WO2017197740A1 - System and method for authorizing mobile terminal based on triggering of proximity sensing - Google Patents

System and method for authorizing mobile terminal based on triggering of proximity sensing Download PDF

Info

Publication number
WO2017197740A1
WO2017197740A1 PCT/CN2016/088516 CN2016088516W WO2017197740A1 WO 2017197740 A1 WO2017197740 A1 WO 2017197740A1 CN 2016088516 W CN2016088516 W CN 2016088516W WO 2017197740 A1 WO2017197740 A1 WO 2017197740A1
Authority
WO
WIPO (PCT)
Prior art keywords
authorization
mobile terminal
initiator
rule
matching
Prior art date
Application number
PCT/CN2016/088516
Other languages
French (fr)
Chinese (zh)
Inventor
刘明晶
张璐
张维
雷尚涛
Original Assignee
深圳一卡通新技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳一卡通新技术有限公司 filed Critical 深圳一卡通新技术有限公司
Publication of WO2017197740A1 publication Critical patent/WO2017197740A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions

Definitions

  • the invention relates to a mobile terminal authorization system and method based on proximity sensing triggering.
  • NFC near field communication technology can realize rapid identification and transaction authorization. It is widely used in offline micropayment, access control, subway gates, etc., but has the following problems:
  • the account information is written into the SE unit of the storage medium in advance, and the transaction data is synchronized with the background system by asynchronous transmission, and once lost, the data cannot be reported immediately, which affects the security of the user's funds.
  • Online identity authentication and authorization are triggered by near-field sensing.
  • NFC technology does not support online transactions
  • real-time loss reporting and online identification and authorization methods such as sound waves and two-dimensional codes are complicated to read information when triggered.
  • User experience A poor technical problem, the present invention provides a mobile terminal authorization system and method based on proximity sensing triggering.
  • a mobile terminal authorization system based on proximity sensing triggering is characterized in that it comprises: an initiator identity authentication request module, an initiator authorization setting module, an acceptor identity authentication request module, a matching module, and an authorization server;
  • An initiator authorization setting module configured to set an automatic authorization rule and send the authorization rule to the authorization server;
  • the automatic authorization rule includes an identity of the receiver, an authorized service, an authorized location, and an allowed authorization time;
  • the initiator identity authentication request module when the distance sensor of the initiator mobile terminal senses that the receiver mobile terminal is close, transmitting the authorization information with the initiator identity identifier and the automatic authorization command to the matching module; the initiator The identity identifier includes the sensing time of the mobile terminal with the receiving party, the sensing end time of the mobile terminal of the receiving party, the sensing occurrence location, and the sensing instant mobile terminal Angle of the end
  • the acceptor identity authentication request module when the distance sensor of the mobile terminal of the accepting party senses that the originating mobile terminal is close, transmitting an authorization request with the identifier of the accepting party and requesting the authorized content to the matching module;
  • the identity identifier includes an inductive time with the initiating mobile terminal, an inductive end time of the initiating mobile terminal, an inductive occurrence location, and an angle of the inductive instant receiving mobile terminal;
  • the matching module matching the authorization information sent by the initiator identity authentication request module and the authorization request sent by the receiver identity authentication request module, and sending the identity identifier to the initiator terminal and the receiver terminal respectively after the matching is successful. Handshake success information, and forward the authorization information and authorization request to the authorization server;
  • the authorization server extracts an automatic authorization rule of the initiator according to the identity identifier and the authorization information of the initiator, and determines whether the receiver meets the authorization rule set by the initiator, and if the automatic authorization rule of the receiver and the initiator is consistent, the initiator The mobile terminal and the recipient mobile terminal are authorized, otherwise, no authorization is granted.
  • the above matching module performs matching according to the first rule:
  • the first rule is to determine whether the originating location, the sensing time, and the sensing end time of the originating mobile terminal and the receiving mobile terminal are the same: when all three are the same, the matching between the initiator and the receiving party is deemed to be successful. When it is not the same, the match fails.
  • the above matching module performs matching according to the second rule:
  • the second rule is matched, and the second rule is: according to the angle of the initiator mobile terminal and the mobile terminal of the receiver When it is judged that the two mobile terminals are close to each other according to the angle, it is regarded that the initiator and the acceptor successfully match the current request and the authorization.
  • the above-mentioned initiator authorization setting module is further configured to set an auxiliary authorization rule, where the auxiliary authorization rule includes an account password and an electronic signature;
  • the authorization server is further configured to send the requesting authorization rule information by the originating mobile terminal, and give an authorization when receiving the auxiliary authorization rule.
  • a mobile terminal authorization method based on proximity sensing triggering includes the following steps:
  • the automatic authorization rule Including the identity of the accepting party, allowing the authorized business, allowing the authorized place, and allowing the authorized time;
  • the auxiliary authorization rule includes the account password and the electronic signature;
  • the initiator identity identifier includes the mobile The sensing time of the terminal, the sensing end time of the mobile terminal of the receiving party, the location of the sensing occurrence, and the angle of the originating mobile terminal when sensing;
  • the authorization request with the identifier of the accepting party and requesting the authorized content is sent to the matching module;
  • the identifier of the accepting party includes moving with the initiator The sensing time of the terminal, the sensing end time of the initiating mobile terminal, the sensing occurrence location, and the angle of the receiving mobile terminal;
  • the authorization server obtains the corresponding automatic authorization rule according to the identity identification and authorization information of the initiator, and determines whether the receiver meets the automatic authorization rule of the corresponding initiator. If the receiver meets the automatic authorization rule of the initiator, the authorization terminal moves to the initiator mobile terminal. And the mobile terminal authorization of the receiving party; otherwise, no authorization is granted;
  • Step 3 The specific matching rules are as follows:
  • the first rule is to determine whether the originating location, the sensing time, and the sensing end time of the originating mobile terminal and the receiving mobile terminal are the same: when all three are the same, the matching between the initiator and the receiving party is deemed to be successful. When it is not the same, the match fails.
  • the specific matching rule is: when multiple authorization requests and multiple authorization information are received at the same time, and the matching according to the first rule is successful, the matching is continued according to the second rule, and the second rule is: the initiator moves according to the sensing instant.
  • the angle judgment between the terminal and the receiver mobile terminal when it is judged that the two mobile terminals are in close proximity according to the angle, it is considered that the initiator mobile terminal and the receiver mobile terminal successfully match the request and the authorization.
  • the specific matching rule is: when the multiple authorization requests and the multiple authorization information are successfully matched according to the second rule, all the successfully authorized authorization information to be sent to the initiator mobile terminal is sent by the initiator mobile terminal. Select which authorization information to authorize, according to the initiator mobile end The active selection results of the end are matched.
  • the auxiliary authorization rule is also verified. Specifically, the authorization server sends the secondary authorization rule verification information to the initiator mobile terminal, and if the initiator mobile terminal provides the auxiliary authorization rule, the authorization is performed; If the originating mobile terminal does not provide, no authorization is granted; the auxiliary authorization rule includes an account password and an electronic signature.
  • the invention directly triggers transaction authorization or identification by using the mobile phone distance sensing device, and the response speed is the same as that of NFC and other near field communication methods, and is faster than identifying information loaded in the two-dimensional code, sound wave and light wave.
  • the terminal is only used to trigger the transaction or authentication.
  • the transaction authorization and identification are completed on the backend authorization server to avoid the authorization or authentication rules to be downloaded and leaked.
  • the invention improves the security of the authorized transaction by double verification of the automatic authorization rule and the auxiliary authorization rule.
  • FIG. 1 is a schematic diagram of a mobile terminal authorization system based on proximity sensing triggering according to the present invention
  • FIG. 2 is a flowchart of a method for authorizing a mobile terminal based on proximity sensing triggering according to the present invention
  • FIG. 3 is a schematic diagram of a matching process of the present invention.
  • a mobile terminal authorization system based on proximity sensing triggering includes an initiator identity authentication request module, an initiator authorization setting module, an acceptor identity authentication request module, a matching module, and an authorization server;
  • Initiator authorization setting module used to set an automatic authorization rule and an auxiliary authorization rule, the auxiliary authorization rule includes an account password and an electronic signature; the automatic authorization rule includes an acceptor identity, an authorized authorization service, an allowed authorization place, and an allowable authorization time;
