CN115796865A - Transaction authentication method, device, equipment and readable medium - Google Patents

Transaction authentication method, device, equipment and readable medium Download PDF

Info

Publication number
CN115796865A
CN115796865A CN202211352123.2A CN202211352123A CN115796865A CN 115796865 A CN115796865 A CN 115796865A CN 202211352123 A CN202211352123 A CN 202211352123A CN 115796865 A CN115796865 A CN 115796865A
Authority
CN
China
Prior art keywords
transaction
authentication
signature
information
external terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211352123.2A
Other languages
Chinese (zh)
Inventor
赵惊
王宁
丁利
刘德清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agricultural Bank of China
Original Assignee
Agricultural Bank of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Agricultural Bank of China filed Critical Agricultural Bank of China
Priority to CN202211352123.2A priority Critical patent/CN115796865A/en
Publication of CN115796865A publication Critical patent/CN115796865A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a transaction authentication method, a transaction authentication device, transaction authentication equipment and a readable medium. The method comprises the following steps: receiving authentication application information from a transaction terminal, wherein the authentication application information corresponds to a single transaction initiated by the transaction terminal and is used for transaction authentication of the transaction; sending the authentication application information to an external terminal so that the external terminal carries out authentication signature on the authentication application information; and verifying the authentication signature, and passing the transaction authentication when the verification is passed. Based on the scheme, when the user transfers the money through the online bank website, the physical safety medium can be replaced by other external terminals, so that the inconvenience of carrying the medium is avoided, the online bank transaction is more convenient, and the usability of the online bank transaction is improved.

