CN108122108A - Mobile device authentication system and mobile equipment authentication method - Google Patents
Mobile device authentication system and mobile equipment authentication method Download PDFInfo
- Publication number
- CN108122108A CN108122108A CN201611081754.XA CN201611081754A CN108122108A CN 108122108 A CN108122108 A CN 108122108A CN 201611081754 A CN201611081754 A CN 201611081754A CN 108122108 A CN108122108 A CN 108122108A
- Authority
- CN
- China
- Prior art keywords
- server
- certification
- user
- mobile
- person identifier
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
Abstract
The present invention provides a kind of mobile device authentication system and authentication methods, and conveniently and safely mobile equipment can be authenticated.The Verification System of the present invention includes:Mobile equipment (101), certification module (111) and server (121), the device identification generated based on facility information and person identifier are mapped storage with userspersonal information in server (121), when user logs in mobile client, the information acquiring section (112) of certification module (111) obtains the facility information of mobile equipment and the person identifier of storage and sends them to server (121), mark generating unit (123) generates device identification to be certified based on the facility information received, the device identification of generation and the person identifier sent are compared with the device identification as certification benchmark and person identifier to judge whether mobile equipment is legal for authentication department (124), and it will determine that result sends back to certification module (111).
Description
Technical field
The present invention relates to a kind of mobile device authentication system and mobile equipment authentication method, more particularly to server to moving
The mobile device authentication system and mobile equipment authentication method that dynamic equipment is authenticated.
Background technology
In recent years, based on being the business handling of the mobile equipment of representative just in rapid growth using mobile phone, and mobile payment etc.
Business is an important service of bank and other financial mechanism.Since mobile payment needs high security, so the finance machine such as bank
Structure takes various safety measures, such as has the authentication method for mobile payment as described below.
The first authentication method for being used for mobile payment of the prior art is the authentication method of software view.I.e. by user
Registration account number simultaneously sets password, account information, such as bank card that the account number registered and the user are opened an account in financial institution
It number is bound.When user handles mobile payment when business, pass through account number and the server of password login financial institution, service
Device sends SMS etc. user's one random verification code of input to be allowed to verify that user is legal, to having input server to user
The user of the random verification code of transmission allows its transacting business.
In addition, Ye You financial institutions take the safety measure of hardware view, such as it is used for generating dynamically to user's granting
The dynamic token of password (One-time Password).Dynamic token generation dynamic password be according to special algorithm every
Generation one in 60 seconds is combined with time correlation, uncertain random digit, and each password is used only once.User carries out
When certification, in addition to input account and static password, it is desirable that dynamic password must be inputted, has only passed through system verification,
Just normally it can log in or merchandise, so as to which the legitimacy of user identity and uniqueness be effectively ensured.Maximum excellent of dynamic token
Point is that the password that user uses every time is different from so that criminal cannot counterfeit the identity of validated user.
As the safety measure of hardware view, such as also oriented user provides the example of mobile digital certificate.When user tastes
When examination carries out online transaction, financial institution can be sent to user by time word string, address word string, Transaction Information word string, anti-replay
Attack word string combine be encrypted after obtained from word string A, mobile digital certificate is according to the personal certificate of user to word
String A carries out irreversible operation and obtains word string B, and word string B is sent to financial institution, and it is irreversible that financial institution is also carried out at the same time this
Computing if the operation result of financial institution is consistent with the operation result of user just to think that user is legal, can be traded, such as
Fruit is inconsistent, thinks that user is illegal, Fail Transaction.
The content of the invention
It can be ensured to a certain extent using above-mentioned the first authentication method for being used for mobile payment of the prior art
The safe class of transaction, but the authentication method for being used for mobile payment only ensures the safe class of transaction in software view, holds
It is easily replicated, so it is legitimate device or illegal (malice) equipment of duplication that cannot be distinguished.
Dynamic token as described above and mobile digital certificate are the safety measures of hardware view, can also improve transaction
Safe class, but user is needed to get dynamic token and mobile digital certificate after identifying identity to financial institution, and need
It carries to realize mobile payment.Therefore exist and get trouble and inconvenient problem with use.
In consideration of it, the present invention provides a kind of mobile device authentication system and mobile equipment authentication method, user can facilitate
Ground adds in the mobile device authentication system of the present invention, and can realize safe certification to ensure the movement equipment transacting business
Safety.
The first aspect of the present invention is a kind of mobile device authentication system being authenticated to mobile equipment, including:User
That holds is equipped with the mobile equipment of mobile client;Certification module with information acquiring section, communication unit and storage part;With
Server with mark generating unit and authentication department will be set in the server by the mark generating unit based on the movement
The standby device identification of facility information generation and the person identifier of user and the individual subscriber letter for being registered in the server in advance
The storage that is mapped is ceased, when the user logs in the mobile client, described information acquisition unit obtains the mobile equipment
Facility information and be previously stored in person identifier in the storage part, by the mark generating unit generation, and by described
The facility information got and person identifier are sent to the server by communication unit, and the mark generating unit is based on the service
The facility information that device receives generates device identification to be certified, device identification to be certified and institute of the authentication department to generation
State person identifier that server receives and the device identification as certification benchmark being stored in the server and personal mark
Know and be compared to judge whether user is legal for logging in the mobile equipment of mobile client respectively, and will determine that result is beamed back
To the certification module.