  • the initiator identity authentication request module when the distance sensor of the initiator mobile terminal senses that the receiver mobile terminal is close, the authorization information with the initiator identity and the automatic authorization command is sent to the matching module;
  • the initiator identity identifier includes The sensing time of the mobile terminal of the receiving party, the sensing end time of the mobile terminal of the receiving party, the location of the sensing occurrence, and the angle of the originating mobile terminal of the sensing instant;
  • Receiver identity authentication request module the proximity sensor of the mobile terminal of the receiving party senses the initiation When the mobile terminal is close, the authorization request with the identifier of the receiver and the request for authorization content is sent to the matching module; the identity of the receiver includes the sensing time of the mobile terminal with the initiator, the sensing end time of the mobile terminal of the initiator, and the sensing. The occurrence location and the angle at which the mobile terminal of the receiving party is instantaneously sensed;
  • the matching module the authorization information sent by the initiator identity authentication request module and the authorization request sent by the receiver identity authentication request module are matched, and the handshake is successfully sent to the initiator terminal and the receiver terminal respectively after the matching is successful. Information, and forward the authorization information and authorization request to the authorization server;
  • the authorization server extracts the automatic authorization rule of the initiator according to the identifier and the authorization information of the initiator, and determines whether the receiver meets the authorization rule set by the initiator. If the automatic authorization rule of the receiver and the initiator is consistent, the mobile terminal is sent to the initiator. And the recipient mobile terminal authorization, otherwise, no authorization.
  • the authorization server is also used by the originating mobile terminal to send the auxiliary authorization rule information, and when the auxiliary authorization rule is received, the authorization is given.
  • the matching module matches according to the first rule:
  • the first rule is to determine whether the originating location, the sensing time, and the sensing end time of the originating mobile terminal and the receiving mobile terminal are the same: when all three are the same, the matching between the initiator and the receiving party is deemed to be successful. When it is not the same, the match fails.
  • the matching module matches according to the second rule:
  • the initiator connects the first terminal to the second terminal of the accepting party.
  • the distance sensors of the first terminal and the second terminal respectively sense the other party and trigger the identity authentication handshake.
  • the first terminal After triggering the identity authentication handshake, the first terminal sends the authorization information with the initiator identifier and the automatic authorization command to the front-end server, and considers that the authorization is authorized at the current location and time point, and the execution permission preset by the initiator is automatically executed.
  • Authorized services such as: payment, ticket inspection, access control, attendance, entry and exit, requisition or write-off coupons.
  • the second terminal After the second terminal triggers the identity authentication handshake, the second terminal sends an authorization request with the identifier of the receiver and the content of the request for authorization to the front-end server, and the request originator is authorized to perform the service initiated by the receiver at the current time and place.
  • the front-end server receives the automatic authorization command uploaded by the first terminal, and the authorization request uploaded by the second terminal, and executes multiple sets of matching rules in sequence until the authorization request and the authorization command are successfully matched.
  • the authorization server extracts the authorization rule in the authorization setting module, and determines whether the content of the request authorization is consistent with the automatic authorization rule of the initiator, and if it is consistent, the authorization is performed.
  • the initiator information required to complete the authorized business is extracted from the service server, and it is verified whether the business acceptance rule is met. If the business acceptance rule is met, the subsequent business process is executed.
  • Authorization request and authorization command are first matched according to the first group of rules: the first group of rules are: the place of occurrence, the start time of the authorization action, and the end time of the authorization action. When all three are the same, it is regarded as the initiator and the receiver. The match between the secondary request and the authorization was successful.
  • the matching is continued, and the second group of rules is matched.
  • the second group of rules is: according to the triggering authorization, the initiator terminal and the acceptance are instantaneous.
  • the tilting angle of the square terminal in the three-dimensional space is matched.
  • the condition of the initiator's background service authorization is that, on the premise that the authorization request sent by the receiver and the authorization command issued by the initiator successfully match, the receiver and the request content of the authorization request are issued, and the initiator sets the module in the authorization setting.
  • the automatic authorization rules are set to be consistent, or within the reasonable range of the initiator's customary behavior.
  • the rules used in the authorization process are divided into two categories.
  • the first category is the rule that the initiator allows automatic authorization.
  • the initiator is reserved in the authorization setting module in advance. When the authorization request matches such rules, the authorization is granted.
  • the right server will execute the automatic authorization command to complete the current authorization;
  • the second type is the authorization rule that needs the initiator to provide the auxiliary authorization information, and the auxiliary authorization information is reserved by the initiator in the authorization setting module in advance.
  • the rules that the initiator allows automatic authorization including: the identity of the receiver, the permitted service, the permitted location, and the time allowed for authorization.
  • the rules are submitted by the initiator to the authorization server in advance.
  • the authorization server extracts the rule that the initiator allows automatic authorization, and simultaneously extracts the content of the authorization request. Matching the two, if the authorization request meets the automatic authorization rule allowed by the initiator, the automatic authorization instruction is executed, and the initiator agrees to authorize the current request. Perform subsequent business processes.
  • the payer holds the smartphone, and the payee holds a smart phone or other smart mobile terminal with a distance sensor (including but not limited to Pad, custom POS, etc.).
  • a distance sensor including but not limited to Pad, custom POS, etc.
  • the payee When paying, the payee will input the current payment amount and generate a payment order. The payer places the phone close to the distance sensor area of the receiving terminal.
  • the payer's mobile phone will authorize the payment instruction, and the payee terminal uploads the transaction authorization request to the front-end server at the same time, and the front-end server completes the handshake request (ie, matching) of the transaction request and the transaction authorization, triggering the authorization.
  • the front-end server sends the payer ID, the payee ID, the payment amount, the service type, the time, and the location to the authorization server, and the authorization server extracts the automatic authorization rule of the payer according to the payer ID, and performs the transaction information with the current transaction information. Comparison.
  • the payee obtains the authorization to debit the payer's account. If the payee is set to debit the password, the payee is authorized to pick up the payee after the authorization is obtained. The reserved password is used to perform the debit.
  • Embodiment 2 Identification:
  • An individual holds a smart phone and installs an authentication terminal with a distance sensor at a specified location in an identification, authorization, and authorization scenario such as access control, elevator, and gate.
  • the front-end server After receiving the authentication request and the authentication command, the front-end server performs a handshake according to the time and place of occurrence. After the matching succeeds, the authorization is triggered, and the authentication request and the authentication command are sent to the authorization server.
  • the authorization server initiates a preset authentication terminal identification rule, such as: who, where, and when the identity is allowed, and the authentication request is authenticated to the individual according to the rule, and the authorization is performed after the matching is successful, for example, opening the access control and opening Gates, etc.
  • a preset authentication terminal identification rule such as: who, where, and when the identity is allowed, and the authentication request is authenticated to the individual according to the rule, and the authorization is performed after the matching is successful, for example, opening the access control and opening Gates, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Disclosed are a system and a method for authorizing a mobile terminal based on triggering of proximity sensing. The system comprises an initiator authentication request module, an initiator authorization setting module, a recipient authentication request module, a matching module, and an authorization server. The method comprises: extracting an automatic authorization rule of an initiator according to an identifier and authorization information of the initiator, determining whether a recipient meets the authorization rule set by the initiator, and, if the authorization information of the recipient is consistent with the automatic authorization rule of the initiator, authorizing a mobile terminal of the initiator and a mobile terminal of the recipient, or, if it is not consistent, not granting authorization. To remedy the technical problem in which NFC technology does not support online transactions and consequently cannot support real-time loss reports, a distance sensing apparatus of a mobile phone is used to directly trigger transaction authorization or identity recognition, achieving a response speed equal to that of NFC and faster than that of identification information carried on a 2D barcode, sound wave or light wave.