Description

Transaction authentication method, device, equipment and readable medium
Technical Field
The invention relates to the technical field of financial services, in particular to a transaction authentication method, a device, equipment and a readable medium.
Background
At present, the security authentication means of online banking transactions is mainly a physical security medium, each bank uses physical media such as a K treasure and a K order, private keys and digital certificates of users are stored, when the users perform transaction account transfer through the online banking, the users insert the physical security medium into an account transfer terminal, and complete authentication is prompted according to operation.
Meanwhile, when the user transfers the account, the user needs to carry the physical security medium with him or her, and when the physical security medium is left or is not nearby, the transaction on the internet bank cannot be verified, so that the account transfer and other related functions cannot be performed, and the usability is poor.
Therefore, there is a need for a way to achieve transaction authentication without physical security media, and to improve the ease of use of online banking transactions.
Disclosure of Invention
The invention provides a transaction authentication method, a transaction authentication device, transaction authentication equipment and a readable medium, which can replace a traditional physical security medium through other external terminals so as to improve the usability of online banking transactions.
According to an aspect of the present invention, there is provided a transaction authentication method, including:
receiving authentication application information from a transaction terminal, wherein the authentication application information corresponds to a single transaction initiated by the transaction terminal and is used for transaction authentication of the transaction;
sending the authentication application information to an external terminal so that the external terminal carries out authentication signature on the authentication application information;
and verifying the authentication signature, and passing the transaction authentication when the verification is passed.
Optionally, the authentication application information includes a signature of the transaction terminal and transaction information of a corresponding transaction, and correspondingly, the sending the authentication application information to an external terminal includes:
storing the transaction information and the signature of the transaction terminal and generating corresponding query parameters;
and sending the query parameters to the external terminal so that the external terminal acquires the transaction information and the signature of the transaction terminal according to the query parameters.
Optionally, the sending the query parameter to the external terminal includes:
generating verification information according to the query parameters;
and displaying the verification information through the transaction terminal so that the external terminal acquires the query parameters through the verification information.
Optionally, after receiving the authentication application information, the external terminal signs the authentication application information according to its own digital certificate; correspondingly, the verifying the authentication signature and the transaction authentication when the verification is passed comprises:
receiving a signature result returned by the external terminal;
and checking the signature result, and passing the transaction authentication when the signature result passes the verification.
Optionally, the external terminal is configured to perform an authentication signature by one of the following methods: raw check label, raw check abstract, attached check label and Detached check label; correspondingly, the verifying the signature result includes:
determining an authentication signature mode of the external terminal;
and checking the signature according to the authentication signature mode.
Optionally, the external terminal is configured to encrypt the signature result through an asymmetric encryption algorithm; correspondingly, before the signature verification is performed on the signature result, the method further includes:
determining a public key of an asymmetric encryption algorithm used by the external terminal;
and decrypting the encrypted signature result by the public key.
Optionally, after the authentication passes the transaction authentication when the verification passes, further comprising:
generating prompt information representing that the transaction authentication passes;
and pushing the prompt information to the transaction terminal so that the transaction terminal displays the prompt information.
According to another aspect of the present invention, there is provided a transaction authentication apparatus comprising:
the information receiving unit is used for receiving authentication application information from a transaction terminal, wherein the authentication application information corresponds to a single transaction initiated by the transaction terminal, and the authentication application information is used for transaction authentication passing the transaction;
an information sending unit, configured to send the authentication application information to an external terminal, so that the external terminal performs an authentication signature on the authentication application information;
and the signature verification unit is used for verifying the authentication signature and passing the transaction authentication when the authentication passes.
According to another aspect of the present invention, there is provided an electronic apparatus including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform a transaction authentication method according to any embodiment of the invention.
According to another aspect of the present invention, there is provided a computer-readable storage medium having stored thereon computer instructions for causing a processor to execute a method of authenticating a transaction according to any one of the embodiments of the present invention.
According to the technical scheme of the embodiment of the invention, authentication application information from a transaction terminal is received, wherein the authentication application information corresponds to a single transaction initiated by the transaction terminal and is used for transaction authentication of the transaction; sending the authentication application information to an external terminal so that the external terminal can carry out authentication signature on the authentication application information; and verifying the authentication signature, and passing the transaction authentication when the verification is passed. Based on the scheme, when the user transfers the account through the online bank website, the physical safety medium can be replaced by other external terminals, so that inconvenience of carrying the medium with him is avoided, the online bank transaction is more convenient, and the usability of the online bank transaction is improved.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present invention, nor do they necessarily limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a transaction authentication method according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for sending an authentication application message according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a transaction authentication device according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device implementing the transaction authentication method according to the embodiment of the present invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example one
Fig. 1 is a flowchart of a transaction authentication method according to an embodiment of the present invention, where the method is applicable to a case where transfer authentication cannot be passed due to a lost or forgotten physical security media carried in a transfer transaction performed through internet banking, and the method may be performed by a transaction authentication device, which may be implemented in a form of hardware and/or software, and the transaction authentication device may be configured in a computer. As shown in fig. 1, the method includes:
