CN107730256A

CN107730256A - Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method

Info

Publication number: CN107730256A
Application number: CN201710943287.5A
Authority: CN
Inventors: 熊楚渝
Original assignee: 熊楚渝
Current assignee: Chengdu Tianyao Technology Co.,Ltd.
Priority date: 2011-09-09
Filing date: 2012-09-10
Publication date: 2018-02-23
Anticipated expiration: 2032-09-10
Also published as: CN103116842B8; CN107730240A; CN103116842A; CN107730240B; CN107730256B; CN103116842B

Abstract

The present invention provides a kind of multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method, carries out the authentication of multiple-factor multichannel and hands over manageable system and method and the multi-option system and method to being paid from the article of businessman there selection.Certification and transaction control can be carried out only between electronic equipment and the server of service provider, be participated in without third party.For the server of service provider, the server of the equipment contributes to personalized, binding, cancels binding and bind the equipment again.When buyer selects payment options by electronic equipment, payment message is sent to door is paid.Pay the suitable accounts information for participating in entity and buyer being sent to selected participation entity of the message based selected payment options selection of door.Carry out participating in the certification between entity and buyer account by the authentication of multiple-factor multichannel and transaction control.

Description

Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method

Technical field

Generally, the present invention relates to (ID) certification of the identity used in electronic payment process and transaction control field, And electronic fare payment system and method.More particularly it relates to a kind of multiple-factor multichannel authentication and transaction control System and the electronic fare payment system paid for safety, multichannel, multi-option and method.

Background technology

In modern society, for trade, for the trade in global range, authentication and transaction are controlled System is common and essential.Most of authentications and transaction control are carried out based on single-factor single channel.The factor Can be any certification factor, possessed by a such as people (for example, token), (for example, password) that a people is known, one Personal (for example, fingerprint) or (for example, social networks) related to a people of itself.The channel can be that any information is led to Believe channel, internet, phone, private network etc..

It is believed that being highly susceptible to attack based on the single-channel authentication of single-factor and transaction control, one of which is attacked The form of hitting is commonly known as go-between (MITM) attack.MITM attack in, cheat by relay request and response come use with The equipment that client is connected with application server, so as to steal data and/or represent client browser to reach fraud purpose.

In addition, with the rapid growth of global trade, authentication and transaction control system must be with simple, flexible sides Formula handles multiple ID for unique user.Now, consumer often has multiple ID, including passport, driving license, mailbox account Family, job site ID, credit card, Bank Account Number, amusement account, social networks account, consumer account etc..Keeping ID secrecy While, possess multiple ID and select the right that suitable ID is consumer in different situations.However, existing authentication Authentication and transaction control are managed concentratedly with the requirement of transaction control program, this has actually deprived consumer and safeguarded simultaneously Control his/her multiple ID right.

In addition, for consumer, multiple ID are handled, especially for the sake of security must in these ID and associated cryptographic It is very cumbersome thing when must frequently change.Equally, in process of exchange, service provider it is not expected that third party control, The service provider it is generally desirable to keep the complete control and management for transaction.Moreover, in some cases, consumer does not wish Hope their action that relation is involved with their unique identity.Therefore, it is equally user's institute's phase that anonymity is kept in process of exchange Hope.

Therefore, applicant have perceived that, it is necessary to developing a kind of multiple-factor multichannel authentication and transaction control system System and method, it can support the trade in global range, without cluster, alleviate user and remember the negative of ID and password Load, control completely and management are provided for service provider, and anonymous customer is safeguarded during particular transaction.

The accounts information of buyer is stored in by traditional electronic fare payment system requirement to be paid in door.Door is paid from buyer Receive payment instruction and the account of buyer is verified according to the accounts information preserved.Generally, for buyer only have one with The payment options of the account information correlation preserved in advance are available.Therefore, existing electronic fare payment system does not allow buyer from more Suitable payment options are selected in individual available payment options.In addition, the accounts information of buyer is permanently stored in payment door The middle hidden danger that can be brought in terms of safety and privacy.

Therefore, applicant have perceived that, it is necessary to develop a kind of electronic fare payment system and method, provided for buyer multiple Payment options, without requiring that the accounts information by buyer is stored in payment door.

The content of the invention

According to an aspect of the present invention, there is provided a kind of multiple-factor multichannel authentication and the manageable method of friendship, its Middle user uses the equipment to be communicated with least one service provider.This method includes：Shared with the server of the equipment At least one symmetric key；The server of the service provider is bound so that the server with the service provider shares this at least One symmetric key；ID authentication request is sent to the server of the service provider；Connect from the server of the service provider Receive instruction message；Response message is generated based on the instruction message；And send response message to the server of the service provider So as to based on the response message and by least one symmetric key that the equipment and the service provider share in the equipment and Multichannel multiple-factor authentication is directly carried out between the service provider.Additionally provide a kind of meter being used together with computer Calculation machine program product.The product includes the calculating that record thereon has the computer executable program for making computer perform the above method Machine readable storage medium storing program for executing.

According to another aspect of the present invention, there is provided a kind of multiple-factor multichannel authentication and the manageable method of friendship, Wherein user uses the hand-hold electronic equipments to be communicated with least one service provider.This method includes：Bind the equipment So as to at least one symmetric key of the collaborative share, at least one symmetric key the equipment and the equipment server it Between share；ID authentication request is received from the equipment；Generate instruction message；Instruction message is sent to the equipment；Reception is set by this The response message of standby generation；And shared based on the response message and between the equipment and the server of the service provider At least one symmetric key the multichannel multiple-factor identity of the equipment is directly carried out between the equipment and the service provider Certification.Additionally provide a kind of computer program product being used together with computer.The product includes recording to have thereon making calculating Machine performs the computer-readable recording medium of the computer executable program of the above method.

According to another aspect of the present invention, there is provided a kind of authentication of multiple-factor multichannel and transaction in user equipment During the user equipment anonymous method is kept to service provider, wherein user uses the service with the equipment by terminal The hand-hold electronic equipments that device is communicated.This method includes：Received and asked from the equipment by the terminal；Handed over the devices exchange Easy related data；Disposable anonymous identifier is generated for the equipment, the disposable anonymous identifier is effective in the given time； And the disposable anonymous identifier is sent to the equipment, the disposable anonymous identifier can be obtained by the equipment in the given time Take.Additionally provide a kind of computer program product being used together with computer.The product includes recording to have thereon making computer Perform the computer-readable recording medium of the computer executable program of the above method.

According to another aspect of the present invention, there is provided a kind of method that multichannel certification is carried out to user, wherein user make With the hand-hold electronic equipments to be communicated by terminal with the server of service provider.This method includes：The equipment passes through end End receives the instruction message sent from server；The equipment is shared extremely based on instruction message and by the equipment and the server A few Symmetric key generation response message；The equipment sends response message to the terminal；And the terminal sends out response message Deliver to by the predetermined destination of server.Additionally provide a kind of computer program product being used together with computer.The product Computer-readable recording medium including recording the computer executable program for making computer perform the above method thereon.

According to another aspect of the present invention, there is provided a kind of method that multichannel certification is carried out to user, wherein user make The hand-hold electronic equipments to be communicated with the server and terminal with service provider.This method includes：The equipment passes through One communication channel sends certification request to server；The equipment is received by first communication channel and is based on certification request by server The instruction message generated；The equipment is based on instruction message and sends Service Ticket to server by the second communication channel, and this Two communication channels are different from first communication channel；And the terminal is received and disappeared by server based on the certification that Service Ticket is generated Breath.Additionally provide a kind of computer program product being used together with computer.The product includes recording to have thereon making computer Perform the computer-readable recording medium of the computer executable program of the above method.

According to another aspect of the present invention, there is provided a kind of method that multichannel certification is carried out to user, wherein user make The hand-hold electronic equipments to be communicated with the server and terminal with service provider.This method includes：Server passes through One communication channel slave unit receives request；Server is based on certification request generation instruction message and by first communication channel to setting Preparation send instruction message；Server receives Service Ticket, second communication channel and first by the second communication channel slave unit Communication channel is different；And server is based on Service Ticket generation certification message and sends certification message to terminal.Also provide A kind of computer program product being used together with computer.The product includes recording to have thereon making computer perform above-mentioned side The computer-readable recording medium of the computer executable program of method.

According to another aspect of the present invention, there is provided at a kind of multiple-factor multichannel authentication and the manageable data of friendship Reason system, wherein user use the hand-hold electronic equipments to be communicated with least one service provider.The system includes：Processing Device；Personality module, it is configured as making the server personalization of the equipment and the equipment to allow the equipment and the equipment Server shares at least one symmetric key；Binding module, be configured as by the server of equipment and service provider bind with Just the server of equipment and service provider is allowed to share at least one symmetric key；Transport module, it is configured as carrying to service Authentication or transaction control data are sent for the server of business；Receiving module, it is configured as the server from service provider Receive instruction message；And processing module, operationally perform on a processor, and be configured as ringing based on instruction message generation Answer message.Transport module is additionally configured to send response message to the server of service provider to carry out multichannel to equipment Multiple-factor authentication or transaction control.

According to another aspect of the present invention, there is provided at a kind of multiple-factor multichannel authentication and the manageable data of friendship Reason system, wherein user use the hand-hold electronic equipments to be communicated with least one service provider.The system includes：Processing Device；Binding module, it is configured as the server of service provider being tied to equipment to allow the server of service provider With at least one symmetric key of collaborative share, at least one symmetric key is shared between equipment and the server of equipment；Connect Module is received, slave unit is configured as and receives authentication or transaction control data；Processing module, operationally hold on a processor OK, and it is configured as generating instruction message when receiving request；And transport module, it is configured as disappearing to equipment transmission instruction Breath.Receiving module is additionally configured to receive and is additionally configured to be based on response message by the response message and processing module of equipment generation The authentication of multichannel multiple-factor or transaction control are carried out to equipment.

According to another aspect of the present invention, there is provided one kind allows buyer using electronic equipment come to being selected from businessman there The method that is paid of article.This method includes：Receive the code for the transaction related information for representing related to selected article；From Retrieval transaction relevant information in code；Verify transaction related information；At least one payment is selected from multiple grace payment options Option；Based on transaction related information and payment options generation payment message；And payment message is sent to multiple and participated in fact The payment door that body is communicated.Payment message includes representing the first paragraph of payment options and represents buyer's and payment options The second segment of related account data.Each participated in entity is at least one related in multiple grace payment options.

According to another aspect of the present invention, there is provided it is a kind of allow buyer by with multiple branch for being communicated of participation entities Method of the door to being paid from the article of businessman there selection is paid, each participated in entity is selected with multiple grace payments At least one correlation in.This method includes：Payment message is received, the payment message includes representing buyer from multiple predetermined branch Pay the second of the first paragraph of the payment options of option selection and the account data related to selected payment options of expression buyer Section；First paragraph based on payment message selects the participation entity related to selected payment options；Branch is sent to selected participation entity The second segment of message is paid to verify the account related to selected payment options of buyer；Instruction is received from selected participation entity to disappear Breath, the validity based on buyer account generate the instruction message；And send instruction message to the server of businessman.

According to another aspect of the present invention, there is provided a kind of computer program product being used together with computer, the meter Calculation machine program product, which includes recording thereon having, makes computer perform permission buyer using electronic equipment come to being selected from businessman there The computer-readable recording medium of the computer executable program of processing that is paid of article.The processing includes：Receive table Show the code of the transaction related information related to selected article；The retrieval transaction relevant information from code；The related letter of checking transaction Breath；At least one payment options are selected from multiple grace payment options；Based on transaction related information and payment options generation branch Pay message；And payment message is sent to the payment door to be communicated with multiple participation entities.Payment message includes representing The second segment of the first paragraph of payment options and the account data related to payment options of expression buyer.Participate in every in entity One at least one related in multiple grace payment options.

According to another aspect of the present invention, there is provided one kind allows buyer using electronic equipment come to being selected from businessman there The data handling system that is paid of article.The system includes：Transceiver, it is configured as reception and represents related to selected article Transaction related information code；Processor, it is configured as the retrieval transaction relevant information from code；Display, it is configured as Show transaction related information so that transaction related information can be verified by buyer；And user interface, it is configured as allowing Buyer selects a payment options from multiple grace payment options.Processor is additionally configured to be based on transaction related information and branch Pay option generation payment message.Payment message include represent payment options first paragraph and represent buyer with payment options phase The second segment of the account data of pass.Transceiver, which is additionally configured to send payment message to multiple, participates in what entities were communicated Door is paid, each participated in entity is at least one related in multiple grace payment options.

According to another aspect of the present invention, there is provided a kind of computer program product being used together with computer, the meter Calculation machine program product include record thereon have make computer perform allow buyer by with multiple branch for being communicated of participation entities Pay the computer-readable storage of the computer executable program of processing of the door to being paid from the article of businessman there selection Medium, each participated in entity are at least one related in multiple grace payment options.The processing includes：Receive and pay Message, the payment message include representing the first paragraph for the payment options that buyer selects from multiple grace payment options and expression The second segment of the account data related to selected payment options of buyer；Selected and selected branch based on the first paragraph of payment message Pay option related participation entity；The second segment of payment message is sent so as to verifying buyer with selected branch to selected participation entity Pay option related account；Instruction message is received from selected participation entity, the instruction message is the validity based on buyer account And generate；And send instruction message to the server of businessman.

According to another aspect of the present invention, there is provided it is a kind of allow buyer by with multiple branch for being communicated of participation entities Door is paid to the data handling system that is paid of article from the selection of businessman there, participate in entity each with it is multiple pre- Determine at least one correlation in payment options.The system includes：Transceiver, being configured as receiving includes representing by buyer's selection The payment message of the second segment of the first paragraph of payment options and the account data related to selected payment options of expression buyer； And processor, it is configured as the first paragraph based on payment message and selects the participation entity related to selected payment options.Transmitting-receiving Device is additionally configured to the second segment to selected participation entity transmission payment message to verify the account of buyer, is participated in fact from selected Body receives the instruction message generated based on the validity of buyer account, and sends instruction message to the server of businessman.

Brief description of the drawings

With reference to the detailed description of numerous embodiments of the invention, with reference to accompanying drawing, those skilled in the art can below More easily to understand the object above and advantage of the present invention, wherein, in multiple figures, identical reference number represents identical Element, wherein：

Figure 1A to Fig. 1 D is the diagram of a variety of designs of handheld electronic authenticator；

Fig. 2 is the block diagram of the logical design of handheld electronic authenticator according to the embodiment of the present invention；

Fig. 3 is the block diagram of the read protection memory 255 and RAM 265 in the storage system of the computing module 205 in Fig. 2；

Fig. 4 is the block diagram of the logical design of the paper tinsel of handheld electronic authenticator according to the embodiment of the present invention；

Fig. 5 is the flow chart of the process of startup/maintenance of handheld electronic authenticator according to the embodiment of the present invention；

Fig. 6 is the flow chart of the detailed process of the startup/maintenance carried out in the server of authenticator；

Fig. 7 is the process according to startup/maintenance of the paper tinsel of the handheld electronic authenticator of the preferred embodiment of the present invention Flow chart；

Fig. 8 is the flow chart of the detailed process of the startup/maintenance carried out in the server of service provider；

Fig. 9 is the flow chart of the process of authentication according to the embodiment of the present invention；

Figure 10 is the flow chart of the detailed process of authentication；

Figure 11 is the subsequent flow of the detailed process of Figure 10 authentication；

Figure 12 is the subsequent flow of the detailed process of Figure 11 authentication；

Figure 13 is the flow chart of the process of signature generation according to the embodiment of the present invention；

Figure 14 is to use flow chart of the handheld electronic authenticator from the process of service provider request service；

Figure 15 is the flow chart in the process with using handheld electronic authenticator in third party transaction；

Figure 16 is the stream of the process using handheld electronic authenticator in the transaction of the more data needed for service provider Cheng Tu；

Figure 17 is to show the authentication of multiple-factor multichannel and transaction control system according to the embodiment of the present invention Block diagram；

Figure 18 A to Figure 18 D are the hand-hold electronic equipments for showing the authentication of multiple-factor multichannel and transaction control system The schematic diagram of communication between terminal；

Figure 19 A to Figure 19 B are the signals for showing the communication between hand-hold electronic equipments and the server of service provider Figure；

Figure 20 is the schematic diagram for showing the communication between terminal and the server of service provider；

Figure 21 is the schematic diagram for showing the communication between the server of equipment and the server of service provider；

Figure 22 is the schematic diagram for the individuation process for showing equipment；

Figure 23 A are the schematic diagrames for showing binding procedure, the wherein server of equipment and service provider it is associated so as to Equipment and server is allowed to share one or more symmetric keys；

Figure 23 B are to show that the server for slave unit in binding procedure obtains the process of disposable anonymous title Schematic diagram；

Figure 24 is the schematic diagram for showing authentication procedures；

Figure 25 is the schematic diagram for showing transaction control process；

Figure 26 is the schematic diagram for showing the process for cancelling bound device from service provider；

Figure 27 is the schematic diagram for showing the process for binding equipment and one or more service providers again；

Figure 28 is to show the data processing with being used together for the equipment of the authentication of multiple-factor multichannel with control The schematic diagram of system；

Figure 29 be show with for the authentication of multiple-factor multichannel and control service provider server together with The schematic diagram of the data handling system used；

Figure 30 is the block diagram for showing payment system according to the embodiment of the present invention；

Figure 31 is shown according to the permission buyer of another embodiment of the present invention using electronic equipment come to from businessman The flow chart for the method that the article of there selection is paid；And

Figure 32 is to show the permission buyer according to another embodiment of the present invention by being carried out with multiple participation entities The payment door of communication is to the flow chart of the method paid from the article of businessman there selection.

Embodiment

Figure 1A to Fig. 1 D is the diagram of a variety of designs of handheld electronic authenticator.Reference picture 1A to Fig. 1 D, authenticator provide Every kind of design be respectively provided with containing receive user input multiple keys keyboard (that is, 105,115,130 and 140).Authenticator also has There is the display unit made of liquid crystal display (LCD) (that is, 110,120,125 and 135).Unique feature of above-mentioned design is such as Under.Reference picture 1A, keyboard 105 and display unit 110 can rotate around common central point 145.In fig. ib, authenticator can Folded along longitudinal rotating shaft 150 of connection keyboard unit 130 and display unit 125.In fig. 1 c, keyboard 115 and display unit The 120 entire area manufactures with the shape of conventional keys.In Fig. 1 D, authenticator is analogous to the rectangle of calculator.

Fig. 2 is the block diagram of the logical design of handheld electronic authenticator according to the embodiment of the present invention.Reference picture 2, recognizes Card device includes computing module 205, support module 210 and other modules 215.

Computing module 205 includes computing unit, and computing unit includes the processor 250 for calculating authentication code and is used for The storage system of the various data of authentication storage device.Storage system includes：Read/write protects memory 255, for protecting data to exempt from By outside invasion；Read-only storage (ROM) 260, store static data；And random access memory (RAM) 265, storage is recognized The dynamic data generated during card.In addition to various authentication codes are calculated, computing module 205 also performs other calculating of authenticator Activity, execute instruction, decryption message etc., this will hereinafter be described in greater detail.

Support module 210 input/output data, provide power supply and to other auxiliary of authenticator normal operation in be Computing module 205 provides support.Support module 210 includes：Display unit 220, such as showing number on display unit 220 According to LCD screen and controller therein；Keyboard unit 225, such as there is 14 to 18 keys and 1 to 2 for input data Hide the keyboard of key；And power subsystem, include battery and its control circuit.

Other modules 215 provide other functions that can be added to authenticator.Clock or timer 235 provide timing work( Energy.Communication module 240 is external equipment based on such as communication technology of radio frequency identification (RFID) technology or infrared technique Transmittability is provided.Bio-identification (biometric) module 245 is by the use of the fingerprint of such as user, voice or facial characteristics The biological characteristic at family is incorporated in the authentication code that additional factor is considered in verification process as input.Authenticator is to expand Exhibition, because more functions can be added to other modules 215.These modules can be implemented as hardware on authenticator, soft Part or fastener components.

Fig. 3 shows read protection memory 255 and RAM 265 in the storage system of the computing module 205 in Fig. 2.Such as Upper described, storage system may include read/write protection memory 255, ROM 260 and RAM 265.Reference picture 3, common sequence number 320th, the key 325 of authenticator and communication key 326 are stored in the read protection memory 255 of authenticator, and are exempted from by protection By outside invasion.Common sequence number 320, key 325 and communication key 326 are the security informations on authenticator, and are deposited Storage, even if being flowed out from authenticator, can not be read by external equipment under normal operation in read protection memory 255.

The key and number being stored in read protection memory 255 by authenticator manufacturer authenticator manufacturing process Middle setting.The server of authenticator identifies using these keys and number and provided service for authenticator, that is, start service and Safeguard service.The server of authenticator can be a server by manufacturer or independent community's offer.In an implementation In mode, in order that can be communicated between authenticator and the server of authenticator, any service is being provided to authenticator Before, the server of authenticator is obtained on the key of authenticator and the information of number from manufacturer.It will retouch in further detail below State service process.

Key 325 is used to generate one or more disposable authentication codes for certification using the server of authenticator (OTAC).During the server communication with authenticator, by using the symmetric cryptography determined by the server of authenticator Scheme (symmetric cryptology scheme) or Asymmetric Cryptography scheme (asymmetric cryptology Scheme), authenticator uses the encrypting and decrypting data of communication key 326.When selecting symmetric cryptography scheme, authenticator and recognize The server of card device is encrypted and decrypted the message being in communication with each other using identical key.When selecting Asymmetric Cryptography scheme, Communication key is the private key of a pair of public keys and private key, wherein, the key by manufacturer to being determined.Authenticator using private key encryption and Decryption and the message of the server communication of authenticator.The server of authenticator disappearing from authenticator using public key encryption and decryption Breath.Symmetrical and Asymmetric Cryptography scheme is well known in the present art, and for simplicity, omits its detailed description.

Memory 310 is stored by the dynamic data of the server maintenance of authenticator.For example, the server instruction of authenticator is recognized Demonstrate,prove the data in device write-in, change and/or more new memory 310.In one embodiment, the entity of memory 310 is safeguarded (server of such as authenticator) (herein, is also known as " maintenance entity (maintaining entity) ") control to depositing The write-in and renewal of data in reservoir 310.In this embodiment, any entity of the user comprising authenticator is (except maintenance Outside entity) memory 310 can not be write direct.The user for wishing to change memory 310 or another entity are to maintenance entity Send request.For example, by the way that code is asked and received from maintenance entity, memory can be by user or another entity setting up. This code can include encryption order and the data that can be performed inside computing module 205, to set memory.

Safeguarding the server of the authenticator of memory 310 can include：The common name 330 of authenticator, multiple accesses People's identification number (PIN) 335 to 340 and it is stored in other information therein.The server of authenticator is starting and safeguarded Above- mentioned information is set by being sent to order and the data of authenticator in journey.Startup will be described in further detail below and safeguard Process.

Memory 315 stores multiple paper tinsels 1 to N.Each paper tinsel under condition of work is set up as specially and service provider It is associated.Service provider is that authenticator provides the entity that OTAC is authenticated with it.Service provider can be credit card public affairs Department, bank, online account etc..Each in paper tinsel is safeguarded by its corresponding service provider.Each paper tinsel is associated with it Service provider provide generation OTAC needed for information.Authenticator can provide the OTAC with the quantity of paper tinsel as many simultaneously. When specific service provider is specified by user, authenticator is by based on being stored on the paper tinsel associated with the service provider Information calculates OTAC.OTAC generation will be described in further detail below.

Fig. 4 is to show the logical design of one in the paper tinsel 1 to N 315 in Fig. 3 according to the embodiment of the present invention Block diagram.Reference picture 4, paper tinsel 400 include：By the static data 405 of service provider's maintenance and by service provider and certification The dynamic data 410 that device is safeguarded.Static data 405 is specially safeguarded by the service provider associated with paper tinsel.Static data 405 wraps Include the common name 415 of paper tinsel, the paper tinsel sequence number 420 that inside uses, the key 425 of paper tinsel, the communication key 430 of paper tinsel, access PIN 435th, other information 440 and type 445.Service provider in association process by be sent to order and the data of authenticator come Static data is set.Association process will be described in further detail below.Pass through the dynamic data phase with can dynamically or frequently change Compare, static data can aperiodically be safeguarded/changed with being serviced provider.

The dynamic data 410 safeguarded by service provider and authenticator includes：Quantitative variation 450, such as when service provides The remaining sum of credit card when business is credit card company；(trace) variable 455 is tracked, it is the once variable quantity for changing its value；It is living Dynamic variable 460, stores the activity carried out in the past on service provider；And other dynamic datas 465, store and carried on service For more information of business.Dynamic data 410 is safeguarded jointly by service provider and authenticator.That is, service provider and certification Device can write the memory of storage dynamic data 410.Meanwhile service provider safeguards the copy of dynamic data 410.When recognizing For dynamic data 410 in card device or service provider when changing, other copies can carry out phase when authenticator is maintained Should ground renewal.

Fig. 5 is the flow chart for the maintenance process for showing handheld electronic authenticator according to the embodiment of the present invention.Such as Described in Fig. 3, memory 310 is safeguarded by the server of authenticator.When the project of user view renewal storage in memory 310 When (common name 330 of such as authenticator), then the server of authenticator must be transmitted the request to.Reference picture 5, in step In 505, the user of authenticator transmits the request to the server of authenticator.If by using with for passing through service provider The similar process of certification authenticator, authenticator are certified the server authentication of device, then the server of authenticator will be to authenticator The service of maintenance is provided.The verification process of service provider will be explained in greater detail below.In step 510, the clothes of authenticator Business device sends back to code the authenticator for providing the related data by authenticator request.Use above-mentioned cryptographic schemes Encrypted code.In step 515, the communicator input authentication that the code of encryption is passed through such as keyboard or other devices by user Device.In step 520, user presses lower key (such as hiding key) to start the internal maintenance of authenticator.By from hiding bonded receipts Signal, authenticator decrypt the code encrypted on memory 310 and set the data wherein included.

Fig. 6 shows to be received (in step 505) from maintenance request in Fig. 5 and be sent out (in step 510) to code The process that the server internal of authenticator only is realized.Reference picture 5, after maintenance request is received from authenticator, authenticator will First by check OTAC that key 325 based on authenticator generates come the certification authenticator whether be certification equipment.This Verification process in text is similar to the verification process used in service provider, hereinafter will be described in further detail.Then, In step 605, the server of authenticator will generate the instruction of work frame.The frame instruction that works includes the maintenance request corresponding to user Maintenance data and order.In step 610, the data that server is safeguarded according to work frame instruction folding.In step 615 In, server according to predetermined cryptographic schemes by using the encryption keys associated with the authenticator frame, it is and raw Into the code of authenticator will be sent to.Then, by according to above in association with the procedure performance step 510 described in Fig. 5.

The start-up course performed before the first time use of authenticator is similar to above in association with the dimension described in Fig. 5 to Fig. 6 Shield process.When authenticator completes start-up course, service provider can start to provide OTAC at any time.

Fig. 7 is the flow chart of the maintenance process of the paper tinsel of authenticator according to the embodiment of the present invention.Reference picture 7, in step In rapid 705, authenticator sends the request for maintenance to the service provider associated with paper tinsel.In step 720, service provides Business is sent on startup and the request of maintenance request from authenticator to the server of authenticator.The request bag is containing authenticator Title and other information, to indicate specific authenticator to the server of authenticator.As response, in a step 715, authenticator Server to service provider send back work frame instruction and authenticator key.The frame instruction that works includes the clothes by authenticator The data for the maintenance request corresponding to user that business device is safeguarded.Key is 1) communication key, is carried for encrypting and decrypting in service For the code sent between business and authenticator, and a 2) part for key, it will merge with other parts to form key and lead to Believe key.In step 720, the information that service provider's processing receives from the server of authenticator, and sent back to authenticator Code.In step 725, communicator input code that user passes through such as keyboard.In step 730, user presses hiding Key is to start the internal maintenance of paper tinsel.By the code encrypted from hiding key reception signal, authenticator decryption, and use authenticator In key merge from the data of Code obtaining, to form the key of paper tinsel and communication key, and set on paper tinsel and wherein include Data.

Fig. 8 show reception work frame file (in step 715) in Fig. 7 be used to sending out code (in step 720) it The process that the server internal of service provider performs afterwards.Reference picture 8, after work frame file is received from authenticator, in step In rapid 805, service provider selects the setting for specific paper tinsel.In step 810, service provider will ask corresponding to server The data that the service provider asked safeguards are put into the work frame file of reception.In step 815, server is by using in step The key received in 715 carrys out encrypted frame file.The cryptographic schemes selected according to service provider, server use is in 715 The key of reception is by frame file encryption into the code being made up of Serial No..Cryptographic schemes can be symmetric cryptography scheme Or Asymmetric Cryptography scheme.Using the code of Asymmetric Cryptography schemes generation than using symmetric cryptography schemes generation Code is grown, but it is also safer.Service provider can select one kind in both schemes or more suitable for it Other schemes of purpose.

The start-up course for the association established between service provider and authenticator is similar to above in association with described in Fig. 7 to Fig. 8 Maintenance process.When authenticator completes start-up course, can start to provide OTAC at any time by service provider.

Using with starting above in association with the identical process described in Fig. 7 to Fig. 8 and safeguarding each paper tinsel.Starting or safeguarding Afterwards, authenticator will can use the information being arranged on the paper tinsel for the authenticator of certification to generate OTAC.Below will be more detailed The verification process of service provider carefully is described.

An advantage provided by the present invention is that the server of service provider is established the key 425 of specific paper tinsel and led to Believe key 430.In order that OTAC is unpredictable, key 425 and communication key 430 are the information holded in close confidence, all so as to prevent Such as other people simulation codes of hacker.In the current Verification System based on OTAC, manufacturer establishes and known in authenticator Key.In the present invention, because service provider establishes the design of key, and in paper tinsel, manufacturer be not aware that key from And the code between authenticator and service provider can not be predicted.It is probably that leakage is close because this design eliminates from system The manufacturer in the potential source of key, therefore it is safer than the current Verification System based on OTAC.

After starting or safeguarding, specific paper tinsel is successfully associated with service provider, and is ready to provide and is used to recognize The OTAC of card.Authenticator can be used in certification.

Fig. 9 is the flow chart for showing verification process according to the embodiment of the present invention.Reference picture 9, in step 905 In, user input data is to indicate that authenticator asks OTAC on service provider.In step 910, authenticator is based on depositing With service provider associated information generation OTAC of the storage on paper tinsel.In step 915, user carries to the service for certification The common name 415 and OTAC of the paper tinsel associated with service provider are provided for business.Certification page or interface can be passed through Make OTAC into the website of service provider to realize step 915.In step 920, service provider determines whether to authorize and recognized Card, refusal certification or the request that new OTAC is sent back to authenticator.

The verification process described in Fig. 9 is described in detail in Figure 10 to Figure 12.OTAC is generated as the multiple defeated of pre-defined algorithm The function entered.Reference picture 10, as shown in 1005 and 1006, the input for generating OTAC can include：The common name of paper tinsel, Key, the tracking information relevant with dynamic variable, on occur past movable action message on paper tinsel, other information, Server is asked and method.Input is stored concurrently in the service provider's shown in the authenticator and 1006 shown in 1005 In server.Under preferable condition of work, two groups of inputs 1005 and 1006 are identicals.In step 1010 and 1011, recognize Card device and service provider are based on the generation of input 1005 and 1006 OTAC.OTAC from authenticator is that authenticator uses 1005 Shown in information to be certified one or more combinations and the authentication code that generates.OTAC from service provider is a kind of Independently generated by service provider using the one or more combinations of information (it is used for certification authentication code) shown in 1006 Identifying code.In step 1020 and 1025, authentication code and identifying code are compared to each other.For example, service provider is by identifying code Compared with the authentication code received from authenticator.

Figure 11 is Figure 10 subsequent flow, further describes the comparison step of authentication code and identifying code.Reference picture 11, In step 1105, authentication code and identifying code are compared to each other.For example, server is by the authentication code sent from authenticator and is taking The authentication code received on the server of business provider is compared.If two code matchings, in step 1115, server can Asked access is authorized with certification authentication code and to the user of authenticator.If two codes mismatch, recognize to adjust Admissible inconsistent between the tracking input of card device and service provider and activity input, server is by predetermined scope Interior change tracking input and activity input simultaneously generate new identifying code.The step is performed for these reasons, and tracking inputs and lived Dynamic input is all the dynamic data by authenticator and service provider's maintenance.Under ideal conditions, authenticator and service provider In tracking and activity be identical.However, under normal working conditions, the how subsynchronous of dynamic data can not be timely Renewal or adjustment.Accordingly, it is possible to there is small difference.These differences are allowed, and in an embodiment of the invention Illustrate.

In step 1110, by the newly-generated identifying code in preset range and authentication code further compared with.If Matching, then in step 1120, server is by the certification authenticator.If authentication code deviates very big model compared with identifying code Enclose, then in step 1128, server will refuse the authenticator.If authentication code, outside threshold value, authentication code can be true It is set to a wide range of deviation.Threshold value is made a reservation for by service provider according to its security strategy.If authentication code is both without departing from very wide range Also incorrect, then in step 1125, server will carry out the certification of next stage.After next stage certification, service provider It may determine whether finally to refuse certification request in step 1130, or the request of new authentication code sent in step 1135.

Figure 12 is Figure 11 subsequent flow, further describes the step 1135 for the authentication code that please be looked for novelty.As described above, When authentication code and identifying code mismatch but deviate little, service provider will send the request of new authentication code.Reference picture 12, When authenticator receive including the request from service provider code when, then in step 1330, it is in other devices or By the user keys of other devices to authenticator input code.In this process, authenticator generation has new server The new authentication code of request, tracking and activity input.Then, authenticator sends new OTAC to service provider again.In response to Receive new authentication code, using identical step as shown in figure 11, by new authentication code with based on new server request, with Track and the new identifying code of activity input are compared.

Authenticator may be utilized for generation electronic signature.It is determined that the process of the reliability of signature is similar to above in association with figure Process described in 10 to Figure 12.Figure 13 is the flow chart of the process generated according to the signature of the present invention.For generating the defeated of signature Entering to include：The common name of paper tinsel, key, the tracking information for being related to dynamic variable, the past work on generation on paper tinsel Dynamic action message, other information, signature request and endorsement method.Any combination of multiple information can be used for generation label Name.Input is stored simultaneously in the authenticator shown in 1305 and the server of the service provider shown in 1306. Under ideal conditions, two groups of inputs 1305 and 1306 are identicals.In step 1310 and 1311, authenticator and service provider are equal Based on the generation signature of input 1305 and 1306 OTAC.Signature OTAC from authenticator is signature authentication code to be certified.Come from The signature OTAC of service provider is the signature verification code for certification authentication code.In step 1320 and 1325, signature authentication Code and signature verification code are aggregated together and are compared to each other.For example, server is compared to signature.Use followed by It is identical to the process described in Figure 12 with Figure 11 in the process of authentication signature authentication code.When signature authentication code is certified, the label Name is recorded and basic transaction is confirmed.

Figure 14 to Figure 16 is the flow chart of the process using handheld electronic authenticator when being traded.

Figure 14 is to use flow chart of the handheld electronic authenticator from the process of service provider request service.Reference picture 14, In step 1405, the user with authenticator accesses to clothes using the common name on paper tinsel and the OTAC wherein generated to realize Be engaged in provider.In step 1410, using above in association with the process described in Figure 10 to Figure 13, service provider's approval, refusal or The person OTAC to be looked for novelty.Similarly, user can access all service providers, in the paper tinsel of each service provider and authenticator One it is associated.Using the common name (associated with the service provider) of OTAC combination paper tinsels, although user can utilize Service provider carries out business transaction, but security information is never disclosed in this process.

Figure 15 is the flow chart in the process with using handheld electronic authenticator in third party transaction.Third party is to merchandise The user of middle authenticator handles a side of transaction, such as supplier.Third party needs the information of the user of authenticator to be handed over Easily, such as credit card number.The user of authenticator can provide the common name and OTAC of paper tinsel to third party, without to supply Business provides credit card number.The process is shown in Figure 15.Reference picture 15, the user of authenticator to need for confidentiality information (such as Bank account) transaction other side provide paper tinsel common name (associated with service provider) and its OTAC.In step 1505 In, user's contra provides common name and OTAC.In step 1510, other side uses common name and OTAC request access clothes Be engaged in provider.In step 1515, the server of service provider will be ratified, refusal or the OTAC that please be looked for novelty, such as more than tie Close described in Figure 10 to Figure 12.Because OTAC is for example time-based dynamic variable, therefore other side is in OTAC effective weeks time Phase is unable to link service provider after passing by.

Figure 16 is the process that handheld electronic authenticator is used in the transaction of more data needed for service provider Flow chart.Reference picture 16, in step 1605, the common name of paper tinsel and OTAC are sent to service and carried by the user of authenticator For the server of business.In step 1610, the server of service provider retrieves more data from database.In step In 1615, transaction request is sent to trading server by the server of service provider.In step 1620, when authenticator is awarded Transaction results are then temporary returned into user, or return to new OTAC request or admission reject.

As shown in Figure 14 to Figure 16, in process of exchange, the only common name of paper tinsel and the OTAC of paper tinsel generation is used to access Service provider.Such as credit card number or the security information of social insurance code are not disclosed.When transaction needs certification, paper tinsel Common name (associated with its service provider) and OTAC be used as the agency of security information.This method mitigates for user User, which needs to remember his/her all security information, to provide convenience.It also offers more preferable security, because security information Neither third party is disclosed nor the communication channel for obtaining link service provider is disclosed.

Figure 17 is to show the authentication of multiple-factor multichannel and transaction control system according to the embodiment of the present invention 2000 block diagram.System 2000 include hand-hold electronic equipments 2102, communicated with hand-hold electronic equipments 2102 terminal 2104, And the server 2106 of service provider.Service provider can pass through server 2106 and hand-hold electronic equipments 2102 and end End 2104 is all communicated.System 2000 further comprises the server 2108 of hand-hold electronic equipments 2102, and the server can Communicated with hand-hold electronic equipments 2102, the server 2106 of service provider and terminal 2104.

Hand-hold electronic equipments 2102 include but is not limited to hardware and/or the software part realized within hardware, such as have There are the mobile phone or smart mobile phone of special-purpose software.Hand-hold electronic equipments 2102 have multiple paper tinsels, and each paper tinsel takes with one or more The association of business provider.Hand-hold electronic equipments 2102 also have the part associated with the server 2108 of equipment.For example, handheld electronic Equipment 2102 can also provide the functions such as scanning, networking, display bar code, execution near-field communication (NFC).

Terminal 2104 includes but is not limited to hardware and/or the software part realized within hardware.For example, terminal 2104 can To be computer, electronic cash register system (POS) machine with web browser or possible user interface etc..Service provides The server 2106 of business includes but is not limited to computer, processor etc., and it can safeguard database and realize pre-defined algorithm.Can So that the server 2106 of terminal 2104 and service provider are integrated into same computer.The server 2108 of equipment and clothes The server 2106 of business provider is similar.In one embodiment, the server 2108 of equipment (such as exists under predetermined circumstances In the manageable personalized and binding procedure of authentication and friendship described below) work.In one embodiment, service Device 2108 cannot participate in any processing in authentication and transaction control process.In one embodiment, server 2108 The communication channel of at least one high safety rank is provided which with server 2106.Therefore, even if other communication channels of server Level of security it is not high, remain able to properly settle the hidden danger of secure context, because server 2106 and server 2108 are protected Authentication and transaction control.

Figure 18 A to Figure 18 D are the schematic diagrames for showing the communication between hand-hold electronic equipments 2102 and terminal 2104.

Figure 18 A show scanning input communication (scan-in communication), wherein will be such as fast from terminal 2104 The information scanning of speed response (QR) code is to hand-hold electronic equipments 2102.Figure 18 B show scanning return communication (scan-back Communication), wherein being back to taking the photograph for terminal 2104 from hand-hold electronic equipments 2102 by the information scanning of such as QR code Camera 2112.The communication of both types can be combined together offer scanning-scanning communication.For example, user utilizes hand-held electricity Sub- equipment 2102 is scanned to the bar code on terminal screen, and hand-hold electronic equipments 2102 subsequently generate corresponding bar code simultaneously The bar code is shown on the screen of itself；Then user points to the screen of equipment 2102 video camera 2112 of terminal, the end The bar code of the reading of end 2104 generation of equipment 2102 is simultaneously decoded.

Figure 18 C show key entry communication, wherein user by keyboard 2114 by the information input terminal from equipment 2102 2104 or the information input equipment 2102 of self terminal in future 2104.Input communication can input the combination that communicate with scanning.For example, with Family can be scanned to the bar code on terminal screen, then will be responsive to the letter shown on device screen of the bar code Cease input terminal.

Figure 18 D show that read/write communicates, and wherein equipment 2102 can read information from the NFC label 2116 of terminal 2104 And the information of self terminal in future 2104 writes the NFC label 2118 of itself.Similarly, terminal 2104 can be with slave unit 2102 NFC label 2118 reads information and the information from equipment 2102 is write to the NFC label 2116 of itself.NFC communication is a kind of Communication form, it is activated in very short distance (so-called near field).Such communication can use various techniques to Realize, such as radio, sound, infrared ray, magnetic, light (such as QR scannings).All these species all the scope of the present invention it It is interior.

Above-mentioned communication between equipment 2102 and terminal 2104 can be one-way communication (such as scanning input communication) or double To communication (such as scanning input and scanning return communication).The communication of these species make whole system 2000 be it is user-friendly simultaneously The intention of user is reflected strictly according to the facts so that communication is just realized only when user is desirable for the communication.However, this area is common It is clear for the skilled person that the communication between equipment 2102 and terminal 2104 is not limited to the above-mentioned type and form.

Figure 19 A to Figure 19 B are to show leading between hand-hold electronic equipments 2102 and the server 2106 of service provider The schematic diagram of letter.

Equipment 2102 directly can be communicated with server 2106, as shown in Figure 19 A.The direct communication can be by setting Standby 2102 network capabilities realizes, 2G, 3G or WIFI communication etc..The direct communication is two-way communication.

Equipment 2102 can be communicated with server 2106 indirectly by being used as the terminal 2104 of intermediate station, such as be schemed Shown in 19B.In indirect communication, server 2106 sends instruction message to terminal 2104, and the instruction message includes terminal 2104 The message to be prepared, the encryption method of message, the destination etc. of message.Terminal 2104 sends disappearing through processing to equipment 2102 Breath.After receiving and carrying out the message of self terminal 2104, equipment 2102 generates response message and the response message simultaneously is beamed back into terminal 2104.After response message is received, terminal 2104 sends it to server 2106 or another server 2106 ', wherein, Another server is specified by server 2106 and is typically another server of same service provider.Difference service Device can communicated and the communication can be considered as intercommunication to each other, and the communication has gratifying safe level Not.For example, terminal 2104 message is not decrypted, but message is sent according to instruction.Equipment 2102 and server 2106 are common Enjoy symmetric key, it is allowed to which equipment 2102 and server 2106 are established highly safe communication channel and suitably led to each other Letter.Therefore, even if passing through terminal 2104, the communication is still multichannel communication, being capable of effective detection attack (such as MITM Attack).

Figure 20 is to show terminal 2104 and the server (such as server 2106 and server 2106 ') of service provider Between communication schematic diagram.The communication synchronization between terminal and server, such as TCP/IP sockets can be made.Alternatively Ground, the communication can be asynchronous communications, and such as JAXA is interacted.For example, terminal 2104 can have the internet for server Communication channel.By internet, server can send information with instruction terminal 2104 to the destination that server determines.Due to being System 2000 is integrated with the disposable code of several grades, therefore server side will recognise that any violation of instruction, such as attack Caused violation.

Figure 21 is server (such as He of server 2106 for the server 2108 and service provider for showing equipment 2102 Server 2106 ') between communication schematic diagram.When equipment 2102 (being handled by binding) associated with service provider or solution Association (by cancel binding handle) when, only using equipment 2102 server 2108 and service provider server 2106, Communication between 2106 '.All services of the device server 2108 in the communication channel of high safety rank with service provider Device is communicated.The communication of server can be high safety rank communication, and the communication during binding/cancellation binding processing can be Realized in common communication channel.Therefore, even if assuming that attacker has invaded the communication channel, the server of equipment and service provide The server of business can also protect the communication., can be by the communication channel between server in order to ensure the security of higher level It is arranged to higher level of security.

According to the illustrative aspect of the present invention, there is provided a kind of multiple-factor multichannel authentication and transaction control method. This method is described referring now to the system 2000 shown in Figure 17.

This method includes making hand-hold electronic equipments 2102 personalized (personalizing) to allow the equipment and this to set Standby server 2108 shares at least one symmetric key.The individual character of equipment 2102 live can be realized when manufacturing equipment 2102 Change or by the way that advance personalized hardware installation is realized to equipment 2102.

Alternatively, it is personalized to be realized by the process shown in Figure 22.Software part is arranged in user After in his/her equipment (such as smart mobile phone), the software part is not yet personalized.Therefore, do not deposited for the equipment In the data of uniqueness.Following process can be that the equipment establishes unique data and thus makes the device personality.

First, equipment 2102 user send individualization request, the individualization request can be sent via terminal 2104 to The server 2108 of equipment.After transactional related data (such as paying, identification etc.) is exchanged, the generation first of server 2108 is close Key exchanges message and sends it to terminal 2104.Equipment 2102 receives first key exchange message from terminal 2104 and is based on being somebody's turn to do First key exchanges message and generates the second cipher key exchange message.Sent directly or by terminal 2104 indirectly to server 2108 Second cipher key exchange message, this process are performed by multiple channels.Then, server 2108 is based on first key and exchanges message One or more symmetric keys are generated with the second cipher key exchange message, and symmetric key is shared with equipment 2102.Above-mentioned steps can To be repeated according to security requirement repeatedly.Key exchange method can be that known Diffie-Hellman keys exchange Algorithm or similar key exchange method.In addition, although showing that QR code scans in figure, but individuation process can combine NFC Use.

Alternatively, above-mentioned individuation process can be used for private key embedded equipment 2102 and public key be embedded in into server 2108, it can be generated according to the mandate different from server 2108 and transfer the possession of these keys.

Figure 23 A are the services of the schematic diagram for the binding procedure for showing this method, wherein equipment 2102 and service provider Device 2106 is associated to allow equipment 2102 and server 2106 to share one or more symmetric keys.

After personalization, equipment 2102 has unique common name, and only shares and set with the server 2108 of equipment Standby 2102 confidential information.Now, equipment 2102 needs to bind the server (such as server 2106) of service provider, afterwards Equipment 2102 has the symmetric key shared with special services provider, and this group of symmetric key is only by equipment 2102 and server 2106 is shared.The equipment can bind any number of service provider according to applicable cases.The server 2108 of equipment can To contribute to the binding procedure.

First, user determines the title to be presented to service provider.He/her can use the common name of equipment, or The disposable anonymous title for the equipment can be obtained with the server 2108 of slave unit.If he/her selects to use public name Claim or be required to use common name, then there is the potential risk for revealing his/her identity.If he/her selects to use Disposable anonymous title, then service provider cannot reveal his/her identity.In order that with disposable anonymous title, The step of he/her can be according to shown in Figure 23 B being described later on is operated.

Next, for example, user sends bind request by terminal 2104 to service provider.Exchanging related letter of merchandising After ceasing (payment, identification etc.), the server 2106 of service provider asks identifier (the public name of equipment 2102 Claim or disposable anonymous title) and one or more OTAC for being generated by equipment 2102.For example, this is believed by terminal 2104 Breath is sent to server 2106.

The server 2106 of service provider further sends this information to the server 2108 of equipment.

After information is received from the server 2106 of service provider, the server 2108 of equipment determines equipment 2102 Validity.If the equipment 2102 is effective, then server 2108 sends one or more to the server 2106 of service provider Individual binding instruction code.

The server 2106 of service provider is selected the communication key of itself and key is added based on binding instruction code It is close.For example, encryption key is sent to equipment 2102 by terminal 2104.

After receiving and carrying out the information of self terminal, equipment 2102 is based on the symmetric key shared with the server 2108 of equipment And the information received carries out key generation process, the key generation process includes decryption and encryption of several types etc..At this After individual process, equipment 2102 shares symmetric key with service provider.

Alternatively, equipment 2102 can will confirm that message beams back service provider indirectly directly or through terminal 2104 Server 2106.

Above-mentioned steps can repeat according to security requirement.

After the server 2106 of equipment 2102 and service provider shares symmetric key, binding procedure is completed.To The encryption method that information uses during being transferred to equipment 2102 from server 2106 can any force decryption method.Example Such as, inputted if necessary to typing, it is possible to encrypted using form is retained.Under any circumstance, by information from server 2106 During being transferred to equipment 2102, even if encryption is not implemented, the communication is also safe.

Alternatively, said process can be used for private key embedded equipment 2102 and for public key to be embedded in into service provider's Server 2106.This can be transferred the possession of according to the mandate that server 2108 selects to private key and public key (commonly referred to as digital certificate).

Figure 23 B show that the server 2108 of slave unit obtains the process of disposable anonymous title so that the identity of user Kept for special services provider anonymous.

First, user sends request to the server 2108 of equipment.To transaction related information (payment, certification etc.) After carrying out a wheel or more wheel exchanges, the server 2108 of equipment is disposable anonymous for equipment generation and saves it in number According in storehouse.The anonymous title is effective in the given time.

Equipment 2102 receives the message from server 2108 and according to instruction pair embedded in message by terminal 2104 Data are handled.Afterwards, will disposable anonymous title insertion equipment 2102.Equipment 2102 can be retrieved hide in the given time Name title.

Figure 24 is the schematic diagram for showing authentication procedures.Successfully bind service provider after, equipment 2102 with Service provider's shared secret information, the confidential information by hardware and software carry out safekeeping, and do not use externally or Do not transferred the possession of in any form.

First, for example, user is sent out by terminal 2104 using first communication channel to the server 2106 of service provider Send certification request.

After request is received, the server 2106 of service provider generates instruction message and sends it to terminal 2104, the terminal includes the instruction for equipment 2102.Sent by terminal 2104 using first communication channel to equipment 2102 The instruction message.First communication channel can be any information communication channel, internet, phone, private network etc..For example, Server 2106 can produce QR code and send the code to terminal 2104；Equipment 2102 can read code from terminal.

Equipment 2102 generates response message based on instruction message and believed by the second communication different from first communication channel The response message is sent to server 2106 by road.For example, response message can include Service Ticket, such as user name, once Property password or generate disposal password condition.For example, response message can be generated by carrying out processing to QR code.

After response message is received, server 2106 carries out multichannel multiple-factor certification.Server 2106 can be based on Service Ticket generates certification message, then sends the certification message to terminal 2104 to activate the terminal.For example, based on two The individual factor is authenticated.The factor 1 represents that only the user with the equipment could generate message；The factor 2 represents only to know spy Message could be generated by determining the user of message (knowledge).It is authenticated based on multiple channels：Service provider and terminal 2104 Between a channel, the one other channel between equipment 2102 and service provider, as shown in Figure 19 A to Figure 19 B.If any must Will (such as, higher security requirement, attack suspect or be intended to more new key), can repeat produce response message and The step of response message being sent to service provider.

Figure 25 is the schematic diagram for the transaction control process for showing this method.Equipment 2102 can have private key, and service carries There can be public key for business, the two keys are referred to as digital certificate.Private/public key algorithm goes for control of merchandising, example Such as it is used to manage transaction record, such as digital signature.

Completed assuming that being merchandised after authentication, user sends transaction record request.The server of service provider 2106 send a kind of list, such as Transaction Information list to terminal 2104.It is required that user with Transaction Information (such as to third party's branch Pay) fill in the list.User fills in list with transactional related data and sends it back to server 2106 by terminal 2104.

Server 2106 is from the receive information of terminal 2104 and primarily determines that validity, and instruction message is beamed back into terminal 2104 To ask to confirm.

After instruction message is received, equipment 2102 generates response message and is beamed back the response message by multiple channels Server 2106.

Once slave unit 2102 receives response message, with regard to carrying out 2 factor checkings, the wherein factor 1 represents only server 2106 There is the user with the equipment to generate message；The factor 2 represents only to know that the user of particular message could generate message.It is logical Multiple channels are crossed to be verified：A channel between service provider and terminal, it is another between equipment and service provider Individual channel.

(such as, more new key is suspected or is intended in higher security requirement, attack) if necessary, can repeat just The step of step determines, generates response message and send response message by multiple channels.

(such as, regulations compliance etc.) if necessary, in above-mentioned steps, can generate user digital signature and by its Send to service provider.For example, in the step of generating response message, it can be generated and be based on according to the instruction of service provider The message of symmetric key and/or unsymmetrical key.

Figure 26 is the schematic diagram for showing the process for cancelling apparatus bound with service provider according to this method.Some In the case of, for example, when equipment 2102 is lost or the user of equipment intends to stop using equipment for all service providers, Ask and carry out cancellation binding procedure.The cancellation binding procedure avoids the complicated processes for individually contacting all service providers.Cancel Binding procedure further allows user out of service.

First, for example, user sends request by terminal 2104 to the server 2108 of equipment 2102.In this stage, Necessary transaction step (payment transaction etc.) is completed, and authentication is completed by alternative mean.In this stage, service Device 2108 further determines that all service providers related to the equipment or with equipment record.

Then, server 2108 is sent to all service providers cancels bind request, and equipment 2102 carries with all services For business, associated and its server 2108 has record (for anonymous communication, not recording).Then, the clothes of service provider Business device determines whether that cancellation binding procedure should be carried out.If carried out, the server of service provider passes through respective server With the de-association of equipment 2102 symmetric key is shared to terminate with equipment 2102.

Figure 27 is to show the one side according to this method, bind equipment and one or more service providers again Process schematic diagram.For example, user loses his/her equipment and the equipment and all service providers is cancelled into binding with true Guarantor can not further be merchandised.He/her obtains new equipment and intends to provide the equipment and all previous services later Business binds together.By binding procedure again, simultaneously equipment and all service providers can be bound again.

First, user selects terminal (such as terminal 2104), and binding procedure again can be carried out by the terminal.User is led to Cross terminal and send bind request again to the server 2108 of equipment.In necessary step (payment transaction etc.) and pass through After alternative mean (because user no longer has previous equipment) certification, individuation process will be carried out to allow equipment 2102 Share one group of symmetric key with server 2108, this group key can with carried out before cancelling binding processing it is personalized previous Symmetric key is identical or different.

After personalization, the process of all previous service providers is bound in beginning again.The server of equipment 2102 2108 send bind request again to all service providers, and equipment is associated with all service providers and its server 2108 Hold the record and (for anonymous communication, do not record).The server of service provider determines whether to carry out binding procedure again.

If service provider determines to bind again, its server is carried out the binding step shown in Figure 23 A, and generates Encryption information.Send this information to public service computer 2110.Similarly, all service providers send information to together One service computer 2110.After all information are received from service provider, server 2108 of the service computer to equipment Send notice and server 2108 sends corresponding notice to equipment 2102.

After server 2108 is notified, user is communicated by terminal 2104 with service computer 2110. For example, all binding informations again displayed on the terminals.Then, all binding informations again are obtained for locating by equipment 2102 Reason, this to share one group of symmetric key between equipment 2102 and the server of service provider.User, which can also will confirm that, to disappear Breath beams back the server of service provider.In one embodiment, above-mentioned steps are carried out by multiple channels.

System according to one aspect of the invention and method can follow the steps below：Individual character is carried out to hand-hold electronic equipments Change, equipment and any selected service provider are bound together, authentication being carried out using any service provider, using appointing Meaning service provider controls transaction, the anonymity for keeping equipment to any service provider in certification and transaction control process, set It is standby collectively to cancel binding (such as in the case of device losses) with service provider and equipment and all services are provided Business collectively binds again.

Figure 28 shows data handling system 3000 according to a further aspect of the invention.System 3000 is combined with equipment 2102 Controlled using to carry out the authentication of multiple-factor multichannel or transaction.System 3000 includes and transport module 3300 and reception mould Personality module 3100, binding module 3200 and the processing module 3500 that block 3400 is communicated.The quilt of personality module 3100 It is configured to make the server 2108 of equipment 2102 and equipment personalized, so that equipment and server are shared one or more symmetrical close Key.Binding module 3200 be configured as binding together the server 2106 of equipment 2102 and service provider so as to equipment and Server 2106 shares symmetric key.Transport module 3300 is configured as peripheral device and sends message, such as to server 2106 send authentication or transaction control data.Receiving module is configured as receiving message from ancillary equipment, such as from service The server 2106 of provider receives instruction message.Processing module 3500 is configured as the instruction message generation response based on reception Message.Response message is sent to the server 2106 of service provider to carry out the authentication of multichannel multiple-factor or transaction Control.System 3000 can include one or more processors or similar device so as to one or more moulds of execution system 3000 Block.

Figure 29 shows data handling system 4000 according to a further aspect of the invention.System 4000 is with service provider's Server 2106 is combined to carry out the authentication of multiple-factor multichannel and/or transaction control.System 4000 is included with connecing The binding module 4100 and processing module 4300 that receipts module 4200 and transport module 4400 are communicated.The quilt of binding module 4100 It is configured to server 2106 being tied to equipment 2102 to allow server and collaborative share one or more symmetric key, should Symmetric key is shared between equipment 2102 and the server 2108 of equipment 2102.Receiving module 4200 is configured as setting from periphery Standby to receive message, such as slave unit 2102 receives authentication or transaction control data.Processing module 4300 is configured as receiving Instruction message is generated after to the request from equipment.Transport module 4400 is configured as peripheral device and sends message, such as Instruction message is sent to equipment 2102.Receiving module 4200 receives the response message generated by equipment 2102 based on instruction message. Processing module 4300 is additionally configured to carry out the authentication of multichannel multiple-factor or transaction to equipment based on the response message of reception Control.System 4000 can include one or more processors or similar device so as to one or more moulds of execution system 4000 Block.

All these processes are all carried out according to multiple-factor multichannel mode.In an embodiment of the invention, except individual Property, binding, cancel binding and bind again outside step, the step of authentication and transaction control can only in equipment and Carried out between service provider, be not related to third party.Therefore, need not centralization clothes in authentication and transaction control process Business device.Centralized server makes it difficult to that whole system is adjusted and running cost is expensive, weakens service provider couple The management of the information and privacy of consumer.The server of equipment is only needed to bind and bound again to help to bind, cancel Journey, during this period, such as by keeping the anonymous ID come safekeeping user.The advantages of illustrative embodiments of the present invention, is extremely Small part is in needing in authentication and process of exchange and not always third party.

Figure 30 is the block diagram for showing payment system 5000 according to an illustrative embodiment of the invention.Payment system 5000 include electronic equipment 5200, and the electronic equipment is typically hand-hold electronic equipments used in personal buyer.Electronic equipment 5200 include but is not limited to hardware and/or the software part realized within hardware, mobile phone or intelligence such as with special-purpose software Can mobile phone.For example, electronic equipment 5200 can also provide the work(such as scanning, networking, display bar code, execution near-field communication (NFC) Energy.

In electronic transaction process, electronic equipment 5200 and the server 5400 of from the businessman to consumer's items for merchandising are carried out Communication.For example, electronic equipment 5200 can be communicated by multichannel communication with the server of multiple businessmans.It is previously right Transaction control between the certification of electronic equipment 5200 and equipment 5200 and server 5400 is discussed.

The server 5400 of businessman includes but is not limited to computer, processor etc., and it can safeguard database and realize Pre-defined algorithm.For example, businessman can be online sales website, such asOrBuyer select it is a kind of or After various article and order have selected article, the server 5400 of businessman can generate code, such as quick response (QR) code, and The code is sent to terminal 5600 by first communication channel.Channel can be any information communication channel, such as internet, Private network etc..The code is based on transaction related information and Business Information is formed.Transaction related information is including but not limited to selected Article is identified, confirmed after the addressee of the price of selected article, selected article, the Shipping Address of selected article and delivery Recipient of message etc..Business Information include but is not limited to one or more identity of businessman, businessman description and have The signature of the symmetric key of businessman and payment door (will be described later).

Terminal 5600 includes but is not limited to hardware and/or the software part realized within hardware.For example, terminal 5600 can To be computer, electronic cash register system (POS) machine with web browser or similar user interfaces etc..For example, electronics Communication between equipment 5200 and terminal 5600 can be scanning input communication, pass through electronic equipment 5200 using this communication Video camera 5210 scans QR code to hand-hold electronic equipments 5200 from terminal 2104.

Electronic equipment 5200 includes transceiver 5220, and the QR code that transceiver reception is scanned by video camera 5210 simultaneously should Code transfer is to processor 5230.Processor 5230 is processed for retrieval transaction relevant information to QR code and in display The transaction related information is shown on screen 5240.Transaction related information includes but is not limited to the identifying of selected article, selected thing Recipient of confirmation message etc. after the price of product, the addressee of selected article, the Shipping Address of selected article and delivery.Inspection Rope to information can be textual form or code form, as long as the information that buyer is appreciated that.For example, the letter that will be retrieved Breath is shown on indicator screen 5240, is easy to buyer's visual verification transaction related information so that the business that can be wanted to buyer The transaction related information of product is verified.

If buyer determines that All Activity relevant information is all accurate and determines to continue as selected pay, then buys The button that square can is for example shown by touching on screen 5240 starts payment process.Alternatively, buyer can be by defeated Enter some codes specially designed or perform biological characteristic input to start payment process so that may insure selected article is to buy Side intend buy and ensure to be incorporated to an extra safe floor.As response, shown on screen 5240 user interface 5250 with Just buyer selects payment options from multiple grace payment options.For example, payment options include but is not limited to Credit Card Payments, Debit payments, Third-party payment, bank transfer payment and small amount bill payment etc..Based on Transaction Information and selected payment Option, processor 5230 generate payment message, and the payment message includes first paragraph and second segment.

First paragraph includes the first paragraph relevant with selected payment options, and second segment is including buyer with selected payment options phase The relevant information of the account data of pass.If for example, buyer's chosen credit card payment option, the first paragraph of payment message It is generated as being generated as instruction with the identifier corresponding to credit card payment option and second segment and being previously stored in data The credit card of buyer in storehouse 5260.

Payment message is sent to payment door 5800 by transceiver 5220.Between equipment 5200 and payment door 5800 Communication is carried out by the second communication channel.Multichannel communication method has been discussed in advance.For example, the second communication channel First communication channel between the server 5400 and electronic equipment 5200 of businessman is different.Door 5800 includes but is not limited to Computer etc., it can safeguard database and realize pre-defined algorithm.Door 5800 and such as PE 1-PE N multiple participation entities (PE) server is communicated.Each participated in entity is at least one associated with multiple grace payment options. For example, it can be any appropriate participation financial institution to participate in entity, such as bank, credit card company, Third-party payment mechanism And small amount bill payment mechanism etc..For example, PE 1 is credit card company, PE 2 is bank, and PE 3 is Third-party payment mechanism.

Door 5800 receives payment message by transceiver 5810.Transceiver 5810 sends payment to processor 5820 and disappeared Breath.First paragraph of the processor 5820 based on payment message, select the suitable participation entity related to selected payment options.For example, Processor 5820 from first paragraph searching mark accord with and by the identifier and be stored in database 5830 participation entity mark Symbol is compared, to select the participation entity related to selected payment options.For example, if selected payment options are credits card Payment options, processor 5820 select PE 1, and PE 1 is the credit card company related to buyer.

Once have selected participation entity, processor 5820 would indicate that transceiver 5810 sends payment message to entity is participated in Second segment.After being authenticated to door 5800, selected participation entity is processed for really to the second segment of payment message Whether the fixed buyer account related to selected payment options be effective.If account is effective, selected participation entity generation represents will be logical Cross the instruction message that the payment options selected by buyer are paid the bill.Otherwise, selected participation entity generation expression can not pass through buyer The instruction message that selected payment options are paid the bill.

Door 5800 receives instruction message and the further clothes by third communication channel to businessman by transceiver 5810 Business device 5400 sends instruction message.For example, between third communication channel and the server of businessman 5400 and electronic equipment 5200 First communication channel and electronic equipment 5200 and the second communication channel paid between door 5800 are different.For example, in businessman Server 5400 receive instruction message after, Money transfer will occur for clearinghouse.

Certification between electronic equipment 5200 and door 5800 is described as follows.Payment message includes making for paying door 5800 First sub- message MPO1 and the second sub- message MPE used for the PE related to paying door.Door 5800 is based on the One sub- message MPO1 is authenticated to electronic equipment 5200, if certification success, door 5800 just send the second sub- message to PE MPE.First sub- message MPO1 is that the transaction related information based on commodity, the description of businessman, PE relevant informations (such as have with bank The information of pass), there is the signature of symmetric key of electronic equipment and door and the unique identifier of buyer formed.Second son Message MPE be the description based on businessman, PE relevant informations, the buyer account information related to PE encryption and, alternatively, buyer Digital signature (if PE require) formed.

For the certification of electronic equipment 5200, several symmetric keys are established between electronic equipment 5200 and door 5800, This process has been discussed in advance.Symmetric key is the foundation for carrying out 2 factor authentications.In addition, buyer can have The unique identifier do not shared with door, such as password or fingerprint.PE public key can be utilized to the account related to PE of buyer Family information is encrypted or can be encrypted by other preferable known methods of PE.

Alternatively, electronic equipment 5200 and PE can equally share symmetric key.In advance to sharing symmetric key Foundation is discussed.The digital signature in the second of payment message the sub- message is generally obtained by public and private key pair.However, Digital signature can be obtained by other preferable known methods of PE.

The instruction message that PE is sent to the server 5400 of businessman by door 5800 includes payment arrangement message, the payment Protocol message includes the second son that the first sub- message MPO2 used for door 5800 and the server 5400 for businessman use Message MME.In communication process, door 5800 is authenticated based on the first sub- message MPO2 to PE.If certification success, door 5800 just send the second sub- sub- message MPO1 of message MME and first of payment message to the server 5400 of businessman.Second son Message MME is the description based on businessman, buyer's relevant information, PE relevant informations, payment related information, payment arrangement and PE label What name was formed.First sub- message MPO2 is formed based on the signature with the symmetric key shared between PE and door 5800 's.The foundation that symmetric key is shared between PE and door 5800 is discussed in advance.

Can be by transceiver 5220, processor 5230, user interface 5250 and database 5260 is incorporated to and electronic equipment 5200 data handling systems being used in combination.Transceiver 5810, processor 5820 and database 5830 can be incorporated to and propped up Pay the data handling system that door is used in combination.

Figure 31 is to show the permission buyer of embodiment according to a further aspect of the invention using electronic equipment to from business The flow chart for the method that the one or more articles of family's there selection are paid.

In step 6100, the code for the transaction related information for representing related to selected article is received by electronic equipment. In step 6200, the retrieval transaction relevant information from code.In step 6300, transaction related information is verified.In step 6400 In, select at least one payment options from multiple grace payment options.In step 6500, based on transaction related information and branch Pay option generation payment message.The payment message includes representing the first paragraph of payment options and represents buyer's and payment options The second segment of related account data.In step 6600, branch is sent to the payment door to be communicated with multiple participation entities Pay message.Each participated in entity is at least one related in multiple grace payment options.

Figure 32 be show the permission buyer of embodiment according to a further aspect of the invention by with multiple participation entities The payment door to be communicated is to the flow chart of the method paid from the one or more articles of businessman there selection.Participate in Each in entity is at least one related in multiple grace payment options.

In step 7100, payment message is received by payment door.Payment message includes representing buyer from multiple predetermined branch Pay the first paragraph of payment options selected in option and represent the of the account data related to selected payment options of buyer Two sections.In step 7200, the first paragraph based on payment message selects the participation entity related to selected payment options.In step In 7300, the second segment of payment message is sent to verify the account related to selected payment options of buyer to selected participation entity Family.In step 7400, from the selected instruction message for participating in entity and receiving the validity based on buyer account and being generated.In step In 7500, instruction message is sent to the server of businessman.

Embodiments of the present invention have some advantages.For example, the accounts information of buyer is preserved on an electronic device simultaneously Selected thereon, and be not preserved in and pay on door, this makes electronic fare payment system safer.In addition, door has extension Its ability being connected with multiple participation entities.Therefore, buyer has a variety of payment options.

Various aspects of the invention may be implemented as program, software or to be embedded into computer or machine available or readable The computer instruction of medium, when it is being performed on computer, processor and/or machine, computer or machine is set to perform and be somebody's turn to do The step of method.Additionally provide and truly realize the executable programmed instruction of machine to perform institute in various functions and the present invention The machine readable program storage device for the method stated.

The systems and methods of the present invention either can be realized or transported on dedicated computer system in all-purpose computer OK.Computer system can be known any type or will known system, and processor can be generally included, deposited Reservoir, storage device, input-output apparatus, internal bus, and/or for combining communication hardware and software etc. and other calculating Communication interface that machine system is communicated etc..

Computer program product can include can data storage and/or computer instruction, such as can be by computer, machine Any tangible or tangible media that device etc. reads and/or performed.Example can include but is not limited to memory and (such as deposit at random Access to memory (RAM), read-only storage (ROM) etc.), CD, optical storage apparatus and other devices.

The term " computer system " that may be used in the present invention and " computer network " can include fixed and/or portable Formula computer hardware, software, the multiple combinations of peripheral hardware and storage device.Computer system can include networking or connect to cooperate The multiple separate parts performed, or one or more individual components can be included.The computer system hardware of the application and soft Part part can include and may be embodied in such as fixation and portable equipment of desktop computer, notebook, server.Module can Be equipment, software, program or realize " function " system part, it may be implemented as software, hardware, solid Part, circuit etc..

Embodiments described above is illustrative example, and be should not be construed specific the present invention is limited to these Embodiment.Therefore, in the case of without departing substantially from the spirit and scope of the present invention defined in the appended claims, the skill of this area Art personnel can make various changes and modifications.

Claims

1. a kind of carrying out user equipment described in the authentication of multiple-factor multichannel and process of exchange to user equipment to service Provider keeps anonymous method, wherein, the user use by terminal communicated with the server of equipment described in set Standby, methods described includes：

Received and asked from the equipment by the terminal；

With the devices exchange transactional related data；

Disposable anonymous identifier is generated for the equipment, the disposable anonymous identifier is effective in the given time；With And

The disposable anonymous identifier, disposable anonymous identifier energy within the scheduled time are sent to the equipment It is enough to be obtained by the equipment.

2. the method according to claim 11, wherein, after the disposable anonymous identifier is sent to the equipment, Also include：

The equipment and the server of the service provider are bound, to allow the equipment to be provided with the service The server of business shares at least one symmetric key.

3. according to the method for claim 2, wherein, tied up by the equipment and the server of the service provider Before fixed, in addition to：

The personalization of the equipment is realized by manufacturing equipment；It is and/or hard by installing predetermined personalization on said device The mode of part realizes the personalization of the equipment.

4. according to the method for claim 3, wherein, tied up by the equipment and the server of the service provider After fixed, in addition to：

The authentication of multichannel multiple-factor and transaction verification are carried out to the equipment by the server of the service provider.

5. according to the method for claim 4, wherein, the equipment is carried out by the server of the service provider more The authentication of channel multiple-factor and transaction verification include：

Certification request is sent to the server of the service provider using first communication channel by the terminal；

Instruction message is sent to the equipment using the first communication channel by the terminal；

The equipment is based on instruction message generation response message, and logical by second different from the first communication channel The response message is sent to the server of the service provider by letter channel, wherein, the server of the service provider The authentication of multichannel multiple-factor and transaction verification are carried out according to the response message.

6. the method according to claim 11, wherein,

The authentication of multichannel multiple-factor and transaction verification bag are carried out to the equipment by the server of the service provider Include：It is authenticated based on two factors, is authenticated based on two channels, wherein, two factors include：One represents only The factor I of message could be generated by stating equipment, and another expression only knows that the equipment of particular message could generate the of message Two-factor；Two channels include：One first communication channel between the server of the service provider and the equipment, Another is the second communication channel between the server of the service provider and the terminal.

7. the method according to any one of claim 2 to 6, wherein, in addition to：

Perform the cancellation bindings of the server and the equipment to the service provider.

8. according to the method for claim 7, wherein, performing server and the equipment to the service provider After cancelling bindings, in addition to：

Perform the bindings again of the server and the equipment to the service provider.

9. a kind of computer program product being used together with computer, the computer program product includes recording to have thereon making The computer performs the user in the authentication of multiple-factor multichannel and process of exchange and keeps anonymous place to service provider The computer-readable recording medium of the computer executable program of reason, wherein, the user uses the clothes by terminal and equipment The equipment that business device is communicated, the processing include：

Received and asked from the equipment by the terminal；

With the devices exchange transactional related data；

10. a kind of method that multichannel certification is carried out to user, wherein, the user is used by terminal and service provider The equipment that server is communicated, methods described include：

The equipment receives the instruction message sent from the server by the terminal；

The equipment is based on the instruction message and by the shared at least one symmetric key of the equipment and the server Generate response message；

The equipment sends the response message to the terminal；And

The terminal sends the response message to the predetermined destination of the server.

11. according to the method for claim 10, wherein, the instruction message includes：The destination of the response message, life Into the mode of the response message and the mode of the transmission response message.

12. a kind of computer program product being used together with computer, the computer program product, which includes record thereon, to be had Make the computer-readable of the computer executable program for the processing that the computer is authenticated according to multichannel mode to user Storage medium, wherein, the user uses the equipment to be communicated by terminal with the server of service provider, the processing Including：

The equipment sends the response message to the terminal；And

13. a kind of method that multichannel certification is carried out to user, wherein, the user use with the server of service provider with And the equipment that terminal is communicated, methods described include：

The equipment sends certification request by first communication channel to the server；

The equipment is received by the first communication channel to be disappeared by the server based on the instruction that the certification request generates Breath；

The equipment sends the Service Ticket based on the instruction message by the second communication channel to the server, and described the Two communication channels are different from the first communication channel；And

The terminal receives the certification message generated by the server based on the Service Ticket.

14. a kind of computer program product being used together with computer, the computer program product, which includes record thereon, to be had The computer is performed the computer of the computer executable program of the processing of certification to user according to multichannel mode can Storage medium is read, wherein, the user uses the equipment to be communicated with the server and terminal of service provider, the place Reason includes：

15. a kind of method that multichannel certification is carried out to user, wherein, the user use with the server of service provider with And the equipment that terminal is communicated, methods described include：

The server is received from the equipment by first communication channel and asked；

The server is based on certification request generation instruction message and sent out by the first communication channel to the equipment Send the instruction message；

The server receives Service Ticket, second communication channel and described the by the second communication channel from the equipment One communication channel is different；And

The server is based on Service Ticket generation certification message and sends the certification message to the terminal.

16. a kind of computer program product being used together with computer, the computer program product, which includes record thereon, to be had The computer is performed the computer of the computer executable program of the processing of certification to user according to multichannel mode can Storage medium is read, wherein, the user uses the equipment to be communicated with the server and terminal of service provider, the place Reason includes：