CN107977564B - Transaction authentication processing method, authentication server, terminal and transaction equipment - Google Patents

Transaction authentication processing method, authentication server, terminal and transaction equipment Download PDF

Info

Publication number
CN107977564B
CN107977564B CN201610920935.0A CN201610920935A CN107977564B CN 107977564 B CN107977564 B CN 107977564B CN 201610920935 A CN201610920935 A CN 201610920935A CN 107977564 B CN107977564 B CN 107977564B
Authority
CN
China
Prior art keywords
authentication
mark
transaction
request
medium
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610920935.0A
Other languages
Chinese (zh)
Other versions
CN107977564A (en
Inventor
王钊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Communications Ltd Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Communications Ltd Research Institute filed Critical China Mobile Communications Group Co Ltd
Priority to CN201610920935.0A priority Critical patent/CN107977564B/en
Publication of CN107977564A publication Critical patent/CN107977564A/en
Application granted granted Critical
Publication of CN107977564B publication Critical patent/CN107977564B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a transaction authentication processing method which comprises the steps of obtaining a user medium authentication request and a C L F authentication request which are sent by a terminal after a target application is downloaded, distributing a corresponding medium authentication mark to the terminal according to the user medium authentication request, distributing a corresponding C L F authentication mark to the terminal according to a C L F authentication request, establishing a binding relation corresponding to the unique safe application mark, the medium authentication mark and the C L F authentication mark of the target application, and sending the binding relation to the terminal and transaction equipment so that the terminal and the transaction equipment can authenticate the medium authentication mark and the C L F authentication mark.