The mobile device authentication system of the second aspect of the present invention be in the mobile device authentication system of first aspect,
When user first logs into the mobile client for being installed on mobile equipment, described information acquisition unit obtains the equipment letter of the movement equipment
Breath, and the facility information got is sent to the server by the communication unit, the mark generating unit is based on the clothes
Facility information generation device identification that business device receives and person identifier and by the device identification of generation and person identifier with it is described
Userspersonal information, which is mapped, to be stored in the server, and the person identifier of generation is sent to by the server described to be recognized
Card module, and be stored in by the certification with module in its storage part.
The mobile device authentication system of the third aspect of the present invention is the mobile device authentication system in first or second aspect
In system, the userspersonal information corresponding to person identifier that the server is sent by retrieving the communication unit deposits to extract
Device identification as certification benchmark and person identifier of the storage in the server.
The mobile device authentication system of the fourth aspect of the present invention is the mobile device authentication system first to the third aspect
In system, facility information includes the IMEI and MAC Address of mobile equipment.
The fifth aspect of the present invention is a kind of mobile equipment, certification module and server by being equipped with mobile client
The mobile equipment authentication method that the mobile device authentication system formed is authenticated mobile equipment, including:User is set with movement
Standby the step of logging in mobile client;The certification obtains the facility information of the movement equipment with module and is previously stored in described
Certification module, by server generation mobile equipment user person identifier the step of;The facility information that will be got
The step of server being sent to person identifier;The server generates to be certified set based on the facility information received
The step of standby mark;The server is to the device identification to be certified of generation and the person identifier received and is stored in described
Device identification as certification benchmark and person identifier in server are compared to judge that user is used for logging in movement respectively
The whether legal step of the mobile equipment of client;With will determine that the step of result sends back to the certification module.
The mobile equipment authentication method of the sixth aspect of the present invention be the 5th aspect mobile equipment authentication method in,
User follows the steps below when first logging into the mobile client for being installed on mobile equipment:Obtain the facility information of mobile equipment simultaneously
The step of facility information got is sent to the server;The server is set based on the facility information generation received
The standby mark and person identifier and device identification of generation and person identifier are mapped with the userspersonal information is stored in
Step in the server;The person identifier of generation is sent to the certification module and by the certification by the server
The step of being stored with module.
The mobile equipment authentication method of the seventh aspect of the present invention is in the mobile device authentication side of the 5th or the 6th aspect
It is right based on the person identifier institute received when the server receives the device identification sent and person identifier in method
Answer userspersonal information extraction be accordingly stored in the user's personal information in advance the server, as certification benchmark
Device identification and person identifier, wherein the userspersonal information is registered in the server in advance.
The mobile equipment authentication method of the eighth aspect of the present invention is in the mobile device authentication side of the 5th to the 7th aspect
In method, facility information includes the IMEI and MAC Address of mobile equipment.
Invention effect
Mobile device authentication system according to the present invention and mobile equipment authentication method, user can be conveniently added with this hair
Bright mobile device authentication system, and safe certification can be realized to ensure the safety of the movement equipment transacting business.
Description of the drawings
Fig. 1 is the structure diagram for representing the mobile device authentication system of the present invention.
Fig. 2 is to represent the flow chart that the mobile device authentication system of the present invention binds mobile equipment and server.
Fig. 3 is to represent the schematic diagram that the mobile device authentication system of the present invention binds mobile equipment and server.
Fig. 4 is the flow chart that server is authenticated mobile equipment in the mobile device authentication system for represent the present invention.
Fig. 5 is the schematic diagram for the mobile device authentication system for representing the embodiment of the present invention 1.
Fig. 6 is the schematic diagram for the mobile device authentication system for representing the embodiment of the present invention 2.
Fig. 7 is the schematic diagram for the mobile device authentication system for representing the embodiment of the present invention 3.
Specific embodiment
Illustrate the structure of the mobile device authentication system of the present invention referring to Fig. 1.
As shown in Figure 1, the mobile device authentication system of the present invention includes mobile equipment 101, certification module 111 and service
Device 121.Wherein, certification module 111 can be built in mobile equipment 101 functional component or can be with mobile equipment
The external hardware of 101 connections or the application software for being mounted to mobile equipment 101.
Mobile equipment 101 is the mobile equipment that user is held, and is equipped with the client (application for transacting business in advance
Program), the business such as mobile payment are handled available for user, the facility information 102 with hardware in itself, and facility information 102
Include unique attribute 103 and not exclusive attribute 104 again.
Unique attribute 103 is the attribute that the movement equipment 101 uniquely has, such as has IMEI (International
Mobile Equipment Identity:International Mobile Equipment Identity code), physical address MAC (Media Access
Control) etc..
Not exclusive attribute 104 is general property possessed by the movement equipment 101, such as has unit type, OS
(Operating System:Operating system) type etc..
