WO2017016241A1 - Data transfer method, mobile terminal, server and system - Google Patents

Data transfer method, mobile terminal, server and system Download PDF

Info

Publication number
WO2017016241A1
WO2017016241A1 PCT/CN2016/079565 CN2016079565W WO2017016241A1 WO 2017016241 A1 WO2017016241 A1 WO 2017016241A1 CN 2016079565 W CN2016079565 W CN 2016079565W WO 2017016241 A1 WO2017016241 A1 WO 2017016241A1
Authority
WO
WIPO (PCT)
Prior art keywords
data transfer
information
mobile terminal
user
certificate
Prior art date
Application number
PCT/CN2016/079565
Other languages
French (fr)
Chinese (zh)
Inventor
李建立
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2017016241A1 publication Critical patent/WO2017016241A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the present invention relates to the field of Internet technologies, and in particular, to a data transfer method, a mobile terminal, a server, and a system.
  • the fingerprint information is suitable for identification in the field of online data transfer, but the collection of human biological characteristics such as fingerprint information has the risk of legal problems and personal privacy leakage, so the data transfer is performed by verifying the fingerprint information.
  • the solution is performed locally, and the fingerprint information is not transmitted to the data transfer service or the back-end server of the third-party organization.
  • the technical seal is adopted and the special Security measures on the hardware to solve the problem of fingerprint verification credibility, but only by verifying the fingerprint information for data transfer, there is still a problem of low security.
  • the technical problem to be solved by the embodiments of the present invention is to provide a data transfer method, a mobile terminal, a server, and a system, which can improve the security of data transfer.
  • an embodiment of the present invention provides a data transfer method, including:
  • the private key in the pre-installed digital certificate digitally signs the summary information, where the summary information is generated according to the original text field, and the original text field includes the challenge code, the order information, and the mobile terminal identifier;
  • an embodiment of the present invention further provides a data transfer method, including:
  • an embodiment of the present invention further provides a mobile terminal, including:
  • An information receiving module configured to receive, by the data transfer server, data transfer information carrying a challenge code for an order, where the data transfer information includes order information;
  • An information prompting module configured to prompt the user to input fingerprint verification information when detecting that the user confirms data transfer to the order
  • a digital signature module configured to digitally sign the summary information by using a private key in the pre-installed digital certificate when determining that the fingerprint verification information input by the user matches the preset fingerprint template information, where the summary information is based on the original text Generating a data packet, the original text field including the challenge code, the order information, and a mobile terminal identifier;
  • an information sending module configured to send the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
  • an embodiment of the present invention further provides a data transfer server, including:
  • An information sending module configured to send data transfer information carrying a challenge code to the mobile terminal, so that The mobile terminal verifies the fingerprint verification information input by the user when detecting that the user confirms the data transfer to the order, and then digitally signs the summary information using the private key in the pre-installed digital certificate, where the data transfer information includes the order information.
  • the summary information is generated by generating a data packet according to the original text field, where the original text field includes the challenge code, the order information, and a mobile terminal identifier;
  • An information receiving module configured to receive the digitally signed summary information sent by the mobile terminal
  • the information verification module is configured to verify the digitally signed summary information, and perform data transfer according to the verification result of the digitally signed summary information.
  • an embodiment of the present invention further provides a data transfer system, including a data transfer server and at least one mobile terminal, where:
  • the mobile terminal is configured to receive, by the data transfer server, data transfer information carrying a challenge code for an order, where the data transfer information includes order information; and when detecting that the user confirms data transfer to the order, prompting the user Entering fingerprint verification information; when it is determined that the fingerprint verification information input by the user matches the preset fingerprint template information, the summary information is digitally signed using the private key in the pre-installed digital certificate, and the summary information is based on the original text field. Generating a data message, the original text field including the challenge code, the order information, and the mobile terminal identifier; sending the digitally signed summary information to the data transfer server, so that the data transfer server is configured according to The digitally signed verification result of the summary information is subjected to data transfer.
  • the data transfer server is configured to send data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user when the user confirms that the user performs data transfer on the order, and then uses the pre-
  • the private key in the installed digital certificate digitally signs the summary information, the data transfer information includes order information; receiving the digitally signed summary information sent by the mobile terminal; and the digitally signed summary The information is verified, and data is transferred according to the verification result of the digitally signed summary information.
  • the mobile terminal may verify that the user inputs the fingerprint verification information when detecting that the user confirms the data transfer to the order; and then digitally sign the summary information using the private key in the pre-installed digital certificate, and the digital The signed summary information is sent to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information, thereby improving the security of the data transfer.
  • FIG. 1 is a schematic flow chart of a first embodiment of a data transfer method according to the present invention
  • FIG. 2 is a schematic flow chart of a second embodiment of a data transfer method according to the present invention.
  • FIG. 3 is a schematic flow chart of a third embodiment of a data transfer method according to the present invention.
  • FIG. 4 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention.
  • FIG. 5 is another schematic structural diagram of a mobile terminal according to an embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a data transfer server according to an embodiment of the present invention.
  • FIG. 7 is another schematic structural diagram of a data transfer server according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a data transfer system according to an embodiment of the present invention.
  • the mobile terminal in the embodiment of the present invention may be a mobile phone, a smart phone, a tablet computer, an e-reader, a notebook computer, a vehicle-mounted terminal, a wearable portable device, etc., which can communicate with a data transfer server via the Internet, and the data transfer
  • the server may be a payment server such as a third-party payment server or a bank payment server, or an instant messaging server that supports the payment service function, an SNS (Social Networking Services) server, or the like, which is not limited by the embodiment of the present invention.
  • a payment server such as a third-party payment server or a bank payment server, or an instant messaging server that supports the payment service function, an SNS (Social Networking Services) server, or the like, which is not limited by the embodiment of the present invention.
  • SNS Social Networking Services
  • FIG. 1 is a schematic diagram of a first embodiment of a data transfer method according to the present invention.
  • the data transfer method described in this embodiment is mainly described from the mobile terminal side, as shown in the figure.
  • the data transfer method in the embodiment may include the following steps:
  • the receiving data transfer server sends data transfer information carrying a challenge code for the order, where the data transfer information includes order information.
  • the challenge code is a verification code randomly assigned by the data transfer server to the mobile terminal, and is only related to the current data transfer service
  • the order information includes an order number, an order time, and the like
  • the data transfer information may further include a data transfer mode
  • the mobile terminal may receive a selection instruction input by the user for the multiple data transfer modes, and select a data transfer from the multiple data transfer modes according to the selection instruction for the multiple data transfer modes. The way to transfer data.
  • the user may input an acknowledgement instruction for the order that is input by the user; according to the confirmation instruction for the order, The data transfer server sends a data transfer request, and after checking the legality of the order, the data transfer server returns the data transfer information carrying the challenge code.
  • the certificate service request may be sent to the data transfer server, so that the data transfer server returns the certificate installation package; and the number is received. Transmitting a certificate installation package sent by the server; and installing the certificate installation package to obtain a digital certificate according to the determining instruction input by the user for the certificate installation package.
  • whether the mobile terminal is in the fingerprint template information of the user may be checked. If the fingerprint template information of the user does not exist in the mobile terminal, the fingerprint template information input by the user is obtained, if the mobile terminal has the The fingerprint template information of the user prompts the user that the data transfer service is successfully activated.
  • the user may be prompted to input a data transfer verification password, and when the data transfer verification password input by the user is correct, perform a certificate service request to the data transfer server.
  • a step of. Moreover, before sending the certificate service request to the data transfer server, whether the mobile terminal supports fingerprint recognition, and if the mobile terminal supports fingerprint recognition, performing the step of sending a certificate service request to the data transfer server, if If the mobile terminal does not support fingerprint recognition, the user is prompted to not support the data transfer service.
  • fingerprint recognition is performed locally on the mobile terminal.
  • the information verification code sent by the data transfer server by using the contact manner of the mobile terminal may be first received, and the user is prompted to submit the information verification code; Determining an information verification code input by the user; finally transmitting the information verification code input by the user to the data transfer server, so that the data transfer server sends the information verification code input by the user to the mobile terminal when confirming that the information verification code input by the user is correct Send the certificate installation package.
  • the mobile terminal may receive the confirmation instruction of the data transfer input by the user, and when detecting the confirmation instruction of the data transfer input by the user, prompting the user to input the fingerprint verification information, and acquiring the user input through the fingerprint collection device. Fingerprint verification information.
  • the digest information is digitally signed by using a private key in the pre-installed digital certificate, where the digest information is generated according to the original text field. a message, the original text field including the challenge code, the order information, and a mobile terminal identity.
  • the step of digitally signing the summary information using the private key in the pre-installed digital certificate is performed.
  • the digital certificate may encrypt and decrypt the summary information transmitted by the network.
  • the digital certificate includes a private key and a public key.
  • the data transfer server decrypts the encrypted data using the public key after receiving the encrypted data; when the data transfer server sends the data to the mobile terminal, the data transfer server can use the public key pair in the digital certificate
  • the data is encrypted, and the mobile terminal decrypts the encrypted data using the private key after receiving the encrypted data.
  • S104 Send the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
  • the digitally signed summary information carries an original text field
  • the data transfer server first generates the summary data by using the same function;
  • the decrypted summary information is compared with the summary data; finally, according to the decrypted summary information and the summary data The comparison results for data transfer. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
  • the data transfer result sent by the data transfer server may be received; and the prompt information corresponding to the data transfer result is displayed according to the data transfer result. Further, if the data transfer result is that the data transfer is successful, a successful message is displayed, and if the data transfer result is a data transfer failure, the user is prompted to resubmit the above operation flow.
  • the mobile terminal may verify that the user inputs the fingerprint verification information when detecting that the user confirms the data transfer to the order; and then digitally sign the summary information using the private key in the pre-installed digital certificate, and the digital The signed summary information is sent to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information, thereby improving the security of the data transfer.
  • FIG. 2 is a schematic diagram of a second embodiment of a data transfer method according to the present invention.
  • the data transfer method described in this embodiment is mainly described from the data transfer server side, as shown in the figure.
  • the data transfer method in this embodiment may include the following steps:
  • the certificate service request includes a contact mode of the mobile terminal
  • the information verification code may be sent to the mobile terminal by using a contact manner of the mobile terminal, so that the mobile terminal prompts the user to submit the And the information verification code; receiving the information verification code submitted by the user sent by the mobile terminal; and sending the certificate installation package to the mobile terminal when confirming that the information verification code submitted by the user is correct.
  • S203 Send data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user when using the user to confirm data transfer to the order, and then uses the pre-installed digital certificate.
  • the private key digitally signs the summary information, where the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order information, and the mobile terminal identifier.
  • the data transfer request sent by the mobile terminal may be received; and the step of transmitting the data transfer information carrying the challenge code to the mobile terminal is performed according to the data transfer request.
  • the digitally signed summary information carries the original text field.
  • the digitally signed summary information may be decrypted using a public key corresponding to the private key; and the decrypted summary information is verified. Further, the summary data may be generated according to the original text field; the decrypted summary information is compared with the summary data; and the compared result of the decrypted summary information and the summary data is compared Perform data transfer. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
  • the data transfer result may be sent to the mobile terminal, so that the mobile terminal displays prompt information corresponding to the data transfer result.
  • the data transfer server may receive the digitally signed summary information sent by the mobile terminal, verify the digitally signed summary information, and perform data transfer according to the digitally signed verification result of the summary information, thereby improving The security of data transfer.
  • FIG. 3 is a schematic flowchart of a third embodiment of a data transfer method according to the present invention.
  • the data transfer method in this embodiment is mainly described from two sides of a mobile terminal and a data transfer server, such as As shown in the figure, the data transfer method in this embodiment may include the following steps:
  • the mobile terminal sends a certificate service request to the data transfer server, so that the data transfer server returns a certificate installation package.
  • the user may be prompted to input a data transfer verification password, and when the data transfer verification password input by the user is correct, perform a certificate service request to the data transfer server.
  • a step of. before sending the certificate service request to the data transfer server, whether the mobile terminal supports fingerprint recognition, and if the mobile terminal supports fingerprint recognition, executing the sending the certificate service request to the data transfer server If the mobile terminal does not support fingerprint recognition, the user is prompted to not support the data transfer service.
  • fingerprint recognition is performed locally on the mobile terminal.
  • the data transfer server sends a certificate installation package to the mobile terminal according to the certificate service request, so that the mobile terminal installs the certificate installation package to obtain the digital certificate.
  • the certificate service request includes a contact mode of the mobile terminal
  • the information verification code may be sent to the mobile terminal by using a contact manner of the mobile terminal, so that the mobile terminal prompts the user to submit the And the information verification code; receiving the information verification code submitted by the user sent by the mobile terminal; and sending the certificate installation package to the mobile terminal when confirming that the information verification code submitted by the user is correct.
  • the mobile terminal installs the certificate installation package to obtain the digital certificate according to the determining instruction of the certificate installation package input by the user.
  • whether the mobile terminal is in the fingerprint template information of the user may be checked, and if the fingerprint template information of the user does not exist in the mobile terminal, the fingerprint template information input by the user is obtained, if the mobile If the terminal has the fingerprint template information of the user, the user is prompted to successfully open the data transfer service.
  • the mobile terminal receives the confirmation instruction input by the user for the order.
  • the mobile terminal sends a data transfer request to the data transfer server according to the confirmation instruction for the order, and the data transfer server checks the legality of the order after receiving the data transfer request. After checking that the order is legal, perform the following steps.
  • the data transfer server sends the data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user when the user confirms that the user performs data transfer on the order, and then uses the pre-installed number.
  • the private key in the certificate digitally signs the summary information, where the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order information, and Mobile terminal identification.
  • the mobile terminal prompts the user to input fingerprint verification information when detecting that the user confirms data transfer to the order.
  • the mobile terminal may receive the confirmation instruction of the data transfer input by the user, and when detecting the confirmation instruction of the data transfer input by the user, prompting the user to input the fingerprint verification information, and acquiring the user input through the fingerprint collection device. Fingerprint verification information.
  • the mobile terminal when determining that the fingerprint verification information input by the user matches the preset fingerprint template information, digitally signing the summary information by using a private key in the pre-installed digital certificate, where the summary information is generated according to the original text field. Obtaining a data message, the original text field including the challenge code, the order information, and a mobile terminal identifier.
  • the mobile terminal after receiving the fingerprint verification information input by the user, compares the fingerprint verification information with the preset fingerprint template information, and if the fingerprint verification information does not match the fingerprint template information, prompts the user to re-enter the fingerprint. Verification information; if the fingerprint verification information matches the fingerprint template information, the step of digitally signing the summary information using the private key in the pre-installed digital certificate is performed.
  • the digital certificate may encrypt and decrypt the summary information transmitted by the network.
  • the digital certificate includes a private key and a public key.
  • the data transfer server decrypts the encrypted data using the public key after receiving the encrypted data; when the data transfer server sends the data to the mobile terminal, the data transfer server can use the public key pair in the digital certificate
  • the data is encrypted, and the mobile terminal decrypts the encrypted data using the private key after receiving the encrypted data.
  • the mobile terminal sends the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
  • the data transfer server verifies the digitally signed summary information, and performs data transfer according to the verification result of the digitally signed summary information.
  • the digitally signed summary information carries the original text field.
  • the digitally signed summary information may be decrypted using a public key corresponding to the private key; and the decrypted summary information is verified. Further, the summary data may be generated according to the original text field; the decrypted summary information is compared with the summary data; and the compared result of the decrypted summary information and the summary data is compared Perform data transfer. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
  • the data transfer result may be sent to the mobile terminal, so that the mobile terminal displays prompt information corresponding to the data transfer result.
  • the mobile terminal may verify that the user inputs the fingerprint verification information when detecting that the user confirms the data transfer to the order; and then digitally sign the summary information using the private key in the pre-installed digital certificate, and the digital The signed summary information is sent to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information, thereby improving the security of the data transfer.
  • FIG. 4 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention.
  • the mobile terminal in the embodiment of the present invention may include:
  • the information receiving module 401 is configured to receive, by the data transfer server, data transfer information carrying a challenge code for the order, where the data transfer information includes order information.
  • the challenge code is a verification code randomly assigned by the data transfer server to the mobile terminal, and is only related to the current data transfer service
  • the order information includes an order number, an order time, and the like
  • the data transfer information may further include a data transfer mode
  • the mobile terminal may receive a selection instruction input by the user for the multiple data transfer modes, and select a data transfer from the multiple data transfer modes according to the selection instruction for the multiple data transfer modes. The way to transfer data.
  • the information prompting module 402 is configured to prompt the user to input fingerprint verification information when detecting that the user confirms data transfer to the order.
  • the mobile terminal may receive the confirmation instruction of the data transfer input by the user, and when detecting the confirmation instruction of the data transfer input by the user, prompting the user to input the fingerprint verification information, and acquiring the user input through the fingerprint collection device. Fingerprint verification information.
  • the digital signature module 403 is configured to: when determining that the fingerprint verification information input by the user matches the preset fingerprint template information, digitally sign the summary information by using a private key in the pre-installed digital certificate, where the summary information is based on The original field generates a data message, and the original text field includes the challenge code, the order information, and a mobile terminal identifier.
  • the digital signature module 403 compares the fingerprint verification information with the preset fingerprint template information, and if the fingerprint verification information does not match the fingerprint template information, prompts the user to re-enter the fingerprint verification information; if the fingerprint verification information and the fingerprint If the template information matches, the step of digitally signing the summary information using the private key in the pre-installed digital certificate is performed.
  • the digital certificate can encrypt and decrypt the summary information transmitted by the network, and the digital certificate includes a private key and a public key, when the mobile terminal When the data transfer server sends data, the mobile terminal can encrypt the data (digital signature) using the private key in the digital certificate, and the data transfer server decrypts the encrypted data using the public key after receiving the encrypted data; when the data transfer server When transmitting data to the mobile terminal, the data transfer server may encrypt the data using the public key in the digital certificate, and the mobile terminal decrypts the encrypted data using the private key after receiving the encrypted data.
  • the information sending module 404 is configured to send the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
  • the digitally signed summary information carries an original text field
  • the data transfer server first generates the summary data by using the same function; And comparing the decrypted summary information with the summary data; and finally performing data transfer according to the comparison result of the decrypted summary information and the summary data. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
  • the data transfer result sent by the data transfer server may be received; and the prompt information corresponding to the data transfer result is displayed according to the data transfer result. Further, if the data transfer result is that the data transfer is successful, a successful message is displayed, and if the data transfer result is a data transfer failure, the user is prompted to resubmit the above operation flow.
  • the mobile terminal may further include:
  • a certificate installation module 405 sending a certificate service request to the data transfer server, so that the data transfer server returns a certificate installation package; receiving a certificate installation package sent by the digital transfer server; and the certificate input according to the user
  • the installation package determines an instruction to install the certificate installation package to obtain the digital certificate.
  • the certificate installation module 405 is further configured to check whether the mobile terminal is in the fingerprint template information of the user, and if the fingerprint template information of the user does not exist in the mobile terminal, obtain the fingerprint template information input by the user, if the mobile terminal If the user's fingerprint template information exists, the user data transfer service is prompted to be successfully activated.
  • the certificate installation module 405 can also enter the data transfer in the user login data transfer client.
  • the user may be prompted to input a data transfer verification password, and when the data transfer verification password input by the user is correct, the step of sending a certificate service request to the data transfer server is performed.
  • the step of sending a certificate service request to the data transfer server is performed before sending the certificate service request to the data transfer server, whether the mobile terminal supports fingerprint recognition, and if the mobile terminal supports fingerprint recognition, performing the step of sending a certificate service request to the data transfer server, if If the mobile terminal does not support fingerprint recognition, the user is prompted to not support the data transfer service.
  • fingerprint recognition is performed locally on the mobile terminal.
  • the certificate installation module 405 may first receive the information verification code sent by the data transfer server by using the contact manner of the mobile terminal, and prompt the user to submit the information verification code; and then receive the user input. Information verification code; finally, sending the information verification code input by the user to the data transfer server, so that the data transfer server sends the information to the mobile terminal when confirming that the information verification code input by the user is correct Certificate installation package.
  • the instruction receiving module 406 is configured to receive the confirmation instruction input by the user for the order.
  • the request sending module 407 is configured to send a data transfer request to the data transfer server according to the confirmation instruction for the order, and the data transfer server returns to carry the challenge after checking the legality of the order The data transfer information of the code.
  • the mobile terminal may verify that the user inputs the fingerprint verification information when detecting that the user confirms the data transfer to the order; and then digitally sign the summary information using the private key in the pre-installed digital certificate, and the digital The signed summary information is sent to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information, thereby improving the security of the data transfer.
  • FIG. 5 is another schematic structural diagram of a mobile terminal according to an embodiment of the present invention.
  • the mobile terminal can include at least one processor 501, such as a CPU, at least one receiver 503, at least one memory 504, at least one transmitter 505, and at least one communication bus 502.
  • the communication bus 502 is used to implement connection communication between these components.
  • the receiver 903 and the transmitter 505 of the mobile terminal in the embodiment of the present invention may be a wired transmission port, or may be a wireless device, for example, including an antenna device, for performing signaling or data communication with the data transfer server.
  • the memory 504 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • the memory 504 may alternatively be at least one located away from the foregoing
  • the storage device of the processor 501 A set of program codes is stored in the memory 504, and the processor 501 is configured to call the program code stored in the memory 504 for performing the following operations:
  • the data transfer server transmitting the data transfer information carrying the challenge code for the order, where the data transfer information includes the order information;
  • the digest information is digitally signed by using a private key in the pre-installed digital certificate, and the digest information is generated according to the original text field to obtain a data message.
  • the original text field includes the challenge code, the order information, and a mobile terminal identifier;
  • the digitally signed summary information is transmitted to the data transfer server by the transmitter 505 to cause the data transfer server to perform data transfer according to the verification result of the digitally signed summary information.
  • the processor 501 calls the program stored in the memory 504, and before the receiving data transfer server sends the data transfer information carrying the challenge code for the order, the following:
  • the processor 501 calls the program stored in the memory 504, and before the receiving data transfer server sends the data transfer information carrying the challenge code for the order, the following:
  • the processor 501 calls a program stored in the memory 504, where the certificate service request includes a contact manner of the mobile terminal, and before receiving the certificate installation package sent by the digital transfer server, the method may further perform:
  • FIG. 6 is a schematic structural diagram of a data transfer server according to an embodiment of the present invention.
  • the data transfer server in the embodiment of the present invention may include:
  • the information sending module 601 is configured to send the data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user when the user confirms that the user performs data transfer on the order, and then uses the pre-installed
  • the private key in the digital certificate digitally signs the summary information, the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order Information and mobile terminal identification.
  • the information sending module 601 is further configured to receive a data transfer request sent by the mobile terminal, and perform the step of sending the data transfer information carrying the challenge code to the mobile terminal according to the data transfer request.
  • the information receiving module 602 is configured to receive the digitally signed summary information sent by the mobile terminal.
  • the information verification module 603 is configured to verify the digitally signed summary information, and perform data transfer according to the verification result of the digitally signed summary information.
  • the digitally signed summary information may be decrypted using a public key corresponding to the private key; and the decrypted summary information is verified. Further, the summary data may be generated according to the original text field; the decrypted summary information is compared with the summary data; and the compared result of the decrypted summary information and the summary data is compared Perform data transfer. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
  • the data transfer result may be sent to the mobile terminal, so that the mobile terminal displays prompt information corresponding to the data transfer result.
  • the data transfer server in the embodiment of the present invention may further include:
  • the request receiving module 604 is configured to receive a certificate service request sent by the mobile terminal.
  • the certificate sending module 605 is configured to send a certificate installation package to the mobile terminal according to the certificate service request, so that the mobile terminal installs the certificate installation package to obtain the digital certificate.
  • the certificate service request includes a contact mode of the mobile terminal
  • the information verification code may be sent to the mobile terminal by using a contact manner of the mobile terminal, so that the mobile terminal prompts the user to submit the And the information verification code; receiving the information verification code submitted by the user sent by the mobile terminal; and sending the certificate installation package to the mobile terminal when confirming that the information verification code submitted by the user is correct.
  • the data transfer server may receive the digitally signed summary information sent by the mobile terminal, verify the digitally signed summary information, and perform data transfer according to the digitally signed verification result of the summary information, thereby improving The security of data transfer.
  • FIG. 7 is a schematic structural diagram of a data transfer server according to an embodiment of the present invention.
  • the data transfer server may include at least one processor 701, such as a CPU, at least one receiver 703, and at least one memory 704.
  • the communication bus 702 is used to implement connection communication between these components.
  • the receiver 703 and the transmitter 705 of the data transfer server in the embodiment of the present invention may be a wired transmission port, or may be a wireless device, for example, including an antenna device, for performing signaling or data communication with the mobile terminal.
  • the memory 704 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory.
  • the memory 704 can optionally also be at least one storage device located remotely from the aforementioned processor 701.
  • a set of program codes is stored in the memory 704, and the processor 701 is configured to call the program code stored in the memory 704 for performing the following operations:
  • the transmitter 705 Transmitting, by the transmitter 705, the data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user and detects the use of the pre-installed digital certificate when detecting that the user confirms data transfer to the order.
  • the private key in the digital signature is digitally signed
  • the data transfer information includes order information
  • the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order information, and the mobile Terminal identification
  • the processor 701 calls the program stored in the memory 704 to perform:
  • the decrypted summary information is verified.
  • the processor 701 calls the program stored in the memory 704 to perform:
  • Data transfer is performed according to the comparison result of the decrypted summary information and the summary data.
  • the processor 701 calls the program stored in the memory 704 to perform:
  • the processor 701 may further perform:
  • the processor 701 calls a program stored in the memory 704, where the certificate service request includes a contact manner of the mobile terminal, and may further:
  • the certificate installation package is sent to the mobile terminal.
  • FIG. 8 is a schematic structural diagram of a data transfer system according to an embodiment of the present invention.
  • the system in the embodiment of the present invention includes at least one mobile terminal 801 and a data transfer server 802, wherein:
  • the mobile terminal 801 is configured to receive, by the data transfer server 802, data transfer information carrying a challenge code for an order, where the data transfer information includes order information; and when detecting that the user confirms data transfer to the order, prompting the user Entering fingerprint verification information; when it is determined that the fingerprint verification information input by the user matches the preset fingerprint template information, the summary information is digitally signed using the private key in the pre-installed digital certificate, and the summary information is based on the original text field. Generating a data message, the original text field including the challenge code, the order information, and the mobile terminal identifier; and transmitting the digitally signed summary information to the data transfer server, so that the data transfer server 802 Performing data transfer according to the verification result of the digitally signed summary information.
  • the data transfer server 802 is configured to send the data transfer information carrying the challenge code to the mobile terminal 801, so that the mobile terminal 801 verifies the fingerprint verification information input by the user when the user confirms that the user performs data transfer on the order.
  • the private key in the pre-installed digital certificate digitally signs the summary information, the data transfer information includes order information; receiving the digitally signed summary information sent by the mobile terminal 801; and the digitally signed office The summary information is verified, and data is transferred according to the verification result of the digitally signed summary information.
  • the program may be stored in a computer readable storage medium, and the storage medium may include: Flash disk, read-only memory (English: Read-Only Memory, referred to as: ROM), random accessor (English: Random Access Memory, referred to as: RAM), disk or optical disk.
  • ROM Read-Only Memory
  • RAM Random Access Memory

Abstract

Disclosed are a data transfer method, a mobile terminal, a server and a system. The method comprises: receiving data transfer information that carries a challenge code and is sent by a data transfer server with regard to an order, wherein the data transfer information comprises order information; when it is detected that a user confirms to perform data transfer on the order, prompting the user to input fingerprint verification information; when it is determined that the fingerprint verification information input by the user matches pre-set fingerprint template information, using a private key in a pre-installed digital certificate to perform digital signing on abstract information; and sending the abstract information subjected to digital signing to the data transfer server, so that the data transfer server performs data transfer according to a verification result of the abstract information subjected to digital signing. By means of the embodiments of the present invention, the security of data transfer is improved.

Description

一种数据转移方法、移动终端、服务器以及系统Data transfer method, mobile terminal, server and system
本专利申请要求2015年7月29日提交的中国专利申请号为201510454113.3,发明名称为“一种数据转移方法、移动终端、服务器以及系统”的优先权,该申请的全文以引用的方式并入本申请中。The present patent application claims priority to Chinese Patent Application No. 201510454113.3, filed on Jul. 29, 2015, the title of which is incorporated herein by reference. In this application.
技术领域Technical field
本发明涉及一种互联网技术领域,尤其涉及一种数据转移方法、移动终端、服务器以及系统。The present invention relates to the field of Internet technologies, and in particular, to a data transfer method, a mobile terminal, a server, and a system.
背景技术Background technique
随着人工智能技术的发展,基于人体生物学特征的数据转移方式方案越来越多,例如:指纹支付、刷脸支付、虹膜识别支付等创新的数据转移方式。在现有技术方案中,指纹信息适用于在线数据转移领域中的身份识别,但是对指纹信息等人体生物学特征的采集,存在法律问题与个人隐私泄漏的风险,因此通过验证指纹信息进行数据转移解决方案都是在本地进行,指纹信息并不传输到数据转移服务或第三方机构的后台服务器,为使数据转移服务或后台服务器信任本地的指纹验证结果,主要通过技术上的封闭性及通过特别的硬件上的安全措施来解决指纹验证可信性问题,但是仅仅通过验证指纹信息进行数据转移,仍然存在安全性低的问题。With the development of artificial intelligence technology, more and more data transfer methods based on human biological characteristics, such as fingerprint payment, face payment, iris recognition payment and other innovative data transfer methods. In the prior art solution, the fingerprint information is suitable for identification in the field of online data transfer, but the collection of human biological characteristics such as fingerprint information has the risk of legal problems and personal privacy leakage, so the data transfer is performed by verifying the fingerprint information. The solution is performed locally, and the fingerprint information is not transmitted to the data transfer service or the back-end server of the third-party organization. In order for the data transfer service or the background server to trust the local fingerprint verification result, the technical seal is adopted and the special Security measures on the hardware to solve the problem of fingerprint verification credibility, but only by verifying the fingerprint information for data transfer, there is still a problem of low security.
发明内容Summary of the invention
本发明实施例所要解决的技术问题在于,提供一种数据转移方法、移动终端、服务器以及系统,可以提高了数据转移的安全性。The technical problem to be solved by the embodiments of the present invention is to provide a data transfer method, a mobile terminal, a server, and a system, which can improve the security of data transfer.
为了解决上述技术问题,本发明实施例提供了一种数据转移方法,包括:In order to solve the above technical problem, an embodiment of the present invention provides a data transfer method, including:
接收数据转移服务器针对订单发送携带有挑战码的数据转移信息,所述数据转移信息包括订单信息;Receiving, by the receiving data transfer server, data transfer information carrying a challenge code for the order, where the data transfer information includes order information;
当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息;When detecting that the user confirms data transfer to the order, prompting the user to input fingerprint verification information;
当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用 预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;When it is determined that the fingerprint verification information input by the user matches the preset fingerprint template information, The private key in the pre-installed digital certificate digitally signs the summary information, where the summary information is generated according to the original text field, and the original text field includes the challenge code, the order information, and the mobile terminal identifier;
将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。And transmitting the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
相应地,本发明实施例还提供了一种数据转移方法,包括:Correspondingly, an embodiment of the present invention further provides a data transfer method, including:
向移动终端发送携带有挑战码的数据转移信息,以使所述移动终端当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;Transmitting, by the mobile terminal, data transfer information carrying the challenge code, so that the mobile terminal verifies the fingerprint verification information input by the user when detecting that the user confirms data transfer to the order, and then uses the private key in the pre-installed digital certificate. Digitally signing the summary information, where the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order information, and the mobile terminal identifier;
接收所述移动终端发送的经过数字签名的所述摘要信息;Receiving the digitally signed summary information sent by the mobile terminal;
对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。And verifying the digitally signed summary information, and performing data transfer according to the verification result of the digitally signed summary information.
相应地,本发明实施例还提供了一种移动终端,包括:Correspondingly, an embodiment of the present invention further provides a mobile terminal, including:
信息接收模块,用于接收数据转移服务器针对订单发送携带有挑战码的数据转移信息,所述数据转移信息包括订单信息;An information receiving module, configured to receive, by the data transfer server, data transfer information carrying a challenge code for an order, where the data transfer information includes order information;
信息提示模块,用于当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息;An information prompting module, configured to prompt the user to input fingerprint verification information when detecting that the user confirms data transfer to the order;
数字签名模块,用于当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;a digital signature module, configured to digitally sign the summary information by using a private key in the pre-installed digital certificate when determining that the fingerprint verification information input by the user matches the preset fingerprint template information, where the summary information is based on the original text Generating a data packet, the original text field including the challenge code, the order information, and a mobile terminal identifier;
信息发送模块,用于将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。And an information sending module, configured to send the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
相应地,本发明实施例还提供了一种数据转移服务器,包括:Correspondingly, an embodiment of the present invention further provides a data transfer server, including:
信息发送模块,用于向移动终端发送携带有挑战码的数据转移信息,以使 所述移动终端当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;An information sending module, configured to send data transfer information carrying a challenge code to the mobile terminal, so that The mobile terminal verifies the fingerprint verification information input by the user when detecting that the user confirms the data transfer to the order, and then digitally signs the summary information using the private key in the pre-installed digital certificate, where the data transfer information includes the order information. The summary information is generated by generating a data packet according to the original text field, where the original text field includes the challenge code, the order information, and a mobile terminal identifier;
信息接收模块,用于接收所述移动终端发送的经过数字签名的所述摘要信息;An information receiving module, configured to receive the digitally signed summary information sent by the mobile terminal;
信息验证模块,用于对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。The information verification module is configured to verify the digitally signed summary information, and perform data transfer according to the verification result of the digitally signed summary information.
相应地,本发明实施例还提供了一种数据转移系统,包括数据转移服务器和至少一个移动终端,其中:Correspondingly, an embodiment of the present invention further provides a data transfer system, including a data transfer server and at least one mobile terminal, where:
所述移动终端,用于接收数据转移服务器针对订单发送携带有挑战码的数据转移信息,所述数据转移信息包括订单信息;当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息;当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。The mobile terminal is configured to receive, by the data transfer server, data transfer information carrying a challenge code for an order, where the data transfer information includes order information; and when detecting that the user confirms data transfer to the order, prompting the user Entering fingerprint verification information; when it is determined that the fingerprint verification information input by the user matches the preset fingerprint template information, the summary information is digitally signed using the private key in the pre-installed digital certificate, and the summary information is based on the original text field. Generating a data message, the original text field including the challenge code, the order information, and the mobile terminal identifier; sending the digitally signed summary information to the data transfer server, so that the data transfer server is configured according to The digitally signed verification result of the summary information is subjected to data transfer.
所述数据转移服务器,用于向移动终端发送携带有挑战码的数据转移信息,以使所述移动终端当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息;接收所述移动终端发送的经过数字签名的所述摘要信息;对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。The data transfer server is configured to send data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user when the user confirms that the user performs data transfer on the order, and then uses the pre- The private key in the installed digital certificate digitally signs the summary information, the data transfer information includes order information; receiving the digitally signed summary information sent by the mobile terminal; and the digitally signed summary The information is verified, and data is transferred according to the verification result of the digitally signed summary information.
本发明实施例中移动终端可以当检测到用户确认对所述订单进行数据转移时,验证用户输入指纹验证信息;进而使用预装的数字证书中的私钥对摘要信息进行数字签名,并将经过数字签名的摘要信息发送至数据转移服务器,以使数据转移服务器根据所述经过数字签名的摘要信息的验证结果进行数据转移,从而提高了数据转移的安全性。 In the embodiment of the present invention, the mobile terminal may verify that the user inputs the fingerprint verification information when detecting that the user confirms the data transfer to the order; and then digitally sign the summary information using the private key in the pre-installed digital certificate, and the digital The signed summary information is sent to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information, thereby improving the security of the data transfer.
附图说明DRAWINGS
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without paying any creative work.
图1是本发明提出的一种数据转移方法的第一实施例的流程示意图;1 is a schematic flow chart of a first embodiment of a data transfer method according to the present invention;
图2是本发明提出的一种数据转移方法的第二实施例的流程示意图;2 is a schematic flow chart of a second embodiment of a data transfer method according to the present invention;
图3是本发明提出的一种数据转移方法的第三实施例的流程示意图;3 is a schematic flow chart of a third embodiment of a data transfer method according to the present invention;
图4是本发明实施例提出的一种移动终端的结构示意图;4 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention;
图5是本发明实施例提出的一种移动终端的另一结构示意图;FIG. 5 is another schematic structural diagram of a mobile terminal according to an embodiment of the present invention; FIG.
图6是本发明实施例提出的一种数据转移服务器的结构示意图;6 is a schematic structural diagram of a data transfer server according to an embodiment of the present invention;
图7是本发明实施例提出的一种数据转移服务器的另一结构示意图;7 is another schematic structural diagram of a data transfer server according to an embodiment of the present invention;
图8是本发明实施例提出的一种数据转移系统的结构示意图。FIG. 8 is a schematic structural diagram of a data transfer system according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例中的移动终端,可以为手机、智能手机、平板电脑、电子阅读器、笔记本电脑、车载终端、佩戴式便携设备等,其可以通过互联网与数据转移服务器进行通信,所述数据转移服务器可以为第三方支付服务器、银行支付服务器等支付服务器或支持支付业务功能的即时通讯服务器、SNS(Social Networking Services,即社会性网络服务)服务器等,本发明实施例对此不作限定。The mobile terminal in the embodiment of the present invention may be a mobile phone, a smart phone, a tablet computer, an e-reader, a notebook computer, a vehicle-mounted terminal, a wearable portable device, etc., which can communicate with a data transfer server via the Internet, and the data transfer The server may be a payment server such as a third-party payment server or a bank payment server, or an instant messaging server that supports the payment service function, an SNS (Social Networking Services) server, or the like, which is not limited by the embodiment of the present invention.
请参考图1,图1是本发明提出的一种数据转移方法的第一实施例的示意图,本实施例所描述的数据转移方法主要是从移动终端侧进行描述的,如图所示,本实施例中的数据转移方法可以包括以下步骤: Please refer to FIG. 1. FIG. 1 is a schematic diagram of a first embodiment of a data transfer method according to the present invention. The data transfer method described in this embodiment is mainly described from the mobile terminal side, as shown in the figure. The data transfer method in the embodiment may include the following steps:
S101,接收数据转移服务器针对订单发送携带有挑战码的数据转移信息,所述数据转移信息包括订单信息。S101. The receiving data transfer server sends data transfer information carrying a challenge code for the order, where the data transfer information includes order information.
具体实现中,所述挑战码为数据转移服务器随机分配给移动终端的一个验证码,且仅与当前的数据转移服务相关,订单信息包括订单号、订单时间等等,数据转移信息还可以包括多种数据转移方式,移动终端可以接收用户输入的针对所述多种数据转移方式的选择指令,根据针对所述多种数据转移方式的选择指令从所述多种数据转移方式中选择一种数据转移方式进行数据转移。In a specific implementation, the challenge code is a verification code randomly assigned by the data transfer server to the mobile terminal, and is only related to the current data transfer service, the order information includes an order number, an order time, and the like, and the data transfer information may further include a data transfer mode, the mobile terminal may receive a selection instruction input by the user for the multiple data transfer modes, and select a data transfer from the multiple data transfer modes according to the selection instruction for the multiple data transfer modes. The way to transfer data.
可选的,在接收数据转移服务器针对订单发送携带有挑战码的数据转移信息之前,可以接收所述用户输入的针对所述订单的确认指令;根据所述针对所述订单的确认指令,向所述数据转移服务器发送数据转移请求,所述数据转移服务器在检查所述订单的合法性之后,返回携带有所述挑战码的所述数据转移信息。Optionally, before the receiving data transfer server sends the data transfer information carrying the challenge code for the order, the user may input an acknowledgement instruction for the order that is input by the user; according to the confirmation instruction for the order, The data transfer server sends a data transfer request, and after checking the legality of the order, the data transfer server returns the data transfer information carrying the challenge code.
可选的,在接收数据转移服务器针对订单发送携带有挑战码的数据转移信息之前,可以向所述数据转移服务器发送证书服务请求,以使所述数据转移服务器返回证书安装包;接收所述数字转移服务器发送的证书安装包;根据所述用户输入的针对所述证书安装包的确定指令,对所述证书安装包进行安装得到数字证书。在安装所述数字证书之后,可以检查移动终端是否在所述用户的指纹模板信息,若移动终端不存在所述用户的指纹模板信息,则获取用户输入的指纹模板信息,若移动终端存在所述用户的指纹模板信息,则提示用户数据转移业务开通成功。Optionally, before the receiving data transfer server sends the data transfer information carrying the challenge code for the order, the certificate service request may be sent to the data transfer server, so that the data transfer server returns the certificate installation package; and the number is received. Transmitting a certificate installation package sent by the server; and installing the certificate installation package to obtain a digital certificate according to the determining instruction input by the user for the certificate installation package. After the digital certificate is installed, whether the mobile terminal is in the fingerprint template information of the user may be checked. If the fingerprint template information of the user does not exist in the mobile terminal, the fingerprint template information input by the user is obtained, if the mobile terminal has the The fingerprint template information of the user prompts the user that the data transfer service is successfully activated.
可选的,在用户登录数据转移客户端进入数据转移业务激活页面之后,可以提示用户输入数据转移验证密码,当用户输入的数据转移验证密码正确时,执行向所述数据转移服务器发送证书服务请求的步骤。而且,在向所述数据转移服务器发送证书服务请求之前,还可以检查移动终端是否支持指纹识别,若移动终端支持指纹识别,则执行所述向所述数据转移服务器发送证书服务请求的步骤,若移动终端不支持指纹识别,则提示所述用户不支持数据转移业务。特别的,指纹识别均在移动终端本地执行。Optionally, after the user logs in the data transfer client to enter the data transfer service activation page, the user may be prompted to input a data transfer verification password, and when the data transfer verification password input by the user is correct, perform a certificate service request to the data transfer server. A step of. Moreover, before sending the certificate service request to the data transfer server, whether the mobile terminal supports fingerprint recognition, and if the mobile terminal supports fingerprint recognition, performing the step of sending a certificate service request to the data transfer server, if If the mobile terminal does not support fingerprint recognition, the user is prompted to not support the data transfer service. In particular, fingerprint recognition is performed locally on the mobile terminal.
进一步可选的,可以首先接收所述数据转移服务器通过所述移动终端的联系方式发送的信息验证码,并提示所述用户提交所述信息验证码;然后接收所 述用户输入的信息验证码;最后将所述用户输入的信息验证码发送至所述数据转移服务器,以使所述数据转移服务器在确认所述用户输入的信息验证码正确时向所述移动终端发送所述证书安装包。Further optionally, the information verification code sent by the data transfer server by using the contact manner of the mobile terminal may be first received, and the user is prompted to submit the information verification code; Determining an information verification code input by the user; finally transmitting the information verification code input by the user to the data transfer server, so that the data transfer server sends the information verification code input by the user to the mobile terminal when confirming that the information verification code input by the user is correct Send the certificate installation package.
S102,当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息。S102. When detecting that the user confirms data transfer to the order, prompting the user to input fingerprint verification information.
具体实现中,移动终端可以接收用户输入的数据转移的确认指令,在检测到用户输入的所述数据转移的确认指令时,提示所述用户输入指纹验证信息,并通过指纹采集装置获取用户输入的指纹验证信息。In a specific implementation, the mobile terminal may receive the confirmation instruction of the data transfer input by the user, and when detecting the confirmation instruction of the data transfer input by the user, prompting the user to input the fingerprint verification information, and acquiring the user input through the fingerprint collection device. Fingerprint verification information.
S103,当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识。S103. When it is determined that the fingerprint verification information input by the user matches the preset fingerprint template information, the digest information is digitally signed by using a private key in the pre-installed digital certificate, where the digest information is generated according to the original text field. a message, the original text field including the challenge code, the order information, and a mobile terminal identity.
具体实现中,在接收到用户输入的指纹验证信息之后,将所述指纹验证信息与预设的指纹模板信息进行对比,若指纹验证信息与指纹模板信息不匹配,则提示用户重新输入指纹验证信息;若指纹验证信息与指纹模板信息相匹配,则执行使用预装的数字证书中的私钥对摘要信息进行数字签名的步骤。其中,所述数字证书可以对网络传输的摘要信息进行加密和解密,数字证书包括私钥和公钥,当移动终端向数据转移服务器发送数据时,移动终端可以使用数字证书中的私钥对数据进行加密(数字签名),数据转移服务器接收到加密的数据后使用公钥对经过加密的数据进行解密;当数据转移服务器向移动终端发送数据时,数据转移服务器可以使用数字证书中的公钥对数据进行加密,移动终端接收到经过加密的数据后使用私钥对经过加密的数据进行解密。In a specific implementation, after receiving the fingerprint verification information input by the user, comparing the fingerprint verification information with the preset fingerprint template information, if the fingerprint verification information does not match the fingerprint template information, prompting the user to re-enter the fingerprint verification information. If the fingerprint verification information matches the fingerprint template information, the step of digitally signing the summary information using the private key in the pre-installed digital certificate is performed. The digital certificate may encrypt and decrypt the summary information transmitted by the network. The digital certificate includes a private key and a public key. When the mobile terminal sends data to the data transfer server, the mobile terminal may use the private key pair data in the digital certificate. Encryption (digital signature), the data transfer server decrypts the encrypted data using the public key after receiving the encrypted data; when the data transfer server sends the data to the mobile terminal, the data transfer server can use the public key pair in the digital certificate The data is encrypted, and the mobile terminal decrypts the encrypted data using the private key after receiving the encrypted data.
S104,将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。S104. Send the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
具体实现中,所述经过数字签名的摘要信息携带有原文字段,数据转移服务器接收到携带有原文字段的经过数字签名的摘要信息之后,首先使用相同的函数将原文字段生成得到摘要数据;然后将所述经过解密的所述摘要信息与所述摘要数据进行对比;最后根据所述经过解密的所述摘要信息与所述摘要数据 的对比结果进行数据转移。进一步的,若经过解密的所述摘要信息与所述摘要数据相同,则数据转移结果为数据转移成功,若经过解密的所述摘要信息与所述摘要数据不相同,则数据转移结果为数据转移失败。In a specific implementation, the digitally signed summary information carries an original text field, and after receiving the digitally signed summary information carrying the original text field, the data transfer server first generates the summary data by using the same function; The decrypted summary information is compared with the summary data; finally, according to the decrypted summary information and the summary data The comparison results for data transfer. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
可选的,可以接收所述数据转移服务器发送的所述数据转移结果;根据所述数据转移结果,显示与所述数据转移结果对应的提示信息。进一步的,若数据转移结果为数据转移成功,则显示成功的消息,若数据转移结果为数据转移失败,则提示用户重新提交上述操作流程。Optionally, the data transfer result sent by the data transfer server may be received; and the prompt information corresponding to the data transfer result is displayed according to the data transfer result. Further, if the data transfer result is that the data transfer is successful, a successful message is displayed, and if the data transfer result is a data transfer failure, the user is prompted to resubmit the above operation flow.
本发明实施例中移动终端可以当检测到用户确认对所述订单进行数据转移时,验证用户输入指纹验证信息;进而使用预装的数字证书中的私钥对摘要信息进行数字签名,并将经过数字签名的摘要信息发送至数据转移服务器,以使数据转移服务器根据所述经过数字签名的摘要信息的验证结果进行数据转移,从而提高了数据转移的安全性。In the embodiment of the present invention, the mobile terminal may verify that the user inputs the fingerprint verification information when detecting that the user confirms the data transfer to the order; and then digitally sign the summary information using the private key in the pre-installed digital certificate, and the digital The signed summary information is sent to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information, thereby improving the security of the data transfer.
请参考图2,图2是本发明提出的一种数据转移方法的第二实施例的示意图,本实施例所描述的数据转移方法主要是从数据转移服务器侧进行描述的,如图所示,本实施例中的数据转移方法可以包括以下步骤:Please refer to FIG. 2. FIG. 2 is a schematic diagram of a second embodiment of a data transfer method according to the present invention. The data transfer method described in this embodiment is mainly described from the data transfer server side, as shown in the figure. The data transfer method in this embodiment may include the following steps:
S201,接收所述移动终端发送的证书服务请求。S201. Receive a certificate service request sent by the mobile terminal.
S202,根据所述证书服务请求,向所述移动终端发送证书安装包,以使所述移动终端对所述证书安装包进行安装得到所述数字证书。S202. Send a certificate installation package to the mobile terminal according to the certificate service request, so that the mobile terminal installs the certificate installation package to obtain the digital certificate.
具体实现中,所述证书服务请求包括所述移动终端的联系方式,可以通过所述移动终端的联系方式向所述移动终端发送信息验证码,以使所述移动终端提示所述用户提交所述信息验证码;接收所述移动终端发送的所述用户提交的信息验证码;在确认所述用户提交的信息验证码正确时,向所述移动终端发送所述证书安装包。In a specific implementation, the certificate service request includes a contact mode of the mobile terminal, and the information verification code may be sent to the mobile terminal by using a contact manner of the mobile terminal, so that the mobile terminal prompts the user to submit the And the information verification code; receiving the information verification code submitted by the user sent by the mobile terminal; and sending the certificate installation package to the mobile terminal when confirming that the information verification code submitted by the user is correct.
S203,向移动终端发送携带有挑战码的数据转移信息,以使所述移动终端当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识。 S203. Send data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user when using the user to confirm data transfer to the order, and then uses the pre-installed digital certificate. The private key digitally signs the summary information, where the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order information, and the mobile terminal identifier. .
可选的,可以接收所述移动终端发送的数据转移请求;根据所述数据转移请求,执行所述向移动终端发送携带有挑战码的数据转移信息的步骤。Optionally, the data transfer request sent by the mobile terminal may be received; and the step of transmitting the data transfer information carrying the challenge code to the mobile terminal is performed according to the data transfer request.
S204,接收所述移动终端发送的经过数字签名的所述摘要信息。S204. Receive the digitally signed summary information sent by the mobile terminal.
S205,对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。其中,所述经过数字签名的所述摘要信息携带有所述原文字段。S205. Verify the digitally signed summary information, and perform data transfer according to the verification result of the digitally signed summary information. The digitally signed summary information carries the original text field.
具体实现中,可以使用与所述私钥对应的公钥对所述经过数字签名的所述摘要信息进行解密;对经过解密的所述摘要信息进行验证。进一步的,可以根据所述原文字段生成得到摘要数据;将所述经过解密的所述摘要信息与所述摘要数据进行对比;根据所述经过解密的所述摘要信息与所述摘要数据的对比结果进行数据转移。进一步的,若经过解密的所述摘要信息与所述摘要数据相同,则数据转移结果为数据转移成功,若经过解密的所述摘要信息与所述摘要数据不相同,则数据转移结果为数据转移失败。In a specific implementation, the digitally signed summary information may be decrypted using a public key corresponding to the private key; and the decrypted summary information is verified. Further, the summary data may be generated according to the original text field; the decrypted summary information is compared with the summary data; and the compared result of the decrypted summary information and the summary data is compared Perform data transfer. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
可选的,可以向所述移动终端发送所述数据转移结果,以使所述移动终端显示与所述数据转移结果对应的提示信息。Optionally, the data transfer result may be sent to the mobile terminal, so that the mobile terminal displays prompt information corresponding to the data transfer result.
本发明实施例中数据转移服务器可以接收移动终端发送的经过数字签名的摘要信息,对经过数字签名的摘要信息进行验证,并根据经过数字签名的所述摘要信息的验证结果进行数据转移,从而提高了数据转移的安全性。In the embodiment of the present invention, the data transfer server may receive the digitally signed summary information sent by the mobile terminal, verify the digitally signed summary information, and perform data transfer according to the digitally signed verification result of the summary information, thereby improving The security of data transfer.
请参考图3,图3是本发明提出的一种数据转移方法的第三实施例的流程示意图,本实施例中的数据转移方法主要是从移动终端以及数据转移服务器二侧进行描述的,如图所示,本实施例中的数据转移方法可以包括以下步骤:Please refer to FIG. 3. FIG. 3 is a schematic flowchart of a third embodiment of a data transfer method according to the present invention. The data transfer method in this embodiment is mainly described from two sides of a mobile terminal and a data transfer server, such as As shown in the figure, the data transfer method in this embodiment may include the following steps:
S301,移动终端向所述数据转移服务器发送证书服务请求,以使所述数据转移服务器返回证书安装包。S301. The mobile terminal sends a certificate service request to the data transfer server, so that the data transfer server returns a certificate installation package.
可选的,在用户登录数据转移客户端进入数据转移业务激活页面之后,可以提示用户输入数据转移验证密码,当用户输入的数据转移验证密码正确时,执行向所述数据转移服务器发送证书服务请求的步骤。而且,在向所述数据转移服务器发送证书服务请求之前,还可以检查移动终端是否支持指纹识别,若移动终端支持指纹识别,则执行所述向所述数据转移服务器发送证书服务请求 的步骤,若移动终端不支持指纹识别,则提示所述用户不支持数据转移业务。特别的,指纹识别均在移动终端本地执行。Optionally, after the user logs in the data transfer client to enter the data transfer service activation page, the user may be prompted to input a data transfer verification password, and when the data transfer verification password input by the user is correct, perform a certificate service request to the data transfer server. A step of. Moreover, before sending the certificate service request to the data transfer server, whether the mobile terminal supports fingerprint recognition, and if the mobile terminal supports fingerprint recognition, executing the sending the certificate service request to the data transfer server If the mobile terminal does not support fingerprint recognition, the user is prompted to not support the data transfer service. In particular, fingerprint recognition is performed locally on the mobile terminal.
S302,数据转移服务器根据所述证书服务请求,向所述移动终端发送证书安装包,以使所述移动终端对所述证书安装包进行安装得到所述数字证书。S302. The data transfer server sends a certificate installation package to the mobile terminal according to the certificate service request, so that the mobile terminal installs the certificate installation package to obtain the digital certificate.
具体实现中,所述证书服务请求包括所述移动终端的联系方式,可以通过所述移动终端的联系方式向所述移动终端发送信息验证码,以使所述移动终端提示所述用户提交所述信息验证码;接收所述移动终端发送的所述用户提交的信息验证码;在确认所述用户提交的信息验证码正确时,向所述移动终端发送所述证书安装包。In a specific implementation, the certificate service request includes a contact mode of the mobile terminal, and the information verification code may be sent to the mobile terminal by using a contact manner of the mobile terminal, so that the mobile terminal prompts the user to submit the And the information verification code; receiving the information verification code submitted by the user sent by the mobile terminal; and sending the certificate installation package to the mobile terminal when confirming that the information verification code submitted by the user is correct.
S303,移动终端根据所述用户输入的针对所述证书安装包的确定指令,对所述证书安装包进行安装得到所述数字证书。S303. The mobile terminal installs the certificate installation package to obtain the digital certificate according to the determining instruction of the certificate installation package input by the user.
可选的,在安装所述数字证书之后,可以检查移动终端是否在所述用户的指纹模板信息,若移动终端不存在所述用户的指纹模板信息,则获取用户输入的指纹模板信息,若移动终端存在所述用户的指纹模板信息,则提示用户数据转移业务开通成功。Optionally, after the digital certificate is installed, whether the mobile terminal is in the fingerprint template information of the user may be checked, and if the fingerprint template information of the user does not exist in the mobile terminal, the fingerprint template information input by the user is obtained, if the mobile If the terminal has the fingerprint template information of the user, the user is prompted to successfully open the data transfer service.
S304,移动终端接收所述用户输入的针对所述订单的确认指令。S304. The mobile terminal receives the confirmation instruction input by the user for the order.
S305,移动终端根据所述针对所述订单的确认指令,向所述数据转移服务器发送数据转移请求,所述数据转移服务器在接收到所述数据转移请求之后,检查所述订单的合法性,若检查到所述订单合法,则执行下述操作步骤。S305. The mobile terminal sends a data transfer request to the data transfer server according to the confirmation instruction for the order, and the data transfer server checks the legality of the order after receiving the data transfer request. After checking that the order is legal, perform the following steps.
S306,数据转移服务器向移动终端发送携带有挑战码的数据转移信息,以使所述移动终端当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识。S306. The data transfer server sends the data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user when the user confirms that the user performs data transfer on the order, and then uses the pre-installed number. The private key in the certificate digitally signs the summary information, where the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order information, and Mobile terminal identification.
S307,移动终端当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息。S307. The mobile terminal prompts the user to input fingerprint verification information when detecting that the user confirms data transfer to the order.
具体实现中,移动终端可以接收用户输入的数据转移的确认指令,在检测到用户输入的所述数据转移的确认指令时,提示所述用户输入指纹验证信息,并通过指纹采集装置获取用户输入的指纹验证信息。 In a specific implementation, the mobile terminal may receive the confirmation instruction of the data transfer input by the user, and when detecting the confirmation instruction of the data transfer input by the user, prompting the user to input the fingerprint verification information, and acquiring the user input through the fingerprint collection device. Fingerprint verification information.
S308,移动终端当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识。S308. The mobile terminal, when determining that the fingerprint verification information input by the user matches the preset fingerprint template information, digitally signing the summary information by using a private key in the pre-installed digital certificate, where the summary information is generated according to the original text field. Obtaining a data message, the original text field including the challenge code, the order information, and a mobile terminal identifier.
具体实现中,移动终端在接收到用户输入的指纹验证信息之后,将所述指纹验证信息与预设的指纹模板信息进行对比,若指纹验证信息与指纹模板信息不匹配,则提示用户重新输入指纹验证信息;若指纹验证信息与指纹模板信息相匹配,则执行使用预装的数字证书中的私钥对摘要信息进行数字签名的步骤。其中,所述数字证书可以对网络传输的摘要信息进行加密和解密,数字证书包括私钥和公钥,当移动终端向数据转移服务器发送数据时,移动终端可以使用数字证书中的私钥对数据进行加密(数字签名),数据转移服务器接收到加密的数据后使用公钥对经过加密的数据进行解密;当数据转移服务器向移动终端发送数据时,数据转移服务器可以使用数字证书中的公钥对数据进行加密,移动终端接收到经过加密的数据后使用私钥对经过加密的数据进行解密。In a specific implementation, after receiving the fingerprint verification information input by the user, the mobile terminal compares the fingerprint verification information with the preset fingerprint template information, and if the fingerprint verification information does not match the fingerprint template information, prompts the user to re-enter the fingerprint. Verification information; if the fingerprint verification information matches the fingerprint template information, the step of digitally signing the summary information using the private key in the pre-installed digital certificate is performed. The digital certificate may encrypt and decrypt the summary information transmitted by the network. The digital certificate includes a private key and a public key. When the mobile terminal sends data to the data transfer server, the mobile terminal may use the private key pair data in the digital certificate. Encryption (digital signature), the data transfer server decrypts the encrypted data using the public key after receiving the encrypted data; when the data transfer server sends the data to the mobile terminal, the data transfer server can use the public key pair in the digital certificate The data is encrypted, and the mobile terminal decrypts the encrypted data using the private key after receiving the encrypted data.
S309,移动终端将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。S309. The mobile terminal sends the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
S310,数据转移服务器对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。其中,所述经过数字签名的所述摘要信息携带有所述原文字段。S310. The data transfer server verifies the digitally signed summary information, and performs data transfer according to the verification result of the digitally signed summary information. The digitally signed summary information carries the original text field.
具体实现中,可以使用与所述私钥对应的公钥对所述经过数字签名的所述摘要信息进行解密;对经过解密的所述摘要信息进行验证。进一步的,可以根据所述原文字段生成得到摘要数据;将所述经过解密的所述摘要信息与所述摘要数据进行对比;根据所述经过解密的所述摘要信息与所述摘要数据的对比结果进行数据转移。进一步的,若经过解密的所述摘要信息与所述摘要数据相同,则数据转移结果为数据转移成功,若经过解密的所述摘要信息与所述摘要数据不相同,则数据转移结果为数据转移失败。In a specific implementation, the digitally signed summary information may be decrypted using a public key corresponding to the private key; and the decrypted summary information is verified. Further, the summary data may be generated according to the original text field; the decrypted summary information is compared with the summary data; and the compared result of the decrypted summary information and the summary data is compared Perform data transfer. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
可选的,可以向所述移动终端发送所述数据转移结果,以使所述移动终端显示与所述数据转移结果对应的提示信息。 Optionally, the data transfer result may be sent to the mobile terminal, so that the mobile terminal displays prompt information corresponding to the data transfer result.
本发明实施例中移动终端可以当检测到用户确认对所述订单进行数据转移时,验证用户输入指纹验证信息;进而使用预装的数字证书中的私钥对摘要信息进行数字签名,并将经过数字签名的摘要信息发送至数据转移服务器,以使数据转移服务器根据所述经过数字签名的摘要信息的验证结果进行数据转移,从而提高了数据转移的安全性。In the embodiment of the present invention, the mobile terminal may verify that the user inputs the fingerprint verification information when detecting that the user confirms the data transfer to the order; and then digitally sign the summary information using the private key in the pre-installed digital certificate, and the digital The signed summary information is sent to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information, thereby improving the security of the data transfer.
请参考图4,图4是本发明实施例提出的一种移动终端的结构示意图。如图所示,本发明实施例中的移动终端可以包括:Please refer to FIG. 4. FIG. 4 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention. As shown in the figure, the mobile terminal in the embodiment of the present invention may include:
信息接收模块401,用于接收数据转移服务器针对订单发送携带有挑战码的数据转移信息,所述数据转移信息包括订单信息。The information receiving module 401 is configured to receive, by the data transfer server, data transfer information carrying a challenge code for the order, where the data transfer information includes order information.
具体实现中,所述挑战码为数据转移服务器随机分配给移动终端的一个验证码,且仅与当前的数据转移服务相关,订单信息包括订单号、订单时间等等,数据转移信息还可以包括多种数据转移方式,移动终端可以接收用户输入的针对所述多种数据转移方式的选择指令,根据针对所述多种数据转移方式的选择指令从所述多种数据转移方式中选择一种数据转移方式进行数据转移。In a specific implementation, the challenge code is a verification code randomly assigned by the data transfer server to the mobile terminal, and is only related to the current data transfer service, the order information includes an order number, an order time, and the like, and the data transfer information may further include a data transfer mode, the mobile terminal may receive a selection instruction input by the user for the multiple data transfer modes, and select a data transfer from the multiple data transfer modes according to the selection instruction for the multiple data transfer modes. The way to transfer data.
信息提示模块402,用于当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息。The information prompting module 402 is configured to prompt the user to input fingerprint verification information when detecting that the user confirms data transfer to the order.
具体实现中,移动终端可以接收用户输入的数据转移的确认指令,在检测到用户输入的所述数据转移的确认指令时,提示所述用户输入指纹验证信息,并通过指纹采集装置获取用户输入的指纹验证信息。In a specific implementation, the mobile terminal may receive the confirmation instruction of the data transfer input by the user, and when detecting the confirmation instruction of the data transfer input by the user, prompting the user to input the fingerprint verification information, and acquiring the user input through the fingerprint collection device. Fingerprint verification information.
数字签名模块403,用于当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识。The digital signature module 403 is configured to: when determining that the fingerprint verification information input by the user matches the preset fingerprint template information, digitally sign the summary information by using a private key in the pre-installed digital certificate, where the summary information is based on The original field generates a data message, and the original text field includes the challenge code, the order information, and a mobile terminal identifier.
具体实现中,数字签名模块403将所述指纹验证信息与预设的指纹模板信息进行对比,若指纹验证信息与指纹模板信息不匹配,则提示用户重新输入指纹验证信息;若指纹验证信息与指纹模板信息相匹配,则执行使用预装的数字证书中的私钥对摘要信息进行数字签名的步骤。其中,所述数字证书可以对网络传输的摘要信息进行加密和解密,数字证书包括私钥和公钥,当移动终端向 数据转移服务器发送数据时,移动终端可以使用数字证书中的私钥对数据进行加密(数字签名),数据转移服务器接收到加密的数据后使用公钥对经过加密的数据进行解密;当数据转移服务器向移动终端发送数据时,数据转移服务器可以使用数字证书中的公钥对数据进行加密,移动终端接收到经过加密的数据后使用私钥对经过加密的数据进行解密。In a specific implementation, the digital signature module 403 compares the fingerprint verification information with the preset fingerprint template information, and if the fingerprint verification information does not match the fingerprint template information, prompts the user to re-enter the fingerprint verification information; if the fingerprint verification information and the fingerprint If the template information matches, the step of digitally signing the summary information using the private key in the pre-installed digital certificate is performed. The digital certificate can encrypt and decrypt the summary information transmitted by the network, and the digital certificate includes a private key and a public key, when the mobile terminal When the data transfer server sends data, the mobile terminal can encrypt the data (digital signature) using the private key in the digital certificate, and the data transfer server decrypts the encrypted data using the public key after receiving the encrypted data; when the data transfer server When transmitting data to the mobile terminal, the data transfer server may encrypt the data using the public key in the digital certificate, and the mobile terminal decrypts the encrypted data using the private key after receiving the encrypted data.
信息发送模块404,用于将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。The information sending module 404 is configured to send the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
具体实现中,所述经过数字签名的摘要信息携带有原文字段,数据转移服务器接收到携带有原文字段的经过数字签名的摘要信息之后,首先使用相同的函数将原文字段生成得到摘要数据;然后将所述经过解密的所述摘要信息与所述摘要数据进行对比;最后根据所述经过解密的所述摘要信息与所述摘要数据的对比结果进行数据转移。进一步的,若经过解密的所述摘要信息与所述摘要数据相同,则数据转移结果为数据转移成功,若经过解密的所述摘要信息与所述摘要数据不相同,则数据转移结果为数据转移失败。In a specific implementation, the digitally signed summary information carries an original text field, and after receiving the digitally signed summary information carrying the original text field, the data transfer server first generates the summary data by using the same function; And comparing the decrypted summary information with the summary data; and finally performing data transfer according to the comparison result of the decrypted summary information and the summary data. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
可选的,可以接收所述数据转移服务器发送的所述数据转移结果;根据所述数据转移结果,显示与所述数据转移结果对应的提示信息。进一步的,若数据转移结果为数据转移成功,则显示成功的消息,若数据转移结果为数据转移失败,则提示用户重新提交上述操作流程。Optionally, the data transfer result sent by the data transfer server may be received; and the prompt information corresponding to the data transfer result is displayed according to the data transfer result. Further, if the data transfer result is that the data transfer is successful, a successful message is displayed, and if the data transfer result is a data transfer failure, the user is prompted to resubmit the above operation flow.
可选的,如图4所示,移动终端还可以进一步包括:Optionally, as shown in FIG. 4, the mobile terminal may further include:
证书安装模块405,向所述数据转移服务器发送证书服务请求,以使所述数据转移服务器返回证书安装包;接收所述数字转移服务器发送的证书安装包;根据所述用户输入的针对所述证书安装包的确定指令,对所述证书安装包进行安装得到所述数字证书。a certificate installation module 405, sending a certificate service request to the data transfer server, so that the data transfer server returns a certificate installation package; receiving a certificate installation package sent by the digital transfer server; and the certificate input according to the user The installation package determines an instruction to install the certificate installation package to obtain the digital certificate.
可选的,证书安装模块405还可以用于检查移动终端是否在所述用户的指纹模板信息,若移动终端不存在所述用户的指纹模板信息,则获取用户输入的指纹模板信息,若移动终端存在所述用户的指纹模板信息,则提示用户数据转移业务开通成功。Optionally, the certificate installation module 405 is further configured to check whether the mobile terminal is in the fingerprint template information of the user, and if the fingerprint template information of the user does not exist in the mobile terminal, obtain the fingerprint template information input by the user, if the mobile terminal If the user's fingerprint template information exists, the user data transfer service is prompted to be successfully activated.
可选的,证书安装模块405还可以在用户登录数据转移客户端进入数据转 移业务激活页面之后,可以提示用户输入数据转移验证密码,当用户输入的数据转移验证密码正确时,执行向所述数据转移服务器发送证书服务请求的步骤。而且,在向所述数据转移服务器发送证书服务请求之前,还可以检查移动终端是否支持指纹识别,若移动终端支持指纹识别,则执行所述向所述数据转移服务器发送证书服务请求的步骤,若移动终端不支持指纹识别,则提示所述用户不支持数据转移业务。特别的,指纹识别均在移动终端本地执行。Optionally, the certificate installation module 405 can also enter the data transfer in the user login data transfer client. After the service activation page is moved, the user may be prompted to input a data transfer verification password, and when the data transfer verification password input by the user is correct, the step of sending a certificate service request to the data transfer server is performed. Moreover, before sending the certificate service request to the data transfer server, whether the mobile terminal supports fingerprint recognition, and if the mobile terminal supports fingerprint recognition, performing the step of sending a certificate service request to the data transfer server, if If the mobile terminal does not support fingerprint recognition, the user is prompted to not support the data transfer service. In particular, fingerprint recognition is performed locally on the mobile terminal.
进一步可选的,证书安装模块405还可以首先接收所述数据转移服务器通过所述移动终端的联系方式发送的信息验证码,并提示所述用户提交所述信息验证码;然后接收所述用户输入的信息验证码;最后将所述用户输入的信息验证码发送至所述数据转移服务器,以使所述数据转移服务器在确认所述用户输入的信息验证码正确时向所述移动终端发送所述证书安装包。Further, optionally, the certificate installation module 405 may first receive the information verification code sent by the data transfer server by using the contact manner of the mobile terminal, and prompt the user to submit the information verification code; and then receive the user input. Information verification code; finally, sending the information verification code input by the user to the data transfer server, so that the data transfer server sends the information to the mobile terminal when confirming that the information verification code input by the user is correct Certificate installation package.
指令接收模块406,用于接收所述用户输入的针对所述订单的确认指令。The instruction receiving module 406 is configured to receive the confirmation instruction input by the user for the order.
请求发送模块407,用于根据所述针对所述订单的确认指令,向所述数据转移服务器发送数据转移请求,所述数据转移服务器在检查所述订单的合法性之后,返回携带有所述挑战码的所述数据转移信息。The request sending module 407 is configured to send a data transfer request to the data transfer server according to the confirmation instruction for the order, and the data transfer server returns to carry the challenge after checking the legality of the order The data transfer information of the code.
本发明实施例中移动终端可以当检测到用户确认对所述订单进行数据转移时,验证用户输入指纹验证信息;进而使用预装的数字证书中的私钥对摘要信息进行数字签名,并将经过数字签名的摘要信息发送至数据转移服务器,以使数据转移服务器根据所述经过数字签名的摘要信息的验证结果进行数据转移,从而提高了数据转移的安全性。In the embodiment of the present invention, the mobile terminal may verify that the user inputs the fingerprint verification information when detecting that the user confirms the data transfer to the order; and then digitally sign the summary information using the private key in the pre-installed digital certificate, and the digital The signed summary information is sent to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information, thereby improving the security of the data transfer.
图5是本发明实施例提出的一种移动终端的另一结构示意图。如图所示,所述移动终端可以包括:至少一个处理器501,例如CPU,至少一个接收器503,至少一个存储器504,至少一个发送器505,至少一个通信总线502。其中,通信总线502用于实现这些组件之间的连接通信。其中,本发明实施例中移动终端的接收器903和发送器505可以是有线发送端口,也可以为无线设备,例如包括天线装置,用于与数据转移服务器进行信令或数据的通信。存储器504可以是高速RAM存储器,也可以是非不稳定的存储器(non-volatile memory),例如至少一个磁盘存储器。存储器504可选的还可以是至少一个位于远离前述处 理器501的存储装置。存储器504中存储一组程序代码,且处理器501用于调用存储器504中存储的程序代码,用于执行以下操作:FIG. 5 is another schematic structural diagram of a mobile terminal according to an embodiment of the present invention. As shown, the mobile terminal can include at least one processor 501, such as a CPU, at least one receiver 503, at least one memory 504, at least one transmitter 505, and at least one communication bus 502. Among them, the communication bus 502 is used to implement connection communication between these components. The receiver 903 and the transmitter 505 of the mobile terminal in the embodiment of the present invention may be a wired transmission port, or may be a wireless device, for example, including an antenna device, for performing signaling or data communication with the data transfer server. The memory 504 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory. The memory 504 may alternatively be at least one located away from the foregoing The storage device of the processor 501. A set of program codes is stored in the memory 504, and the processor 501 is configured to call the program code stored in the memory 504 for performing the following operations:
通过接收器503接收数据转移服务器针对订单发送携带有挑战码的数据转移信息,所述数据转移信息包括订单信息;Receiving, by the receiver 503, the data transfer server transmitting the data transfer information carrying the challenge code for the order, where the data transfer information includes the order information;
当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息;When detecting that the user confirms data transfer to the order, prompting the user to input fingerprint verification information;
当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;When it is determined that the fingerprint verification information input by the user matches the preset fingerprint template information, the digest information is digitally signed by using a private key in the pre-installed digital certificate, and the digest information is generated according to the original text field to obtain a data message. The original text field includes the challenge code, the order information, and a mobile terminal identifier;
通过发送器505将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。The digitally signed summary information is transmitted to the data transfer server by the transmitter 505 to cause the data transfer server to perform data transfer according to the verification result of the digitally signed summary information.
可选的,处理器501调用存储器504中存储的程序,在接收数据转移服务器针对订单发送携带有挑战码的数据转移信息之前,还可以执行:Optionally, the processor 501 calls the program stored in the memory 504, and before the receiving data transfer server sends the data transfer information carrying the challenge code for the order, the following:
接收所述用户输入的针对所述订单的确认指令;Receiving a confirmation instruction for the order input by the user;
根据所述针对所述订单的确认指令,向所述数据转移服务器发送数据转移请求,以使所述数据转移服务器返回携带有所述挑战码的所述数据转移信息。And transmitting, according to the confirmation instruction for the order, a data transfer request to the data transfer server, so that the data transfer server returns the data transfer information carrying the challenge code.
可选的,处理器501调用存储器504中存储的程序,在接收数据转移服务器针对订单发送携带有挑战码的数据转移信息之前,还可以执行:Optionally, the processor 501 calls the program stored in the memory 504, and before the receiving data transfer server sends the data transfer information carrying the challenge code for the order, the following:
向所述数据转移服务器发送证书服务请求,以使所述数据转移服务器返回证书安装包;Sending a certificate service request to the data transfer server to cause the data transfer server to return a certificate installation package;
接收所述数字转移服务器发送的证书安装包;Receiving a certificate installation package sent by the digital transfer server;
根据所述用户输入的针对所述证书安装包的确定指令,对所述证书安装包进行安装得到所述数字证书。And installing the certificate installation package to obtain the digital certificate according to the determining instruction input by the user for the certificate installation package.
可选的,处理器501调用存储器504中存储的程序,所述证书服务请求包括所述移动终端的联系方式,所述接收所述数字转移服务器发送的证书安装包之前,还可以执行:Optionally, the processor 501 calls a program stored in the memory 504, where the certificate service request includes a contact manner of the mobile terminal, and before receiving the certificate installation package sent by the digital transfer server, the method may further perform:
接收所述数据转移服务器通过所述移动终端的联系方式发送的信息验证 码,并提示所述用户提交所述信息验证码;Receiving information verification sent by the data transfer server by using the contact manner of the mobile terminal And prompting the user to submit the information verification code;
接收所述用户输入的信息验证码;Receiving an information verification code input by the user;
将所述用户输入的信息验证码发送至所述数据转移服务器,以使所述数据转移服务器在确认所述用户输入的信息验证码正确时向所述移动终端发送所述证书安装包。Sending the information verification code input by the user to the data transfer server, so that the data transfer server sends the certificate installation package to the mobile terminal when confirming that the information verification code input by the user is correct.
请参考图6,图6是本发明实施例提出的一种数据转移服务器的结构示意图。如图所示,本发明实施例中的数据转移服务器可以包括:Please refer to FIG. 6. FIG. 6 is a schematic structural diagram of a data transfer server according to an embodiment of the present invention. As shown in the figure, the data transfer server in the embodiment of the present invention may include:
信息发送模块601,用于向移动终端发送携带有挑战码的数据转移信息,以使所述移动终端当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识。The information sending module 601 is configured to send the data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user when the user confirms that the user performs data transfer on the order, and then uses the pre-installed The private key in the digital certificate digitally signs the summary information, the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order Information and mobile terminal identification.
可选的,信息发送模块601还可以用于接收所述移动终端发送的数据转移请求;根据所述数据转移请求,执行所述向移动终端发送携带有挑战码的数据转移信息的步骤。Optionally, the information sending module 601 is further configured to receive a data transfer request sent by the mobile terminal, and perform the step of sending the data transfer information carrying the challenge code to the mobile terminal according to the data transfer request.
信息接收模块602,用于接收所述移动终端发送的经过数字签名的所述摘要信息。The information receiving module 602 is configured to receive the digitally signed summary information sent by the mobile terminal.
信息验证模块603,用于对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。The information verification module 603 is configured to verify the digitally signed summary information, and perform data transfer according to the verification result of the digitally signed summary information.
具体实现中,可以使用与所述私钥对应的公钥对所述经过数字签名的所述摘要信息进行解密;对经过解密的所述摘要信息进行验证。进一步的,可以根据所述原文字段生成得到摘要数据;将所述经过解密的所述摘要信息与所述摘要数据进行对比;根据所述经过解密的所述摘要信息与所述摘要数据的对比结果进行数据转移。进一步的,若经过解密的所述摘要信息与所述摘要数据相同,则数据转移结果为数据转移成功,若经过解密的所述摘要信息与所述摘要数据不相同,则数据转移结果为数据转移失败。In a specific implementation, the digitally signed summary information may be decrypted using a public key corresponding to the private key; and the decrypted summary information is verified. Further, the summary data may be generated according to the original text field; the decrypted summary information is compared with the summary data; and the compared result of the decrypted summary information and the summary data is compared Perform data transfer. Further, if the decrypted summary information is the same as the summary data, the data transfer result is data transfer success, and if the decrypted summary information is different from the summary data, the data transfer result is data transfer. failure.
可选的,可以向所述移动终端发送所述数据转移结果,以使所述移动终端显示与所述数据转移结果对应的提示信息。 Optionally, the data transfer result may be sent to the mobile terminal, so that the mobile terminal displays prompt information corresponding to the data transfer result.
可选的,如图6所示,本发明实施例中的数据转移服务器还可以包括:Optionally, as shown in FIG. 6, the data transfer server in the embodiment of the present invention may further include:
请求接收模块604,用于接收所述移动终端发送的证书服务请求。The request receiving module 604 is configured to receive a certificate service request sent by the mobile terminal.
证书发送模块605,用于根据所述证书服务请求,向所述移动终端发送证书安装包,以使所述移动终端对所述证书安装包进行安装得到所述数字证书。The certificate sending module 605 is configured to send a certificate installation package to the mobile terminal according to the certificate service request, so that the mobile terminal installs the certificate installation package to obtain the digital certificate.
具体实现中,所述证书服务请求包括所述移动终端的联系方式,可以通过所述移动终端的联系方式向所述移动终端发送信息验证码,以使所述移动终端提示所述用户提交所述信息验证码;接收所述移动终端发送的所述用户提交的信息验证码;在确认所述用户提交的信息验证码正确时,向所述移动终端发送所述证书安装包。In a specific implementation, the certificate service request includes a contact mode of the mobile terminal, and the information verification code may be sent to the mobile terminal by using a contact manner of the mobile terminal, so that the mobile terminal prompts the user to submit the And the information verification code; receiving the information verification code submitted by the user sent by the mobile terminal; and sending the certificate installation package to the mobile terminal when confirming that the information verification code submitted by the user is correct.
本发明实施例中数据转移服务器可以接收移动终端发送的经过数字签名的摘要信息,对经过数字签名的摘要信息进行验证,并根据经过数字签名的所述摘要信息的验证结果进行数据转移,从而提高了数据转移的安全性。In the embodiment of the present invention, the data transfer server may receive the digitally signed summary information sent by the mobile terminal, verify the digitally signed summary information, and perform data transfer according to the digitally signed verification result of the summary information, thereby improving The security of data transfer.
图7是本发明实施例提出的一种数据转移服务器的结构示意图,如图所示,所述数据转移服务器可以包括:至少一个处理器701,例如CPU,至少一个接收器703,至少一个存储器704,至少一个发送器705,至少一个通信总线702。其中,通信总线702用于实现这些组件之间的连接通信。其中,本发明实施例中数据转移服务器的接收器703和发送器705可以是有线发送端口,也可以为无线设备,例如包括天线装置,用于与移动终端进行信令或数据的通信。存储器704可以是高速RAM存储器,也可以是非不稳定的存储器(non-volatile memory),例如至少一个磁盘存储器。存储器704可选的还可以是至少一个位于远离前述处理器701的存储装置。存储器704中存储一组程序代码,且处理器701用于调用存储器704中存储的程序代码,用于执行以下操作:FIG. 7 is a schematic structural diagram of a data transfer server according to an embodiment of the present invention. As shown, the data transfer server may include at least one processor 701, such as a CPU, at least one receiver 703, and at least one memory 704. At least one transmitter 705, at least one communication bus 702. Among them, the communication bus 702 is used to implement connection communication between these components. The receiver 703 and the transmitter 705 of the data transfer server in the embodiment of the present invention may be a wired transmission port, or may be a wireless device, for example, including an antenna device, for performing signaling or data communication with the mobile terminal. The memory 704 may be a high speed RAM memory or a non-volatile memory such as at least one disk memory. The memory 704 can optionally also be at least one storage device located remotely from the aforementioned processor 701. A set of program codes is stored in the memory 704, and the processor 701 is configured to call the program code stored in the memory 704 for performing the following operations:
通过发送器705向移动终端发送携带有挑战码的数据转移信息,以使所述移动终端当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;Transmitting, by the transmitter 705, the data transfer information carrying the challenge code to the mobile terminal, so that the mobile terminal verifies the fingerprint verification information input by the user and detects the use of the pre-installed digital certificate when detecting that the user confirms data transfer to the order. The private key in the digital signature is digitally signed, the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order information, and the mobile Terminal identification
通过接收器703接收所述移动终端发送的经过数字签名的所述摘要信息; Receiving, by the receiver 703, the digitally signed summary information sent by the mobile terminal;
对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。And verifying the digitally signed summary information, and performing data transfer according to the verification result of the digitally signed summary information.
可选的,处理器701调用存储器704中存储的程序还可以执行:Alternatively, the processor 701 calls the program stored in the memory 704 to perform:
使用与所述私钥对应的公钥对所述经过数字签名的所述摘要信息进行解密;Decrypting the digitally signed summary information using a public key corresponding to the private key;
对经过解密的所述摘要信息进行验证。The decrypted summary information is verified.
可选的,处理器701调用存储器704中存储的程序还可以执行:Alternatively, the processor 701 calls the program stored in the memory 704 to perform:
根据所述原文字段生成得到摘要数据;Generating summary data according to the original text field;
将所述经过解密的所述摘要信息与所述摘要数据进行对比;Comparing the decrypted summary information with the summary data;
根据所述经过解密的所述摘要信息与所述摘要数据的对比结果进行数据转移。Data transfer is performed according to the comparison result of the decrypted summary information and the summary data.
可选的,处理器701调用存储器704中存储的程序还可以执行:Alternatively, the processor 701 calls the program stored in the memory 704 to perform:
接收所述移动终端发送的数据转移请求;Receiving a data transfer request sent by the mobile terminal;
根据所述数据转移请求,执行所述向移动终端发送携带有挑战码的数据转移信息的步骤。And transmitting, according to the data transfer request, the step of transmitting the data transfer information carrying the challenge code to the mobile terminal.
可选的,处理器701调用存储器704中存储的程序,向移动终端发送携带有挑战码的数据转移信息之前,还可以执行:Optionally, before the processor 701 calls the program stored in the memory 704 to send the data transfer information carrying the challenge code to the mobile terminal, the processor 701 may further perform:
接收所述移动终端发送的证书服务请求;Receiving a certificate service request sent by the mobile terminal;
根据所述证书服务请求,向所述移动终端发送证书安装包,以使所述移动终端对所述证书安装包进行安装得到所述数字证书。And sending, according to the certificate service request, a certificate installation package to the mobile terminal, so that the mobile terminal installs the certificate installation package to obtain the digital certificate.
可选的,处理器701调用存储器704中存储的程序,所述证书服务请求包括所述移动终端的联系方式,还可以执行:Optionally, the processor 701 calls a program stored in the memory 704, where the certificate service request includes a contact manner of the mobile terminal, and may further:
通过所述移动终端的联系方式向所述移动终端发送信息验证码,以使所述移动终端提示所述用户提交所述信息验证码;Sending, by the contact manner of the mobile terminal, an information verification code to the mobile terminal, so that the mobile terminal prompts the user to submit the information verification code;
接收所述移动终端发送的所述用户提交的信息验证码;Receiving, by the mobile terminal, the information verification code submitted by the user;
在确认所述用户提交的信息验证码正确时,向所述移动终端发送所述证书安装包。When it is confirmed that the information verification code submitted by the user is correct, the certificate installation package is sent to the mobile terminal.
请参考图8,图8是本发明实施例提出的一种数据转移系统的结构示意图。 如图所示,本发明实施例中的系统包括至少一个移动终端801以及数据转移服务器802,其中:Please refer to FIG. 8. FIG. 8 is a schematic structural diagram of a data transfer system according to an embodiment of the present invention. As shown, the system in the embodiment of the present invention includes at least one mobile terminal 801 and a data transfer server 802, wherein:
移动终端801,用于接收数据转移服务器802针对订单发送携带有挑战码的数据转移信息,所述数据转移信息包括订单信息;当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息;当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器802根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。The mobile terminal 801 is configured to receive, by the data transfer server 802, data transfer information carrying a challenge code for an order, where the data transfer information includes order information; and when detecting that the user confirms data transfer to the order, prompting the user Entering fingerprint verification information; when it is determined that the fingerprint verification information input by the user matches the preset fingerprint template information, the summary information is digitally signed using the private key in the pre-installed digital certificate, and the summary information is based on the original text field. Generating a data message, the original text field including the challenge code, the order information, and the mobile terminal identifier; and transmitting the digitally signed summary information to the data transfer server, so that the data transfer server 802 Performing data transfer according to the verification result of the digitally signed summary information.
数据转移服务器802,用于向移动终端801发送携带有挑战码的数据转移信息,以使所述移动终端801当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息;接收所述移动终端801发送的经过数字签名的所述摘要信息;对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。The data transfer server 802 is configured to send the data transfer information carrying the challenge code to the mobile terminal 801, so that the mobile terminal 801 verifies the fingerprint verification information input by the user when the user confirms that the user performs data transfer on the order. The private key in the pre-installed digital certificate digitally signs the summary information, the data transfer information includes order information; receiving the digitally signed summary information sent by the mobile terminal 801; and the digitally signed office The summary information is verified, and data is transferred according to the verification result of the digitally signed summary information.
需要说明的是,对于前述的各个方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某一些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本发明所必须的。It should be noted that, for the foregoing various method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the present invention is not limited by the described action sequence. Because certain steps may be performed in other sequences or concurrently in accordance with the present invention. In addition, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详细描述的部分,可以参见其他实施例的相关描述。In the above embodiments, the descriptions of the various embodiments are different, and the parts that are not described in detail in a certain embodiment can be referred to the related descriptions of other embodiments.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:闪存盘、只读存储器(英文:Read-Only Memory,简称:ROM)、随机存取器(英文:Random Access Memory,简称:RAM)、磁盘或光盘等。 A person skilled in the art may understand that all or part of the various steps of the foregoing embodiments may be performed by a program to instruct related hardware. The program may be stored in a computer readable storage medium, and the storage medium may include: Flash disk, read-only memory (English: Read-Only Memory, referred to as: ROM), random accessor (English: Random Access Memory, referred to as: RAM), disk or optical disk.
以上对本发明实施例所提供的内容下载方法及相关设备、系统进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。 The content downloading method and the related device and system provided by the embodiments of the present invention are described in detail above. The principles and implementation manners of the present invention are described in the specific examples. The description of the above embodiments is only used to help understand the present invention. The method of the invention and its core idea; at the same time, for the person of ordinary skill in the art, according to the idea of the present invention, there are some changes in the specific embodiment and the scope of application. In summary, the content of the specification should not be understood. To limit the invention.

Claims (20)

  1. 一种数据转移方法,其特征在于,所述方法包括:A data transfer method, the method comprising:
    接收数据转移服务器针对订单发送携带有挑战码的数据转移信息,所述数据转移信息包括订单信息;Receiving, by the receiving data transfer server, data transfer information carrying a challenge code for the order, where the data transfer information includes order information;
    当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息;When detecting that the user confirms data transfer to the order, prompting the user to input fingerprint verification information;
    当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;When it is determined that the fingerprint verification information input by the user matches the preset fingerprint template information, the digest information is digitally signed by using a private key in the pre-installed digital certificate, and the digest information is generated according to the original text field to obtain a data message. The original text field includes the challenge code, the order information, and a mobile terminal identifier;
    将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。And transmitting the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
  2. 如权利要求1所述的方法,其特征在于,所述接收数据转移服务器针对订单发送携带有挑战码的数据转移信息之前,包括:The method of claim 1, wherein the receiving the data transfer server before transmitting the data transfer information carrying the challenge code for the order comprises:
    接收所述用户输入的针对所述订单的确认指令;Receiving a confirmation instruction for the order input by the user;
    根据所述针对所述订单的确认指令,向所述数据转移服务器发送数据转移请求,以使所述数据转移服务器返回携带有所述挑战码的所述数据转移信息。And transmitting, according to the confirmation instruction for the order, a data transfer request to the data transfer server, so that the data transfer server returns the data transfer information carrying the challenge code.
  3. 如权利要求1或2所述的方法,其特征在于,所述接收数据转移服务器针对订单发送携带有挑战码的数据转移信息之前,包括:The method according to claim 1 or 2, wherein before the receiving data transfer server sends the data transfer information carrying the challenge code for the order, the method includes:
    向所述数据转移服务器发送证书服务请求,以使所述数据转移服务器返回证书安装包;Sending a certificate service request to the data transfer server to cause the data transfer server to return a certificate installation package;
    接收所述数字转移服务器发送的证书安装包;Receiving a certificate installation package sent by the digital transfer server;
    根据所述用户输入的针对所述证书安装包的确定指令,对所述证书安装包进行安装得到所述数字证书。 And installing the certificate installation package to obtain the digital certificate according to the determining instruction input by the user for the certificate installation package.
  4. 如权利要求3所述的方法,其特征在于,所述证书服务请求包括所述移动终端的联系方式,所述接收所述数字转移服务器发送的证书安装包之前,还包括:The method of claim 3, wherein the certificate service request includes a contact information of the mobile terminal, and before receiving the certificate installation package sent by the digital transfer server, the method further includes:
    接收所述数据转移服务器通过所述移动终端的联系方式发送的信息验证码,并提示所述用户提交所述信息验证码;Receiving an information verification code sent by the data transfer server by using a contact manner of the mobile terminal, and prompting the user to submit the information verification code;
    接收所述用户输入的信息验证码;Receiving an information verification code input by the user;
    将所述用户输入的信息验证码发送至所述数据转移服务器,以使所述数据转移服务器在确认所述用户输入的信息验证码正确时向所述移动终端发送所述证书安装包。Sending the information verification code input by the user to the data transfer server, so that the data transfer server sends the certificate installation package to the mobile terminal when confirming that the information verification code input by the user is correct.
  5. 一种数据转移方法,其特征在于,所述方法包括:A data transfer method, the method comprising:
    向移动终端发送携带有挑战码的数据转移信息,以使所述移动终端当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;Transmitting, by the mobile terminal, data transfer information carrying the challenge code, so that the mobile terminal verifies the fingerprint verification information input by the user when detecting that the user confirms data transfer to the order, and then uses the private key in the pre-installed digital certificate. Digitally signing the summary information, where the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order information, and the mobile terminal identifier;
    接收所述移动终端发送的经过数字签名的所述摘要信息;Receiving the digitally signed summary information sent by the mobile terminal;
    对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。And verifying the digitally signed summary information, and performing data transfer according to the verification result of the digitally signed summary information.
  6. 如权利要求5所述的方法,其特征在于,所述对所述经过数字签名的所述摘要信息进行验证包括:The method of claim 5, wherein the verifying the digitally signed summary information comprises:
    使用与所述私钥对应的公钥对所述经过数字签名的所述摘要信息进行解密;Decrypting the digitally signed summary information using a public key corresponding to the private key;
    对经过解密的所述摘要信息进行验证。The decrypted summary information is verified.
  7. 如权利要求6所述的方法,其特征在于,所述经过数字签名的所述摘要信息携带有所述原文字段,所述对所述经过数字签名的所述摘要信息进行验 证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移包括:The method according to claim 6, wherein said digitally signed summary information carries said original text field, said verifying said digitally signed summary information And performing data transfer according to the verification result of the digitally signed summary information includes:
    根据所述原文字段生成得到摘要数据;Generating summary data according to the original text field;
    将所述经过解密的所述摘要信息与所述摘要数据进行对比;Comparing the decrypted summary information with the summary data;
    根据所述经过解密的所述摘要信息与所述摘要数据的对比结果进行数据转移。Data transfer is performed according to the comparison result of the decrypted summary information and the summary data.
  8. 如权利要求5所述的方法,其特征在于,所述向移动终端发送携带有挑战码的数据转移信息包括:The method of claim 5, wherein the transmitting the data transfer information carrying the challenge code to the mobile terminal comprises:
    接收所述移动终端发送的数据转移请求;Receiving a data transfer request sent by the mobile terminal;
    根据所述数据转移请求,执行所述向移动终端发送携带有挑战码的数据转移信息的步骤。And transmitting, according to the data transfer request, the step of transmitting the data transfer information carrying the challenge code to the mobile terminal.
  9. 如权利要求5~8任意一项所述的方法,其特征在于,所述向移动终端发送携带有挑战码的数据转移信息之前,还包括:The method according to any one of claims 5 to 8, wherein before the transmitting the data transfer information carrying the challenge code to the mobile terminal, the method further includes:
    接收所述移动终端发送的证书服务请求;Receiving a certificate service request sent by the mobile terminal;
    根据所述证书服务请求,向所述移动终端发送证书安装包,以使所述移动终端对所述证书安装包进行安装得到所述数字证书。And sending, according to the certificate service request, a certificate installation package to the mobile terminal, so that the mobile terminal installs the certificate installation package to obtain the digital certificate.
  10. 如权利要求9所述的方法,其特征在于,所述证书服务请求包括所述移动终端的联系方式,所述根据所述证书服务请求,向所述移动终端发送证书安装包包括:The method of claim 9, wherein the certificate service request comprises a contact mode of the mobile terminal, and the sending the certificate installation package to the mobile terminal according to the certificate service request comprises:
    通过所述移动终端的联系方式向所述移动终端发送信息验证码,以使所述移动终端提示所述用户提交所述信息验证码;Sending, by the contact manner of the mobile terminal, an information verification code to the mobile terminal, so that the mobile terminal prompts the user to submit the information verification code;
    接收所述移动终端发送的所述用户提交的信息验证码;Receiving, by the mobile terminal, the information verification code submitted by the user;
    在确认所述用户提交的信息验证码正确时,向所述移动终端发送所述证书安装包。When it is confirmed that the information verification code submitted by the user is correct, the certificate installation package is sent to the mobile terminal.
  11. 一种移动终端,其特征在于,所述移动终端包括:至少一个处理器及连接于所述至少一个处理器的存储器,所述处理器调用所述存储器中存储的程 序代码用于执行以下操作的指令:A mobile terminal, comprising: at least one processor and a memory connected to the at least one processor, the processor calling a program stored in the memory The sequence code is used to execute the following instructions:
    接收数据转移服务器针对订单发送携带有挑战码的数据转移信息,所述数据转移信息包括订单信息;Receiving, by the receiving data transfer server, data transfer information carrying a challenge code for the order, where the data transfer information includes order information;
    当检测到用户确认对所述订单进行数据转移时,提示所述用户输入指纹验证信息;When detecting that the user confirms data transfer to the order, prompting the user to input fingerprint verification information;
    当确定所述用户输入的指纹验证信息与预设的指纹模板信息匹配时,使用预装的数字证书中的私钥对摘要信息进行数字签名,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;When it is determined that the fingerprint verification information input by the user matches the preset fingerprint template information, the digest information is digitally signed by using a private key in the pre-installed digital certificate, and the digest information is generated according to the original text field to obtain a data message. The original text field includes the challenge code, the order information, and a mobile terminal identifier;
    将经过数字签名的所述摘要信息发送至所述数据转移服务器,以使所述数据转移服务器根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。And transmitting the digitally signed summary information to the data transfer server, so that the data transfer server performs data transfer according to the verification result of the digitally signed summary information.
  12. 如权利要求11所述的移动终端,其特征在于,所述处理器还调用所述存储器中存储的程序代码用于执行以下操作的指令:The mobile terminal of claim 11 wherein said processor further invokes program code stored in said memory for instructions to:
    接收所述用户输入的针对所述订单的确认指令;Receiving a confirmation instruction for the order input by the user;
    根据所述针对所述订单的确认指令,向所述数据转移服务器发送数据转移请求,以使所述数据转移服务器返回携带有所述挑战码的所述数据转移信息。And transmitting, according to the confirmation instruction for the order, a data transfer request to the data transfer server, so that the data transfer server returns the data transfer information carrying the challenge code.
  13. 如权利要求11或12所述的移动终端,其特征在于,所述处理器调用所述存储器中存储的程序代码用于执行以下操作的指令:A mobile terminal according to claim 11 or 12, wherein said processor calls a program code stored in said memory for executing an instruction of:
    向所述数据转移服务器发送证书服务请求,以使所述数据转移服务器返回证书安装包;Sending a certificate service request to the data transfer server to cause the data transfer server to return a certificate installation package;
    接收所述数字转移服务器发送的证书安装包;Receiving a certificate installation package sent by the digital transfer server;
    根据所述用户输入的针对所述证书安装包的确定指令,对所述证书安装包进行安装得到所述数字证书。And installing the certificate installation package to obtain the digital certificate according to the determining instruction input by the user for the certificate installation package.
  14. 如权利要求13所述的移动终端,其特征在于,所述处理器调用所述存储器中存储的程序代码执行所述接收所述数字转移服务器发送的证书安装 包之前,所述处理器调用所述存储器中存储的程序代码还用于执行以下操作的指令:A mobile terminal according to claim 13, wherein said processor calls said program code stored in said memory to perform said certificate installation of said digital transfer server Prior to the packet, the processor invokes the program code stored in the memory and is also used to execute instructions for:
    接收所述数据转移服务器通过所述移动终端的联系方式发送的信息验证码,并提示所述用户提交所述信息验证码;接收所述用户输入的信息验证码;将所述用户输入的信息验证码发送至所述数据转移服务器,以使所述数据转移服务器在确认所述用户输入的信息验证码正确时向所述移动终端发送所述证书安装包。Receiving an information verification code sent by the data transfer server by using the contact manner of the mobile terminal, and prompting the user to submit the information verification code; receiving the information verification code input by the user; verifying the information input by the user The code is sent to the data transfer server to cause the data transfer server to send the certificate installation package to the mobile terminal when confirming that the information verification code input by the user is correct.
  15. 一种数据转移服务器,其特征在于,至少一个处理器及连接于所述至少一个处理器的存储器,所述处理器调用所述存储器中存储的程序代码用于执行以下操作的指令:A data transfer server, characterized by at least one processor and a memory coupled to the at least one processor, the processor invoking instructions stored in the memory for executing instructions for:
    向移动终端发送携带有挑战码的数据转移信息,以使所述移动终端当检测到用户确认对所述订单进行数据转移时验证用户输入的指纹验证信息进而使用预装的数字证书中的私钥对摘要信息进行数字签名,所述数据转移信息包括订单信息,所述摘要信息为根据原文字段生成得到数据报文,所述原文字段包括所述挑战码、所述订单信息以及移动终端标识;Transmitting, by the mobile terminal, data transfer information carrying the challenge code, so that the mobile terminal verifies the fingerprint verification information input by the user when detecting that the user confirms data transfer to the order, and then uses the private key in the pre-installed digital certificate. Digitally signing the summary information, where the data transfer information includes order information, and the summary information is generated by generating a data message according to the original text field, where the original text field includes the challenge code, the order information, and the mobile terminal identifier;
    接收所述移动终端发送的经过数字签名的所述摘要信息;Receiving the digitally signed summary information sent by the mobile terminal;
    对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移。And verifying the digitally signed summary information, and performing data transfer according to the verification result of the digitally signed summary information.
  16. 如权利要求15所述的数据转移服务器,其特征在于,所述处理器调用所述存储器中存储的程序代码用于执行所述对所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移,所述处理器调用所述存储器中存储的程序代码还用于执行以下操作的指令:A data transfer server according to claim 15, wherein said processor calls said program code stored in said memory for performing said verification of said digitally signed summary information, and The result of the verification of the digitally signed summary information is performed, and the processor calls the program code stored in the memory to further execute an instruction for:
    使用与所述私钥对应的公钥对所述经过数字签名的所述摘要信息进行解密;对经过解密的所述摘要信息进行验证。Decrypting the digitally signed summary information using a public key corresponding to the private key; verifying the decrypted summary information.
  17. 如权利要求16所述的数据转移服务器,其特征在于,所述处理器调 用所述存储器中存储的程序代码用于执行所述经过数字签名的所述摘要信息进行验证,并根据所述经过数字签名的所述摘要信息的验证结果进行数据转移,具体包括:The data transfer server of claim 16 wherein said processor is tuned Using the program code stored in the memory for performing the digitally signed summary information for verification, and performing data transfer according to the verification result of the digitally signed summary information, specifically including:
    根据所述原文字段生成得到摘要数据;Generating summary data according to the original text field;
    将所述经过解密的所述摘要信息与所述摘要数据进行对比;Comparing the decrypted summary information with the summary data;
    根据所述经过解密的所述摘要信息与所述摘要数据的对比结果进行数据转移。Data transfer is performed according to the comparison result of the decrypted summary information and the summary data.
  18. 如权利要求15所述的数据转移服务器,其特征在于,所述处理器调用所述存储器中存储的程序代码用于执行所述向移动终端发送携带有挑战码的数据转移信息包括:The data transfer server according to claim 15, wherein the processor invoking the program code stored in the memory for executing the transmitting the data transfer information carrying the challenge code to the mobile terminal comprises:
    接收所述移动终端发送的数据转移请求;根据所述数据转移请求,执行所述向移动终端发送携带有挑战码的数据转移信息的操作的指令。Receiving a data transfer request sent by the mobile terminal; and executing, according to the data transfer request, an instruction to send an operation of carrying the data transfer information of the challenge code to the mobile terminal.
  19. 如权利要求15~18任意一项所述的数据转移服务器,其特征在于,所述处理器调用所述存储器中存储的程序代码还用于执行以下操作的指令:A data transfer server according to any one of claims 15 to 18, wherein said processor calls said program code stored in said memory for further executing instructions for:
    接收所述移动终端发送的证书服务请求;Receiving a certificate service request sent by the mobile terminal;
    根据所述证书服务请求,向所述移动终端发送证书安装包,以使所述移动终端对所述证书安装包进行安装得到所述数字证书。And sending, according to the certificate service request, a certificate installation package to the mobile terminal, so that the mobile terminal installs the certificate installation package to obtain the digital certificate.
  20. 如权利要求19所述的数据转移服务器,其特征在于,所述处理器调用所述存储器中存储的程序代码用于执行所述根据所述证书服务请求,向所述移动终端发送证书安装包,以使所述移动终端对所述证书安装包进行安装得到所述数字证书,所述处理器调用所述存储器中存储的程序代码还用于执行以下操作的指令:The data transfer server according to claim 19, wherein said processor calls said program code stored in said memory for executing said certificate installation package to said mobile terminal according to said certificate service request, The digital certificate is obtained by causing the mobile terminal to install the certificate installation package, and the processor calls the program code stored in the memory to further execute an instruction for:
    通过所述移动终端的联系方式向所述移动终端发送信息验证码,以使所述移动终端提示所述用户提交所述信息验证码;接收所述移动终端发送的所述用户提交的信息验证码;在确认所述用户提交的信息验证码正确时,向所述移动终端发送所述证书安装包。 Sending, by the mobile terminal, a message verification code to the mobile terminal, so that the mobile terminal prompts the user to submit the information verification code; and receiving the information verification code submitted by the user by the mobile terminal And sending the certificate installation package to the mobile terminal when confirming that the information verification code submitted by the user is correct.
PCT/CN2016/079565 2015-07-29 2016-04-18 Data transfer method, mobile terminal, server and system WO2017016241A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510454113.3 2015-07-29
CN201510454113.3A CN106411815B (en) 2015-07-29 2015-07-29 A kind of data transfering method, mobile terminal, server and system

Publications (1)

Publication Number Publication Date
WO2017016241A1 true WO2017016241A1 (en) 2017-02-02

Family

ID=57884135

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/079565 WO2017016241A1 (en) 2015-07-29 2016-04-18 Data transfer method, mobile terminal, server and system

Country Status (2)

Country Link
CN (1) CN106411815B (en)
WO (1) WO2017016241A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1418486B1 (en) * 2002-11-05 2007-04-11 Samsung Electronics Co., Ltd. Fingerprint-based authentication apparatus
CN102880960A (en) * 2012-09-26 2013-01-16 深圳市亚略特生物识别科技有限公司 Short message payment method and system based on fingerprint identifying mobile phone
CN104200363A (en) * 2014-08-11 2014-12-10 济南曼维信息科技有限公司 Fingerprint-encryption-based electronic purse system payment method
CN104899488A (en) * 2014-12-31 2015-09-09 深圳市腾讯计算机系统有限公司 Numerical value transferring method and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6963659B2 (en) * 2000-09-15 2005-11-08 Facekey Corp. Fingerprint verification system utilizing a facial image-based heuristic search method
CN101110113A (en) * 2007-08-10 2008-01-23 魏恺言 Multi-use safety device for computing electronic payment code and its generating method
CN102752115B (en) * 2012-07-04 2015-09-16 北京天龙融和软件有限公司 Challenge code generating method and device, dynamic password authentication method and system
CN103020825B (en) * 2012-12-05 2016-05-11 福建派活园科技信息股份公司 A kind of secure payment authentication method based on software client
CN103745345A (en) * 2014-01-27 2014-04-23 上海坤士合生信息科技有限公司 System and method applied to transaction platform for realizing grading safety processing of financial information
CN104484804A (en) * 2014-12-24 2015-04-01 福建联迪商用设备有限公司 Secure fingerprint transaction paying method and system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1418486B1 (en) * 2002-11-05 2007-04-11 Samsung Electronics Co., Ltd. Fingerprint-based authentication apparatus
CN102880960A (en) * 2012-09-26 2013-01-16 深圳市亚略特生物识别科技有限公司 Short message payment method and system based on fingerprint identifying mobile phone
CN104200363A (en) * 2014-08-11 2014-12-10 济南曼维信息科技有限公司 Fingerprint-encryption-based electronic purse system payment method
CN104899488A (en) * 2014-12-31 2015-09-09 深圳市腾讯计算机系统有限公司 Numerical value transferring method and device

Also Published As

Publication number Publication date
CN106411815A (en) 2017-02-15
CN106411815B (en) 2019-06-07

Similar Documents

Publication Publication Date Title
US9832183B2 (en) Key management using quasi out of band authentication architecture
EP3175578B1 (en) System and method for establishing trust using secure transmission protocols
US9722984B2 (en) Proximity-based authentication
US8606234B2 (en) Methods and apparatus for provisioning devices with secrets
US9444809B2 (en) Secure and efficient authentication using plug-in hardware compatible with desktops, laptops and/or smart mobile communication devices such as iPhones™
JP6803326B2 (en) Systems and methods for implementing one-time passwords using asymmetric cryptography
KR101904177B1 (en) Data processing method and apparatus
CN107196922B (en) Identity authentication method, user equipment and server
US20160344723A1 (en) User Authentication in a Mobile Environment
CN107241339B (en) Identity authentication method, identity authentication device and storage medium
US8584225B1 (en) Push channel authentication for mobile computing devices
WO2015192670A1 (en) User identity authentication method, terminal and service terminal
US10798068B2 (en) Wireless information passing and authentication
US11329824B2 (en) System and method for authenticating a transaction
US10404475B2 (en) Method and system for establishing a secure communication tunnel
CN110958119A (en) Identity verification method and device
CN105577619B (en) Client login method, client and system
CN106411520B (en) Method, device and system for processing virtual resource data
CN110838919B (en) Communication method, storage method, operation method and device
CN111249740A (en) Resource data access method and system
TW202207667A (en) Authentication and validation procedure for improved security in communications systems
CN115801287A (en) Signature authentication method and device
US20210073365A1 (en) Securing user inputs in mobile device
WO2017016241A1 (en) Data transfer method, mobile terminal, server and system
KR102208332B1 (en) Authentication method and telecommunication server using location information and SMS

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16829608

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 04/07/2018)

122 Ep: pct application non-entry in european phase

Ref document number: 16829608

Country of ref document: EP

Kind code of ref document: A1