s110, authentication application information from a transaction terminal is received, wherein the authentication application information corresponds to a single transaction initiated by the transaction terminal, and the authentication application information is used for transaction authentication of the transaction.
At present, the security authentication means of the online bank transfer is mainly physical security media, each bank uses physical media such as K treasures and K orders, private keys and digital certificates of users are stored, when the users transfer accounts through the online bank, the users are prompted to insert the physical security media (or view the display of the physical security media), and complete authentication is achieved according to operation prompts. In general, the K treasure type supports repudiation prevention due to high safety and has a high transfer amount. Under the condition that the physical security medium is not nearby, authentication application information can be initiated, and the representation application carries out the authentication of the transaction in an authentication mode except the physical security medium. The transaction terminal is a device capable of logging in the internet bank, and considering the security and hardware compatibility of mobile devices such as mobile phones and tablet computers, for example, the problems that an interface of a physical security medium is not supported or a security control required by the internet bank cannot be downloaded or installed, the transaction terminal is usually a notebook computer or a desktop computer, namely, a PC internet bank system. The PC online bank system generally operates on a server by a server side, uses a client PC browser to request service, presents the service of the system to a client by the browser of a client computer side, and is realized by using a user password and a physical security medium in the operation process of identity authentication, denial prevention and the like of the client when financial service is provided for the client.
S120, sending the authentication application information to an external terminal so that the external terminal can carry out authentication signature on the authentication application information.
The authentication signature may be by way of a digital certificate. Digital certificates are a highly secure class of transaction authentication technology that is currently in common use. For financial electronic transactions, encryption and decryption technologies (security technologies such as encryption transmission, digital signature and digital envelope) with a digital certificate as a core can encrypt and decrypt information transmitted on a network, and verify digital signature and signature, so that confidentiality and integrity of information transmitted on the network and resistance to transactions are ensured. The encryption and decryption technology taking the digital certificate as the core is developed for years to form a mature technical system, and a large number of users who pay attention to safety also develop corresponding use habits. Meanwhile, related transactions are protected by laws of an electronic signature method and are widely applied to the field of network finance. At present, in the field of mobile financial Internet, digital certificate products commonly used by banks comprise an audio K treasure and a Bluetooth K treasure. They can better meet the security requirements of electronic transactions in the mobile financial internet. However, since the use of the electronic device requires the hardware security medium to be carried with the electronic device, the electronic device is not easy to use, and the electronic device is easy to be bought when the electronic device wants to trade.
The external terminal may be a mobile device that the user carries with him at ordinary times, such as a mobile phone, a tablet computer, a smart watch, and the like. Correspondingly, in order to be the same as the bank end corresponding to the transaction, the verification terminal needs to run the corresponding mobile phone bank APP, namely if account transfer operation needs to be carried out on the internet bank for some reason (under the condition that information processing quantity such as enterprise generation wage is large), the mobile phone bank APP can be used for replacing a physical safety medium to a certain extent to carry out electronic signature of account transfer action, and therefore physical medium-free safe account transfer is achieved.
S130, verifying the authentication signature, and passing the transaction authentication when the verification is passed.
Similar to transaction authentication through a physical security medium, the authentication signature is used as a substitute for the physical security medium for transaction authentication, and when the authentication is passed, the user can continue to complete online banking transactions at a transaction terminal.
According to the technical scheme of the embodiment of the invention, authentication application information from a transaction terminal is received, wherein the authentication application information corresponds to a single transaction initiated by the transaction terminal and is used for transaction authentication of the transaction; sending the authentication application information to an external terminal so that the external terminal carries out authentication signature on the authentication application information; and verifying the authentication signature, and passing the transaction authentication when the verification is passed. Based on the scheme, when the user transfers the account through the online bank website, the physical safety medium can be replaced by other external terminals, so that inconvenience of carrying the medium with him is avoided, the online bank transaction is more convenient, and the usability of the online bank transaction is improved.
Example two
Fig. 2 is a flowchart of a method for sending an authentication application message according to a second embodiment of the present invention, which is further explained based on the above embodiments. As shown in fig. 2, the method includes:
s210, storing the transaction information and the signature of the transaction terminal and generating corresponding query parameters.
The authentication application information comprises the signature of the transaction terminal and the transaction information of the corresponding transaction. The signature of the transaction terminal refers to the identification of the equipment such as a computer for performing online banking transaction. When the online banking transaction is carried out, a user enters the account transfer transaction after logging in the online banking by using a user name and a password, the account transfer transaction needs to fill transaction information such as transaction amount, a transaction target account, transaction remark information and the like, and after the transaction information is filled, a account transfer application is submitted, at the moment, the online banking system prompts the user to carry out safety signature, and can select to insert a physical medium into an equipment socket of a transaction terminal, use a K order or pass through an external terminal for verification when the former two are unavailable.