The movement equipment 101 can be uniquely determined by unique attribute 103, it can not uniquely really by not exclusive attribute 104
The fixed movement equipment 101, but not exclusive attribute 104 also can be used for determining the factor of the movement equipment 101.
Certification module 111 is used to move certification between equipment 101 and server 121, including information acquiring section 112,
Communication unit 113 and storage part 114.
Wherein, information acquiring section 112 is used to include unique attribute 103 and not exclusive attribute 104 from the mobile acquisition of equipment 101
Facility information 102 inside.
Communication unit 113 is used for the communication between mobile equipment 101 and server 121.The equipment of mobile equipment 101 is believed
Breath 102 is sent to server 121, and receives the information from server 121.
Storage part 114 is used for storing aftermentioned person identifier so that equipment to be prevented to be forged.
Server 121 includes:It carries out and the certification communication of the communication unit 113 of module 111 and/or mobile equipment 101
User interface part 122;Via the facility information 102 that the reception certification of user interface part 122 module 111 is sent, generation is used for
The device identification be authenticated to mobile equipment 101 and the mark generating unit 123 of person identifier;Equipment to being sent by user
Device identification that information 102 calculates and the device identification being previously stored in server 123 are compared, to judge that user is
No legal authentication department 124;With stored in a manner of establishing correlation calculated by mark generating unit 123 device identification,
Person identifier and the memory of the personal information obtained in advance 125.The personal information wherein obtained in advance includes personal identity card
The information such as piece number, cell-phone number, bank's card number.
In the case of the first mobile device authentication system for using the present invention, the binding of mobile equipment is carried out.Below
The flow of binding is illustrated with reference to Fig. 2.
First, user's registration account number.User can by certification module 111 or pass through certification module 111 with it is mobile
Both equipment is registered by the business hall of financial institution.Registration can use cell-phone number, the bank of user of user
Card number, the identity card piece number of user, user-defined account number name etc..
After user obtains account number by registration and logs in, you can carry out mobile equipment with module 111 by certification
Binding.Specific binding flow is as follows.
As shown in Fig. 2, in step s 201, the equipment that certification obtains mobile equipment with the information acquiring section 112 of module 111
Information 102.Specifically, certification includes unique attribute 103 and not exclusive attribute with the acquisition of information acquiring section 112 of module 111
104 facility information 102, such as IMEI (the International Mobile Equipment of mobile equipment can be obtained
Identity:International Mobile Equipment Identity code), physical address MAC (Media Access Control), unit type, OS
(Operating System:Operating system) type etc..The facility information 102 of acquisition is not limited to above-mentioned attribute, can also there is it
Its attribute.
Then, in step S202, the information got is sent to server by certification with the communication unit 113 of module 111
121。
In step S203, the communication unit 113 that the user interface part 122 of server 121 receives certification module 111 is sent out
The facility information 102 sent, by mark generating unit 123 according to existing algorithm or the generation device identification of exclusive algorithm and individual
The mark of both types is identified, that is, completes the ciphering process to facility information 102.Which kind of well known or exclusive calculation used
Method only server end knows.Device identification and person identifier for generation, mark generating unit 123 deposit it with being previously stored in
Userspersonal information in reservoir 125 establishes correspondence to store.Thus the mobile equipment of user is completed in server end
101 with the binding of account number.
Illustrate above equipment mark and person identifier herein.Equipment of the mark generating unit 123 based on user of server 121
Information (such as IMEI, MAC Address, unit type etc.) generates device identification and person identifier.Wherein device identification is by right
Multiple factors (facility information) are encrypted to describe the mark of equipment feature, and device identification is generated in step S203 to determine
The mobile equipment 101 to be bound, to pass through the device identification in kind generated and the equipment of binding in certification afterwards
Mark compares to judge whether equipment to be certified is the equipment bound.Person identifier is the individual by facility information and user
Information association and generate, in certification afterwards, server can read personal letter from the person identifier that mobile equipment is sent
Breath, therefore the personal information of storage in the server can be retrieved according to person identifier, it is derived from personal information accordingly
Device identification in the server and person identifier are stored, by the person identifier that mobile equipment is sent with storage in the server
Person identifier be compared, be used as judge certification to be moved mobile equipment whether be binding one of mobile equipment mark
It is accurate.
Afterwards, in step S204, the person identifier of generation is sent to by server 121 by user interface part 122 to be recognized
Card after the communication unit 113 of certification module 111 receives the person identifier from server 121, is stored with module 111
In storage part 114.
Fig. 3 shows schematically the binding procedure of mobile equipment shown in Fig. 2.
By above step, the binding of mobile equipment 101, certification module 111 and server 121 is completed.Binding is
It is used as encryption factor by least one, the preferably multiple equipment information that gather mobile equipment 101 to carry out, so improving
Security during equipment 101 is moved in certification.And due to the facility information that mobile equipment 101 has been used during binding, so carrying out
The user account number of binding only can use in the mobile equipment 101 bind, and disabled user uses legal use
The account number at family logs in the mobile equipment of unbundling and will be unable to use, and thus avoids disabled user and is achieving validated user
Account number after the possibility that is used in the mobile equipment of unbundling.
Illustrate that account number that user is bound using mobile device login carrys out the flow of transacting business referring to Fig. 4.
First, in step S301, when user wants transacting business and logs in account number, certification is obtained with module 111 and moved
The facility information 102 of equipment 101 and person identifier in storage part 114, from server 121 is stored in, i.e., local individual
Mark.Person identifier (such as person identifier is deleted by mistake) can not be obtained if as certain reason, then prompts customer service not
It can be with, it is necessary to by the modes such as certification or answer enquirement set by user of making a phone call user be allowed to carry out binding procedure again.
Then, in step s 302, the communication unit 113 of certification module 111 is by the facility information 102 got and local
Person identifier is sent to server 121.
Afterwards, in step S303, the user interface part 122 of server 121 receives the communication unit of certification module 111
After 113 facility informations 102 sent and local person identifier, according to the personal information corresponding to local person identifier, from
The device identification corresponding to the personal information and person identifier are extracted in memory 125.
Then, in step s 304, server 121 is based on the facility information 102 received, using with tying up timing algorithm phase
Same algorithm computing device mark.
Afterwards, in step S305, the authentication department 124 of server 121 compares this device identification calculated, this connects
The local user identifier received and this device identification extracted from memory 125 and person identifier, completely the same
In the case of think send message mobile equipment 101 it is legal, think in the case of not quite identical or inconsistent send message
Mobile equipment 101 it is illegal.
Finally, in step S306, the result of certification is returned to certification module 111 by server 121, in the knot of certification
Fruit is in the case that mobile equipment 101 is legal, user is allowed to handle all business using mobile equipment 101, in the result of certification
In the case of moving equipment 101 illegally, user is not allowed to handle any business using mobile equipment 101 or only allow user
Partial service is handled using mobile equipment 101, such as only user is allowed to carry out checking the shape that account number remaining sum etc. will not change account number
The operation of state.
Embodiment 1
Illustrate the embodiment of the present invention 1 below.In the present embodiment, mobile equipment 101 is the smart mobile phone that user uses,
Bank client app (application program) is installed in smart mobile phone.Certification by the use of module 111 be bank be issued to user as hard
The certification terminal of part.As shown in figure 5, the certification is, for example, to be similar to the hard of mobile phone card reader with headset plug with terminal
Part can be connected by being inserted into smartphone audio frequency hole with smart mobile phone.Certainly, certification terminal and intelligence in the present embodiment
The connection of energy mobile phone is not limited by headset plug, can also pass through data cable connection or wireless connection.With the intelligent hand of user
It can be between smart mobile phone into the transmitting-receiving of row information after machine connection.Server 121 is the server of bank.
User carries out tying up for mobile equipment first after it will authenticate and be connected with terminal with the smart mobile phone that it is held
It is fixed.The flow of detailed description below binding.
First, user can be by the bank client app in smart mobile phone or whole by information such as personal computers
Self-defined user name is held to register account number, bank's card number is bound in the account number of registration to complete Account Registration.Alternatively, user
Account number can be registered using the exclusive information of the users such as bank's card number, identity card piece number or cell-phone number, the account so registered
Number due to corresponding with bank card number, it is possible to directly invoke the account of bank and eliminate user and find bank's card number to bind
Process.This step is identical with the process for registering Mobile banking's account in the prior art.
When user obtains account number by registration and is logged in, you can carry out the smart mobile phone with terminal by certification
Binding.Specific binding flow is as follows.
First, certification obtains the facility information of smart mobile phone with terminal oneself or by bank client app.It obtains
Facility information includes IMEI, physical address MAC, unit type, OS types of smart mobile phone etc..
Then, the equipment got certification with terminal with the wireless network that terminal is had by oneself by smart mobile phone or certification
Information is sent to bank server.
After the facility information that bank server receives the smart mobile phone of user or certification is sent with terminal, according to existing
Some algorithms or the mark of the generation device identification of exclusive algorithm and person identifier both types, that is, complete to facility information
Ciphering process.Which kind of known using well known or exclusive algorithm only bank.
Then, bank server by into both marks of raw device identification and person identifier and user information (such as with
Family account number, bank's card number, identity card piece number etc.) it establishes correspondence and is stored in the memory of bank server, thus in silver
Row server end is bound the account number of user and the smart mobile phone that user is held.
Afterwards, the person identifier of generation is sent to the certification terminal of user by bank server, and certification terminal is connecing
After receiving the person identifier from server, the assigned position of smart mobile phone and/or the storage of certification terminal are stored it in
In portion.
By above step, the binding of smart mobile phone, account No. and bank server is completed.
Illustrate that user carrys out the flow of transacting business using the account number that smart mobile phone login is bound below.
First, when user wants transacting business and logs in account number with terminal by certification, certification obtains smart mobile phone with terminal
Hardware information and be stored in the person identifier that smart mobile phone or certification are sent with the bank server in terminal.
Then, the hardware information got and person identifier are sent to bank with terminal by smart mobile phone or certification to take
Business device.
