * 2013-03-06 2013-05-22 李锦风 Near field communication payment method authenticated by both sides of deal
CN104717599A (en) * 2013-12-13 2015-06-17 中国移动通信集团公司 NFC event reporting method for mobile terminal and device
CN104915834A (en) * 2014-03-10 2015-09-16 北京同方微电子有限公司 Mobile payment system based on high-capacity USIM card, and implementation method thereof
CN105722005A (en) * 2014-12-04 2016-06-29 中国移动通信集团公司 Near-field communication method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111401672A (en) * 2019-01-02 2020-07-10 中国移动通信有限公司研究院 Block chain based validity checking method, equipment and system
CN111401672B (en) * 2019-01-02 2023-11-28 中国移动通信有限公司研究院 Block chain-based validity verification method, device and system
CN110443613A (en) * 2019-08-02 2019-11-12 中国工商银行股份有限公司 Transaction security authentication method and device

Also Published As

Publication number Publication date
CN107977564B (en) 2020-07-10

Similar Documents

Publication Publication Date Title
AU2019226230B2 (en) Method and apparatus for providing secure services using a mobile device
US11743721B2 (en) Protection of a communication channel between a security module and an NFC circuit
RU2427917C2 (en) Device, system and method to reduce time of interaction in contactless transaction
KR102010355B1 (en) Nfc transaction server
US11963004B2 (en) Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit
US10716007B2 (en) Protection of a security module in a telecommunication device coupled to an NFC circuit
US9219745B2 (en) Assessing the resistance of a security module against attacks by communication pipe diversion
US9225687B2 (en) Access control mechanism for a secure element coupled to an NFC circuit
US9185561B2 (en) Protection against rerouting in an NFC circuit communication channel
CA2955197A1 (en) Mobile communication device with proximity based communication circuitry
JP2015136121A (en) Updating mobile devices with additional elements
KR20160030342A (en) Method of paying for a product or service on a commercial website via an internet connection and a corresponding terminal
EP2705455B1 (en) Determination of apparatus configuration and programming data
CN107977564A (en) A kind of transaction authentication processing method, certificate server, terminal and traction equipment
KR101648506B1 (en) Service System and Service Providing Method for Complex Settlement
CN111756703A (en) Debugging interface management method and device and electronic equipment
Pourghomi et al. Ecosystem scenarios for cloud-based NFC payments
JP7461564B2 (en) Secure end-to-end pairing of secure elements with mobile devices
CN103457730B (en) Safety information interaction device and method and for the mutual IC-card of safety information
KR20140013810A (en) Mobile billing method
Bank Payments Security White Paper
CN105205665A (en) Method and apparatus for providing credit for load states
KR20120089884A (en) Smart phone and method for providing card transaction by mutual consent of certification value
CN106204047A (en) A kind of mobile terminal payment device
KR20180017296A (en) Method for Providing Asynchronous Reverse Direction Payment based on Application Interlocking by using Affiliated Store's Mobile Device with Sound Signal Sending

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant