WO2016155497A1 - 认证用户的方法及装置、注册可穿戴设备的方法及装置 - Google Patents
认证用户的方法及装置、注册可穿戴设备的方法及装置 Download PDFInfo
- Publication number
- WO2016155497A1 WO2016155497A1 PCT/CN2016/076415 CN2016076415W WO2016155497A1 WO 2016155497 A1 WO2016155497 A1 WO 2016155497A1 CN 2016076415 W CN2016076415 W CN 2016076415W WO 2016155497 A1 WO2016155497 A1 WO 2016155497A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- server
- authentication
- terminal
- wearable device
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B1/00—Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
- H04B1/38—Transceivers, i.e. devices in which transmitter and receiver form a structural unit and in which at least one part is used for functions of transmitting and receiving
- H04B1/3827—Portable transceivers
- H04B1/385—Transceivers carried on the body, e.g. in helmets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L5/00—Arrangements affording multiple use of the transmission path
- H04L5/003—Arrangements for allocating sub-channels of the transmission path
- H04L5/0053—Allocation of signaling, i.e. of overhead other than pilot signals
- H04L5/0055—Physical resource allocation for ACK/NACK
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/30—Security of mobile devices; Security of mobile applications
- H04W12/33—Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Definitions
- the present application relates to the field of Internet technologies, and in particular, to a method and apparatus for authenticating a user and a method and apparatus for registering a wearable device.
- the present application provides a method for authenticating a user, which is applied to a server, where the server stores a correspondence between a user identifier of the user, a wearable device identifier, and a server authentication key, where the method includes:
- the terminal Receiving an authentication request sent by the user by using the terminal, where the authentication request carries the user identifier and/or the wearable device identifier of the user;
- a detection response carrying uplink authentication information where the uplink authentication information is The wearable device specified in the detection instruction is generated according to the device authentication key and the downlink authentication information, where the device authentication key is the same as or corresponds to the server authentication key;
- the server authentication key of the user is used to match the downlink authentication information and the uplink authentication information, and if the matching is successful, the user passes the authentication.
- a method for authenticating a user is provided on a terminal that accesses a user wearable device, and the method includes:
- the detection instruction carries downlink authentication information and a wearable device identifier
- the uplink authentication information is determined by the wearable device according to the saved device authentication key and the downlink authentication Information generation, the device authentication key is the same as or corresponds to a server authentication key stored in the server;
- the user authentication result determined by the receiving server according to the uplink authentication information, the downlink authentication information, and the server authentication key.
- the application provides a method for registering a wearable device, which is applied to a server, and includes:
- a method for registering a wearable device, which is applied to the terminal includes:
- a write response is sent to the server, the write response carrying a message indicating whether the device authentication key was successful.
- the present application further provides a device for authenticating a user, which is applied to a server, where the server stores a correspondence between a user identifier of the user, a wearable device identifier, and a server authentication key, and the device includes:
- the authentication request receiving unit is configured to receive an authentication request sent by the user by using the terminal, where the authentication request carries the user identifier and/or the wearable device identifier of the user;
- the detection instruction issuance unit is configured to obtain downlink authentication information, and send a detection instruction that carries the downlink authentication information and the wearable device identifier of the user to the terminal;
- a detection response receiving unit configured to receive a detection response that is sent by the terminal and carries the uplink authentication information, where the uplink authentication information is generated by the wearable device specified in the detection instruction according to the device authentication key and the downlink authentication information, where the device authentication is encrypted.
- the key is the same as or corresponds to the server authentication key;
- the matching unit is configured to match the downlink authentication information and the uplink authentication information by using the server authentication key of the user, and the user passes the authentication if the matching succeeds.
- a device for authenticating a user is provided on a terminal that accesses a user wearable device, and the device includes:
- An authentication request sending unit configured to send an authentication request to the server according to an operation of the user, where the authentication request carries the user identifier and/or the wearable device identifier of the user;
- the detection instruction receiving unit is configured to receive a detection instruction of the server, where the detection instruction carries the downlink authentication information and the wearable device identifier;
- An uplink authentication information unit configured to send the downlink authentication information to the wearable device specified in the detection instruction, and receive the uplink authentication information returned by the wearable device; the uplink authentication information is saved by the wearable device according to the Device authentication key and downlink authentication information generated, the device The authentication key is the same as or corresponds to the server authentication key stored on the server;
- a detection response sending unit configured to send, to the server, a detection response carrying the uplink authentication information
- the authentication result receiving unit is configured to receive a user authentication result determined by the server according to the uplink authentication information, the downlink authentication information, and the server authentication key.
- the application provides a device for registering a wearable device, which is applied to a server, and includes:
- a registration request receiving unit configured to receive a wearable device registration request sent by the user by using the terminal, where the registration request carries the user identifier and the wearable device identifier of the user;
- a write command issuing unit configured to acquire a server authentication key and a device authentication key of the user, and send a write command carrying the device authentication key and the wearable device identifier of the user to the terminal;
- Writing a response receiving unit configured to receive a write response returned by the terminal, and if the write response indicates that the device authentication key has been successfully saved in the wearable device specified in the write command, saving the user identifier of the user Correspondence between the wearable device identifier and the server authentication key.
- the device for registering a wearable device which is applied to the terminal, includes:
- a registration request sending unit configured to send a wearable device registration request to the server according to an operation of the user, where the registration request carries the user identifier and the wearable device identifier of the user;
- a write command receiving unit configured to receive a write command of the server, where the write command carries a device authentication key and the wearable device identifier of the user;
- a write operation execution unit configured to perform an operation of writing a device authentication key to the wearable device specified in the write command
- the write response sending unit is configured to send a write response to the server, where the write response carries a message indicating whether the device authentication key is successful.
- the application provides a payment method, including:
- the server authentication key of the user is used to match the downlink authentication information and the uplink authentication information. If the matching succeeds, the user passes the authentication, and the payment operation is performed after the authentication is passed.
- a payment method provided by the application includes:
- a payment method for a wearable device includes:
- the payment authentication information includes downlink authentication information that is sent by the server based on the payment request of the user sent by the payment client;
- the application provides a payment device, including:
- a payment request receiving unit configured to receive a payment request sent by a user through a payment client, where the payment request carries a user identifier and/or a wearable device identifier of the user;
- the authentication instruction issuance unit is configured to obtain the downlink authentication information, and deliver the authentication instruction including the downlink authentication information and the wearable device identifier to the payment client.
- the authentication response receiving unit is configured to receive the authentication response information that is sent by the payment client and that carries the uplink authentication information, where the uplink authentication information is determined by the wearable device specified in the authentication command.
- the authentication key and the downlink authentication information are generated, and the device authentication key is the same as or corresponds to the server authentication key;
- the payment matching unit is configured to match the downlink authentication information and the uplink authentication information by using the server authentication key of the user, and if the matching is successful, the user passes the authentication, and performs a payment operation after the authentication is passed.
- a payment device provided by the application includes:
- a payment request sending unit configured to send a payment request to the server in response to the user's payment operation on the payment client, where the payment request carries the user identifier and/or the wearable device identifier of the user;
- the authentication instruction receiving unit is configured to receive an authentication instruction that is sent by the server, including the downlink authentication information and the wearable device identifier, and send the downlink authentication information to the wearable device, so that the device can be authenticated by the wearable device by using the device.
- the key and the downlink authentication information generate uplink authentication information;
- the authentication response sending unit is configured to receive the uplink authentication information returned by the wearable device, and send the information to the server, so that the server authenticates the user according to the uplink authentication information, and performs a payment operation after the authentication is passed.
- the application also provides a payment device for a wearable device, comprising:
- the payment authentication information receiving unit is configured to receive the payment authentication information sent by the payment client, where the payment authentication information includes the downlink authentication information that is sent by the server based on the payment request of the user sent by the payment client;
- the uplink authentication information generating unit is configured to generate uplink authentication information according to the saved device authentication key and the downlink authentication information, and send the uplink authentication information to the payment client, so that the uplink authentication information is sent by the payment client to the server,
- the server is enabled to authenticate the user based on the uplink authentication information, and perform a payment operation after the authentication is passed.
- the embodiment of the present application sets the server authentication key and the device authentication key on the server and the wearable device, and the server uses the set server authentication key and the device authentication key through interaction with the terminal.
- the specified wearable device is authenticated to complete the authentication of the user corresponding to the wearable device, and the user does not need to memorize the account and password, nor does it need to Entering the account number and password during the authentication process reduces the burden on the user and improves the efficiency of the user to obtain network services.
- 1 is a network structure diagram of an application scenario of the present application
- FIG. 2 is a flowchart of a method for authenticating a user applied to a server in an embodiment of the present application
- FIG. 3 is a flowchart of a method for authenticating a user applied to a terminal in an embodiment of the present application
- FIG. 4 is a flowchart of a method for registering a wearable device applied to a server in an embodiment of the present application
- FIG. 5 is a flowchart of a method for registering a wearable device applied to a terminal in an embodiment of the present application
- FIG. 6 is a hardware structural diagram of a server, a wearable device, or a terminal
- FIG. 7 is a logical structural diagram of an apparatus for authenticating a user applied to a server in an embodiment of the present application
- FIG. 8 is a logical structural diagram of an apparatus for authenticating a user applied to a terminal in an embodiment of the present application
- FIG. 9 is a logical structural diagram of an apparatus for registering a wearable device applied to a server in an embodiment of the present application.
- FIG. 10 is a logical structural diagram of an apparatus for registering a wearable device on a terminal in an embodiment of the present application.
- a wearable device is a portable device that can be worn by a user or integrated into a user's clothing or accessories, such as a wristband, smart watch, smart sports shoes, smart clothing, smart glasses, smart helmets, smart rings, and the like.
- Wearable devices have some computing functions, and can be connected to terminals such as smartphones, tablets, and personal computers through hardware interfaces or wireless LANs, and exchange functions with terminals to implement various functions.
- Wearable devices are usually dedicated to one user, and some wearable devices are worn on the user anytime and anywhere. To some extent, such wearable devices represent users.
- the embodiment of the present application provides a method for authenticating a user, which utilizes the storage and computing functions of the wearable device to perform authentication on the user, and eliminates the need for the user to memorize and frequently input the account and password, thereby solving the problems in the prior art. .
- the wearable device is connected to the terminal through a hardware interface or a wireless local area network.
- the hardware interface may be an audio interface or a USB (Universal Serial Bus).