After bank server receives the facility information and person identifier that smart mobile phone or certification are sent with terminal, root
According to the personal information corresponding to person identifier, the device identification corresponding to the personal information and personal mark are extracted from memory
Know.
Also, server utilizes the algorithm computing device mark identical with tying up timing algorithm based on the facility information received
Know.
Afterwards, server compare device identification, this user identifier received that this calculates and this from storage
The device identification extracted in device and user identifier think that the smart mobile phone for sending message is legal in the case of completely the same,
Think that the smart mobile phone for sending message is illegal in the case of not quite identical or inconsistent.
Finally, the result of certification is returned to certification terminal by bank server, is closed in the result of certification for smart mobile phone
In the case of method, user is allowed to handle all business using smart mobile phone, and the result in certification is the illegal feelings of smart mobile phone
Under condition, user is not allowed to handle any business using smart mobile phone or only user is allowed to handle part industry using smart mobile phone
Business, such as only user is allowed to check account balance, check that currency rate, utilization of a loan calculator etc. will not change Account Status
Business transfers accounts without user is allowed to handle, buys finance product etc. and can change the business of Account Status.
In the present embodiment, certification of the user by the use of multiple equipment information, that is, multiple-factor by being used as hardware is tied up with terminal
Determine smart mobile phone and account No., thereby, it is possible to obtain at least with dynamic token of the prior art and mobile digital certificate phase
Same safe effect.Also, the certification in the present embodiment by the use of terminal can be easily with smart mobile phone as mobile equipment etc.
It is attached, with being better than dynamic token and mobile digital certificate in terms of the matching of mobile equipment.
Embodiment 2
Illustrate the embodiment of the present invention 2 below.In the present embodiment, mobile equipment 101 be user use without movement
The tablet computer of network is equipped with bank client app in the tablet computer.Certification is that bank is issued to user with terminal 111
The certification terminal as hardware, certification can connect mobile network by the use of terminal and pass through as the flat of hot spot and user
Plate computer can connect mobile network, that is, have the function of, as carry-on Wi-Fi, also have certainly as above-described embodiment 1
The function for certification.An example of the certification terminal of the present embodiment is as shown in fig. 6, wherein server 121 is the clothes of bank
Business device.
Certification terminal can connect mobile network by built-in SIM card or usim card, be connected to recognizing for mobile network
Card causes the tablet computer of user to be connectable to certification terminal and mobile network by the use of terminal as hot spot.User is by institute
After the tablet computer connection certification terminal held, the binding of mobile equipment is carried out first.The stream of detailed description below binding
Journey.
First, user can be by the bank client app in tablet computer or whole by information such as personal computers
Self-defined user name is held to register account number, bank's card number is bound in the account number of registration to complete Account Registration.Alternatively, user
Account number can be registered using the exclusive information of the users such as identity card piece number or cell-phone number, the account number so registered due to silver
Row card number corresponds to, it is possible to directly invoke the account of bank and eliminate the process that user finds bank's card number to bind.This
Step is identical with the process for registering Mobile banking's account in the prior art.
When user obtains account number by registration and is logged in, you can carry out the tablet computer with terminal by certification
Binding.Specific binding flow is as follows.
First, certification obtains the facility information of tablet computer with terminal oneself or by bank client app.It obtains
Facility information includes IMEI, physical address MAC, unit type, OS types of tablet computer etc..
Then, the facility information that certification is got with terminal is sent to by silver with the wireless network that terminal is had by oneself by certification
Row server.
After bank server receives the facility information that the certification of user is sent with terminal, according to well known algorithm or
Exclusive algorithm generation device identification and the mark of person identifier both types.Complete the ciphering process to equipment.It uses
Which kind of well known or exclusive algorithm only bank knows.
Then, bank server by into both marks of raw device identification and person identifier and user information (such as with
Family account number, bank's card number, identity card piece number etc.) it establishes correspondence and is stored in the memory of bank server, thus in silver
Row server end is bound the account number of user and the tablet computer that user is held.
Afterwards, the person identifier of generation is sent to the certification terminal of user by bank server, and certification terminal is connecing
After receiving the person identifier from server, the assigned position of tablet computer and/or the storage of certification terminal are stored it in
In portion.
By above step, the binding of tablet computer, account No. and bank server is completed.
Illustrate that user carrys out the flow of transacting business using the account number that tablet computer login is bound below.
First, when user wants transacting business and logs in account number with terminal by certification, certification obtains tablet computer with terminal
Hardware information and be stored in the person identifier that tablet computer or certification are sent with the bank server in terminal.
Then, the hardware information got and person identifier are sent to by bank server with terminal by certification.
After bank server receives the facility information and person identifier that certification is sent with terminal, according to person identifier
Corresponding personal information extracts the device identification corresponding to the personal information and person identifier from memory.
Also, server utilizes the algorithm computing device mark identical with tying up timing algorithm based on the facility information received
Know.
Afterwards, server compare device identification, this user identifier received that this calculates and this from storage
The device identification extracted in device and user identifier think the tablet computer conjunction as informed source in the case of completely the same
Method thinks that the tablet computer as informed source is illegal in the case of not quite identical or inconsistent.