The scheme of the embodiment of the invention can be realized by the internet bank background server and the basic background server, and the basic background server is a group concept comprising data storage, public key management, signature verification service and the like. After the user selects to pass the verification of the external terminal, the transaction terminal sends the transaction information and the signature to the online bank background server, the online bank background server forwards the transaction information and the signature to the basic background server, and the basic background server stores the transaction information and the signature. After the basic background server finishes storing the transaction information, a query parameter for acquiring the transaction information is returned to the online bank background server, and the stored transaction information can be acquired by transferring the query parameter through calling a specific interface.
S220, sending the query parameters to the external terminal so that the external terminal can obtain the transaction information and the signature of the transaction terminal according to the query parameters.
In the embodiment of the present invention, sending the query parameter to the external terminal includes: generating verification information according to the query parameters; and displaying the verification information through the transaction terminal so that the external terminal acquires the query parameters through the verification information.
In order to facilitate a user to acquire the query parameters through an external terminal such as a mobile phone, the verification information can be in a two-dimensional code form, namely, the online bank background server generates a two-dimensional code according to the query parameters and sends the two-dimensional code to the transaction terminal, the transaction terminal displays the two-dimensional code on a screen, the user can acquire the query parameters by scanning the two-dimensional code, and requests the stored corresponding signature and original text of the transaction information from the basic background server according to the query parameters. In order to improve interactive security, can set up the two-dimensional code and only call the camera by in corresponding cell-phone bank APP and sweep the sign indicating number, only scan the content that the two-dimensional code can just read the two-dimensional code through cell-phone bank APP promptly, scan through other modes and do not show the content. The mobile banking App generally supports scanning operation, identifies the two-dimensional code, and invokes related transactions according to transaction information included in the two-dimensional code. Because the mobile banking APP can also perform login verification, face recognition and other security verification when in use, the interaction security can be improved. The use of the query parameters accords with a minimum information principle, namely transaction information and signatures are transmitted in the background, and the two-dimensional code only transmits the query parameters for obtaining the transaction information to the mobile banking APP, which is a meaningless random code and does not contain sensitive information. The mobile banking obtains the transaction information, generally, the mobile banking background inquires a basic service background, belongs to communication between servers, and is safe and controllable.
In the embodiment of the invention, after receiving the authentication application information, the external terminal signs the authentication application information according to a digital certificate of the external terminal; correspondingly, the verifying the authentication signature and the transaction authentication when the verification is passed comprises: receiving a signature result returned by the external terminal; and checking the signature result, and passing the transaction authentication when the signature result passes the verification.
In the case of the external terminal being a mobile phone, the digital certificate of the mobile phone shield is used to sign the signature and the original text of the transaction data during the signature. With the rapid development of the mobile phone chip technology, the mobile phone shield technology gradually matures, and the problem of insufficient usability of the traditional digital certificate technology in a mobile scene is well solved. The mobile phone shield technology can be simply considered as a digital certificate taking mobile phone hardware as a medium, and the problem that the traditional digital certificate is inconvenient to carry about in a mobile scene is solved because the digital certificate is arranged in a mobile phone, so that the demand of people on safe and quick transaction in the mobile scene at will is well met.
The mobile phone shield technology is slightly lower than the second generation KEY in safety, does not need to carry an additional authentication medium, and has higher usability compared with an audio KEY and a Bluetooth KEY. Based on the combination of TEE + SE at a mobile phone end and PKI technology, authentication and transaction are realized in a security module (SE, secure Element), PIN code input, transaction information display and transaction confirmation are realized in a security Interface (TUI, trusted User Interface), and the effect of 'what you see is what you sign' is achieved.
The TEE is a Trusted Execution Environment (Trusted Execution Environment), the SE is a Secure Element (Secure Element), and is a security chip for preventing physical attacks, and the Secure Element includes a microprocessor, storage, encryption and decryption hardware, and the like, and can be used independently (for example, chip card) or embedded in other devices (for example, apple Pay) to provide high security services. Generally, SE is the highest security level device that ordinary people can reach, and hardware KEY is also understood to be one of SE. Under the condition that the TEE environment is safe enough, the mobile phone shield technology is close to the second generation KEY, and the effect of what you see is what you sign can be achieved. At the moment, the SE security chip and the second-generation KEY private KEY are the same in derived security level, and meanwhile, the processes of screen playback of the data to be signed of the second-generation KEY and secondary confirmation of the user are similar to the process principles of screen playback of the data to be signed of the TEE security environment and secondary confirmation of the user, and the effects of Trojan attack prevention can be achieved. The mobile phone shield technology is convenient and easy to use, signature can be carried anytime and anywhere by carrying the mobile phone, and the security is relatively high. The transaction information is transmitted to the mobile phone through the two-dimensional code in a mode similar to WeChat code-scanning payment by combining with a mode supported by Out of Band of the mobile phone, transaction confirmation and signature are carried Out on the mobile phone at any time and any place, and the application range and the application channel of the mobile phone can be greatly expanded.
In this embodiment of the present invention, the verifying the signature result includes: determining an authentication signature mode of the external terminal; and checking the signature according to the authentication signature mode.
When the external terminal signs the transaction information, in order to perform identity authentication and ensure the integrity and the resistance to denial of the information, different signature methods are adopted according to different requirements of security levels, and one of the following four methods is usually selected: raw check label, raw check abstract, attached check label and Detached check label. And signing the transaction information according to different signing modes to obtain a signing result. Wherein, raw checks: the digital signature can be verified by comparing the value obtained by verifying the digital signature using the public key with the hash value of the original data. Raw test abstract: the digital signature can be verified by comparing the value obtained by verifying the digital signature using the public key with the hash value of the original digest data. Attached label checking: when the signature is verified, only the signature result needs to be submitted to a server for verification. Detached checking label: when the signature is verified, the data original text and the signature result need to be submitted to a server for verification. Correspondingly, when the signature result is verified, the signature mode used by the external terminal needs to be determined, and the signature is verified in a corresponding mode.
In the embodiment of the present invention, the external terminal is configured to encrypt the signature result through an asymmetric encryption algorithm; correspondingly, before the signature verification is performed on the signature result, the method further includes: determining a public key of an asymmetric encryption algorithm used by the external terminal; and decrypting the encrypted signature result by the public key.
And all data in the interaction process can be encrypted and transmitted by adopting an asymmetric encryption algorithm. The asymmetric encryption algorithm is a secret method of a secret key. Asymmetric encryption algorithms require two keys: a public key and a private key. The public key and the private key are a pair, and if data is encrypted by the public key, the data can be decrypted only by the corresponding private key. This algorithm is called asymmetric encryption algorithm because two different keys are used for encryption and decryption. The basic process of realizing confidential information exchange by the asymmetric encryption algorithm is as follows: the first party generates a pair of secret keys and discloses the public keys, and other roles (the second party) needing to send information to the first party encrypt the confidential information by using the secret keys (the public keys of the first party) and then send the encrypted confidential information to the first party; and the first party decrypts the encrypted information by using the private key of the first party. The method is characterized in that when the party A wants to reply to the party B, the opposite is true, the public key of the party B is used for encrypting data, and similarly, the party B uses the private key of the party B for decrypting. Party a can only decrypt any information encrypted by his public key with his private key. The security of asymmetric cryptographic algorithms is good, eliminating the need for end users to exchange keys. The asymmetric cryptosystem has the characteristics that: the algorithm is complex in strength and security, depends on the algorithm and the secret key, but the encryption and decryption speed is not as fast as the symmetric encryption and decryption speed due to the complex algorithm. The symmetric cryptosystem has only one kind of key and is not public, and if the key is required to be decrypted, the opposite party can know the key. Therefore, the security of the key is ensured, and the asymmetric key body is provided with two keys, wherein one of the two keys is public, so that the key of the other side is not required to be transmitted like a symmetric password, and the security is further improved.
In addition, the interaction between the background servers can carry out mutual authentication before communication, and the communication between the servers ensures that data cannot be intercepted.
In summary, when a user transfers money through an internet bank website, a link of identity authentication and electronic signature is entered, if the user is a mobile phone bank app user, the user can select to verify the user through a mobile phone bank, at the moment, a two-dimensional code is popped up from the website, the user scans the code by using the own mobile phone bank app, a verification page is opened on the mobile phone bank, the page prompts the user to perform identity authentication and electronic signature for transfer transaction, and prompts the information of the operation process and the information of the awareness in the operation process, and when the user completes verification at the mobile phone bank, the internet bank website synchronously obtains the information, and the identity authentication and the electronic signature of the user are completed. The scheme provided by the embodiment of the invention can sign the user operation by using the digital certificate stored in the mobile phone shield of the mobile phone bank, which is equivalent to changing the mobile phone bank into an electronic signature tool, so that the online bank transfer is more convenient, the inconvenience of carrying media is avoided, and the use scene of the online bank is expanded.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a transaction authentication device according to a third embodiment of the present invention. As shown in fig. 3, the apparatus includes:
an information receiving unit 310, configured to receive authentication application information from a transaction terminal, where the authentication application information corresponds to a single transaction initiated by the transaction terminal, and the authentication application information is used for transaction authentication of the transaction;
an information sending unit 320, configured to send the authentication application information to an external terminal, so that the external terminal performs an authentication signature on the authentication application information;
and the signature verification unit 330 is used for verifying the authentication signature and passing the transaction authentication when the verification is passed.
Optionally, the authentication application information includes the signature of the transaction terminal and the transaction information corresponding to the transaction, and correspondingly, the information sending unit 320 is configured to execute:
storing the transaction information and the signature of the transaction terminal and generating corresponding query parameters;
and sending the query parameter to the external terminal so that the external terminal acquires the transaction information and the signature of the transaction terminal according to the query parameter.
Optionally, the information sending unit 320, when executing sending the query parameter to the external terminal, executes:
generating verification information according to the query parameters;
and displaying the verification information through the transaction terminal so that the external terminal acquires the query parameters through the verification information.
Optionally, after receiving the authentication application information, the external terminal signs the authentication application information according to its own digital certificate; accordingly, the signature verification unit 330 is configured to perform:
receiving a signature result returned by the external terminal;
and checking the signature result, and passing the transaction authentication when the signature result passes the verification.
Optionally, the external terminal is configured to perform an authentication signature by one of the following methods: raw check label, raw check abstract, attached check label and Detached check label; correspondingly, the signature verification unit 330, when performing the signature verification on the signature result, performs:
determining an authentication signature mode of the external terminal;
and checking the signature according to the authentication signature mode.
Optionally, the external terminal is configured to encrypt the signature result through an asymmetric encryption algorithm; correspondingly, before verifying the signature result, the signature verification unit 330 is further configured to:
determining a public key of an asymmetric encryption algorithm used by the external terminal;
decrypting the encrypted signature result by the public key.
Optionally, after the transaction is authenticated when the verification passes, the signature verification unit 330 is further configured to perform:
generating prompt information representing that the transaction authentication passes;
and pushing the prompt information to the transaction terminal so that the transaction terminal displays the prompt information.
The transaction authentication device provided by the embodiment of the invention can execute the transaction authentication method provided by any embodiment of the invention, and has the corresponding functional module and beneficial effect of the execution method.
Example four
FIG. 4 illustrates a block diagram of an electronic device 10 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular phones, smart phones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 4, the electronic device 10 includes at least one processor 11, and a memory communicatively connected to the at least one processor 11, such as a Read Only Memory (ROM) 12, a Random Access Memory (RAM) 13, and the like, wherein the memory stores a computer program executable by the at least one processor, and the processor 11 can perform various suitable actions and processes according to the computer program stored in the Read Only Memory (ROM) 12 or the computer program loaded from a storage unit 18 into the Random Access Memory (RAM) 13. In the RAM 13, various programs and data necessary for the operation of the electronic apparatus 10 may also be stored. The processor 11, the ROM 12, and the RAM 13 are connected to each other via a bus 14. An input/output (I/O) interface 15 is also connected to bus 14.
A number of components in the electronic device 10 are connected to the I/O interface 15, including: an input unit 16 such as a keyboard, a mouse, or the like; an output unit 17 such as various types of displays, speakers, and the like; a storage unit 18 such as a magnetic disk, an optical disk, or the like; and a communication unit 19 such as a network card, modem, wireless communication transceiver, etc. The communication unit 19 allows the electronic device 10 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunication networks.
Processor 11 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The processor 11 performs the various methods and processes described above, such as a transaction authentication method.
In some embodiments, the transaction authentication method may be implemented as a computer program tangibly embodied in a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 10 via the ROM 12 and/or the communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the transaction authentication method described above may be performed. Alternatively, in other embodiments, the processor 11 may be configured to perform the transaction authentication method by any other suitable means (e.g. by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), system on a chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for implementing the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be performed. A computer program can execute entirely on a machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. A computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user may provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the Internet.
The computing system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service are overcome.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present invention may be executed in parallel, sequentially, or in different orders, and are not limited herein as long as the desired result of the technical solution of the present invention can be achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A transaction authentication method, comprising:
receiving authentication application information from a transaction terminal, wherein the authentication application information corresponds to a single transaction initiated by the transaction terminal and is used for transaction authentication of the transaction;
sending the authentication application information to an external terminal so that the external terminal can carry out authentication signature on the authentication application information;
and verifying the authentication signature, and passing the transaction authentication when the verification is passed.
2. The method according to claim 1, wherein the authentication application information includes a signature of the transaction terminal and transaction information corresponding to the transaction, and correspondingly, the sending the authentication application information to an external terminal includes:
storing the transaction information and the signature of the transaction terminal and generating corresponding query parameters;
and sending the query parameters to the external terminal so that the external terminal acquires the transaction information and the signature of the transaction terminal according to the query parameters.
3. The method of claim 2, wherein the sending the query parameters to the external terminal comprises:
generating verification information according to the query parameters;
and displaying the verification information through the transaction terminal so that the external terminal acquires the query parameters through the verification information.
4. The method according to claim 1, wherein the external terminal signs the authentication application information according to its own digital certificate after receiving the authentication application information; correspondingly, the verifying the authentication signature and the transaction authentication when the verification is passed comprises:
receiving a signature result returned by the external terminal;
and checking the signature result, and passing the transaction authentication when the signature result passes the verification.
5. The method of claim 4, wherein the external terminal is configured to authenticate the signature by one of: raw check label, raw check abstract, attached check label and Detached check label; correspondingly, the verifying the signature result includes:
determining an authentication signature mode of the external terminal;
and checking the signature according to the authentication signature mode.
6. The method of claim 4, wherein the external terminal is configured to encrypt the signature result by an asymmetric encryption algorithm; correspondingly, before the signature verification is performed on the signature result, the method further includes:
determining a public key of an asymmetric encryption algorithm used by the external terminal;
decrypting the encrypted signature result by the public key.
7. The method of claim 1, after said authenticating the transaction upon verification, further comprising:
generating prompt information representing that the transaction authentication passes;
and pushing the prompt information to the transaction terminal so that the transaction terminal displays the prompt information.
8. A transaction authentication device, comprising:
the information receiving unit is used for receiving authentication application information from a transaction terminal, wherein the authentication application information corresponds to a single transaction initiated by the transaction terminal, and the authentication application information is used for transaction authentication of the transaction;
an information sending unit, configured to send the authentication application information to an external terminal, so that the external terminal performs an authentication signature on the authentication application information;
and the signature verification unit is used for verifying the authentication signature and passing the transaction authentication when the authentication passes.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the transaction authentication method of any one of claims 1-7.
10. A computer-readable storage medium having stored thereon computer instructions for causing a processor to, when executed, implement the transaction authentication method of any one of claims 1-7.
CN202211352123.2A 2022-10-31 2022-10-31 Transaction authentication method, device, equipment and readable medium Pending CN115796865A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211352123.2A CN115796865A (en) 2022-10-31 2022-10-31 Transaction authentication method, device, equipment and readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211352123.2A CN115796865A (en) 2022-10-31 2022-10-31 Transaction authentication method, device, equipment and readable medium