Description

一种基于近距离感应触发的移动终端授权***及方法Mobile terminal authorization system and method based on proximity sensing trigger 技术领域Technical field
本发明涉及一种基于近距离感应触发的移动终端授权***及方法。The invention relates to a mobile terminal authorization system and method based on proximity sensing triggering.
背景技术Background technique
NFC近场通讯技术可以实现快速的身份识别和交易授权,被广泛应用在线下小额支付、门禁、地铁闸机等场景,但存在以下问题:NFC near field communication technology can realize rapid identification and transaction authorization. It is widely used in offline micropayment, access control, subway gates, etc., but has the following problems:
1、预先将账户信息写入存储介质的SE单元,采用异步传输与后台***同步交易数据,一旦丢失后无法立即挂失,影响使用者的资金安全。1. The account information is written into the SE unit of the storage medium in advance, and the transaction data is synchronized with the background system by asynchronous transmission, and once lost, the data cannot be reported immediately, which affects the security of the user's funds.
2、为保证存储在硬件内的账户信息和交易数据安全,不被盗用或篡改,均采用硬件加密方式,在实际应用中,对受理终端的硬件加密有特殊要求,导致终端成本偏高。2. In order to ensure the security of account information and transaction data stored in the hardware, and not to be stolen or tampered with, hardware encryption is adopted. In practical applications, there are special requirements for hardware encryption of the receiving terminal, resulting in high terminal cost.
3、声波、光信号、二维码等替代技术,支持联机授权和交易,解决了NFC技术脱机交易带来的无法实时挂失问题,但识别速度慢,用户体验不好。3, sound wave, optical signal, two-dimensional code and other alternative technologies, support online authorization and transaction, solve the problem of NFC technology offline transactions can not be reported in real time, but the recognition speed is slow, user experience is not good.
发明内容Summary of the invention
通过近场感应触发联机身份认证和授权,为了弥补NFC技术不支持联机交易而导致的不能实时挂失,以及声波、二维码等联机身份识别与授权方法在触发时读取信息动作复杂,用户体验不好的技术问题,本发明提供一种基于近距离感应触发的移动终端授权***及方法。Online identity authentication and authorization are triggered by near-field sensing. In order to make up for the fact that NFC technology does not support online transactions, real-time loss reporting, and online identification and authorization methods such as sound waves and two-dimensional codes are complicated to read information when triggered. User experience A poor technical problem, the present invention provides a mobile terminal authorization system and method based on proximity sensing triggering.
本发明的技术解决方案:Technical solution of the invention:
一种基于近距离感应触发的移动终端授权***,其特殊之处在于:包括发起方身份认证请求模块、发起方授权设置模块、受理方身份认证请求模块、匹配模块和授权服务器;A mobile terminal authorization system based on proximity sensing triggering is characterized in that it comprises: an initiator identity authentication request module, an initiator authorization setting module, an acceptor identity authentication request module, a matching module, and an authorization server;
发起方授权设置模块:用于设置自动授权规则并发送给授权服务器;所述自动授权规则包括受理方身份、允许授权业务、允许授权地点以及允许授权时间;An initiator authorization setting module: configured to set an automatic authorization rule and send the authorization rule to the authorization server; the automatic authorization rule includes an identity of the receiver, an authorized service, an authorized location, and an allowed authorization time;
所述发起方身份认证请求模块:在发起方移动终端的距离感应器感应到受理方移动终端靠近时,将带有发起方身份标识、自动授权指令的授权信息发送至匹配模块;所述发起方身份标识包括与受理方移动终端的感应时间、与受理方移动终端的感应结束时间、感应发生地点和感应瞬间发起方移动终 端的角度;The initiator identity authentication request module: when the distance sensor of the initiator mobile terminal senses that the receiver mobile terminal is close, transmitting the authorization information with the initiator identity identifier and the automatic authorization command to the matching module; the initiator The identity identifier includes the sensing time of the mobile terminal with the receiving party, the sensing end time of the mobile terminal of the receiving party, the sensing occurrence location, and the sensing instant mobile terminal Angle of the end
所述受理方身份认证请求模块:在受理方移动终端的距离感应器感应到发起方移动终端靠近时,将带有受理方身份标识、请求授权内容的授权请求发送至匹配模块;所述受理方身份标识包括与发起方移动终端的感应时间、与发起方移动终端的感应结束时间、感应发生地点和感应瞬间受理方移动终端的角度;The acceptor identity authentication request module: when the distance sensor of the mobile terminal of the accepting party senses that the originating mobile terminal is close, transmitting an authorization request with the identifier of the accepting party and requesting the authorized content to the matching module; The identity identifier includes an inductive time with the initiating mobile terminal, an inductive end time of the initiating mobile terminal, an inductive occurrence location, and an angle of the inductive instant receiving mobile terminal;
所述匹配模块:将收到发起方身份认证请求模块发送的授权信息和受理方身份认证请求模块发送的的授权请求进行身份标识匹配,并在匹配成功后分别向发起方终端和受理方终端发送握手成功信息,同时将授权信息和授权请求转发给授权服务器;The matching module: matching the authorization information sent by the initiator identity authentication request module and the authorization request sent by the receiver identity authentication request module, and sending the identity identifier to the initiator terminal and the receiver terminal respectively after the matching is successful. Handshake success information, and forward the authorization information and authorization request to the authorization server;
所述授权服务器:根据发起方身份标识和授权信息,提取发起方的自动授权规则,判断受理方是否符合发起方设置的授权规则,若受理方与发起方的自动授权规则一致,则向发起方移动终端和受理方移动终端授权,否则,不予授权。The authorization server: extracts an automatic authorization rule of the initiator according to the identity identifier and the authorization information of the initiator, and determines whether the receiver meets the authorization rule set by the initiator, and if the automatic authorization rule of the receiver and the initiator is consistent, the initiator The mobile terminal and the recipient mobile terminal are authorized, otherwise, no authorization is granted.
上述匹配模块按照第一规则进行匹配:The above matching module performs matching according to the first rule:
第一规则为判断发起方移动终端与受理方移动终端的感应发生地点、感应时间和感应结束时间是否相同:当三者均相同时,视为发起方与受理方当次请求与授权的匹配成功;当不相同时,则匹配失败。The first rule is to determine whether the originating location, the sensing time, and the sensing end time of the originating mobile terminal and the receiving mobile terminal are the same: when all three are the same, the matching between the initiator and the receiving party is deemed to be successful. When it is not the same, the match fails.
上述匹配模块按照第二规则进行匹配:The above matching module performs matching according to the second rule:
当同时收到多个授权请求和多个授权信息,按照第一规则均匹配成功时,继续按照第二规则匹配,第二规则为:根据感应瞬间发起方移动终端和受理方移动终端的角度判断:当根据角度判断两个移动终端为平行面向靠近时,视为发起方与受理方当次请求与授权匹配成功。When multiple authorization requests and multiple authorization information are received at the same time, if the first rule is successfully matched, the second rule is matched, and the second rule is: according to the angle of the initiator mobile terminal and the mobile terminal of the receiver When it is judged that the two mobile terminals are close to each other according to the angle, it is regarded that the initiator and the acceptor successfully match the current request and the authorization.
上述发起方授权设置模块还用于设置辅助授权规则,所述辅助授权规则包括账户密码和电子签名;The above-mentioned initiator authorization setting module is further configured to set an auxiliary authorization rule, where the auxiliary authorization rule includes an account password and an electronic signature;
所述授权服务器还用于发起方移动终端发送索要辅助授权规则信息,并在接收到辅助授权规则时,给予授权。The authorization server is further configured to send the requesting authorization rule information by the originating mobile terminal, and give an authorization when receiving the auxiliary authorization rule.