- the wireless local area network may be Bluetooth, Wi-Fi (Wireless-Fidelity), ZigBee (Zigbee Protocol), etc.
- the terminal may be a smart phone, a tablet computer, a personal computer, or the like.
- the terminal communicates with the server through a communication network (such as the Internet and/or a mobile communication network), the user sends an access to the server on the terminal, and the server authenticates the user.
- the type of the terminal, the hardware interface of the wearable device access terminal or the wireless local area network protocol, the protocol and networking structure of the communication network, and the specific implementation manner of the server are not limited.
- the process of authenticating the user on the server is as shown in FIG. 2, and the flow on the terminal is as shown in FIG. 3.
- the correspondence between the user identifier of the user, the wearable device identifier, and the server authentication key is stored on the server.
- the user ID is a unique identifier that distinguishes a user from other users, such as a user name, a registered mailbox, etc.; if the user is bound to the mobile terminal, the number of the bound mobile terminal, IMEI ( International Mobile Equipment Identity, mobile device international identity code, etc.
- the wearable device identifier is used to uniquely represent the wearable device, and may be the hardware address of the wearable device, such as MAC (Media Access Control), depending on the specific device type and the adopted wireless local area network protocol. address.
- the server authentication key is stored on the server, and is the same as or corresponds to the device authentication key stored on the wearable device according to the encryption algorithm using the server authentication key.
- the wearable device identifier stored on the server has a one-to-one correspondence with the server authentication key. If one user can have more than one wearable device for authentication, one user identifier may correspond to two or more. Wearable device ID and server authentication key.
- the correspondence between the user identifier, the wearable device identifier, and the server authentication key may be stored locally on the server, or may be stored in other storage devices accessible by the server, such as a disk array or a cloud storage network of the storage area network. In the present embodiment, no limitation is imposed.
- step 310 an authentication request is sent to the server according to the operation of the user, where the user identifier and/or the wearable device identifier of the user are carried in the authentication request.
- step 210 an authentication request sent by the user through the terminal is received.
- the server When the user requests a service (such as login, access to a personal account, payment, etc.) to the server on the terminal, the server requests the terminal to request relevant information required by the user.
- the terminal sends an authentication request to the server, where the user identifier of the user, or the wearable device identifier of the user, or the user identifier and the wearable device identifier of the user are carried in the authentication request.
- the server After receiving the authentication request of the terminal, the server can determine which user is requesting authentication by using the user identifier and/or the wearable device identifier.
- step 220 the downlink authentication information is obtained, and the terminal sends a detection instruction that carries the downlink authentication information and the wearable device identifier of the user.
- the downlink authentication information may be a piece of authentication data, or may be a ciphertext obtained by encrypting the authentication data by using a server authentication key stored on the server.
- the server can obtain the authentication data in any manner, such as randomly generating, or intercepting a certain number of bytes from a file or a picture; the server can generate the authentication data locally or from other servers; this embodiment There is no limit in the middle.
- the server After receiving the authentication request of the terminal, the server extracts the user identifier and/or the wearable device identifier in the authentication request, and searches for the identifier of the saved user identifier, the wearable device identifier, and the server authentication key. If the user identifier and the wearable device identifier in the authentication request do not belong to the same user, the authentication request of the terminal is rejected; otherwise, the server obtains the authentication data, and the downlink authentication information for the plaintext, the server authenticates the data, and the user The wearable device identifier is encapsulated in the detection command and sent to the terminal; for the downlink authentication information of the ciphertext, the server uses the server authentication key corresponding to the user identifier or the wearable device identifier in the authentication request to authenticate the data. After the encryption is performed, the downlink authentication information is generated, and the downlink authentication information and the wearable device identifier of the user are encapsulated in the detection command and sent to the terminal.
- step 320 a detection instruction of the server is received, where the detection instruction carries the downlink authentication information and the wearable device identifier.
- step 330 the downlink authentication information is sent to the wearable device specified in the detection command, and the uplink authentication information returned by the wearable device is received; the uplink authentication information is determined by the wearable device according to the saved device authentication key and the downlink device. Authentication information is generated.
- the terminal receives the detection instruction of the server, extracts the wearable device identifier and the downlink authentication information, and sends the downlink authentication information to the wearable device specified in the detection instruction (that is, the wearable device having the wearable device identifier in the detection instruction). If the wearable device specified in the detection command has not been accessed by the terminal, the terminal needs to complete the connection with the wearable device according to the wireless local area network protocol supported by the wearable device.
- the device authentication key that is the same as or corresponds to the server authentication key is stored on the wearable device specified by the server.
- the wearable device After receiving the downlink authentication information, the wearable device encrypts the downlink authentication information by using the device authentication key to generate the downlink authentication information of the ciphertext.
- the downlink authentication information of the ciphertext is wearable.
- the device authentication key is used to decrypt the downlink authentication information, and the uplink authentication information of the plaintext is generated.
- the downlink authentication information of the plaintext corresponds to the uplink authentication information of the ciphertext
- the downlink authentication information of the ciphertext corresponds to the uplink authentication information of the plaintext.
- the wearable device returns the uplink authentication information to the terminal.
- step 340 a detection response carrying the uplink authentication information is sent to the server.
- the terminal After receiving the uplink authentication information returned by the wearable device, the terminal encapsulates the uplink authentication information in a detection response and sends the uplink authentication information to the server.
- the wearable device identifier is usually also carried in the detection response.
- step 230 the receiving terminal returns a detection response carrying the uplink authentication information.
- step 240 the server authentication key of the user is used to match the downlink authentication information and the uplink authentication information. If the matching succeeds, the user passes the authentication.
- the server receives the detection response returned by the terminal, extracts the uplink authentication information, and utilizes the user.
- the server authentication key determines whether the uplink authentication information and the downlink authentication information match to determine the authentication result of the user. Specifically, for the uplink authentication information of the plaintext, the uplink authentication information may be compared with the authentication data used to generate the ciphertext, or the uplink authentication information may be encrypted by the server authentication key and compared with the downlink authentication information. If the user is authenticated, the authentication fails. The authentication information of the cipher text can be compared with the downlink authentication information by using the server authentication key. If the authentication is the same, the user passes the authentication. Otherwise, the authentication fails.
- the server returns the authentication result of the user to the terminal.
- the receiving server determines the user authentication result according to the uplink authentication information, the downlink authentication information, and the server authentication key.
- the same or corresponding server authentication key and device authentication key are set on the server and the wearable device, and the server uses the device authentication key saved and saved on the wearable device through interaction with the terminal.
- the server authentication key on the server authenticates the designated wearable device, thereby completing the authentication of the user corresponding to the wearable device, the user does not need to memorize the account and password, and does not need to input the account and password in the authentication process. It reduces the burden on users and improves the efficiency of users' access to network services.
- the user public key of the user may be saved on the server, and the user private key of the user is saved on the terminal, and different user identifiers use different user public keys and user private keys, and the user public key and the user private
- the key is a pair of keys in asymmetric encryption.
- the user public key saved on the server corresponds to the user ID, wearable device ID, and server authentication key of the user.
- the terminal uses the saved user private key to sign the data carried in the detection response (including the uplink authentication information, and may also include other data such as the wearable device identifier and the user identifier), and sends the signed detection response.
- the server uses the user's public key to perform signature verification on the detection response.
- step 240 is performed to match the uplink authentication information and the downlink authentication information. If the signature verification is not passed, the notification is performed. Terminal authentication failed. This implementation requires a terminal that is accessed by a user to authenticate with the wearable device to store the user's private key of the user, so that better security can be achieved.
- the terminal identifier can be added to the user ID of the user saved on the server, and wearable.
- the terminal capable of performing user authentication by the accessed wearable device is restricted.
- the server stores the user identifier, the wearable device identifier, the server authentication key, and the terminal identifier; the terminal carries its own terminal identifier in the authentication request sent to the server; the server receives the authentication.
- the terminal identifier corresponding to the user identifier or the wearable device identifier in the authentication request is searched for in the saved correspondence relationship, and compared with the terminal identifier for sending the authentication request, if the same is the same, step 220 is performed to continue the authentication process, if different The authentication request of the terminal is rejected, and the user authentication fails.
- This implementation is equivalent to binding the wearable device and the terminal that can perform user authentication through the wearable device; since the terminal (especially the mobile terminal) is usually also dedicated to one user, the binding wearable device and the terminal can be extremely Great increase the security of user authentication.
- the foregoing authentication process in this embodiment is applicable to any scenario that requires authentication of a user identity, such as user identity authentication at login, identity authentication when a user accesses a personal account, identity authentication when a user performs payment through a third-party payment platform, and the like.
- the server can provide subsequent services in the scenario, and the terminal performs subsequent operations in the scenario.
- the terminal sends the authentication to the payment server.
- the request is a payment request; after the user passes the authentication, the payment server can provide the payment service to the authenticated user; and after receiving the authentication result of the server user, the terminal can complete the payment operation of the user in cooperation with the payment server.
- the correspondence between the user identifier, the wearable device identifier, and the server authentication key of the user may be preset on the server, and the corresponding device authentication key may be preset on the wearable device; Before the process, the above relationship is generated on the server through the registration process, and the device authentication key is written on the wearable device.
- Another embodiment of the present application provides a method for registering a wearable device.
- the flow of the method on the server is as shown in FIG. 4, and the flow on the terminal is as shown in FIG. 5.
- step 510 the wearable device registration request is sent to the server according to the user operation.
- step 410 receiving a wearable device registration request sent by the user through the terminal.
- the user registers the wearable device with the server on the terminal, and the terminal follows the user's operation.
- the wearable device registration request is sent to the server, and the registration request includes the user ID and the wearable device identifier of the user.
- step 420 the server authentication key and the device authentication key of the user are obtained, and a write command carrying the device authentication key and the wearable device identifier of the user is sent to the terminal.
- the server After receiving the wearable device registration request of the terminal, the server acquires a server authentication key and device corresponding to the wearable device identifier according to the encryption algorithm used for the uplink authentication information or the downlink authentication information in the authentication process.
- Authentication key The server authentication key and the device authentication key may be a key (such as a key of a symmetric encryption algorithm) or a pair of keys (such as a public key and a private key of an asymmetric encryption algorithm).
- the server can generate it by itself or obtain the server authentication key and device authentication key from other servers.
- the server encapsulates the obtained device authentication key and the corresponding wearable device identifier in a write command, and sends the device to the terminal.
- step 520 a write command of the server is received, where the write command carries a device authentication key and a wearable device identifier of the user.
- step 530 an operation of writing a device authentication key is performed on the wearable device specified in the write command.
- the terminal After receiving the write command from the server, the terminal sends the device authentication key in the write command to the wearable device, and requests the wearable device to save the device authentication key.
- the wearable device may require the user to confirm the write operation before completing the storage of the device authentication key. For example, for an opponent ring, the user usually needs to make a tap confirmation.
- step 540 a write response is sent to the server, and the write response carries a message indicating whether the write device authentication key is successful.
- the message that the write is successful is encapsulated in the write response and sent to the server.
- step 430 the write response returned by the terminal is received. If the write response indicates that the device authentication key has been successfully saved in the wearable device specified in the write command, the user identifier of the user and the wearable device are saved. The correspondence between the identifier and the server authentication key, the wearable device is successfully registered; if the message carried in the write response is that the device authentication key is not successfully written, the registration is over. The process failed. The server sends the registration result to the terminal.
- the server may require the terminal to provide the user's password to increase the security of the wearable device registration.
- the server receives the write response of the terminal, and if the message carried in the write response is that the device authentication key has been successfully saved in the wearable device, the terminal sends a password confirmation request to the terminal, and the terminal is required to provide the wearable
- the password of the user ID corresponding to the device identifier the terminal receives the password confirmation request from the server, and carries the user password entered by the user in the password confirmation response to return to the server; the receiving terminal on the server carries the password confirmation response of the user password, if the user password If the user ID, the wearable device ID, and the server authentication key are saved, the wearable device is successfully registered. If the user password is incorrect, the registration request of the terminal is rejected, and the registration fails.
- the server sends the registration result to the terminal.
- the user's public key and user private key may be automatically generated during the registration process. Specifically, after the terminal successfully writes the device authentication key to the wearable device, the terminal generates the user private key and the user public key of the user according to a certain algorithm, and locally saves the generated user private key, and the user public key. The encapsulation is sent to the server in the write response; after the terminal writes the device authentication key to the wearable device successfully or the authentication user password is correct, the server saves the user ID, the wearable device identifier, the server authentication key, and the user public. The correspondence of the keys.
- a server public key and a server private key are preset on the server, and a terminal private key and a terminal public key are preset on the terminal, wherein the server public key and the terminal private key are a pair of keys, and the server private key
- the terminal public key is a pair of keys.
- the server may use the saved server private key to sign the detection instruction, and send the signed detection instruction to the terminal; the terminal performs signature verification on the received detection instruction by using the saved terminal public key. If the verification fails, the detection command is rejected and the authentication fails.
- the server may sign the write command with the saved server private key, and send the signed write command to the terminal; the terminal performs signature verification on the received write command by using the saved terminal public key. If the verification fails, the write command is rejected and the registration fails.
- the terminal may sign the write response with the saved terminal private key, and send the signed write response to the server; the server uses the saved server public key to perform signature verification on the received write response, and if the verification fails, the terminal rejects The registration request of the terminal.
- the server and the terminal can communicate through an encrypted channel to further improve the security of wearable device registration and user authentication.
- the detection command and the detection response in the embodiment of the authentication method, the write command and the write response in the registration method embodiment can all be transmitted in the encrypted channel.
- the encryption channel and the encryption method used please refer to the prior art and will not be described again.
- the payment client running on the terminal utilizes the wearable device of the access terminal to authenticate the user identity during the payment process.
- the specific process of this embodiment is as follows:
- a payment binding request of the payment client is received, and the device authentication key of the wearable device is included in the payment binding request.
- the device protects the device authentication key carried in the payment binding request in the local storage in response to the payment binding request sent by the user through the payment client;
- the user When the user performs a payment operation on the payment client, the user selects to indicate that the payment is made by the wearable device, triggers the payment client to respond to the user operation, and sends a payment request to the server, where the payment request carries the user identifier of the user and/or may Wearable device identification;
- the server After receiving the payment request sent by the client, the server obtains the downlink authentication information, and sends an authentication command including the downlink authentication information and the wearable device identifier to the payment client.
- the payment client receives the authentication command sent by the server, and sends the downlink authentication information to the wearable device specified in the authentication command in the payment authentication information;
- the wearable device receives the payment authentication information sent by the payment client, and extracts the downlink authentication information sent by the server based on the payment request sent by the user sent by the payment client, and obtains the device authentication key and the downlink authentication according to the saved device.
- the information generates uplink authentication information, and sends the uplink authentication information to the payment client.
- the payment client receives the uplink authentication information returned by the wearable device, and sends the uplink authentication information to the server in the authentication response information;
- the server receives the authentication response information that is sent by the payment client and carries the uplink authentication information, and uses the server authentication key of the user to match the downlink authentication information and the uplink authentication information. If the matching succeeds, the user passes the authentication, and the payment operation is performed after the authentication is passed.
- the server authentication key of the user is the same as or corresponds to the device authentication key of the wearable device specified in the authentication instruction.
- the device authentication key and the server authentication key are used to authenticate the wearable device, thereby completing
- the user's payment authentication corresponding to the wearable device enables the user to make a payment with the wearable device on the payment client, without having to memorize the account number and password, and without inputting the account and password in the authentication process, thereby reducing the burden on the user. Increased payment efficiency.
- the network payment can be completed through the wristband without inputting an account and a password.
- the paired server public key and terminal private key, and the paired server private key and terminal public key are preset on the payment server and the client App.
- the payment server may run a server of the server program corresponding to the client App, or may be a server of a third-party payment platform that supports the client App. The specific process is as follows:
- the user sends a wearable device registration request to the payment server through the client application (hereinafter referred to as the client) running on the mobile terminal, and applies for opening the bracelet payment, and the client identifies the user (the account of the user in the payment server) and the mobile terminal identifier. (IMEI), the bracelet ID (band MAC address) is uploaded to the server in the registration request.
- the client application hereinafter referred to as the client
- IMEI the bracelet ID
- band MAC address is uploaded to the server in the registration request.
- the payment server generates a symmetric key (ie, the same server authentication key and device authentication key) for authenticating the wristband through a predetermined algorithm, and passes the symmetric key together with the user identifier and the wristband identifier through the preset server private After the key is signed, it is encapsulated in the write command and sent to the client through the encrypted channel between the payment server and the client.
- a symmetric key ie, the same server authentication key and device authentication key
- the client After receiving the write command from the server, the client first verifies the legality of the data in the write command according to the preset terminal public key, and directly rejects the write command if the data is illegal. After the legality is verified, the client connects to the wristband specified in the write command. After the connection is successful, the symmetric key delivered by the payment server is written into the wristband. During the process of writing a symmetric key to the wristband, the user needs to strike the wristband to confirm the write operation. After the user strikes the wristband, the symmetric key is written into the storage area of the wristband.
- the client After the write operation succeeds, the client generates a pair of asymmetric keys according to the user ID, corresponding to the user public key and the user private key of the user identifier.
- the client will write the result of the successful operation of the operation, the identification of the wristband and the generated user public key by the preset terminal private key, and the above information after the signature
- the encapsulation is in the write response and is sent to the payment server through the encrypted channel.
- the user private key is saved locally by the client.
- the payment server After receiving the write response from the client, the payment server first verifies the signature of the client through the preset server public key, and rejects the registration request of the client if the verification fails. After the signature verification is passed, the payment server sends a password confirmation request to the client, requesting the client to provide the password of the account of the user on the payment server.
- the client displays the prompt information for entering the password to the user, and the user inputs the password of the account on the payment server at the client.
- the client sends the received password to the payment server in a password confirmation response.
- the payment server verifies the user password in the password confirmation response, and saves the correspondence between the symmetric key (server authentication key), the user identifier, the mobile terminal identifier, the wristband identifier, and the user public key generated by the client after the verification is passed. Get up, notify the client that the bracelet registration is successful, and the registration process ends.
- the client After the bracelet is successfully registered on the payment server, when the user wants to pay through the wristband, the client sends a payment authentication request to the server through the client, and the authentication request includes the order information to be paid, the user identifier, the mobile terminal identifier, and the bracelet. logo.
- the payment server After receiving the authentication request from the client, the payment server compares the mobile terminal identifier in the authentication request with the mobile terminal identifier corresponding to the wristband identifier in the authentication request in the saved correspondence relationship, and if not, the authentication request is rejected, and the payment fails; The payment server generates random plaintext data, and uses the plaintext data as downlink authentication information. The payment server signs the downlink authentication information, the user identifier, and the wristband identifier with the preset server private key, encapsulates them in the detection command, and sends them to the client through an encrypted channel with the client.
- the client After receiving the detection instruction of the payment server, the client first verifies the legality of the signature data in the detection instruction according to the preset terminal public key. If the data is illegal, the detection instruction is rejected, and the payment fails. After the validity of the signature is verified, the client connects to the specified bracelet in the detection command. After the connection is successful, the downlink authentication information in the detection command is sent to the wristband. The bracelet uses the saved symmetric key to encrypt the downlink authentication information to generate uplink authentication information, and returns the uplink authentication information to the client. The process of encrypting the downlink authentication information by the wristband does not require the user to confirm the tap, and can enter one. Steps to reduce user operations and optimize the user experience.
- the client After receiving the uplink authentication information generated by the wristband, the client signs the uplink authentication information with the locally saved user private key, encapsulates the signed data and the wristband identifier in the detection response, and passes the encrypted channel with the payment server. Send to the payment server.
- the payment server After receiving the detection response uploaded by the client, the payment server performs signature verification on the detection response according to the user public key corresponding to the wristband identifier in the detection response. If the signature verification fails, the authentication request fails. After the signature verification is successful, the payment server encrypts the downlink authentication information by using the symmetric key corresponding to the ring identifier, and compares the encrypted data with the uplink authentication information in the detection response, that is, compares the downlink authentication information encrypted by the payment server. Whether the downlink authentication information encrypted with the bracelet is the same, if the same is true, the authentication success message is returned to the client and the payment of the order is continued; if not, the authentication failure message is returned to the client. After receiving the message of successful authentication, the client completes the payment operation of the user order together with the payment server; if the client receives the message of the authentication failure, the user is notified that the payment cannot be completed due to the authentication failure.
- the embodiment of the present application further provides a device for authenticating a user applied to a server, a device for authenticating a user applied to a terminal that accesses the user wearable device, and an application for the server.
- Device for registering a wearable device a device for registering a wearable device applied to the terminal, a payment device applied to the server, a payment device applied to the terminal, and an application for the wearable device Payment device on.