Publications (1)

Publication Number Publication Date
CN115796865A true CN115796865A (en) 2023-03-14

Family

ID=85434702

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211352123.2A Pending CN115796865A (en) 2022-10-31 2022-10-31 Transaction authentication method, device, equipment and readable medium

Country Status (1)

Country Link
CN (1) CN115796865A (en)

Similar Documents

Publication Publication Date Title
US9444809B2 (en) Secure and efficient authentication using plug-in hardware compatible with desktops, laptops and/or smart mobile communication devices such as iPhones™
EP2859488B1 (en) Enterprise triggered 2chk association
JP6012125B2 (en) Enhanced 2CHK authentication security through inquiry-type transactions
US9799029B2 (en) Securely receiving data input at a computing device without storing the data locally
US20160063491A1 (en) Secure online transactions using a trusted digital identity
US20130290718A1 (en) Mobile storage device and the data processing system and method based thereon
CN101221641B (en) On-line trading method and its safety affirmation equipment
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
CN110740136B (en) Network security control method for open bank and open bank platform
WO2022078367A1 (en) Payment secret key encryption and decryption method, payment authentication method, and terminal device
CN112639856A (en) System and method for password authentication of contactless cards
CN110620763B (en) Mobile identity authentication method and system based on mobile terminal APP
CN101335754A (en) Method for information verification using remote server
CN115033923A (en) Method, device, equipment and storage medium for protecting transaction privacy data
CN110417557B (en) Intelligent terminal peripheral data security control method and device
KR101494838B1 (en) Account transfer method and system using transaction related otp
US10715497B1 (en) Digital safety box for secure communication between computing devices
CN110601836B (en) Key acquisition method, device, server and medium
CN104103132A (en) Mobile uKey [USB (universal serial bus) Key] and card-less cash withdrawal System and mobile uKey and card-less cash withdrawal method
TW201619880A (en) Network authentication method using card device
CN115796865A (en) Transaction authentication method, device, equipment and readable medium
WO2011060739A1 (en) Security system and method
CN102708491A (en) Trusted computing based novel USB (universal serial bus) Key device and safety transaction method thereof
CN201947283U (en) Security certificate device of Internet banking remote payment based on multi-interface safety smart card
US20240062198A1 (en) Security Chip for Digital Currency Storage, and Application Method for Security Chip for Digital Currency Storage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination