CN106533695B - A kind of safety certifying method and equipment - Google Patents
A kind of safety certifying method and equipment Download PDFInfo
- Publication number
- CN106533695B CN106533695B CN201611004636.9A CN201611004636A CN106533695B CN 106533695 B CN106533695 B CN 106533695B CN 201611004636 A CN201611004636 A CN 201611004636A CN 106533695 B CN106533695 B CN 106533695B
- Authority
- CN
- China
- Prior art keywords
- server
- target
- target terminal
- terminal
- business information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention discloses a kind of safety certifying method and equipment, wherein method includes: that target terminal is established target with first terminal and connect, and is carried out data transmission between server so that target terminal is connected by the target;Target terminal sends online registration request to server, so that server determines that target terminal is online according to the online registration request;Target terminal receives the business information that server is sent, which is generated by server according to the service request that second terminal is sent, and the service request is associated with target terminal;The target terminal generates Target Signature result according to business information;The Target Signature result is fed back to server by the target terminal, so that server is according to the Target Signature result treatment service request.
Description
Technical field
The present invention relates to the communications field more particularly to a kind of safety certifying method and equipment.
Background technique
In the case where Network Security Vulnerabilities are increasingly serious, the KEY that has been born (intelligent code key) this authentication is produced
Product are mainly used for the fields such as e-commerce, E-Government, such as Web bank, e-payment, identify as network user identity
With " intelligent code key " of data protection.Its built-in intelligence card chip, has certain secure memory space, can store user
Private key and digital certificate, the certification to user identity may be implemented using the public key algorithm built in intelligent card chip.
In the prior art, it being limited by terminal form, different terminals needs to be adapted to the KEY of different shape, such as: mobile phone
It is adapted to audio KEY, and the end PC is then adapted to USB KEY, bluetooth equipment is adapted to bluetooth KEY, and NFC device is adapted to NFC KEY.Work as mobile phone
Data interaction is carried out with bank's background server, when bank's background server needs to verify user identity, user is needed in advance will
Audio KEY is inserted into the audio interface of mobile phone, and handset identity audio KEY simultaneously downloads the corresponding driver of installation audio KEY
And management software, to realize that audio KEY issues a verifying in the operation of mobile phone terminal, then from mobile phone to bank's background server
Request, server are connected to after this request signature message issuing mobile phone, and message transmissions of signing are given the sound of mobile phone connection by mobile phone
Frequency KEY, audio KEY pass through mobile phone back to bank's background server after executing signature operation to signature message.In the above process,
The certification channel and mobile phone of audio KEY and bank's background server and the service channel of bank's background server require to lead to
Cross mobile phone transmission data.Likewise, number when to the progress authentication of PC end subscriber between USB KEY and bank's background server
User is also required in advance for the USB interface at the USB KEY insertion end PC according to interaction, and downloads installation driver operation at the end PC
The USB KEY, then data interaction is carried out by the end PC and bank's background server, USB KEY also needs to transmit by the end PC
Data.
As can be seen from the above scheme, existing KEY service channel and certification channel are same channel, and there are certain safety
Hidden danger, how to efficiently separate two channels to improve the safety of KEY is that the technical program will solve the problems, such as.
In addition, existing KEY is when in use, need while online and the service request that server end issues is located in time
Reason, otherwise the request is invalid, needs user to resubmit application when reusing, brings some inconvenience to user, this is also
The technical program needs the problem solved.
Summary of the invention
The embodiment of the invention provides a kind of safety certifying method and equipment, it is intended to improve the safety of existing KEY transaction
The convenience that property and user use.
In view of this, first aspect present invention provides a kind of safety certifying method, comprising:
Target terminal is established target with first terminal and is connect so that target terminal by the target connection with server it
Between carry out data transmission;
Target terminal sends online registration request to server, so that server determines mesh according to the online registration request
It is online to mark terminal;
Target terminal receives the business information that server is sent, which is sent by server according to second terminal
Service request generates, and the service request is associated with target terminal;
Target terminal generates Target Signature result according to the business information;
The Target Signature result is fed back to server by target terminal so that server according to the Target Signature result at
Manage service request.
Optionally, target connection includes wireless connection and wired connection.
It optionally, include target device sequence number in the online registration request, so that server is according to the target device
Sequence number determines that target terminal is online, and the target device sequence number is associated with target terminal, and pre-saves in server.
Optionally, target terminal includes: according to business information generation Target Signature result
Target terminal shows the business information;
When user's operation target terminal, which receives the operational order of user's input;
The target terminal signs business information according to the operational order to obtain Target Signature result.
Second aspect of the present invention provides a kind of safety certifying method, comprising:
Server receives the online registration request that target terminal is sent, which passes through first by target terminal
Terminal to server is sent, and establishing between the target terminal and first terminal has target connection;
Server determines that target terminal is online according to the online registration request;
Server searches the associated business information of the target terminal, which is sent by server according to second terminal
Service request generate, the service request is associated with target terminal;
The business information is sent to target terminal by server, so that target terminal generates target according to the business information
Signature result;
Server receives the Target Signature result of target terminal feedback;
Server is according to the Target Signature result treatment service request.
Optionally, which determines target terminal online according to the online registration request and includes:
Server determines that target terminal is online according to the target device sequence number carried in the online registration request, the target
Equipment Serial Number is associated with target terminal.
Optionally, this method further include:
If server determines that target terminal is online, which is written online list of devices for target terminal.
Optionally, the server lookup associated business information of target terminal includes:
Server receives the service request that second terminal is sent, and includes user account information in the service request;
Server searches the target device sequence number with user account information binding, the mesh according to the user account information
Marking device sequence number is stored in the server;
Server determines target terminal according to the target device sequence number;
Server determines that the associated business information of target terminal, the business information are raw according to service request by server
At.
Optionally, this method further include:
If target terminal is not online, which is written transaction list to be processed by server;
The server poll online equipment list is until target terminal is online;
Server extracts business information in the transaction list to be processed;
The business information is sent to target terminal by server.
Optionally, after server is according to the Target Signature result treatment service request, this method further include:
The service request processing result is fed back to target terminal by server.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
In the embodiment of the present invention, target terminal is established target with first terminal and is connect first, so that target terminal passes through
Carry out data transmission between target connection and server;Secondly, target terminal sends online registration request to server, so that
It obtains server and determines that target terminal is online according to the online registration request;Again, target terminal receives the business that server is sent
Information, the business information are generated by server according to the service request that second terminal is sent, the service request and target terminal phase
Association;The target terminal generates Target Signature result according to business information;The target terminal feeds back to the Target Signature result
Server, so that server is according to the Target Signature result treatment service request.It follows that target terminal is by with first
The target connection that terminal is established, the target terminal can handle the service request that second terminal is initiated to server, can be improved
The convenience that the safety and user that existing target terminal KEY trades use.
Detailed description of the invention
Fig. 1 is one architecture diagram of security certification system in the embodiment of the present invention;
Fig. 2 is safety certifying method one embodiment schematic diagram in the embodiment of the present invention;
Fig. 3 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;
Fig. 4 is another architecture diagram of security certification system in the embodiment of the present invention;
Fig. 5 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;
Fig. 6 is another embodiment schematic diagram of safety certifying method in the embodiment of the present invention;
Fig. 7 is target terminal one embodiment schematic diagram in the embodiment of the present invention;
Fig. 8 is server one embodiment schematic diagram in the embodiment of the present invention;
Fig. 9 is another embodiment schematic diagram of server in the embodiment of the present invention.
Specific embodiment
The embodiment of the invention provides a kind of safety certifying method and equipment, it is intended to improve the safety of existing KEY transaction
The convenience that property and user use.
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those skilled in the art's every other implementation obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
Description and claims of this specification and term " first ", " second ", " third ", " in above-mentioned attached drawing
The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage
The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiments described herein can be in addition to illustrating herein
Or the sequence other than the content of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that
Cover it is non-exclusive include, for example, containing the process, method, system, product or equipment of a series of steps or units need not limit
In step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, produce
The other step or units of product or equipment inherently.
It should be understood that the present invention is applied to security certification system, referring to Fig. 1, Fig. 1 is safety certification in the embodiment of the present invention
System architecture diagram.As shown in Figure 1, having included at least a target terminal, a first terminal, one in the security certification system
Second terminal and a server, wherein target connection is constructed between target terminal and first terminal, target connection can
To be that wired connection is also possible to be wirelessly connected, target terminal can be carried out data transmission by target connection with server,
It is constructed between target terminal, first terminal and server three for authentication data (including Target Signature result, business
Information etc.) interaction certification channel;And service channel is built between second terminal and server, which is used for business
Data (including service request, business information processing result etc.) interaction.
It should be noted that first terminal and second terminal include but is not limited to personal computer (Personal
Computer, PC), mobile phone, tablet computer, point-of-sale terminal (Point Of Sale, POS), intelligent gateway, ATM
Terminal devices such as (Automatic Teller Machine, ATM).In practical application, second terminal and first terminal are generally not
It is the same equipment, but may be same equipment.
For ease of understanding, the safety certifying method in the embodiment of the present invention is introduced below, it should be noted that
In the embodiment of the present invention, the business that user's operation second terminal is carried out includes but is not limited to the on-line payment function of Web bank
Can, the present embodiment is illustrated by taking the on-line payment function of Web bank as an example, referring to Fig. 2, safety in the embodiment of the present invention
Authentication method one embodiment includes:
201, target terminal and first terminal establish target connection;
In the present embodiment, target terminal can establish target with first terminal and connect, wherein target connection can be nothing
Line connection, such as: bluetooth, Wireless Fidelity WIFI, purple honeybee ZigBee and the short distance wireless communication technology (Near Field
Communication, NFC) etc., target connection can also be wired connection, such as: universal serial bus (Universal
Serial Bus, USB), audio interface etc., specifically herein without limitation.
It should be noted that such as bluetooth connection, the target terminal can pass through search when target is connected as being wirelessly connected
First terminal establishes connection, is also possible to establish connection by first terminal search target terminal;When target is connected as wired company
When connecing, such as USB connection, target terminal also can be inserted first terminal and establish connection, specifically herein without limitation.
It can also include a start button on the target terminal, user can be by pressing the starting in the present embodiment
Button starts the target terminal.It should be noted that the start button can be fingerprint recognition button, iris recognition can also be
Button, specifically herein without limitation.
It is understood that personal identification number (Personal Identification can also be arranged in target terminal
Number, PIN), which can be as set by user.
202, target terminal sends online registration request to server;
In the present embodiment, by connecting with the target that first terminal is established, which can send to server
Line registration request, wherein may include target device sequence number in the online registration request, the target device sequence number, that is, target
The equipment Serial Number of terminal.
It should be noted that network protocol (the Internet of server can be previously stored in target terminal
Protocol, IP) address, by the IP address of the server, target terminal can send online registration request to the server.
203, server determines that target terminal is online according to online registration request;
In the present embodiment, server can receive the online registration request of target terminal transmission, wherein server can be with
The target device sequence number carried in the online registration request is detected, i.e. server can be by the target device sequence number and service
Equipment Serial Number in device in pre-stored equipment Serial Number list is matched, if successful match, which can be with
Determine that the target device sequence number is effective.
It should be noted that the target device sequence number can from user to server application by user information (user
Account information etc.) with target terminal bind when, which is uploaded in server, which can be by the target device
Sequence number is stored into equipment Serial Number list;Alternatively, generated by the server and be issued in the target terminal, the server
The target device sequence number can also be stored into equipment Serial Number list, specifically herein without limitation.
In the present embodiment, if the server determines that the target device sequence number is effective, which can determine target end
End is online.
It should be noted that when the server judges whether the target device sequence number is effective, which can also be with
Challenge code is generated, which can be the random number that server generates at random, be also possible to current time, specifically herein not
It limits.
Wherein, which can be sent to target terminal by server, which can carry out the challenge code
It signs and signature result is fed back into server, if the server is to signature result sign test success, which can be true
The fixed target terminal is effective, and then determines that the target terminal is online;If server is unsuccessful to the signature result sign test, the clothes
Business device can refuse the online registration request of the target terminal.
It should be noted that the sign test result can also be fed back to target terminal by the server, which can also
To show the sign test as a result, specifically herein without limitation.
In the present embodiment, if server determines that the target terminal is online, which can be written in the target terminal
In line list of devices, i.e., server the target device sequence number of the target terminal can be written in online list of devices, service
Device can determine that the target terminal is online by searching for the target device sequence number in the online equipment list.It is understood that
It is that, if the server refuses the online registration request of the target terminal, which can refuse for the target terminal to be written in
In line list of devices.
204, server is searched and the associated business information of target terminal and is sent to target terminal;
In the present embodiment, if server determines that the target terminal is online, which can pass through the mesh of the target terminal
Marking device sequence number is searched and the associated business information of the target terminal.
Wherein, which can be the service request that second terminal is sent to server, should by server foundation
What service request generated.For example, the second terminal can be sent to server when user's operation second terminal carries out on-line payment
(i.e. service request) is requested in on-line payment, and server can extract transaction number entrained in on-line payment request, payment
Account, Payment Amount and collecting account and generate the on-line payment and request corresponding business information, the wherein Send only Account
It can be the user account, server can extract the user account information.
Server can inquire target device sequence number bound in the user account information, which also can detecte
Whether target device sequence number bound in the user account information is effective, i.e., the server by the target device sequence number and takes
Equipment Serial Number in business device in pre-stored equipment Serial Number list is matched, if successful match, the server is true
The fixed target device sequence number is effective.
It should be noted that user is when applying for target terminal, can by the target device sequence number of the target terminal with
User account information binding saves in the server.
It should be noted that the target device sequence number based on the target terminal, when received server-side to second terminal
After the service request of transmission, while generating business information corresponding with the service request, it can be generated corresponding with target terminal
Transaction list to be processed, and business information is written in the transaction list to be processed.Server can be arranged with poll online equipment
Table searches in the online equipment list target device sequence number to determine the target terminal, if online, which can will
Business information in the corresponding transaction list to be processed of the target terminal is sent to the target terminal.
If the target terminal is not online, server can be hung up the affairs to be processed, and can be with the poll online equipment
List, until the target terminal is online.
It is worth noting that: the server can not also establish transaction list to be processed corresponding with the target terminal, and
It is whether direct detection target terminal is online, if online be directly sent to target terminal processing for business information, if do not existed
Line then establishes transaction list to be processed and hangs up the affairs to be processed, and poll online equipment list, until on the target terminal
Line.
205, target terminal generates Target Signature result according to the business information received;
In the present embodiment, target terminal can receive the business information of server transmission, wherein target terminal can be
The display screen display of the target terminal business information.It should be noted that the server is sent to the business of target terminal
Information can request corresponding business information for above-mentioned on-line payment, i.e., may include transaction number in the business information, pay
Money account, Payment Amount and collecting account, the target terminal can show above- mentioned information.
In the present embodiment, user can check the business information that the target terminal is shown, wherein the target terminal can wrap
Containing acknowledgement key and cancel key, when the user clicks when acknowledgement key, which can be determined that user confirmed the business information,
Receive the business information;When the user clicks when cancel key, which can be determined that user does not confirm the business information,
Refuse the business information.It is understood that above-mentioned acknowledgement key is also possible to fingerprint acknowledgement key, pass through pre-stored user
Fingerprint can identify whether user clicks confirmation.Also, if user's time-out does not operate target terminal, and which can also sentence
Determine user and refuse the business information, which can be the pre-set time.
It should be noted that when the user clicks acknowledgement key when, the target terminal can be signed to the business information and
Generate Target Signature result.It should be understood that the target terminal can be used based on public keys system (Public Key
Infrastructure, PKI) certification mode sign to business information.
And when the user clicks after cancel key, which can be generated cancellation operational order and feeds back to server, service
Device can refuse the service request that processing second terminal is submitted according to the cancellation operational order.It is understood that if target is whole
End is done nothing within scheduled operating time or server does not receive target terminal within effective time
Feedback, server equally can be determined that time-out and carry out cancellation operation, refusal processing second terminal submit service request.Its
In, which can be by the raw manufacturer's factory preset of target terminal, and the effective time of the server can be by server
Operator according to operation demand setting, specifically herein without limitation.
Optionally, which can also be shown containing upturning key and downturning key with the multipage for realizing display screen, be used
Family can click upturning key or downturning key checks whole business information.
Optionally, which can also store the business information received, user can by upturning key or under
It turns over key and transfers the historical record for consulting business information.
206, Target Signature result is fed back to server by target terminal;
In the present embodiment, Target Signature result can be fed back to server by target terminal, it should be noted that if user
It operates target terminal and clicks cancel key, which also can be generated cancellation operational order and feed back to server.
207, server is according to Target Signature result treatment service request.
In the present embodiment, server can receive the Target Signature of target terminal feedback as a result, simultaneously according to the Target Signature
The above-mentioned service request of result treatment.
Specifically, server is after the Target Signature result for receiving target terminal transmission, to the Target Signature result
Sign test is carried out, if server confirmation sign test passes through, server can execute service request transmitted by second terminal.Wherein,
Server is also possible to carry out sign test to the Target Signature result using the certification mode based on PKI herein.
It should be noted that if server does not pass through Target Signature result sign test, alternatively, server receives target end
The cancellation operational order sent is held, which can refuse to execute the service request that above-mentioned second terminal is submitted.It is understood that
, server can also refuse to execute the industry of second terminal submission when time-out does not obtain any feedback of target terminal
Business request.
Optionally, as shown in figure 3, the service request processing result can be fed back to second terminal, Yi Jiye by server
Target terminal can be fed back to, may include that server executes the service request in result, also may include server refusal
Execute the service request.
It should be noted that the second terminal can be when receiving the service request processing result of server transmission, it can
Showing the service request processing result on the display screen of second terminal, i.e., business is submitted to ask to server in second terminal
The service request processing result is shown on the page asked.
It is understood that the target terminal can also show received service request processing result.
Based on safety certifying method shown in Fig. 2, which can also be by cloud platform server and background server
Composition, the system architecture diagram of security certification system can be as shown in Figure 4.
The safety certifying method comprising cloud platform server is described below, referring to Fig. 5, in the embodiment of the present invention
Another embodiment of safety certifying method includes:
In the present embodiment, step 501 is identical as step 201 in embodiment illustrated in fig. 2, is not repeated herein.
502, target terminal sends online registration request to cloud platform server;
In the present embodiment, by connecting with the target that first terminal is established, which can be to cloud platform server
Send online registration request, wherein may include target device sequence number in the online registration request, the target device sequence number
That is the equipment Serial Number of target terminal.
It should be noted that network protocol (the Internet of cloud platform server can be previously stored in target terminal
Protocol, IP) address, by the IP address of the server, target terminal can send online note to the cloud platform server
Volume request.
503, cloud platform server determines that target terminal is online according to online registration request;
In the present embodiment, cloud platform server can receive the online registration request of target terminal transmission, wherein Yun Ping
Platform server can detecte the target device sequence number carried in the online registration request, i.e. cloud platform server can be by the mesh
Marking device sequence number is matched with the equipment Serial Number in equipment Serial Number list pre-stored in cloud platform server, if
Successful match, then the cloud platform server can determine that the target device sequence number is effective.
It should be noted that the target device sequence number can from user to background server application by user information
When (user account information etc.) and target terminal are bound, which is uploaded in background server;Alternatively, being taken by the backstage
Business device is generated and is issued in the target terminal.The target device sequence number can be sent to cloud platform clothes by the background server
Business device, which is stored into equipment Serial Number list, do not limit herein specifically by the cloud platform server
It is fixed.
In the present embodiment, if the cloud platform server determines that the target device sequence number is effective, which can
To determine that target terminal is online.
It should be noted that when the cloud platform server judges that the target device sequence number is effective, the cloud platform service
Challenge code also can be generated in device, which can be the random number that cloud platform server generates at random, is also possible to current
Time, specifically herein without limitation.
Wherein, which can be sent to target terminal by cloud platform server, which can be to the challenge
Code carry out sign and signature result is fed back into cloud platform server, if the cloud platform server to the signature result sign test at
Function, then the cloud platform server can determine that the target terminal is effective, and then determine that the target terminal is online;If cloud platform service
Device is unsuccessful to the signature result sign test, then the cloud platform server can refuse the online registration request of the target terminal.
It should be noted that the sign test result can also be fed back to target terminal by the cloud platform server, the target is whole
End can also show the sign test as a result, specifically herein without limitation.
In the present embodiment, if cloud platform server determines that the target terminal is online, which can be by the mesh
It marks terminal to be written in online list of devices, i.e., the target device sequence number of the target terminal can be written in by cloud platform server
In line list of devices, cloud platform server can determine the mesh by searching for the target device sequence number in the online equipment list
It is online to mark terminal.It is understood that if the cloud platform server refuses the online registration request of the target terminal, the cloud platform
Server can be refused the target terminal to be written in online list of devices.
504, cloud platform server is searched and the associated business information of target terminal and is sent to target terminal;
In the present embodiment, if cloud platform server determines that the target terminal is online, which can be by this
The target device sequence number of target terminal is searched and the associated business information of the target terminal.
Wherein, which can be the service request that second terminal is sent to background server, by the background service
Device generates and sends according to the service request to cloud platform server.For example, when user's operation second terminal carries out on-line payment,
The second terminal can send online payment request (i.e. service request) to background server, which can extract this
Entrained transaction number, Send only Account, Payment Amount and collecting account in on-line payment request and generate the on-line payment
Corresponding business information is requested, and the business information is sent to cloud platform server, wherein the Send only Account can be to be somebody's turn to do
User account extracts the user account information by the background server and is sent to cloud platform server.
It should be noted that cloud platform server can inquire target device sequence bound in the user account information
Number, whether which also can detecte target device sequence number bound in the user account information effective, i.e., should
Cloud platform server is by the target device sequence number and setting in equipment Serial Number list pre-stored in cloud platform server
Standby sequence number is matched, if successful match, which determines that the target device sequence number is effective.
It should be noted that the target device sequence number based on the target terminal, after cloud platform received server-side arrives
While the business information that platform server is sent, transaction list to be processed corresponding with target terminal can be generated, and by business
Information is written in the transaction list to be processed.Cloud platform server can search online equipment column with poll online equipment list
The target device sequence number is in table to determine the target terminal, if online, which can be by the target terminal pair
The business information in transaction list to be processed answered is sent to the target terminal.
If the target terminal is not online, cloud platform server can be hung up the affairs to be processed, and can be somebody's turn to do with poll
Line list of devices, until the target terminal is online.
It is worth noting that: the cloud platform server can not also establish affairs column to be processed corresponding with the target terminal
Table, but whether directly detection target terminal is online, if online be directly sent to target terminal processing for business information, if
It is not online, then it establishes transaction list to be processed and hangs up the affairs to be processed, and poll online equipment list, until target end
It holds online.
In the present embodiment, step 505 is identical as step 205 in embodiment illustrated in fig. 2, is not repeated herein.
506, Target Signature result is fed back to cloud platform server by target terminal;
In the present embodiment, Target Signature result can be fed back to cloud platform server by target terminal, it should be noted that
If user's operation target terminal clicks cancel key, which also can be generated cancellation operational order and feeds back to cloud platform service
Device.
507, Target Signature result is sent to background server by cloud platform server;
In the present embodiment, Target Signature result can be forwarded to background server by cloud platform server, need to illustrate
It is that, if cloud platform server receives the cancellation operational order of target terminal feedback, which can also should
Cancel operational order and is forwarded to background server.
508, background server is according to Target Signature result treatment service request.
In the present embodiment, background server can receive the Target Signature of cloud platform server forwarding as a result, simultaneously foundation should
The above-mentioned service request of Target Signature result treatment.
Specifically, background server carries out sign test to the Target Signature result after receiving Target Signature result, if
Background server confirmation sign test passes through, then background server can execute service request transmitted by second terminal.Wherein, herein
Background server is also possible to carry out sign test to the Target Signature result using the certification mode based on PKI.
It should be noted that if background server does not pass through Target Signature result sign test, alternatively, background server receives
The cancellation operational order forwarded to cloud platform server, the background server can be refused to execute the industry that above-mentioned second terminal is submitted
Business request.It is understood that the background server can also be refused when time-out does not obtain any feedback of cloud platform server
The service request of second terminal submission is executed absolutely.
Optionally, as shown in fig. 6, the service request processing result can be fed back to second terminal by background server, with
And target terminal can also be fed back to, it may include that background server executes the service request in result, after also may include
Platform server refusal executes the service request.
It should be noted that the second terminal can upon receipt platform server send service request processing result
When, which can be shown on the display screen of second terminal, i.e., in second terminal to background server
It submits and shows the service request processing result on the page of service request.
It is understood that the target terminal can also show received service request processing result.
The target terminal in the embodiment of the present invention is introduced below, referring to Fig. 7, Fig. 7 is in the embodiment of the present invention
Target terminal one embodiment includes:
Link block 701 is connect for establishing target with first terminal so that target terminal by the target connection with
Carry out data transmission between server;
Sending module 702, for sending online registration request to server, so that server is asked according to the online registration
Ask determining target terminal online;
Receiving module 703, for receiving the business information of server transmission, the business information is whole according to second by server
The service request that end is sent generates, and the service request is associated with target terminal;
Generation module 704, for generating Target Signature result according to business information;
Feedback module 705, for Target Signature result to be fed back to server, so that server is according to Target Signature knot
Fruit handles the service request.
Optionally, in some embodiments of the invention, target connection includes wireless connection and wired connection.
It optionally, in some embodiments of the invention, include target device sequence number in the online registration request, so that
It obtains server and determines that target terminal is online according to the target device sequence number, the target device sequence number is related to target terminal
Connection, and pre-save in server.
Optionally, in some embodiments of the invention, generation module 704 is specifically used for display business information;
When user's operation, the operational order of user's input is received;
Business information is signed according to the operational order to obtain Target Signature result.
The server in the embodiment of the present invention is introduced below, wherein the server can be real as shown in Figure 5 above
The server in example is applied, can be made of cloud platform server and background server.Though being serviced in the present embodiment with one
Device is illustrated, but does not limit it as a server, and module therein can also be located in different servers.
Referring to Fig. 8, Fig. 8 is that server one embodiment includes: in the embodiment of the present invention
First receiving module 801, for receiving the online registration request of target terminal transmission, the online registration request is by mesh
It marks terminal and is sent by first terminal to server, establishing between the target terminal and first terminal has target connection;
Determining module 802, for determining that target terminal is online according to online registration request;
Searching module 803, for searching the associated business information of target terminal, the business information is by server according to second
The service request that terminal is sent generates, and the service request is associated with target terminal;
Sending module 804, for business information to be sent to target terminal, so that target terminal is raw according to business information
At Target Signature result;
Second receiving module 805, for receiving the Target Signature result of target terminal feedback;
Processing module 806, for according to Target Signature result treatment service request.
Optionally, in some embodiments of the invention, determining module 802 is specifically used for taking according in online registration request
The target device sequence number of band determines that target terminal is online, and the target device sequence number is associated with target terminal.
Optionally, in some embodiments of the invention, determining module 802 is specifically also used to if it is determined that target terminal exists
Then online list of devices is written in target terminal by line.
Optionally, in some embodiments of the invention, searching module 803 is specifically used for receiving the industry that second terminal is sent
Business is requested, and includes user account information in the service request;
The target device sequence number with user account information binding, the target device sequence are searched according to user account information
Number it is stored in server;
Target terminal is determined according to target device sequence number;
Determine that the associated business information of target terminal, the business information are generated by server according to service request.
Optionally, in some embodiments of the invention, if the specific target terminal that is also used to of determining module 802 is not online,
Transaction list to be processed then is written into business information;
The list of poll online equipment is until target terminal is online;
Extract business information in transaction list to be processed;
Business information is sent to target terminal.
Optionally, in some embodiments of the invention, as shown in figure 9, the server can also include:
Feedback module 807, for service request processing result to be fed back to target terminal.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention
Portion or part steps.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (Read-Only Memory,
ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. are various can store program
The medium of code.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before
Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding
Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these
It modifies or replaces, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.
Claims (8)
1. a kind of safety certifying method characterized by comprising
Target terminal is established target with first terminal and is connect, so that the target terminal is connected by the target and server
Between carry out data transmission;
The target terminal sends online registration request to the server, includes target device sequence in the online registration request
Row number, so that the server determines that the target terminal is online according to the target device sequence number, the target device
Sequence number is associated with the target terminal, and pre-saves in the server;
The target terminal receives the business information that the server is sent, and the business information is by the server according to second
The service request that terminal is sent generates, and the service request is associated with the target terminal;
The target terminal generates Target Signature result according to the business information;
The Target Signature result is fed back to the server by the target terminal, so that the server is according to the mesh
Service request described in tag name result treatment;
Wherein, it is constructed between the target terminal, the first terminal and server three for authentication data interaction
Authenticate channel;
The service channel for service data interaction is built between the second terminal and the server.
2. safety certifying method according to claim 1, which is characterized in that target connection include be wirelessly connected and
Wired connection.
3. safety certifying method according to claim 1 or 2, which is characterized in that the target terminal is according to the business
Information generates Target Signature result
The target terminal shows the business information;
When the target terminal described in the user's operation, the target terminal receives the operational order of user's input;
The target terminal signs the business information according to the operational order to obtain the Target Signature result.
4. a kind of safety certifying method characterized by comprising
Server receives the online registration request that target terminal is sent, and the online registration request passes through the by the target terminal
One terminal is sent to the server, and establishing between the target terminal and the first terminal has target connection;
The server determines that the target terminal is online according to the target device sequence number carried in the online registration request,
The target device sequence number is associated with the target terminal;
The server searches the associated business information of target terminal, and the business information is by the server according to second
The service request that terminal is sent generates, and the service request is associated with the target terminal;
The business information is sent to the target terminal by the server, so that the target terminal is according to the business
Information generates Target Signature result;
The server receives the Target Signature result of the target terminal feedback;
Server service request according to the Target Signature result treatment;
Wherein, it is constructed between the target terminal, the first terminal and server three for authentication data interaction
Authenticate channel;
The service channel for service data interaction is built between the second terminal and the server.
5. safety certifying method according to claim 4, which is characterized in that the method also includes:
If the server determines that the target terminal is online, the online equipment is written in the target terminal by the server
List.
6. safety certifying method according to claim 4, which is characterized in that the server is searched the target terminal and closed
The business information of connection includes:
The server receives the service request that second terminal is sent, and includes user account information in the service request;
The server searches the target device sequence number with user account information binding according to the user account information,
The target device sequence number is stored in the server;
The server determines the target terminal according to the target device sequence number;
The server determines the associated business information of the target terminal, and the business information is by the server according to institute
State service request generation.
7. safety certifying method according to claim 5 or 6, which is characterized in that the method also includes:
If the target terminal is not online, transaction list to be processed is written in the business information by the server;
Online equipment list described in the server poll is until the target terminal is online;
The server extracts business information described in the transaction list to be processed;
The business information is sent to the target terminal by the server.
8. safety certifying method according to claim 7, which is characterized in that the server is according to the Target Signature knot
After fruit handles the service request, the method also includes:
The service request processing result is fed back to the target terminal by the server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611004636.9A CN106533695B (en) | 2016-11-15 | 2016-11-15 | A kind of safety certifying method and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611004636.9A CN106533695B (en) | 2016-11-15 | 2016-11-15 | A kind of safety certifying method and equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106533695A CN106533695A (en) | 2017-03-22 |
CN106533695B true CN106533695B (en) | 2019-10-25 |
Family
ID=58351880
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611004636.9A Active CN106533695B (en) | 2016-11-15 | 2016-11-15 | A kind of safety certifying method and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106533695B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108023794B (en) * | 2017-12-04 | 2020-12-15 | 四川长虹电器股份有限公司 | Equipment access control method and device |
CN114500237B (en) * | 2022-01-05 | 2024-05-24 | 北京世格电讯科技有限公司 | Communication method and system |
CN114928453A (en) * | 2022-05-19 | 2022-08-19 | 芯跳科技(广州)有限公司 | USB device security verification method, system, electronic device and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101616146A (en) * | 2009-07-28 | 2009-12-30 | 西安电子科技大学 | Based on third-party digital signature identification system and authentication method |
CN103220281A (en) * | 2013-04-03 | 2013-07-24 | 天地融科技股份有限公司 | Information processing method and system |
CN103366278A (en) * | 2013-06-04 | 2013-10-23 | 天地融科技股份有限公司 | Method and system for processing operation request |
CN104601327A (en) * | 2013-12-30 | 2015-05-06 | 腾讯科技(深圳)有限公司 | Safe verification method, relative apparatus and system |
CN104751334A (en) * | 2013-12-31 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Service processing method, device and system |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002074223A (en) * | 2000-08-25 | 2002-03-15 | Fujitsu Ltd | Authentication processing method, authentication processing system, settlement method, user device, and storage medium in which program to perform authentication processing is stored |
CN101840549A (en) * | 2010-05-17 | 2010-09-22 | 成都中联信通科技有限公司 | System and method for realizing mobile payment in internet sales |
-
2016
- 2016-11-15 CN CN201611004636.9A patent/CN106533695B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101616146A (en) * | 2009-07-28 | 2009-12-30 | 西安电子科技大学 | Based on third-party digital signature identification system and authentication method |
CN103220281A (en) * | 2013-04-03 | 2013-07-24 | 天地融科技股份有限公司 | Information processing method and system |
CN103366278A (en) * | 2013-06-04 | 2013-10-23 | 天地融科技股份有限公司 | Method and system for processing operation request |
CN104601327A (en) * | 2013-12-30 | 2015-05-06 | 腾讯科技(深圳)有限公司 | Safe verification method, relative apparatus and system |
CN104751334A (en) * | 2013-12-31 | 2015-07-01 | 腾讯科技(深圳)有限公司 | Service processing method, device and system |
Also Published As
Publication number | Publication date |
---|---|
CN106533695A (en) | 2017-03-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104836780B (en) | Data interactive method, checking terminal, server and system | |
CN104063644B (en) | The method of fingerprint recognition, terminal and server | |
CN106169993A (en) | A kind of safety certifying method, equipment and server | |
CN110932924B (en) | Message pushing method and device for communication between APP and server | |
US20090174525A1 (en) | Communication system and communication method | |
CN110930147B (en) | Offline payment method and device, electronic equipment and computer-readable storage medium | |
CN104820944A (en) | Method and system for bank self-service terminal authentication, and device | |
CN106533695B (en) | A kind of safety certifying method and equipment | |
CN103699989A (en) | Payment platform and payment method on basis of intelligent equipment | |
CN105898418A (en) | Intelligent terminal, remote controller, and intelligent terminal payment method | |
CN101448257A (en) | Control system for validating user terminal and control method thereof | |
CN105701692A (en) | Electronic transaction writing-off method, electronic transaction writing-off client, electronic transaction writing-off server and electronic transaction writing-off system | |
CN103839160B (en) | A kind of network trading digital signature method and device | |
KR101499906B1 (en) | Smart card having OTP generation function and OTP authentication server | |
CN106375444B (en) | A kind of data processing method and cloud platform server | |
CN110278083A (en) | ID authentication request treating method and apparatus, equipment replacement method and apparatus | |
CN106656969A (en) | Payment state management method and system thereof, and network payment system | |
CN105447997A (en) | Method for drawing money from ATM without card and intelligent terminal | |
CN108537532B (en) | Resource transfer method, device and system based on near field communication and electronic equipment | |
CN109948370A (en) | A kind of method for processing business based on block chain, device and electronic equipment | |
CN111385611B (en) | Account login method of smart television, smart television and terminal equipment | |
CN110706000A (en) | Anti-counterfeiting method, device and system for accessories and electronic equipment | |
US20200372489A1 (en) | Resource transfer based on near field communication | |
KR101748615B1 (en) | Mobile simple payment support device based on the connection information and operating method thereof | |
CN107318100A (en) | Method, apparatus and system for binding phone number |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170322 Assignee: HENGBAO Corp. Assignor: BEIJING HUADA ZHIBAO ELECTRONIC SYSTEM Co.,Ltd. Contract record no.: X2020990000515 Denomination of invention: A security authentication method and equipment Granted publication date: 20191025 License type: Common License Record date: 20200923 |