Finally, the result of certification is returned to certification terminal by bank server, is closed in the result of certification for tablet computer
In the case of method, user is allowed to handle all business using tablet computer, and the result in certification is the illegal feelings of tablet computer
Under condition, user is not allowed to handle any business using tablet computer or only user is allowed to handle part industry using tablet computer
Business, such as only user is allowed to check account balance, check that currency rate, utilization of a loan calculator etc. will not change Account Status
Business transfers accounts without user is allowed to handle, buys finance product etc. and can change the business of Account Status.
In the present embodiment, certification of the user by being used as hardware binds tablet computer and account No. with terminal, by
This, can obtain safe effect at least identical with dynamic token of the prior art and mobile digital certificate.Also, this implementation
Certification in example can be used as carry-on Wi-Fi with terminal so that cannot connect to the tablet computer of mobile network can be used as energy
The mobile equipment enough to network is used for handling bank business.Such certification terminal cannot connect to mobile network for only holding
Mobile equipment user for be necessary hardware, so will not increase user carry when burden.
Embodiment 3
Using the certification of hardware by the use of terminal as certification module 111 in embodiment 1 and embodiment 2, since user is led to
Crossing needs to carry certification terminal when moving equipment using banking, there are portability in terms of deficiency.In embodiment 2
Described in user need to carry certification terminal as carry-on Wi-Fi, but most users are all held and can be connected in itself
The mobile equipment of wireless network, such as smart mobile phone are connect, therefore for most users, is carried as carry-on Wi-Fi's
Certification is extra with terminal.So in following embodiments 3, mobile equipment 101 is the intelligence by connecting mobile network
Mobile phone, server 121 are, for example, the server of operator, and the client of operator end app in the smart mobile phone is in itself
Have the function of as certification module 111.Fig. 7 is the schematic diagram for representing the present embodiment 3.
After user installs client of operator end app in its smart mobile phone held, mobile equipment is carried out first
Binding.The flow of detailed description below binding.
First, user can register account number with self-defined user name, and cell-phone number is bound in the account number of registration to complete account
It registers at family.Alternatively, user can also register account number using the exclusive information of the users such as identity card piece number, the account number so registered
Due to corresponding with cell-phone number, so also there is identical effect with cell-phone number registration.This step is runed with registration in the prior art
The process of business's client app accounts is identical.
When user obtains account number by registration and logs in, you can carry out the smart mobile phone by client of operator end app
Binding.Specific binding flow is as follows.
First, client of operator end app obtains the facility information of smart mobile phone.The facility information of acquisition includes smart mobile phone
IMEI, physical address MAC, unit type, OS types etc..
Then, the facility information got is sent to carrier server by client of operator end app by wireless network.
After the facility information that the smart mobile phone that carrier server receives user is sent, according to well known algorithm or
Exclusive algorithm generation device identification and the mark of person identifier both types.Complete the ciphering process to equipment.It uses
Which kind of well known or exclusive algorithm only operator knows.
Then, carrier server to user information (such as user account number, cell-phone number, identity card piece number etc.) and is generating
Two kinds of mark bound, the intelligent hand for thus being held the account number of user and user at carrier server end
Machine is bound.
Afterwards, the person identifier of generation is sent to the client of operator installed on user's smart mobile phone by carrier server
App is held, after client of operator end app receives the person identifier from server, stores it in the predetermined bits of smart mobile phone
It puts, such as in the file where the app of client of operator end.
By above step, the binding of smart mobile phone, operator's account number and carrier server is completed.
Illustrate that user carrys out the flow of transacting business using the account number that smart mobile phone login is bound below.
First, when user wants transacting business and logs in account number by client of operator end app, client of operator end app is obtained
The personal mark being stored in smart mobile phone that the hardware information being stored in smart mobile phone and carrier server is taken to send
Know.
Then, the facility information got and person identifier are sent to carrier server by client of operator end app.
After carrier server receives the facility information and person identifier that client of operator end app is sent, according to
Personal information corresponding to person identifier extracts the device identification corresponding to the personal information and person identifier from memory.
Also, carrier server is calculated based on the facility information received using the algorithm identical with tying up timing algorithm
Device identification.
Afterwards, carrier server compares the device identification, this user identifier received and this that this calculates
The device identification extracted from memory and user identifier think to send the smart mobile phone of information in the case of completely the same
It is legal, think that the smart mobile phone for sending information is illegal in the case of not quite identical or inconsistent.
Finally, the result of certification is returned to client of operator end app by carrier server, is intelligence in the result of certification
In the case that mobile phone is legal, user is allowed to handle all business using smart mobile phone, and the result in certification is non-for smart mobile phone
In the case of method, user is not allowed to handle any business using smart mobile phone or only user is allowed to handle portion using smart mobile phone
Separate service, such as only user is allowed to check that account balance, historical bills, questionnaire survey etc. will not change the business of Account Status,
It is handled without permission user and checks that call detailed list, purchase flow bag etc. are related to privacy of user or to change the industry of Account Status
Business.
In the present embodiment, the client of operator end app in smart mobile phone is used as certification terminal, so user
Installing client of operator end app and registering can be conveniently added in the Verification System of the present invention, and user need to only take
Certification can be completed in the smart mobile phone that band is equipped with client of operator end app and is bound, should so as to utility
The safety of smart mobile phone transacting business.
In above-mentioned 3 embodiments, instantiate smart mobile phone and tablet computer is used as mobile equipment 101, but it is of the invention
Mobile equipment 101 be not limited to smart mobile phone and tablet computer, such as can also be handheld device, police identity document verification
Device etc. itself or the other mobile equipment that can be networked by wireless network.In addition, as certification module 111, embodiment
Middle illustration is the certification terminal of bank's granting and the client of operator, for handling the business of bank and operator, but
It is that certification module 111 of the invention is not limited to use in bank and operator, it can the finance as Alipay, wechat payment
Mobile payment when mechanism is for purchase service or product, the electronics Stored Value that can also be issued in the member of supermarket using the supermarket
It is used during card.As long as it is related to business handling, can uses this in particular in the scene of the business handling of mobile payment
The mobile device authentication system of invention and mobile equipment authentication method.
The above is only a preferred embodiment of the present invention, it is noted that for those skilled in the art,
On the premise of not departing from the principle of the invention and basis, several improvement, retouching can also be made, replace step combination etc., these change
Into, retouching, replace step combination etc. should also be protection scope of the present invention.It will be understood by those skilled in the art that energy of the present invention
Enough it is provided as system, method or computer program product.The present invention can be realized completely by hardware realization, completely by software or
It is realized with reference to software and hardware.
Claims (8)
1. a kind of mobile device authentication system being authenticated to mobile equipment, which is characterized in that including:
What user held is equipped with the mobile equipment of mobile client;
Certification module with information acquiring section, communication unit and storage part;With
Server with mark generating unit and authentication department will be based on the shifting in the server by the mark generating unit
The device identification of facility information generation of dynamic equipment and the person identifier of user and the user for being registered in the server in advance
People's information is mapped storage,
When the user logs in the mobile client, described information acquisition unit obtain the mobile equipment facility information and
Person identifier in the storage part, by the mark generating unit generation is previously stored in, and will be obtained by the communication unit
To facility information and person identifier be sent to the server,
The mark generating unit generates device identification to be certified based on the facility information that the server receives,
The authentication department is to the person identifier that the device identification to be certified of generation and the server receive with being stored in institute
It states the device identification as certification benchmark in server and person identifier is compared to judge that user is used for logging in shifting respectively
Whether the mobile equipment of dynamic client is legal, and will determine that result sends back to the certification module.
2. mobile device authentication system as described in claim 1, it is characterised in that:
When user first logs into the mobile client for being installed on mobile equipment, described information acquisition unit obtains the movement equipment
Facility information, and the facility information got is sent to the server by the communication unit,
The mark generating unit generates device identification and person identifier based on the facility information that the server receives and will be raw
Into device identification and person identifier be mapped and be stored in the server with the userspersonal information,
The person identifier of generation is sent to the certification module by the server, and is stored in it with module by the certification
In storage part.
3. mobile device authentication system as claimed in claim 1 or 2, it is characterised in that:
The userspersonal information corresponding to person identifier that the server is sent by retrieving the communication unit deposits to extract
Device identification as certification benchmark and person identifier of the storage in the server.
4. mobile device authentication system as claimed any one in claims 1 to 3, it is characterised in that:
Facility information includes the IMEI and MAC Address of mobile equipment.
5. a kind of mobile device authentication system that mobile equipment by being equipped with mobile client, certification are formed with module and server
The mobile equipment authentication method that system is authenticated mobile equipment, which is characterized in that including:
The step of user is with mobile device login mobile client;
The certification with module obtain the movement equipment facility information and be previously stored in the certification module, by servicing
The step of person identifier of the user of the mobile equipment of device generation;
The step of facility information got and person identifier are sent to the server;
The step of server generates device identification to be certified based on the facility information received;
The server is to the device identification to be certified of generation and the person identifier received and is stored in the server
Device identification as certification benchmark and person identifier be compared to judge that user is used for logging in mobile client respectively
The whether legal step of mobile equipment;With
It will determine that the step of result sends back to the certification module.
6. mobile equipment authentication method as claimed in claim 5, it is characterised in that:
It is followed the steps below when user first logs into the mobile client for being installed on mobile equipment:
The step of obtaining the facility information of mobile equipment and the facility information got be sent to the server;
The server based on the facility information generation device identification received and person identifier and by the device identification of generation and
Person identifier is mapped the step being stored in the server with the userspersonal information;
The person identifier of generation is sent to the certification with module and is stored by the certification with module by the server
The step of.
7. such as mobile equipment authentication method described in claim 5 or 6, it is characterised in that:
When the server receives the device identification sent and person identifier, based on corresponding to the person identifier received
Userspersonal information extraction be accordingly stored in the user's personal information in advance the server, it is as certification benchmark
Device identification and person identifier, wherein the userspersonal information is registered in the server in advance.
8. the mobile equipment authentication method as any one of claim 5 to 7, it is characterised in that:
Facility information includes the IMEI and MAC Address of mobile equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611081754.XA CN108122108A (en) | 2016-11-30 | 2016-11-30 | Mobile device authentication system and mobile equipment authentication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201611081754.XA CN108122108A (en) | 2016-11-30 | 2016-11-30 | Mobile device authentication system and mobile equipment authentication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108122108A true CN108122108A (en) | 2018-06-05 |
Family
ID=62226128
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201611081754.XA Pending CN108122108A (en) | 2016-11-30 | 2016-11-30 | Mobile device authentication system and mobile equipment authentication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108122108A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111641718A (en) * | 2020-06-01 | 2020-09-08 | 北京弘远博学科技有限公司 | Method for authenticating APP identity at mobile phone terminal |
| CN112712402A (en) * | 2020-12-23 | 2021-04-27 | 航天信息股份有限公司 | Identity authentication system for issuing electronic invoice |
| CN113469698A (en) * | 2021-06-30 | 2021-10-01 | 深圳市商汤科技有限公司 | Registration method, system, electronic device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103428699A (en) * | 2013-07-16 | 2013-12-04 | 李锦风 | Registration binding and identity authentication method based on mobile phone hardware feature information |
| CN105450416A (en) * | 2014-09-01 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Security authentication method and apparatus |
| US20160277382A1 (en) * | 2010-11-17 | 2016-09-22 | Invysta Technology Group | Validation database resident on a network server and containing specified distinctive identifiers of local/mobile computing devices may be used as a digital hardware key in the process of gaining authorized access to a users online website account such as, but not limited to, e-Commerce website accounts, online financial accounts and online email accounts |
-
2016
- 2016-11-30 CN CN201611081754.XA patent/CN108122108A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160277382A1 (en) * | 2010-11-17 | 2016-09-22 | Invysta Technology Group | Validation database resident on a network server and containing specified distinctive identifiers of local/mobile computing devices may be used as a digital hardware key in the process of gaining authorized access to a users online website account such as, but not limited to, e-Commerce website accounts, online financial accounts and online email accounts |
| CN103428699A (en) * | 2013-07-16 | 2013-12-04 | 李锦风 | Registration binding and identity authentication method based on mobile phone hardware feature information |
| CN105450416A (en) * | 2014-09-01 | 2016-03-30 | 阿里巴巴集团控股有限公司 | Security authentication method and apparatus |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111641718A (en) * | 2020-06-01 | 2020-09-08 | 北京弘远博学科技有限公司 | Method for authenticating APP identity at mobile phone terminal |
| CN111641718B (en) * | 2020-06-01 | 2023-06-20 | 北京弘远博学科技有限公司 | Mobile phone terminal APP identity authentication method |
| CN112712402A (en) * | 2020-12-23 | 2021-04-27 | 航天信息股份有限公司 | Identity authentication system for issuing electronic invoice |
| CN113469698A (en) * | 2021-06-30 | 2021-10-01 | 深圳市商汤科技有限公司 | Registration method, system, electronic device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI716056B (en) | Identity authentication, number storage and sending, and number binding method, device and equipment | |
| US9646296B2 (en) | Mobile-to-mobile transactions | |
| CN100492966C (en) | Identity certifying system based on intelligent card and dynamic coding | |
| US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
| CN106157025A (en) | The mobile terminal safety method of payment of identity-based card and system | |
| CN104321777B (en) | Public identifier is generated to verify the personal method for carrying identification object | |
| CN106161359A (en) | The method and device of certification user, the method and device of registration wearable device | |
| CN106416189A (en) | Systems, apparatus and methods for improved authentication | |
| US20120102551A1 (en) | System for Two Way Authentication | |
| CN202210326U (en) | Personal payment terminal provided with keyboard | |
| CN104320779A (en) | Near field communication authentication method based on U/SIM card authentication response and time-limited feedback | |
| CN107231331A (en) | Obtain, issue the implementation method and device of electronic certificate | |
| CN103929425B (en) | A kind of identity registration, identity authentication method, equipment and system | |
| CN104967553B (en) | Method for message interaction and relevant apparatus and communication system | |
| CN107609877A (en) | The exchanging method and system of a kind of bio-identification | |
| CN104125230B (en) | A kind of short message certification service system and authentication method | |
| CN110290134A (en) | A kind of identity identifying method, device, storage medium and processor | |
| CN105550928A (en) | System and method of network remote account opening for commercial bank | |
| CN107122977A (en) | A kind of payment system based on bio-identification | |
| CN102238193A (en) | Data authentication method and system using same | |
| CN106411950A (en) | Block-chain transaction ID based authentication method, device and system | |
| CN104778579A (en) | Induction payment method and device based on electronic identity recognition carrier | |
| US20180204214A1 (en) | Systems and methods for transaction authentication using dynamic wireless beacon devices | |
| CN109242666A (en) | Personal reference method, apparatus and computer equipment are obtained based on block chain | |
| US20100175120A1 (en) | Multi-layer data mapping authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180605 |
|
| RJ01 | Rejection of invention patent application after publication |