CN107730256A - Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method - Google Patents
Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method Download PDFInfo
- Publication number
- CN107730256A CN107730256A CN201710943287.5A CN201710943287A CN107730256A CN 107730256 A CN107730256 A CN 107730256A CN 201710943287 A CN201710943287 A CN 201710943287A CN 107730256 A CN107730256 A CN 107730256A
- Authority
- CN
- China
- Prior art keywords
- equipment
- server
- service provider
- message
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/16—Payments settled via telecommunication systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
- G06F21/35—User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3215—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/42—Anonymization, e.g. involving pseudonyms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Signal Processing (AREA)
- General Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention provides a kind of multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method, carries out the authentication of multiple-factor multichannel and hands over manageable system and method and the multi-option system and method to being paid from the article of businessman there selection.Certification and transaction control can be carried out only between electronic equipment and the server of service provider, be participated in without third party.For the server of service provider, the server of the equipment contributes to personalized, binding, cancels binding and bind the equipment again.When buyer selects payment options by electronic equipment, payment message is sent to door is paid.Pay the suitable accounts information for participating in entity and buyer being sent to selected participation entity of the message based selected payment options selection of door.Carry out participating in the certification between entity and buyer account by the authentication of multiple-factor multichannel and transaction control.
Description
Technical field
Generally, the present invention relates to (ID) certification of the identity used in electronic payment process and transaction control field,
And electronic fare payment system and method.More particularly it relates to a kind of multiple-factor multichannel authentication and transaction control
System and the electronic fare payment system paid for safety, multichannel, multi-option and method.
Background technology
In modern society, for trade, for the trade in global range, authentication and transaction are controlled
System is common and essential.Most of authentications and transaction control are carried out based on single-factor single channel.The factor
Can be any certification factor, possessed by a such as people (for example, token), (for example, password) that a people is known, one
Personal (for example, fingerprint) or (for example, social networks) related to a people of itself.The channel can be that any information is led to
Believe channel, internet, phone, private network etc..
It is believed that being highly susceptible to attack based on the single-channel authentication of single-factor and transaction control, one of which is attacked
The form of hitting is commonly known as go-between (MITM) attack.MITM attack in, cheat by relay request and response come use with
The equipment that client is connected with application server, so as to steal data and/or represent client browser to reach fraud purpose.
In addition, with the rapid growth of global trade, authentication and transaction control system must be with simple, flexible sides
Formula handles multiple ID for unique user.Now, consumer often has multiple ID, including passport, driving license, mailbox account
Family, job site ID, credit card, Bank Account Number, amusement account, social networks account, consumer account etc..Keeping ID secrecy
While, possess multiple ID and select the right that suitable ID is consumer in different situations.However, existing authentication
Authentication and transaction control are managed concentratedly with the requirement of transaction control program, this has actually deprived consumer and safeguarded simultaneously
Control his/her multiple ID right.
In addition, for consumer, multiple ID are handled, especially for the sake of security must in these ID and associated cryptographic
It is very cumbersome thing when must frequently change.Equally, in process of exchange, service provider it is not expected that third party control,
The service provider it is generally desirable to keep the complete control and management for transaction.Moreover, in some cases, consumer does not wish
Hope their action that relation is involved with their unique identity.Therefore, it is equally user's institute's phase that anonymity is kept in process of exchange
Hope.
Therefore, applicant have perceived that, it is necessary to developing a kind of multiple-factor multichannel authentication and transaction control system
System and method, it can support the trade in global range, without cluster, alleviate user and remember the negative of ID and password
Load, control completely and management are provided for service provider, and anonymous customer is safeguarded during particular transaction.
The accounts information of buyer is stored in by traditional electronic fare payment system requirement to be paid in door.Door is paid from buyer
Receive payment instruction and the account of buyer is verified according to the accounts information preserved.Generally, for buyer only have one with
The payment options of the account information correlation preserved in advance are available.Therefore, existing electronic fare payment system does not allow buyer from more
Suitable payment options are selected in individual available payment options.In addition, the accounts information of buyer is permanently stored in payment door
The middle hidden danger that can be brought in terms of safety and privacy.
Therefore, applicant have perceived that, it is necessary to develop a kind of electronic fare payment system and method, provided for buyer multiple
Payment options, without requiring that the accounts information by buyer is stored in payment door.
The content of the invention
According to an aspect of the present invention, there is provided a kind of multiple-factor multichannel authentication and the manageable method of friendship, its
Middle user uses the equipment to be communicated with least one service provider.This method includes:Shared with the server of the equipment
At least one symmetric key;The server of the service provider is bound so that the server with the service provider shares this at least
One symmetric key;ID authentication request is sent to the server of the service provider;Connect from the server of the service provider
Receive instruction message;Response message is generated based on the instruction message;And send response message to the server of the service provider
So as to based on the response message and by least one symmetric key that the equipment and the service provider share in the equipment and
Multichannel multiple-factor authentication is directly carried out between the service provider.Additionally provide a kind of meter being used together with computer
Calculation machine program product.The product includes the calculating that record thereon has the computer executable program for making computer perform the above method
Machine readable storage medium storing program for executing.
According to another aspect of the present invention, there is provided a kind of multiple-factor multichannel authentication and the manageable method of friendship,
Wherein user uses the hand-hold electronic equipments to be communicated with least one service provider.This method includes:Bind the equipment
So as to at least one symmetric key of the collaborative share, at least one symmetric key the equipment and the equipment server it
Between share;ID authentication request is received from the equipment;Generate instruction message;Instruction message is sent to the equipment;Reception is set by this
The response message of standby generation;And shared based on the response message and between the equipment and the server of the service provider
At least one symmetric key the multichannel multiple-factor identity of the equipment is directly carried out between the equipment and the service provider
Certification.Additionally provide a kind of computer program product being used together with computer.The product includes recording to have thereon making calculating
Machine performs the computer-readable recording medium of the computer executable program of the above method.
According to another aspect of the present invention, there is provided a kind of authentication of multiple-factor multichannel and transaction in user equipment
During the user equipment anonymous method is kept to service provider, wherein user uses the service with the equipment by terminal
The hand-hold electronic equipments that device is communicated.This method includes:Received and asked from the equipment by the terminal;Handed over the devices exchange
Easy related data;Disposable anonymous identifier is generated for the equipment, the disposable anonymous identifier is effective in the given time;
And the disposable anonymous identifier is sent to the equipment, the disposable anonymous identifier can be obtained by the equipment in the given time
Take.Additionally provide a kind of computer program product being used together with computer.The product includes recording to have thereon making computer
Perform the computer-readable recording medium of the computer executable program of the above method.
According to another aspect of the present invention, there is provided a kind of method that multichannel certification is carried out to user, wherein user make
With the hand-hold electronic equipments to be communicated by terminal with the server of service provider.This method includes:The equipment passes through end
End receives the instruction message sent from server;The equipment is shared extremely based on instruction message and by the equipment and the server
A few Symmetric key generation response message;The equipment sends response message to the terminal;And the terminal sends out response message
Deliver to by the predetermined destination of server.Additionally provide a kind of computer program product being used together with computer.The product
Computer-readable recording medium including recording the computer executable program for making computer perform the above method thereon.
According to another aspect of the present invention, there is provided a kind of method that multichannel certification is carried out to user, wherein user make
The hand-hold electronic equipments to be communicated with the server and terminal with service provider.This method includes:The equipment passes through
One communication channel sends certification request to server;The equipment is received by first communication channel and is based on certification request by server
The instruction message generated;The equipment is based on instruction message and sends Service Ticket to server by the second communication channel, and this
Two communication channels are different from first communication channel;And the terminal is received and disappeared by server based on the certification that Service Ticket is generated
Breath.Additionally provide a kind of computer program product being used together with computer.The product includes recording to have thereon making computer
Perform the computer-readable recording medium of the computer executable program of the above method.
According to another aspect of the present invention, there is provided a kind of method that multichannel certification is carried out to user, wherein user make
The hand-hold electronic equipments to be communicated with the server and terminal with service provider.This method includes:Server passes through
One communication channel slave unit receives request;Server is based on certification request generation instruction message and by first communication channel to setting
Preparation send instruction message;Server receives Service Ticket, second communication channel and first by the second communication channel slave unit
Communication channel is different;And server is based on Service Ticket generation certification message and sends certification message to terminal.Also provide
A kind of computer program product being used together with computer.The product includes recording to have thereon making computer perform above-mentioned side
The computer-readable recording medium of the computer executable program of method.
According to another aspect of the present invention, there is provided at a kind of multiple-factor multichannel authentication and the manageable data of friendship
Reason system, wherein user use the hand-hold electronic equipments to be communicated with least one service provider.The system includes:Processing
Device;Personality module, it is configured as making the server personalization of the equipment and the equipment to allow the equipment and the equipment
Server shares at least one symmetric key;Binding module, be configured as by the server of equipment and service provider bind with
Just the server of equipment and service provider is allowed to share at least one symmetric key;Transport module, it is configured as carrying to service
Authentication or transaction control data are sent for the server of business;Receiving module, it is configured as the server from service provider
Receive instruction message;And processing module, operationally perform on a processor, and be configured as ringing based on instruction message generation
Answer message.Transport module is additionally configured to send response message to the server of service provider to carry out multichannel to equipment
Multiple-factor authentication or transaction control.
According to another aspect of the present invention, there is provided at a kind of multiple-factor multichannel authentication and the manageable data of friendship
Reason system, wherein user use the hand-hold electronic equipments to be communicated with least one service provider.The system includes:Processing
Device;Binding module, it is configured as the server of service provider being tied to equipment to allow the server of service provider
With at least one symmetric key of collaborative share, at least one symmetric key is shared between equipment and the server of equipment;Connect
Module is received, slave unit is configured as and receives authentication or transaction control data;Processing module, operationally hold on a processor
OK, and it is configured as generating instruction message when receiving request;And transport module, it is configured as disappearing to equipment transmission instruction
Breath.Receiving module is additionally configured to receive and is additionally configured to be based on response message by the response message and processing module of equipment generation
The authentication of multichannel multiple-factor or transaction control are carried out to equipment.
According to another aspect of the present invention, there is provided one kind allows buyer using electronic equipment come to being selected from businessman there
The method that is paid of article.This method includes:Receive the code for the transaction related information for representing related to selected article;From
Retrieval transaction relevant information in code;Verify transaction related information;At least one payment is selected from multiple grace payment options
Option;Based on transaction related information and payment options generation payment message;And payment message is sent to multiple and participated in fact
The payment door that body is communicated.Payment message includes representing the first paragraph of payment options and represents buyer's and payment options
The second segment of related account data.Each participated in entity is at least one related in multiple grace payment options.
According to another aspect of the present invention, there is provided it is a kind of allow buyer by with multiple branch for being communicated of participation entities
Method of the door to being paid from the article of businessman there selection is paid, each participated in entity is selected with multiple grace payments
At least one correlation in.This method includes:Payment message is received, the payment message includes representing buyer from multiple predetermined branch
Pay the second of the first paragraph of the payment options of option selection and the account data related to selected payment options of expression buyer
Section;First paragraph based on payment message selects the participation entity related to selected payment options;Branch is sent to selected participation entity
The second segment of message is paid to verify the account related to selected payment options of buyer;Instruction is received from selected participation entity to disappear
Breath, the validity based on buyer account generate the instruction message;And send instruction message to the server of businessman.
According to another aspect of the present invention, there is provided a kind of computer program product being used together with computer, the meter
Calculation machine program product, which includes recording thereon having, makes computer perform permission buyer using electronic equipment come to being selected from businessman there
The computer-readable recording medium of the computer executable program of processing that is paid of article.The processing includes:Receive table
Show the code of the transaction related information related to selected article;The retrieval transaction relevant information from code;The related letter of checking transaction
Breath;At least one payment options are selected from multiple grace payment options;Based on transaction related information and payment options generation branch
Pay message;And payment message is sent to the payment door to be communicated with multiple participation entities.Payment message includes representing
The second segment of the first paragraph of payment options and the account data related to payment options of expression buyer.Participate in every in entity
One at least one related in multiple grace payment options.
According to another aspect of the present invention, there is provided one kind allows buyer using electronic equipment come to being selected from businessman there
The data handling system that is paid of article.The system includes:Transceiver, it is configured as reception and represents related to selected article
Transaction related information code;Processor, it is configured as the retrieval transaction relevant information from code;Display, it is configured as
Show transaction related information so that transaction related information can be verified by buyer;And user interface, it is configured as allowing
Buyer selects a payment options from multiple grace payment options.Processor is additionally configured to be based on transaction related information and branch
Pay option generation payment message.Payment message include represent payment options first paragraph and represent buyer with payment options phase
The second segment of the account data of pass.Transceiver, which is additionally configured to send payment message to multiple, participates in what entities were communicated
Door is paid, each participated in entity is at least one related in multiple grace payment options.
According to another aspect of the present invention, there is provided a kind of computer program product being used together with computer, the meter
Calculation machine program product include record thereon have make computer perform allow buyer by with multiple branch for being communicated of participation entities
Pay the computer-readable storage of the computer executable program of processing of the door to being paid from the article of businessman there selection
Medium, each participated in entity are at least one related in multiple grace payment options.The processing includes:Receive and pay
Message, the payment message include representing the first paragraph for the payment options that buyer selects from multiple grace payment options and expression
The second segment of the account data related to selected payment options of buyer;Selected and selected branch based on the first paragraph of payment message
Pay option related participation entity;The second segment of payment message is sent so as to verifying buyer with selected branch to selected participation entity
Pay option related account;Instruction message is received from selected participation entity, the instruction message is the validity based on buyer account
And generate;And send instruction message to the server of businessman.
According to another aspect of the present invention, there is provided it is a kind of allow buyer by with multiple branch for being communicated of participation entities
Door is paid to the data handling system that is paid of article from the selection of businessman there, participate in entity each with it is multiple pre-
Determine at least one correlation in payment options.The system includes:Transceiver, being configured as receiving includes representing by buyer's selection
The payment message of the second segment of the first paragraph of payment options and the account data related to selected payment options of expression buyer;
And processor, it is configured as the first paragraph based on payment message and selects the participation entity related to selected payment options.Transmitting-receiving
Device is additionally configured to the second segment to selected participation entity transmission payment message to verify the account of buyer, is participated in fact from selected
Body receives the instruction message generated based on the validity of buyer account, and sends instruction message to the server of businessman.
Brief description of the drawings
With reference to the detailed description of numerous embodiments of the invention, with reference to accompanying drawing, those skilled in the art can below
More easily to understand the object above and advantage of the present invention, wherein, in multiple figures, identical reference number represents identical
Element, wherein:
Figure 1A to Fig. 1 D is the diagram of a variety of designs of handheld electronic authenticator;
Fig. 2 is the block diagram of the logical design of handheld electronic authenticator according to the embodiment of the present invention;
Fig. 3 is the block diagram of the read protection memory 255 and RAM 265 in the storage system of the computing module 205 in Fig. 2;
Fig. 4 is the block diagram of the logical design of the paper tinsel of handheld electronic authenticator according to the embodiment of the present invention;
Fig. 5 is the flow chart of the process of startup/maintenance of handheld electronic authenticator according to the embodiment of the present invention;
Fig. 6 is the flow chart of the detailed process of the startup/maintenance carried out in the server of authenticator;
Fig. 7 is the process according to startup/maintenance of the paper tinsel of the handheld electronic authenticator of the preferred embodiment of the present invention
Flow chart;
Fig. 8 is the flow chart of the detailed process of the startup/maintenance carried out in the server of service provider;
Fig. 9 is the flow chart of the process of authentication according to the embodiment of the present invention;
Figure 10 is the flow chart of the detailed process of authentication;
Figure 11 is the subsequent flow of the detailed process of Figure 10 authentication;
Figure 12 is the subsequent flow of the detailed process of Figure 11 authentication;
Figure 13 is the flow chart of the process of signature generation according to the embodiment of the present invention;
Figure 14 is to use flow chart of the handheld electronic authenticator from the process of service provider request service;
Figure 15 is the flow chart in the process with using handheld electronic authenticator in third party transaction;
Figure 16 is the stream of the process using handheld electronic authenticator in the transaction of the more data needed for service provider
Cheng Tu;
Figure 17 is to show the authentication of multiple-factor multichannel and transaction control system according to the embodiment of the present invention
Block diagram;
Figure 18 A to Figure 18 D are the hand-hold electronic equipments for showing the authentication of multiple-factor multichannel and transaction control system
The schematic diagram of communication between terminal;
Figure 19 A to Figure 19 B are the signals for showing the communication between hand-hold electronic equipments and the server of service provider
Figure;
Figure 20 is the schematic diagram for showing the communication between terminal and the server of service provider;
Figure 21 is the schematic diagram for showing the communication between the server of equipment and the server of service provider;
Figure 22 is the schematic diagram for the individuation process for showing equipment;
Figure 23 A are the schematic diagrames for showing binding procedure, the wherein server of equipment and service provider it is associated so as to
Equipment and server is allowed to share one or more symmetric keys;
Figure 23 B are to show that the server for slave unit in binding procedure obtains the process of disposable anonymous title
Schematic diagram;
Figure 24 is the schematic diagram for showing authentication procedures;
Figure 25 is the schematic diagram for showing transaction control process;
Figure 26 is the schematic diagram for showing the process for cancelling bound device from service provider;
Figure 27 is the schematic diagram for showing the process for binding equipment and one or more service providers again;
Figure 28 is to show the data processing with being used together for the equipment of the authentication of multiple-factor multichannel with control
The schematic diagram of system;
Figure 29 be show with for the authentication of multiple-factor multichannel and control service provider server together with
The schematic diagram of the data handling system used;
Figure 30 is the block diagram for showing payment system according to the embodiment of the present invention;
Figure 31 is shown according to the permission buyer of another embodiment of the present invention using electronic equipment come to from businessman
The flow chart for the method that the article of there selection is paid;And
Figure 32 is to show the permission buyer according to another embodiment of the present invention by being carried out with multiple participation entities
The payment door of communication is to the flow chart of the method paid from the article of businessman there selection.
Embodiment
Figure 1A to Fig. 1 D is the diagram of a variety of designs of handheld electronic authenticator.Reference picture 1A to Fig. 1 D, authenticator provide
Every kind of design be respectively provided with containing receive user input multiple keys keyboard (that is, 105,115,130 and 140).Authenticator also has
There is the display unit made of liquid crystal display (LCD) (that is, 110,120,125 and 135).Unique feature of above-mentioned design is such as
Under.Reference picture 1A, keyboard 105 and display unit 110 can rotate around common central point 145.In fig. ib, authenticator can
Folded along longitudinal rotating shaft 150 of connection keyboard unit 130 and display unit 125.In fig. 1 c, keyboard 115 and display unit
The 120 entire area manufactures with the shape of conventional keys.In Fig. 1 D, authenticator is analogous to the rectangle of calculator.
Fig. 2 is the block diagram of the logical design of handheld electronic authenticator according to the embodiment of the present invention.Reference picture 2, recognizes
Card device includes computing module 205, support module 210 and other modules 215.
Computing module 205 includes computing unit, and computing unit includes the processor 250 for calculating authentication code and is used for
The storage system of the various data of authentication storage device.Storage system includes:Read/write protects memory 255, for protecting data to exempt from
By outside invasion;Read-only storage (ROM) 260, store static data;And random access memory (RAM) 265, storage is recognized
The dynamic data generated during card.In addition to various authentication codes are calculated, computing module 205 also performs other calculating of authenticator
Activity, execute instruction, decryption message etc., this will hereinafter be described in greater detail.
Support module 210 input/output data, provide power supply and to other auxiliary of authenticator normal operation in be
Computing module 205 provides support.Support module 210 includes:Display unit 220, such as showing number on display unit 220
According to LCD screen and controller therein;Keyboard unit 225, such as there is 14 to 18 keys and 1 to 2 for input data
Hide the keyboard of key;And power subsystem, include battery and its control circuit.
Other modules 215 provide other functions that can be added to authenticator.Clock or timer 235 provide timing work(
Energy.Communication module 240 is external equipment based on such as communication technology of radio frequency identification (RFID) technology or infrared technique
Transmittability is provided.Bio-identification (biometric) module 245 is by the use of the fingerprint of such as user, voice or facial characteristics
The biological characteristic at family is incorporated in the authentication code that additional factor is considered in verification process as input.Authenticator is to expand
Exhibition, because more functions can be added to other modules 215.These modules can be implemented as hardware on authenticator, soft
Part or fastener components.
Fig. 3 shows read protection memory 255 and RAM 265 in the storage system of the computing module 205 in Fig. 2.Such as
Upper described, storage system may include read/write protection memory 255, ROM 260 and RAM 265.Reference picture 3, common sequence number
320th, the key 325 of authenticator and communication key 326 are stored in the read protection memory 255 of authenticator, and are exempted from by protection
By outside invasion.Common sequence number 320, key 325 and communication key 326 are the security informations on authenticator, and are deposited
Storage, even if being flowed out from authenticator, can not be read by external equipment under normal operation in read protection memory 255.
The key and number being stored in read protection memory 255 by authenticator manufacturer authenticator manufacturing process
Middle setting.The server of authenticator identifies using these keys and number and provided service for authenticator, that is, start service and
Safeguard service.The server of authenticator can be a server by manufacturer or independent community's offer.In an implementation
In mode, in order that can be communicated between authenticator and the server of authenticator, any service is being provided to authenticator
Before, the server of authenticator is obtained on the key of authenticator and the information of number from manufacturer.It will retouch in further detail below
State service process.
Key 325 is used to generate one or more disposable authentication codes for certification using the server of authenticator
(OTAC).During the server communication with authenticator, by using the symmetric cryptography determined by the server of authenticator
Scheme (symmetric cryptology scheme) or Asymmetric Cryptography scheme (asymmetric cryptology
Scheme), authenticator uses the encrypting and decrypting data of communication key 326.When selecting symmetric cryptography scheme, authenticator and recognize
The server of card device is encrypted and decrypted the message being in communication with each other using identical key.When selecting Asymmetric Cryptography scheme,
Communication key is the private key of a pair of public keys and private key, wherein, the key by manufacturer to being determined.Authenticator using private key encryption and
Decryption and the message of the server communication of authenticator.The server of authenticator disappearing from authenticator using public key encryption and decryption
Breath.Symmetrical and Asymmetric Cryptography scheme is well known in the present art, and for simplicity, omits its detailed description.
Memory 310 is stored by the dynamic data of the server maintenance of authenticator.For example, the server instruction of authenticator is recognized
Demonstrate,prove the data in device write-in, change and/or more new memory 310.In one embodiment, the entity of memory 310 is safeguarded
(server of such as authenticator) (herein, is also known as " maintenance entity (maintaining entity) ") control to depositing
The write-in and renewal of data in reservoir 310.In this embodiment, any entity of the user comprising authenticator is (except maintenance
Outside entity) memory 310 can not be write direct.The user for wishing to change memory 310 or another entity are to maintenance entity
Send request.For example, by the way that code is asked and received from maintenance entity, memory can be by user or another entity setting up.
This code can include encryption order and the data that can be performed inside computing module 205, to set memory.
Safeguarding the server of the authenticator of memory 310 can include:The common name 330 of authenticator, multiple accesses
People's identification number (PIN) 335 to 340 and it is stored in other information therein.The server of authenticator is starting and safeguarded
Above- mentioned information is set by being sent to order and the data of authenticator in journey.Startup will be described in further detail below and safeguard
Process.
Memory 315 stores multiple paper tinsels 1 to N.Each paper tinsel under condition of work is set up as specially and service provider
It is associated.Service provider is that authenticator provides the entity that OTAC is authenticated with it.Service provider can be credit card public affairs
Department, bank, online account etc..Each in paper tinsel is safeguarded by its corresponding service provider.Each paper tinsel is associated with it
Service provider provide generation OTAC needed for information.Authenticator can provide the OTAC with the quantity of paper tinsel as many simultaneously.
When specific service provider is specified by user, authenticator is by based on being stored on the paper tinsel associated with the service provider
Information calculates OTAC.OTAC generation will be described in further detail below.
Fig. 4 is to show the logical design of one in the paper tinsel 1 to N 315 in Fig. 3 according to the embodiment of the present invention
Block diagram.Reference picture 4, paper tinsel 400 include:By the static data 405 of service provider's maintenance and by service provider and certification
The dynamic data 410 that device is safeguarded.Static data 405 is specially safeguarded by the service provider associated with paper tinsel.Static data 405 wraps
Include the common name 415 of paper tinsel, the paper tinsel sequence number 420 that inside uses, the key 425 of paper tinsel, the communication key 430 of paper tinsel, access PIN
435th, other information 440 and type 445.Service provider in association process by be sent to order and the data of authenticator come
Static data is set.Association process will be described in further detail below.Pass through the dynamic data phase with can dynamically or frequently change
Compare, static data can aperiodically be safeguarded/changed with being serviced provider.
The dynamic data 410 safeguarded by service provider and authenticator includes:Quantitative variation 450, such as when service provides
The remaining sum of credit card when business is credit card company;(trace) variable 455 is tracked, it is the once variable quantity for changing its value;It is living
Dynamic variable 460, stores the activity carried out in the past on service provider;And other dynamic datas 465, store and carried on service
For more information of business.Dynamic data 410 is safeguarded jointly by service provider and authenticator.That is, service provider and certification
Device can write the memory of storage dynamic data 410.Meanwhile service provider safeguards the copy of dynamic data 410.When recognizing
For dynamic data 410 in card device or service provider when changing, other copies can carry out phase when authenticator is maintained
Should ground renewal.
Fig. 5 is the flow chart for the maintenance process for showing handheld electronic authenticator according to the embodiment of the present invention.Such as
Described in Fig. 3, memory 310 is safeguarded by the server of authenticator.When the project of user view renewal storage in memory 310
When (common name 330 of such as authenticator), then the server of authenticator must be transmitted the request to.Reference picture 5, in step
In 505, the user of authenticator transmits the request to the server of authenticator.If by using with for passing through service provider
The similar process of certification authenticator, authenticator are certified the server authentication of device, then the server of authenticator will be to authenticator
The service of maintenance is provided.The verification process of service provider will be explained in greater detail below.In step 510, the clothes of authenticator
Business device sends back to code the authenticator for providing the related data by authenticator request.Use above-mentioned cryptographic schemes
Encrypted code.In step 515, the communicator input authentication that the code of encryption is passed through such as keyboard or other devices by user
Device.In step 520, user presses lower key (such as hiding key) to start the internal maintenance of authenticator.By from hiding bonded receipts
Signal, authenticator decrypt the code encrypted on memory 310 and set the data wherein included.
Fig. 6 shows to be received (in step 505) from maintenance request in Fig. 5 and be sent out (in step 510) to code
The process that the server internal of authenticator only is realized.Reference picture 5, after maintenance request is received from authenticator, authenticator will
First by check OTAC that key 325 based on authenticator generates come the certification authenticator whether be certification equipment.This
Verification process in text is similar to the verification process used in service provider, hereinafter will be described in further detail.Then,
In step 605, the server of authenticator will generate the instruction of work frame.The frame instruction that works includes the maintenance request corresponding to user
Maintenance data and order.In step 610, the data that server is safeguarded according to work frame instruction folding.In step 615
In, server according to predetermined cryptographic schemes by using the encryption keys associated with the authenticator frame, it is and raw
Into the code of authenticator will be sent to.Then, by according to above in association with the procedure performance step 510 described in Fig. 5.
The start-up course performed before the first time use of authenticator is similar to above in association with the dimension described in Fig. 5 to Fig. 6
Shield process.When authenticator completes start-up course, service provider can start to provide OTAC at any time.
Fig. 7 is the flow chart of the maintenance process of the paper tinsel of authenticator according to the embodiment of the present invention.Reference picture 7, in step
In rapid 705, authenticator sends the request for maintenance to the service provider associated with paper tinsel.In step 720, service provides
Business is sent on startup and the request of maintenance request from authenticator to the server of authenticator.The request bag is containing authenticator
Title and other information, to indicate specific authenticator to the server of authenticator.As response, in a step 715, authenticator
Server to service provider send back work frame instruction and authenticator key.The frame instruction that works includes the clothes by authenticator
The data for the maintenance request corresponding to user that business device is safeguarded.Key is 1) communication key, is carried for encrypting and decrypting in service
For the code sent between business and authenticator, and a 2) part for key, it will merge with other parts to form key and lead to
Believe key.In step 720, the information that service provider's processing receives from the server of authenticator, and sent back to authenticator
Code.In step 725, communicator input code that user passes through such as keyboard.In step 730, user presses hiding
Key is to start the internal maintenance of paper tinsel.By the code encrypted from hiding key reception signal, authenticator decryption, and use authenticator
In key merge from the data of Code obtaining, to form the key of paper tinsel and communication key, and set on paper tinsel and wherein include
Data.
Fig. 8 show reception work frame file (in step 715) in Fig. 7 be used to sending out code (in step 720) it
The process that the server internal of service provider performs afterwards.Reference picture 8, after work frame file is received from authenticator, in step
In rapid 805, service provider selects the setting for specific paper tinsel.In step 810, service provider will ask corresponding to server
The data that the service provider asked safeguards are put into the work frame file of reception.In step 815, server is by using in step
The key received in 715 carrys out encrypted frame file.The cryptographic schemes selected according to service provider, server use is in 715
The key of reception is by frame file encryption into the code being made up of Serial No..Cryptographic schemes can be symmetric cryptography scheme
Or Asymmetric Cryptography scheme.Using the code of Asymmetric Cryptography schemes generation than using symmetric cryptography schemes generation
Code is grown, but it is also safer.Service provider can select one kind in both schemes or more suitable for it
Other schemes of purpose.
The start-up course for the association established between service provider and authenticator is similar to above in association with described in Fig. 7 to Fig. 8
Maintenance process.When authenticator completes start-up course, can start to provide OTAC at any time by service provider.
Using with starting above in association with the identical process described in Fig. 7 to Fig. 8 and safeguarding each paper tinsel.Starting or safeguarding
Afterwards, authenticator will can use the information being arranged on the paper tinsel for the authenticator of certification to generate OTAC.Below will be more detailed
The verification process of service provider carefully is described.
An advantage provided by the present invention is that the server of service provider is established the key 425 of specific paper tinsel and led to
Believe key 430.In order that OTAC is unpredictable, key 425 and communication key 430 are the information holded in close confidence, all so as to prevent
Such as other people simulation codes of hacker.In the current Verification System based on OTAC, manufacturer establishes and known in authenticator
Key.In the present invention, because service provider establishes the design of key, and in paper tinsel, manufacturer be not aware that key from
And the code between authenticator and service provider can not be predicted.It is probably that leakage is close because this design eliminates from system
The manufacturer in the potential source of key, therefore it is safer than the current Verification System based on OTAC.
After starting or safeguarding, specific paper tinsel is successfully associated with service provider, and is ready to provide and is used to recognize
The OTAC of card.Authenticator can be used in certification.
Fig. 9 is the flow chart for showing verification process according to the embodiment of the present invention.Reference picture 9, in step 905
In, user input data is to indicate that authenticator asks OTAC on service provider.In step 910, authenticator is based on depositing
With service provider associated information generation OTAC of the storage on paper tinsel.In step 915, user carries to the service for certification
The common name 415 and OTAC of the paper tinsel associated with service provider are provided for business.Certification page or interface can be passed through
Make OTAC into the website of service provider to realize step 915.In step 920, service provider determines whether to authorize and recognized
Card, refusal certification or the request that new OTAC is sent back to authenticator.
The verification process described in Fig. 9 is described in detail in Figure 10 to Figure 12.OTAC is generated as the multiple defeated of pre-defined algorithm
The function entered.Reference picture 10, as shown in 1005 and 1006, the input for generating OTAC can include:The common name of paper tinsel,
Key, the tracking information relevant with dynamic variable, on occur past movable action message on paper tinsel, other information,
Server is asked and method.Input is stored concurrently in the service provider's shown in the authenticator and 1006 shown in 1005
In server.Under preferable condition of work, two groups of inputs 1005 and 1006 are identicals.In step 1010 and 1011, recognize
Card device and service provider are based on the generation of input 1005 and 1006 OTAC.OTAC from authenticator is that authenticator uses 1005
Shown in information to be certified one or more combinations and the authentication code that generates.OTAC from service provider is a kind of
Independently generated by service provider using the one or more combinations of information (it is used for certification authentication code) shown in 1006
Identifying code.In step 1020 and 1025, authentication code and identifying code are compared to each other.For example, service provider is by identifying code
Compared with the authentication code received from authenticator.
Figure 11 is Figure 10 subsequent flow, further describes the comparison step of authentication code and identifying code.Reference picture 11,
In step 1105, authentication code and identifying code are compared to each other.For example, server is by the authentication code sent from authenticator and is taking
The authentication code received on the server of business provider is compared.If two code matchings, in step 1115, server can
Asked access is authorized with certification authentication code and to the user of authenticator.If two codes mismatch, recognize to adjust
Admissible inconsistent between the tracking input of card device and service provider and activity input, server is by predetermined scope
Interior change tracking input and activity input simultaneously generate new identifying code.The step is performed for these reasons, and tracking inputs and lived
Dynamic input is all the dynamic data by authenticator and service provider's maintenance.Under ideal conditions, authenticator and service provider
In tracking and activity be identical.However, under normal working conditions, the how subsynchronous of dynamic data can not be timely
Renewal or adjustment.Accordingly, it is possible to there is small difference.These differences are allowed, and in an embodiment of the invention
Illustrate.
In step 1110, by the newly-generated identifying code in preset range and authentication code further compared with.If
Matching, then in step 1120, server is by the certification authenticator.If authentication code deviates very big model compared with identifying code
Enclose, then in step 1128, server will refuse the authenticator.If authentication code, outside threshold value, authentication code can be true
It is set to a wide range of deviation.Threshold value is made a reservation for by service provider according to its security strategy.If authentication code is both without departing from very wide range
Also incorrect, then in step 1125, server will carry out the certification of next stage.After next stage certification, service provider
It may determine whether finally to refuse certification request in step 1130, or the request of new authentication code sent in step 1135.
Figure 12 is Figure 11 subsequent flow, further describes the step 1135 for the authentication code that please be looked for novelty.As described above,
When authentication code and identifying code mismatch but deviate little, service provider will send the request of new authentication code.Reference picture 12,
When authenticator receive including the request from service provider code when, then in step 1330, it is in other devices or
By the user keys of other devices to authenticator input code.In this process, authenticator generation has new server
The new authentication code of request, tracking and activity input.Then, authenticator sends new OTAC to service provider again.In response to
Receive new authentication code, using identical step as shown in figure 11, by new authentication code with based on new server request, with
Track and the new identifying code of activity input are compared.
Authenticator may be utilized for generation electronic signature.It is determined that the process of the reliability of signature is similar to above in association with figure
Process described in 10 to Figure 12.Figure 13 is the flow chart of the process generated according to the signature of the present invention.For generating the defeated of signature
Entering to include:The common name of paper tinsel, key, the tracking information for being related to dynamic variable, the past work on generation on paper tinsel
Dynamic action message, other information, signature request and endorsement method.Any combination of multiple information can be used for generation label
Name.Input is stored simultaneously in the authenticator shown in 1305 and the server of the service provider shown in 1306.
Under ideal conditions, two groups of inputs 1305 and 1306 are identicals.In step 1310 and 1311, authenticator and service provider are equal
Based on the generation signature of input 1305 and 1306 OTAC.Signature OTAC from authenticator is signature authentication code to be certified.Come from
The signature OTAC of service provider is the signature verification code for certification authentication code.In step 1320 and 1325, signature authentication
Code and signature verification code are aggregated together and are compared to each other.For example, server is compared to signature.Use followed by
It is identical to the process described in Figure 12 with Figure 11 in the process of authentication signature authentication code.When signature authentication code is certified, the label
Name is recorded and basic transaction is confirmed.
Figure 14 to Figure 16 is the flow chart of the process using handheld electronic authenticator when being traded.
Figure 14 is to use flow chart of the handheld electronic authenticator from the process of service provider request service.Reference picture 14,
In step 1405, the user with authenticator accesses to clothes using the common name on paper tinsel and the OTAC wherein generated to realize
Be engaged in provider.In step 1410, using above in association with the process described in Figure 10 to Figure 13, service provider's approval, refusal or
The person OTAC to be looked for novelty.Similarly, user can access all service providers, in the paper tinsel of each service provider and authenticator
One it is associated.Using the common name (associated with the service provider) of OTAC combination paper tinsels, although user can utilize
Service provider carries out business transaction, but security information is never disclosed in this process.
Figure 15 is the flow chart in the process with using handheld electronic authenticator in third party transaction.Third party is to merchandise
The user of middle authenticator handles a side of transaction, such as supplier.Third party needs the information of the user of authenticator to be handed over
Easily, such as credit card number.The user of authenticator can provide the common name and OTAC of paper tinsel to third party, without to supply
Business provides credit card number.The process is shown in Figure 15.Reference picture 15, the user of authenticator to need for confidentiality information (such as
Bank account) transaction other side provide paper tinsel common name (associated with service provider) and its OTAC.In step 1505
In, user's contra provides common name and OTAC.In step 1510, other side uses common name and OTAC request access clothes
Be engaged in provider.In step 1515, the server of service provider will be ratified, refusal or the OTAC that please be looked for novelty, such as more than tie
Close described in Figure 10 to Figure 12.Because OTAC is for example time-based dynamic variable, therefore other side is in OTAC effective weeks time
Phase is unable to link service provider after passing by.
Figure 16 is the process that handheld electronic authenticator is used in the transaction of more data needed for service provider
Flow chart.Reference picture 16, in step 1605, the common name of paper tinsel and OTAC are sent to service and carried by the user of authenticator
For the server of business.In step 1610, the server of service provider retrieves more data from database.In step
In 1615, transaction request is sent to trading server by the server of service provider.In step 1620, when authenticator is awarded
Transaction results are then temporary returned into user, or return to new OTAC request or admission reject.
As shown in Figure 14 to Figure 16, in process of exchange, the only common name of paper tinsel and the OTAC of paper tinsel generation is used to access
Service provider.Such as credit card number or the security information of social insurance code are not disclosed.When transaction needs certification, paper tinsel
Common name (associated with its service provider) and OTAC be used as the agency of security information.This method mitigates for user
User, which needs to remember his/her all security information, to provide convenience.It also offers more preferable security, because security information
Neither third party is disclosed nor the communication channel for obtaining link service provider is disclosed.
Figure 17 is to show the authentication of multiple-factor multichannel and transaction control system according to the embodiment of the present invention
2000 block diagram.System 2000 include hand-hold electronic equipments 2102, communicated with hand-hold electronic equipments 2102 terminal 2104,
And the server 2106 of service provider.Service provider can pass through server 2106 and hand-hold electronic equipments 2102 and end
End 2104 is all communicated.System 2000 further comprises the server 2108 of hand-hold electronic equipments 2102, and the server can
Communicated with hand-hold electronic equipments 2102, the server 2106 of service provider and terminal 2104.
Hand-hold electronic equipments 2102 include but is not limited to hardware and/or the software part realized within hardware, such as have
There are the mobile phone or smart mobile phone of special-purpose software.Hand-hold electronic equipments 2102 have multiple paper tinsels, and each paper tinsel takes with one or more
The association of business provider.Hand-hold electronic equipments 2102 also have the part associated with the server 2108 of equipment.For example, handheld electronic
Equipment 2102 can also provide the functions such as scanning, networking, display bar code, execution near-field communication (NFC).
Terminal 2104 includes but is not limited to hardware and/or the software part realized within hardware.For example, terminal 2104 can
To be computer, electronic cash register system (POS) machine with web browser or possible user interface etc..Service provides
The server 2106 of business includes but is not limited to computer, processor etc., and it can safeguard database and realize pre-defined algorithm.Can
So that the server 2106 of terminal 2104 and service provider are integrated into same computer.The server 2108 of equipment and clothes
The server 2106 of business provider is similar.In one embodiment, the server 2108 of equipment (such as exists under predetermined circumstances
In the manageable personalized and binding procedure of authentication and friendship described below) work.In one embodiment, service
Device 2108 cannot participate in any processing in authentication and transaction control process.In one embodiment, server 2108
The communication channel of at least one high safety rank is provided which with server 2106.Therefore, even if other communication channels of server
Level of security it is not high, remain able to properly settle the hidden danger of secure context, because server 2106 and server 2108 are protected
Authentication and transaction control.
Figure 18 A to Figure 18 D are the schematic diagrames for showing the communication between hand-hold electronic equipments 2102 and terminal 2104.
Figure 18 A show scanning input communication (scan-in communication), wherein will be such as fast from terminal 2104
The information scanning of speed response (QR) code is to hand-hold electronic equipments 2102.Figure 18 B show scanning return communication (scan-back
Communication), wherein being back to taking the photograph for terminal 2104 from hand-hold electronic equipments 2102 by the information scanning of such as QR code
Camera 2112.The communication of both types can be combined together offer scanning-scanning communication.For example, user utilizes hand-held electricity
Sub- equipment 2102 is scanned to the bar code on terminal screen, and hand-hold electronic equipments 2102 subsequently generate corresponding bar code simultaneously
The bar code is shown on the screen of itself;Then user points to the screen of equipment 2102 video camera 2112 of terminal, the end
The bar code of the reading of end 2104 generation of equipment 2102 is simultaneously decoded.
Figure 18 C show key entry communication, wherein user by keyboard 2114 by the information input terminal from equipment 2102
2104 or the information input equipment 2102 of self terminal in future 2104.Input communication can input the combination that communicate with scanning.For example, with
Family can be scanned to the bar code on terminal screen, then will be responsive to the letter shown on device screen of the bar code
Cease input terminal.
Figure 18 D show that read/write communicates, and wherein equipment 2102 can read information from the NFC label 2116 of terminal 2104
And the information of self terminal in future 2104 writes the NFC label 2118 of itself.Similarly, terminal 2104 can be with slave unit 2102
NFC label 2118 reads information and the information from equipment 2102 is write to the NFC label 2116 of itself.NFC communication is a kind of
Communication form, it is activated in very short distance (so-called near field).Such communication can use various techniques to
Realize, such as radio, sound, infrared ray, magnetic, light (such as QR scannings).All these species all the scope of the present invention it
It is interior.
Above-mentioned communication between equipment 2102 and terminal 2104 can be one-way communication (such as scanning input communication) or double
To communication (such as scanning input and scanning return communication).The communication of these species make whole system 2000 be it is user-friendly simultaneously
The intention of user is reflected strictly according to the facts so that communication is just realized only when user is desirable for the communication.However, this area is common
It is clear for the skilled person that the communication between equipment 2102 and terminal 2104 is not limited to the above-mentioned type and form.
Figure 19 A to Figure 19 B are to show leading between hand-hold electronic equipments 2102 and the server 2106 of service provider
The schematic diagram of letter.
Equipment 2102 directly can be communicated with server 2106, as shown in Figure 19 A.The direct communication can be by setting
Standby 2102 network capabilities realizes, 2G, 3G or WIFI communication etc..The direct communication is two-way communication.
Equipment 2102 can be communicated with server 2106 indirectly by being used as the terminal 2104 of intermediate station, such as be schemed
Shown in 19B.In indirect communication, server 2106 sends instruction message to terminal 2104, and the instruction message includes terminal 2104
The message to be prepared, the encryption method of message, the destination etc. of message.Terminal 2104 sends disappearing through processing to equipment 2102
Breath.After receiving and carrying out the message of self terminal 2104, equipment 2102 generates response message and the response message simultaneously is beamed back into terminal
2104.After response message is received, terminal 2104 sends it to server 2106 or another server 2106 ', wherein,
Another server is specified by server 2106 and is typically another server of same service provider.Difference service
Device can communicated and the communication can be considered as intercommunication to each other, and the communication has gratifying safe level
Not.For example, terminal 2104 message is not decrypted, but message is sent according to instruction.Equipment 2102 and server 2106 are common
Enjoy symmetric key, it is allowed to which equipment 2102 and server 2106 are established highly safe communication channel and suitably led to each other
Letter.Therefore, even if passing through terminal 2104, the communication is still multichannel communication, being capable of effective detection attack (such as MITM
Attack).
Figure 20 is to show terminal 2104 and the server (such as server 2106 and server 2106 ') of service provider
Between communication schematic diagram.The communication synchronization between terminal and server, such as TCP/IP sockets can be made.Alternatively
Ground, the communication can be asynchronous communications, and such as JAXA is interacted.For example, terminal 2104 can have the internet for server
Communication channel.By internet, server can send information with instruction terminal 2104 to the destination that server determines.Due to being
System 2000 is integrated with the disposable code of several grades, therefore server side will recognise that any violation of instruction, such as attack
Caused violation.
Figure 21 is server (such as He of server 2106 for the server 2108 and service provider for showing equipment 2102
Server 2106 ') between communication schematic diagram.When equipment 2102 (being handled by binding) associated with service provider or solution
Association (by cancel binding handle) when, only using equipment 2102 server 2108 and service provider server 2106,
Communication between 2106 '.All services of the device server 2108 in the communication channel of high safety rank with service provider
Device is communicated.The communication of server can be high safety rank communication, and the communication during binding/cancellation binding processing can be
Realized in common communication channel.Therefore, even if assuming that attacker has invaded the communication channel, the server of equipment and service provide
The server of business can also protect the communication., can be by the communication channel between server in order to ensure the security of higher level
It is arranged to higher level of security.
According to the illustrative aspect of the present invention, there is provided a kind of multiple-factor multichannel authentication and transaction control method.
This method is described referring now to the system 2000 shown in Figure 17.
This method includes making hand-hold electronic equipments 2102 personalized (personalizing) to allow the equipment and this to set
Standby server 2108 shares at least one symmetric key.The individual character of equipment 2102 live can be realized when manufacturing equipment 2102
Change or by the way that advance personalized hardware installation is realized to equipment 2102.
Alternatively, it is personalized to be realized by the process shown in Figure 22.Software part is arranged in user
After in his/her equipment (such as smart mobile phone), the software part is not yet personalized.Therefore, do not deposited for the equipment
In the data of uniqueness.Following process can be that the equipment establishes unique data and thus makes the device personality.
First, equipment 2102 user send individualization request, the individualization request can be sent via terminal 2104 to
The server 2108 of equipment.After transactional related data (such as paying, identification etc.) is exchanged, the generation first of server 2108 is close
Key exchanges message and sends it to terminal 2104.Equipment 2102 receives first key exchange message from terminal 2104 and is based on being somebody's turn to do
First key exchanges message and generates the second cipher key exchange message.Sent directly or by terminal 2104 indirectly to server 2108
Second cipher key exchange message, this process are performed by multiple channels.Then, server 2108 is based on first key and exchanges message
One or more symmetric keys are generated with the second cipher key exchange message, and symmetric key is shared with equipment 2102.Above-mentioned steps can
To be repeated according to security requirement repeatedly.Key exchange method can be that known Diffie-Hellman keys exchange
Algorithm or similar key exchange method.In addition, although showing that QR code scans in figure, but individuation process can combine NFC
Use.
Alternatively, above-mentioned individuation process can be used for private key embedded equipment 2102 and public key be embedded in into server
2108, it can be generated according to the mandate different from server 2108 and transfer the possession of these keys.
Figure 23 A are the services of the schematic diagram for the binding procedure for showing this method, wherein equipment 2102 and service provider
Device 2106 is associated to allow equipment 2102 and server 2106 to share one or more symmetric keys.
After personalization, equipment 2102 has unique common name, and only shares and set with the server 2108 of equipment
Standby 2102 confidential information.Now, equipment 2102 needs to bind the server (such as server 2106) of service provider, afterwards
Equipment 2102 has the symmetric key shared with special services provider, and this group of symmetric key is only by equipment 2102 and server
2106 is shared.The equipment can bind any number of service provider according to applicable cases.The server 2108 of equipment can
To contribute to the binding procedure.
First, user determines the title to be presented to service provider.He/her can use the common name of equipment, or
The disposable anonymous title for the equipment can be obtained with the server 2108 of slave unit.If he/her selects to use public name
Claim or be required to use common name, then there is the potential risk for revealing his/her identity.If he/her selects to use
Disposable anonymous title, then service provider cannot reveal his/her identity.In order that with disposable anonymous title,
The step of he/her can be according to shown in Figure 23 B being described later on is operated.
Next, for example, user sends bind request by terminal 2104 to service provider.Exchanging related letter of merchandising
After ceasing (payment, identification etc.), the server 2106 of service provider asks identifier (the public name of equipment 2102
Claim or disposable anonymous title) and one or more OTAC for being generated by equipment 2102.For example, this is believed by terminal 2104
Breath is sent to server 2106.
The server 2106 of service provider further sends this information to the server 2108 of equipment.
After information is received from the server 2106 of service provider, the server 2108 of equipment determines equipment 2102
Validity.If the equipment 2102 is effective, then server 2108 sends one or more to the server 2106 of service provider
Individual binding instruction code.
The server 2106 of service provider is selected the communication key of itself and key is added based on binding instruction code
It is close.For example, encryption key is sent to equipment 2102 by terminal 2104.
After receiving and carrying out the information of self terminal, equipment 2102 is based on the symmetric key shared with the server 2108 of equipment
And the information received carries out key generation process, the key generation process includes decryption and encryption of several types etc..At this
After individual process, equipment 2102 shares symmetric key with service provider.
Alternatively, equipment 2102 can will confirm that message beams back service provider indirectly directly or through terminal 2104
Server 2106.
Above-mentioned steps can repeat according to security requirement.
After the server 2106 of equipment 2102 and service provider shares symmetric key, binding procedure is completed.To
The encryption method that information uses during being transferred to equipment 2102 from server 2106 can any force decryption method.Example
Such as, inputted if necessary to typing, it is possible to encrypted using form is retained.Under any circumstance, by information from server 2106
During being transferred to equipment 2102, even if encryption is not implemented, the communication is also safe.
Alternatively, said process can be used for private key embedded equipment 2102 and for public key to be embedded in into service provider's
Server 2106.This can be transferred the possession of according to the mandate that server 2108 selects to private key and public key (commonly referred to as digital certificate).
Figure 23 B show that the server 2108 of slave unit obtains the process of disposable anonymous title so that the identity of user
Kept for special services provider anonymous.
First, user sends request to the server 2108 of equipment.To transaction related information (payment, certification etc.)
After carrying out a wheel or more wheel exchanges, the server 2108 of equipment is disposable anonymous for equipment generation and saves it in number
According in storehouse.The anonymous title is effective in the given time.
Equipment 2102 receives the message from server 2108 and according to instruction pair embedded in message by terminal 2104
Data are handled.Afterwards, will disposable anonymous title insertion equipment 2102.Equipment 2102 can be retrieved hide in the given time
Name title.
Figure 24 is the schematic diagram for showing authentication procedures.Successfully bind service provider after, equipment 2102 with
Service provider's shared secret information, the confidential information by hardware and software carry out safekeeping, and do not use externally or
Do not transferred the possession of in any form.
First, for example, user is sent out by terminal 2104 using first communication channel to the server 2106 of service provider
Send certification request.
After request is received, the server 2106 of service provider generates instruction message and sends it to terminal
2104, the terminal includes the instruction for equipment 2102.Sent by terminal 2104 using first communication channel to equipment 2102
The instruction message.First communication channel can be any information communication channel, internet, phone, private network etc..For example,
Server 2106 can produce QR code and send the code to terminal 2104;Equipment 2102 can read code from terminal.
Equipment 2102 generates response message based on instruction message and believed by the second communication different from first communication channel
The response message is sent to server 2106 by road.For example, response message can include Service Ticket, such as user name, once
Property password or generate disposal password condition.For example, response message can be generated by carrying out processing to QR code.
After response message is received, server 2106 carries out multichannel multiple-factor certification.Server 2106 can be based on
Service Ticket generates certification message, then sends the certification message to terminal 2104 to activate the terminal.For example, based on two
The individual factor is authenticated.The factor 1 represents that only the user with the equipment could generate message;The factor 2 represents only to know spy
Message could be generated by determining the user of message (knowledge).It is authenticated based on multiple channels:Service provider and terminal 2104
Between a channel, the one other channel between equipment 2102 and service provider, as shown in Figure 19 A to Figure 19 B.If any must
Will (such as, higher security requirement, attack suspect or be intended to more new key), can repeat produce response message and
The step of response message being sent to service provider.
Figure 25 is the schematic diagram for the transaction control process for showing this method.Equipment 2102 can have private key, and service carries
There can be public key for business, the two keys are referred to as digital certificate.Private/public key algorithm goes for control of merchandising, example
Such as it is used to manage transaction record, such as digital signature.
Completed assuming that being merchandised after authentication, user sends transaction record request.The server of service provider
2106 send a kind of list, such as Transaction Information list to terminal 2104.It is required that user with Transaction Information (such as to third party's branch
Pay) fill in the list.User fills in list with transactional related data and sends it back to server 2106 by terminal 2104.
Server 2106 is from the receive information of terminal 2104 and primarily determines that validity, and instruction message is beamed back into terminal 2104
To ask to confirm.
After instruction message is received, equipment 2102 generates response message and is beamed back the response message by multiple channels
Server 2106.
Once slave unit 2102 receives response message, with regard to carrying out 2 factor checkings, the wherein factor 1 represents only server 2106
There is the user with the equipment to generate message;The factor 2 represents only to know that the user of particular message could generate message.It is logical
Multiple channels are crossed to be verified:A channel between service provider and terminal, it is another between equipment and service provider
Individual channel.
(such as, more new key is suspected or is intended in higher security requirement, attack) if necessary, can repeat just
The step of step determines, generates response message and send response message by multiple channels.
(such as, regulations compliance etc.) if necessary, in above-mentioned steps, can generate user digital signature and by its
Send to service provider.For example, in the step of generating response message, it can be generated and be based on according to the instruction of service provider
The message of symmetric key and/or unsymmetrical key.
Figure 26 is the schematic diagram for showing the process for cancelling apparatus bound with service provider according to this method.Some
In the case of, for example, when equipment 2102 is lost or the user of equipment intends to stop using equipment for all service providers,
Ask and carry out cancellation binding procedure.The cancellation binding procedure avoids the complicated processes for individually contacting all service providers.Cancel
Binding procedure further allows user out of service.
First, for example, user sends request by terminal 2104 to the server 2108 of equipment 2102.In this stage,
Necessary transaction step (payment transaction etc.) is completed, and authentication is completed by alternative mean.In this stage, service
Device 2108 further determines that all service providers related to the equipment or with equipment record.
Then, server 2108 is sent to all service providers cancels bind request, and equipment 2102 carries with all services
For business, associated and its server 2108 has record (for anonymous communication, not recording).Then, the clothes of service provider
Business device determines whether that cancellation binding procedure should be carried out.If carried out, the server of service provider passes through respective server
With the de-association of equipment 2102 symmetric key is shared to terminate with equipment 2102.
Figure 27 is to show the one side according to this method, bind equipment and one or more service providers again
Process schematic diagram.For example, user loses his/her equipment and the equipment and all service providers is cancelled into binding with true
Guarantor can not further be merchandised.He/her obtains new equipment and intends to provide the equipment and all previous services later
Business binds together.By binding procedure again, simultaneously equipment and all service providers can be bound again.
First, user selects terminal (such as terminal 2104), and binding procedure again can be carried out by the terminal.User is led to
Cross terminal and send bind request again to the server 2108 of equipment.In necessary step (payment transaction etc.) and pass through
After alternative mean (because user no longer has previous equipment) certification, individuation process will be carried out to allow equipment 2102
Share one group of symmetric key with server 2108, this group key can with carried out before cancelling binding processing it is personalized previous
Symmetric key is identical or different.
After personalization, the process of all previous service providers is bound in beginning again.The server of equipment 2102
2108 send bind request again to all service providers, and equipment is associated with all service providers and its server 2108
Hold the record and (for anonymous communication, do not record).The server of service provider determines whether to carry out binding procedure again.
If service provider determines to bind again, its server is carried out the binding step shown in Figure 23 A, and generates
Encryption information.Send this information to public service computer 2110.Similarly, all service providers send information to together
One service computer 2110.After all information are received from service provider, server 2108 of the service computer to equipment
Send notice and server 2108 sends corresponding notice to equipment 2102.
After server 2108 is notified, user is communicated by terminal 2104 with service computer 2110.
For example, all binding informations again displayed on the terminals.Then, all binding informations again are obtained for locating by equipment 2102
Reason, this to share one group of symmetric key between equipment 2102 and the server of service provider.User, which can also will confirm that, to disappear
Breath beams back the server of service provider.In one embodiment, above-mentioned steps are carried out by multiple channels.
System according to one aspect of the invention and method can follow the steps below:Individual character is carried out to hand-hold electronic equipments
Change, equipment and any selected service provider are bound together, authentication being carried out using any service provider, using appointing
Meaning service provider controls transaction, the anonymity for keeping equipment to any service provider in certification and transaction control process, set
It is standby collectively to cancel binding (such as in the case of device losses) with service provider and equipment and all services are provided
Business collectively binds again.
Figure 28 shows data handling system 3000 according to a further aspect of the invention.System 3000 is combined with equipment 2102
Controlled using to carry out the authentication of multiple-factor multichannel or transaction.System 3000 includes and transport module 3300 and reception mould
Personality module 3100, binding module 3200 and the processing module 3500 that block 3400 is communicated.The quilt of personality module 3100
It is configured to make the server 2108 of equipment 2102 and equipment personalized, so that equipment and server are shared one or more symmetrical close
Key.Binding module 3200 be configured as binding together the server 2106 of equipment 2102 and service provider so as to equipment and
Server 2106 shares symmetric key.Transport module 3300 is configured as peripheral device and sends message, such as to server
2106 send authentication or transaction control data.Receiving module is configured as receiving message from ancillary equipment, such as from service
The server 2106 of provider receives instruction message.Processing module 3500 is configured as the instruction message generation response based on reception
Message.Response message is sent to the server 2106 of service provider to carry out the authentication of multichannel multiple-factor or transaction
Control.System 3000 can include one or more processors or similar device so as to one or more moulds of execution system 3000
Block.
Figure 29 shows data handling system 4000 according to a further aspect of the invention.System 4000 is with service provider's
Server 2106 is combined to carry out the authentication of multiple-factor multichannel and/or transaction control.System 4000 is included with connecing
The binding module 4100 and processing module 4300 that receipts module 4200 and transport module 4400 are communicated.The quilt of binding module 4100
It is configured to server 2106 being tied to equipment 2102 to allow server and collaborative share one or more symmetric key, should
Symmetric key is shared between equipment 2102 and the server 2108 of equipment 2102.Receiving module 4200 is configured as setting from periphery
Standby to receive message, such as slave unit 2102 receives authentication or transaction control data.Processing module 4300 is configured as receiving
Instruction message is generated after to the request from equipment.Transport module 4400 is configured as peripheral device and sends message, such as
Instruction message is sent to equipment 2102.Receiving module 4200 receives the response message generated by equipment 2102 based on instruction message.
Processing module 4300 is additionally configured to carry out the authentication of multichannel multiple-factor or transaction to equipment based on the response message of reception
Control.System 4000 can include one or more processors or similar device so as to one or more moulds of execution system 4000
Block.
All these processes are all carried out according to multiple-factor multichannel mode.In an embodiment of the invention, except individual
Property, binding, cancel binding and bind again outside step, the step of authentication and transaction control can only in equipment and
Carried out between service provider, be not related to third party.Therefore, need not centralization clothes in authentication and transaction control process
Business device.Centralized server makes it difficult to that whole system is adjusted and running cost is expensive, weakens service provider couple
The management of the information and privacy of consumer.The server of equipment is only needed to bind and bound again to help to bind, cancel
Journey, during this period, such as by keeping the anonymous ID come safekeeping user.The advantages of illustrative embodiments of the present invention, is extremely
Small part is in needing in authentication and process of exchange and not always third party.
Figure 30 is the block diagram for showing payment system 5000 according to an illustrative embodiment of the invention.Payment system
5000 include electronic equipment 5200, and the electronic equipment is typically hand-hold electronic equipments used in personal buyer.Electronic equipment
5200 include but is not limited to hardware and/or the software part realized within hardware, mobile phone or intelligence such as with special-purpose software
Can mobile phone.For example, electronic equipment 5200 can also provide the work(such as scanning, networking, display bar code, execution near-field communication (NFC)
Energy.
In electronic transaction process, electronic equipment 5200 and the server 5400 of from the businessman to consumer's items for merchandising are carried out
Communication.For example, electronic equipment 5200 can be communicated by multichannel communication with the server of multiple businessmans.It is previously right
Transaction control between the certification of electronic equipment 5200 and equipment 5200 and server 5400 is discussed.
The server 5400 of businessman includes but is not limited to computer, processor etc., and it can safeguard database and realize
Pre-defined algorithm.For example, businessman can be online sales website, such asOrBuyer select it is a kind of or
After various article and order have selected article, the server 5400 of businessman can generate code, such as quick response (QR) code, and
The code is sent to terminal 5600 by first communication channel.Channel can be any information communication channel, such as internet,
Private network etc..The code is based on transaction related information and Business Information is formed.Transaction related information is including but not limited to selected
Article is identified, confirmed after the addressee of the price of selected article, selected article, the Shipping Address of selected article and delivery
Recipient of message etc..Business Information include but is not limited to one or more identity of businessman, businessman description and have
The signature of the symmetric key of businessman and payment door (will be described later).
Terminal 5600 includes but is not limited to hardware and/or the software part realized within hardware.For example, terminal 5600 can
To be computer, electronic cash register system (POS) machine with web browser or similar user interfaces etc..For example, electronics
Communication between equipment 5200 and terminal 5600 can be scanning input communication, pass through electronic equipment 5200 using this communication
Video camera 5210 scans QR code to hand-hold electronic equipments 5200 from terminal 2104.
Electronic equipment 5200 includes transceiver 5220, and the QR code that transceiver reception is scanned by video camera 5210 simultaneously should
Code transfer is to processor 5230.Processor 5230 is processed for retrieval transaction relevant information to QR code and in display
The transaction related information is shown on screen 5240.Transaction related information includes but is not limited to the identifying of selected article, selected thing
Recipient of confirmation message etc. after the price of product, the addressee of selected article, the Shipping Address of selected article and delivery.Inspection
Rope to information can be textual form or code form, as long as the information that buyer is appreciated that.For example, the letter that will be retrieved
Breath is shown on indicator screen 5240, is easy to buyer's visual verification transaction related information so that the business that can be wanted to buyer
The transaction related information of product is verified.
If buyer determines that All Activity relevant information is all accurate and determines to continue as selected pay, then buys
The button that square can is for example shown by touching on screen 5240 starts payment process.Alternatively, buyer can be by defeated
Enter some codes specially designed or perform biological characteristic input to start payment process so that may insure selected article is to buy
Side intend buy and ensure to be incorporated to an extra safe floor.As response, shown on screen 5240 user interface 5250 with
Just buyer selects payment options from multiple grace payment options.For example, payment options include but is not limited to Credit Card Payments,
Debit payments, Third-party payment, bank transfer payment and small amount bill payment etc..Based on Transaction Information and selected payment
Option, processor 5230 generate payment message, and the payment message includes first paragraph and second segment.
First paragraph includes the first paragraph relevant with selected payment options, and second segment is including buyer with selected payment options phase
The relevant information of the account data of pass.If for example, buyer's chosen credit card payment option, the first paragraph of payment message
It is generated as being generated as instruction with the identifier corresponding to credit card payment option and second segment and being previously stored in data
The credit card of buyer in storehouse 5260.
Payment message is sent to payment door 5800 by transceiver 5220.Between equipment 5200 and payment door 5800
Communication is carried out by the second communication channel.Multichannel communication method has been discussed in advance.For example, the second communication channel
First communication channel between the server 5400 and electronic equipment 5200 of businessman is different.Door 5800 includes but is not limited to
Computer etc., it can safeguard database and realize pre-defined algorithm.Door 5800 and such as PE 1-PE N multiple participation entities
(PE) server is communicated.Each participated in entity is at least one associated with multiple grace payment options.
For example, it can be any appropriate participation financial institution to participate in entity, such as bank, credit card company, Third-party payment mechanism
And small amount bill payment mechanism etc..For example, PE 1 is credit card company, PE 2 is bank, and PE 3 is Third-party payment mechanism.
Door 5800 receives payment message by transceiver 5810.Transceiver 5810 sends payment to processor 5820 and disappeared
Breath.First paragraph of the processor 5820 based on payment message, select the suitable participation entity related to selected payment options.For example,
Processor 5820 from first paragraph searching mark accord with and by the identifier and be stored in database 5830 participation entity mark
Symbol is compared, to select the participation entity related to selected payment options.For example, if selected payment options are credits card
Payment options, processor 5820 select PE 1, and PE 1 is the credit card company related to buyer.
Once have selected participation entity, processor 5820 would indicate that transceiver 5810 sends payment message to entity is participated in
Second segment.After being authenticated to door 5800, selected participation entity is processed for really to the second segment of payment message
Whether the fixed buyer account related to selected payment options be effective.If account is effective, selected participation entity generation represents will be logical
Cross the instruction message that the payment options selected by buyer are paid the bill.Otherwise, selected participation entity generation expression can not pass through buyer
The instruction message that selected payment options are paid the bill.
Door 5800 receives instruction message and the further clothes by third communication channel to businessman by transceiver 5810
Business device 5400 sends instruction message.For example, between third communication channel and the server of businessman 5400 and electronic equipment 5200
First communication channel and electronic equipment 5200 and the second communication channel paid between door 5800 are different.For example, in businessman
Server 5400 receive instruction message after, Money transfer will occur for clearinghouse.
Certification between electronic equipment 5200 and door 5800 is described as follows.Payment message includes making for paying door 5800
First sub- message MPO1 and the second sub- message MPE used for the PE related to paying door.Door 5800 is based on the
One sub- message MPO1 is authenticated to electronic equipment 5200, if certification success, door 5800 just send the second sub- message to PE
MPE.First sub- message MPO1 is that the transaction related information based on commodity, the description of businessman, PE relevant informations (such as have with bank
The information of pass), there is the signature of symmetric key of electronic equipment and door and the unique identifier of buyer formed.Second son
Message MPE be the description based on businessman, PE relevant informations, the buyer account information related to PE encryption and, alternatively, buyer
Digital signature (if PE require) formed.
For the certification of electronic equipment 5200, several symmetric keys are established between electronic equipment 5200 and door 5800,
This process has been discussed in advance.Symmetric key is the foundation for carrying out 2 factor authentications.In addition, buyer can have
The unique identifier do not shared with door, such as password or fingerprint.PE public key can be utilized to the account related to PE of buyer
Family information is encrypted or can be encrypted by other preferable known methods of PE.
Alternatively, electronic equipment 5200 and PE can equally share symmetric key.In advance to sharing symmetric key
Foundation is discussed.The digital signature in the second of payment message the sub- message is generally obtained by public and private key pair.However,
Digital signature can be obtained by other preferable known methods of PE.
The instruction message that PE is sent to the server 5400 of businessman by door 5800 includes payment arrangement message, the payment
Protocol message includes the second son that the first sub- message MPO2 used for door 5800 and the server 5400 for businessman use
Message MME.In communication process, door 5800 is authenticated based on the first sub- message MPO2 to PE.If certification success, door
5800 just send the second sub- sub- message MPO1 of message MME and first of payment message to the server 5400 of businessman.Second son
Message MME is the description based on businessman, buyer's relevant information, PE relevant informations, payment related information, payment arrangement and PE label
What name was formed.First sub- message MPO2 is formed based on the signature with the symmetric key shared between PE and door 5800
's.The foundation that symmetric key is shared between PE and door 5800 is discussed in advance.
Can be by transceiver 5220, processor 5230, user interface 5250 and database 5260 is incorporated to and electronic equipment
5200 data handling systems being used in combination.Transceiver 5810, processor 5820 and database 5830 can be incorporated to and propped up
Pay the data handling system that door is used in combination.
Figure 31 is to show the permission buyer of embodiment according to a further aspect of the invention using electronic equipment to from business
The flow chart for the method that the one or more articles of family's there selection are paid.
In step 6100, the code for the transaction related information for representing related to selected article is received by electronic equipment.
In step 6200, the retrieval transaction relevant information from code.In step 6300, transaction related information is verified.In step 6400
In, select at least one payment options from multiple grace payment options.In step 6500, based on transaction related information and branch
Pay option generation payment message.The payment message includes representing the first paragraph of payment options and represents buyer's and payment options
The second segment of related account data.In step 6600, branch is sent to the payment door to be communicated with multiple participation entities
Pay message.Each participated in entity is at least one related in multiple grace payment options.
Figure 32 be show the permission buyer of embodiment according to a further aspect of the invention by with multiple participation entities
The payment door to be communicated is to the flow chart of the method paid from the one or more articles of businessman there selection.Participate in
Each in entity is at least one related in multiple grace payment options.
In step 7100, payment message is received by payment door.Payment message includes representing buyer from multiple predetermined branch
Pay the first paragraph of payment options selected in option and represent the of the account data related to selected payment options of buyer
Two sections.In step 7200, the first paragraph based on payment message selects the participation entity related to selected payment options.In step
In 7300, the second segment of payment message is sent to verify the account related to selected payment options of buyer to selected participation entity
Family.In step 7400, from the selected instruction message for participating in entity and receiving the validity based on buyer account and being generated.In step
In 7500, instruction message is sent to the server of businessman.
Embodiments of the present invention have some advantages.For example, the accounts information of buyer is preserved on an electronic device simultaneously
Selected thereon, and be not preserved in and pay on door, this makes electronic fare payment system safer.In addition, door has extension
Its ability being connected with multiple participation entities.Therefore, buyer has a variety of payment options.
Various aspects of the invention may be implemented as program, software or to be embedded into computer or machine available or readable
The computer instruction of medium, when it is being performed on computer, processor and/or machine, computer or machine is set to perform and be somebody's turn to do
The step of method.Additionally provide and truly realize the executable programmed instruction of machine to perform institute in various functions and the present invention
The machine readable program storage device for the method stated.
The systems and methods of the present invention either can be realized or transported on dedicated computer system in all-purpose computer
OK.Computer system can be known any type or will known system, and processor can be generally included, deposited
Reservoir, storage device, input-output apparatus, internal bus, and/or for combining communication hardware and software etc. and other calculating
Communication interface that machine system is communicated etc..
Computer program product can include can data storage and/or computer instruction, such as can be by computer, machine
Any tangible or tangible media that device etc. reads and/or performed.Example can include but is not limited to memory and (such as deposit at random
Access to memory (RAM), read-only storage (ROM) etc.), CD, optical storage apparatus and other devices.
The term " computer system " that may be used in the present invention and " computer network " can include fixed and/or portable
Formula computer hardware, software, the multiple combinations of peripheral hardware and storage device.Computer system can include networking or connect to cooperate
The multiple separate parts performed, or one or more individual components can be included.The computer system hardware of the application and soft
Part part can include and may be embodied in such as fixation and portable equipment of desktop computer, notebook, server.Module can
Be equipment, software, program or realize " function " system part, it may be implemented as software, hardware, solid
Part, circuit etc..
Embodiments described above is illustrative example, and be should not be construed specific the present invention is limited to these
Embodiment.Therefore, in the case of without departing substantially from the spirit and scope of the present invention defined in the appended claims, the skill of this area
Art personnel can make various changes and modifications.
Claims (16)
1. a kind of carrying out user equipment described in the authentication of multiple-factor multichannel and process of exchange to user equipment to service
Provider keeps anonymous method, wherein, the user use by terminal communicated with the server of equipment described in set
Standby, methods described includes:
Received and asked from the equipment by the terminal;
With the devices exchange transactional related data;
Disposable anonymous identifier is generated for the equipment, the disposable anonymous identifier is effective in the given time;With
And
The disposable anonymous identifier, disposable anonymous identifier energy within the scheduled time are sent to the equipment
It is enough to be obtained by the equipment.
2. the method according to claim 11, wherein, after the disposable anonymous identifier is sent to the equipment,
Also include:
The equipment and the server of the service provider are bound, to allow the equipment to be provided with the service
The server of business shares at least one symmetric key.
3. according to the method for claim 2, wherein, tied up by the equipment and the server of the service provider
Before fixed, in addition to:
The personalization of the equipment is realized by manufacturing equipment;It is and/or hard by installing predetermined personalization on said device
The mode of part realizes the personalization of the equipment.
4. according to the method for claim 3, wherein, tied up by the equipment and the server of the service provider
After fixed, in addition to:
The authentication of multichannel multiple-factor and transaction verification are carried out to the equipment by the server of the service provider.
5. according to the method for claim 4, wherein, the equipment is carried out by the server of the service provider more
The authentication of channel multiple-factor and transaction verification include:
Certification request is sent to the server of the service provider using first communication channel by the terminal;
Instruction message is sent to the equipment using the first communication channel by the terminal;
The equipment is based on instruction message generation response message, and logical by second different from the first communication channel
The response message is sent to the server of the service provider by letter channel, wherein, the server of the service provider
The authentication of multichannel multiple-factor and transaction verification are carried out according to the response message.
6. the method according to claim 11, wherein,
The authentication of multichannel multiple-factor and transaction verification bag are carried out to the equipment by the server of the service provider
Include:It is authenticated based on two factors, is authenticated based on two channels, wherein, two factors include:One represents only
The factor I of message could be generated by stating equipment, and another expression only knows that the equipment of particular message could generate the of message
Two-factor;Two channels include:One first communication channel between the server of the service provider and the equipment,
Another is the second communication channel between the server of the service provider and the terminal.
7. the method according to any one of claim 2 to 6, wherein, in addition to:
Perform the cancellation bindings of the server and the equipment to the service provider.
8. according to the method for claim 7, wherein, performing server and the equipment to the service provider
After cancelling bindings, in addition to:
Perform the bindings again of the server and the equipment to the service provider.
9. a kind of computer program product being used together with computer, the computer program product includes recording to have thereon making
The computer performs the user in the authentication of multiple-factor multichannel and process of exchange and keeps anonymous place to service provider
The computer-readable recording medium of the computer executable program of reason, wherein, the user uses the clothes by terminal and equipment
The equipment that business device is communicated, the processing include:
Received and asked from the equipment by the terminal;
With the devices exchange transactional related data;
Disposable anonymous identifier is generated for the equipment, the disposable anonymous identifier is effective in the given time;With
And
The disposable anonymous identifier, disposable anonymous identifier energy within the scheduled time are sent to the equipment
It is enough to be obtained by the equipment.
10. a kind of method that multichannel certification is carried out to user, wherein, the user is used by terminal and service provider
The equipment that server is communicated, methods described include:
The equipment receives the instruction message sent from the server by the terminal;
The equipment is based on the instruction message and by the shared at least one symmetric key of the equipment and the server
Generate response message;
The equipment sends the response message to the terminal;And
The terminal sends the response message to the predetermined destination of the server.
11. according to the method for claim 10, wherein, the instruction message includes:The destination of the response message, life
Into the mode of the response message and the mode of the transmission response message.
12. a kind of computer program product being used together with computer, the computer program product, which includes record thereon, to be had
Make the computer-readable of the computer executable program for the processing that the computer is authenticated according to multichannel mode to user
Storage medium, wherein, the user uses the equipment to be communicated by terminal with the server of service provider, the processing
Including:
The equipment receives the instruction message sent from the server by the terminal;
The equipment is based on the instruction message and by the shared at least one symmetric key of the equipment and the server
Generate response message;
The equipment sends the response message to the terminal;And
The terminal sends the response message to the predetermined destination of the server.
13. a kind of method that multichannel certification is carried out to user, wherein, the user use with the server of service provider with
And the equipment that terminal is communicated, methods described include:
The equipment sends certification request by first communication channel to the server;
The equipment is received by the first communication channel to be disappeared by the server based on the instruction that the certification request generates
Breath;
The equipment sends the Service Ticket based on the instruction message by the second communication channel to the server, and described the
Two communication channels are different from the first communication channel;And
The terminal receives the certification message generated by the server based on the Service Ticket.
14. a kind of computer program product being used together with computer, the computer program product, which includes record thereon, to be had
The computer is performed the computer of the computer executable program of the processing of certification to user according to multichannel mode can
Storage medium is read, wherein, the user uses the equipment to be communicated with the server and terminal of service provider, the place
Reason includes:
The equipment sends certification request by first communication channel to the server;
The equipment is received by the first communication channel to be disappeared by the server based on the instruction that the certification request generates
Breath;
The equipment sends the Service Ticket based on the instruction message by the second communication channel to the server, and described the
Two communication channels are different from the first communication channel;And
The terminal receives the certification message generated by the server based on the Service Ticket.
15. a kind of method that multichannel certification is carried out to user, wherein, the user use with the server of service provider with
And the equipment that terminal is communicated, methods described include:
The server is received from the equipment by first communication channel and asked;
The server is based on certification request generation instruction message and sent out by the first communication channel to the equipment
Send the instruction message;
The server receives Service Ticket, second communication channel and described the by the second communication channel from the equipment
One communication channel is different;And
The server is based on Service Ticket generation certification message and sends the certification message to the terminal.
16. a kind of computer program product being used together with computer, the computer program product, which includes record thereon, to be had
The computer is performed the computer of the computer executable program of the processing of certification to user according to multichannel mode can
Storage medium is read, wherein, the user uses the equipment to be communicated with the server and terminal of service provider, the place
Reason includes:
The server is received from the equipment by first communication channel and asked;
The server is based on certification request generation instruction message and sent out by the first communication channel to the equipment
Send the instruction message;
The server receives Service Ticket, second communication channel and described the by the second communication channel from the equipment
One communication channel is different;And
The server is based on Service Ticket generation certification message and sends the certification message to the terminal.
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/229,219 US20120066501A1 (en) | 2009-03-17 | 2011-09-09 | Multi-factor and multi-channel id authentication and transaction control |
US13/229,219 | 2011-09-09 | ||
US201161544800P | 2011-10-07 | 2011-10-07 | |
US61/544,800 | 2011-10-07 | ||
CN201210333647.7A CN103116842B8 (en) | 2011-09-09 | 2012-09-10 | Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210333647.7A Division CN103116842B8 (en) | 2011-09-09 | 2012-09-10 | Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107730256A true CN107730256A (en) | 2018-02-23 |
CN107730256B CN107730256B (en) | 2022-01-04 |
Family
ID=48415207
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710943287.5A Active CN107730256B (en) | 2011-09-09 | 2012-09-10 | Multi-factor multi-channel ID authentication and transaction control and multi-option payment system and method |
CN201210333647.7A Active CN103116842B8 (en) | 2011-09-09 | 2012-09-10 | Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method |
CN201710943700.8A Active CN107730240B (en) | 2011-09-09 | 2012-09-10 | Multi-factor multi-channel ID authentication and transaction control and multi-option payment system and method |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210333647.7A Active CN103116842B8 (en) | 2011-09-09 | 2012-09-10 | Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method |
CN201710943700.8A Active CN107730240B (en) | 2011-09-09 | 2012-09-10 | Multi-factor multi-channel ID authentication and transaction control and multi-option payment system and method |
Country Status (1)
Country | Link |
---|---|
CN (3) | CN107730256B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110969555A (en) * | 2018-09-30 | 2020-04-07 | 上海柠睿企业服务合伙企业(有限合伙) | Multilevel information auditing method, device, system, terminal, server and medium |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104021473A (en) * | 2014-05-30 | 2014-09-03 | 刘劲彤 | Safe payment method of visual financial card |
CN107251063A (en) | 2014-12-24 | 2017-10-13 | 斯威夫特有限公司 | System and method for promoting goods to provide |
KR102371943B1 (en) | 2015-02-24 | 2022-03-08 | 삼성전자 주식회사 | Handheld electronic device capable of magnetic field communication and payment method using the same |
US10769622B2 (en) * | 2015-03-25 | 2020-09-08 | Facebook, Inc. | User communications with a merchant through a social networking system |
US10489768B2 (en) * | 2015-12-30 | 2019-11-26 | Visa International Service Association | Keyboard application with third party engagement selectable items |
EP3349410B1 (en) * | 2017-01-11 | 2021-03-10 | Tata Consultancy Services Limited | Method and system for executing a transaction request using a communication channel |
TWI674542B (en) * | 2018-10-23 | 2019-10-11 | 臺灣行動支付股份有限公司 | Mobile payment transaction system and data processing method thereof without transaction winding operation |
FI20195236A1 (en) * | 2019-03-27 | 2020-09-28 | Liikennevirta Oy / Virta Ltd | Methods, apparatuses and computer program products for requesting user authorization and responding to requested user authorization for electric vehicle charging sessions |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1897027A (en) * | 2005-04-08 | 2007-01-17 | 富士通株式会社 | Authentication services using mobile device |
WO2007067349A1 (en) * | 2005-12-06 | 2007-06-14 | Boncle, Inc. | Single one-time password token with single pin for access to multiple providers |
CN101606173A (en) * | 2006-10-12 | 2009-12-16 | 彼得·A·夏皮罗 | The method and system of making anonymous on-line purchases |
US20100125635A1 (en) * | 2008-11-17 | 2010-05-20 | Vadim Axelrod | User authentication using alternative communication channels |
CN101841418A (en) * | 2009-03-17 | 2010-09-22 | 熊楚渝 | Handheld multiple role electronic authenticator and service system thereof |
CN101867587A (en) * | 2010-07-09 | 2010-10-20 | 北京交通大学 | Anonymous authentication method and system |
CN101894424A (en) * | 2009-05-21 | 2010-11-24 | 北京西阁万投资咨询有限公司 | Trading card processing system and method for improving safety |
CN102006271A (en) * | 2008-09-02 | 2011-04-06 | F2威尔股份有限公司 | IP address secure multi-channel authentication for online transactions |
CN102045163A (en) * | 2009-10-15 | 2011-05-04 | 中兴通讯股份有限公司 | Source-tracing method and system for anonymous communication |
CA2731462A1 (en) * | 2010-02-10 | 2011-08-10 | Authernative, Inc. | System and method for in- and out-of-band multi-factor server-to-user authentication |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1107198B1 (en) * | 1999-11-30 | 2007-01-10 | Citibank, Na | System and method for performing an electronic transaction using a transaction proxy with an electronic wallet |
GB0323693D0 (en) * | 2003-10-09 | 2003-11-12 | Vodafone Plc | Facilitating and authenticating transactions |
US8996423B2 (en) * | 2005-04-19 | 2015-03-31 | Microsoft Corporation | Authentication for a commercial transaction using a mobile module |
US8245292B2 (en) * | 2005-11-16 | 2012-08-14 | Broadcom Corporation | Multi-factor authentication using a smartcard |
US7814311B2 (en) * | 2006-03-10 | 2010-10-12 | Cisco Technology, Inc. | Role aware network security enforcement |
EP1978477A3 (en) * | 2006-07-06 | 2011-03-02 | Firethorn Holdings, LLC | Methods and systems for making a payment via a stored value card in a mobile environment |
US8051297B2 (en) * | 2006-11-28 | 2011-11-01 | Diversinet Corp. | Method for binding a security element to a mobile device |
CN101271561A (en) * | 2008-05-16 | 2008-09-24 | 腾讯科技(深圳)有限公司 | Electronic commerce trade method and system |
CN101770619A (en) * | 2008-12-31 | 2010-07-07 | ***股份有限公司 | Multiple-factor authentication method for online payment and authentication system |
GB2466810A (en) * | 2009-01-08 | 2010-07-14 | Visa Europe Ltd | Processing payment authorisation requests |
-
2012
- 2012-09-10 CN CN201710943287.5A patent/CN107730256B/en active Active
- 2012-09-10 CN CN201210333647.7A patent/CN103116842B8/en active Active
- 2012-09-10 CN CN201710943700.8A patent/CN107730240B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1897027A (en) * | 2005-04-08 | 2007-01-17 | 富士通株式会社 | Authentication services using mobile device |
WO2007067349A1 (en) * | 2005-12-06 | 2007-06-14 | Boncle, Inc. | Single one-time password token with single pin for access to multiple providers |
CN101606173A (en) * | 2006-10-12 | 2009-12-16 | 彼得·A·夏皮罗 | The method and system of making anonymous on-line purchases |
CN102006271A (en) * | 2008-09-02 | 2011-04-06 | F2威尔股份有限公司 | IP address secure multi-channel authentication for online transactions |
US20100125635A1 (en) * | 2008-11-17 | 2010-05-20 | Vadim Axelrod | User authentication using alternative communication channels |
CN101841418A (en) * | 2009-03-17 | 2010-09-22 | 熊楚渝 | Handheld multiple role electronic authenticator and service system thereof |
CN101894424A (en) * | 2009-05-21 | 2010-11-24 | 北京西阁万投资咨询有限公司 | Trading card processing system and method for improving safety |
CN102045163A (en) * | 2009-10-15 | 2011-05-04 | 中兴通讯股份有限公司 | Source-tracing method and system for anonymous communication |
CA2731462A1 (en) * | 2010-02-10 | 2011-08-10 | Authernative, Inc. | System and method for in- and out-of-band multi-factor server-to-user authentication |
CN101867587A (en) * | 2010-07-09 | 2010-10-20 | 北京交通大学 | Anonymous authentication method and system |
Non-Patent Citations (1)
Title |
---|
赵莉等: "《电商务概论》", 28 February 2009, 华中科技大学出版社 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110969555A (en) * | 2018-09-30 | 2020-04-07 | 上海柠睿企业服务合伙企业(有限合伙) | Multilevel information auditing method, device, system, terminal, server and medium |
Also Published As
Publication number | Publication date |
---|---|
CN103116842B8 (en) | 2018-01-19 |
CN107730240A (en) | 2018-02-23 |
CN103116842A (en) | 2013-05-22 |
CN107730240B (en) | 2021-03-26 |
CN107730256B (en) | 2022-01-04 |
CN103116842B (en) | 2017-11-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11880815B2 (en) | Device enrollment system and method | |
CN103116842B (en) | Multiple-factor multi-channel id authentication and transaction control and multi-option payment system and method | |
US11423452B2 (en) | Systems and methods for establishing identity for order pick up | |
US20110103586A1 (en) | System, Method and Device To Authenticate Relationships By Electronic Means | |
US20160125403A1 (en) | Offline virtual currency transaction | |
US20120231844A1 (en) | System and device for facilitating a transaction by consolidating sim, personal token, and associated applications for electronic wallet transactions | |
JP7483688B2 (en) | System and method for cryptographic authentication of contactless cards - Patents.com | |
US20120101951A1 (en) | Method and System for Secure Financial Transactions Using Mobile Communications Devices | |
CN101770619A (en) | Multiple-factor authentication method for online payment and authentication system | |
WO2010105331A1 (en) | System and method for cardless secure on-line credit card/debit card purchasin | |
US11182785B2 (en) | Systems and methods for authorization and access to services using contactless cards | |
US20130066772A1 (en) | Multi-factor and multi-channel id authentication and transaction control and multi-option payment system and method | |
US20230062507A1 (en) | User authentication at access control server using mobile device | |
CN108780547B (en) | Proxy device for representing multiple certificates | |
US11812260B2 (en) | Secure offline mobile interactions | |
WO2023064086A1 (en) | Efficient and protected data transfer system and method | |
CA2658661A1 (en) | System and method for cardless secure on-line credit card/debit card purchasing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20200818 Address after: High tech Zone Gaopeng road in Chengdu city of Sichuan province in 610041 A No. 5 Room 305 Applicant after: Chengdu Tianyao Technology Co.,Ltd. Address before: No. 174 Shapingba street, Shapingba District, Chongqing City, Chongqing Applicant before: Xiong Chuyu |
|
TA01 | Transfer of patent application right | ||
GR01 | Patent grant | ||
GR01 | Patent grant |