一种基于近距离感应触发的移动终端授权方法,包括以下步骤:A mobile terminal authorization method based on proximity sensing triggering includes the following steps:
1)向授权服务器设置自动授权规则和辅助授权规则;所述自动授权规则 包括受理方身份、允许授权业务、允许授权地点以及允许授权时间;所述辅助授权规则包括账户密码和电子签名;1) setting an automatic authorization rule and an auxiliary authorization rule to the authorization server; the automatic authorization rule Including the identity of the accepting party, allowing the authorized business, allowing the authorized place, and allowing the authorized time; the auxiliary authorization rule includes the account password and the electronic signature;
2)在发起方移动终端的距离感应器感应到受理方移动终端靠近时,将带有发起方身份标识、自动授权指令的授权信息发送至匹配模块;所述发起方身份标识包括与受理方移动终端的感应时间、与受理方移动终端的感应结束时间、感应发生地点和感应时发起方移动终端的角度;2) when the distance sensor of the initiator mobile terminal senses that the receiver mobile terminal is close, the authorization information with the initiator identity and the automatic authorization command is sent to the matching module; the initiator identity identifier includes the mobile The sensing time of the terminal, the sensing end time of the mobile terminal of the receiving party, the location of the sensing occurrence, and the angle of the originating mobile terminal when sensing;
3)在受理方移动终端的距离感应器感应到发起方移动终端靠近时,将带有受理方身份标识、请求授权内容的授权请求发送至匹配模块;所述受理方身份标识包括与发起方移动终端的感应时间、与发起方移动终端的感应结束时间、感应发生地点和感应时受理方移动终端的角度;3) when the distance sensor of the mobile terminal of the accepting party senses that the originating mobile terminal is close, the authorization request with the identifier of the accepting party and requesting the authorized content is sent to the matching module; the identifier of the accepting party includes moving with the initiator The sensing time of the terminal, the sensing end time of the initiating mobile terminal, the sensing occurrence location, and the angle of the receiving mobile terminal;
4)将收到授权信息和授权请求进行身份标识匹配,并在匹配成功后分别向发起方移动终端和受理方移动终端发送握手成功信息,同时将授权信息和授权请求转发给授权服务器;4) Receiving the authorization information and the authorization request for identity identification, and after the matching is successful, respectively sending the handshake success information to the initiator mobile terminal and the receiver mobile terminal, and forwarding the authorization information and the authorization request to the authorization server;
5)授权服务器依据发起方身份标识和授权信息,获取对应的自动授权规则,判断受理方是否符合对应发起方的自动授权规则,若受理方符合发起方的自动授权规则,则向发起方移动终端和受理方移动终端授权;否则,不予授权;5) The authorization server obtains the corresponding automatic authorization rule according to the identity identification and authorization information of the initiator, and determines whether the receiver meets the automatic authorization rule of the corresponding initiator. If the receiver meets the automatic authorization rule of the initiator, the authorization terminal moves to the initiator mobile terminal. And the mobile terminal authorization of the receiving party; otherwise, no authorization is granted;
上述步骤3)具体匹配规则为:Step 3) The specific matching rules are as follows:
第一规则为判断发起方移动终端与受理方移动终端的感应发生地点、感应时间和感应结束时间是否相同:当三者均相同时,视为发起方与受理方当次请求与授权的匹配成功;当不相同时,则匹配失败。The first rule is to determine whether the originating location, the sensing time, and the sensing end time of the originating mobile terminal and the receiving mobile terminal are the same: when all three are the same, the matching between the initiator and the receiving party is deemed to be successful. When it is not the same, the match fails.
上述步骤3)具体匹配规则为:当同时收到多个授权请求和多个授权信息,按照第一规则均匹配成功时,继续按照第二规则匹配,第二规则为:根据感应瞬间发起方移动终端和受理方移动终端的角度判断:当根据角度判断两个移动终端为平行面向靠近时,视为发起方移动终端与受理方移动终端当次请求与授权匹配成功。In the foregoing step 3), the specific matching rule is: when multiple authorization requests and multiple authorization information are received at the same time, and the matching according to the first rule is successful, the matching is continued according to the second rule, and the second rule is: the initiator moves according to the sensing instant. The angle judgment between the terminal and the receiver mobile terminal: when it is judged that the two mobile terminals are in close proximity according to the angle, it is considered that the initiator mobile terminal and the receiver mobile terminal successfully match the request and the authorization.
上述步骤3)具体匹配规则为:当多个授权请求和多个授权信息按照第二规则匹配成功时,将所有匹配成功的等待授权的授权信息发送给发起方移动终端,由发起方移动终端自行选择为哪项授权信息授权,根据发起方移动终 端的主动选择结果进行匹配。In the foregoing step 3), the specific matching rule is: when the multiple authorization requests and the multiple authorization information are successfully matched according to the second rule, all the successfully authorized authorization information to be sent to the initiator mobile terminal is sent by the initiator mobile terminal. Select which authorization information to authorize, according to the initiator mobile end The active selection results of the end are matched.
当受理方符合发起方的自动授权规则时,还进行辅助授权规则验证,具体为:授权服务器向发起方移动终端发送索要辅助授权规则验证信息,若发起方移动终端提供辅助授权规则,则授权;所发起方移动终端不提供,则不予授权;所述辅助授权规则包括账户密码和电子签名。When the receiving party complies with the automatic authorization rule of the initiator, the auxiliary authorization rule is also verified. Specifically, the authorization server sends the secondary authorization rule verification information to the initiator mobile terminal, and if the initiator mobile terminal provides the auxiliary authorization rule, the authorization is performed; If the originating mobile terminal does not provide, no authorization is granted; the auxiliary authorization rule includes an account password and an electronic signature.
本发明所具有的优点:The advantages of the invention:
1、本发明利用手机距离感应装置直接触发交易授权或身份识别,响应速度与NFC等近场通讯方式一样,比识别加载于二维码、声波、光波的信息速度快。1. The invention directly triggers transaction authorization or identification by using the mobile phone distance sensing device, and the response speed is the same as that of NFC and other near field communication methods, and is faster than identifying information loaded in the two-dimensional code, sound wave and light wave.
2、终端仅用于触发交易或认证,交易授权和身份识别均在后端授权服务器完成,避免授权或认证规则下载和泄露。2. The terminal is only used to trigger the transaction or authentication. The transaction authorization and identification are completed on the backend authorization server to avoid the authorization or authentication rules to be downloaded and leaked.
3、本发明通过自动授权规则与辅助授权规则双重验证,提高授权交易的安全性。3. The invention improves the security of the authorized transaction by double verification of the automatic authorization rule and the auxiliary authorization rule.
附图说明DRAWINGS
图1为本发明基于近距离感应触发的移动终端授权***的原理图;1 is a schematic diagram of a mobile terminal authorization system based on proximity sensing triggering according to the present invention;
图2为本发明一种基于近距离感应触发的移动终端授权方法的流程图;2 is a flowchart of a method for authorizing a mobile terminal based on proximity sensing triggering according to the present invention;
图3为本发明匹配流程示意图。FIG. 3 is a schematic diagram of a matching process of the present invention.
具体实施方式detailed description
如图1所示,一种基于近距离感应触发的移动终端授权***,包括发起方身份认证请求模块、发起方授权设置模块、受理方身份认证请求模块、匹配模块和授权服务器;As shown in FIG. 1 , a mobile terminal authorization system based on proximity sensing triggering includes an initiator identity authentication request module, an initiator authorization setting module, an acceptor identity authentication request module, a matching module, and an authorization server;
发起方授权设置模块:用于设置自动授权规则和辅助授权规则,辅助授权规则包括账户密码和电子签名;自动授权规则包括受理方身份、允许授权业务、允许授权地点以及允许授权时间;Initiator authorization setting module: used to set an automatic authorization rule and an auxiliary authorization rule, the auxiliary authorization rule includes an account password and an electronic signature; the automatic authorization rule includes an acceptor identity, an authorized authorization service, an allowed authorization place, and an allowable authorization time;
发起方身份认证请求模块:在发起方移动终端的距离感应器感应到受理方移动终端靠近时,将带有发起方身份标识、自动授权指令的授权信息发送至匹配模块;发起方身份标识包括与受理方移动终端的感应时间、与受理方移动终端的感应结束时间、感应发生地点和感应瞬间发起方移动终端的角度;The initiator identity authentication request module: when the distance sensor of the initiator mobile terminal senses that the receiver mobile terminal is close, the authorization information with the initiator identity and the automatic authorization command is sent to the matching module; the initiator identity identifier includes The sensing time of the mobile terminal of the receiving party, the sensing end time of the mobile terminal of the receiving party, the location of the sensing occurrence, and the angle of the originating mobile terminal of the sensing instant;
受理方身份认证请求模块:在受理方移动终端的距离感应器感应到发起 方移动终端靠近时,将带有受理方身份标识、请求授权内容的授权请求发送至匹配模块;受理方身份标识包括与发起方移动终端的感应时间、与发起方移动终端的感应结束时间、感应发生地点和感应瞬间受理方移动终端的角度;Receiver identity authentication request module: the proximity sensor of the mobile terminal of the receiving party senses the initiation When the mobile terminal is close, the authorization request with the identifier of the receiver and the request for authorization content is sent to the matching module; the identity of the receiver includes the sensing time of the mobile terminal with the initiator, the sensing end time of the mobile terminal of the initiator, and the sensing. The occurrence location and the angle at which the mobile terminal of the receiving party is instantaneously sensed;
匹配模块:将收到发起方身份认证请求模块发送的授权信息和受理方身份认证请求模块发送的的授权请求进行身份标识匹配,并在匹配成功后分别向发起方终端和受理方终端发送握手成功信息,同时将授权信息和授权请求转发给授权服务器;The matching module: the authorization information sent by the initiator identity authentication request module and the authorization request sent by the receiver identity authentication request module are matched, and the handshake is successfully sent to the initiator terminal and the receiver terminal respectively after the matching is successful. Information, and forward the authorization information and authorization request to the authorization server;
授权服务器:根据发起方身份标识和授权信息,提取发起方的自动授权规则,判断受理方是否符合发起方设置的授权规则,若受理方与发起方的自动授权规则一致,则向发起方移动终端和受理方移动终端授权,否则,不予授权。授权服务器还用于发起方移动终端发送索要辅助授权规则信息,并在接收到辅助授权规则时,给予授权。The authorization server: extracts the automatic authorization rule of the initiator according to the identifier and the authorization information of the initiator, and determines whether the receiver meets the authorization rule set by the initiator. If the automatic authorization rule of the receiver and the initiator is consistent, the mobile terminal is sent to the initiator. And the recipient mobile terminal authorization, otherwise, no authorization. The authorization server is also used by the originating mobile terminal to send the auxiliary authorization rule information, and when the auxiliary authorization rule is received, the authorization is given.
匹配模块按照第一规则进行匹配:The matching module matches according to the first rule:
第一规则为判断发起方移动终端与受理方移动终端的感应发生地点、感应时间和感应结束时间是否相同:当三者均相同时,视为发起方与受理方当次请求与授权的匹配成功;当不相同时,则匹配失败。The first rule is to determine whether the originating location, the sensing time, and the sensing end time of the originating mobile terminal and the receiving mobile terminal are the same: when all three are the same, the matching between the initiator and the receiving party is deemed to be successful. When it is not the same, the match fails.
匹配模块按照第二规则进行匹配:The matching module matches according to the second rule:
当同时收到多个授权请求和多个授权信息,按照第一规则均匹配成功时,继续按照第二规则匹配,第二规则为:根据感应瞬间发起方移动终端和受理方移动终端的角度判断:当根据角度判断两个移动终端为平行面向靠近时,视为发起方与受理方当次请求与授权匹配成功。一种通过智能手机的距离感应器,触发联机身份认证与授权的方法:When multiple authorization requests and multiple authorization information are received at the same time, if the first rule is successfully matched, the second rule is matched, and the second rule is: according to the angle of the initiator mobile terminal and the mobile terminal of the receiver When it is judged that the two mobile terminals are close to each other according to the angle, it is regarded that the initiator and the acceptor successfully match the current request and the authorization. A method of triggering online identity authentication and authorization through a distance sensor of a smartphone:
1、发起方将第一终端,靠近受理方的第二终端,当两个终端的距离达到有效范围后,第一终端和第二终端的距离感应器分别成功感应到对方,触发身份认证握手。1. The initiator connects the first terminal to the second terminal of the accepting party. When the distance between the two terminals reaches the effective range, the distance sensors of the first terminal and the second terminal respectively sense the other party and trigger the identity authentication handshake.
2、第一终端在触发身份认证握手后,将带有发起方标识、自动授权指令的授权信息发送至前端服务器,视为同意授权在当前位置和时间点,执行发起方预先设定的允许自动授权的业务,如:支付、验票、门禁、考勤、进出闸机、领用或核销优惠券等。 2. After triggering the identity authentication handshake, the first terminal sends the authorization information with the initiator identifier and the automatic authorization command to the front-end server, and considers that the authorization is authorized at the current location and time point, and the execution permission preset by the initiator is automatically executed. Authorized services, such as: payment, ticket inspection, access control, attendance, entry and exit, requisition or write-off coupons.
3、第二终端在触发身份认证握手后,将带有受理方标识、请求授权内容的授权请求发送至前端服务器,视为请求发起方授权在当前时间和地点,执行受理方发起的业务。After the second terminal triggers the identity authentication handshake, the second terminal sends an authorization request with the identifier of the receiver and the content of the request for authorization to the front-end server, and the request originator is authorized to perform the service initiated by the receiver at the current time and place.
4、前端服务器收到第一终端上传的自动授权指令,和第二终端上传的授权请求,依次执行多组匹配规则,直至授权请求与授权指令匹配成功。4. The front-end server receives the automatic authorization command uploaded by the first terminal, and the authorization request uploaded by the second terminal, and executes multiple sets of matching rules in sequence until the authorization request and the authorization command are successfully matched.
5、在匹配成功的情况下,根据受理方标识和请求内容,授权服务器在授权设置模块中提取授权规则,判断请求授权内容是否与发起方的允许自动授权规则一致,如果一致则授权。5. In the case that the matching is successful, according to the identifier of the receiving party and the content of the request, the authorization server extracts the authorization rule in the authorization setting module, and determines whether the content of the request authorization is consistent with the automatic authorization rule of the initiator, and if it is consistent, the authorization is performed.
6、在受理方获得授权的情况下,从业务服务器提取完成当次被授权业务所需的发起方信息,验证是否符合业务受理规则,如果符合业务受理规则,则执行后续业务流程。6. In the case that the accepting party is authorized, the initiator information required to complete the authorized business is extracted from the service server, and it is verified whether the business acceptance rule is met. If the business acceptance rule is met, the subsequent business process is executed.
如图3所示,授权请求与授权指令的匹配方法:As shown in Figure 3, the matching method between the authorization request and the authorization command:
1、授权请求和授权指令,首先按照第一组规则匹配,第一组规则为:发生地点、授权动作开始时间、授权动作结束时间,当三者均相同时,视为发起方与受理方当次请求与授权的匹配成功。1. Authorization request and authorization command are first matched according to the first group of rules: the first group of rules are: the place of occurrence, the start time of the authorization action, and the end time of the authorization action. When all three are the same, it is regarded as the initiator and the receiver. The match between the secondary request and the authorization was successful.
2、当同时收到的多个授权请求和多个授权指令,按照第一组规则均匹配成功时,继续按照第二组规则匹配,第二组规则为:根据触发授权瞬间发起方终端和受理方终端在三维空间中所处的倾斜角度匹配,当根据空间倾斜角度可判断两个终端为平行面向靠近,或者符合预设角度时,视为发起方与受理方当次请求与授权匹配成功。2. When multiple authorization requests and multiple authorization commands are received at the same time, according to the first group of rules, the matching is continued, and the second group of rules is matched. The second group of rules is: according to the triggering authorization, the initiator terminal and the acceptance are instantaneous. The tilting angle of the square terminal in the three-dimensional space is matched. When the two terminals are determined to be close to each other according to the spatial tilt angle, or the preset angle is met, it is considered that the initiator and the acceptor successfully match the request and the authorization.
3、当多个授权请求和多个授权指令按照第二组规则匹配成功时,将所有匹配成功的等待授权请求发送给所有匹配成功的发起方,由发起方自行选择为哪项请求授权,根据发起方的主动选择结果进行匹配。3. When multiple authorization requests and multiple authorization instructions are successfully matched according to the second set of rules, all the successfully waiting waiting authorization requests are sent to all successful matching initiators, and the initiator selects which request authorization, according to The initiator's active selection results are matched.
授权过程:发起方后台服务授权的条件是,在受理方发出的授权请求与发起方发出的授权指令成功匹配的前提下,发出授权请求的受理方以及请求内容,与发起方在授权设置模块预设的自动授权规则一致,或在发起方的习惯行为合理范围内。Authorization process: The condition of the initiator's background service authorization is that, on the premise that the authorization request sent by the receiver and the authorization command issued by the initiator successfully match, the receiver and the request content of the authorization request are issued, and the initiator sets the module in the authorization setting. The automatic authorization rules are set to be consistent, or within the reasonable range of the initiator's customary behavior.
1、授权过程中使用的规则分为两类,第一类是发起方允许自动授权的规则,由发起方事先在授权设置模块预留,当授权请求与此类规则匹配时,授 权服务器将执行自动授权指令,完成当次授权;第二类是需要发起方提供辅助授权信息的授权规则,辅助授权信息由发起方事先在授权设置模块中预留。1. The rules used in the authorization process are divided into two categories. The first category is the rule that the initiator allows automatic authorization. The initiator is reserved in the authorization setting module in advance. When the authorization request matches such rules, the authorization is granted. The right server will execute the automatic authorization command to complete the current authorization; the second type is the authorization rule that needs the initiator to provide the auxiliary authorization information, and the auxiliary authorization information is reserved by the initiator in the authorization setting module in advance.
2、发起方允许自动授权的规则,包括:受理方身份、允许授权业务、允许授权地点、允许授权时间。规则由发起方事先提交至授权服务器。2. The rules that the initiator allows automatic authorization, including: the identity of the receiver, the permitted service, the permitted location, and the time allowed for authorization. The rules are submitted by the initiator to the authorization server in advance.
3、当受理方授权请求与发起方自动授权指令在前端服务器成功匹配后,授权服务器提取发起方允许自动授权的规则,同时提取授权请求的内容。对二者进行匹配,如授权请求符合发起方允许自动授权规则的,执行自动授权指令,视为发起方同意对当次请求授权。可执行后续业务流程。3. After the acceptor authorization request and the initiator automatic authorization command are successfully matched in the front-end server, the authorization server extracts the rule that the initiator allows automatic authorization, and simultaneously extracts the content of the authorization request. Matching the two, if the authorization request meets the automatic authorization rule allowed by the initiator, the automatic authorization instruction is executed, and the initiator agrees to authorize the current request. Perform subsequent business processes.
3、发起方允许自动授权的规则,以及完成辅助授权规则所需的私密信息,如:账户密码、电子签名等。在整个授权过程中,不在授权服务器以外传输,避免私密信息泄露。3. The rules that the initiator allows automatic authorization, as well as the private information required to complete the auxiliary authorization rules, such as account passwords and electronic signatures. During the entire authorization process, it is not transmitted outside the authorization server to avoid leakage of private information.
实施例1、当面支付:Example 1, face-to-face payment:
1)付款方持有智能手机,收款方持有智能手机或其他带有距离感应器的智能移动终端(包括但不限于Pad、定制POS等)。1) The payer holds the smartphone, and the payee holds a smart phone or other smart mobile terminal with a distance sensor (including but not limited to Pad, custom POS, etc.).
2)支付时,由收款方输入当次收款金额后生成代付款订单。付款方将手机靠近收款终端的距离感应器区域。2) When paying, the payee will input the current payment amount and generate a payment order. The payer places the phone close to the distance sensor area of the receiving terminal.
3)成功感知后,付款方手机将授权付款的指令、收款方终端将交易授权请求同时上传至前端服务器,前端服务器完成交易请求和交易授权的握手(即匹配),触发授权。3) After successful perception, the payer's mobile phone will authorize the payment instruction, and the payee terminal uploads the transaction authorization request to the front-end server at the same time, and the front-end server completes the handshake request (ie, matching) of the transaction request and the transaction authorization, triggering the authorization.
4)前端服务器将付款方ID、收款方ID、收款金额、业务类型、时间、地点发送至授权服务器,授权服务器按付款方ID提取付款方的允许自动授权规则,与当次交易信息进行比对。4) The front-end server sends the payer ID, the payee ID, the payment amount, the service type, the time, and the location to the authorization server, and the authorization server extracts the automatic authorization rule of the payer according to the payer ID, and performs the transaction information with the current transaction information. Comparison.
5)比对一致成功后,收款方获得从付款方账户中扣款的授权,如果收款方的设置为凭密码扣款,则收款方在获得授权后,由授权服务器提取收款方预留的密码,执行扣款。5) After the comparison is successful, the payee obtains the authorization to debit the payer's account. If the payee is set to debit the password, the payee is authorized to pick up the payee after the authorization is obtained. The reserved password is used to perform the debit.
实施例2、身份识别:Embodiment 2: Identification:
1)个人持有智能手机,在门禁、电梯、闸机等需要识别身份和授权场景中,在指定位置安装带有距离感应器的认证终端。1) An individual holds a smart phone and installs an authentication terminal with a distance sensor at a specified location in an identification, authorization, and authorization scenario such as access control, elevator, and gate.
2)个人持智能手机靠近认证终端,成功感应后,个人手机将认证授权请 求发送至前端服务器,认证终端将自动授权指令上传至前端服务器。2) The individual holds the smart phone close to the authentication terminal. After successful sensing, the personal mobile phone will be authenticated and authorized. The request is sent to the front-end server, and the authentication terminal uploads the automatic authorization command to the front-end server.
3)前端服务器收到认证请求和认证指令后,按照发生时间和地点进行握手,匹配成功后触发授权,将认证请求和认证指令发送至授权服务器。3) After receiving the authentication request and the authentication command, the front-end server performs a handshake according to the time and place of occurrence. After the matching succeeds, the authorization is triggered, and the authentication request and the authentication command are sent to the authorization server.
4)授权服务器提起预设的认证终端身份识别规则,如:允许何人、何地、何时通过身份识别,按规则对个人发出认证请求进行认证,匹配成功后进行授权,如:开启门禁、开启闸机等。 4) The authorization server initiates a preset authentication terminal identification rule, such as: who, where, and when the identity is allowed, and the authentication request is authenticated to the individual according to the rule, and the authorization is performed after the matching is successful, for example, opening the access control and opening Gates, etc.

Claims (9)

  1. 一种基于近距离感应触发的移动终端授权***,其特征在于:包括发起方身份认证请求模块、发起方授权设置模块、受理方身份认证请求模块、匹配模块和授权服务器;A mobile terminal authorization system based on proximity sensing triggering, comprising: an initiator identity authentication request module, an initiator authorization setting module, an acceptor identity authentication request module, a matching module, and an authorization server;
    发起方授权设置模块:用于设置自动授权规则并发送给授权服务器;所述自动授权规则包括受理方身份、允许授权业务、允许授权地点以及允许授权时间;An initiator authorization setting module: configured to set an automatic authorization rule and send the authorization rule to the authorization server; the automatic authorization rule includes an identity of the receiver, an authorized service, an authorized location, and an allowed authorization time;
    所述发起方身份认证请求模块:在发起方移动终端的距离感应器感应到受理方移动终端靠近时,将带有发起方身份标识、自动授权指令的授权信息发送至匹配模块;所述发起方身份标识包括与受理方移动终端的感应时间、与受理方移动终端的感应结束时间、感应发生地点和感应瞬间发起方移动终端的角度;The initiator identity authentication request module: when the distance sensor of the initiator mobile terminal senses that the receiver mobile terminal is close, transmitting the authorization information with the initiator identity identifier and the automatic authorization command to the matching module; the initiator The identity identifier includes an inductive time of the mobile terminal of the receiving party, an inductive end time of the mobile terminal of the receiving party, an inductive occurrence location, and an angle of the initiating mobile terminal of the initiating moment;
    所述受理方身份认证请求模块:在受理方移动终端的距离感应器感应到发起方移动终端靠近时,将带有受理方身份标识、请求授权内容的授权请求发送至匹配模块;所述受理方身份标识包括与发起方移动终端的感应时间、与发起方移动终端的感应结束时间、感应发生地点和感应瞬间受理方移动终端的角度;The acceptor identity authentication request module: when the distance sensor of the mobile terminal of the accepting party senses that the originating mobile terminal is close, transmitting an authorization request with the identifier of the accepting party and requesting the authorized content to the matching module; The identity identifier includes an inductive time with the initiating mobile terminal, an inductive end time of the initiating mobile terminal, an inductive occurrence location, and an angle of the inductive instant receiving mobile terminal;
    所述匹配模块:将收到发起方身份认证请求模块发送的授权信息和受理方身份认证请求模块发送的的授权请求进行身份标识匹配,并在匹配成功后分别向发起方终端和受理方终端发送握手成功信息,同时将授权信息和授权请求转发给授权服务器;The matching module: matching the authorization information sent by the initiator identity authentication request module and the authorization request sent by the receiver identity authentication request module, and sending the identity identifier to the initiator terminal and the receiver terminal respectively after the matching is successful. Handshake success information, and forward the authorization information and authorization request to the authorization server;
    所述授权服务器:根据发起方身份标识和授权信息,提取发起方的自动授权规则,判断受理方是否符合发起方设置的授权规则,若受理方与发起方的自动授权规则一致,则向发起方移动终端和受理方移动终端授权,否则,不予授权。The authorization server: extracts an automatic authorization rule of the initiator according to the identity identifier and the authorization information of the initiator, and determines whether the receiver meets the authorization rule set by the initiator, and if the automatic authorization rule of the receiver and the initiator is consistent, the initiator The mobile terminal and the recipient mobile terminal are authorized, otherwise, no authorization is granted.
  2. 根据权利要求1所述基于近距离感应触发的移动终端授权***,其特征在于:所述匹配模块按照第一规则进行匹配:The proximity terminal triggering based mobile terminal authorization system according to claim 1, wherein the matching module performs matching according to the first rule:
    第一规则为判断发起方移动终端与受理方移动终端的感应发生地点、感应时间和感应结束时间是否相同:当三者均相同时,视为发起方与受理方当 次请求与授权的匹配成功;当不相同时,则匹配失败。The first rule is to determine whether the originating location, the sensing time, and the sensing end time of the originating mobile terminal and the receiving mobile terminal are the same: when all three are the same, the initiator and the receiving party are regarded as The matching of the secondary request with the authorization is successful; when it is not the same, the matching fails.
  3. 根据权利要求2所述基于近距离感应触发的移动终端授权***,其特征在于:所述匹配模块按照第二规则进行匹配:The mobile terminal authorization system based on proximity sensing trigger according to claim 2, wherein the matching module performs matching according to the second rule:
    当同时收到多个授权请求和多个授权信息,按照第一规则均匹配成功时,继续按照第二规则匹配,第二规则为:根据感应瞬间发起方移动终端和受理方移动终端的角度判断:当根据角度判断两个移动终端为平行面向靠近时,视为发起方与受理方当次请求与授权匹配成功。When multiple authorization requests and multiple authorization information are received at the same time, if the first rule is successfully matched, the second rule is matched, and the second rule is: according to the angle of the initiator mobile terminal and the mobile terminal of the receiver When it is judged that the two mobile terminals are close to each other according to the angle, it is regarded that the initiator and the acceptor successfully match the current request and the authorization.
  4. 根据权利要求1-3之任一所述的基于近距离感应触发的移动终端授权***,其特征在于:所述发起方授权设置模块还用于设置辅助授权规则,所述辅助授权规则包括账户密码和电子签名;The proximity terminal triggering-based mobile terminal authorization system according to any one of claims 1 to 3, wherein the initiator authorization setting module is further configured to set an auxiliary authorization rule, where the auxiliary authorization rule includes an account password. And electronic signature;
    所述授权服务器还用于发起方移动终端发送索要辅助授权规则信息,并在接收到辅助授权规则时,给予授权。The authorization server is further configured to send the requesting authorization rule information by the originating mobile terminal, and give an authorization when receiving the auxiliary authorization rule.
  5. 一种基于近距离感应触发的移动终端授权方法,其特征在于:包括以下步骤:A mobile terminal authorization method based on proximity sensing triggering, comprising: the following steps:
    1)向授权服务器设置自动授权规则和辅助授权规则;所述自动授权规则包括受理方身份、允许授权业务、允许授权地点以及允许授权时间;所述辅助授权规则包括账户密码和电子签名;1) setting an automatic authorization rule and an auxiliary authorization rule to the authorization server; the automatic authorization rule includes an acceptor identity, an authorized authorization service, an allowed authorization location, and an allowable authorization time; the auxiliary authorization rule includes an account password and an electronic signature;
    2)在发起方移动终端的距离感应器感应到受理方移动终端靠近时,将带有发起方身份标识、自动授权指令的授权信息发送至匹配模块;所述发起方身份标识包括与受理方移动终端的感应时间、与受理方移动终端的感应结束时间、感应发生地点和感应时发起方移动终端的角度;2) when the distance sensor of the initiator mobile terminal senses that the receiver mobile terminal is close, the authorization information with the initiator identity and the automatic authorization command is sent to the matching module; the initiator identity identifier includes the mobile The sensing time of the terminal, the sensing end time of the mobile terminal of the receiving party, the location of the sensing occurrence, and the angle of the originating mobile terminal when sensing;
    3)在受理方移动终端的距离感应器感应到发起方移动终端靠近时,将带有受理方身份标识、请求授权内容的授权请求发送至匹配模块;所述受理方身份标识包括与发起方移动终端的感应时间、与发起方移动终端的感应结束时间、感应发生地点和感应时受理方移动终端的角度;3) when the distance sensor of the mobile terminal of the accepting party senses that the originating mobile terminal is close, the authorization request with the identifier of the accepting party and requesting the authorized content is sent to the matching module; the identifier of the accepting party includes moving with the initiator The sensing time of the terminal, the sensing end time of the initiating mobile terminal, the sensing occurrence location, and the angle of the receiving mobile terminal;
    4)将收到授权信息和授权请求进行身份标识匹配,并在匹配成功后分别向发起方移动终端和受理方移动终端发送握手成功信息,同时将授权信息和授权请求转发给授权服务器;4) Receiving the authorization information and the authorization request for identity identification, and after the matching is successful, respectively sending the handshake success information to the initiator mobile terminal and the receiver mobile terminal, and forwarding the authorization information and the authorization request to the authorization server;
    5)授权服务器依据发起方身份标识和授权信息,获取对应的自动授权规 则,判断受理方是否符合对应发起方的自动授权规则,若受理方符合发起方的自动授权规则,则向发起方移动终端和受理方移动终端授权;否则,不予授权。5) The authorization server obtains the corresponding automatic authorization rule according to the identity identification and authorization information of the initiator. Then, it is judged whether the accepting party conforms to the automatic authorization rule of the corresponding initiator, and if the accepting party complies with the automatic authorization rule of the initiator, it is authorized to the originating mobile terminal and the mobile terminal of the receiving party; otherwise, no authorization is granted.
  6. 根据权利要求5所述基于近距离感应触发的移动终端授权方法,其特征在于:所述步骤3)具体匹配规则为:The mobile terminal authorization method based on the proximity sensing trigger according to claim 5, wherein the step 3) the specific matching rule is:
    第一规则为判断发起方移动终端与受理方移动终端的感应发生地点、感应时间和感应结束时间是否相同:当三者均相同时,视为发起方与受理方当次请求与授权的匹配成功;当不相同时,则匹配失败。The first rule is to determine whether the originating location, the sensing time, and the sensing end time of the originating mobile terminal and the receiving mobile terminal are the same: when all three are the same, the matching between the initiator and the receiving party is deemed to be successful. When it is not the same, the match fails.
  7. 根据权利要求6所述基于近距离感应触发的移动终端授权方法,其特征在于:所述步骤3)具体匹配规则为:当同时收到多个授权请求和多个授权信息,按照第一规则均匹配成功时,继续按照第二规则匹配,第二规则为:根据感应瞬间发起方移动终端和受理方移动终端的角度判断:当根据角度判断两个移动终端为平行面向靠近时,视为发起方移动终端与受理方移动终端当次请求与授权匹配成功。The mobile terminal authorization method based on the proximity sensing trigger according to claim 6, wherein the step 3) the specific matching rule is: when multiple authorization requests and multiple authorization information are received at the same time, according to the first rule When the matching is successful, the matching is continued according to the second rule. The second rule is: according to the angle of the initiator mobile terminal and the mobile terminal of the receiving party, when the two mobile terminals are close to each other according to the angle, the initiator is regarded as the initiator. The mobile terminal and the receiver mobile terminal successfully match the request and the authorization.
  8. 根据权利要求7所述的基于近距离感应触发的移动终端授权方法,其特征在于:所述步骤3)具体匹配规则为:当多个授权请求和多个授权信息按照第二规则匹配成功时,将所有匹配成功的等待授权的授权信息发送给发起方移动终端,由发起方移动终端自行选择为哪项授权信息授权,根据发起方移动终端的主动选择结果进行匹配。The proximity terminal triggering-based mobile terminal authorization method according to claim 7, wherein the step 3) the specific matching rule is: when multiple authorization requests and multiple authorization information are successfully matched according to the second rule, All the successfully authorized authorization information for waiting for authorization is sent to the initiator mobile terminal, and the originating mobile terminal selects which authorization information to authorize, and performs matching according to the active selection result of the initiator mobile terminal.
  9. 根据权利要求5-8之任一所述的基于近距离感应触发的移动终端授权方法,其特征在于:当受理方符合发起方的自动授权规则时,还进行辅助授权规则验证,具体为:授权服务器向发起方移动终端发送索要辅助授权规则验证信息,若发起方移动终端提供辅助授权规则,则授权;所发起方移动终端不提供,则不予授权;所述辅助授权规则包括账户密码和电子签名。 The mobile terminal authorization method based on the proximity sensing trigger according to any one of claims 5-8, characterized in that: when the accepting party meets the automatic authorization rule of the initiator, the auxiliary authorization rule is also verified, specifically: authorization The server sends a request for the auxiliary authorization rule verification information to the originating mobile terminal, and if the originating mobile terminal provides the auxiliary authorization rule, the authorization is granted; if the originating mobile terminal does not provide, the authorization is not granted; the auxiliary authorization rule includes the account password and the electronic signature.
PCT/CN2016/088516 2016-05-20 2016-07-05 System and method for authorizing mobile terminal based on triggering of proximity sensing WO2017197740A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610343619.1 2016-05-20
CN201610343619.1A CN106056376A (en) 2016-05-20 2016-05-20 Mobile terminal authorization system and method based on close distance induction triggering

Publications (1)

Publication Number Publication Date
WO2017197740A1 true WO2017197740A1 (en) 2017-11-23

Family

ID=57177335

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/088516 WO2017197740A1 (en) 2016-05-20 2016-07-05 System and method for authorizing mobile terminal based on triggering of proximity sensing

Country Status (2)

Country Link
CN (1) CN106056376A (en)
WO (1) WO2017197740A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109472175A (en) * 2018-08-21 2019-03-15 ***股份有限公司 Electromagnetic induction device and accepting terminal and its method for handover control

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109165491A (en) * 2018-08-02 2019-01-08 考拉征信服务有限公司 Security certificate method, apparatus, electronic equipment and storage medium
CN110728807B (en) * 2019-09-27 2022-02-11 深圳市海雀科技有限公司 Anti-dismantling method and device for intelligent doorbell
CN112395574B (en) * 2020-12-04 2024-02-23 航天信息股份有限公司 Safe login management method
CN113822674A (en) * 2021-05-31 2021-12-21 ***股份有限公司 Biometric identification terminal, user terminal, payment server and related methods

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201690499U (en) * 2009-11-24 2010-12-29 ***通信集团湖南有限公司 Mobile payment system, service processing device and mobile terminal
CN102157040A (en) * 2011-01-18 2011-08-17 中兴通讯股份有限公司 Communication device and method thereof of non-contact mobile payment apparatus
CN103745397A (en) * 2014-01-27 2014-04-23 上海坤士合生信息科技有限公司 System and method for realizing electronic transaction risk control based on position scene identification
US20150347999A1 (en) * 2014-05-28 2015-12-03 Verizon Patent And Licensing Inc. Point-of-sale location check for payment card purchases

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102545964B (en) * 2010-12-16 2014-08-13 国民技术股份有限公司 Communication method and system for triggering information interaction by collision
FR2975860A1 (en) * 2011-05-25 2012-11-30 France Telecom REMOTE PAYMENT METHOD, FROM A USER DEVICE, A PURCHASE BASKET ON A MERCHANT SERVER AND AN ASSOCIATED SYSTEM
CN103065240B (en) * 2013-01-11 2018-04-27 中兴通讯股份有限公司 A kind of mobile payment processing method and system
CN105518732A (en) * 2013-07-04 2016-04-20 维萨国际服务协会 Authorizing transactions using mobile device based rules
CN105590194A (en) * 2014-12-03 2016-05-18 ***股份有限公司 Offline payment method and payment system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201690499U (en) * 2009-11-24 2010-12-29 ***通信集团湖南有限公司 Mobile payment system, service processing device and mobile terminal
CN102157040A (en) * 2011-01-18 2011-08-17 中兴通讯股份有限公司 Communication device and method thereof of non-contact mobile payment apparatus
CN103745397A (en) * 2014-01-27 2014-04-23 上海坤士合生信息科技有限公司 System and method for realizing electronic transaction risk control based on position scene identification
US20150347999A1 (en) * 2014-05-28 2015-12-03 Verizon Patent And Licensing Inc. Point-of-sale location check for payment card purchases

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109472175A (en) * 2018-08-21 2019-03-15 ***股份有限公司 Electromagnetic induction device and accepting terminal and its method for handover control

Also Published As

Publication number Publication date
CN106056376A (en) 2016-10-26

Similar Documents

Publication Publication Date Title
US10785212B2 (en) Automated access data provisioning
US11461760B2 (en) Authentication using application authentication element
WO2017197740A1 (en) System and method for authorizing mobile terminal based on triggering of proximity sensing
KR101455609B1 (en) Payment system and method using iris information
WO2017075063A1 (en) Wireless biometric authentication system and method
JP2017530586A (en) System and method for authenticating a client to a device
KR20170121341A (en) Method for authentication using biometric data for mobile device e-commerce transactions
US20170091774A1 (en) Biometric Fingerprint Payment System for Mobile Devices
US11861600B2 (en) Systems and methods for providing card interactions
US10395244B1 (en) Systems and methods for providing card interactions
US11868988B2 (en) Devices and methods for selective contactless communication
JP2022527798A (en) Systems and methods for efficient challenge response authentication
JP2017167875A (en) System, cash dispensing method, and program
KR20150072955A (en) Method for payment using card, digital system, and settlment side system thereof
KR101576075B1 (en) Mobile payment system, mobile terminal, and mobile payment method
KR20190003267A (en) System for providing payment service based on customer's account
EP4369270A1 (en) Method for authenticating a user of a payment instrument during a face-to-face payment transaction
AU2015200732B2 (en) Authentication using application authentication element
WO2023055562A1 (en) Remote identity interaction
KR20140117079A (en) Mobile payment system, mobile terminal, and mobile payment method
CN109426964A (en) For authorizing the method and system of transaction
KR20150072956A (en) Method for payment using card, digital system, and settlment side system thereof
KR20150040261A (en) Mobile payment system, mobile terminal, and mobile payment method

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16902120

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 29.04.2019)

122 Ep: pct application non-entry in european phase

Ref document number: 16902120

Country of ref document: EP

Kind code of ref document: A1