WO2016155497A1 - 认证用户的方法及装置、注册可穿戴设备的方法及装置 - Google Patents

认证用户的方法及装置、注册可穿戴设备的方法及装置 Download PDF

Info

Publication number
WO2016155497A1
WO2016155497A1 PCT/CN2016/076415 CN2016076415W WO2016155497A1 WO 2016155497 A1 WO2016155497 A1 WO 2016155497A1 CN 2016076415 W CN2016076415 W CN 2016076415W WO 2016155497 A1 WO2016155497 A1 WO 2016155497A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
server
authentication
terminal
wearable device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2016/076415
Other languages
English (en)
French (fr)
Chinese (zh)
Inventor
蒋龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to PL16771252T priority Critical patent/PL3280090T3/pl
Priority to KR1020177031906A priority patent/KR102242218B1/ko
Priority to EP16771252.0A priority patent/EP3280090B1/en
Priority to SG11201708032TA priority patent/SG11201708032TA/en
Priority to JP2017551677A priority patent/JP6646341B2/ja
Priority to ES16771252T priority patent/ES2820554T3/es
Publication of WO2016155497A1 publication Critical patent/WO2016155497A1/zh
Priority to US15/719,274 priority patent/US10587418B2/en
Anticipated expiration legal-status Critical
Priority to US16/813,613 priority patent/US10873573B2/en
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B1/00Details of transmission systems, not covered by a single one of groups H04B3/00 - H04B13/00; Details of transmission systems not characterised by the medium used for transmission
    • H04B1/38Transceivers, i.e. devices in which transmitter and receiver form a structural unit and in which at least one part is used for functions of transmitting and receiving
    • H04B1/3827Portable transceivers
    • H04B1/385Transceivers carried on the body, e.g. in helmets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0053Allocation of signalling, i.e. of overhead other than pilot signals
    • H04L5/0055Physical resource allocation for ACK/NACK
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/33Security of mobile devices; Security of mobile applications using wearable devices, e.g. using a smartwatch or smart-glasses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Definitions

  • the present application relates to the field of Internet technologies, and in particular, to a method and apparatus for authenticating a user and a method and apparatus for registering a wearable device.
  • the present application provides a method for authenticating a user, which is applied to a server, where the server stores a correspondence between a user identifier of the user, a wearable device identifier, and a server authentication key, where the method includes:
  • the terminal Receiving an authentication request sent by the user by using the terminal, where the authentication request carries the user identifier and/or the wearable device identifier of the user;
  • a detection response carrying uplink authentication information where the uplink authentication information is The wearable device specified in the detection instruction is generated according to the device authentication key and the downlink authentication information, where the device authentication key is the same as or corresponds to the server authentication key;
  • the server authentication key of the user is used to match the downlink authentication information and the uplink authentication information, and if the matching is successful, the user passes the authentication.
  • a method for authenticating a user is provided on a terminal that accesses a user wearable device, and the method includes:
  • the detection instruction carries downlink authentication information and a wearable device identifier
  • the uplink authentication information is determined by the wearable device according to the saved device authentication key and the downlink authentication Information generation, the device authentication key is the same as or corresponds to a server authentication key stored in the server;
  • the user authentication result determined by the receiving server according to the uplink authentication information, the downlink authentication information, and the server authentication key.
  • the application provides a method for registering a wearable device, which is applied to a server, and includes:
  • a method for registering a wearable device, which is applied to the terminal includes:
  • a write response is sent to the server, the write response carrying a message indicating whether the device authentication key was successful.
  • the present application further provides a device for authenticating a user, which is applied to a server, where the server stores a correspondence between a user identifier of the user, a wearable device identifier, and a server authentication key, and the device includes:
  • the authentication request receiving unit is configured to receive an authentication request sent by the user by using the terminal, where the authentication request carries the user identifier and/or the wearable device identifier of the user;
  • the detection instruction issuance unit is configured to obtain downlink authentication information, and send a detection instruction that carries the downlink authentication information and the wearable device identifier of the user to the terminal;
  • a detection response receiving unit configured to receive a detection response that is sent by the terminal and carries the uplink authentication information, where the uplink authentication information is generated by the wearable device specified in the detection instruction according to the device authentication key and the downlink authentication information, where the device authentication is encrypted.
  • the key is the same as or corresponds to the server authentication key;
  • the matching unit is configured to match the downlink authentication information and the uplink authentication information by using the server authentication key of the user, and the user passes the authentication if the matching succeeds.
  • a device for authenticating a user is provided on a terminal that accesses a user wearable device, and the device includes:
  • An authentication request sending unit configured to send an authentication request to the server according to an operation of the user, where the authentication request carries the user identifier and/or the wearable device identifier of the user;
  • the detection instruction receiving unit is configured to receive a detection instruction of the server, where the detection instruction carries the downlink authentication information and the wearable device identifier;
  • An uplink authentication information unit configured to send the downlink authentication information to the wearable device specified in the detection instruction, and receive the uplink authentication information returned by the wearable device; the uplink authentication information is saved by the wearable device according to the Device authentication key and downlink authentication information generated, the device The authentication key is the same as or corresponds to the server authentication key stored on the server;
  • a detection response sending unit configured to send, to the server, a detection response carrying the uplink authentication information
  • the authentication result receiving unit is configured to receive a user authentication result determined by the server according to the uplink authentication information, the downlink authentication information, and the server authentication key.
  • the application provides a device for registering a wearable device, which is applied to a server, and includes:
  • a registration request receiving unit configured to receive a wearable device registration request sent by the user by using the terminal, where the registration request carries the user identifier and the wearable device identifier of the user;
  • a write command issuing unit configured to acquire a server authentication key and a device authentication key of the user, and send a write command carrying the device authentication key and the wearable device identifier of the user to the terminal;
  • Writing a response receiving unit configured to receive a write response returned by the terminal, and if the write response indicates that the device authentication key has been successfully saved in the wearable device specified in the write command, saving the user identifier of the user Correspondence between the wearable device identifier and the server authentication key.
  • the device for registering a wearable device which is applied to the terminal, includes:
  • a registration request sending unit configured to send a wearable device registration request to the server according to an operation of the user, where the registration request carries the user identifier and the wearable device identifier of the user;
  • a write command receiving unit configured to receive a write command of the server, where the write command carries a device authentication key and the wearable device identifier of the user;
  • a write operation execution unit configured to perform an operation of writing a device authentication key to the wearable device specified in the write command
  • the write response sending unit is configured to send a write response to the server, where the write response carries a message indicating whether the device authentication key is successful.
  • the application provides a payment method, including:
  • the server authentication key of the user is used to match the downlink authentication information and the uplink authentication information. If the matching succeeds, the user passes the authentication, and the payment operation is performed after the authentication is passed.
  • a payment method provided by the application includes:
  • a payment method for a wearable device includes:
  • the payment authentication information includes downlink authentication information that is sent by the server based on the payment request of the user sent by the payment client;
  • the application provides a payment device, including:
  • a payment request receiving unit configured to receive a payment request sent by a user through a payment client, where the payment request carries a user identifier and/or a wearable device identifier of the user;
  • the authentication instruction issuance unit is configured to obtain the downlink authentication information, and deliver the authentication instruction including the downlink authentication information and the wearable device identifier to the payment client.
  • the authentication response receiving unit is configured to receive the authentication response information that is sent by the payment client and that carries the uplink authentication information, where the uplink authentication information is determined by the wearable device specified in the authentication command.
  • the authentication key and the downlink authentication information are generated, and the device authentication key is the same as or corresponds to the server authentication key;
  • the payment matching unit is configured to match the downlink authentication information and the uplink authentication information by using the server authentication key of the user, and if the matching is successful, the user passes the authentication, and performs a payment operation after the authentication is passed.
  • a payment device provided by the application includes:
  • a payment request sending unit configured to send a payment request to the server in response to the user's payment operation on the payment client, where the payment request carries the user identifier and/or the wearable device identifier of the user;
  • the authentication instruction receiving unit is configured to receive an authentication instruction that is sent by the server, including the downlink authentication information and the wearable device identifier, and send the downlink authentication information to the wearable device, so that the device can be authenticated by the wearable device by using the device.
  • the key and the downlink authentication information generate uplink authentication information;
  • the authentication response sending unit is configured to receive the uplink authentication information returned by the wearable device, and send the information to the server, so that the server authenticates the user according to the uplink authentication information, and performs a payment operation after the authentication is passed.
  • the application also provides a payment device for a wearable device, comprising:
  • the payment authentication information receiving unit is configured to receive the payment authentication information sent by the payment client, where the payment authentication information includes the downlink authentication information that is sent by the server based on the payment request of the user sent by the payment client;
  • the uplink authentication information generating unit is configured to generate uplink authentication information according to the saved device authentication key and the downlink authentication information, and send the uplink authentication information to the payment client, so that the uplink authentication information is sent by the payment client to the server,
  • the server is enabled to authenticate the user based on the uplink authentication information, and perform a payment operation after the authentication is passed.
  • the embodiment of the present application sets the server authentication key and the device authentication key on the server and the wearable device, and the server uses the set server authentication key and the device authentication key through interaction with the terminal.
  • the specified wearable device is authenticated to complete the authentication of the user corresponding to the wearable device, and the user does not need to memorize the account and password, nor does it need to Entering the account number and password during the authentication process reduces the burden on the user and improves the efficiency of the user to obtain network services.
  • 1 is a network structure diagram of an application scenario of the present application
  • FIG. 2 is a flowchart of a method for authenticating a user applied to a server in an embodiment of the present application
  • FIG. 3 is a flowchart of a method for authenticating a user applied to a terminal in an embodiment of the present application
  • FIG. 4 is a flowchart of a method for registering a wearable device applied to a server in an embodiment of the present application
  • FIG. 5 is a flowchart of a method for registering a wearable device applied to a terminal in an embodiment of the present application
  • FIG. 6 is a hardware structural diagram of a server, a wearable device, or a terminal
  • FIG. 7 is a logical structural diagram of an apparatus for authenticating a user applied to a server in an embodiment of the present application
  • FIG. 8 is a logical structural diagram of an apparatus for authenticating a user applied to a terminal in an embodiment of the present application
  • FIG. 9 is a logical structural diagram of an apparatus for registering a wearable device applied to a server in an embodiment of the present application.
  • FIG. 10 is a logical structural diagram of an apparatus for registering a wearable device on a terminal in an embodiment of the present application.
  • a wearable device is a portable device that can be worn by a user or integrated into a user's clothing or accessories, such as a wristband, smart watch, smart sports shoes, smart clothing, smart glasses, smart helmets, smart rings, and the like.
  • Wearable devices have some computing functions, and can be connected to terminals such as smartphones, tablets, and personal computers through hardware interfaces or wireless LANs, and exchange functions with terminals to implement various functions.
  • Wearable devices are usually dedicated to one user, and some wearable devices are worn on the user anytime and anywhere. To some extent, such wearable devices represent users.
  • the embodiment of the present application provides a method for authenticating a user, which utilizes the storage and computing functions of the wearable device to perform authentication on the user, and eliminates the need for the user to memorize and frequently input the account and password, thereby solving the problems in the prior art. .
  • the wearable device is connected to the terminal through a hardware interface or a wireless local area network.
  • the hardware interface may be an audio interface or a USB (Universal Serial Bus).
  • the wireless local area network may be Bluetooth, Wi-Fi (Wireless-Fidelity), ZigBee (Zigbee Protocol), etc.
  • the terminal may be a smart phone, a tablet computer, a personal computer, or the like.
  • the terminal communicates with the server through a communication network (such as the Internet and/or a mobile communication network), the user sends an access to the server on the terminal, and the server authenticates the user.
  • the type of the terminal, the hardware interface of the wearable device access terminal or the wireless local area network protocol, the protocol and networking structure of the communication network, and the specific implementation manner of the server are not limited.
  • the process of authenticating the user on the server is as shown in FIG. 2, and the flow on the terminal is as shown in FIG. 3.
  • the correspondence between the user identifier of the user, the wearable device identifier, and the server authentication key is stored on the server.
  • the user ID is a unique identifier that distinguishes a user from other users, such as a user name, a registered mailbox, etc.; if the user is bound to the mobile terminal, the number of the bound mobile terminal, IMEI ( International Mobile Equipment Identity, mobile device international identity code, etc.
  • the wearable device identifier is used to uniquely represent the wearable device, and may be the hardware address of the wearable device, such as MAC (Media Access Control), depending on the specific device type and the adopted wireless local area network protocol. address.
  • the server authentication key is stored on the server, and is the same as or corresponds to the device authentication key stored on the wearable device according to the encryption algorithm using the server authentication key.
  • the wearable device identifier stored on the server has a one-to-one correspondence with the server authentication key. If one user can have more than one wearable device for authentication, one user identifier may correspond to two or more. Wearable device ID and server authentication key.
  • the correspondence between the user identifier, the wearable device identifier, and the server authentication key may be stored locally on the server, or may be stored in other storage devices accessible by the server, such as a disk array or a cloud storage network of the storage area network. In the present embodiment, no limitation is imposed.
  • step 310 an authentication request is sent to the server according to the operation of the user, where the user identifier and/or the wearable device identifier of the user are carried in the authentication request.
  • step 210 an authentication request sent by the user through the terminal is received.
  • the server When the user requests a service (such as login, access to a personal account, payment, etc.) to the server on the terminal, the server requests the terminal to request relevant information required by the user.
  • the terminal sends an authentication request to the server, where the user identifier of the user, or the wearable device identifier of the user, or the user identifier and the wearable device identifier of the user are carried in the authentication request.
  • the server After receiving the authentication request of the terminal, the server can determine which user is requesting authentication by using the user identifier and/or the wearable device identifier.
  • step 220 the downlink authentication information is obtained, and the terminal sends a detection instruction that carries the downlink authentication information and the wearable device identifier of the user.
  • the downlink authentication information may be a piece of authentication data, or may be a ciphertext obtained by encrypting the authentication data by using a server authentication key stored on the server.
  • the server can obtain the authentication data in any manner, such as randomly generating, or intercepting a certain number of bytes from a file or a picture; the server can generate the authentication data locally or from other servers; this embodiment There is no limit in the middle.
  • the server After receiving the authentication request of the terminal, the server extracts the user identifier and/or the wearable device identifier in the authentication request, and searches for the identifier of the saved user identifier, the wearable device identifier, and the server authentication key. If the user identifier and the wearable device identifier in the authentication request do not belong to the same user, the authentication request of the terminal is rejected; otherwise, the server obtains the authentication data, and the downlink authentication information for the plaintext, the server authenticates the data, and the user The wearable device identifier is encapsulated in the detection command and sent to the terminal; for the downlink authentication information of the ciphertext, the server uses the server authentication key corresponding to the user identifier or the wearable device identifier in the authentication request to authenticate the data. After the encryption is performed, the downlink authentication information is generated, and the downlink authentication information and the wearable device identifier of the user are encapsulated in the detection command and sent to the terminal.
  • step 320 a detection instruction of the server is received, where the detection instruction carries the downlink authentication information and the wearable device identifier.
  • step 330 the downlink authentication information is sent to the wearable device specified in the detection command, and the uplink authentication information returned by the wearable device is received; the uplink authentication information is determined by the wearable device according to the saved device authentication key and the downlink device. Authentication information is generated.
  • the terminal receives the detection instruction of the server, extracts the wearable device identifier and the downlink authentication information, and sends the downlink authentication information to the wearable device specified in the detection instruction (that is, the wearable device having the wearable device identifier in the detection instruction). If the wearable device specified in the detection command has not been accessed by the terminal, the terminal needs to complete the connection with the wearable device according to the wireless local area network protocol supported by the wearable device.
  • the device authentication key that is the same as or corresponds to the server authentication key is stored on the wearable device specified by the server.
  • the wearable device After receiving the downlink authentication information, the wearable device encrypts the downlink authentication information by using the device authentication key to generate the downlink authentication information of the ciphertext.
  • the downlink authentication information of the ciphertext is wearable.
  • the device authentication key is used to decrypt the downlink authentication information, and the uplink authentication information of the plaintext is generated.
  • the downlink authentication information of the plaintext corresponds to the uplink authentication information of the ciphertext
  • the downlink authentication information of the ciphertext corresponds to the uplink authentication information of the plaintext.
  • the wearable device returns the uplink authentication information to the terminal.
  • step 340 a detection response carrying the uplink authentication information is sent to the server.
  • the terminal After receiving the uplink authentication information returned by the wearable device, the terminal encapsulates the uplink authentication information in a detection response and sends the uplink authentication information to the server.
  • the wearable device identifier is usually also carried in the detection response.
  • step 230 the receiving terminal returns a detection response carrying the uplink authentication information.
  • step 240 the server authentication key of the user is used to match the downlink authentication information and the uplink authentication information. If the matching succeeds, the user passes the authentication.
  • the server receives the detection response returned by the terminal, extracts the uplink authentication information, and utilizes the user.
  • the server authentication key determines whether the uplink authentication information and the downlink authentication information match to determine the authentication result of the user. Specifically, for the uplink authentication information of the plaintext, the uplink authentication information may be compared with the authentication data used to generate the ciphertext, or the uplink authentication information may be encrypted by the server authentication key and compared with the downlink authentication information. If the user is authenticated, the authentication fails. The authentication information of the cipher text can be compared with the downlink authentication information by using the server authentication key. If the authentication is the same, the user passes the authentication. Otherwise, the authentication fails.
  • the server returns the authentication result of the user to the terminal.
  • the receiving server determines the user authentication result according to the uplink authentication information, the downlink authentication information, and the server authentication key.
  • the same or corresponding server authentication key and device authentication key are set on the server and the wearable device, and the server uses the device authentication key saved and saved on the wearable device through interaction with the terminal.
  • the server authentication key on the server authenticates the designated wearable device, thereby completing the authentication of the user corresponding to the wearable device, the user does not need to memorize the account and password, and does not need to input the account and password in the authentication process. It reduces the burden on users and improves the efficiency of users' access to network services.
  • the user public key of the user may be saved on the server, and the user private key of the user is saved on the terminal, and different user identifiers use different user public keys and user private keys, and the user public key and the user private
  • the key is a pair of keys in asymmetric encryption.
  • the user public key saved on the server corresponds to the user ID, wearable device ID, and server authentication key of the user.
  • the terminal uses the saved user private key to sign the data carried in the detection response (including the uplink authentication information, and may also include other data such as the wearable device identifier and the user identifier), and sends the signed detection response.
  • the server uses the user's public key to perform signature verification on the detection response.
  • step 240 is performed to match the uplink authentication information and the downlink authentication information. If the signature verification is not passed, the notification is performed. Terminal authentication failed. This implementation requires a terminal that is accessed by a user to authenticate with the wearable device to store the user's private key of the user, so that better security can be achieved.
  • the terminal identifier can be added to the user ID of the user saved on the server, and wearable.
  • the terminal capable of performing user authentication by the accessed wearable device is restricted.
  • the server stores the user identifier, the wearable device identifier, the server authentication key, and the terminal identifier; the terminal carries its own terminal identifier in the authentication request sent to the server; the server receives the authentication.
  • the terminal identifier corresponding to the user identifier or the wearable device identifier in the authentication request is searched for in the saved correspondence relationship, and compared with the terminal identifier for sending the authentication request, if the same is the same, step 220 is performed to continue the authentication process, if different The authentication request of the terminal is rejected, and the user authentication fails.
  • This implementation is equivalent to binding the wearable device and the terminal that can perform user authentication through the wearable device; since the terminal (especially the mobile terminal) is usually also dedicated to one user, the binding wearable device and the terminal can be extremely Great increase the security of user authentication.
  • the foregoing authentication process in this embodiment is applicable to any scenario that requires authentication of a user identity, such as user identity authentication at login, identity authentication when a user accesses a personal account, identity authentication when a user performs payment through a third-party payment platform, and the like.
  • the server can provide subsequent services in the scenario, and the terminal performs subsequent operations in the scenario.
  • the terminal sends the authentication to the payment server.
  • the request is a payment request; after the user passes the authentication, the payment server can provide the payment service to the authenticated user; and after receiving the authentication result of the server user, the terminal can complete the payment operation of the user in cooperation with the payment server.
  • the correspondence between the user identifier, the wearable device identifier, and the server authentication key of the user may be preset on the server, and the corresponding device authentication key may be preset on the wearable device; Before the process, the above relationship is generated on the server through the registration process, and the device authentication key is written on the wearable device.
  • Another embodiment of the present application provides a method for registering a wearable device.
  • the flow of the method on the server is as shown in FIG. 4, and the flow on the terminal is as shown in FIG. 5.
  • step 510 the wearable device registration request is sent to the server according to the user operation.
  • step 410 receiving a wearable device registration request sent by the user through the terminal.
  • the user registers the wearable device with the server on the terminal, and the terminal follows the user's operation.
  • the wearable device registration request is sent to the server, and the registration request includes the user ID and the wearable device identifier of the user.
  • step 420 the server authentication key and the device authentication key of the user are obtained, and a write command carrying the device authentication key and the wearable device identifier of the user is sent to the terminal.
  • the server After receiving the wearable device registration request of the terminal, the server acquires a server authentication key and device corresponding to the wearable device identifier according to the encryption algorithm used for the uplink authentication information or the downlink authentication information in the authentication process.
  • Authentication key The server authentication key and the device authentication key may be a key (such as a key of a symmetric encryption algorithm) or a pair of keys (such as a public key and a private key of an asymmetric encryption algorithm).
  • the server can generate it by itself or obtain the server authentication key and device authentication key from other servers.
  • the server encapsulates the obtained device authentication key and the corresponding wearable device identifier in a write command, and sends the device to the terminal.
  • step 520 a write command of the server is received, where the write command carries a device authentication key and a wearable device identifier of the user.
  • step 530 an operation of writing a device authentication key is performed on the wearable device specified in the write command.
  • the terminal After receiving the write command from the server, the terminal sends the device authentication key in the write command to the wearable device, and requests the wearable device to save the device authentication key.
  • the wearable device may require the user to confirm the write operation before completing the storage of the device authentication key. For example, for an opponent ring, the user usually needs to make a tap confirmation.
  • step 540 a write response is sent to the server, and the write response carries a message indicating whether the write device authentication key is successful.
  • the message that the write is successful is encapsulated in the write response and sent to the server.
  • step 430 the write response returned by the terminal is received. If the write response indicates that the device authentication key has been successfully saved in the wearable device specified in the write command, the user identifier of the user and the wearable device are saved. The correspondence between the identifier and the server authentication key, the wearable device is successfully registered; if the message carried in the write response is that the device authentication key is not successfully written, the registration is over. The process failed. The server sends the registration result to the terminal.
  • the server may require the terminal to provide the user's password to increase the security of the wearable device registration.
  • the server receives the write response of the terminal, and if the message carried in the write response is that the device authentication key has been successfully saved in the wearable device, the terminal sends a password confirmation request to the terminal, and the terminal is required to provide the wearable
  • the password of the user ID corresponding to the device identifier the terminal receives the password confirmation request from the server, and carries the user password entered by the user in the password confirmation response to return to the server; the receiving terminal on the server carries the password confirmation response of the user password, if the user password If the user ID, the wearable device ID, and the server authentication key are saved, the wearable device is successfully registered. If the user password is incorrect, the registration request of the terminal is rejected, and the registration fails.
  • the server sends the registration result to the terminal.
  • the user's public key and user private key may be automatically generated during the registration process. Specifically, after the terminal successfully writes the device authentication key to the wearable device, the terminal generates the user private key and the user public key of the user according to a certain algorithm, and locally saves the generated user private key, and the user public key. The encapsulation is sent to the server in the write response; after the terminal writes the device authentication key to the wearable device successfully or the authentication user password is correct, the server saves the user ID, the wearable device identifier, the server authentication key, and the user public. The correspondence of the keys.
  • a server public key and a server private key are preset on the server, and a terminal private key and a terminal public key are preset on the terminal, wherein the server public key and the terminal private key are a pair of keys, and the server private key
  • the terminal public key is a pair of keys.
  • the server may use the saved server private key to sign the detection instruction, and send the signed detection instruction to the terminal; the terminal performs signature verification on the received detection instruction by using the saved terminal public key. If the verification fails, the detection command is rejected and the authentication fails.
  • the server may sign the write command with the saved server private key, and send the signed write command to the terminal; the terminal performs signature verification on the received write command by using the saved terminal public key. If the verification fails, the write command is rejected and the registration fails.
  • the terminal may sign the write response with the saved terminal private key, and send the signed write response to the server; the server uses the saved server public key to perform signature verification on the received write response, and if the verification fails, the terminal rejects The registration request of the terminal.
  • the server and the terminal can communicate through an encrypted channel to further improve the security of wearable device registration and user authentication.
  • the detection command and the detection response in the embodiment of the authentication method, the write command and the write response in the registration method embodiment can all be transmitted in the encrypted channel.
  • the encryption channel and the encryption method used please refer to the prior art and will not be described again.
  • the payment client running on the terminal utilizes the wearable device of the access terminal to authenticate the user identity during the payment process.
  • the specific process of this embodiment is as follows:
  • a payment binding request of the payment client is received, and the device authentication key of the wearable device is included in the payment binding request.
  • the device protects the device authentication key carried in the payment binding request in the local storage in response to the payment binding request sent by the user through the payment client;
  • the user When the user performs a payment operation on the payment client, the user selects to indicate that the payment is made by the wearable device, triggers the payment client to respond to the user operation, and sends a payment request to the server, where the payment request carries the user identifier of the user and/or may Wearable device identification;
  • the server After receiving the payment request sent by the client, the server obtains the downlink authentication information, and sends an authentication command including the downlink authentication information and the wearable device identifier to the payment client.
  • the payment client receives the authentication command sent by the server, and sends the downlink authentication information to the wearable device specified in the authentication command in the payment authentication information;
  • the wearable device receives the payment authentication information sent by the payment client, and extracts the downlink authentication information sent by the server based on the payment request sent by the user sent by the payment client, and obtains the device authentication key and the downlink authentication according to the saved device.
  • the information generates uplink authentication information, and sends the uplink authentication information to the payment client.
  • the payment client receives the uplink authentication information returned by the wearable device, and sends the uplink authentication information to the server in the authentication response information;
  • the server receives the authentication response information that is sent by the payment client and carries the uplink authentication information, and uses the server authentication key of the user to match the downlink authentication information and the uplink authentication information. If the matching succeeds, the user passes the authentication, and the payment operation is performed after the authentication is passed.
  • the server authentication key of the user is the same as or corresponds to the device authentication key of the wearable device specified in the authentication instruction.
  • the device authentication key and the server authentication key are used to authenticate the wearable device, thereby completing
  • the user's payment authentication corresponding to the wearable device enables the user to make a payment with the wearable device on the payment client, without having to memorize the account number and password, and without inputting the account and password in the authentication process, thereby reducing the burden on the user. Increased payment efficiency.
  • the network payment can be completed through the wristband without inputting an account and a password.
  • the paired server public key and terminal private key, and the paired server private key and terminal public key are preset on the payment server and the client App.
  • the payment server may run a server of the server program corresponding to the client App, or may be a server of a third-party payment platform that supports the client App. The specific process is as follows:
  • the user sends a wearable device registration request to the payment server through the client application (hereinafter referred to as the client) running on the mobile terminal, and applies for opening the bracelet payment, and the client identifies the user (the account of the user in the payment server) and the mobile terminal identifier. (IMEI), the bracelet ID (band MAC address) is uploaded to the server in the registration request.
  • the client application hereinafter referred to as the client
  • IMEI the bracelet ID
  • band MAC address is uploaded to the server in the registration request.
  • the payment server generates a symmetric key (ie, the same server authentication key and device authentication key) for authenticating the wristband through a predetermined algorithm, and passes the symmetric key together with the user identifier and the wristband identifier through the preset server private After the key is signed, it is encapsulated in the write command and sent to the client through the encrypted channel between the payment server and the client.
  • a symmetric key ie, the same server authentication key and device authentication key
  • the client After receiving the write command from the server, the client first verifies the legality of the data in the write command according to the preset terminal public key, and directly rejects the write command if the data is illegal. After the legality is verified, the client connects to the wristband specified in the write command. After the connection is successful, the symmetric key delivered by the payment server is written into the wristband. During the process of writing a symmetric key to the wristband, the user needs to strike the wristband to confirm the write operation. After the user strikes the wristband, the symmetric key is written into the storage area of the wristband.
  • the client After the write operation succeeds, the client generates a pair of asymmetric keys according to the user ID, corresponding to the user public key and the user private key of the user identifier.
  • the client will write the result of the successful operation of the operation, the identification of the wristband and the generated user public key by the preset terminal private key, and the above information after the signature
  • the encapsulation is in the write response and is sent to the payment server through the encrypted channel.
  • the user private key is saved locally by the client.
  • the payment server After receiving the write response from the client, the payment server first verifies the signature of the client through the preset server public key, and rejects the registration request of the client if the verification fails. After the signature verification is passed, the payment server sends a password confirmation request to the client, requesting the client to provide the password of the account of the user on the payment server.
  • the client displays the prompt information for entering the password to the user, and the user inputs the password of the account on the payment server at the client.
  • the client sends the received password to the payment server in a password confirmation response.
  • the payment server verifies the user password in the password confirmation response, and saves the correspondence between the symmetric key (server authentication key), the user identifier, the mobile terminal identifier, the wristband identifier, and the user public key generated by the client after the verification is passed. Get up, notify the client that the bracelet registration is successful, and the registration process ends.
  • the client After the bracelet is successfully registered on the payment server, when the user wants to pay through the wristband, the client sends a payment authentication request to the server through the client, and the authentication request includes the order information to be paid, the user identifier, the mobile terminal identifier, and the bracelet. logo.
  • the payment server After receiving the authentication request from the client, the payment server compares the mobile terminal identifier in the authentication request with the mobile terminal identifier corresponding to the wristband identifier in the authentication request in the saved correspondence relationship, and if not, the authentication request is rejected, and the payment fails; The payment server generates random plaintext data, and uses the plaintext data as downlink authentication information. The payment server signs the downlink authentication information, the user identifier, and the wristband identifier with the preset server private key, encapsulates them in the detection command, and sends them to the client through an encrypted channel with the client.
  • the client After receiving the detection instruction of the payment server, the client first verifies the legality of the signature data in the detection instruction according to the preset terminal public key. If the data is illegal, the detection instruction is rejected, and the payment fails. After the validity of the signature is verified, the client connects to the specified bracelet in the detection command. After the connection is successful, the downlink authentication information in the detection command is sent to the wristband. The bracelet uses the saved symmetric key to encrypt the downlink authentication information to generate uplink authentication information, and returns the uplink authentication information to the client. The process of encrypting the downlink authentication information by the wristband does not require the user to confirm the tap, and can enter one. Steps to reduce user operations and optimize the user experience.
  • the client After receiving the uplink authentication information generated by the wristband, the client signs the uplink authentication information with the locally saved user private key, encapsulates the signed data and the wristband identifier in the detection response, and passes the encrypted channel with the payment server. Send to the payment server.
  • the payment server After receiving the detection response uploaded by the client, the payment server performs signature verification on the detection response according to the user public key corresponding to the wristband identifier in the detection response. If the signature verification fails, the authentication request fails. After the signature verification is successful, the payment server encrypts the downlink authentication information by using the symmetric key corresponding to the ring identifier, and compares the encrypted data with the uplink authentication information in the detection response, that is, compares the downlink authentication information encrypted by the payment server. Whether the downlink authentication information encrypted with the bracelet is the same, if the same is true, the authentication success message is returned to the client and the payment of the order is continued; if not, the authentication failure message is returned to the client. After receiving the message of successful authentication, the client completes the payment operation of the user order together with the payment server; if the client receives the message of the authentication failure, the user is notified that the payment cannot be completed due to the authentication failure.
  • the embodiment of the present application further provides a device for authenticating a user applied to a server, a device for authenticating a user applied to a terminal that accesses the user wearable device, and an application for the server.
  • Device for registering a wearable device a device for registering a wearable device applied to the terminal, a payment device applied to the server, a payment device applied to the terminal, and an application for the wearable device Payment device on.
  • These devices can be implemented by software or by hardware or a combination of hardware and software.
  • a server, a terminal, or a CPU of a wearable device reads a corresponding computer program instruction into a memory to be formed.
  • the terminal or wearable device in which the device is located usually includes other hardware such as a chip for transmitting and receiving wireless signals, and the device is located.
  • the server typically also includes other hardware such as a board for implementing network communication functions.
  • FIG. 7 is a schematic diagram of an apparatus for authenticating a user, which is applied to a server, where the server stores a correspondence between a user identifier of the user, a wearable device identifier, and a server authentication key, where the device includes authentication.
  • the authentication request receiving unit is configured to receive an authentication request sent by the user by using the terminal, where the authentication request carries the user identifier and/or the wearable device identifier of the user; Acquiring the downlink authentication information, and transmitting, to the terminal, a detection command that carries the downlink authentication information and the wearable device identifier of the user; the detection response receiving unit is configured to receive the detection response that is sent by the terminal and carries the uplink authentication information, where the uplink authentication is performed.
  • the information is generated by the wearable device specified in the detection instruction according to the device authentication key and the downlink authentication information, the device authentication key being the same as or corresponding to the server authentication key; the matching unit is configured to utilize the server authentication key of the user The downlink authentication information and the uplink authentication information are matched. If the matching succeeds, the user passes the authentication.
  • the server further stores a user public key of the user, where the user public key corresponds to the user identifier, the wearable device identifier, and the server authentication key of the user, and is a private key of the user saved in the terminal. a key; the detection response returned by the terminal is signed by a user private key stored in the terminal; the device further includes a detection response verification unit, configured to perform a detection response of the terminal according to the user public key of the user Signature verification, if the verification fails, the user authentication fails.
  • the server further includes a terminal identifier, where the terminal identifier corresponds to the user identifier, the wearable device identifier, and the server authentication key of the user, and the authentication request further includes: a terminal identifier that sends the authentication request.
  • the device further includes: a terminal identifier verification unit, configured to: when the terminal identifier corresponding to the user identifier or the wearable device identifier in the authentication request is different from the terminal identifier for sending the authentication request, the user authentication fails.
  • the server further stores a server private key, where the server private key and the terminal public key stored in the terminal are a pair of keys; the device further includes a detection instruction signature unit, configured to use the server private key pair The detection instruction is signed.
  • the server is a payment server
  • the authentication request is a payment request
  • the device further includes: a payment service unit, configured to provide a payment service to the authenticated user.
  • FIG. 8 is a device for authenticating a user, which is applied to a terminal that accesses a user wearable device, where the device includes an authentication request sending unit, a detection command receiving unit, an uplink authentication information unit, and a detection response. a sending unit and an authentication result receiving unit, wherein: the authentication request sending unit is configured to send an authentication request to the server according to an operation of the user, where the authentication request is carried The user identifier and/or the wearable device identifier of the user; the detection instruction receiving unit is configured to receive a detection instruction of the server, where the detection instruction carries the downlink authentication information and the wearable device identifier; and the uplink authentication information unit is used to The downlink authentication information is sent to the wearable device specified in the detection command, and receives the uplink authentication information returned by the wearable device; the uplink authentication information is used by the wearable device according to the saved device authentication key and the downlink authentication information.
  • the authentication request sending unit is configured to send an authentication request to the server according to an operation of the user
  • the device authentication key is the same as or corresponding to the server authentication key stored in the server; the detection response sending unit is configured to send a detection response carrying the uplink authentication information to the server; and the authentication result receiving unit is configured to receive the server according to the The user authentication result determined by the uplink authentication information, the downlink authentication information, and the server authentication key.
  • the terminal saves a user private key of the user, where the user private key is a pair of keys with a user public key stored in the server; the device further includes a detection response signature unit, The user's private key of the user signs the detection response.
  • the terminal saves a terminal public key, where the terminal public key and the server private key stored in the server are a pair of keys; the detection instruction sent by the server is signed by the server private key;
  • the detection instruction verification unit is configured to perform signature verification on the detection instruction of the server according to the terminal public key, and reject the detection instruction if the verification fails.
  • the authentication request is a payment request
  • the terminal completes the payment operation of the user after the user authentication result is the authentication.
  • FIG. 9 is a schematic diagram of an apparatus for registering a wearable device, which is applied to a server and functionally divided.
  • the device further includes a registration request receiving unit, a write command issuing unit, and a write response receiving.
  • the registration request receiving unit is configured to receive a wearable device registration request sent by the user by using the terminal, where the registration request carries the user identifier and the wearable device identifier of the user;
  • the write command sending unit is configured to obtain a server authentication key and a device authentication key of the user, and sending a write command carrying the device authentication key and the wearable device identifier of the user to the terminal;
  • the write response receiving unit is configured to receive the write returned by the terminal In response, if the write response indicates that the device authentication key has been successfully saved in the wearable device specified in the write command, the correspondence between the user identifier, the wearable device identifier, and the server authentication key of the user is saved. .
  • the write response receiving unit includes a password confirmation request sending module and a password confirmation response receiving module, where: the password confirmation request issuing module is configured to indicate in the write response that the device authentication key has been successfully saved in the When the device is written in the wearable device specified by the command, the password confirmation request is sent to the terminal; the password confirmation response receiving module is configured to receive the password confirmation response that the terminal carries the user password, and if the user password is correct, the user of the user is saved.
  • the password confirmation request issuing module is configured to indicate in the write response that the device authentication key has been successfully saved in the When the device is written in the wearable device specified by the command, the password confirmation request is sent to the terminal; the password confirmation response receiving module is configured to receive the password confirmation response that the terminal carries the user password, and if the user password is correct, the user of the user is saved.
  • the write response returned by the terminal further includes a user public key generated by the terminal;
  • the password acknowledgement response receiving unit is specifically configured to: receive the password confirmation response that the terminal carries the user password, if the user password is correct And storing the correspondence between the user identifier of the user, the wearable device identifier, the server authentication key, and the user public key.
  • the server further stores a server private key and a server public key; the server private key and the terminal public key stored in the terminal are a pair of keys; the server public key and the terminal private key stored in the terminal Is a pair of keys.
  • the apparatus further includes a write command signature unit for signing the write command with a server private key; the apparatus further comprising a write response check unit for writing a response to the terminal using the server public key The signature verification is performed, and if the verification fails, the registration request is rejected.
  • FIG. 10 is a schematic diagram of a device for registering a wearable device, which is functionally divided on a terminal, and further includes a registration request sending unit, a write command receiving unit, and a write operation executing unit. And a write response sending unit, wherein: the registration request sending unit is configured to send a wearable device registration request to the server according to the operation of the user, where the registration request carries the user identifier and the wearable device identifier of the user; The receiving unit is configured to receive a write command of the server, where the write command carries a device authentication key, the wearable device identifier of the user, and the write operation execution unit is configured to: the wearable device specified in the write command The operation of writing the device authentication key is performed; the write response sending unit is configured to send a write response to the server, where the write response carries a message indicating whether the device authentication key is successful.
  • the registration request sending unit is configured to send a wearable device registration request to the server according to the operation of the user, where the registration
  • the device further includes a password confirmation request receiving unit, configured to: after receiving the write response to the server, receive a password confirmation request of the server, and carry the user password input by the user in a secret manner. Return to the server in the code confirmation response.
  • a password confirmation request receiving unit configured to: after receiving the write response to the server, receive a password confirmation request of the server, and carry the user password input by the user in a secret manner. Return to the server in the code confirmation response.
  • the device further includes a user key generating unit, configured to generate a user private key and a user public key of the user after the operation of writing the device authentication key is successful, and save the user private key;
  • the user's public key of the user is also carried in the write response.
  • the terminal saves the terminal public key and the terminal private key; the terminal public key and the server private key stored in the server are a pair of keys; the terminal private key and the server public key stored in the server are a pair of keys; the apparatus further comprising a write command verifying unit for performing signature verification on the write command of the server by using the terminal public key, and rejecting the write command if the check fails.
  • the apparatus also includes a write response signature unit for signing the write response with the terminal private key.
  • An embodiment of the present application provides a payment device, which is functionally divided on a server, and includes a payment request receiving unit, an authentication command issuing unit, an authentication response receiving unit, and a payment matching unit, where: the payment request receiving unit uses And receiving the payment request sent by the user through the payment client, where the payment request carries the user identifier and/or the wearable device identifier of the user; the authentication command issuing unit is configured to obtain the downlink authentication information, and deliver the downlink authentication information to the payment client.
  • the authentication response receiving unit is configured to receive the authentication response information that is returned by the payment client and that carries the uplink authentication information, where the uplink authentication information is determined by the wearable device specified in the authentication command.
  • the device authentication key and the downlink authentication information are generated, and the device authentication key is the same as or corresponds to the server authentication key;
  • the payment matching unit is configured to match the downlink authentication information and the uplink authentication information by using the server authentication key of the user, and match If the success is successful, the user passes the certification and is recognized The payment operation is carried out after the pass.
  • the payment request is triggered by the user selecting information on the payment client that is represented by the wearable device.
  • An embodiment of the present application provides a payment device, which is functionally divided on a terminal, and includes a payment request sending unit, an authentication instruction receiving unit, and an authentication response sending unit, where the payment request sending unit is configured to respond to the user.
  • Sending a payment request to the server where the payment request carries a user identifier and/or a wearable device identifier of the user;
  • the authentication command receiving unit is configured to receive the downlink authentication information and the server Wearable device identification
  • the authentication command is sent to the wearable device, so that the wearable device generates the uplink authentication information by using the device authentication key and the downlink authentication information saved by the wearable device;
  • the authentication response sending unit is configured to receive the return of the wearable device.
  • the uplink authentication information is sent to the server, so that the server authenticates the user according to the uplink authentication information, and performs a payment operation after the authentication is passed.
  • the payment operation of the user on the payment client is specifically an operation selected by the user to indicate payment by the wearable device.
  • An embodiment of the present application provides a payment device of a wearable device, which is functionally divided on a wearable device, and includes a payment authentication information receiving unit and an uplink authentication information generating unit, where the payment authentication information receiving unit is used for And receiving the payment authentication information sent by the payment client, where the payment authentication information includes downlink authentication information that is sent by the server based on the payment request sent by the user, and the uplink authentication information generating unit is configured to use the saved device authentication key and The downlink authentication information generates the uplink authentication information, and sends the uplink authentication information to the payment client, so that the payment client sends the uplink authentication information to the server, so that the server can authenticate the user based on the uplink authentication information, and the authentication is passed. After the payment operation.
  • the device further includes: a payment binding unit, configured to save the device authentication key carried in the payment binding request in response to the payment binding request sent by the user by the payment client.
  • a payment binding unit configured to save the device authentication key carried in the payment binding request in response to the payment binding request sent by the user by the payment client.
  • a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
  • RAM random access memory
  • ROM read only memory
  • Memory is an example of a computer readable medium.
  • Computer readable media includes both permanent and non-persistent, removable and non-removable media.
  • Information storage can be implemented by any method or technology.
  • the information can be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), EEPROM, Fast Flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, magnetic cassette, magnetic tape storage or other magnetic storage device or any other non-
  • PRAM phase change memory
  • SRAM Static Random Access Memory
  • DRAM Dynamic Random Access Memory
  • RAM Random Access Memory
  • ROM Read Only Memory
  • EEPROM Electrically erasable programmable read-only Memory
  • Fast Flash memory or other memory technology
  • CD-ROM compact disc
  • DVD digital versatile disc
  • computer readable media does not include temporary storage of computer readable media, such as
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Power Engineering (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Lock And Its Accessories (AREA)
PCT/CN2016/076415 2015-04-02 2016-03-15 认证用户的方法及装置、注册可穿戴设备的方法及装置 Ceased WO2016155497A1 (zh)

Priority Applications (8)

Application Number Priority Date Filing Date Title
PL16771252T PL3280090T3 (pl) 2015-04-02 2016-03-15 Sposób i przyrząd do uwierzytelniania użytkownika
KR1020177031906A KR102242218B1 (ko) 2015-04-02 2016-03-15 사용자 인증 방법 및 장치, 및 웨어러블 디바이스 등록 방법 및 장치
EP16771252.0A EP3280090B1 (en) 2015-04-02 2016-03-15 User authentication method and device
SG11201708032TA SG11201708032TA (en) 2015-04-02 2016-03-15 Method and apparatus for authenticating user, method and apparatus for registering wearable device
JP2017551677A JP6646341B2 (ja) 2015-04-02 2016-03-15 ユーザを認証する方法及び装置、ウェアラブルデバイスを登録する方法及び装置
ES16771252T ES2820554T3 (es) 2015-04-02 2016-03-15 Método y aparato para autentificar un usuario, método y aparato para registrar un dispositivo ponible
US15/719,274 US10587418B2 (en) 2015-04-02 2017-09-28 Authenticating a user and registering a wearable device
US16/813,613 US10873573B2 (en) 2015-04-02 2020-03-09 Authenticating a user and registering a wearable device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510155552.4 2015-04-02
CN201510155552.4A CN106161359B (zh) 2015-04-02 2015-04-02 认证用户的方法及装置、注册可穿戴设备的方法及装置

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US15/719,274 Continuation US10587418B2 (en) 2015-04-02 2017-09-28 Authenticating a user and registering a wearable device

Publications (1)

Publication Number Publication Date
WO2016155497A1 true WO2016155497A1 (zh) 2016-10-06

Family

ID=57005586

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/076415 Ceased WO2016155497A1 (zh) 2015-04-02 2016-03-15 认证用户的方法及装置、注册可穿戴设备的方法及装置

Country Status (9)

Country Link
US (2) US10587418B2 (enExample)
EP (1) EP3280090B1 (enExample)
JP (1) JP6646341B2 (enExample)
KR (1) KR102242218B1 (enExample)
CN (2) CN106161359B (enExample)
ES (1) ES2820554T3 (enExample)
PL (1) PL3280090T3 (enExample)
SG (2) SG10202004393SA (enExample)
WO (1) WO2016155497A1 (enExample)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108154364A (zh) * 2016-12-06 2018-06-12 上海方付通商务服务有限公司 可穿戴设备及具有所述可穿戴设备的支付系统及支付方法
JP2019087236A (ja) * 2017-11-07 2019-06-06 マスターカード インターナシヨナル インコーポレーテツド 個人クラウドプラットフォームを用いてオンラインユーザ認証を強化するシステム及び方法
CN110298664A (zh) * 2018-03-23 2019-10-01 本田技研工业株式会社 信息处理方法及电子设备
CN118502819A (zh) * 2024-07-19 2024-08-16 北京蜂巢世纪科技有限公司 指令响应方法、可穿戴设备、终端、服务器及存储介质

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106161359B (zh) 2015-04-02 2019-09-17 阿里巴巴集团控股有限公司 认证用户的方法及装置、注册可穿戴设备的方法及装置
US10122709B2 (en) * 2015-05-12 2018-11-06 Citrix Systems, Inc. Multifactor contextual authentication and entropy from device or device input or gesture authentication
KR102370286B1 (ko) * 2015-10-28 2022-03-03 에스케이플래닛 주식회사 무선 메시 네트워크 인증 방법 및 이를 위한 장치, 이를 수행하는 컴퓨터 프로그램을 기록한 기록 매체
US10496852B1 (en) * 2016-07-12 2019-12-03 Symantec Corporation Systems and methods of dynamic obfuscation pattern generation for preventing smudge attacks on touch screen devices
CN106683243A (zh) * 2016-12-08 2017-05-17 大唐微电子技术有限公司 一种酒店在线加密管理方法及系统
CN106981003B (zh) * 2016-12-30 2020-08-25 中国银联股份有限公司 用于虚拟现实环境的交易方法、装置及系统
CN106790307A (zh) * 2017-03-28 2017-05-31 联想(北京)有限公司 网络安全管理方法及服务器
CN107277017A (zh) * 2017-06-22 2017-10-20 北京洋浦伟业科技发展有限公司 基于加密密钥和设备指纹的权限认证方法、装置及系统
CN107395634B (zh) * 2017-08-25 2020-02-11 中南大学 一种可穿戴设备的无口令身份认证方法
CN107766738A (zh) * 2017-09-12 2018-03-06 阿里巴巴集团控股有限公司 一种智能设备的绑定方法、装置和系统、通讯系统
CN109495885B (zh) * 2017-09-13 2021-09-14 中国移动通信有限公司研究院 认证方法、移动终端、管理系统及蓝牙ic卡
CN109561429B (zh) * 2017-09-25 2020-11-17 华为技术有限公司 一种鉴权方法及设备
US11368451B2 (en) 2017-10-19 2022-06-21 Google Llc Two-factor authentication systems and methods
CN112508552B (zh) * 2017-12-06 2024-07-09 创新先进技术有限公司 Nfc便携设备的写入、支付方法、装置以及设备
CN118842578A (zh) * 2018-03-09 2024-10-25 山东量子科学技术研究院有限公司 量子密钥分配网络、可穿戴设备、用户终端及目标服务器
CN110247881B (zh) * 2018-03-09 2021-08-13 山东量子科学技术研究院有限公司 基于可穿戴设备的身份认证方法及系统
CN108574578A (zh) * 2018-03-22 2018-09-25 北京交通大学 一种黑匣子数据保护系统及方法
CN108320158B (zh) * 2018-04-11 2024-12-13 郑鸿 一种穿戴式支付设备
CN110611903B (zh) * 2018-06-15 2022-07-15 中兴通讯股份有限公司 一种设备绑定方法、装置、设备及存储介质
CN108814561A (zh) * 2018-07-11 2018-11-16 山东博科保育科技股份有限公司 经皮黄疸仪智能控制方法、装置及系统
US12125054B2 (en) 2018-09-25 2024-10-22 Valideck International Corporation System, devices, and methods for acquiring and verifying online information
CN109522387B (zh) * 2018-10-27 2023-07-14 平安医疗健康管理股份有限公司 基于数据处理的腰椎盘突出资质认证方法、设备及服务器
EP3657750B1 (de) 2018-11-21 2023-01-11 TeamViewer Germany GmbH Verfahren zur authentifizierung einer datenbrille in einem datennetz
CN109379388B (zh) * 2018-12-17 2021-04-06 福建联迪商用设备有限公司 一种身份识别方法、终端及可穿戴设备
CN111431840B (zh) * 2019-01-09 2022-06-07 北京京东尚科信息技术有限公司 安全处理方法、装置、计算机设备及可读存储介质
CN111158645B (zh) * 2019-12-10 2022-09-20 杭州中天微系统有限公司 提供集成开发环境的系统和方法
CN113132979B (zh) * 2019-12-30 2023-03-21 中移雄安信息通信科技有限公司 Imsi加密公钥的获取方法、下发方法及设备
CN113256902B (zh) * 2020-02-27 2024-07-12 深圳怡化电脑股份有限公司 敏感信息的安全输入方法、设备、系统及存储介质
CN112597528B (zh) * 2020-03-31 2025-03-07 北京金风慧能技术有限公司 信息安全保护方法、装置、电子设备及存储介质
CN113709088B (zh) * 2020-05-22 2023-04-28 中国联合网络通信集团有限公司 基于可穿戴设备的数据传输方法、装置、设备和存储介质
US11727127B2 (en) * 2020-10-16 2023-08-15 Micron Technology, Inc. Secure storage device verification with multiple computing devices
JP7642348B2 (ja) * 2020-11-06 2025-03-10 株式会社東芝 転送装置、通信システム、転送方法及びプログラム
JP7395455B2 (ja) * 2020-11-06 2023-12-11 株式会社東芝 転送装置、鍵管理サーバ装置、通信システム、転送方法及びプログラム
CN112532629B (zh) * 2020-11-30 2023-01-24 航天信息股份有限公司 一种数据传输方法、装置、设备和介质
JP2022113035A (ja) * 2021-01-22 2022-08-03 キヤノン株式会社 情報処理装置、認証器、それら方法およびプログラム
CN112887409B (zh) * 2021-01-27 2022-05-17 珠海格力电器股份有限公司 一种数据处理系统、方法、装置、设备和存储介质
CN113055182B (zh) * 2021-03-15 2022-11-08 中国工商银行股份有限公司 认证方法及系统、终端、服务器、计算机系统和介质
US11638564B2 (en) * 2021-08-24 2023-05-02 Biolink Systems, Llc Medical monitoring system
CN114124578B (zh) * 2022-01-25 2022-04-15 湖北芯擎科技有限公司 一种通信方法、装置、车辆及存储介质
JP2025009023A (ja) * 2023-07-06 2025-01-20 トヨタ自動車株式会社 端末装置のプログラム、情報処理装置、及びシステムの動作方法
CN117240870B (zh) * 2023-11-01 2024-07-12 广东壹健康健康产业集团股份有限公司 一种可穿戴设备数据同步方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101192926A (zh) * 2006-11-28 2008-06-04 北京握奇数据系统有限公司 帐号保护的方法及系统
US20100070766A1 (en) * 2007-06-28 2010-03-18 Tencent Technology (Shenzhen) Company Limited Authentication Method, Client, Server And System
CN103716794A (zh) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 一种基于便携式设备的双向安全验证方法及系统
CN104065653A (zh) * 2014-06-09 2014-09-24 韩晟 一种交互式身份验证方法、装置、系统和相关设备
CN104219058A (zh) * 2014-09-28 2014-12-17 小米科技有限责任公司 身份认证、身份授权方法及装置

Family Cites Families (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5781723A (en) * 1996-06-03 1998-07-14 Microsoft Corporation System and method for self-identifying a portable information device to a computing unit
US6346391B1 (en) * 1999-07-22 2002-02-12 Trustees Of Tufts College Methods of reducing microbial resistance to drugs
KR20010086038A (ko) * 1999-09-17 2001-09-07 이데이 노부유끼 데이터 제공 시스템 및 그 방법
JP2002247029A (ja) * 2000-02-02 2002-08-30 Sony Corp 認証装置、認証システムおよびその方法、処理装置、通信装置、通信制御装置、通信システムおよびその方法、情報記録方法およびその装置、情報復元方法およびその装置、その記録媒体
US7310734B2 (en) * 2001-02-01 2007-12-18 3M Innovative Properties Company Method and system for securing a computer network and personal identification device used therein for controlling access to network components
JP2002374244A (ja) * 2001-06-13 2002-12-26 Kenwood Corp 情報配信方法
KR100449484B1 (ko) * 2001-10-18 2004-09-21 한국전자통신연구원 공개키 기반 구조 인증시스템에서 생체정보를 이용한인증서 발급 방법
US6996715B2 (en) * 2002-01-03 2006-02-07 Lockheed Martin Corporation Method for identification of a user's unique identifier without storing the identifier at the identification site
US8539232B2 (en) * 2002-06-26 2013-09-17 Sony Corporation Information terminal apparatus, information processing apparatus and information communication system
JP4311174B2 (ja) * 2003-11-21 2009-08-12 日本電気株式会社 認証方法、移動体無線通信システム、移動端末、認証側装置、認証サーバ、認証代理スイッチ及びプログラム
US20070186099A1 (en) * 2004-03-04 2007-08-09 Sweet Spot Solutions, Inc. Token based two factor authentication and virtual private networking system for network management and security and online third party multiple network management method
EP1743447B1 (en) * 2004-05-04 2009-03-25 Research In Motion Limited Challenge response system and method
US20060036857A1 (en) * 2004-08-06 2006-02-16 Jing-Jang Hwang User authentication by linking randomly-generated authentication secret with personalized secret
US8132006B2 (en) * 2005-05-03 2012-03-06 Ntt Docomo, Inc. Cryptographic authentication and/or establishment of shared cryptographic keys, including, but not limited to, password authenticated key exchange (PAKE)
JP4722599B2 (ja) * 2005-07-13 2011-07-13 富士通株式会社 電子画像データ検証プログラム、電子画像データ検証システム及び電子画像データ検証方法
US7814320B2 (en) * 2005-07-19 2010-10-12 Ntt Docomo, Inc. Cryptographic authentication, and/or establishment of shared cryptographic keys, using a signing key encrypted with a non-one-time-pad encryption, including (but not limited to) techniques with improved security against malleability attacks
JP4607782B2 (ja) 2006-02-06 2011-01-05 株式会社エヌ・ティ・ティ・ドコモ 通信端末装置
US8572387B2 (en) * 2006-07-26 2013-10-29 Panasonic Corporation Authentication of a peer in a peer-to-peer network
JP4894857B2 (ja) * 2006-08-04 2012-03-14 富士通株式会社 電子文書を管理するプログラム、方法、及び装置
US8156332B2 (en) * 2007-05-29 2012-04-10 Apple Inc. Peer-to-peer security authentication protocol
WO2009057147A2 (en) * 2007-11-04 2009-05-07 Rajendra Kumar Khare Method and system for user authentication
CN101662768B (zh) * 2008-08-28 2013-06-19 阿尔卡特朗讯公司 基于个人手持电话系统的用户标识模块的认证方法和设备
CN102421097B (zh) * 2010-09-27 2015-12-09 中国移动通信集团公司 一种用户认证方法、装置及系统
US20120102324A1 (en) * 2010-10-21 2012-04-26 Mr. Lazaro Rodriguez Remote verification of user presence and identity
US8346672B1 (en) 2012-04-10 2013-01-01 Accells Technologies (2009), Ltd. System and method for secure transaction process via mobile device
CN102546172A (zh) * 2011-12-16 2012-07-04 北京握奇数据系统有限公司 智能卡的访问控制方法、智能卡、终端和系统
US20140133656A1 (en) 2012-02-22 2014-05-15 Qualcomm Incorporated Preserving Security by Synchronizing a Nonce or Counter Between Systems
US20130268687A1 (en) 2012-04-09 2013-10-10 Mcafee, Inc. Wireless token device
CN103220270A (zh) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 密钥下载方法、管理方法、下载管理方法及装置和系统
US20140279528A1 (en) 2013-03-15 2014-09-18 Motorola Mobility Llc Wearable Authentication Device
CN103220271A (zh) * 2013-03-15 2013-07-24 福建联迪商用设备有限公司 密钥下载方法、管理方法、下载管理方法及装置和系统
CN103178969B (zh) * 2013-04-16 2016-06-29 河南有线电视网络集团有限公司 一种业务鉴权方法及系统
CN104346548A (zh) 2013-08-01 2015-02-11 华为技术有限公司 穿戴式设备的认证方法及穿戴式设备
JP2015033038A (ja) * 2013-08-05 2015-02-16 ソニー株式会社 情報処理装置、情報処理方法及びコンピュータプログラム
JP2015192377A (ja) * 2014-03-28 2015-11-02 富士通株式会社 鍵送信方法、鍵送信システム、及び鍵送信プログラム
US9826400B2 (en) * 2014-04-04 2017-11-21 Qualcomm Incorporated Method and apparatus that facilitates a wearable identity manager
CN104219626B (zh) * 2014-08-25 2017-11-21 北京乐富科技有限责任公司 一种身份认证的方法和装置
CN104243484B (zh) 2014-09-25 2016-04-13 小米科技有限责任公司 信息交互方法及装置、电子设备
CN106161359B (zh) 2015-04-02 2019-09-17 阿里巴巴集团控股有限公司 认证用户的方法及装置、注册可穿戴设备的方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101192926A (zh) * 2006-11-28 2008-06-04 北京握奇数据系统有限公司 帐号保护的方法及系统
US20100070766A1 (en) * 2007-06-28 2010-03-18 Tencent Technology (Shenzhen) Company Limited Authentication Method, Client, Server And System
CN103716794A (zh) * 2013-12-25 2014-04-09 北京握奇数据系统有限公司 一种基于便携式设备的双向安全验证方法及系统
CN104065653A (zh) * 2014-06-09 2014-09-24 韩晟 一种交互式身份验证方法、装置、系统和相关设备
CN104219058A (zh) * 2014-09-28 2014-12-17 小米科技有限责任公司 身份认证、身份授权方法及装置

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3280090A4 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108154364A (zh) * 2016-12-06 2018-06-12 上海方付通商务服务有限公司 可穿戴设备及具有所述可穿戴设备的支付系统及支付方法
JP2019087236A (ja) * 2017-11-07 2019-06-06 マスターカード インターナシヨナル インコーポレーテツド 個人クラウドプラットフォームを用いてオンラインユーザ認証を強化するシステム及び方法
US11348116B2 (en) 2017-11-07 2022-05-31 Mastercard International Incorporated Systems and methods for enhancing online user authentication using a personal cloud platform
CN110298664A (zh) * 2018-03-23 2019-10-01 本田技研工业株式会社 信息处理方法及电子设备
CN118502819A (zh) * 2024-07-19 2024-08-16 北京蜂巢世纪科技有限公司 指令响应方法、可穿戴设备、终端、服务器及存储介质

Also Published As

Publication number Publication date
PL3280090T3 (pl) 2020-11-16
US20200213129A1 (en) 2020-07-02
CN110417797A (zh) 2019-11-05
US10873573B2 (en) 2020-12-22
KR102242218B1 (ko) 2021-04-21
ES2820554T3 (es) 2021-04-21
EP3280090B1 (en) 2020-08-26
US20180019878A1 (en) 2018-01-18
EP3280090A4 (en) 2018-12-05
JP2018515011A (ja) 2018-06-07
SG11201708032TA (en) 2017-10-30
CN106161359B (zh) 2019-09-17
JP6646341B2 (ja) 2020-02-14
EP3280090A1 (en) 2018-02-07
US10587418B2 (en) 2020-03-10
CN110417797B (zh) 2021-07-30
CN106161359A (zh) 2016-11-23
KR20170134631A (ko) 2017-12-06
SG10202004393SA (en) 2020-06-29

Similar Documents

Publication Publication Date Title
CN106161359B (zh) 认证用户的方法及装置、注册可穿戴设备的方法及装置
TWI676945B (zh) 綁定可穿戴設備的方法和裝置、電子支付方法和裝置
US20180285555A1 (en) Authentication method, device and system
US11501294B2 (en) Method and device for providing and obtaining graphic code information, and terminal
JP2025124768A (ja) 顧客サポート呼の第2の要素認証のためのシステムおよび方法
US9918226B2 (en) Spoofing protection for secure-element identifiers
CN114450990B (zh) 经由非接触式卡为安全消息提供凭证的多因素认证
US20150295921A1 (en) Service Authorization using Auxiliary Device
WO2019129037A1 (zh) 设备认证方法、空中写卡方法及设备认证装置
EP3662430B1 (en) System and method for authenticating a transaction
CN105516104A (zh) 一种基于tee的动态口令的身份验证方法及系统
KR20180013710A (ko) 공개키 기반의 서비스 인증 방법 및 시스템
KR102012262B1 (ko) 키 관리 방법 및 fido 소프트웨어 인증장치
WO2015184809A1 (zh) 移动终端支付交易的方法、移动终端、服务提供商设备及系统
KR102547682B1 (ko) Puf기반 otp를 이용하여 사용자 인증을 지원하는 서버 및 그 동작 방법
HK1230361B (zh) 认证用户的方法及装置、注册可穿戴设备的方法及装置
JP6560649B2 (ja) 認証サーバ、端末装置、システム、認証方法、及びプログラム
HK1230361A1 (en) Method and device for authenticating user, and method and device for registering wearable device
HK1230361A (en) Method and device for authenticating user, and method and device for registering wearable device
HK1238021B (zh) 图形码信息提供、获取方法、装置及终端

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16771252

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 11201708032T

Country of ref document: SG

ENP Entry into the national phase

Ref document number: 2017551677

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 20177031906

Country of ref document: KR

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 2016771252

Country of ref document: EP