- These devices can be implemented by software or by hardware or a combination of hardware and software.
- a server, a terminal, or a CPU of a wearable device reads a corresponding computer program instruction into a memory to be formed.
- the terminal or wearable device in which the device is located usually includes other hardware such as a chip for transmitting and receiving wireless signals, and the device is located.
- the server typically also includes other hardware such as a board for implementing network communication functions.
- FIG. 7 is a schematic diagram of an apparatus for authenticating a user, which is applied to a server, where the server stores a correspondence between a user identifier of the user, a wearable device identifier, and a server authentication key, where the device includes authentication.
- the authentication request receiving unit is configured to receive an authentication request sent by the user by using the terminal, where the authentication request carries the user identifier and/or the wearable device identifier of the user; Acquiring the downlink authentication information, and transmitting, to the terminal, a detection command that carries the downlink authentication information and the wearable device identifier of the user; the detection response receiving unit is configured to receive the detection response that is sent by the terminal and carries the uplink authentication information, where the uplink authentication is performed.
- the information is generated by the wearable device specified in the detection instruction according to the device authentication key and the downlink authentication information, the device authentication key being the same as or corresponding to the server authentication key; the matching unit is configured to utilize the server authentication key of the user The downlink authentication information and the uplink authentication information are matched. If the matching succeeds, the user passes the authentication.
- the server further stores a user public key of the user, where the user public key corresponds to the user identifier, the wearable device identifier, and the server authentication key of the user, and is a private key of the user saved in the terminal. a key; the detection response returned by the terminal is signed by a user private key stored in the terminal; the device further includes a detection response verification unit, configured to perform a detection response of the terminal according to the user public key of the user Signature verification, if the verification fails, the user authentication fails.
- the server further includes a terminal identifier, where the terminal identifier corresponds to the user identifier, the wearable device identifier, and the server authentication key of the user, and the authentication request further includes: a terminal identifier that sends the authentication request.
- the device further includes: a terminal identifier verification unit, configured to: when the terminal identifier corresponding to the user identifier or the wearable device identifier in the authentication request is different from the terminal identifier for sending the authentication request, the user authentication fails.
- the server further stores a server private key, where the server private key and the terminal public key stored in the terminal are a pair of keys; the device further includes a detection instruction signature unit, configured to use the server private key pair The detection instruction is signed.
- the server is a payment server
- the authentication request is a payment request
- the device further includes: a payment service unit, configured to provide a payment service to the authenticated user.
- FIG. 8 is a device for authenticating a user, which is applied to a terminal that accesses a user wearable device, where the device includes an authentication request sending unit, a detection command receiving unit, an uplink authentication information unit, and a detection response. a sending unit and an authentication result receiving unit, wherein: the authentication request sending unit is configured to send an authentication request to the server according to an operation of the user, where the authentication request is carried The user identifier and/or the wearable device identifier of the user; the detection instruction receiving unit is configured to receive a detection instruction of the server, where the detection instruction carries the downlink authentication information and the wearable device identifier; and the uplink authentication information unit is used to The downlink authentication information is sent to the wearable device specified in the detection command, and receives the uplink authentication information returned by the wearable device; the uplink authentication information is used by the wearable device according to the saved device authentication key and the downlink authentication information.
- the authentication request sending unit is configured to send an authentication request to the server according to an operation of the user
- the device authentication key is the same as or corresponding to the server authentication key stored in the server; the detection response sending unit is configured to send a detection response carrying the uplink authentication information to the server; and the authentication result receiving unit is configured to receive the server according to the The user authentication result determined by the uplink authentication information, the downlink authentication information, and the server authentication key.
- the terminal saves a user private key of the user, where the user private key is a pair of keys with a user public key stored in the server; the device further includes a detection response signature unit, The user's private key of the user signs the detection response.
- the terminal saves a terminal public key, where the terminal public key and the server private key stored in the server are a pair of keys; the detection instruction sent by the server is signed by the server private key;
- the detection instruction verification unit is configured to perform signature verification on the detection instruction of the server according to the terminal public key, and reject the detection instruction if the verification fails.
- the authentication request is a payment request
- the terminal completes the payment operation of the user after the user authentication result is the authentication.
- FIG. 9 is a schematic diagram of an apparatus for registering a wearable device, which is applied to a server and functionally divided.
- the device further includes a registration request receiving unit, a write command issuing unit, and a write response receiving.
- the registration request receiving unit is configured to receive a wearable device registration request sent by the user by using the terminal, where the registration request carries the user identifier and the wearable device identifier of the user;
- the write command sending unit is configured to obtain a server authentication key and a device authentication key of the user, and sending a write command carrying the device authentication key and the wearable device identifier of the user to the terminal;
- the write response receiving unit is configured to receive the write returned by the terminal In response, if the write response indicates that the device authentication key has been successfully saved in the wearable device specified in the write command, the correspondence between the user identifier, the wearable device identifier, and the server authentication key of the user is saved. .
- the write response receiving unit includes a password confirmation request sending module and a password confirmation response receiving module, where: the password confirmation request issuing module is configured to indicate in the write response that the device authentication key has been successfully saved in the When the device is written in the wearable device specified by the command, the password confirmation request is sent to the terminal; the password confirmation response receiving module is configured to receive the password confirmation response that the terminal carries the user password, and if the user password is correct, the user of the user is saved.
- the password confirmation request issuing module is configured to indicate in the write response that the device authentication key has been successfully saved in the When the device is written in the wearable device specified by the command, the password confirmation request is sent to the terminal; the password confirmation response receiving module is configured to receive the password confirmation response that the terminal carries the user password, and if the user password is correct, the user of the user is saved.
- the write response returned by the terminal further includes a user public key generated by the terminal;
- the password acknowledgement response receiving unit is specifically configured to: receive the password confirmation response that the terminal carries the user password, if the user password is correct And storing the correspondence between the user identifier of the user, the wearable device identifier, the server authentication key, and the user public key.
- the server further stores a server private key and a server public key; the server private key and the terminal public key stored in the terminal are a pair of keys; the server public key and the terminal private key stored in the terminal Is a pair of keys.
- the apparatus further includes a write command signature unit for signing the write command with a server private key; the apparatus further comprising a write response check unit for writing a response to the terminal using the server public key The signature verification is performed, and if the verification fails, the registration request is rejected.
- FIG. 10 is a schematic diagram of a device for registering a wearable device, which is functionally divided on a terminal, and further includes a registration request sending unit, a write command receiving unit, and a write operation executing unit. And a write response sending unit, wherein: the registration request sending unit is configured to send a wearable device registration request to the server according to the operation of the user, where the registration request carries the user identifier and the wearable device identifier of the user; The receiving unit is configured to receive a write command of the server, where the write command carries a device authentication key, the wearable device identifier of the user, and the write operation execution unit is configured to: the wearable device specified in the write command The operation of writing the device authentication key is performed; the write response sending unit is configured to send a write response to the server, where the write response carries a message indicating whether the device authentication key is successful.
- the registration request sending unit is configured to send a wearable device registration request to the server according to the operation of the user, where the registration
- the device further includes a password confirmation request receiving unit, configured to: after receiving the write response to the server, receive a password confirmation request of the server, and carry the user password input by the user in a secret manner. Return to the server in the code confirmation response.
- a password confirmation request receiving unit configured to: after receiving the write response to the server, receive a password confirmation request of the server, and carry the user password input by the user in a secret manner. Return to the server in the code confirmation response.
- the device further includes a user key generating unit, configured to generate a user private key and a user public key of the user after the operation of writing the device authentication key is successful, and save the user private key;
- the user's public key of the user is also carried in the write response.
- the terminal saves the terminal public key and the terminal private key; the terminal public key and the server private key stored in the server are a pair of keys; the terminal private key and the server public key stored in the server are a pair of keys; the apparatus further comprising a write command verifying unit for performing signature verification on the write command of the server by using the terminal public key, and rejecting the write command if the check fails.
- the apparatus also includes a write response signature unit for signing the write response with the terminal private key.
- An embodiment of the present application provides a payment device, which is functionally divided on a server, and includes a payment request receiving unit, an authentication command issuing unit, an authentication response receiving unit, and a payment matching unit, where: the payment request receiving unit uses And receiving the payment request sent by the user through the payment client, where the payment request carries the user identifier and/or the wearable device identifier of the user; the authentication command issuing unit is configured to obtain the downlink authentication information, and deliver the downlink authentication information to the payment client.
- the authentication response receiving unit is configured to receive the authentication response information that is returned by the payment client and that carries the uplink authentication information, where the uplink authentication information is determined by the wearable device specified in the authentication command.
- the device authentication key and the downlink authentication information are generated, and the device authentication key is the same as or corresponds to the server authentication key;
- the payment matching unit is configured to match the downlink authentication information and the uplink authentication information by using the server authentication key of the user, and match If the success is successful, the user passes the certification and is recognized The payment operation is carried out after the pass.
- the payment request is triggered by the user selecting information on the payment client that is represented by the wearable device.
- An embodiment of the present application provides a payment device, which is functionally divided on a terminal, and includes a payment request sending unit, an authentication instruction receiving unit, and an authentication response sending unit, where the payment request sending unit is configured to respond to the user.
- Sending a payment request to the server where the payment request carries a user identifier and/or a wearable device identifier of the user;
- the authentication command receiving unit is configured to receive the downlink authentication information and the server Wearable device identification
- the authentication command is sent to the wearable device, so that the wearable device generates the uplink authentication information by using the device authentication key and the downlink authentication information saved by the wearable device;
- the authentication response sending unit is configured to receive the return of the wearable device.
- the uplink authentication information is sent to the server, so that the server authenticates the user according to the uplink authentication information, and performs a payment operation after the authentication is passed.
- the payment operation of the user on the payment client is specifically an operation selected by the user to indicate payment by the wearable device.
- An embodiment of the present application provides a payment device of a wearable device, which is functionally divided on a wearable device, and includes a payment authentication information receiving unit and an uplink authentication information generating unit, where the payment authentication information receiving unit is used for And receiving the payment authentication information sent by the payment client, where the payment authentication information includes downlink authentication information that is sent by the server based on the payment request sent by the user, and the uplink authentication information generating unit is configured to use the saved device authentication key and The downlink authentication information generates the uplink authentication information, and sends the uplink authentication information to the payment client, so that the payment client sends the uplink authentication information to the server, so that the server can authenticate the user based on the uplink authentication information, and the authentication is passed. After the payment operation.
- the device further includes: a payment binding unit, configured to save the device authentication key carried in the payment binding request in response to the payment binding request sent by the user by the payment client.
- a payment binding unit configured to save the device authentication key carried in the payment binding request in response to the payment binding request sent by the user by the payment client.
- a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
- processors CPUs
- input/output interfaces network interfaces
- memory volatile and non-volatile memory
- the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
- RAM random access memory
- ROM read only memory
- Memory is an example of a computer readable medium.
- Computer readable media includes both permanent and non-persistent, removable and non-removable media.
- Information storage can be implemented by any method or technology.
- the information can be computer readable instructions, data structures, modules of programs, or other data.
- Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), EEPROM, Fast Flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, magnetic cassette, magnetic tape storage or other magnetic storage device or any other non-
- PRAM phase change memory
- SRAM Static Random Access Memory
- DRAM Dynamic Random Access Memory
- RAM Random Access Memory
- ROM Read Only Memory
- EEPROM Electrically erasable programmable read-only Memory
- Fast Flash memory or other memory technology
- CD-ROM compact disc
- DVD digital versatile disc
- computer readable media does not include temporary storage of computer readable media, such as
- embodiments of the present application can be provided as a method, system, or computer program product.
- the present application can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment in combination of software and hardware.
- the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
Abstract
Description
Claims (47)
- 一种认证用户的方法,应用在服务器上,其特征在于,所述服务器保存有用户的用户标识、可穿戴设备标识和服务器认证密钥的对应关系,所述方法包括:接收用户通过终端发送的认证请求,所述认证请求中携带有所述用户的用户标识和/或可穿戴设备标识;获取下行认证信息,向终端下发携带有下行认证信息、所述用户的可穿戴设备标识的检测指令;接收终端返回的携带有上行认证信息的检测应答,所述上行认证信息由检测指令中指定的可穿戴设备根据设备认证密钥和下行认证信息生成,所述设备认证密钥与服务器认证密钥相同或相对应;利用所述用户的服务器认证密钥匹配下行认证信息和上行认证信息,匹配成功则所述用户通过认证。
- 根据权利要求1所述的方法,其特征在于,所述服务器还保存有用户的用户公钥,所述用户公钥对应于所述用户的用户标识、可穿戴设备标识和服务器认证密钥,与保存在终端的用户私钥为一对密钥;所述终端返回的检测应答由保存在终端的用户私钥签名;所述方法还包括:根据所述用户的用户公钥对所述终端的检测应答进行签名校验,如果校验失败则用户认证失败。
- 根据权利要求1所述的方法,其特征在于,所述服务器还保存有终端标识,所述终端标识对应于所述用户的用户标识、可穿戴设备标识和服务器认证密钥;所述认证请求中还包括:发送认证请求的终端标识;所述方法还包括:如果对应于认证请求中用户标识或可穿戴设备标识的终端标识,与发送认证请求的终端标识不同,则用户认证失败。
- 根据权利要求1至3任意一项所述的方法,其特征在于,所述服务器 还保存有服务器私钥,所述服务器私钥与保存在终端的终端公钥为一对密钥;所述方法还包括:用服务器私钥对检测指令进行签名。
- 根据权利要求1至3任意一项所述的方法,其特征在于,所述检测指令和检测应答通过服务器与终端之间的加密通道传输。
- 根据权利要求1至3任意一项所述的方法,其特征在于,所述服务器为支付服务器,所述认证请求为支付请求;所述方法还包括:向通过认证的用户提供支付服务。
- 一种认证用户的方法,应用在接入用户可穿戴设备的终端上,其特征在于,所述方法包括:根据用户的操作向服务器发送认证请求,所述认证请求中携带有所述用户的用户标识和/或可穿戴设备标识;接收服务器的检测指令,所述检测指令中携带有下行认证信息和可穿戴设备标识;将下行认证信息发送给所述检测指令中指定的可穿戴设备,接收所述可穿戴设备返回的上行认证信息;所述上行认证信息由所述可穿戴设备根据保存的设备认证密钥和下行认证信息生成,所述设备认证密钥与保存在服务器的服务器认证密钥相同或相对应;向服务器发送携带有上行认证信息的检测应答;接收服务器根据所述上行认证信息、下行认证信息和服务器认证密钥确定的用户认证结果。
- 根据权利要求7所述的方法,其特征在于,所述终端保存有所述用户的用户私钥,所述用户私钥与保存在服务器的用户公钥为一对密钥;所述方法还包括:用所述用户的用户私钥对检测应答进行签名。
- 根据权利要求7或8所述的方法,其特征在于,所述终端保存有终端公钥,所述终端公钥与保存在服务器的服务器私钥为一对密钥;所述服务器下发的检测指令由服务器私钥签名;所述方法还包括:根据终端公钥对所述服务器的检测指令进行签名校验, 如果校验失败则拒绝所述检测指令。
- 根据权利要求7或8所述的方法,其特征在于,所述认证请求为支付请求,所述终端在用户认证结果为通过认证后,完成用户的支付操作。
- 一种注册可穿戴设备的方法,应用在服务器上,其特征在于,包括:接收用户通过终端发送的可穿戴设备注册请求,所述注册请求中携带有所述用户的用户标识和可穿戴设备标识;获取所述用户的服务器认证密钥和设备认证密钥,向终端下发携带有设备认证密钥、所述用户的可穿戴设备标识的写入指令;接收终端返回的写入应答,如果写入应答表明设备认证密钥已成功保存在所述写入指令中指定的可穿戴设备中,则保存所述用户的用户标识、可穿戴设备标识和服务器认证密钥的对应关系。
- 根据权利要求11所述的方法,其特征在于,所述保存所述用户的用户标识、可穿戴设备标识和服务器认证密钥的对应关系,包括:向终端下发密码确认请求;接收终端携带有用户密码的密码确认应答,如果用户密码正确,则保存所述用户的用户标识、可穿戴设备标识和服务器认证密钥的对应关系。
- 根据权利要求11或12所述的方法,其特征在于,所述终端返回的写入应答中还包括所述终端生成的用户公钥;所述保存用户的用户标识、可穿戴设备标识和服务器认证密钥的对应关系,还包括:保存所述用户的用户标识、可穿戴设备标识、服务器认证密钥和用户公钥的对应关系。
- 根据权利要求11或12所述的方法,其特征在于,所述服务器还保存有服务器私钥和服务器公钥;所述服务器私钥与保存在终端的终端公钥为一对密钥;所述服务器公钥与保存在终端的终端私钥为一对密钥。所述方法还包括:用服务器私钥对写入指令进行签名;所述方法还包括:采用服务器公钥对所述终端的写入应答进行签名校验,如果校验失败则拒绝所述注册请求。
- 一种注册可穿戴设备的方法,应用在终端上,其特征在于,包括:根据用户的操作向服务器发送可穿戴设备注册请求,所述注册请求中携带有所述用户的用户标识和可穿戴设备标识;接收服务器的写入指令,所述写入指令中携带有设备认证密钥、所述用户的可穿戴设备标识;对写入指令中指定的可穿戴设备执行写入设备认证密钥的操作;向服务器发送写入应答,所述写入应答中携带写入设备认证密钥是否成功的消息。
- 根据权利要求15所述的方法,其特征在于,所述方法还包括:在向服务器发送写入应答后,接收服务器的密码确认请求,将用户输入的用户密码携带在密码确认应答中返回至服务器。
- 根据权利要求15或16所述的方法,其特征在于,所述方法还包括:当写入设备认证密钥的操作成功后,生成所述用户的用户私钥和用户公钥,保存所述用户私钥;所述写入应答中还携带有所述用户的用户公钥。
- 根据权利要求15或16所述的方法,其特征在于,所述终端保存有终端公钥和终端私钥;所述终端公钥与保存在服务器的服务器私钥为一对密钥;所述终端私钥与保存在服务器的服务器公钥为一对密钥;所述方法还包括:采用终端公钥对所述服务器的写入指令进行签名校验,如果校验失败则拒绝所述写入指令。所述方法还包括:用终端私钥对写入应答进行签名。
- 一种认证用户的装置,应用在服务器上,其特征在于,所述服务器保存有用户的用户标识、可穿戴设备标识和服务器认证密钥的对应关系,所述装置包括:认证请求接收单元,用于接收用户通过终端发送的认证请求,所述认证请求中携带有所述用户的用户标识和/或可穿戴设备标识;检测指令下发单元,用于获取下行认证信息,向终端下发携带有下行认 证信息、所述用户的可穿戴设备标识的检测指令;检测应答接收单元,用于接收终端返回的携带有上行认证信息的检测应答,所述上行认证信息由检测指令中指定的可穿戴设备根据设备认证密钥和下行认证信息生成,所述设备认证密钥与服务器认证密钥相同或相对应;匹配单元,用于利用所述用户的服务器认证密钥匹配下行认证信息和上行认证信息,匹配成功则所述用户通过认证。
- 根据权利要求19所述的装置,其特征在于,所述服务器还保存有用户的用户公钥,所述用户公钥对应于所述用户的用户标识、可穿戴设备标识和服务器认证密钥,与保存在终端的用户私钥为一对密钥;所述终端返回的检测应答由保存在终端的用户私钥签名;所述装置还包括:检测应答校验单元,用于根据所述用户的用户公钥对所述终端的检测应答进行签名校验,如果校验失败则用户认证失败。
- 根据权利要求19所述的装置,其特征在于,所述服务器还保存有终端标识,所述终端标识对应于所述用户的用户标识、可穿戴设备标识和服务器认证密钥;所述认证请求中还包括:发送认证请求的终端标识;所述装置还包括:终端标识校验单元,用于在对应于认证请求中用户标识或可穿戴设备标识的终端标识,与发送认证请求的终端标识不同时,用户认证失败。
- 根据权利要求19至21任意一项所述的装置,其特征在于,所述服务器还保存有服务器私钥,所述服务器私钥与保存在终端的终端公钥为一对密钥;所述装置还包括:检测指令签名单元,用于用服务器私钥对检测指令进行签名。
- 根据权利要求19至21任意一项所述的装置,其特征在于,所述服务器为支付服务器,所述认证请求为支付请求;所述装置还包括:支付服务单元,用于向通过认证的用户提供支付服务。
- 一种认证用户的装置,应用在接入用户可穿戴设备的终端上,其特征在于,所述装置包括:认证请求发送单元,用于根据用户的操作向服务器发送认证请求,所述认证请求中携带有所述用户的用户标识和/或可穿戴设备标识;检测指令接收单元,用于接收服务器的检测指令,所述检测指令中携带有下行认证信息和可穿戴设备标识;上行认证信息单元,用于将下行认证信息发送给所述检测指令中指定的可穿戴设备,接收所述可穿戴设备返回的上行认证信息;所述上行认证信息由所述可穿戴设备根据保存的设备认证密钥和下行认证信息生成,所述设备认证密钥与保存在服务器的服务器认证密钥相同或相对应;检测应答发送单元,用于向服务器发送携带有上行认证信息的检测应答;认证结果接收单元,用于接收服务器根据所述上行认证信息、下行认证信息和服务器认证密钥确定的用户认证结果。
- 根据权利要求24所述的装置,其特征在于,所述终端保存有所述用户的用户私钥,所述用户私钥与保存在服务器的用户公钥为一对密钥;所述装置还包括:检测应答签名单元,用于用所述用户的用户私钥对检测应答进行签名。
- 根据权利要求24或25所述的装置,其特征在于,所述终端保存有终端公钥,所述终端公钥与保存在服务器的服务器私钥为一对密钥;所述服务器下发的检测指令由服务器私钥签名;所述装置还包括:检测指令校验单元,用于根据终端公钥对所述服务器的检测指令进行签名校验,如果校验失败则拒绝所述检测指令。
- 根据权利要求24或25所述的装置,其特征在于,所述认证请求为支付请求,所述终端在用户认证结果为通过认证后,完成用户的支付操作。
- 一种注册可穿戴设备的装置,应用在服务器上,其特征在于,包括:注册请求接收单元,用于接收用户通过终端发送的可穿戴设备注册请求,所述注册请求中携带有所述用户的用户标识和可穿戴设备标识;写入指令下发单元,用于获取所述用户的服务器认证密钥和设备认证密钥,向终端下发携带有设备认证密钥、所述用户的可穿戴设备标识的写入指令;写入应答接收单元,用于接收终端返回的写入应答,如果写入应答表明设备认证密钥已成功保存在所述写入指令中指定的可穿戴设备中,则保存所述用户的用户标识、可穿戴设备标识和服务器认证密钥的对应关系。
- 根据权利要求28所述的装置,其特征在于,所述写入应答接收单元包括:密码确认请求下发模块,用于在写入应答表明设备认证密钥已成功保存在所述写入指令中指定的可穿戴设备中时,向终端下发密码确认请求;密码确认应答接收模块,用于接收终端携带有用户密码的密码确认应答,如果用户密码正确,则保存所述用户的用户标识、可穿戴设备标识和服务器认证密钥的对应关系。
- 根据权利要求28或29所述的装置,其特征在于,所述终端返回的写入应答中还包括所述终端生成的用户公钥;所述密码确认应答接收单元具体用于:接收终端携带有用户密码的密码确认应答,如果用户密码正确,则保存所述用户的用户标识、可穿戴设备标识、服务器认证密钥和用户公钥的对应关系。
- 根据权利要求28或29所述的装置,其特征在于,所述服务器还保存有服务器私钥和服务器公钥;所述服务器私钥与保存在终端的终端公钥为一对密钥;所述服务器公钥与保存在终端的终端私钥为一对密钥。所述装置还包括:写入指令签名单元,用于用服务器私钥对写入指令进行签名;所述装置还包括:写入应答校验单元,用于采用服务器公钥对所述终端的写入应答进行签名校验,如果校验失败则拒绝所述注册请求。
- 一种注册可穿戴设备的装置,应用在终端上,其特征在于,包括:注册请求发送单元,用于根据用户的操作向服务器发送可穿戴设备注册 请求,所述注册请求中携带有所述用户的用户标识和可穿戴设备标识;写入指令接收单元,用于接收服务器的写入指令,所述写入指令中携带有设备认证密钥、所述用户的可穿戴设备标识;写入操作执行单元,用于对写入指令中指定的可穿戴设备执行写入设备认证密钥的操作;写入应答发送单元,用于向服务器发送写入应答,所述写入应答中携带写入设备认证密钥是否成功的消息。
- 根据权利要求32所述的装置,其特征在于,所述装置还包括:密码确认请求接收单元,用于在向服务器发送写入应答后,接收服务器的密码确认请求,将用户输入的用户密码携带在密码确认应答中返回至服务器。
- 根据权利要求32或33所述的装置,其特征在于,所述装置还包括:用户密钥生成单元,用于当写入设备认证密钥的操作成功后,生成所述用户的用户私钥和用户公钥,保存所述用户私钥;所述写入应答中还携带有所述用户的用户公钥。
- 根据权利要求32或33所述的装置,其特征在于,所述终端保存有终端公钥和终端私钥;所述终端公钥与保存在服务器的服务器私钥为一对密钥;所述终端私钥与保存在服务器的服务器公钥为一对密钥;所述装置还包括:写入指令校验单元,用于采用终端公钥对所述服务器的写入指令进行签名校验,如果校验失败则拒绝所述写入指令。所述装置还包括:写入应答签名单元,用于用终端私钥对写入应答进行签名。
- 一种支付方法,其特征在于,包括:接收用户通过支付客户端发送的支付请求,所述支付请求中携带有用户的用户标识和/或可穿戴设备标识;获取下行认证信息,并向支付客户端下发包括下行认证信息以及可穿戴设备标识的认证指令;接收支付客户端返回的携带有上行认证信息的认证响应信息,所述上行 认证信息由认证指令中指定的可穿戴设备根据设备认证密钥和下行认证信息生成,所述设备认证密钥与服务器认证密钥相同或相对应;利用所述用户的服务器认证密钥匹配下行认证信息和上行认证信息,匹配成功则所述用户通过认证,并在认证通过后进行支付操作。
- 根据权利要求36所述的方法,其特征在于,所述支付请求为用户通过在支付客户端上选择的表示由可穿戴设备进行支付的信息所触发。
- 一种支付方法,其特征在于,包括:响应于用户在支付客户端上的支付操作,向服务器发送支付请求,所述支付请求中携带有用户的用户标识和/或可穿戴设备标识;接收服务器下发的包括下行认证信息和可穿戴设备标识的认证指令,并将所述下行认证信息发送至可穿戴设备,以便由可穿戴设备利用自身保存的设备认证密钥和下行认证信息生成上行认证信息;接收可穿戴设备返回的上行认证信息,并发送至服务器,以便服务器根据上行认证信息对用户进行认证,并在认证通过后进行支付操作。
- 根据权利要求38所述的支付方法,其特征在于,用户在支付客户端上的支付操作具体为用户选择的表示由可穿戴设备进行支付的操作。
- 一种可穿戴设备的支付方法,其特征在于,包括:接收支付客户端发送的支付认证信息,所述支付认证信息包括服务器基于支付客户端发送的用户的支付请求所下发的下行认证信息;根据保存的设备认证密钥和下行认证信息生成上行认证信息,并将所述上行认证信息发送至支付客户端,以便由支付客户端将上行认证信息发送至服务器,使得服务器可基于上行认证信息对用户进行认证,并在认证通过后进行支付操作。
- 根据权利要求40所述的方法,其特征在于,还包括:响应于用户通过支付客户端下发的支付绑定请求,将支付绑定请求中携带的设备认证密钥保存。
- 一种支付装置,其特征在于,包括:支付请求接收单元,用于接收用户通过支付客户端发送的支付请求,所述支付请求中携带有用户的用户标识和/或可穿戴设备标识;认证指令下发单元,用于获取下行认证信息,并向支付客户端下发包括下行认证信息以及可穿戴设备标识的认证指令;认证响应接收单元,用于接收支付客户端返回的携带有上行认证信息的认证响应信息,所述上行认证信息由认证指令中指定的可穿戴设备根据设备认证密钥和下行认证信息生成,所述设备认证密钥与服务器认证密钥相同或相对应;支付匹配单元,用于利用所述用户的服务器认证密钥匹配下行认证信息和上行认证信息,匹配成功则所述用户通过认证,并在认证通过后进行支付操作。
- 根据权利要求42所述的装置,其特征在于,所述支付请求为用户通过在支付客户端上选择的表示由可穿戴设备进行支付的信息所触发。
- 一种支付装置,其特征在于,包括:支付请求发送单元,用于响应于用户在支付客户端上的支付操作,向服务器发送支付请求,所述支付请求中携带有用户的用户标识和/或可穿戴设备标识;认证指令接收单元,用于接收服务器下发的包括下行认证信息和可穿戴设备标识的认证指令,并将所述下行认证信息发送至可穿戴设备,以便由可穿戴设备利用自身保存的设备认证密钥和下行认证信息生成上行认证信息;认证响应发送单元,用于接收可穿戴设备返回的上行认证信息,并发送至服务器,以便服务器根据上行认证信息对用户进行认证,并在认证通过后进行支付操作。
- 根据权利要求44所述的装置,其特征在于,用户在支付客户端上的支付操作具体为用户选择的表示由可穿戴设备进行支付的操作。
- 一种可穿戴设备的支付装置,其特征在于,包括:支付认证信息接收单元,用于接收支付客户端发送的支付认证信息,所 述支付认证信息包括服务器基于支付客户端发送的用户的支付请求所下发的下行认证信息;上行认证信息生成单元,用于根据保存的设备认证密钥和下行认证信息生成上行认证信息,并将所述上行认证信息发送至支付客户端,以便由支付客户端将上行认证信息发送至服务器,使得服务器可基于上行认证信息对用户进行认证,并在认证通过后进行支付操作。
- 根据权利要求46所述的装置,其特征在于,所述装置还包括:支付绑定单元,用于响应于用户通过支付客户端下发的支付绑定请求,将支付绑定请求中携带的设备认证密钥保存。
Priority Applications (8)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP16771252.0A EP3280090B1 (en) | 2015-04-02 | 2016-03-15 | User authentication method and device |
KR1020177031906A KR102242218B1 (ko) | 2015-04-02 | 2016-03-15 | 사용자 인증 방법 및 장치, 및 웨어러블 디바이스 등록 방법 및 장치 |
SG11201708032TA SG11201708032TA (en) | 2015-04-02 | 2016-03-15 | Method and apparatus for authenticating user, method and apparatus for registering wearable device |
ES16771252T ES2820554T3 (es) | 2015-04-02 | 2016-03-15 | Método y aparato para autentificar un usuario, método y aparato para registrar un dispositivo ponible |
PL16771252T PL3280090T3 (pl) | 2015-04-02 | 2016-03-15 | Sposób i przyrząd do uwierzytelniania użytkownika |
JP2017551677A JP6646341B2 (ja) | 2015-04-02 | 2016-03-15 | ユーザを認証する方法及び装置、ウェアラブルデバイスを登録する方法及び装置 |
US15/719,274 US10587418B2 (en) | 2015-04-02 | 2017-09-28 | Authenticating a user and registering a wearable device |
US16/813,613 US10873573B2 (en) | 2015-04-02 | 2020-03-09 | Authenticating a user and registering a wearable device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510155552.4 | 2015-04-02 | ||
CN201510155552.4A CN106161359B (zh) | 2015-04-02 | 2015-04-02 | 认证用户的方法及装置、注册可穿戴设备的方法及装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/719,274 Continuation US10587418B2 (en) | 2015-04-02 | 2017-09-28 | Authenticating a user and registering a wearable device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016155497A1 true WO2016155497A1 (zh) | 2016-10-06 |
Family
ID=57005586
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/076415 WO2016155497A1 (zh) | 2015-04-02 | 2016-03-15 | 认证用户的方法及装置、注册可穿戴设备的方法及装置 |
Country Status (9)
Country | Link |
---|---|
US (2) | US10587418B2 (zh) |
EP (1) | EP3280090B1 (zh) |
JP (1) | JP6646341B2 (zh) |
KR (1) | KR102242218B1 (zh) |
CN (2) | CN110417797B (zh) |
ES (1) | ES2820554T3 (zh) |
PL (1) | PL3280090T3 (zh) |
SG (2) | SG10202004393SA (zh) |
WO (1) | WO2016155497A1 (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108154364A (zh) * | 2016-12-06 | 2018-06-12 | 上海方付通商务服务有限公司 | 可穿戴设备及具有所述可穿戴设备的支付系统及支付方法 |
JP2019087236A (ja) * | 2017-11-07 | 2019-06-06 | マスターカード インターナシヨナル インコーポレーテツド | 個人クラウドプラットフォームを用いてオンラインユーザ認証を強化するシステム及び方法 |
CN110298664A (zh) * | 2018-03-23 | 2019-10-01 | 本田技研工业株式会社 | 信息处理方法及电子设备 |
Families Citing this family (36)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110417797B (zh) | 2015-04-02 | 2021-07-30 | 创新先进技术有限公司 | 认证用户的方法及装置 |
US10122709B2 (en) * | 2015-05-12 | 2018-11-06 | Citrix Systems, Inc. | Multifactor contextual authentication and entropy from device or device input or gesture authentication |
KR102370286B1 (ko) * | 2015-10-28 | 2022-03-03 | 에스케이플래닛 주식회사 | 무선 메시 네트워크 인증 방법 및 이를 위한 장치, 이를 수행하는 컴퓨터 프로그램을 기록한 기록 매체 |
US10496852B1 (en) * | 2016-07-12 | 2019-12-03 | Symantec Corporation | Systems and methods of dynamic obfuscation pattern generation for preventing smudge attacks on touch screen devices |
CN106683243A (zh) * | 2016-12-08 | 2017-05-17 | 大唐微电子技术有限公司 | 一种酒店在线加密管理方法及系统 |
CN106981003B (zh) * | 2016-12-30 | 2020-08-25 | 中国银联股份有限公司 | 用于虚拟现实环境的交易方法、装置及系统 |
CN106790307A (zh) * | 2017-03-28 | 2017-05-31 | 联想(北京)有限公司 | 网络安全管理方法及服务器 |
CN107277017A (zh) * | 2017-06-22 | 2017-10-20 | 北京洋浦伟业科技发展有限公司 | 基于加密密钥和设备指纹的权限认证方法、装置及系统 |
CN107395634B (zh) * | 2017-08-25 | 2020-02-11 | 中南大学 | 一种可穿戴设备的无口令身份认证方法 |
CN107766738A (zh) * | 2017-09-12 | 2018-03-06 | 阿里巴巴集团控股有限公司 | 一种智能设备的绑定方法、装置和系统、通讯系统 |
CN109495885B (zh) * | 2017-09-13 | 2021-09-14 | 中国移动通信有限公司研究院 | 认证方法、移动终端、管理系统及蓝牙ic卡 |
CN109561429B (zh) * | 2017-09-25 | 2020-11-17 | 华为技术有限公司 | 一种鉴权方法及设备 |
US11368451B2 (en) | 2017-10-19 | 2022-06-21 | Google Llc | Two-factor authentication systems and methods |
CN112508552A (zh) * | 2017-12-06 | 2021-03-16 | 创新先进技术有限公司 | Nfc便携设备的写入、支付方法、装置以及设备 |
CN110493162A (zh) * | 2018-03-09 | 2019-11-22 | 山东量子科学技术研究院有限公司 | 基于可穿戴设备的身份认证方法及系统 |
CN110247881B (zh) * | 2018-03-09 | 2021-08-13 | 山东量子科学技术研究院有限公司 | 基于可穿戴设备的身份认证方法及系统 |
CN108574578A (zh) * | 2018-03-22 | 2018-09-25 | 北京交通大学 | 一种黑匣子数据保护系统及方法 |
CN108320158A (zh) * | 2018-04-11 | 2018-07-24 | 郑鸿 | 一种穿戴式支付设备 |
CN110611903B (zh) * | 2018-06-15 | 2022-07-15 | 中兴通讯股份有限公司 | 一种设备绑定方法、装置、设备及存储介质 |
CN108814561A (zh) * | 2018-07-11 | 2018-11-16 | 山东博科保育科技股份有限公司 | 经皮黄疸仪智能控制方法、装置及系统 |
CN109522387B (zh) * | 2018-10-27 | 2023-07-14 | 平安医疗健康管理股份有限公司 | 基于数据处理的腰椎盘突出资质认证方法、设备及服务器 |
EP3657750B1 (de) | 2018-11-21 | 2023-01-11 | TeamViewer Germany GmbH | Verfahren zur authentifizierung einer datenbrille in einem datennetz |
CN109379388B (zh) * | 2018-12-17 | 2021-04-06 | 福建联迪商用设备有限公司 | 一种身份识别方法、终端及可穿戴设备 |
CN111431840B (zh) * | 2019-01-09 | 2022-06-07 | 北京京东尚科信息技术有限公司 | 安全处理方法、装置、计算机设备及可读存储介质 |
CN111158645B (zh) * | 2019-12-10 | 2022-09-20 | 杭州中天微系统有限公司 | 提供集成开发环境的系统和方法 |
CN113132979B (zh) * | 2019-12-30 | 2023-03-21 | 中移雄安信息通信科技有限公司 | Imsi加密公钥的获取方法、下发方法及设备 |
CN113256902A (zh) * | 2020-02-27 | 2021-08-13 | 深圳怡化电脑股份有限公司 | 敏感信息的安全输入方法、设备、系统及存储介质 |
CN113709088B (zh) * | 2020-05-22 | 2023-04-28 | 中国联合网络通信集团有限公司 | 基于可穿戴设备的数据传输方法、装置、设备和存储介质 |
US11727127B2 (en) * | 2020-10-16 | 2023-08-15 | Micron Technology, Inc. | Secure storage device verification with multiple computing devices |
JP7395455B2 (ja) * | 2020-11-06 | 2023-12-11 | 株式会社東芝 | 転送装置、鍵管理サーバ装置、通信システム、転送方法及びプログラム |
JP2022075196A (ja) * | 2020-11-06 | 2022-05-18 | 株式会社東芝 | 転送装置、鍵管理サーバ装置、通信システム、転送方法及びプログラム |
CN112532629B (zh) * | 2020-11-30 | 2023-01-24 | 航天信息股份有限公司 | 一种数据传输方法、装置、设备和介质 |
CN112887409B (zh) * | 2021-01-27 | 2022-05-17 | 珠海格力电器股份有限公司 | 一种数据处理系统、方法、装置、设备和存储介质 |
CN113055182B (zh) * | 2021-03-15 | 2022-11-08 | 中国工商银行股份有限公司 | 认证方法及系统、终端、服务器、计算机系统和介质 |
US11638564B2 (en) * | 2021-08-24 | 2023-05-02 | Biolink Systems, Llc | Medical monitoring system |
CN114124578B (zh) * | 2022-01-25 | 2022-04-15 | 湖北芯擎科技有限公司 | 一种通信方法、装置、车辆及存储介质 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101192926A (zh) * | 2006-11-28 | 2008-06-04 | 北京握奇数据系统有限公司 | 帐号保护的方法及系统 |
US20100070766A1 (en) * | 2007-06-28 | 2010-03-18 | Tencent Technology (Shenzhen) Company Limited | Authentication Method, Client, Server And System |
CN103716794A (zh) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | 一种基于便携式设备的双向安全验证方法及系统 |
CN104065653A (zh) * | 2014-06-09 | 2014-09-24 | 韩晟 | 一种交互式身份验证方法、装置、系统和相关设备 |
CN104219058A (zh) * | 2014-09-28 | 2014-12-17 | 小米科技有限责任公司 | 身份认证、身份授权方法及装置 |
Family Cites Families (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5781723A (en) * | 1996-06-03 | 1998-07-14 | Microsoft Corporation | System and method for self-identifying a portable information device to a computing unit |
US6346391B1 (en) * | 1999-07-22 | 2002-02-12 | Trustees Of Tufts College | Methods of reducing microbial resistance to drugs |
EP1132828A4 (en) * | 1999-09-17 | 2007-10-10 | Sony Corp | DATA-DISPATCHING SYSTEM AND METHOD THEREFOR |
JP2002247029A (ja) * | 2000-02-02 | 2002-08-30 | Sony Corp | 認証装置、認証システムおよびその方法、処理装置、通信装置、通信制御装置、通信システムおよびその方法、情報記録方法およびその装置、情報復元方法およびその装置、その記録媒体 |
US7310734B2 (en) * | 2001-02-01 | 2007-12-18 | 3M Innovative Properties Company | Method and system for securing a computer network and personal identification device used therein for controlling access to network components |
JP2002374244A (ja) * | 2001-06-13 | 2002-12-26 | Kenwood Corp | 情報配信方法 |
KR100449484B1 (ko) * | 2001-10-18 | 2004-09-21 | 한국전자통신연구원 | 공개키 기반 구조 인증시스템에서 생체정보를 이용한인증서 발급 방법 |
US6996715B2 (en) * | 2002-01-03 | 2006-02-07 | Lockheed Martin Corporation | Method for identification of a user's unique identifier without storing the identifier at the identification site |
US8539232B2 (en) * | 2002-06-26 | 2013-09-17 | Sony Corporation | Information terminal apparatus, information processing apparatus and information communication system |
JP4311174B2 (ja) * | 2003-11-21 | 2009-08-12 | 日本電気株式会社 | 認証方法、移動体無線通信システム、移動端末、認証側装置、認証サーバ、認証代理スイッチ及びプログラム |
US20070186099A1 (en) * | 2004-03-04 | 2007-08-09 | Sweet Spot Solutions, Inc. | Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method |
DE602004020276D1 (de) * | 2004-05-04 | 2009-05-07 | Research In Motion Ltd | Anfrage-antwort-system und -verfahren |
US20060036857A1 (en) * | 2004-08-06 | 2006-02-16 | Jing-Jang Hwang | User authentication by linking randomly-generated authentication secret with personalized secret |
US8132006B2 (en) * | 2005-05-03 | 2012-03-06 | Ntt Docomo, Inc. | Cryptographic authentication and/or establishment of shared cryptographic keys, including, but not limited to, password authenticated key exchange (PAKE) |
JP4722599B2 (ja) * | 2005-07-13 | 2011-07-13 | 富士通株式会社 | 電子画像データ検証プログラム、電子画像データ検証システム及び電子画像データ検証方法 |
US7814320B2 (en) * | 2005-07-19 | 2010-10-12 | Ntt Docomo, Inc. | Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks |
JP4607782B2 (ja) | 2006-02-06 | 2011-01-05 | 株式会社エヌ・ティ・ティ・ドコモ | 通信端末装置 |
US8572387B2 (en) * | 2006-07-26 | 2013-10-29 | Panasonic Corporation | Authentication of a peer in a peer-to-peer network |
JP4894857B2 (ja) * | 2006-08-04 | 2012-03-14 | 富士通株式会社 | 電子文書を管理するプログラム、方法、及び装置 |
US8156332B2 (en) * | 2007-05-29 | 2012-04-10 | Apple Inc. | Peer-to-peer security authentication protocol |
US9154948B2 (en) * | 2007-11-04 | 2015-10-06 | IndusEdge Innovations Private Limited | Method and system for user authentication |
CN101662768B (zh) * | 2008-08-28 | 2013-06-19 | 阿尔卡特朗讯公司 | 基于个人手持电话系统的用户标识模块的认证方法和设备 |
CN102421097B (zh) * | 2010-09-27 | 2015-12-09 | 中国移动通信集团公司 | 一种用户认证方法、装置及系统 |
US20120102324A1 (en) * | 2010-10-21 | 2012-04-26 | Mr. Lazaro Rodriguez | Remote verification of user presence and identity |
US8346672B1 (en) | 2012-04-10 | 2013-01-01 | Accells Technologies (2009), Ltd. | System and method for secure transaction process via mobile device |
CN102546172A (zh) * | 2011-12-16 | 2012-07-04 | 北京握奇数据系统有限公司 | 智能卡的访问控制方法、智能卡、终端和系统 |
US20140133656A1 (en) | 2012-02-22 | 2014-05-15 | Qualcomm Incorporated | Preserving Security by Synchronizing a Nonce or Counter Between Systems |
US20130268687A1 (en) | 2012-04-09 | 2013-10-10 | Mcafee, Inc. | Wireless token device |
US20140279528A1 (en) | 2013-03-15 | 2014-09-18 | Motorola Mobility Llc | Wearable Authentication Device |
CN103220270A (zh) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | 密钥下载方法、管理方法、下载管理方法及装置和系统 |
CN103220271A (zh) * | 2013-03-15 | 2013-07-24 | 福建联迪商用设备有限公司 | 密钥下载方法、管理方法、下载管理方法及装置和系统 |
CN103178969B (zh) * | 2013-04-16 | 2016-06-29 | 河南有线电视网络集团有限公司 | 一种业务鉴权方法及系统 |
CN104346548A (zh) | 2013-08-01 | 2015-02-11 | 华为技术有限公司 | 穿戴式设备的认证方法及穿戴式设备 |
JP2015033038A (ja) * | 2013-08-05 | 2015-02-16 | ソニー株式会社 | 情報処理装置、情報処理方法及びコンピュータプログラム |
JP2015192377A (ja) * | 2014-03-28 | 2015-11-02 | 富士通株式会社 | 鍵送信方法、鍵送信システム、及び鍵送信プログラム |
US9826400B2 (en) * | 2014-04-04 | 2017-11-21 | Qualcomm Incorporated | Method and apparatus that facilitates a wearable identity manager |
CN104219626B (zh) * | 2014-08-25 | 2017-11-21 | 北京乐富科技有限责任公司 | 一种身份认证的方法和装置 |
CN104243484B (zh) | 2014-09-25 | 2016-04-13 | 小米科技有限责任公司 | 信息交互方法及装置、电子设备 |
CN110417797B (zh) | 2015-04-02 | 2021-07-30 | 创新先进技术有限公司 | 认证用户的方法及装置 |
-
2015
- 2015-04-02 CN CN201910718095.3A patent/CN110417797B/zh active Active
- 2015-04-02 CN CN201510155552.4A patent/CN106161359B/zh active Active
-
2016
- 2016-03-15 KR KR1020177031906A patent/KR102242218B1/ko active IP Right Grant
- 2016-03-15 SG SG10202004393SA patent/SG10202004393SA/en unknown
- 2016-03-15 WO PCT/CN2016/076415 patent/WO2016155497A1/zh active Application Filing
- 2016-03-15 ES ES16771252T patent/ES2820554T3/es active Active
- 2016-03-15 JP JP2017551677A patent/JP6646341B2/ja active Active
- 2016-03-15 SG SG11201708032TA patent/SG11201708032TA/en unknown
- 2016-03-15 PL PL16771252T patent/PL3280090T3/pl unknown
- 2016-03-15 EP EP16771252.0A patent/EP3280090B1/en active Active
-
2017
- 2017-09-28 US US15/719,274 patent/US10587418B2/en active Active
-
2020
- 2020-03-09 US US16/813,613 patent/US10873573B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101192926A (zh) * | 2006-11-28 | 2008-06-04 | 北京握奇数据系统有限公司 | 帐号保护的方法及系统 |
US20100070766A1 (en) * | 2007-06-28 | 2010-03-18 | Tencent Technology (Shenzhen) Company Limited | Authentication Method, Client, Server And System |
CN103716794A (zh) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | 一种基于便携式设备的双向安全验证方法及系统 |
CN104065653A (zh) * | 2014-06-09 | 2014-09-24 | 韩晟 | 一种交互式身份验证方法、装置、系统和相关设备 |
CN104219058A (zh) * | 2014-09-28 | 2014-12-17 | 小米科技有限责任公司 | 身份认证、身份授权方法及装置 |
Non-Patent Citations (1)
Title |
---|
See also references of EP3280090A4 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108154364A (zh) * | 2016-12-06 | 2018-06-12 | 上海方付通商务服务有限公司 | 可穿戴设备及具有所述可穿戴设备的支付系统及支付方法 |
JP2019087236A (ja) * | 2017-11-07 | 2019-06-06 | マスターカード インターナシヨナル インコーポレーテツド | 個人クラウドプラットフォームを用いてオンラインユーザ認証を強化するシステム及び方法 |
US11348116B2 (en) | 2017-11-07 | 2022-05-31 | Mastercard International Incorporated | Systems and methods for enhancing online user authentication using a personal cloud platform |
CN110298664A (zh) * | 2018-03-23 | 2019-10-01 | 本田技研工业株式会社 | 信息处理方法及电子设备 |
Also Published As
Publication number | Publication date |
---|---|
JP6646341B2 (ja) | 2020-02-14 |
PL3280090T3 (pl) | 2020-11-16 |
CN110417797A (zh) | 2019-11-05 |
EP3280090A1 (en) | 2018-02-07 |
SG10202004393SA (en) | 2020-06-29 |
US20180019878A1 (en) | 2018-01-18 |
KR102242218B1 (ko) | 2021-04-21 |
CN110417797B (zh) | 2021-07-30 |
US20200213129A1 (en) | 2020-07-02 |
CN106161359B (zh) | 2019-09-17 |
EP3280090B1 (en) | 2020-08-26 |
US10873573B2 (en) | 2020-12-22 |
SG11201708032TA (en) | 2017-10-30 |
ES2820554T3 (es) | 2021-04-21 |
KR20170134631A (ko) | 2017-12-06 |
CN106161359A (zh) | 2016-11-23 |
JP2018515011A (ja) | 2018-06-07 |
EP3280090A4 (en) | 2018-12-05 |
US10587418B2 (en) | 2020-03-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016155497A1 (zh) | 认证用户的方法及装置、注册可穿戴设备的方法及装置 | |
TWI676945B (zh) | 綁定可穿戴設備的方法和裝置、電子支付方法和裝置 | |
US20180285555A1 (en) | Authentication method, device and system | |
US9838205B2 (en) | Network authentication method for secure electronic transactions | |
US11501294B2 (en) | Method and device for providing and obtaining graphic code information, and terminal | |
US9918226B2 (en) | Spoofing protection for secure-element identifiers | |
US20150295921A1 (en) | Service Authorization using Auxiliary Device | |
WO2019129037A1 (zh) | 设备认证方法、空中写卡方法及设备认证装置 | |
EP3238369A1 (en) | Systems and methods for authentication using multiple devices | |
EP3535724A1 (en) | Verifying an association between a communication device and a user | |
EP3662430B1 (en) | System and method for authenticating a transaction | |
US20200196143A1 (en) | Public key-based service authentication method and system | |
KR102012262B1 (ko) | 키 관리 방법 및 fido 소프트웨어 인증장치 | |
US9917694B1 (en) | Key provisioning method and apparatus for authentication tokens | |
WO2015184809A1 (zh) | 移动终端支付交易的方法、移动终端、服务提供商设备及系统 | |
KR102547682B1 (ko) | Puf기반 otp를 이용하여 사용자 인증을 지원하는 서버 및 그 동작 방법 | |
JP6560649B2 (ja) | 認証サーバ、端末装置、システム、認証方法、及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16771252 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11201708032T Country of ref document: SG |
|
ENP | Entry into the national phase |
Ref document number: 2017551677 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20177031906 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016771252 Country of ref document: EP |