WO2014154058A1 - System and method for mobile identity authentication and payment - Google Patents

System and method for mobile identity authentication and payment Download PDF

Info

Publication number
WO2014154058A1
WO2014154058A1 PCT/CN2014/072000 CN2014072000W WO2014154058A1 WO 2014154058 A1 WO2014154058 A1 WO 2014154058A1 CN 2014072000 W CN2014072000 W CN 2014072000W WO 2014154058 A1 WO2014154058 A1 WO 2014154058A1
Authority
WO
WIPO (PCT)
Prior art keywords
temporary
authentication
verification
user
encoding
Prior art date
Application number
PCT/CN2014/072000
Other languages
French (fr)
Chinese (zh)
Inventor
陈大昭
Original Assignee
宝利数码有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宝利数码有限公司 filed Critical 宝利数码有限公司
Publication of WO2014154058A1 publication Critical patent/WO2014154058A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/385Payment protocols; Details thereof using an alias or single-use codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to a system for mobile identity authentication and payment, and more particularly to a system for fast mobile identity authentication and payment based on a telecommunications carrier. Background technique
  • the present invention is an identity authentication method, comprising the steps of: transmitting, by a mobile device, an authentication request, the authentication request including a user's setting; determining, according to the authentication request, the user's phone number; using the user's setting Determining and determining the phone number to generate a temporary code; and using the temporary code for identity authentication.
  • the temporary encoding includes conditional parameters to limit the identity authentication.
  • the condition parameters include the effective number and the effective time.
  • the effective number is used to define the number of times the temporary code can be used, and the effective time defines the usable time of the temporary code.
  • the identity authentication method of the present invention further includes encrypting the temporary encoding and storing the encrypted temporary encoding to the mobile device for multiple use. Subsequent steps of transmitting the authentication request, determining the telephone number, and generating the temporary code can be omitted, and the encrypted temporary code is used directly for identity authentication.
  • the identity authentication method of the present invention further includes the following steps: A unique identifier of the mobile device; the unique identifier is encrypted together with the temporary encoding to obtain an encrypted code, and the encrypted code is stored to the mobile device for multiple use; wherein the encrypted code can only be used by the mobile device.
  • the step of determining the user's telephone number in the identity authentication method of the present invention is performed using one of the following methods: (i) obtaining an internet protocol address of the mobile device, and then obtaining an address corresponding to the internet protocol from the telecommunications carrier (ii) reading the data of the subscriber identity module in the mobile device and determining the subscriber's telephone number based on the data; or (iii) obtaining the subscriber's telephone number from the header of the authentication request.
  • the step of using the temporary encoding for identity authentication in the identity authentication method of the present invention comprises: selecting a specific delivery mode to send the temporary encoding to the verification device; the verification device transmitting the verification data and the temporary encoding to the authentication server; the authentication server Check that the verification data and the temporary code are valid, and perform the following steps: (i) If both the verification data and the temporary code are valid, send the verification valid message and the user's phone number to the verification device; or (ii) if both the verification data and the temporary code are valid Valid, and the phone number in the verification data matches the phone number contained in the temporary code, sending a success message to the verification device; or (iii) if one or both of the verification data and the temporary code are invalid, or in the verification data
  • the telephone number does not match the telephone number included in the temporary code, and the failure information is sent to the verification device; and the verification device completes the identity authentication based on the received verification valid information and the telephone number or success information or failure information.
  • the particular mode of delivery includes barcodes, microwaves, and sound waves.
  • the identity authentication method of the present invention further includes generating a plurality of different temporary codes according to the needs of the user to perform identity authentication on different occasions.
  • the present invention is an identity authentication system, comprising: a mobile device to transmit an authentication request, the authentication request including a user's settings; (b) an authentication server to receive the authentication request and determine the user according to the authentication request Telephone number, the authentication server generates a temporary encoding using the user's settings and telephone number and transmits the temporary encoding to the mobile device; and a verification device; wherein the mobile device transmits the temporary encoding through a specific delivery method Go to the verification device for identity authentication.
  • the temporary encoding includes conditional parameters to limit identity authentication, and the conditional parameters include a valid number of times and a valid time, the effective number of times defines the number of times the temporary encoding is available, and the effective time defines the usable time of the temporary encoding.
  • the temporary encoding is encrypted and stored in the memory of the mobile device for multiple use and for fast authentication.
  • the identity authentication system of the present invention further includes a mobile subscriber data server of the telecommunications carrier to accept the challenge from the authentication server and return the subscriber's telephone number to the authentication server.
  • the verification device transmits the verification data and the temporary encoding to the authentication server
  • the authentication server checks whether the verification data and the temporary encoding are valid, and performs the following steps: (i) if both the verification data and the temporary encoding are valid, the transmission verification Valid information and the user's phone number to the verification device; or (ii) if both the verification data and the temporary code are valid, and the phone number in the verification data matches the phone number contained in the temporary code, the success message is sent to the verification device; or (iii) if one or both of the verification data and the temporary code are invalid, or the phone number in the verification data does not match the phone number contained in the temporary code, the failure message is sent to the verification device; and the verification device is based on the received verification Valid information and phone number or success or failure information completes identity authentication.
  • the particular mode of delivery includes barcodes, microwaves, and sound waves.
  • the present invention is a method for fast mobile payment, comprising the steps of: transmitting an authentication request by a mobile device, the authentication request including a setting of the user; determining a phone number of the user according to the authentication request; and obtaining the corresponding phone number User data and establish the identity of the user; use the user's settings and phone number to generate temporary encoding; and use temporary encoding for fast mobile payments.
  • the temporary encoding includes conditional parameters to limit fast mobile payments.
  • the condition parameters include: a valid number, which defines the number of times the temporary code can be used; a valid time, which defines the usable time of the temporary code; and a valid amount, which defines the temporary The usable amount of the code.
  • the method of fast mobile payment of the present invention further includes encrypting the temporary encoding and storing the encrypted temporary encoding to the mobile device for multiple use.
  • the subsequent steps of transmitting the authentication request, determining the user's telephone number, obtaining the user data corresponding to the telephone number, establishing the identity of the user, and generating the temporary encoding may be omitted, and the encrypted temporary code is directly used for fast mobile payment.
  • the method of fast mobile payment of the present invention further comprises: obtaining a unique identifier of the mobile device; encrypting the unique identifier together with the temporary encoding to obtain an encrypted code, and storing the encrypted code to the mobile device for Used multiple times; where the encryption code can only be used by the mobile device.
  • the step of using the temporary encoding for fast mobile payment in the method of fast mobile payment of the present invention comprises: selecting a specific delivery mode to transmit the temporary encoding to the verification device; and the verification device transmitting the verification data and the temporary encoding to the authentication server
  • the authentication server checks whether the verification data and the temporary code are valid, and performs the following steps: (i) If both the verification data and the temporary code are valid, the payment information is sent to the mobile operator's mobile user data server in the corresponding account of the user. Deduct the corresponding amount; or (ii) If one or both of the verification data and the temporary code are invalid, cancel the transaction and send the failure message to the verification device.
  • the particular delivery method includes barcodes, microwaves, and sound waves.
  • the present invention is a fast mobile payment system, comprising: a mobile device to transmit an authentication request, the authentication request including a user's setting; an authentication server to receive an authentication request and determine a user's phone based on the authentication request Number and the user data corresponding to the phone number and establish the identity of the user, the authentication server generates the temporary code using the user's settings and the phone number and transmits the temporary code to the mobile device; and the verification device; wherein the mobile device passes the specific delivery method A temporary code is sent to the verification device for fast mobile payment.
  • the invention has many advantages. First, after the temporary encoding is generated, the user can directly make Use it for quick certification or shopping, saving time and efficiency. Secondly, the establishment of the user identity is guaranteed by a third party (telecom company) and the security is improved. Temporary encoding can be bundled with a unique mobile device, not afraid of stealing temporary encoding. In addition, the user can additionally set the login password, which increases the flexibility of use and further enhances the security. Even if the mobile device is lost, there is no need to worry about the account being taken. Users can also customize different effective times, effective time and effective amount according to their needs to meet the different needs of different situations.
  • Figure 1 is a block diagram of an authentication system in one embodiment of the present invention.
  • Figure 2 shows a flow chart when a user authenticates using the authentication system of the present invention.
  • Figure 3 illustrates an authentication flow diagram of an authentication request provider side in one embodiment of the present invention.
  • Fig. 4 is a flow chart of the retailer side when performing mobile payment in an embodiment of the present invention. detailed description
  • an authentication system includes a mobile device 20, an authentication server 22, a mobile user data server 24, and a verification device 26, in accordance with an embodiment of the present invention.
  • the mobile device 20 includes all portable devices that have a Subscriber Identity Module (SIM card) built in and can be connected to the network, such as a mobile phone, a Personal Digital Assistant (PDA), and a tablet.
  • SIM card Subscriber Identity Module
  • PDA Personal Digital Assistant
  • the authentication server 22 is responsible for the authentication work, which receives the authentication request from the mobile device 20, and then determines the phone number of the mobile device 20 based on the characteristics of the authentication request. There are a number of methods that can be used to determine the phone number of the mobile device 20.
  • the authentication server 22 acquires an Internet Protocol address (IP address) of the mobile device 20 when receiving the authentication request of the mobile device 20, and then the authentication server 22 transmits the Internet Protocol address of the mobile device 20 to the telecommunications.
  • IP address Internet Protocol address
  • the mobile subscriber data server 24 of the operator also requests the mobile subscriber data server 24 to pair to provide the telephone number and subscriber data corresponding to the internet protocol address.
  • the mobile operator's mobile subscriber data server 24 stores the mobile subscriber's personal information, including his/her name, address, mobile phone number, account number, account balance, and the like.
  • the mobile subscriber data server 24 also stores a map of Internet Protocol addresses that record the mobile phone number corresponding to the particular Mobile Internet Protocol address, and the corresponding subscriber can also be determined based on the determined telephone number. Because each mobile phone number is bundled with a unique mobile internet protocol address, the identity of the user identified by this method is true and unique, and is guaranteed by a third party (telecom company).
  • the authentication server 22 uses the resulting phone number along with the user settings data contained in the authentication request to generate a temporary code that can be encrypted and sent to the mobile device 20 for authentication. Thereafter, the mobile device 20 transmits the temporary encoding to the verification device 26 by a specific delivery method, and the verification device 26 transmits the received temporary encoding along with the necessary additional related data to the authentication server 22 to complete the authentication.
  • the verification device 26 is provided in a related mechanism that requires authentication, and has the ability to communicate with the mobile device 20 by a specific delivery method.
  • the specific delivery mode includes all delivery modes supported by the mobile device 20, such as barcode, microwave, and sound waves, including fast response matrix code, near field communication (NFC), Bluetooth, infrared, wireless fidelity (Wi-Fi), and radio frequency. Identification (RFID) and so on.
  • the verification device 26 may be a company's punch card machine, an exhibition sign-in machine, a club door opening device, a payment verification machine, and the like.
  • the authentication process of the present invention mainly relates to data processing between a user (mobile device 20) requiring authentication and a certification request provider (verification device 26), and includes a third party (telecom company) guaranteeing the identity of the user.
  • Figure 2 illustrates a flow chart when a user authenticates using the authentication system of the present invention. The user starts the authentication process from step 28, and in step 30, the user first opens the mobile device 20 for installation. A specific application on the computer, or through the network function of the mobile device 20, to a specific website. The particular application connects the user to the authentication server 22 via a data communication network, and the particular website is also hosted by the authentication server 22.
  • Data communication networks include General Packet Radio Service (GPRS), Third Generation Mobile Communication Technology (3G), and Fourth Generation Mobile Communication Technology (4G).
  • the user sends an authentication request to the authentication server 22 via the mobile device 20 in a specific application or a specific website.
  • the authentication request includes the user's setting data, and the setting data includes the user-defined authentication effective number and effective time.
  • the authentication server 22 obtains the user's data through different methods. One of the methods is to obtain the user's data by obtaining the Internet Protocol address of the mobile device 20 and asking the mobile user data server 24 as described above.
  • the mobile user data server 24 passes the user data, including the telephone number, back to the authentication server 22.
  • the authentication server 22 receives the user's data in step 34 and the identity of the user is determined.
  • the authentication server 22 stores the user's data in a database, and then generates a temporary code using the phone number and the user's setting data, the temporary code including condition parameters such as the effective number and the effective time, and the effective number defines the temporary code.
  • the number of times that can be used, and the effective time defines the usable time of the temporary code.
  • the effective number and effective time of temporary coding are determined by the user according to their needs. If the user often needs to perform the authentication action, he/she can set the effective number of times, such as 10 times. On the contrary, if the user feels it is necessary or for security For reasons, he/she can set the temporary encoding to be used only once, and the temporary encoding will become invalid after the first use, even if others get it.
  • the effective time of the temporary encoding limits the scope of use of the temporary encoding.
  • the user can set the temporary encoding to be valid only for a certain period of time, such as one day, one week or one month, exceeding the effective time, even if the temporary encoding is still The number of remaining valid times, the temporary encoding will also become invalid, which greatly improves security.
  • the authentication server 22 transmits it to the mobile device 20.
  • the mobile device 20 is configured with a memory to store temporary encodings, based on the number of times the temporary encoding is valid and valid Time, temporary coding can be used multiple times.
  • the temporary encoding is first encrypted and then stored in the memory of the mobile device 20 for increased security.
  • the encryption process can be performed at the authentication server 22 or at the mobile device 20.
  • the mobile device 20 decrypts the temporary code using appropriate means.
  • the authentication system of the present invention can obtain a unique identifier for the mobile device 20, then encrypt the unique identifier along with the temporary encoding to obtain an encrypted encoding, and authenticate using the encrypted encoding.
  • the encryption code can be stored in the memory of the mobile device 20 for multiple use. Likewise, the encryption process can be performed at the authentication server 22 or the mobile device 20.
  • the system decrypts it first, then compares the decrypted unique identifier with the unique identifier of the mobile device 20, and only performs the next step if the two identifiers are the same. Actions. If the two identifiers are not the same, it proves that the encryption code has been stolen, and the system will reject the authentication request.
  • the encryption code can only be used by the unique mobile device 20, since each mobile device 20 has a unique identifier and the security is thus further enhanced.
  • step 38 the user transmits the temporary encoding to the verification device 26 using the mobile device 20 and selecting a particular delivery method. After the temporary encoding is sent, the authentication procedure on the user side has been completed, and the program ends, step 40. The user only needs to perform steps 28, 30, 32, 34 and 36 when generating the temporary code for the first time. After the temporary encoding is generated, the user can omit the steps described above and jump directly to step 38 to authenticate using the temporary encoding stored in the mobile device 20.
  • the mobile device 20 does not need to be connected to the network, and does not need to transmit redundant data or perform complicated program processing to complete the authentication action, thereby eliminating cumbersome operations and saving time. Convenient and secure.
  • the user does not need to input personal information when logging into the system of the present invention, and does not need to input a username and password to determine the identity of the user as in the prior art.
  • the system obtains the user's personal data through the support of a third party (telecom company) to determine the identity of the user in the system.
  • a third party telecom company
  • Another party that gets user information The method is to first determine the telephone number of the user's mobile device 20, then pass the determined telephone number to the mobile subscriber data server 24 and request it to return user data corresponding to the telephone number.
  • the mobile subscriber data server 24 pairs the telephone number by way of a mapping table and then transmits the resulting subscriber data to the authentication server 22 to allow the system of the present invention to establish the identity of the subscriber.
  • the method of determining the phone number of the mobile device 20 may be: reading data of the user identity module in the mobile device 20, and then determining its phone number based on the data; or obtaining the header of the authentication request issued by the mobile device 20
  • the user's phone number Therefore, the system login of the present invention does not require the user to input personal data, and others cannot imitate the identity of the user to log into the system because the user's data is provided by the telecommunications company.
  • the user's mobile phone number can be thought of as a hidden username.
  • users can set a login password after the system has determined its identity. Then, the next time the user logs in to the system, they need to pass the verification of the telecommunications company and enter the correct password to log in successfully.
  • the user can simultaneously generate a plurality of different temporary encodings for authentication using different temporary encodings in different combinations, increasing flexibility.
  • the certification request provider begins the authentication process at step 42.
  • the certification request provider is an organization that needs to confirm the identity of the user. It can be the organizer of the exhibition, the company or the private club that asks the employee to sign in.
  • the authentication request provider uses the verification device 26 for authentication. Typically, the verification device 26 is directly connected to the Internet to perform authentication operations at any time.
  • the verification device 26 receives the temporary code transmitted by the mobile device 20, after which the verification device 26 transmits the temporary code along with the verification data to the authentication server 22.
  • the verification data includes information of the certification request provider, including the institution name, the institution registration code, and the authentication details.
  • the certification request provider needs to register in advance to use the system for authentication, and the registration system can use the authentication system of the present invention. After registration, the certification request provider will get the agency The registration code is used by the system to identify its identity.
  • the authentication server 22 receives the temporary encoding and verification data transmitted by the verification device 26, and the authentication server 22 first verifies the validity of the temporary encoding, such as the effective number of times and the effective time contained therein. If the temporary encoding is valid, the authentication process proceeds to step 48, otherwise proceeds to step 58.
  • the authentication server 22 sends a failure message to the authentication device 26 of the authentication request provider, and the verification device 26 then determines that the authentication has failed, ending the authentication process, step 62.
  • the authentication server 22 verifies at step 48 whether the authentication request provider is valid, primarily to verify that the authentication request provider has a valid institution registration code. If the authentication request provider has previously registered, the authentication server 22 stores the valid institution registration code of the authentication request provider, and the pairing method can determine whether the authentication request provider is valid. If the result is invalid, proceeding to step 60, the authentication server 22 transmits the failure information to the authentication device 26 of the authentication request provider, and the verification device 26 then determines that the authentication has failed, and ends the authentication process, step 62. If the authentication request provider is valid, proceed to step 54 or step 50.
  • the verification data sent by the verification device 26 will include the user's telephone number, and the authentication server 22 will proceed to step 50 instead of step 54.
  • the authentication server 22 determines the user's telephone number from the temporary code, which compares it with the telephone number sent by the verification device 26. If the results match, step 52 is performed, otherwise step 64 is performed.
  • the authentication server 22 sends a success message to the authentication device 26 of the authentication request provider, the authentication is successful, and the process ends at step 62.
  • the certification request provider did not obtain any data from the user beforehand, but it stored some of the personal data of its own members, including the phone number, by some means.
  • the authentication data transmitted by the verification device 26 does not include the user's telephone number, and the authentication server 22 thus proceeds to step 54 instead of step 50.
  • the authentication server 22 transmits the verification valid information and the telephone number of the user to the authentication device 26 of the authentication request provider.
  • Certification request provider's test The card device 26 will pair the obtained phone number with its stored data table in step 56.
  • the data table contains the phone number
  • the user is a member of the organization, the identity is determined, the authentication is successful, and the program is in the step. 62 ends.
  • the phone number is not included in the data table, the certificate fails and the program ends.
  • the authentication system of the present invention has been described in detail above and can be used for different occasions and for different purposes, such as signing in, entering a facility, attending a conference, and the like.
  • the application of mobile payment ie, consumer shopping
  • the main principles and procedures for the application of mobile payment are basically the same as those described above, except that the steps are partially increased or decreased.
  • the fast mobile payment system requires the same hardware configuration as the authentication system. As shown in Fig. 1, it includes a mobile device 20, an authentication server 22, a mobile user data server 24, and an authentication device 26.
  • the authentication request provider is a retailer
  • the verification device 26 is usually a payment request terminal.
  • the authentication server 22 is responsible for the central settlement of the transaction in addition to the authentication work.
  • the process by which a user uses temporary coding for consumption is essentially the same as the process of authentication, as shown in Figure 2. The difference is that the user can set the available amount and the usable time, such as 100 yuan, 500 yuan or more.
  • the conditional parameters of the temporary encoding include the effective number, the effective time, and the effective amount, and the effective amount defines the usable amount of the temporary encoding.
  • the amount you can use will be reduced.
  • the amount you need to pay is greater than the usable amount, the transaction will be rejected.
  • the user data obtained by the authentication server 22 includes the usable amount of the user's telecommunications company account.
  • the system returns an error message, and the temporary encoding is not generated. End. If the effective amount set by the user is less than the usable amount, the program proceeds as usual and steps 34, 36, 38 and 40 are performed.
  • FIG. 4 is zero when making mobile payments
  • the payment process begins at step 66, and then, at step 68, the retailer's verification device 26 (i.e., payment requesting terminal) receives the temporary encoding from the mobile device 20, along with the verification data, to the authentication server 22, wherein the verification data includes the payment request And the payment amount.
  • the retailer's verification device 26 i.e., payment requesting terminal
  • step 70 when the authentication server 22 verifies the temporary encoding, in addition to checking the validity of the effective number and the effective time, it is also necessary to check the validity of the effective amount. If one of the number of valid times, the effective time, and the effective amount fails the test, step 78 is performed, the authentication server 22 sends a failure message to the verification device 26 of the retailer, the transaction is aborted, and the process ends at step 82. Conversely, if the validity test is passed, then step 72 is performed, which is the same as step 48 of the authentication system, the operation is the same, the detailed description has been described above, and will not be repeated here.
  • step 80 the authentication server 22 sends a failure message to the retailer's verification device 26, the transaction is aborted, and the process ends at step 82. If the authentication request provider is valid, proceed to step 74.
  • step 74 the authentication server 22 determines the user's phone number by temporary encoding by means of imaging or the like, and then sends the payment information to the mobile operator's mobile user data server 24, the payment information including the user. Phone number, payment amount, etc.
  • step 76 the mobile user data server 24 pairs the phone number sent by the authentication server 22 with the stored user data, finds the corresponding user, and verifies other data in the payment information, and finally deducts the corresponding account in the account corresponding to the user. Amount.
  • the mobile user data server 24 sends the confirmation information to the authentication server 22.
  • the authentication server 22 updates the user's data, such as the used amount, and finally sends the payment success information to the retailer's verification device. 26, to end the program, step 82.
  • the user uses the mobile payment of the present invention for consumption, and the used account port is the user's mobile phone account account port, and the amount of consumption is directly displayed in the user's mobile phone bill.
  • the user can purchase the mobile phone recharge card to recharge anytime and anywhere to increase the flexibility of the payment.
  • the mobile payment system provides feedback information to the user after the payment is completed.
  • the retailer's verification device 26 can transmit the feedback information to the user's mobile device 20 through a specific delivery method (such as near field communication), and the feedback information includes Shopping discounts, sweepstakes and personal special treats.
  • the user can store the feedback information in the mobile device 20 to use the offer for the next purchase.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Disclosed are a system and method for fast mobile identity authentication based on a telecommunications carrier, the method comprising the following steps: transmitting an authentication request via a mobile device (20), the authentication request containing user settings; determining the phone number of the user according to the authentication request; generating a temporary code by using the user settings and the determined phone number; and using the temporary code for identity authentication. Also disclosed is an embodiment of applying the identity authentication system to mobile payment. The system is efficient, timesaving, and secure.

Description

移动身份认证及支付的方法和系统 技术领域  Method and system for mobile identity authentication and payment
本发明涉及一种移动身份认证及支付的系统,特别是一种基于电 讯营运商的快速移动说身份认证及支付的系统。 背景技术  The present invention relates to a system for mobile identity authentication and payment, and more particularly to a system for fast mobile identity authentication and payment based on a telecommunications carrier. Background technique
在现实生活中,人们在不同的场合都需要进行各种不同的认证以 确认身份, 例如: 参加会议和进行消费等。 但是, 过多的通行证或证 件会造成携带上的不便, 而且认证的过程繁瑣, 花费时间。 此外, 现 有技术的认证方法往往存在安全性的问题,容易发生个人资料外泄的 后果, 特别是在进行消费的时候。 书 发明内容  In real life, people need different certifications to identify themselves on different occasions, such as: attending meetings and making consumption. However, excessive passes or documents can cause inconvenience in carrying, and the authentication process is cumbersome and time consuming. In addition, existing technology certification methods often have security problems, which are prone to the consequences of personal data leakage, especially when making consumption. Book content
鉴于前述背景, 本发明的目的是提供一种方便、 快速并安全的移 动认证系统。  In view of the foregoing background, it is an object of the present invention to provide a mobile authentication system that is convenient, fast and secure.
在一方面, 本发明是一种身份认证方法, 其包括以下步骤: 通过 移动设备传送认证请求, 该认证请求包含用户的设定; 根据该认证请 求确定所述用户的电话号码;使用用户的设定和确定的电话号码产生 临时编码; 以及使用该临时编码进行身份认证。  In one aspect, the present invention is an identity authentication method, comprising the steps of: transmitting, by a mobile device, an authentication request, the authentication request including a user's setting; determining, according to the authentication request, the user's phone number; using the user's setting Determining and determining the phone number to generate a temporary code; and using the temporary code for identity authentication.
在本发明的一个实施例, 临时编码包括条件参数, 以限制所述身 份认证。 而条件参数包括有效次数和有效时间, 有效次数用来定义临 时编码的可使用次数, 有效时间则定义了临时编码的可使用时间。  In one embodiment of the invention, the temporary encoding includes conditional parameters to limit the identity authentication. The condition parameters include the effective number and the effective time. The effective number is used to define the number of times the temporary code can be used, and the effective time defines the usable time of the temporary code.
在另一个实施中,本发明的身份认证方法还包括加密所述临时编 码并把加密后的临时编码储存到所述移动设备, 以供多次使用。 其后 传送认证请求、确定电话号码和产生临时编码等步骤可以省略, 而直 接使用加密后的临时编码快速地进行身份认证。  In another implementation, the identity authentication method of the present invention further includes encrypting the temporary encoding and storing the encrypted temporary encoding to the mobile device for multiple use. Subsequent steps of transmitting the authentication request, determining the telephone number, and generating the temporary code can be omitted, and the encrypted temporary code is used directly for identity authentication.
在进一个实施中, 本发明的身份认证方法还包括以下步骤: 取得 移动设备的唯一标识符;把该唯一标识符和临时编码一起加密得到加 密编码, 并把加密编码储存到移动设备, 以供多次使用; 其中加密编 码只可由该移动设备使用。 In an implementation, the identity authentication method of the present invention further includes the following steps: A unique identifier of the mobile device; the unique identifier is encrypted together with the temporary encoding to obtain an encrypted code, and the encrypted code is stored to the mobile device for multiple use; wherein the encrypted code can only be used by the mobile device.
在另一个实施例,本发明的身份认证方法中确定用户电话号码的 步骤使用以下方法之一来进行: (i ) 获得移动设备的互联网协议地 址,然后从电讯营运商取得对应于该互联网协议地址的电话号码;(ii ) 读取移动设备中的用户身份模块的数据并基于该数据确定用户的电 话号码; 或 (iii ) 从认证请求的标头获得用户的电话号码。  In another embodiment, the step of determining the user's telephone number in the identity authentication method of the present invention is performed using one of the following methods: (i) obtaining an internet protocol address of the mobile device, and then obtaining an address corresponding to the internet protocol from the telecommunications carrier (ii) reading the data of the subscriber identity module in the mobile device and determining the subscriber's telephone number based on the data; or (iii) obtaining the subscriber's telephone number from the header of the authentication request.
在一个实施例中,本发明的身份认证方法中使用临时编码进行身 份认证的步骤包括: 选择特定的传递方式发送临时编码到验证装置; 验证装置把验证数据和临时编码传送到认证服务器;认证服务器检查 验证数据和临时编码是否有效, 并执行以下步骤: (i ) 如果验证数 据和临时编码都有效,发送验证有效信息和用户的电话号码到验证装 置; 或 (ii ) 如果验证数据和临时编码都有效, 并且验证数据中的电 话号码与临时编码中包含的电话号码相匹配,发送成功信息到验证装 置; 或 (iii ) 如果验证数据和临时编码中的一个或两个无效,或验证 数据中的电话号码与临时编码中包含的电话号码不匹配,发送失败信 息到验证装置; 以及验证装置根据接收到的验证有效信息和电话号码 或成功信息或失败信息完成身份认证。  In an embodiment, the step of using the temporary encoding for identity authentication in the identity authentication method of the present invention comprises: selecting a specific delivery mode to send the temporary encoding to the verification device; the verification device transmitting the verification data and the temporary encoding to the authentication server; the authentication server Check that the verification data and the temporary code are valid, and perform the following steps: (i) If both the verification data and the temporary code are valid, send the verification valid message and the user's phone number to the verification device; or (ii) if both the verification data and the temporary code are valid Valid, and the phone number in the verification data matches the phone number contained in the temporary code, sending a success message to the verification device; or (iii) if one or both of the verification data and the temporary code are invalid, or in the verification data The telephone number does not match the telephone number included in the temporary code, and the failure information is sent to the verification device; and the verification device completes the identity authentication based on the received verification valid information and the telephone number or success information or failure information.
在另一个实施例, 特定的传递方式包括条形码、 微波和声波。 本 发明的身份认证方法还包括根据用户的需要产生多个不同的临时编 码, 以在不同场合进行身份认证。  In another embodiment, the particular mode of delivery includes barcodes, microwaves, and sound waves. The identity authentication method of the present invention further includes generating a plurality of different temporary codes according to the needs of the user to perform identity authentication on different occasions.
在另一方面, 本发明是一种身份认证系统, 其包括: 移动设备, 以传送认证请求, 该认证请求包含用户的设定; (b ) 认证服务器, 以接收认证请求并根据认证请求确定用户的电话号码,认证服务器使 用用户的设定和电话号码产生临时编码并把临时编码发送到移动设 备; 以及验证装置; 其中移动设备通过特定的传递方式发送临时编码 到验证装置, 以进行身份认证。 In another aspect, the present invention is an identity authentication system, comprising: a mobile device to transmit an authentication request, the authentication request including a user's settings; (b) an authentication server to receive the authentication request and determine the user according to the authentication request Telephone number, the authentication server generates a temporary encoding using the user's settings and telephone number and transmits the temporary encoding to the mobile device; and a verification device; wherein the mobile device transmits the temporary encoding through a specific delivery method Go to the verification device for identity authentication.
在一个实施例中, 临时编码包括条件参数, 以限制身份认证, 而 条件参数包括有效次数和有效时间,有效次数定义了临时编码的可使 用次数, 有效时间定义了临时编码的可使用时间。  In one embodiment, the temporary encoding includes conditional parameters to limit identity authentication, and the conditional parameters include a valid number of times and a valid time, the effective number of times defines the number of times the temporary encoding is available, and the effective time defines the usable time of the temporary encoding.
在另一个实施例, 临时编码被加密并储存在移动设备的存储器, 以供多次使用并快速地进行身份认证。  In another embodiment, the temporary encoding is encrypted and stored in the memory of the mobile device for multiple use and for fast authentication.
在另一个实施例,本发明的身份认证系统还包括电讯营运商的移 动用户数据服务器,以接受来自认证服务器的询问并返回用户的电话 号码到认证服务器。  In another embodiment, the identity authentication system of the present invention further includes a mobile subscriber data server of the telecommunications carrier to accept the challenge from the authentication server and return the subscriber's telephone number to the authentication server.
在进一个实施例,验证装置把验证数据和临时编码传送到认证服 务器, 认证服务器检查该验证数据和临时编码是否有效, 并执行以下 步骤: (i ) 如果验证数据和临时编码都有效, 发送验证有效信息和 用户的电话号码到验证装置; 或(ii ) 如果验证数据和临时编码都有 效, 并且验证数据中的电话号码与临时编码中包含的电话号码相匹 配, 发送成功信息到验证装置; 或 (iii ) 如果验证数据和临时编码 中的一个或两个无效,或验证数据中的电话号码与临时编码中包含的 电话号码不匹配, 发送失败信息到验证装置; 以及验证装置根据接收 到的验证有效信息和电话号码或成功信息或失败信息完成身份认证。  In an embodiment, the verification device transmits the verification data and the temporary encoding to the authentication server, the authentication server checks whether the verification data and the temporary encoding are valid, and performs the following steps: (i) if both the verification data and the temporary encoding are valid, the transmission verification Valid information and the user's phone number to the verification device; or (ii) if both the verification data and the temporary code are valid, and the phone number in the verification data matches the phone number contained in the temporary code, the success message is sent to the verification device; or (iii) if one or both of the verification data and the temporary code are invalid, or the phone number in the verification data does not match the phone number contained in the temporary code, the failure message is sent to the verification device; and the verification device is based on the received verification Valid information and phone number or success or failure information completes identity authentication.
在另一个实施例, 特定的传递方式包括条形码、 微波和声波。 另一方面,本发明是一种快速移动支付的方法,其包括以下步骤: 通过移动设备传送认证请求, 该认证请求包含用户的设定; 根据认证 请求确定用户的电话号码;获取该电话号码对应的用户数据并确立用 户的身份; 使用用户的设定和电话号码产生临时编码; 以及使用临时 编码进行快速移动支付。  In another embodiment, the particular mode of delivery includes barcodes, microwaves, and sound waves. In another aspect, the present invention is a method for fast mobile payment, comprising the steps of: transmitting an authentication request by a mobile device, the authentication request including a setting of the user; determining a phone number of the user according to the authentication request; and obtaining the corresponding phone number User data and establish the identity of the user; use the user's settings and phone number to generate temporary encoding; and use temporary encoding for fast mobile payments.
在一个实施例中,临时编码包括条件参数,以限制快速移动支付。 该条件参数包括: 有效次数, 其定义了临时编码的可使用次数; 有效 时间, 其定义了临时编码的可使用时间; 和有效金额, 其定义了临时 编码的可使用金额。 In one embodiment, the temporary encoding includes conditional parameters to limit fast mobile payments. The condition parameters include: a valid number, which defines the number of times the temporary code can be used; a valid time, which defines the usable time of the temporary code; and a valid amount, which defines the temporary The usable amount of the code.
在另一个实施例,本发明的快速移动支付的方法还包括加密临时 编码并把加密后的临时编码储存到移动设备, 以供多次使用。 其后传 送认证请求、 确定用户的电话号码、 获取该电话号码对应的用户数据 并确立用户的身份以及产生临时编码等步骤可以省略,而直接使用加 密后的临时编码进行快速移动支付。  In another embodiment, the method of fast mobile payment of the present invention further includes encrypting the temporary encoding and storing the encrypted temporary encoding to the mobile device for multiple use. The subsequent steps of transmitting the authentication request, determining the user's telephone number, obtaining the user data corresponding to the telephone number, establishing the identity of the user, and generating the temporary encoding may be omitted, and the encrypted temporary code is directly used for fast mobile payment.
在另一个实施例, 本发明的快速移动支付的方法还包括: 取得移 动设备的唯一标识符;把该唯一标识符和临时编码一起加密得到加密 编码, 并把加密编码储存到移动设备, 以供多次使用; 其中加密编码 只可由该移动设备使用。  In another embodiment, the method of fast mobile payment of the present invention further comprises: obtaining a unique identifier of the mobile device; encrypting the unique identifier together with the temporary encoding to obtain an encrypted code, and storing the encrypted code to the mobile device for Used multiple times; where the encryption code can only be used by the mobile device.
在另一个实施例,本发明的快速移动支付的方法中使用临时编码 进行快速移动支付的步骤包括: 选择特定的传递方式发送临时编码 到验证装置; 验证装置把验证数据和临时编码传送到认证服务器; 认 证服务器检查验证数据和临时编码是否有效, 并执行以下步骤: (i ) 如果验证数据和临时编码都有效,发送付款信息到电讯营运商的移动 用户数据服务器, 以在该用户的相应账户中扣除相应的金额; 或(ii ) 如果验证数据和临时编码中的一个或两个无效,取消交易并发送失败 信息到验证装置。  In another embodiment, the step of using the temporary encoding for fast mobile payment in the method of fast mobile payment of the present invention comprises: selecting a specific delivery mode to transmit the temporary encoding to the verification device; and the verification device transmitting the verification data and the temporary encoding to the authentication server The authentication server checks whether the verification data and the temporary code are valid, and performs the following steps: (i) If both the verification data and the temporary code are valid, the payment information is sent to the mobile operator's mobile user data server in the corresponding account of the user. Deduct the corresponding amount; or (ii) If one or both of the verification data and the temporary code are invalid, cancel the transaction and send the failure message to the verification device.
在进一个实施例, 特定的传递方式包括条形码、 微波和声波。 另外一方面, 本发明是一种快速移动支付的系统, 其包括: 移动 设备, 以传送认证请求, 该认证请求包含用户的设定; 认证服务器, 以接收认证请求并根据认证请求确定用户的电话号码和获取该电话 号码对应的用户数据并确立用户的身份,认证服务器使用用户的设定 和电话号码产生临时编码并把临时编码发送到移动设备; 以及验证装 置; 其中移动设备通过特定的传递方式发送临时编码到验证装置, 以 进行快速移动支付。  In one embodiment, the particular delivery method includes barcodes, microwaves, and sound waves. In another aspect, the present invention is a fast mobile payment system, comprising: a mobile device to transmit an authentication request, the authentication request including a user's setting; an authentication server to receive an authentication request and determine a user's phone based on the authentication request Number and the user data corresponding to the phone number and establish the identity of the user, the authentication server generates the temporary code using the user's settings and the phone number and transmits the temporary code to the mobile device; and the verification device; wherein the mobile device passes the specific delivery method A temporary code is sent to the verification device for fast mobile payment.
本发明具有很多优点。 首先, 在临时编码产生后, 用户可直接使 用其进行快速认证或购物, 方便省时且高效率。 其次, 用户身份的确 立由第三方(电讯公司)保证, 安全性得到提高。 临时编码可与唯一 的移动设备捆绑在一起, 不怕别人盗取临时编码。 另外, 用户可额外 设定登入密码, 增加了使用的弹性并进一步加强了安全性, 即使移动 设备遗失了也不用担心账户被取用。用户还可以根据自身需要, 自定 义不同的有效次数、 有效时间和有效金额, 以满足不同情况的不同需 要。 The invention has many advantages. First, after the temporary encoding is generated, the user can directly make Use it for quick certification or shopping, saving time and efficiency. Secondly, the establishment of the user identity is guaranteed by a third party (telecom company) and the security is improved. Temporary encoding can be bundled with a unique mobile device, not afraid of stealing temporary encoding. In addition, the user can additionally set the login password, which increases the flexibility of use and further enhances the security. Even if the mobile device is lost, there is no need to worry about the account being taken. Users can also customize different effective times, effective time and effective amount according to their needs to meet the different needs of different situations.
再者, 本发明的灵活性高, 只要根据不同的使用方法相应地对其 中的步骤作出微调, 即可应用到不同的范畴。 附图说明  Furthermore, the flexibility of the present invention is high, and it can be applied to different categories as long as the steps in the steps are fine-tuned according to different usage methods. DRAWINGS
参照本说明书的余下部分和附图可以对本发明的性能和优点作 进一步的理解。  The performance and advantages of the present invention will be further understood by reference to the remainder of the specification and the accompanying drawings.
图 1是本发明一个实施例中认证系统的方框图。  BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a block diagram of an authentication system in one embodiment of the present invention.
图 2展示了用户使用本发明的认证系统进行认证时的流程图。 图 3展示了本发明的一个实施例中认证要求提供者一方的认证流 程图。  Figure 2 shows a flow chart when a user authenticates using the authentication system of the present invention. Figure 3 illustrates an authentication flow diagram of an authentication request provider side in one embodiment of the present invention.
图 4是本发明的一个实施例中进行移动支付时零售商一方的流程 图。 具体实施方式  Fig. 4 is a flow chart of the retailer side when performing mobile payment in an embodiment of the present invention. detailed description
如图 1所述, 根据本发明的一个实施例, 认证系统包括移动设备 20、 认证服务器 22、 移动用户数据服务器 24 和验证装置 26。 移动设 备 20包括所有内置有用户身份模块(Subscriber Identity Module, 即 SIM卡) 并可连接到网络的手提装置, 例如手机、 个人数码助理 ( Personal Digital Assistant, 即 PDA )和平板电脑等。 认证服务器 22 负责进行认证的工作, 其接收来自移动设备 20的认证请求, 然后根据 认证请求的特征确定该移动设备 20的电话号码。有多种方法可以用来 确定移动设备 20的电话号码,在本发明的一个实施例,使用以下方法: 首先,认证服务器 22在接收到移动设备 20的认证请求时获取该移动设 备 20的互联网协议地址(Internet Protocol address, 即 IP address ), 然 后认证服务器 22把该移动设备 20的互联网协议地址传送到电讯营运 商的移动用户数据服务器 24并要求移动用户数据服务器 24进行配对, 从而提供所述互联网协议地址对应的电话号码和用户数据。电讯营运 商的移动用户数据服务器 24储存有移动用户的个人资料, 包括其姓 名、 住址、 移动电话号码、 帐户号码、 帐户结余等等。 移动用户数据 服务器 24还储存有互联网协议地址的映像表,该映像表记载了特定的 移动互联网协议地址相对应的移动电话号码, 根据确定的电话号码, 相应的用户也能被确定。因为每个移动电话号码与一个唯一的移动互 联网协议地址捆绑在一起, 通过此方法确定的用户身份是真确的, 也 是唯一的, 并且得到了第三方 (电讯公司) 的保证。 认证服务器 22 使用得到的电话号码连同包含在认证请求中的用户设定数据来产生 一个临时编码,该临时编码可以经过加密并发送到移动设备 20以进行 认证。 其后, 移动设备 20通过特定的传递方式发送临时编码到验证装 置 26,验证装置 26把接收到的临时编码连同必要的额外相关数据传输 到认证服务器 22以完成认证。验证装置 26设置在需要进行认证的相关 机构, 其具备通过特定传递方式与移动设备 20通信的能力。 所述特定 传递方式包括移动设备 20支持的所有传递方式, 如条形码、 微波、 声 波, 具体包括快速响应矩阵码、 近场通讯(NFC )、 蓝牙、 红外线、 无线保真(Wi-Fi )和射频识别 (RFID ) 等等。 验证装置 26可以是公 司的打卡机、 展览的签到机、 会所的开门装置和付款验证机等。 As described in FIG. 1, an authentication system includes a mobile device 20, an authentication server 22, a mobile user data server 24, and a verification device 26, in accordance with an embodiment of the present invention. The mobile device 20 includes all portable devices that have a Subscriber Identity Module (SIM card) built in and can be connected to the network, such as a mobile phone, a Personal Digital Assistant (PDA), and a tablet. The authentication server 22 is responsible for the authentication work, which receives the authentication request from the mobile device 20, and then determines the phone number of the mobile device 20 based on the characteristics of the authentication request. There are a number of methods that can be used to determine the phone number of the mobile device 20. In one embodiment of the invention, the following method is used: First, the authentication server 22 acquires an Internet Protocol address (IP address) of the mobile device 20 when receiving the authentication request of the mobile device 20, and then the authentication server 22 transmits the Internet Protocol address of the mobile device 20 to the telecommunications. The mobile subscriber data server 24 of the operator also requests the mobile subscriber data server 24 to pair to provide the telephone number and subscriber data corresponding to the internet protocol address. The mobile operator's mobile subscriber data server 24 stores the mobile subscriber's personal information, including his/her name, address, mobile phone number, account number, account balance, and the like. The mobile subscriber data server 24 also stores a map of Internet Protocol addresses that record the mobile phone number corresponding to the particular Mobile Internet Protocol address, and the corresponding subscriber can also be determined based on the determined telephone number. Because each mobile phone number is bundled with a unique mobile internet protocol address, the identity of the user identified by this method is true and unique, and is guaranteed by a third party (telecom company). The authentication server 22 uses the resulting phone number along with the user settings data contained in the authentication request to generate a temporary code that can be encrypted and sent to the mobile device 20 for authentication. Thereafter, the mobile device 20 transmits the temporary encoding to the verification device 26 by a specific delivery method, and the verification device 26 transmits the received temporary encoding along with the necessary additional related data to the authentication server 22 to complete the authentication. The verification device 26 is provided in a related mechanism that requires authentication, and has the ability to communicate with the mobile device 20 by a specific delivery method. The specific delivery mode includes all delivery modes supported by the mobile device 20, such as barcode, microwave, and sound waves, including fast response matrix code, near field communication (NFC), Bluetooth, infrared, wireless fidelity (Wi-Fi), and radio frequency. Identification (RFID) and so on. The verification device 26 may be a company's punch card machine, an exhibition sign-in machine, a club door opening device, a payment verification machine, and the like.
以下详细描述本发明的认证流程。本发明的认证方法主要涉及需 要进行认证的用户 (移动设备 20 ) 与认证要求提供者 (验证装置 26 ) 双方之间的数据处理,并包括第三方(电讯公司)对用户身份的保证。 图 2展示了用户使用本发明的认证系统进行认证时的流程图。 用户从 步骤 28开始认证流程, 在步骤 30 , 用户首先打开安装在移动设备 20 上的特定应用程序,或者通过移动设备 20的网络功能联机到特定的网 站。 该特定应用程序通过数据通信网络把用户连接到认证服务器 22 , 而所述特定的网站也是由认证服务器 22托管的。数据通信网络包括通 用分组无线服务(GPRS )、 第三代行动通讯技术 (3G ) 和第四代行 动通讯技术 (4G ) 等。 The authentication process of the present invention is described in detail below. The authentication method of the present invention mainly relates to data processing between a user (mobile device 20) requiring authentication and a certification request provider (verification device 26), and includes a third party (telecom company) guaranteeing the identity of the user. Figure 2 illustrates a flow chart when a user authenticates using the authentication system of the present invention. The user starts the authentication process from step 28, and in step 30, the user first opens the mobile device 20 for installation. A specific application on the computer, or through the network function of the mobile device 20, to a specific website. The particular application connects the user to the authentication server 22 via a data communication network, and the particular website is also hosted by the authentication server 22. Data communication networks include General Packet Radio Service (GPRS), Third Generation Mobile Communication Technology (3G), and Fourth Generation Mobile Communication Technology (4G).
用户通过移动设备 20以特定应用程序或特定网站作为媒介发送 认证请求到认证服务器 22, 认证请求包含用户的设定数据, 设定数据 包括用户自定义的认证有效次数和有效时间等。认证服务器 22在步骤 32接收到认证请求后会通过不同的方法来获取用户的数据。其中一个 方法是如以上所述的通过获取移动设备 20的互联网协议地址并询问 移动用户数据服务器 24来获得用户的数据。 接收到询问并进行映像 后, 移动用户数据服务器 24把用户数据, 包括电话号码, 传回认证服 务器 22。认证服务器 22在步骤 34收到用户的数据,用户的身份被确定。 认证服务器 22会把用户的数据储存在数据库,然后使用其中的电话号 码和用户的设定数据产生一个临时编码, 该临时编码包括条件参数, 如有效次数和有效时间, 有效次数定义了临时编码的可使用次数, 而 有效时间定义了所述临时编码的可使用时间。临时编码的有效次数和 有效时间由用户按其需要自行决定, 如果用户经常需要进行认证动 作, 他 /她可以设定多次的有效次数, 如 10次, 相反, 如果用户觉得 有必要或者为了安全理由, 他 /她可以设定临时编码只可使用一次, 在第一次使用完之后该临时编码就会变成无效,即使别人获得也不能 使用。相同道理,临时编码的有效时间限制了该临时编码的使用范围, 用户可设定该临时编码只在某一段时间内有效, 如一天、 一星期或一 个月内, 超过有效时间, 即使临时编码还剩余有效次数, 临时编码也 会变得无效, 从而大大提升了安全性。  The user sends an authentication request to the authentication server 22 via the mobile device 20 in a specific application or a specific website. The authentication request includes the user's setting data, and the setting data includes the user-defined authentication effective number and effective time. After receiving the authentication request in step 32, the authentication server 22 obtains the user's data through different methods. One of the methods is to obtain the user's data by obtaining the Internet Protocol address of the mobile device 20 and asking the mobile user data server 24 as described above. Upon receiving the query and mapping, the mobile user data server 24 passes the user data, including the telephone number, back to the authentication server 22. The authentication server 22 receives the user's data in step 34 and the identity of the user is determined. The authentication server 22 stores the user's data in a database, and then generates a temporary code using the phone number and the user's setting data, the temporary code including condition parameters such as the effective number and the effective time, and the effective number defines the temporary code. The number of times that can be used, and the effective time defines the usable time of the temporary code. The effective number and effective time of temporary coding are determined by the user according to their needs. If the user often needs to perform the authentication action, he/she can set the effective number of times, such as 10 times. On the contrary, if the user feels it is necessary or for security For reasons, he/she can set the temporary encoding to be used only once, and the temporary encoding will become invalid after the first use, even if others get it. By the same token, the effective time of the temporary encoding limits the scope of use of the temporary encoding. The user can set the temporary encoding to be valid only for a certain period of time, such as one day, one week or one month, exceeding the effective time, even if the temporary encoding is still The number of remaining valid times, the temporary encoding will also become invalid, which greatly improves security.
临时编码产生后, 认证服务器 22把其传送到移动设备 20。 移动设 备 20配置有存储器以储存临时编码,根据临时编码的有效次数和有效 时间,临时编码可以多次使用。在一个实施例中,临时编码先被加密, 然后储存在移动设备 20的存储器, 以提高安全性。 加密程序可在认证 服务器 22进行, 也可在移动设备 20进行, 当需要使用时, 移动设备 20 会使用适当的手段把临时编码解密。 在另一个实施例中, 为了进一步 加强安全性, 本发明的认证系统可以取得移动设备 20的唯一标识符, 然后把该唯一标识符和临时编码一起加密得到加密编码,并使用加密 编码进行认证。 加密编码可以储存在移动设备 20的存储器, 以供多次 使用。 同样地, 加密程序可在认证服务器 22或移动设备 20进行。 在使 用加密编码进行认证时, 系统会先把其解密, 然后把解密得到的唯一 标识符与移动设备 20的唯一标识符进行比较,只有在这两个标识符相 同的情况下才会执行下一步的动作。 如果这两个标识符不相同, 则证 明加密编码被人盗用了, 系统会拒绝此认证要求。 使用此方法, 加密 编码只可以由唯一的移动设备 20使用,因为每一个移动设备 20都拥有 唯一标识符, 安全性因而进一步提高。 After the temporary encoding is generated, the authentication server 22 transmits it to the mobile device 20. The mobile device 20 is configured with a memory to store temporary encodings, based on the number of times the temporary encoding is valid and valid Time, temporary coding can be used multiple times. In one embodiment, the temporary encoding is first encrypted and then stored in the memory of the mobile device 20 for increased security. The encryption process can be performed at the authentication server 22 or at the mobile device 20. When needed, the mobile device 20 decrypts the temporary code using appropriate means. In another embodiment, to further enhance security, the authentication system of the present invention can obtain a unique identifier for the mobile device 20, then encrypt the unique identifier along with the temporary encoding to obtain an encrypted encoding, and authenticate using the encrypted encoding. The encryption code can be stored in the memory of the mobile device 20 for multiple use. Likewise, the encryption process can be performed at the authentication server 22 or the mobile device 20. When using encryption encoding for authentication, the system decrypts it first, then compares the decrypted unique identifier with the unique identifier of the mobile device 20, and only performs the next step if the two identifiers are the same. Actions. If the two identifiers are not the same, it proves that the encryption code has been stolen, and the system will reject the authentication request. Using this method, the encryption code can only be used by the unique mobile device 20, since each mobile device 20 has a unique identifier and the security is thus further enhanced.
得到临时编码后, 用户可以随时进行认证, 在步骤 38, 用户使用 移动设备 20并选择特定的传递方式发送临时编码到验证装置 26。在发 送临时编码后, 用户这边的认证程序已经全部完成, 程序结束, 即步 骤 40。 用户在第一次产生临时编码时才需要执行步骤 28、 30、 32、 34 和 36。 当临时编码产生后, 用户可以省略以上所述的步骤, 直接跳到 步骤 38, 使用储存在移动设备 20的临时编码进行认证。 只要临时编码 的有效次数和有效时间是有效的, 移动设备 20不需要连接到网络, 也 不需要传送多余的数据或者进行复杂的程序处理就可以完成认证动 作, 免除了烦瑣的操作, 省时方便并得到安全性的保证。  After the temporary encoding is obtained, the user can authenticate at any time. In step 38, the user transmits the temporary encoding to the verification device 26 using the mobile device 20 and selecting a particular delivery method. After the temporary encoding is sent, the authentication procedure on the user side has been completed, and the program ends, step 40. The user only needs to perform steps 28, 30, 32, 34 and 36 when generating the temporary code for the first time. After the temporary encoding is generated, the user can omit the steps described above and jump directly to step 38 to authenticate using the temporary encoding stored in the mobile device 20. As long as the effective number of times of temporary coding and the effective time are valid, the mobile device 20 does not need to be connected to the network, and does not need to transmit redundant data or perform complicated program processing to complete the authentication action, thereby eliminating cumbersome operations and saving time. Convenient and secure.
另外, 用户在登入本发明的系统时并不需要输入个人信息, 并不 像现有技术般需要输入用户名和密码以确定用户的身份。本系统通过 第三方(电讯公司)的支持来获取用户的个人资料, 从而确定用户在 本系统的身份。 其中方法之一已在上文描述。 另一获取用户信息的方 法是首先确定用户的移动设备 20的电话号码,然后把确定的电话号码 传给移动用户数据服务器 24并要求其回馈对应于该电话号码的用户 数据。 移动用户数据服务器 24通过映像表的方式配对该电话号码, 然 后把得出的用户数据传送给认证服务器 22,以允许本发明的系统确立 用户的身份。 确定移动设备 20的电话号码的方法可以是: 读取该移动 设备 20中的用户身份模块的数据, 然后基于所述数据确定其电话号 码; 也可以从移动设备 20发出的认证请求的标头获得用户的电话号 码。 因此, 本发明的系统登入并不需要用户输入个人资料, 别人也不 能模仿用户的身份来登入本系统,因为用户的数据都是电讯公司提供 的。 每一次用户需要创建新的临时编码时, 其需要登入本系统, 而其 身份则由本系统通过电讯公司确定,当中最主要的原理是运用了唯一 的电话号码与唯一的用户之间的绑定。用户的移动电话号码可视为隐 藏的用户名。 为了进一步加强安全性, 用户可以在本系统确定其身份 后设定登入密码。 那么, 在用户下一次登入系统时, 其需要通过电讯 公司的验证并输入正确的密码才能登入成功。 In addition, the user does not need to input personal information when logging into the system of the present invention, and does not need to input a username and password to determine the identity of the user as in the prior art. The system obtains the user's personal data through the support of a third party (telecom company) to determine the identity of the user in the system. One of the methods has been described above. Another party that gets user information The method is to first determine the telephone number of the user's mobile device 20, then pass the determined telephone number to the mobile subscriber data server 24 and request it to return user data corresponding to the telephone number. The mobile subscriber data server 24 pairs the telephone number by way of a mapping table and then transmits the resulting subscriber data to the authentication server 22 to allow the system of the present invention to establish the identity of the subscriber. The method of determining the phone number of the mobile device 20 may be: reading data of the user identity module in the mobile device 20, and then determining its phone number based on the data; or obtaining the header of the authentication request issued by the mobile device 20 The user's phone number. Therefore, the system login of the present invention does not require the user to input personal data, and others cannot imitate the identity of the user to log into the system because the user's data is provided by the telecommunications company. Each time a user needs to create a new temporary code, it needs to log into the system, and its identity is determined by the system through the telecommunications company. The most important principle is to use the unique phone number and the unique user binding. The user's mobile phone number can be thought of as a hidden username. To further enhance security, users can set a login password after the system has determined its identity. Then, the next time the user logs in to the system, they need to pass the verification of the telecommunications company and enter the correct password to log in successfully.
在一个实施例中, 用户可以同时产生多个不同的临时编码, 以在 不同埸合使用不同的临时编码进行认证, 提高了灵活性。  In one embodiment, the user can simultaneously generate a plurality of different temporary encodings for authentication using different temporary encodings in different combinations, increasing flexibility.
现在参考图 3 , 其展示了认证要求提供者一方的认证流程。 认证 要求提供者在步骤 42开始认证程序。认证要求提供者是需要确认用户 身份的机构, 其可以是主办展览会的主办单位、 要求员工签到的公司 或私人会所等。 认证要求提供者使用验证装置 26来进行认证, 通常, 验证装置 26—直都与互联网相连接,以随时进行认证动作。在步骤 44, 验证装置 26接收到移动设备 20发送的临时编码, 其后, 验证装置 26 会把临时编码连同验证数据传送到认证服务器 22。所述验证数据包含 认证要求提供者的信息, 包括机构名称、 机构登记码和认证详情等。 认证要求提供者要使用本系统进行认证需要预先登记,成为登记机构 才能使用本发明的认证系统。 在登记后, 认证要求提供者会获得机构 登记码以供本系统识别其身份。 在步骤 46, 认证服务器 22收到验证装 置 26发送的临时编码和验证数据,认证服务器 22首先验证临时编码的 有效性, 例如其中包含的有效次数和有效时间。 如果临时编码有效, 认证程序会进行到步骤 48 , 否则进行到步骤 58。 在步骤 58, 因为临时 编码已经失效,认证服务器 22发送失败信息到认证要求提供者的验证 装置 26, 验证装置 26接着确定认证失败, 结束认证程序, 即步骤 62。 如果临时编码有效,认证服务器 22在步骤 48会验证认证要求提供者是 否有效, 其主要是验证认证要求提供者是否拥有有效的机构登记码。 如果该认证要求提供者已经事先登记,认证服务器 22的数据库中会储 存有该认证要求提供者的有效机构登记码,通过配对的方式就能确定 该认证要求提供者是否有效。 如果其结果为无效, 则进行到步骤 60, 认证服务器 22发送失败信息到认证要求提供者的验证装置 26,验证装 置 26接着确定认证失败, 结束认证程序, 即步骤 62。 如果认证要求提 供者有效, 则进行到步骤 54或步骤 50。 这里有两种情况, 其中一个情 况是认证要求提供者在认证开始前已经知道用户的部份信息,即其电 话号码,该部份信息可能是来自用户的输入或其他途径,这种情况下, 验证装置 26发送的验证数据中会包括了用户的电话号码,认证服务器 22因而会进行步骤 50而不是步骤 54。 在步骤 50, 认证服务器 22会由临 时编码确定用户的电话号码,其把其与验证装置 26发送过来的电话号 码进行比较, 如果结果吻合, 则进行步骤 52, 否则就进行步骤 64。 在 步骤 52, 认证服务器 22发送成功信息到认证要求提供者的验证装置 26, 认证成功, 程序在步骤 62结束。 另一个情况是认证要求提供者事 前并没有获得用户的任何数据,但其以某种手段储存了大量其机构本 身会员的个人资料, 其中包括电话号码。 此情形下, 验证装置 26发送 的验证数据中不会包括用户的电话号码,认证服务器 22因而会进行步 骤 54而不是步骤 50。 在步骤 54, 认证服务器 22发送验证有效信息和用 户的电话号码给认证要求提供者的验证装置 26。认证要求提供者的验 证装置 26在步骤 56会把得来的电话号码与其储存的数据表进行配对, 当数据表中包含该电话号码, 证明该用户是本机构的会员, 其身份被 确定, 认证成功, 程序在步骤 62结束。 相反, 如果数据表中不包含该 电话号码, 则证失败, 程序结束。 Referring now to Figure 3, there is shown the authentication process for the certification request provider side. The certification request provider begins the authentication process at step 42. The certification request provider is an organization that needs to confirm the identity of the user. It can be the organizer of the exhibition, the company or the private club that asks the employee to sign in. The authentication request provider uses the verification device 26 for authentication. Typically, the verification device 26 is directly connected to the Internet to perform authentication operations at any time. At step 44, the verification device 26 receives the temporary code transmitted by the mobile device 20, after which the verification device 26 transmits the temporary code along with the verification data to the authentication server 22. The verification data includes information of the certification request provider, including the institution name, the institution registration code, and the authentication details. The certification request provider needs to register in advance to use the system for authentication, and the registration system can use the authentication system of the present invention. After registration, the certification request provider will get the agency The registration code is used by the system to identify its identity. At step 46, the authentication server 22 receives the temporary encoding and verification data transmitted by the verification device 26, and the authentication server 22 first verifies the validity of the temporary encoding, such as the effective number of times and the effective time contained therein. If the temporary encoding is valid, the authentication process proceeds to step 48, otherwise proceeds to step 58. At step 58, because the temporary encoding has expired, the authentication server 22 sends a failure message to the authentication device 26 of the authentication request provider, and the verification device 26 then determines that the authentication has failed, ending the authentication process, step 62. If the temporary encoding is valid, the authentication server 22 verifies at step 48 whether the authentication request provider is valid, primarily to verify that the authentication request provider has a valid institution registration code. If the authentication request provider has previously registered, the authentication server 22 stores the valid institution registration code of the authentication request provider, and the pairing method can determine whether the authentication request provider is valid. If the result is invalid, proceeding to step 60, the authentication server 22 transmits the failure information to the authentication device 26 of the authentication request provider, and the verification device 26 then determines that the authentication has failed, and ends the authentication process, step 62. If the authentication request provider is valid, proceed to step 54 or step 50. There are two situations, one of which is that the authentication request provider has already known part of the user's information before the authentication starts, that is, its telephone number, which may be input from the user or other means. In this case, The verification data sent by the verification device 26 will include the user's telephone number, and the authentication server 22 will proceed to step 50 instead of step 54. At step 50, the authentication server 22 determines the user's telephone number from the temporary code, which compares it with the telephone number sent by the verification device 26. If the results match, step 52 is performed, otherwise step 64 is performed. At step 52, the authentication server 22 sends a success message to the authentication device 26 of the authentication request provider, the authentication is successful, and the process ends at step 62. In another case, the certification request provider did not obtain any data from the user beforehand, but it stored some of the personal data of its own members, including the phone number, by some means. In this case, the authentication data transmitted by the verification device 26 does not include the user's telephone number, and the authentication server 22 thus proceeds to step 54 instead of step 50. At step 54, the authentication server 22 transmits the verification valid information and the telephone number of the user to the authentication device 26 of the authentication request provider. Certification request provider's test The card device 26 will pair the obtained phone number with its stored data table in step 56. When the data table contains the phone number, the user is a member of the organization, the identity is determined, the authentication is successful, and the program is in the step. 62 ends. Conversely, if the phone number is not included in the data table, the certificate fails and the program ends.
使用本发明的认证系统进行快速移动支付的实施例  Embodiment for performing fast mobile payment using the authentication system of the present invention
以上详细描述了本发明的认证系统,其可以用于不同场合和不同 目的, 例如签到、 进入设施和参加会议等。 以下会描述其在移动支付 (即消费购物)的应用, 在移动支付方面的应用的主要原理和程序与 上文所述的基本上都相同, 只是步骤有部份的增减。  The authentication system of the present invention has been described in detail above and can be used for different occasions and for different purposes, such as signing in, entering a facility, attending a conference, and the like. The application of mobile payment (ie, consumer shopping) will be described below. The main principles and procedures for the application of mobile payment are basically the same as those described above, except that the steps are partially increased or decreased.
快速移动支付系统需要的硬件配备与认证系统是一样的, 如图 1 所示, 包括移动设备 20、 认证服务器 22、 移动用户数据服务器 24和验 证装置 26。 在此实施例中, 认证要求提供者为零售商, 而验证装置 26 通常是一个付款要求终端, 另外, 认证服务器 22除了进行认证工作, 还负责交易的中央结算。用户使用临时编码进行消费的流程与认证的 流程基本上是一样的, 如图 2中所示的步骤。 不同的是用户在设定时 除了设置可使用次数和可使用时间,还可以设置可使用的金额,如 100 元、 500元或更多。 因此, 临时编码的条件参数包括有效次数、 有效 时间和有效金额, 有效金额定义了临时编码的可使用金额。 每次进行 移动支付,可使用金额都会减少,当需要支付的金额大于可使用金额, 交易会被拒绝。 在步骤 32, 认证服务器 22获取的用户数据报括用户的 电讯公司帐户的可使用额度,当用户设定的有效金额大于可使用额度 时, 系统会返回错误信息, 临时编码不会被产生, 程序结束。 如果用 户设定的有效金额小于可使用额度,程序如常进行,执行步骤 34、 36、 38和 40。  The fast mobile payment system requires the same hardware configuration as the authentication system. As shown in Fig. 1, it includes a mobile device 20, an authentication server 22, a mobile user data server 24, and an authentication device 26. In this embodiment, the authentication request provider is a retailer, and the verification device 26 is usually a payment request terminal. In addition, the authentication server 22 is responsible for the central settlement of the transaction in addition to the authentication work. The process by which a user uses temporary coding for consumption is essentially the same as the process of authentication, as shown in Figure 2. The difference is that the user can set the available amount and the usable time, such as 100 yuan, 500 yuan or more. Therefore, the conditional parameters of the temporary encoding include the effective number, the effective time, and the effective amount, and the effective amount defines the usable amount of the temporary encoding. Each time you make a mobile payment, the amount you can use will be reduced. When the amount you need to pay is greater than the usable amount, the transaction will be rejected. In step 32, the user data obtained by the authentication server 22 includes the usable amount of the user's telecommunications company account. When the effective amount set by the user is greater than the usable amount, the system returns an error message, and the temporary encoding is not generated. End. If the effective amount set by the user is less than the usable amount, the program proceeds as usual and steps 34, 36, 38 and 40 are performed.
然而, 快速移动支付系统在认证要求提供者一方(零售商)的流 程与认证系统的流程的分别比较大,快速移动支付系统在认证要求提 供者一方 (零售商) 的流程相对简单一些。 图 4是进行移动支付时零 售商一方的流程图。 付款程序在步骤 66开始, 然后在步骤 68, 零售商 的验证装置 26 (即付款要求终端 )接收到来自移动设备 20的临时编码 后, 连同验证数据传送到认证服务器 22, 其中验证数据包括付款请求 和付款金额。 在步骤 70, 认证服务器 22验证临时编码时除了需要检查 其有效次数、 有效时间的有效性, 还需要检查有效金额的有效性。 如 果有效次数、 有效时间和有效金额中的一个有效性不能通过测试, 进 行步骤 78, 认证服务器 22发送失败信息到零售商的验证装置 26, 交易 中止, 程序在步骤 82结束。 相反, 如果有效性测试通过, 则进行步骤 72, 此步骤与认证系统的步骤 48相同, 其操作一样, 详细描述在上文 已记载, 这里不再重复。 如果认证要求提供者无效, 进行步骤 80, 认 证服务器 22发送失败信息到零售商的验证装置 26, 交易中止, 程序在 步骤 82结束。 如果认证要求提供者有效, 进行步骤 74, 在步骤 74, 认 证服务器 22通过映像等方式由临时编码确定用户的电话号码,然后发 送付款信息到电讯营运商的移动用户数据服务器 24,付款信息包括用 户的电话号码、 付款金额等。 在步骤 76, 移动用户数据服务器 24把认 证服务器 22发送过来的电话号码与其储存的用户数据进行配对,找出 相应的用户, 并核实付款信息中其他数据, 最后在该用户对应的帐户 扣除相应的金额。 扣款成功后, 移动用户数据服务器 24发送确认信息 到认证服务器 22,认证服务器 22收到确认信息后,更新该用户的数据, 如已使用金额等, 最后发送付款成功信息给零售商的验证装置 26, 以 结束程序, 即步骤 82。 用户使用本发明的移动支付进行消费, 所用的 结账户口是该用户的移动电话结账户口,其消费金额会直接显示在该 用户的移动电话账单中。 当需要增加帐户的可用金额, 用户可以随时 随地购买移动电话充值卡进行充值, 以增加支付的弹性。 However, the process of the fast mobile payment system on the side of the certification request provider (retailer) and the process of the authentication system are relatively large, and the process of the fast mobile payment system on the side of the certification request provider (retailer) is relatively simple. Figure 4 is zero when making mobile payments The flow chart of the seller's side. The payment process begins at step 66, and then, at step 68, the retailer's verification device 26 (i.e., payment requesting terminal) receives the temporary encoding from the mobile device 20, along with the verification data, to the authentication server 22, wherein the verification data includes the payment request And the payment amount. In step 70, when the authentication server 22 verifies the temporary encoding, in addition to checking the validity of the effective number and the effective time, it is also necessary to check the validity of the effective amount. If one of the number of valid times, the effective time, and the effective amount fails the test, step 78 is performed, the authentication server 22 sends a failure message to the verification device 26 of the retailer, the transaction is aborted, and the process ends at step 82. Conversely, if the validity test is passed, then step 72 is performed, which is the same as step 48 of the authentication system, the operation is the same, the detailed description has been described above, and will not be repeated here. If the authentication request provider is invalid, proceeding to step 80, the authentication server 22 sends a failure message to the retailer's verification device 26, the transaction is aborted, and the process ends at step 82. If the authentication request provider is valid, proceed to step 74. In step 74, the authentication server 22 determines the user's phone number by temporary encoding by means of imaging or the like, and then sends the payment information to the mobile operator's mobile user data server 24, the payment information including the user. Phone number, payment amount, etc. In step 76, the mobile user data server 24 pairs the phone number sent by the authentication server 22 with the stored user data, finds the corresponding user, and verifies other data in the payment information, and finally deducts the corresponding account in the account corresponding to the user. Amount. After the deduction is successful, the mobile user data server 24 sends the confirmation information to the authentication server 22. After receiving the confirmation information, the authentication server 22 updates the user's data, such as the used amount, and finally sends the payment success information to the retailer's verification device. 26, to end the program, step 82. The user uses the mobile payment of the present invention for consumption, and the used account port is the user's mobile phone account account port, and the amount of consumption is directly displayed in the user's mobile phone bill. When it is necessary to increase the available amount of the account, the user can purchase the mobile phone recharge card to recharge anytime and anywhere to increase the flexibility of the payment.
在一个实施例, 本移动支付系统在付款完成后, 会提供回馈信息 给用户。 例如, 在结账后, 零售商的验证装置 26可通过特定的传递方 式(如近场通讯)传送回馈信息给用户的移动装置 20, 回馈信息包括 购物折扣、 抽奖和个人特别款待等。 用户可以把回馈信息储存在移动 装置 20内, 以在下次消费时使用优惠。 In one embodiment, the mobile payment system provides feedback information to the user after the payment is completed. For example, after the checkout, the retailer's verification device 26 can transmit the feedback information to the user's mobile device 20 through a specific delivery method (such as near field communication), and the feedback information includes Shopping discounts, sweepstakes and personal special treats. The user can store the feedback information in the mobile device 20 to use the offer for the next purchase.
以上内容清楚阐述了本发明的优选实施例。尽管上述说明涉及特 定的实施例,但本领域的技术人员应该清楚在不偏离本发明的主要意 旨和范围的情况下, 可以对实施例的具体细节和形式作出不同的变 化。 因此, 本发明不应该被认为只限于在此提出的实施例。  The above description clearly illustrates preferred embodiments of the invention. While the above description has been described with respect to the specific embodiments, it will be apparent to those skilled in the art that the various details and forms of the embodiments can be varied, without departing from the spirit and scope of the invention. Therefore, the present invention should not be considered limited to the embodiments presented herein.

Claims

权 禾1 J 要 求 书 KHP14230046.0 权禾1 J Request KHP14230046.0
1. 一种身份认证方法, 包括以下步骤: 1. An identity authentication method, including the following steps:
(a)通过移动设备传送认证请求, 所述认证请求包含用户的设定; (a) transmitting an authentication request by the mobile device, the authentication request including the user's settings;
(b)根据所述认证请求确定所述用户的电话号码; (b) determining a phone number of the user according to the authentication request;
(c)使用所述设定和所述电话号码产生临时编码; 以及  (c) generating a temporary encoding using the settings and the telephone number;
(d)使用所述临时编码进行所述身份认证。  (d) performing the identity authentication using the temporary encoding.
2. 如权利要求 1所述的方法, 其特征在于, 所述临时编码包括条件  2. The method of claim 1, wherein the temporary encoding comprises a condition
3. 如权利要求 2所述的方法, 其特征在于, 所述条件参数包括:3. The method of claim 2, wherein the condition parameters comprise:
(a)有效次数, 其定义了所述临时编码的可使用次数; 和 (a) the number of times of validity, which defines the number of times the temporary code can be used; and
(b)有效时间, 其定义了所述临时编码的可使用时间。  (b) Effective time, which defines the usable time of the temporary code.
4. 如权利要求 1所述的方法, 还包括:  4. The method of claim 1 further comprising:
加密所述临时编码并把加密后的临时编码储存到所述移动设备, 以供多次使用; 其后可省略步骤(a ) - ( c ), 而直接使用所述加密后 的临时编码快速地进行所述身份认证。  Encrypting the temporary encoding and storing the encrypted temporary encoding to the mobile device for multiple use; thereafter steps (a) - (c) may be omitted, and the encrypted temporary encoding may be used directly Perform the identity authentication.
5. 如权利要求 1所述的方法, 还包括:  5. The method of claim 1 further comprising:
取得所述移动设备的唯一标识符;  Obtaining a unique identifier of the mobile device;
把所述唯一标识符和所述临时编码一起加密得到加密编码, 并把 所述加密编码储存到所述移动设备, 以供多次使用;  Encrypting the unique identifier together with the temporary encoding to obtain an encrypted encoding, and storing the encrypted encoding to the mobile device for multiple use;
其中所述加密编码只可由所述移动设备使用。  Wherein the encryption code is only usable by the mobile device.
6. 如权利要求 1所述的方法, 其特征在于, 步骤(b )使用以下方法 之一来确定所述用户的电话号码:  6. The method of claim 1 wherein step (b) uses one of the following methods to determine the telephone number of the user:
(i)获得所述移动设备的互联网协议地址;  (i) obtaining an internet protocol address of the mobile device;
从电讯营运商取得对应于所述互联网协议地址的电话号码; Obtaining a telephone number corresponding to the internet protocol address from a telecommunications carrier;
(ii)读取所述移动设备中的用户身份模块的数据; (ii) reading data of a subscriber identity module in the mobile device;
基于所述数据确定所述用户的电话号码; 或  Determining a phone number of the user based on the data; or
(iii)从所述认证请求的标头获得所述用户的电话号码。 (iii) obtaining the telephone number of the user from the header of the authentication request.
7. 如权利要求 1所述的方法, 其特征在于, 步骤(d )包括: 选择特定的传递方式发送所述临时编码到验证装置; The method according to claim 1, wherein the step (d) comprises: selecting a specific delivery mode to send the temporary encoding to the verification device;
所述验证装置把验证数据和所述临时编码传送到认证服务器; 所述认证服务器检查所述验证数据和所述临时编码是否有效, 并 执行以下步骤:  The verification device transmits the verification data and the temporary code to an authentication server; the authentication server checks whether the verification data and the temporary encoding are valid, and performs the following steps:
(i)如果所述验证数据和所述临时编码都有效,发送验证有效信息 和所述电话号码到所述验证装置; 或  (i) if both the verification data and the temporary code are valid, transmitting verification valid information and the telephone number to the verification device; or
(ii)如果所述验证数据和所述临时编码都有效,并且所述验证数据 中的电话号码与所述临时编码中包含的所述电话号码相匹 配, 发送成功信息到所述验证装置; 或  (ii) if both the verification data and the temporary encoding are valid, and the telephone number in the verification data matches the telephone number included in the temporary encoding, transmitting a success message to the verification device; or
(iii)如果所述验证数据和所述临时编码中的一个或两个无效, 或 所述验证数据中的电话号码与所述临时编码中包含的所述电 话号码不匹配, 发送失败信息到所述验证装置; 以及 所述验证装置根据接收到的所述验证有效信息和所述电话号码 或所述成功信息或所述失败信息完成所述身份认证。  (iii) if one or both of the verification data and the temporary code are invalid, or the phone number in the verification data does not match the phone number included in the temporary code, sending a failure message to the location The verification device; and the verification device completes the identity authentication according to the received verification valid information and the phone number or the success information or the failure information.
8. 如权利要求 7所述的方法, 其特征在于, 所述特定的传递方式包 括:  8. The method of claim 7, wherein the specific delivery method comprises:
条形码;  Bar code
微波; 和  Microwave; and
声波。  Sound waves.
9. 如权利要求 1所述的方法, 还包括:  9. The method of claim 1 further comprising:
根据所述用户的需要产生多个不同的所述临时编码, 以在不同场 合进行所述身份认证。  A plurality of different said temporary codes are generated in accordance with the needs of the user to perform the identity authentication in different scenarios.
10. 一种身份认证系统, 包括:  10. An identity authentication system, including:
(a) 移动设备, 用于传送认证请求, 所述认证请求包含用户的设 定;  (a) a mobile device, configured to transmit an authentication request, where the authentication request includes a user setting;
(b) 认证服务器, 以接收所述认证请求并根据所述认证请求确定 所述用户的电话号码, 所述认证服务器使用所述设定和所述 电话号码产生临时编码并把所述临时编码发送到所述移动设 备; 以及 (b) an authentication server to receive the authentication request and determine according to the authentication request a telephone number of the user, the authentication server generating a temporary encoding using the setting and the telephone number and transmitting the temporary encoding to the mobile device;
(C) 验证装置;  (C) verification device;
其中所述移动设备通过特定的传递方式发送所述临时编码到所 述验证装置, 以进行所述身份认证。  And wherein the mobile device sends the temporary encoding to the verification device by using a specific delivery manner to perform the identity authentication.
11. 如权利要求 10所述的系统, 其特征在于, 所述临时编码包括条件 参数, 以限制所述身份认证, 所述条件参数包括:  The system according to claim 10, wherein the temporary encoding includes a condition parameter to limit the identity authentication, and the condition parameter includes:
(a)有效次数, 其定义了所述临时编码的可使用次数; 和  (a) the number of times of validity, which defines the number of times the temporary code can be used; and
(b)有效时间, 其定义了所述临时编码的可使用时间。  (b) Effective time, which defines the usable time of the temporary code.
12. 如权利要求 10所述的系统, 其特征在于, 所述临时编码被加密并 储存在所述移动设备的存储器, 以供多次使用并快速地进行所述 身份认证。  12. The system of claim 10, wherein the temporary encoding is encrypted and stored in a memory of the mobile device for multiple use and the identity authentication is performed quickly.
13. 如权利要求 10所述的系统, 还包括电讯营运商的移动用户数据服 务器, 以接受来自所述认证服务器的询问并返回所述用户的电话 号码到所述认证服务器。  13. The system of claim 10, further comprising a telecommunications carrier's mobile subscriber data server to accept an inquiry from the authentication server and return the subscriber's telephone number to the authentication server.
14. 如权利要求 10所述的系统, 其特征在于, 所述验证装置把验证数 据和所述临时编码传送到所述认证服务器, 所述认证服务器检查 所述验证数据和所述临时编码是否有效, 并执行以下步骤: 14. The system according to claim 10, wherein the verification means transmits the verification data and the temporary code to the authentication server, and the authentication server checks whether the verification data and the temporary code are valid , and perform the following steps:
(i)如果所述验证数据和所述临时编码都有效,发送验证有效信息 和所述电话号码到所述验证装置; 或 (i) if both the verification data and the temporary code are valid, transmitting verification valid information and the telephone number to the verification device; or
(ii)如果所述验证数据和所述临时编码都有效,并且所述验证数据 中的电话号码与所述临时编码中包含的所述电话号码相匹 配, 发送成功信息到所述验证装置; 或  (ii) if both the verification data and the temporary encoding are valid, and the telephone number in the verification data matches the telephone number included in the temporary encoding, transmitting a success message to the verification device; or
(iii)如果所述验证数据和所述临时编码中的一个或两个无效, 或 所述验证数据中的电话号码与所述临时编码中包含的所述电 话号码不匹配, 发送失败信息到所述验证装置; 以及 所述验证装置根据接收到的所述验证有效信息和所述电话号码 或所述成功信息或所述失败信息完成所述身份认证。 (iii) if one or both of the verification data and the temporary code are invalid, or the phone number in the verification data does not match the phone number included in the temporary code, sending a failure message to the location Said verification device; The verification device completes the identity authentication according to the received verification valid information and the phone number or the success information or the failure information.
15. 如权利要求 10所述的系统, 其特征在于, 所述特定的传递方式包 括:  15. The system of claim 10, wherein the particular delivery method comprises:
条形码;  Bar code
微波; 和  Microwave; and
声波。  Sound waves.
16. 一种快速移动支付的方法, 包括:  16. A method of fast mobile payment, comprising:
(a)通过移动设备传送认证请求, 所述认证请求包含用户的设定; (a) transmitting an authentication request by the mobile device, the authentication request including the user's settings;
(b)根据所述认证请求确定所述用户的电话号码; (b) determining a phone number of the user according to the authentication request;
(c)获取所述电话号码对应的用户数据并确立所述用户的身份; (c) acquiring user data corresponding to the phone number and establishing the identity of the user;
(d)使用所述设定和所述电话号码产生临时编码; (d) generating a temporary encoding using the settings and the telephone number;
(e)使用所述临时编码进行所述快速移动支付。  (e) performing the fast mobile payment using the temporary encoding.
17. 如权利要求 16所述的方法, 其特征在于, 所述临时编码包括条件 参数, 以限制所述快速移动支付。  17. The method of claim 16, wherein the temporary encoding comprises a condition parameter to limit the fast mobile payment.
18. 如权利要求 16所述的方法, 其特征在于, 所述条件参数包括: 18. The method of claim 16, wherein the condition parameters comprise:
(a)有效次数, 其定义了所述临时编码的可使用次数; (a) the number of times of validity, which defines the number of times the temporary code can be used;
(b)有效时间, 其定义了所述临时编码的可使用时间; 和  (b) a valid time, which defines the usable time of the temporary code; and
(c)有效金额, 其定义了所述临时编码的可使用金额。  (c) A valid amount, which defines the usable amount of the provisional code.
19. 如权利要求 16所述的方法, 还包括:  19. The method of claim 16 further comprising:
加密所述临时编码并把加密后的临时编码储存到所述移动设备, 以供多次使用; 其后可省略步骤(a ) - ( d ), 而直接使用所述加密后 的临时编码进行所述快速移动支付。  Encrypting the temporary encoding and storing the encrypted temporary encoding to the mobile device for multiple use; thereafter, steps (a) - (d) may be omitted, and the encrypted temporary encoding may be directly used. Express mobile payment.
20. 如权利要求 16所述的方法, 还包括:  20. The method of claim 16 further comprising:
取得所述移动设备的唯一标识符;  Obtaining a unique identifier of the mobile device;
把所述唯一标识符和所述临时编码一起加密得到加密编码, 并把 所述加密编码储存到所述移动设备, 以供多次使用; 其中所述加密编码只可由所述移动设备使用。 Encrypting the unique identifier together with the temporary encoding to obtain an encrypted encoding, and storing the encrypted encoding to the mobile device for multiple uses; Wherein the encryption code is only usable by the mobile device.
21. 如权利要求 16所述的方法, 其特征在于, 步骤(e )包括:  21. The method of claim 16, wherein step (e) comprises:
选择特定的传递方式发送所述临时编码到验证装置;  Selecting a specific delivery mode to send the temporary encoding to the verification device;
所述验证装置把验证数据和所述临时编码传送到认证服务器; 所述认证服务器检查所述验证数据和所述临时编码是否有效, 并 执行以下步骤:  The verification device transmits the verification data and the temporary code to an authentication server; the authentication server checks whether the verification data and the temporary encoding are valid, and performs the following steps:
(i)如果所述验证数据和所述临时编码都有效,发送付款信息到电 讯营运商的移动用户数据服务器, 以在所述用户的相应账户 中扣除相应的金额; 或  (i) if both the verification data and the temporary code are valid, sending the payment information to the mobile operator's mobile subscriber data server to deduct the corresponding amount in the corresponding account of the user; or
(ii)如果所述验证数据和所述临时编码中的一个或两个无效,取消 交易并发送失败信息到所述验证装置。  (ii) if one or both of the verification data and the temporary code are invalid, cancel the transaction and send a failure message to the verification device.
22. 如权利要求 16所述的方法, 其特征在于, 所述特定的传递方式包 括:  22. The method of claim 16, wherein the specific delivery method comprises:
条形码;  Bar code
微波; 和  Microwave; and
声波。  Sound waves.
23. 一种快速移动支付的系统, 包括:  23. A fast mobile payment system, comprising:
(a)移动设备, 以传送认证请求, 所述认证请求包含用户的设定; (a) a mobile device to transmit an authentication request, the authentication request including a user's setting;
(b)认证服务器, 以接收所述认证请求并根据所述认证请求确定所 述用户的电话号码和获取所述电话号码对应的用户数据并确 立所述用户的身份, 所述认证服务器使用所述设定和所述电 话号码产生临时编码并把所述临时编码发送到所述移动设 备; 以及 (b) an authentication server, configured to receive the authentication request and determine a phone number of the user according to the authentication request, and obtain user data corresponding to the phone number and establish an identity of the user, the authentication server using the Setting and the phone number to generate a temporary code and transmitting the temporary code to the mobile device;
(c)验证装置;  (c) verification device;
其中所述移动设备通过特定的传递方式发送所述临时编码到所 述验证装置, 以进行所述快速移动支付。  The mobile device sends the temporary encoding to the verification device by a specific delivery method to perform the fast mobile payment.
PCT/CN2014/072000 2013-03-27 2014-02-12 System and method for mobile identity authentication and payment WO2014154058A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310102257.3A CN104077841A (en) 2013-03-27 2013-03-27 Method and system for mobile identity authentication and payment
CN201310102257.3 2013-03-27

Publications (1)

Publication Number Publication Date
WO2014154058A1 true WO2014154058A1 (en) 2014-10-02

Family

ID=51599078

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/072000 WO2014154058A1 (en) 2013-03-27 2014-02-12 System and method for mobile identity authentication and payment

Country Status (3)

Country Link
CN (1) CN104077841A (en)
HK (1) HK1199320A1 (en)
WO (1) WO2014154058A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330883B (en) * 2016-08-19 2019-11-22 中国银联股份有限公司 Security information interaction method based on shortcut verification code
WO2018140700A1 (en) * 2017-01-27 2018-08-02 Hutchinson Shawn Secure authentication and financial attributes services
EP3579495A4 (en) * 2017-02-01 2020-06-03 Chan, Tai Chiu Authentication server, authentication system, and authentication method
CN108829439A (en) * 2018-06-22 2018-11-16 泰康保险集团股份有限公司 A kind of code dissemination method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1510899A (en) * 2002-12-23 2004-07-07 郝敏燕 Mobile communication platform based on dynamic random mobile telephone pin identifying system
CN101159082A (en) * 2007-11-19 2008-04-09 侯万春 System and method for realizing personal electric check card
US20100145861A1 (en) * 2008-12-08 2010-06-10 Palm, Inc. Payment transaction processing for mobile computing devices
CN101990676A (en) * 2008-04-02 2011-03-23 环球1企业公司 Mobile telephone transaction systems and methods

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1510899A (en) * 2002-12-23 2004-07-07 郝敏燕 Mobile communication platform based on dynamic random mobile telephone pin identifying system
CN101159082A (en) * 2007-11-19 2008-04-09 侯万春 System and method for realizing personal electric check card
CN101990676A (en) * 2008-04-02 2011-03-23 环球1企业公司 Mobile telephone transaction systems and methods
US20100145861A1 (en) * 2008-12-08 2010-06-10 Palm, Inc. Payment transaction processing for mobile computing devices

Also Published As

Publication number Publication date
CN104077841A (en) 2014-10-01
HK1199320A1 (en) 2015-06-26

Similar Documents

Publication Publication Date Title
US10333721B2 (en) Secure information transmitting system and method for personal identity authentication
US8752125B2 (en) Authentication method
JP5407104B2 (en) Method and apparatus for physical POS transaction
CN102971760B (en) Method, server, merchant equipment and computer-readable recording medium for setting up communication
CN102088353B (en) Two-factor authentication method and system based on mobile terminal
US8601260B2 (en) Creation of user digital certificate for portable consumer payment device
JP5027227B2 (en) Method and apparatus for an authentication procedure in a communication network
JP6704919B2 (en) How to secure your payment token
US20160241405A1 (en) Method, Apparatus and Computer Program for Issuing User Certificate and Verifying User
US20140058951A1 (en) Mobile electronic device and use thereof for electronic transactions
US20110197267A1 (en) Secure authentication system and method
CN110073387A (en) Confirm being associated between communication equipment and user
CN204856630U (en) Electron ticketing system
CN112543166B (en) Real name login method and device
CN100583883C (en) Method of providing a signing key for digitally signing, verifying or encrypting data and mobile terminal
JP2015537399A (en) Application system for mobile payment and method for providing and using mobile payment means
US20140180931A1 (en) System and Method for Secure Wi-Fi- Based Payments Using Mobile Communication Devices
JP2005513955A (en) Electronic signature method
RU2411670C2 (en) Method to create and verify authenticity of electronic signature
WO2014154058A1 (en) System and method for mobile identity authentication and payment
CN103139210A (en) Method of safety authentication
KR101505847B1 (en) Method for Validating Alliance Application for Payment
KR101472751B1 (en) Method and System for Providing Payment by using Alliance Application
KR20130065829A (en) Method and system for providing service by using object mapped one time code
JP6447949B1 (en) Authentication system, authentication server, authentication method, and authentication program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14772581

Country of ref document: EP

Kind code of ref document: A1

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14772581

Country of ref document: EP

Kind code of ref document: A1