Description

Transaction authentication processing method, authentication server, terminal and transaction equipment
Technical Field
The invention relates to the field of mobile payment, in particular to a transaction authentication processing method, an authentication server, a terminal and transaction equipment.
Background
With the development of the smart terminal, most of the existing smart terminals on the market support dual cards (such as SIM cards), and even support virtual soft cards (soft SIM cards) implemented by operating system simulation on the basis of the dual cards. Therefore, a plurality of safe storage media of the intelligent terminal can appear, but the safe storage media corresponding to different applications are diverse, and the different safe storage media corresponding to different applications can also be randomly changed (the user can configure the safe storage media by himself), so that the safe storage media cannot be subjected to safe authentication, and the safety of transactions is poor.
Disclosure of Invention
The embodiment of the invention provides a transaction authentication processing method, an authentication server, a terminal and transaction equipment, which are used for improving the security of terminal transaction.
In a first aspect, an embodiment of the present invention provides a transaction authentication processing method, where the transaction authentication processing method includes:
acquiring a user medium authentication request and a C L F authentication request which are sent by a terminal after downloading a target application;
distributing a corresponding medium authentication mark to the terminal according to the user medium authentication request, and distributing a corresponding C L F authentication mark to the terminal according to the C L F authentication request;
and establishing a binding relationship corresponding to the unique secure application mark, the medium authentication mark and the C L F authentication mark of the target application, and sending the binding relationship to the terminal and the transaction equipment so that the terminal and the transaction equipment can authenticate the medium authentication mark and the C L F authentication mark.
Preferably, the step of obtaining the user media authentication request and the C L F authentication request sent by the terminal after downloading the target application further includes:
acquiring an application release request corresponding to the target application sent by a service platform;
and distributing corresponding safe application marks according to the target application.
In a second aspect, an embodiment of the present invention further provides a transaction authentication processing method, where the transaction authentication processing method includes:
detecting a service transaction request sent by a service application, wherein the service transaction request comprises a safety application mark, a medium authentication mark and a C L F authentication mark;
acquiring a medium authentication mark stored in a user identity identification card and a C L F authentication mark stored in C L F according to the service transaction request;
verifying the obtained medium authentication mark and the C L F authentication mark according to a binding relationship which is obtained and stored by a target application from an authentication server, wherein the binding relationship comprises an association relationship among a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application;
when the verification is passed, the C L F is informed that the corresponding C L F of the authentication mark initiates a transaction connection request to the transaction device, so that the transaction device can verify the transaction connection request.
Preferably, the transaction connection request includes a binding relationship corresponding to the target application.
Preferably, before the detecting a service transaction request sent by a service application, the method further includes:
verifying the user identity information according to the received user identity information verification request;
and when the identity information passes the verification, detecting a service transaction request sent by the service application.
Preferably, before the detecting a service transaction request sent by a service application, the method further includes:
acquiring and storing a binding relationship between a security application mark, a medium authentication mark and a C L F authentication mark sent from an authentication server;
writing the medium authentication mark into a corresponding user identification card according to the binding relationship, and writing the C L F authentication mark into a corresponding C L F, wherein,
the authentication server is used for correspondingly distributing a medium authentication mark and a C L F authentication mark according to a user medium authentication request and a C L F authentication request which are sent by a service application carrying security application mark, and associating the medium authentication mark, the C L F authentication mark and the security application mark to establish a binding relationship.
In a third aspect, an embodiment of the present invention further provides a transaction authentication processing method, where the transaction authentication processing method includes:
the transaction equipment acquires and stores a binding relationship sent from the authentication server, wherein the binding relationship comprises an association relationship of a security application mark, a medium authentication mark and a C L F authentication mark;
the transaction equipment detects a transaction connection request sent by a terminal in real time, wherein the transaction connection request comprises a binding relation of a safety application mark corresponding to a service transaction request;
the transaction equipment authenticates the binding relationship in the transaction connection request according to the stored binding relationship;
and when the authentication is passed, the transaction equipment establishes transaction connection with the terminal based on the NFC communication protocol.
In a fourth aspect, an embodiment of the present invention further provides a transaction authentication processing method, where the transaction authentication processing method includes:
sending a user medium authentication request and a C L F authentication request to an authentication server, wherein the user medium authentication request and the C L F authentication request both carry a safety application mark corresponding to a target application;
and receiving a medium authentication mark distributed by the authentication server according to the user medium authentication request and a C L F authentication mark distributed by the authentication server according to the C L F authentication request, and sending the service transaction request by carrying a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application when sending the service transaction request based on the target application.
In a fifth aspect, an embodiment of the present invention further provides an authentication server, where the authentication server includes:
the first acquisition module is used for acquiring a user medium authentication request and a C L F authentication request which are sent by the terminal after the terminal downloads the target application;
the first distribution module is used for distributing a corresponding medium authentication mark to the terminal according to the user medium authentication request and distributing a corresponding C L F authentication mark to the terminal according to the C L F authentication request;
and the processing module is used for establishing a binding relationship corresponding to the unique security application mark, the media authentication mark and the C L F authentication mark of the target application, and sending the binding relationship to the terminal and the transaction equipment so that the terminal and the transaction equipment can authenticate the media authentication mark and the C L F authentication mark.
Preferably, the authentication server further comprises:
the second acquisition module is used for acquiring an application release request corresponding to the target application sent by the service platform;
and the second allocation module is used for allocating the corresponding security application marks according to the target application.
In a sixth aspect, an embodiment of the present invention further provides a terminal, where the terminal includes:
the system comprises a first detection module, a second detection module and a third detection module, wherein the first detection module is used for detecting a service transaction request sent by a service application, and the service transaction request comprises a safety application mark, a medium authentication mark and a C L F authentication mark;
a third obtaining module, configured to obtain, according to the service transaction request, a medium authentication indicator stored in the user identity card and a C L F authentication indicator stored in C L F;
the first verification module is used for verifying the acquired medium authentication mark and the C L F authentication mark according to a binding relationship which is acquired and stored by a target application from an authentication server, wherein the binding relationship comprises an association relationship among a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application;
and the notification module is used for notifying the C L F corresponding to the authentication mark of the C L F to initiate a transaction connection request to the transaction equipment when the verification is passed so that the transaction equipment can verify the transaction connection request.
Preferably, the transaction connection request includes a binding relationship corresponding to the target application.
Preferably, the terminal further includes:
the second verification module is used for verifying the user identity information according to the received user identity information verification request;
and after the identity information passes the verification, triggering the first detection module to detect a service transaction request sent by the service application.
Preferably, the terminal further includes:
a fourth obtaining module, configured to obtain and store a binding relationship between the security application identifier, the media authentication identifier, and the C L F authentication identifier sent from the authentication server;
a storage module, configured to write the media authentication indicator into a corresponding subscriber identity module card according to the binding relationship, and write the C L F authentication indicator into a corresponding C L F, where,
the authentication server is used for correspondingly distributing a medium authentication mark and a C L F authentication mark according to a user medium authentication request and a C L F authentication request which are sent by a service application carrying security application mark, and associating the medium authentication mark, the C L F authentication mark and the security application mark to establish a binding relationship.
In a seventh aspect, an embodiment of the present invention further provides a transaction device, where the transaction device includes:
a fifth obtaining module, configured to obtain and store a binding relationship sent from the authentication server, where the binding relationship includes an association relationship between a security application identifier, a media authentication identifier, and a C L F authentication identifier;
the second detection module is used for detecting a transaction connection request sent by the terminal in real time, wherein the transaction connection request comprises a binding relation of a safety application mark corresponding to the service transaction request;
the authentication module is used for authenticating the binding relationship in the transaction connection request according to the stored binding relationship;
and the connection module is used for establishing transaction connection with the terminal based on the NFC communication protocol when the authentication is passed.
In an eighth aspect, an embodiment of the present invention further provides a terminal, where the terminal includes:
the system comprises a sending module, a receiving module and a sending module, wherein the sending module is used for sending a user medium authentication request and a C L F authentication request to an authentication server, and the user medium authentication request and the C L F authentication request both carry a safety application mark corresponding to a target application;
and the receiving module is used for receiving a medium authentication mark distributed by the authentication server according to the user medium authentication request and a C L F authentication mark distributed by the authentication server according to the C L F authentication request, and carrying a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application to send the service transaction request when sending the service transaction request based on the target application.
The embodiment of the invention acquires a user medium authentication request and a C L F authentication request sent by a terminal after downloading a target application, allocates a corresponding medium authentication mark to the terminal according to the user medium authentication request, allocates a corresponding C L F authentication mark to the terminal according to the C L F authentication request, establishes a binding relationship corresponding to the unique security application mark, the medium authentication mark and the C L F authentication mark of the target application, and sends the binding relationship to the terminal and transaction equipment so that the terminal and the transaction equipment can authenticate the medium authentication mark and the C L F authentication mark, thereby improving the security of transaction.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is a flowchart of a transaction authentication processing method according to a first embodiment of the present invention;
FIG. 2 is a flow chart of a transaction authentication processing method according to a second embodiment of the invention;
fig. 3 is a flowchart of a transaction authentication processing method according to a third embodiment of the present invention;
fig. 4 is a flowchart of a transaction authentication processing method according to a fourth embodiment of the present invention;
fig. 5 is a flowchart of a transaction authentication processing method according to a fifth embodiment of the present invention;
fig. 6 is a flowchart of a transaction authentication processing method according to a sixth embodiment of the present invention;
fig. 7 is a flowchart of an application installation process in the transaction authentication processing method according to the embodiment of the present invention;
fig. 8 is an authentication flowchart before a transaction connection request is generated in the transaction authentication processing method according to the embodiment of the present invention;
fig. 9 is an authentication flowchart after a transaction connection request is generated in the transaction authentication processing method according to the embodiment of the present invention;
fig. 10 is a structural diagram of an authentication server provided in a seventh embodiment of the present invention;
fig. 11 is one of the structural diagrams of a terminal provided in a seventh embodiment of the present invention;
fig. 12 is a second structural view of a terminal provided in a seventh embodiment of the present invention;
fig. 13 is a third structural view of a terminal provided in a seventh embodiment of the present invention;
fig. 14 is a functional block diagram of a transaction apparatus provided in a seventh embodiment of the present invention;
fig. 15 is a fourth of the structural view of the terminal provided in the seventh embodiment of the present invention;
fig. 16 is a block diagram of a mobile terminal to which the seventh embodiment of the present invention is applied.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
First embodiment
Referring to fig. 1, fig. 1 is a flowchart of a transaction authentication processing method according to an embodiment of the present invention, as shown in fig. 1, including the following steps:
step 101, obtaining a user medium authentication request and a C L F authentication request sent by a terminal after downloading a target application;
the transaction authentication processing method provided by the embodiment is mainly applied to a terminal transaction system and used for managing and distributing a security application mark, a medium authentication mark and a C L F authentication mark in the transaction authentication process of a terminal.
In this embodiment, the terminal is an NFC (Near Field Communication) terminal based on a TEE (Trusted Execution Environment) technology, such as a mobile phone, the mobile phone has a plurality of storage media therein, the storage media are preferably user identification cards, such as SIM cards and/or UIM cards, specifically, the user identification cards are cards with NFC functions, such as NFC-SIM cards, an NFC transaction chip (C L F) is disposed in the terminal, and the C L F is used for establishing a Communication connection with a transaction device.
Optionally, the transaction authentication processing method further includes an authentication process for the application, and specifically, before the step of obtaining the user media authentication request and the C L F authentication request sent after the terminal downloads the target application, the method further includes:
acquiring an application release request corresponding to the target application sent by a service platform;
and distributing corresponding safe application marks according to the target application.
Specifically, before issuing the application, the service platform firstly applies for a target application issuing request to the authentication server, and after the authentication server passes the target application authentication, the authentication server allocates a legal and unique security application identifier for the target application to be issued of the service platform.
The service application can send a user medium authentication request and a C L F authentication request to the authentication server according to the safe application mark of the downloaded target application.
102, distributing a corresponding medium authentication mark to the terminal according to the user medium authentication request, and distributing a corresponding C L F authentication mark to the terminal according to the C L F authentication request;
in this step, the authentication server allocates a corresponding media authentication mark to the service application according to the user media authentication request, and simultaneously allocates a corresponding C L F authentication mark to the service application according to the C L F authentication mark, so that when the service application sends the service transaction request, the service application carries the security application mark, the media authentication mark and the C L F authentication mark, and further, the validity of the service transaction request can be verified according to the security application mark, the media authentication mark and the C L F authentication mark carried in the service transaction request, which will be described in detail in the following embodiments.
103, establishing a binding relationship corresponding to the unique secure application identifier, the media authentication identifier and the C L F authentication identifier of the target application, and sending the binding relationship to the terminal and the transaction device, so that the terminal and the transaction device authenticate the media authentication identifier and the C L F authentication identifier.
In this step, since the service application of the terminal carries the security application identifier corresponding to the target application when sending the user media authentication request and the C L F authentication request, a binding relationship corresponding to the security application identifier, the media authentication identifier, and the C L F authentication identifier can be established.
It can be understood that the user media authentication request includes information of the storage medium, that is, information of the SIM card, and when the authentication server authenticates the SIM card for the first time, the authentication server may assign the corresponding media authentication flag to the SIM card after the authentication is passed, and if the SIM card is authenticated on the authentication server before, the media authentication flag assigned during the previous authentication is directly assigned to the SIM card.
When the authentication server establishes the binding relationship corresponding to the security application mark, the media authentication mark and the C L F authentication mark, the binding relationship is pushed to the terminal and the transaction device, so that the terminal and the transaction device can authenticate the media authentication mark and the C L F authentication mark in the transaction process, thereby improving the security of the transaction.
It should be noted that the terminal may include one C L F or may include multiple C L fs, when multiple C L fs exist in the terminal, different security levels and different service operation types corresponding to different C L fs are different, and transaction data of different security levels are split from a physical connection, so that different transactions may be distinguished and implemented through different NFC physical connections.
It should be noted that the specific structure of the transaction device may be set according to actual needs, and in the present invention, it is preferable that the transaction device is a POS (point of sale) device, and may also be another transaction device having a POS device function.
The embodiment of the invention acquires a user medium authentication request and a C L F authentication request sent by a terminal after downloading a target application, allocates a corresponding medium authentication mark to the terminal according to the user medium authentication request, allocates a corresponding C L F authentication mark to the terminal according to the C L F authentication request, establishes a binding relationship corresponding to the unique security application mark, the medium authentication mark and the C L F authentication mark of the target application, and sends the binding relationship to the terminal and transaction equipment so that the terminal and the transaction equipment can authenticate the medium authentication mark and the C L F authentication mark, thereby improving the security of transaction.
Second embodiment
Referring to fig. 2, fig. 2 is a flowchart of a transaction authentication processing method according to an embodiment of the present invention, and as shown in fig. 2, the transaction authentication processing method includes the following steps:
step 201, detecting a service transaction request sent by a service application, wherein the service transaction request comprises a safety application mark, a medium authentication mark and a C L F authentication mark;
the transaction authentication processing method provided by the embodiment is mainly applied to a terminal transaction system and used for performing transaction flow authentication on a terminal.
Specifically, the service application may initiate a service transaction request to the authentication module, and when the authentication module receives the service transaction request, the authentication module performs an authentication operation, where the authentication module stores a binding relationship pushed by the authentication server, and the binding relationship includes an association relationship between a security application identifier, a media authentication identifier, and a C L F authentication identifier, and authenticates a transaction operation corresponding to the service transaction request initiated this time according to the binding relationship, which is described in detail below.
Step 202, acquiring a medium authentication mark stored in a user identity identification card and a C L F authentication mark stored in C L F according to the service transaction request;
step 203, verifying the obtained medium authentication mark and the C L F authentication mark according to a binding relationship which is obtained and stored from an authentication server in a target application authentication stage, wherein the binding relationship comprises an incidence relationship among a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application;
when the authentication module detects the service transaction request, the media authentication mark stored in the authentication module is acquired from the corresponding user identity identification card according to the media authentication mark corresponding to the service transaction request, the media authentication mark is acquired from the corresponding user identity identification card according to the media authentication mark corresponding to the service transaction request, the C L F authentication mark is acquired from the corresponding C L F according to the C L F authentication mark corresponding to the service transaction request, and when the media authentication mark and the C L F authentication mark which are consistent with the binding relationship are both acquired, the authentication of the media authentication mark and the C L F authentication mark is passed, and the service transaction request is determined to be legal.
And step 204, when the verification is passed, informing the C L F corresponding to the C L F authentication mark to initiate a transaction connection request to the transaction equipment so that the transaction equipment can verify the transaction connection request.
In this step, after the service transaction request is validated, the corresponding C L F is notified to initiate a transaction connection request to the transaction device, so that the transaction device establishes a connection with the terminal and enters a transaction operation flow.
Optionally, in order to further improve the security of the transaction flow, in this embodiment, the transaction device may be further configured to verify the transaction connection request. The mode of the verification operation may be set according to actual needs, for example, the binding relationship may be verified. Optionally, in this embodiment, the transaction connection request includes a binding relationship corresponding to the target application.
The transaction connection request comprises a binding relation of the service transaction request to the target application, and the transaction equipment verifies the binding relation. Specifically, the authentication server pushes the binding relationship to the terminal and also pushes the binding relationship to the transaction device, and the transaction device matches and authenticates whether the transaction connection request is correct, so that the binding relationship is prevented from being forged on the terminal by others. The binding relation in the transaction connection request is verified on the transaction equipment so as to realize the validity verification of the transaction connection request, thereby improving the security of the transaction.
In the embodiment of the invention, the medium authentication mark and the C L F authentication mark are authenticated by the terminal in the transaction process, and the binding relationship among the safety application mark, the medium authentication mark and the C L F authentication mark is loaded in the transaction connection request sent by the C L F for the transaction equipment to authenticate the binding relationship, so that the legality of the user identity identification card and the C L F is ensured, and the legality of the binding relationship is ensured, thereby improving the security of the transaction.
Third embodiment
Referring to fig. 3, fig. 3 is a flowchart of a transaction authentication processing method according to an embodiment of the present invention, and as shown in fig. 3, based on the second embodiment of the transaction authentication processing method according to the present invention, in a third embodiment, before the step 201, further includes:
step 205, verifying the user identity information according to the received user identity information verification request;
the step 201 is specifically: and when the identity information passes the verification, detecting a service transaction request sent by the service application.
In this embodiment, the user identity is unique, and identification and authentication can be performed by using a biotechnology. The authentication mode may be set according to actual needs, and in this embodiment, the authentication process may be preferably boot authentication, and in other embodiments, the authentication process may also be start authentication of a secure application. Specifically, the authentication may be performed by means of a character password, and may also be performed by means of iris authentication, face recognition authentication, and the like. And after the authentication is passed, all the operations are considered to be the owner operation, namely all the application identity information is considered to be passed.
Fourth embodiment
Further, referring to fig. 4, based on the above embodiment, in this embodiment, before performing a transaction flow, a target application needs to be installed, and a binding relationship between a security application flag, a media authentication flag, and a C L F authentication flag is set, which is described in detail below.
And step 206, acquiring and storing the binding relationship among the security application mark, the medium authentication mark and the C L F authentication mark sent by the authentication server, wherein the authentication server is used for correspondingly distributing the medium authentication mark and the C L F authentication mark according to the user medium authentication request and the C L F authentication request sent by the service application carrying security application mark, and associating the medium authentication mark, the C L F authentication mark and the security application mark to establish the binding relationship.
And step 207, writing the medium authentication mark into a corresponding user identity identification card according to the binding relationship, and writing the C L F authentication mark into a corresponding C L F.
The service platform is a platform for issuing the target application, before issuing the target application, firstly applies for a target application issuing request to the authentication server, and after the authentication server passes the authentication of the target application, the authentication server allocates a legal and unique safe application mark for the target application to be issued of the service platform. The user can then access the service platform using the terminal, thereby downloading and installing the target application published by the service platform by the service application.
After the service application is downloaded, a user media authentication request and a C L F authentication request are sent to the authentication server with the security application mark of the target application, so that the authentication server allocates corresponding media authentication marks and C L F authentication marks to the terminal, and since the user media authentication request and the C L F authentication request both carry the security application marks, a binding relationship corresponding to the security application marks, the media authentication marks and the C L F authentication marks can be established.
Fifth embodiment
Referring to fig. 5, fig. 5 is a flowchart of a transaction authentication processing method according to an embodiment of the present invention, and as shown in fig. 5, the transaction authentication processing method includes the following steps:
step 301, a transaction device acquires and stores a binding relationship sent from an authentication server, where the binding relationship includes an association relationship between a secure application identifier, a media authentication identifier, and a C L F authentication identifier;
step 302, a transaction device detects a transaction connection request sent by a terminal in real time, wherein the transaction connection request comprises a binding relation of a security application mark corresponding to an initiated service transaction request;
step 303, the transaction device authenticates the binding relationship in the transaction connection request according to the stored binding relationship;
and 304, when the authentication is passed, the transaction equipment establishes transaction connection with the terminal based on the NFC communication protocol.
In this embodiment, after the transaction device obtains the binding relationship sent by the authentication server, the transaction device detects a transaction connection request sent by the terminal, and when the transaction connection request is detected, the transaction device verifies the transaction connection request. After the verification is passed, transaction connection can be established by adopting an NFC communication mode, and user authentication and transaction parameter authentication (transaction MAC and the like, the original NFC transaction flow) are carried out after the transaction connection is established; and finally, updating the service data when the transaction is completed.
The embodiment of the invention verifies the binding relationship in the transaction equipment, thereby effectively preventing other people from forging the binding relationship on the terminal and improving the security of transaction. In addition, the invention only adds the requested legality authentication process while ensuring the existing transaction main body flow. Therefore, under the condition of ensuring that the transaction speed is basically unchanged, the safety of the transaction process is improved.
Sixth embodiment
Referring to fig. 6, fig. 6 is a flowchart of a transaction authentication processing method according to an embodiment of the present invention, and as shown in fig. 6, the transaction authentication processing method includes the following steps:
step 401, sending a user medium authentication request and a C L F authentication request to an authentication server, wherein the user medium authentication request and the C L F authentication request both carry a security application mark corresponding to a target application;
step 402, receiving the medium authentication mark distributed by the authentication server according to the user medium authentication request and the C L F authentication mark distributed by the authentication server according to the C L F authentication request, so as to carry the security application mark, the medium authentication mark and the C L F authentication mark corresponding to the target application to send the service transaction request when sending the service transaction request based on the target application.
In this step, after the service application downloads the target application, a user media authentication request and a C L F authentication request are sent according to a security application identifier corresponding to the target application, and the authentication requests both carry the security application identifiers, so that the authentication server allocates a corresponding media authentication identifier and a C L F authentication identifier after performing user media and C L F authentication, and establishes a binding relationship between the three.
Further, as shown in fig. 7 to 9, a detailed description will be given below of a specific flow of the transaction operation performed by the transaction authentication processing method according to the present invention.
As shown in fig. 7, before the transaction operation is performed, an application needs to be installed first, which specifically includes:
601, a service platform applies for an application release request to an intelligent authentication system;
step 602, the intelligent authentication system distributes a security application mark;
step 603, downloading and installing the application through the service application;
step 604, the service application applies for a user medium authentication request;
step 605, the intelligent authentication system distributes a medium authentication mark;
step 606, the service application applies for a C L F authentication request;
step 607, the intelligent authentication system assigns a C L F authentication mark;
step 608, the intelligent authentication system establishes a binding relationship between the security application identifier, the media authentication identifier and the C L F authentication request, and writes the binding relationship into the intelligent authentication module of the terminal.
Step 609, the intelligent authentication module of the terminal writes the medium authentication mark into the NFC-SIM card;
step 610, the intelligent authentication module of the terminal writes the C L F authentication mark into C L F;
step 611, the intelligent authentication system synchronizes the binding relationship to the transaction device.
The installation of the application is completed through the above steps 601 to 611, and a flow before the terminal initiates a transaction connection request in the authentication process of the transaction after the installation is completed is shown in fig. 8, which specifically includes:
step 701, verifying the user identity by a user identity security application;
step 702, when the user identity is verified by the service application security application, a service transaction request is initiated to an intelligent authentication module of the terminal;
step 703, the intelligent authentication module sends a media authentication request to the user media security application according to the service transaction request, so as to obtain a media authentication mark in the NFC-SIM card through the user media security application, and returns the media authentication mark to the intelligent authentication module for the intelligent authentication module to perform media authentication;
step 704, the intelligent authentication module obtains the authentication mark of C L F in C L F to perform C L F authentication;
step 705, the intelligent authentication module notifies the corresponding C L F to initiate NFC connection;
step 706, C L F carries the binding relationship to initiate the transaction connection request.
As shown in fig. 9, after the terminal initiates the transaction connection request to the transaction device, the process of the transaction device performing transaction authentication specifically includes:
step 801, the NFC connector communicates with an intelligent authentication module in the transaction equipment according to the transaction connection request so as to authenticate the binding relationship in the transaction connection request;
step 802, when the authentication is passed, establishing a transaction connection with the C L F of the terminal by the NFC connector;
step 803, after successful connection, user authentication and transaction parameter authentication (transaction MAC, etc., original NFC transaction flow) are performed by the authentication management in the transaction device and the NFC-SIM card of the terminal;
and step 804, writing the business data after the transaction into the NFC-SIM card so as to complete the transaction.
Seventh embodiment
Referring to fig. 10, fig. 10 is a structural diagram of an authentication server provided in the implementation of the present invention, and as shown in fig. 9, the authentication server includes:
a first obtaining module 1001, configured to obtain a user media authentication request and a C L F authentication request sent by a terminal after downloading a target application;
a first allocating module 1002, configured to allocate a corresponding media authentication identifier to the terminal according to the user media authentication request, and allocate a corresponding C L F authentication identifier to the terminal according to the C L F authentication request;
the processing module 1003 is configured to establish a binding relationship corresponding to the unique secure application identifier, the media authentication identifier, and the C L F authentication identifier of the target application, and send the binding relationship to the terminal and the transaction device, so that the terminal and the transaction device authenticate the media authentication identifier and the C L F authentication identifier.
Optionally, the authentication server further includes
The second acquisition module is used for acquiring an application release request corresponding to the target application sent by the service platform;
and the second allocation module is used for allocating the corresponding security application marks according to the target application.
Further, referring to fig. 11, fig. 11 is a structural diagram of a terminal provided in the implementation of the present invention, and as shown in fig. 11, the terminal includes:
the first detection module 1101 is used for detecting a service transaction request sent by a service application, wherein the service transaction request comprises a security application mark, a medium authentication mark and a C L F authentication mark;
a third obtaining module 1102, configured to obtain, according to the service transaction request, a medium authentication indicator stored in the user identity card and a C L F authentication indicator stored in C L F;
a first verification module 1103, configured to verify the obtained media authentication indicator and the C L F authentication indicator according to a binding relationship that is obtained and stored by a target application from an authentication server, where the binding relationship includes an association relationship between a security application indicator, a media authentication indicator, and a C L F authentication indicator corresponding to the target application;
and the notification module 1104 is configured to notify the C L F that the authentication mark corresponds to the C L F to initiate a transaction connection request to the transaction device when the verification passes, so that the transaction device verifies the transaction connection request.
Optionally, the transaction connection request includes a binding relationship corresponding to the target application.
Further, referring to fig. 12, in this embodiment, in order to implement user authentication, the terminal further includes:
a second verification module 1105, configured to verify the user identity information according to the received user identity information verification request;
after the identity information is verified, the first detecting module 1101 is triggered to detect a service transaction request sent by a service application.
Further, before the transaction is performed, the authentication server is further required to authenticate the security application, the user identification card and the C L F, and assign corresponding authentication marks, specifically, referring to fig. 13, in this embodiment, the terminal further includes:
a fourth obtaining module 1106, configured to obtain and store a binding relationship between the security application identifier, the media authentication identifier, and the C L F authentication identifier sent from the authentication server;
a storage module 1107, configured to write the media authentication indicator into a corresponding user identity card according to the binding relationship, and write the C L F authentication indicator into a corresponding C L F, where,
the authentication server is used for correspondingly distributing a medium authentication mark and a C L F authentication mark according to a user medium authentication request and a C L F authentication request which are sent by a service application carrying security application mark, and associating the medium authentication mark, the C L F authentication mark and the security application mark to establish a binding relationship.
Further, referring to fig. 14, fig. 14 is a structural diagram of a transaction device provided in the implementation of the present invention, and as shown in fig. 14, the transaction device includes:
a fifth obtaining module 1401, configured to obtain and store a binding relationship sent from the authentication server, where the binding relationship includes an association relationship between a security application identifier, a media authentication identifier, and a C L F authentication identifier;
a second detecting module 1402, configured to detect, in real time, a transaction connection request sent by a terminal, where the transaction connection request includes a binding relationship between a service transaction initiation request and a corresponding secure application identifier;
an authentication module 1403, configured to authenticate the binding relationship in the transaction connection request according to the stored binding relationship;
a connection module 1404, configured to establish a transaction connection with the terminal based on the NFC communication protocol when the authentication is passed.
Further, referring to fig. 15, fig. 15 is a structural diagram of a terminal according to an embodiment of the present invention, and as shown in fig. 15, the terminal includes:
the sending module 1501 is configured to send a user media authentication request and a C L F authentication request to an authentication server, where the user media authentication request and the C L F authentication request both carry a security application identifier corresponding to a target application;
a receiving module 1502, configured to receive a media authentication identifier allocated by the authentication server according to the user media authentication request and a C L F authentication identifier allocated by the authentication server according to the C L F authentication request, so as to send a service transaction request carrying a security application identifier, a media authentication identifier, and a C L F authentication identifier corresponding to a target application when sending the service transaction request based on the target application.
It can be understood that the authentication server, the terminal and the transaction device provided by the present invention are used for implementing the above-mentioned transaction authentication processing method, and correspond to the transaction authentication processing method, wherein the implementation manner of each functional module may refer to the above-mentioned embodiment, and is not described herein again.
Eighth embodiment
Further, referring to fig. 16, fig. 16 is a structural diagram of a mobile terminal to which the embodiment of the present invention is applied, and as shown in fig. 16, the mobile terminal 1600 includes: at least one processor 1601, memory 1602, at least one network interface 1604, and a user interface 1603. Various components in mobile terminal 1600 are coupled together by a bus system 1605. It is understood that the bus system 1605 is used to enable connected communication between these components. The bus system 1605 includes a power bus, a control bus, and a status signal bus in addition to the data bus. But for clarity of illustration the various buses are labeled in figure 16 as bus system 1605.
The user interface 1603 may include, among other things, a display, a keyboard or a pointing device (e.g., a mouse, trackball, touch pad, or touch screen, among others.
It is to be understood that Memory 1602 in embodiments of the present invention may be either volatile Memory or non-volatile Memory, or may include both volatile and non-volatile Memory, wherein non-volatile Memory may be Read-Only Memory (ROM), Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), or flash Memory volatile Memory may be Random Access Memory (RAM), which serves as external cache Memory, although by way of example and not limitation many forms of RAM are available, such as Static Random Access Memory (Static RAM, SRAM), Dynamic Random Access Memory (Dynamic RAM, DRAM), Synchronous Dynamic Random Access Memory (Synchronous DRAM, SDRAM), Double data rate Synchronous Dynamic Random Access Memory (Double data RAM, rsddr DRAM), Enhanced Synchronous DRAM (Enhanced DRAM), or SDRAM, Synchronous DRAM (Synchronous DRAM), or SDRAM 3535, and other types of RAM suitable for Direct Access systems including but not limited to RAM, SDRAM, and SDRAM, DRAM, and SDRAM, and RAM, and SDRAM, and RAM, and SDRAM, and RAM.
In some embodiments, memory 1602 stores the following elements, executable modules or data structures, or a subset thereof, or an expanded set thereof: an operating system 16021 and application programs 16022.
The operating system 16021 includes various system programs, such as a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and processing hardware-based tasks. The application 16022 includes various applications, such as a Media Player (Media Player), a Browser (Browser), and the like, for implementing various application services. Programs that implement methods in accordance with embodiments of the present invention may be included within application 16022.
In the embodiment of the present invention, by calling a program or an instruction stored in the memory 1602, specifically, a program or an instruction stored in the application 16022, the processor 1601 is configured to detect a service transaction request sent by a service application, where the service transaction request includes a security application identifier, a media authentication identifier, and a C L F authentication identifier;
acquiring a medium authentication mark stored in a user identity identification card and a C L F authentication mark stored in C L F according to the service transaction request;
verifying the obtained medium authentication mark and the C L F authentication mark according to a binding relationship which is obtained and stored by a target application from an authentication server, wherein the binding relationship comprises an association relationship among a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application;
when the verification is passed, the C L F is informed that the corresponding C L F of the authentication mark initiates a transaction connection request to the transaction device, so that the transaction device can verify the transaction connection request.
The method disclosed by the above-mentioned embodiments of the present invention may be applied to the processor 1601 or implemented by the processor 1601. The processor 1601 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the method may be performed by hardware integrated logic circuits or instructions in software form in the processor 1601. The Processor 1601 may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable Gate Array (FPGA) or other programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 1602, and the processor 1601 reads information in the memory 1602, and performs the steps of the method in combination with hardware thereof.
For a hardware implementation, the Processing units may be implemented within one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable logic devices (P L D), Field-Programmable Gate arrays (FPGAs), general purpose processors, controllers, microcontrollers, microprocessors, other electronic units configured to perform the functions described herein, or a combination thereof.
For a software implementation, the techniques described herein may be implemented with modules (e.g., procedures, functions, and so on) that perform the functions described herein. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.
Optionally, the transaction connection request includes a binding relationship corresponding to the target application.
Optionally, the following operations are performed by calling a program or instructions stored in the memory 1602:
verifying the user identity information according to the received user identity information verification request;
and when the identity information passes the verification, detecting a service transaction request sent by the service application.
Optionally, the following operations are performed by calling a program or instructions stored in the memory 1602:
acquiring and storing a binding relationship between a security application mark, a medium authentication mark and a C L F authentication mark sent from an authentication server;
writing the medium authentication mark into a corresponding user identification card according to the binding relationship, and writing the C L F authentication mark into a corresponding C L F, wherein,
the authentication server is used for correspondingly distributing a medium authentication mark and a C L F authentication mark according to a user medium authentication request and a C L F authentication request which are sent by a service application carrying security application mark, and associating the medium authentication mark, the C L F authentication mark and the security application mark to establish a binding relationship.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment of the present invention.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Claims (16)

1. A transaction authentication processing method is characterized by comprising the following steps:
acquiring a user medium authentication request and a C L F authentication request which are sent by a terminal after downloading a target application;
distributing a corresponding medium authentication mark to the terminal according to the user medium authentication request, and distributing a corresponding C L F authentication mark to the terminal according to the C L F authentication request, wherein the user medium authentication request comprises information of a storage medium SIM card, and distributing a corresponding medium authentication mark to the SIM card after an authentication server authenticates the SIM card for the first time and the authentication passes;
and establishing a binding relationship corresponding to the unique secure application mark, the medium authentication mark and the C L F authentication mark of the target application, and sending the binding relationship to the terminal and the transaction equipment so that the terminal and the transaction equipment can authenticate the medium authentication mark and the C L F authentication mark.
2. The transaction authentication processing method of claim 1, wherein the step of obtaining the user media authentication request and the C L F authentication request sent by the terminal after downloading the target application further comprises:
acquiring an application release request corresponding to the target application sent by a service platform;
and distributing corresponding safe application marks according to the target application.
3. A transaction authentication processing method is characterized by comprising the following steps:
detecting a service transaction request sent by a service application, wherein the service transaction request comprises a safety application mark, a medium authentication mark and a C L F authentication mark, the user medium authentication request comprises information of a storage medium SIM card, and after an authentication server authenticates the SIM card for the first time and passes the authentication, the authentication server allocates a corresponding medium authentication mark to the SIM card;
acquiring a medium authentication mark stored in a user identity identification card and a C L F authentication mark stored in C L F according to the service transaction request;
verifying the obtained medium authentication mark and the C L F authentication mark according to a binding relationship which is obtained and stored by a target application from an authentication server, wherein the binding relationship comprises an association relationship among a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application;
when the verification is passed, the C L F is informed that the corresponding C L F of the authentication mark initiates a transaction connection request to the transaction device, so that the transaction device can verify the transaction connection request.
4. The transaction authentication processing method of claim 3, wherein the transaction connection request includes a binding corresponding to the target application.
5. The transaction authentication processing method of claim 3, wherein the detecting the service transaction request sent by the service application further comprises:
verifying the user identity information according to the received user identity information verification request;
and when the identity information passes the verification, detecting a service transaction request sent by the service application.
6. The transaction authentication processing method of claim 3, wherein the detecting the service transaction request sent by the service application further comprises:
acquiring and storing a binding relationship between a security application mark, a medium authentication mark and a C L F authentication mark sent from an authentication server;
writing the medium authentication mark into a corresponding user identification card according to the binding relationship, and writing the C L F authentication mark into a corresponding C L F, wherein,
the authentication server is used for correspondingly distributing a medium authentication mark and a C L F authentication mark according to a user medium authentication request and a C L F authentication request which are sent by a service application carrying security application mark, and associating the medium authentication mark, the C L F authentication mark and the security application mark to establish a binding relationship.
7. A transaction authentication processing method is characterized by comprising the following steps:
the transaction equipment acquires and stores a binding relationship sent from the authentication server, wherein the binding relationship comprises an association relationship of a security application mark, a medium authentication mark and a C L F authentication mark;
the transaction equipment detects a transaction connection request sent by a terminal in real time, wherein the transaction connection request comprises a binding relation of a safety application mark corresponding to a service transaction request; the user medium authentication request comprises information of a storage medium SIM card, and after the authentication server authenticates the SIM card for the first time and the authentication passes, a corresponding medium authentication mark is distributed to the SIM card; if the SIM card is authenticated on the authentication server before, directly distributing a medium authentication mark distributed during authentication before to the SIM card;
the transaction equipment authenticates the binding relationship in the transaction connection request according to the stored binding relationship;
and when the authentication is passed, the transaction equipment establishes transaction connection with the terminal based on the NFC communication protocol.
8. A transaction authentication processing method is characterized by comprising the following steps:
sending a user medium authentication request and a C L F authentication request to an authentication server, wherein the user medium authentication request and the C L F authentication request both carry a safety application mark corresponding to a target application, the user medium authentication request comprises information of a storage medium SIM card, and after the authentication server authenticates the SIM card for the first time and passes the authentication, the authentication server distributes a corresponding medium authentication mark to the SIM card;
and receiving a medium authentication mark distributed by the authentication server according to the user medium authentication request and a C L F authentication mark distributed by the authentication server according to the C L F authentication request, and sending the service transaction request by carrying a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application when sending the service transaction request based on the target application.
9. An authentication server, characterized in that the authentication server comprises:
the first acquisition module is used for acquiring a user medium authentication request and a C L F authentication request which are sent after a terminal downloads a target application, wherein the user medium authentication request comprises information of a storage medium SIM card, and a corresponding medium authentication mark is distributed to the SIM card after an authentication server authenticates the SIM card for the first time and the authentication passes;
the first distribution module is used for distributing a corresponding medium authentication mark to the terminal according to the user medium authentication request and distributing a corresponding C L F authentication mark to the terminal according to the C L F authentication request;
and the processing module is used for establishing a binding relationship corresponding to the unique security application mark, the media authentication mark and the C L F authentication mark of the target application, and sending the binding relationship to the terminal and the transaction equipment so that the terminal and the transaction equipment can authenticate the media authentication mark and the C L F authentication mark.
10. The authentication server of claim 9, wherein the authentication server further comprises:
the second acquisition module is used for acquiring an application release request corresponding to the target application sent by the service platform;
and the second allocation module is used for allocating the corresponding security application marks according to the target application.
11. A terminal, characterized in that the terminal comprises:
the system comprises a first detection module, a second detection module and a third detection module, wherein the first detection module is used for detecting a service transaction request sent by a service application, the service transaction request comprises a safety application mark, a medium authentication mark and a C L F authentication mark, the user medium authentication request comprises information of a storage medium SIM card, and after an authentication server authenticates the SIM card for the first time and passes the authentication, the authentication server distributes a corresponding medium authentication mark to the SIM card;
a third obtaining module, configured to obtain, according to the service transaction request, a medium authentication indicator stored in the user identity card and a C L F authentication indicator stored in C L F;
the first verification module is used for verifying the acquired medium authentication mark and the C L F authentication mark according to a binding relationship which is acquired and stored by a target application from an authentication server, wherein the binding relationship comprises an association relationship among a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application;
and the notification module is used for notifying the C L F corresponding to the authentication mark of the C L F to initiate a transaction connection request to the transaction equipment when the verification is passed so that the transaction equipment can verify the transaction connection request.
12. The terminal of claim 11, wherein the transaction connection request includes a binding corresponding to the target application.
13. The terminal of claim 11, wherein the terminal further comprises:
the second verification module is used for verifying the user identity information according to the received user identity information verification request;
and after the identity information passes the verification, triggering the first detection module to detect a service transaction request sent by the service application.
14. The terminal of claim 11, wherein the terminal further comprises:
a fourth obtaining module, configured to obtain and store a binding relationship between the security application identifier, the media authentication identifier, and the C L F authentication identifier sent from the authentication server;
a storage module, configured to write the media authentication indicator into a corresponding subscriber identity module card according to the binding relationship, and write the C L F authentication indicator into a corresponding C L F, where,
the authentication server is used for correspondingly distributing a medium authentication mark and a C L F authentication mark according to a user medium authentication request and a C L F authentication request which are sent by a service application carrying security application mark, and associating the medium authentication mark, the C L F authentication mark and the security application mark to establish a binding relationship.
15. A transaction device, characterized in that the transaction device comprises:
the fifth acquisition module is used for acquiring and storing a binding relationship sent from the authentication server, wherein the binding relationship comprises an association relationship among a security application mark, a medium authentication mark and a C L F authentication mark, the user medium authentication request comprises information of a storage medium SIM card, and the authentication server authenticates the SIM card for the first time and allocates a corresponding medium authentication mark to the SIM card after the authentication passes;
the second detection module is used for detecting a transaction connection request sent by the terminal in real time, wherein the transaction connection request comprises a binding relation of a safety application mark corresponding to the service transaction request;
the authentication module is used for authenticating the binding relationship in the transaction connection request according to the stored binding relationship;
and the connection module is used for establishing transaction connection with the terminal based on the NFC communication protocol when the authentication is passed.
16. A terminal, characterized in that the terminal comprises:
the system comprises a sending module, a certification server and a certification module, wherein the sending module is used for sending a user medium certification request and a C L F certification request to the certification server, the user medium certification request and the C L F certification request both carry a safety application mark corresponding to a target application, the user medium certification request comprises information of a storage medium SIM card, and after the SIM card is certified and certified by the certification server for the first time, a corresponding medium certification mark is distributed to the SIM card;
and the receiving module is used for receiving a medium authentication mark distributed by the authentication server according to the user medium authentication request and a C L F authentication mark distributed by the authentication server according to the C L F authentication request, and carrying a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application to send the service transaction request when sending the service transaction request based on the target application.
CN201610920935.0A 2016-10-21 2016-10-21 Transaction authentication processing method, authentication server, terminal and transaction equipment Active CN107977564B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610920935.0A CN107977564B (en) 2016-10-21 2016-10-21 Transaction authentication processing method, authentication server, terminal and transaction equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610920935.0A CN107977564B (en) 2016-10-21 2016-10-21 Transaction authentication processing method, authentication server, terminal and transaction equipment

Publications (2)

Publication Number Publication Date
CN107977564A CN107977564A (en) 2018-05-01
CN107977564B true CN107977564B (en) 2020-07-10

Family

ID=62004603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610920935.0A Active CN107977564B (en) 2016-10-21 2016-10-21 Transaction authentication processing method, authentication server, terminal and transaction equipment

Country Status (1)

Country Link
CN (1) CN107977564B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111401672B (en) * 2019-01-02 2023-11-28 中国移动通信有限公司研究院 Block chain-based validity verification method, device and system
CN110443613A (en) * 2019-08-02 2019-11-12 中国工商银行股份有限公司 Transaction security authentication method and device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101866463A (en) * 2009-04-14 2010-10-20 中兴通讯股份有限公司 eNFC terminal, eNFC intelligent card and communication method thereof
CN102314576A (en) * 2010-07-08 2012-01-11 英赛瑟库尔公司 In NFC equipment, carry out the method for Secure Application
CN102792722A (en) * 2010-03-09 2012-11-21 质子世界国际公司 Protection against rerouting in an NFC circuit communication channel
CN103116844A (en) * 2013-03-06 2013-05-22 李锦风 Near field communication payment method authenticated by both sides of deal
CN103139210A (en) * 2013-02-06 2013-06-05 平安银行股份有限公司 Method of safety authentication
CN104717599A (en) * 2013-12-13 2015-06-17 中国移动通信集团公司 NFC event reporting method for mobile terminal and device
CN104915834A (en) * 2014-03-10 2015-09-16 北京同方微电子有限公司 Mobile payment system based on high-capacity USIM card, and implementation method thereof
CN105722005A (en) * 2014-12-04 2016-06-29 中国移动通信集团公司 Near-field communication method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8014720B2 (en) * 2007-12-31 2011-09-06 Intel Corporation Service provisioning utilizing near field communication

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101866463A (en) * 2009-04-14 2010-10-20 中兴通讯股份有限公司 eNFC terminal, eNFC intelligent card and communication method thereof
CN102792722A (en) * 2010-03-09 2012-11-21 质子世界国际公司 Protection against rerouting in an NFC circuit communication channel
CN102314576A (en) * 2010-07-08 2012-01-11 英赛瑟库尔公司 In NFC equipment, carry out the method for Secure Application
CN103139210A (en) * 2013-02-06 2013-06-05 平安银行股份有限公司 Method of safety authentication
CN103116844A (en) * 2013-03-06 2013-05-22 李锦风 Near field communication payment method authenticated by both sides of deal
CN104717599A (en) * 2013-12-13 2015-06-17 中国移动通信集团公司 NFC event reporting method for mobile terminal and device
CN104915834A (en) * 2014-03-10 2015-09-16 北京同方微电子有限公司 Mobile payment system based on high-capacity USIM card, and implementation method thereof
CN105722005A (en) * 2014-12-04 2016-06-29 中国移动通信集团公司 Near-field communication method and device

Also Published As

Publication number Publication date
CN107977564A (en) 2018-05-01

Similar Documents

Publication Publication Date Title
US11196572B2 (en) Blockchain-based content verification
US11003760B2 (en) User account recovery techniques using secret sharing scheme with trusted referee
JP6401784B2 (en) Payment authentication system, method and apparatus
CN107135218B (en) Login state obtaining and sending method, credential configuration method, client and server
CN109672683B (en) Binding method and binding device of Internet of things equipment and terminal equipment
CN104023032B (en) Application based on credible performing environment technology is limited discharging method, server and terminal
CN105868970B (en) authentication method and electronic equipment
KR20190014124A (en) Two factor authentication
CN108335105B (en) Data processing method and related equipment
CN107451813B (en) Payment method, payment device and payment server
CN109474437B (en) Method for applying digital certificate based on biological identification information
CN114128212A (en) Method and system for authenticating secure credential transmission to a device
US10880091B2 (en) Control method for enrolling face template data and related product
EP3008876B1 (en) Roaming internet-accessible application state across trusted and untrusted platforms
CN103975567A (en) Dual-factor authentication method and virtual machine device
CN107977564B (en) Transaction authentication processing method, authentication server, terminal and transaction equipment
CN109451483B (en) eSIM data processing method, equipment and readable storage medium
CN105916135A (en) Method for carrying out NFC payment in virtual card terminal and virtual card terminal
CN110971609A (en) Anti-cloning method of DRM client certificate, storage medium and electronic equipment
CN107995214B (en) Website login method and related equipment
CN102393836B (en) Mobile memory and access control method and system for mobile memory
CN106446719B (en) Method for preventing eSIM file from being tampered and mobile terminal
CN107770143B (en) Method and device for verifying client validity
CN111784355B (en) Transaction security verification method and device based on edge calculation
EP3926992A1 (en) Electronic device, and authentication method in electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant