CN104753675B

CN104753675B - Information Authentication method, electric paying method, terminal, server and system

Info

Publication number: CN104753675B
Application number: CN201310753058.9A
Authority: CN
Inventors: 杨小伟
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd; Tencent Cloud Computing Beijing Co Ltd
Priority date: 2013-12-31
Filing date: 2013-12-31
Publication date: 2019-04-26
Anticipated expiration: 2033-12-31
Also published as: CN104753675A

Abstract

The embodiment of the invention discloses a kind of Information Authentication, electric paying method, terminal, server and systems, and wherein method includes: the user authentication information that user terminal obtains the key identification of cipher key and is stored in advance in the cipher key；The user terminal sends the key identification and the user authentication information to application server；The application server searches the corresponding decruption key of the key identification, and the user authentication information is decrypted using the decruption key；The application server verifies the user authentication information after decryption processing.The safety of business processing can be promoted, and promotes the efficiency of business processing.

Description

Information Authentication method, electric paying method, terminal, server and system

Technical field

The present invention relates to Internet technical field more particularly to a kind of Information Authentication method, electric paying method, terminal, Server and system.

Background technique

With the development of internet technology, some routine works of the frequent online processing of user, and some it is related to user People's assets or the business of private information need to carry out user identity during processing stringent certification, such as online transaction, The scenes such as payment, when inputting user authentication information, user needs to input manually, due to being easy quilt during input Other people identify, reduce the safety of business processing.

Summary of the invention

The technical problem to be solved by the embodiment of the invention is that provide a kind of Information Authentication method, electric paying method, Terminal, server and system can promote the safety of business processing.

First aspect present invention provides a kind of Information Authentication method, it may include:

The user's checking letter that user terminal obtains the key identification of cipher key and is stored in advance in the cipher key Breath；

The user terminal sends the key identification and the user authentication information to application server；

The application server searches the corresponding decruption key of the key identification, using the decruption key to the use Family verification information is decrypted；

The application server verifies the user authentication information after decryption processing.

Second aspect of the present invention provides a kind of Information Authentication method, it may include:

The user terminal sends the key identification and the user authentication information to application server, so that described answer The corresponding decruption key of the key identification is searched with server, the user authentication information is carried out using the decruption key Decryption processing verifies the application server to the user authentication information after decryption processing.

Third aspect present invention provides a kind of Information Authentication method, it may include:

Application server receives the key identification for the cipher key that user terminal is sent and is stored in advance in the password key User authentication information in spoon；

Fourth aspect present invention provides a kind of user terminal, it may include:

Acquiring unit, key identification and the user being stored in advance in the cipher key for obtaining cipher key are tested Demonstrate,prove information；

Transmission unit, for sending the key identification and the user authentication information to application server, so that described Application server searches the corresponding decruption key of the key identification, using the decruption key to the user authentication information into Row decryption processing verifies the application server to the user authentication information after decryption processing.

Fifth aspect present invention provides a kind of application server, it may include:

Receiving unit, for receiving the key identification of the cipher key of user terminal transmission and being stored in advance in the password User authentication information in key；

Decryption unit, for searching the corresponding decruption key of the key identification, using the decruption key to the use Family verification information is decrypted；

Verification unit, for being verified to the user authentication information after decryption processing.

Sixth aspect present invention provides a kind of security authentication systems, it may include described in cipher key, above-mentioned fourth aspect User terminal and it is above-mentioned 5th aspect described in application server；

Wherein, the cipher key is for storing user authentication information.

Seventh aspect present invention provides a kind of electric paying method, it may include:

When paying to subject matter to be paid, payment terminal obtains the key identification of cipher key and is stored in advance User authentication information in the cipher key；

The payment terminal sends order information, the key identification and the user authentication information to payment server；

The payment server searches the corresponding decruption key of the key identification, using the decruption key to the use Family verification information is decrypted；

The payment server verifies the user authentication information, and to the order information after verifying successfully Carry out delivery operation.

Eighth aspect present invention provides a kind of payment terminal, and the payment terminal is specially described in above-mentioned fourth aspect User terminal.

Ninth aspect present invention provides a kind of payment server, and the payment server is specially above-mentioned 5th aspect institute The application server stated.

Tenth aspect present invention provides a kind of safety payment system, it may include described in cipher key, above-mentioned eighth aspect Payment terminal and it is above-mentioned 9th aspect described in payment server；

Wherein, the cipher key is for storing user authentication information.

In embodiments of the present invention, the user authentication information in cipher key is sent to by server by terminal, by taking Business device verifies the user authentication information.Authentication, nothing are carried out using the user authentication information of cipher key storage It need to be manually entered user authentication information, simplify the process of authentication, improve the convenience of business processing, and then improve The efficiency of business processing；User authentication information is decrypted in the server, avoids and believes the user's checking not encrypted Breath is exposed in transmission environment, ensure that the safety of user authentication information, and then improve the safety of business processing.

Detailed description of the invention

In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with It obtains other drawings based on these drawings.

Fig. 1 is a kind of flow diagram of Information Authentication method provided in an embodiment of the present invention；

Fig. 2 is a kind of process timing diagram of Information Authentication method provided in an embodiment of the present invention；

Fig. 3 is the flow diagram of another Information Authentication method provided in an embodiment of the present invention；

Fig. 4 is the flow diagram of another Information Authentication method provided in an embodiment of the present invention；

Fig. 5 is a kind of flow diagram of electric paying method provided in an embodiment of the present invention；

Fig. 6 is a kind of process timing diagram of electric paying method provided in an embodiment of the present invention；

Fig. 7 is a kind of structural schematic diagram of user terminal provided in an embodiment of the present invention；

Fig. 8 is the structural schematic diagram of another user terminal provided in an embodiment of the present invention；

Fig. 9 is the structural schematic diagram of another user terminal provided in an embodiment of the present invention；

Figure 10 is a kind of structural schematic diagram of application server provided in an embodiment of the present invention；

Figure 11 is the structural schematic diagram of another application server provided in an embodiment of the present invention；

Figure 12 is the structural schematic diagram of another application server provided in an embodiment of the present invention；

Figure 13 is a kind of structural schematic diagram of information authentication system provided in an embodiment of the present invention；

Figure 14 is a kind of structural schematic diagram of electronic fare payment system provided in an embodiment of the present invention.

Specific embodiment

Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.

Information Authentication method provided in an embodiment of the present invention can be applied in routine work need to carry out user identity The scene of verifying, such as: when receiving business processing request, need to carry out subscriber authentication, user terminal obtains password The key identification of key and the user authentication information being stored in advance in the cipher key, and to described in application server transmission Key identification and the user authentication information, the application server are searched the corresponding decruption key of the key identification, are used The user authentication information is decrypted in the decruption key, and carries out school to the user authentication information after decryption processing Test, when check results be user authentication information verify successfully when, the application server can to business processing request at The scene etc. of reason.

The routine work is specifically as follows on-line payment business, and electric paying method provided in an embodiment of the present invention can be with Applied to the scene of the on-line payment business, such as: when paying to subject matter to be paid, payment terminal obtains password The key identification of key and the user authentication information being stored in advance in the cipher key, and order is sent to payment server Information, the key identification and the user authentication information, it is described to search the corresponding decruption key of the key identification, using institute It states decruption key the user authentication information is decrypted, and the user authentication information is verified, verifying The scene etc. of delivery operation is carried out after success to the order information.Wherein, above-mentioned user terminal can be to provide in this method Payment terminal, above-mentioned application server can be the payment server that provides in this method.The use stored using cipher key Family verification information, which carries out authentication, can promote the safety of business processing without being manually entered user authentication information, and The process for simplifying authentication improves the convenience of business processing, while carrying out in the server to user authentication information Decryption, avoids the user authentication information that will do not encrypt and is exposed in transmission environment, ensure that the safety of user authentication information Property.

The user terminal that inventive embodiments are related to may include: tablet computer, smart phone, laptop, palm electricity The terminal devices such as brain and mobile internet device (MID), or can be the business processing client in the terminal device； The application server can be for comprising the background devices including the functions such as authentication, business processing, certainly, on-line payment be grasped Work can be completed using other server apparatus, such as: bank server etc.；The cipher key specifically can be with For near field communication (NFC) (Near Field Communication, NFC) module or radio frequency identification (Radio Frequency Identification, RFID) module, the cipher key specifically can also include read-write interface, the read-write The key identification and write-in user authentication information of cipher key are written when interface can be used for dispatching from the factory；The user authentication information It may include the information such as password, the password of customer digital certificate or other users authentication, such as: address name, Yong Hu electricity Talk about the information such as number, payment accounts, payment cipher；The subject matter can for tangible commodity (such as: chair, mineral water Deng), or invisible commodity (such as: telephone charge, network payment currency etc.).

Below in conjunction with attached drawing 1- attached drawing 4, it is situated between in detail to a kind of Information Authentication method provided in an embodiment of the present invention It continues.

Referring to Figure 1, for the embodiment of the invention provides a kind of flow diagrams of Information Authentication method.The present invention is implemented Example illustrates the detailed process of Information Authentication method from subscriber terminal side and application server side jointly, this method may include with Lower step S101- step S104.

S101, the user that user terminal obtains the key identification of cipher key and is stored in advance in the cipher key test Demonstrate,prove information；

Specifically, when user terminal receives the business processing request for routine work, and need to user identity When being verified, user terminal from the key identification (such as: equipment Serial Number etc.) for obtaining cipher key and can be stored in advance User authentication information in the cipher key.Preferably, the user terminal also obtains the terminal mark of the user terminal Knowledge information (such as: telephone number used in user terminal sequence number or user terminal etc.).

Further, the user authentication information is to use the key identification with the cipher key by application server The user authentication information of corresponding encryption keys.Preferably, the key of the available cipher key of the user terminal Spoon mark, and the user authentication information not encrypted or be stored in advance in the user terminal of user's input is not had The user authentication information of encryption and the key identification are sent to the application server, and the application server can be looked into Look for the corresponding encryption key of the key identification, it should be noted that the application server when the cipher key dispatches from the factory, Store the key identification and corresponding encryption key, the application server is using the encryption key to not encrypting User authentication information is encrypted, and the user authentication information obtained after encryption is sent to the user terminal, The user authentication information is written in the cipher key by the user terminal.The user's checking stored using cipher key Information, hereafter, whenever carrying out subscriber authentication, without repeating continuous input user authentication information, user only needs to open The application of the wireless induction of the user terminal, the user terminal are mutually incuded with the cipher key, the password The subscriber authentication information can be sent to the user terminal by key by induction.

S102, the user terminal send the key identification and the user authentication information to application server；

Specifically, the user terminal will acquire the use in the key identification and the cipher key of the cipher key Family verification information is sent to the application server, it is preferred that the terminal identification information is also sent to by the user terminal The application server, the application server are receiving the user authentication information, the terminal identification information and institute When stating key identification, relationship verifying first can be associated to the terminal identification information and the key identification.

It should be noted that before being verified to user identity, the available cipher key of user terminal The terminal identification information of key identification and the user terminal, and the key identification and the terminal identification information are sent To application server, the application server can be with key identification described in associated storage and the terminal identification information.Using this The mode of associated storage, so that each cipher key matches unique user terminal, when user is lost cipher key, other people The user authentication information in the cipher key is not available by authentication, ensure that the safety of user authentication information yet.

The application server executes after incidence relation is verified searches the corresponding decruption key of the key identification, The step of user authentication information is decrypted using the decruption key, it is to be understood that the user is whole End sends the key identification and the terminal identification information preferentially to provide the verifying that application server is associated relationship, then It sends user authentication information and provides that application server is subsequent is verified, the sequence of transmission does not limit in embodiments of the present invention System.

S103, the application server searches the corresponding decruption key of the key identification, using the decruption key pair The user authentication information is decrypted；

Specifically, the application server is when the cipher key dispatches from the factory, at the same be also stored the key identification with And corresponding decruption key, the application server search the corresponding decruption key of the key identification, and close using the decryption The user authentication information is decrypted in key.

S104, the application server verify the user authentication information after decryption processing；

Specifically, the application server verifies the user authentication information after decryption processing, it is preferred that can be defeated Check results carry out subsequent business processing to business processing request if verifying successfully to the user terminal out；If Verification failure, then application server can directly refuse the request of this business processing.

It is understood that the decruption key and encryption key of the embodiment of the present invention can be identical key, that is, use The mode of symmetrical encryption and decryption, certainly, decruption key and encryption key may be different keys, i.e., using asymmetric encryption and decryption Mode, used decruption key and encryption key and used Encryption Algorithm and decipherment algorithm are implemented in the present invention In example with no restriction.

Fig. 2 is referred to, for the embodiment of the invention provides a kind of process timing diagrams of Information Authentication method.The present invention is implemented Example illustrates the detailed process of Information Authentication method from subscriber terminal side and application server side jointly, this method may include with Lower step S201- step S207.

S201, user terminal obtain the key identification of cipher key and the terminal identification information of user terminal；

The key identification and the terminal identification information are sent to application server by S202, the user terminal；

S203, key identification and the terminal identification information described in the application server associated storage；

Specifically, before being verified to user identity, the key mark of the available cipher key of user terminal The terminal identification information of knowledge and the user terminal, and the key identification and the terminal identification information are sent to application Server, the application server can be with key identifications described in associated storage and the terminal identification information, to user's checking Before information is verified, the verifying of relationship is preferentially associated to the key identification and the terminal identification information.Using this The mode of associated storage, so that each cipher key matches unique user terminal, when user is lost cipher key, other people The user authentication information in the cipher key is not available by authentication, ensure that the safety of user authentication information yet.

S204, the user terminal obtain the terminal identification information of user terminal, the key identification of cipher key and in advance The user authentication information being stored in the cipher key；

S205, the user terminal send out the terminal identification information, the key identification and the user authentication information It send to the application server；

Specifically, the user terminal will acquire the use in the key identification and the cipher key of the cipher key Family verification information is sent to the application server, it is preferred that the terminal identification information is also sent to by the user terminal The application server.

S206, the application server are associated relationship verifying to the terminal identification information and the key identification；

Specifically, the application server is receiving the user authentication information, the terminal identification information and institute When stating key identification, relationship verifying, the application first can be associated to the terminal identification information and the key identification Server executes step S207 after incidence relation is verified, it is to be understood that the user terminal can preferentially be sent The key identification and the terminal identification information retransmit user and test to provide the verifying that application server is associated relationship Card information provides that application server is subsequent is verified, and the sequence of transmission is in embodiments of the present invention with no restriction.

S207, the application server are searched the corresponding decruption key of the terminal identification information after being verified, are adopted The user authentication information is decrypted with the decruption key, and the user authentication information after decryption processing is carried out Verification；

Specifically, the application server is when the cipher key dispatches from the factory, at the same be also stored the key identification with And corresponding decruption key, the application server search the corresponding decruption key of the key identification, and close using the decryption The user authentication information is decrypted in key, and the application server carries out the user authentication information after decryption processing Verification, it is preferred that can with output verification result to the user terminal, if verify successfully, to the business processing request into The subsequent business processing of row；If verification failure, application server can directly refuse the request of this business processing.

In embodiments of the present invention, the user authentication information in cipher key is sent to by server by terminal, by taking Business device verifies the user authentication information.Authentication, nothing are carried out using the user authentication information of cipher key storage It need to be manually entered user authentication information, simplify the process of authentication, improve the convenience of business processing, and then improve The efficiency of business processing；User authentication information is encrypted, and the process of encryption and decryption is in the server, avoids not having The user authentication information of encryption is exposed in transmission environment, ensure that the safety of user authentication information；Simultaneously by password The key identification of key and the terminal identification information of terminal are associated relationship verifying, so that other people are getting cipher key When, the safety of business processing can not be improved using the user authentication information in cipher key by the verification of application server Property.

Fig. 3 is referred to, for the embodiment of the invention provides the flow diagrams of another Information Authentication method.The present invention is real The detailed process that example illustrates Information Authentication method from subscriber terminal side is applied, this method may comprise steps of S301- step S302。

S301, the user that user terminal obtains the key identification of cipher key and is stored in advance in the cipher key test Demonstrate,prove information；

S302, the user terminal send the key identification and the user authentication information to application server, so that The application server searches the corresponding decruption key of the key identification, is believed using the decruption key the user's checking Breath is decrypted, and verifies the application server to the user authentication information after decryption processing；

The application server executes after incidence relation is verified searches the corresponding decruption key of the key identification, The step of user authentication information is decrypted using the decruption key, it is to be understood that the user is whole End can preferentially send the key identification and the terminal identification information and be associated testing for relationship to provide application server Card retransmits user authentication information and provides that application server is subsequent is verified, and the sequence of transmission is in embodiments of the present invention not It is restricted.

The key identification and corresponding is also stored when the cipher key dispatches from the factory in the application server Decruption key, the application server search the corresponding decruption key of the key identification, and using the decruption key to described User authentication information is decrypted, and the application server verifies the user authentication information after decryption processing, excellent Choosing, if verifying successfully, business processing request can be carried out subsequent with output verification result to the user terminal Business processing；If verification failure, application server can directly refuse the request of this business processing.It is understood that this The decruption key and encryption key of inventive embodiments can be identical key, i.e., by the way of symmetrical encryption and decryption, certainly, solution Key and encryption key may be different keys, i.e., by the way of asymmetric encryption and decryption, used decruption key With encryption key and used Encryption Algorithm and decipherment algorithm, in embodiments of the present invention with no restriction.

In embodiments of the present invention, the user authentication information in cipher key is sent to by server by terminal, by taking Business device verifies the user authentication information.Authentication, nothing are carried out using the user authentication information of cipher key storage It need to be manually entered user authentication information, simplify the process of authentication, improve the convenience of business processing, and then improve The efficiency of business processing；User authentication information is encrypted, and the process of encryption and decryption is in the server, avoids not having The user authentication information of encryption is exposed in transmission environment, be ensure that the safety of user authentication information, is improved business processing Safety.

Fig. 4 is referred to, for the embodiment of the invention provides the flow diagrams of another Information Authentication method.The present invention is real The detailed process that example illustrates Information Authentication method from application server side is applied, this method may comprise steps of S401- step S403。

S401, application server receive the key identification for the cipher key that user terminal is sent and are stored in advance in described close User authentication information in code key；

The user terminal will acquire the user's checking in the key identification and the cipher key of the cipher key Information is sent to the application server, it is preferred that the terminal identification information is also sent to described answer by the user terminal With server, the application server is receiving the user authentication information, the terminal identification information and the key When mark, relationship verifying first can be associated to the terminal identification information and the key identification.

S402, the application server searches the corresponding decruption key of the key identification, using the decruption key pair The user authentication information is decrypted；

S403, the application server verify the user authentication information after decryption processing；

Below in conjunction with attached drawing 5 and attached drawing 6, it is situated between in detail to a kind of electric paying method provided in an embodiment of the present invention It continues.

Fig. 5 is referred to, for the embodiment of the invention provides a kind of flow diagrams of electric paying method.The present invention is implemented Example illustrates the detailed process of Information Authentication method from payment terminal side and payment server side jointly, this method may include with Lower step S501- step S504.

S501, when paying to subject matter to be paid, payment terminal obtains the key identification of cipher key and pre- The user authentication information being first stored in the cipher key；

Specifically, when payment terminal receives the payment request paid to subject matter to be paid, and need pair When user identity is verified, the key identification of the available cipher key of payment terminal (such as: equipment Serial Number etc.) With the user authentication information being stored in advance in the cipher key.Preferably, the payment terminal also obtains the payment eventually The terminal identification information (such as: telephone number used in payment terminal sequence number or payment terminal etc.) at end and the branch Pay the order information carried in request.

Further, the user authentication information is to use the key identification with the cipher key by payment server The user authentication information of corresponding encryption keys.Preferably, the key of the available cipher key of the payment terminal Spoon mark, and the user authentication information not encrypted or be stored in advance in the payment terminal of user's input is not had The user authentication information of encryption and the key identification are sent to the payment server, and the payment server can be looked into Look for the corresponding encryption key of the key identification, it should be noted that the payment server when the cipher key dispatches from the factory, Store the key identification and corresponding encryption key, the payment server is using the encryption key to not encrypting User authentication information is encrypted, and the user authentication information obtained after encryption is sent to the payment terminal, The user authentication information is written in the cipher key by the payment terminal.The user's checking stored using cipher key Information, hereafter, whenever carrying out subscriber authentication, without repeating continuous input user authentication information, user only needs to open The application of the wireless induction of the payment terminal, the payment terminal are mutually incuded with the cipher key, the password The subscriber authentication information can be sent to payment terminal by induction by key.

S502, the payment terminal send order information, the key identification and the user's checking to payment server Information；

Specifically, the payment terminal will acquire the use in the key identification and the cipher key of the cipher key Family verification information is sent to the payment server, it is preferred that the payment terminal will also be ordered described in the terminal identification information Single information is sent to the payment server, and the payment server is receiving the user authentication information, the terminal mark Know information, the key identification and when the order information, can first to the terminal identification information and the key identification into The verifying of row incidence relation.

It should be noted that before being paid to subject matter to be paid, the available password of payment terminal The terminal identification information of the key identification of key and the payment terminal, and the key identification and the terminal iidentification are believed Breath is sent to payment server, and the payment server can be with key identification described in associated storage and the terminal identification information. By the way of this associated storage, so that each cipher key matches unique payment terminal, when user is lost password key Spoon, other people are not available the user authentication information in the cipher key by authentication yet, ensure that user authentication information Safety.

The payment server executes after incidence relation is verified searches the corresponding decruption key of the key identification, The step of user authentication information is decrypted using the decruption key, it is to be understood that the payment is eventually End sends the key identification and the terminal identification information preferentially to provide the verifying that payment server is associated relationship, then It sends user authentication information and provides that payment server is subsequent is verified, the sequence of transmission does not limit in embodiments of the present invention System.

S504, the payment server searches the corresponding decruption key of the key identification, using the decruption key pair The user authentication information is decrypted；

Specifically, the payment server is when the cipher key dispatches from the factory, at the same be also stored the key identification with And corresponding decruption key, the payment server search the corresponding decruption key of the key identification, and close using the decryption The user authentication information is decrypted in key.

S503, the payment server verify the user authentication information, and order after verifying successfully to described Single information carries out delivery operation；

Specifically, the payment server verifies the user authentication information after decryption processing, it is preferred that can be defeated Check results carry out delivery operation to the order information if verifying successfully to the payment terminal out；If verification failure, Then payment server can directly refuse this payment request.

In embodiments of the present invention, the user authentication information in cipher key is sent to by server by terminal, by taking Business device verifies the user authentication information.Authentication, nothing are carried out using the user authentication information of cipher key storage It need to be manually entered user authentication information, the safety of payment transaction processing is improved, simplify the process of authentication, improve The convenience of payment transaction processing, and then improve the efficiency of payment transaction processing.

Fig. 6 is referred to, for the embodiment of the invention provides a kind of process timing diagrams of electric paying method.The present invention is implemented Example illustrates the detailed process of Information Authentication method from payment terminal side and payment server side jointly, this method may include with Lower step S601- step S607.

S601, payment terminal obtain the key identification of cipher key and the terminal identification information of payment terminal；

The key identification and the terminal identification information are sent to payment server by S602, the payment terminal；

S603, key identification and the terminal identification information described in the payment server associated storage；

Specifically, before being paid to subject matter to be paid, the available cipher key of payment terminal The terminal identification information of key identification and the payment terminal, and the key identification and the terminal identification information are sent To payment server, the payment server can with key identification described in associated storage and the terminal identification information, with to Before family verification information is verified, the verifying of relationship is preferentially associated to the key identification and the terminal identification information. By the way of this associated storage, so that each cipher key matches unique payment terminal, when user is lost password key Spoon, other people are not available the user authentication information in the cipher key by authentication yet, ensure that user authentication information Safety.

S604, when paying to subject matter to be paid, the payment terminal obtains the terminal iidentification of user terminal Information, the key identification of cipher key and the user authentication information that is stored in advance in the cipher key；

S605, the payment terminal test order information, the terminal identification information, the key identification and the user Card information is sent to the payment server；

Specifically, the payment terminal will acquire the use in the key identification and the cipher key of the cipher key Family verification information is sent to the payment server, it is preferred that the payment terminal will also be ordered described in the terminal identification information Single information is sent to the payment server.

S606, the payment server are associated relationship verifying to the terminal identification information and the key identification, And it is executed after being verified and the user authentication information is verified；

Specifically, the payment server is receiving the user authentication information, the terminal identification information, the key When spoon mark and the order information, relationship first can be associated to the terminal identification information and the key identification and tested Card, the payment server executes after incidence relation is verified searches the corresponding decruption key of the key identification, uses The step of user authentication information is decrypted in the decruption key, it is to be understood that the payment terminal is excellent It sends the key identification and the terminal identification information first to provide the verifying that payment server is associated relationship, retransmits User authentication information provides that payment server is subsequent is verified, and the sequence of transmission is in embodiments of the present invention with no restriction.

S607, the payment server are searched the corresponding decruption key of the terminal identification information after being verified, are adopted The user authentication information is decrypted with the decruption key, and the user authentication information after decryption processing is carried out Verification；

Specifically, the payment server is when the cipher key dispatches from the factory, at the same be also stored the key identification with And corresponding decruption key, the payment server search the corresponding decruption key of the key identification, and close using the decryption The user authentication information is decrypted in key, and the payment server carries out the user authentication information after decryption processing Verification, it is preferred that, if verifying successfully, the order information can be propped up with output verification result to the payment terminal Pay operation；If verification failure, payment server can directly refuse this payment request.

In embodiments of the present invention, the user authentication information in cipher key is sent to by server by terminal, by taking Business device verifies the user authentication information.Authentication, nothing are carried out using the user authentication information of cipher key storage It need to be manually entered user authentication information, simplify the process of authentication, improve the convenience of payment transaction processing, Jin Erti The efficiency of payment transaction processing is risen；User authentication information is encrypted, and the process of encryption and decryption is in the server, keeps away The user authentication information for exempting from not encrypt is exposed in transmission environment, ensure that the safety of user authentication information；Lead to simultaneously It crosses and relationship verifying is associated to the key identification of cipher key and the terminal identification information of terminal, so that other people are getting When cipher key, payment industry can not be improved using the user authentication information in cipher key by the verification of application server The safety of business processing.

Below in conjunction with attached drawing 7 and attached drawing 8, describe in detail to user terminal provided in an embodiment of the present invention.It needs Illustrate, attached drawing 7 and attached user terminal shown in Fig. 8, the method for executing embodiment illustrated in fig. 3 of the present invention, in order to just In explanation, only parts related to embodiments of the present invention are shown, disclosed by specific technical details, please refers to Fig. 3 of the present invention Shown in embodiment.

Fig. 7 is referred to, for the embodiment of the invention provides a kind of structural schematic diagrams of user terminal.As shown in fig. 7, this hair The user terminal 1 of bright embodiment may include: acquiring unit 11 and transmission unit 12.

Acquiring unit 11, for obtaining the key identification of cipher key and the user being stored in advance in the cipher key Verification information；

In the specific implementation, when user terminal 1 receives the business processing request for routine work, and need to user When identity is verified, the acquiring unit 11 can be from the key identification (such as: equipment Serial Number etc.) for obtaining cipher key With the user authentication information being stored in advance in the cipher key.Preferably, the acquiring unit 11 also obtains the user The terminal identification information (such as: telephone number used in user terminal sequence number or user terminal etc.) of terminal 1.

Further, the user authentication information is to use the key identification with the cipher key by application server The user authentication information of corresponding encryption keys.Preferably, the key of the available cipher key of the user terminal 1 Spoon mark, and by the user authentication information of user's input not encrypted or it is stored in advance in not having in the user terminal 1 There are the user authentication information of encryption and the key identification to be sent to the application server, the application server can be with Search the corresponding encryption key of the key identification, it should be noted that the application server dispatches from the factory in the cipher key When, the key identification and corresponding encryption key are stored, the application server is added using the encryption key to no Close user authentication information is encrypted, and the user authentication information obtained after encryption is sent to user's end The user authentication information is written in the cipher key by the user terminal 1 for end 1.The use stored using cipher key Family verification information, hereafter, whenever carrying out subscriber authentication, without repeating continuous input user authentication information, user is only The application of the wireless induction of the user terminal 1 need to be opened, the user terminal 1 is mutually incuded with the cipher key, The subscriber authentication information can be sent to the acquiring unit 11 by induction by the cipher key.

Transmission unit 12, for sending the key identification and the user authentication information to application server, so that institute It states application server and searches the corresponding decruption key of the key identification, using the decruption key to the user authentication information It is decrypted, verifies the application server to the user authentication information after decryption processing；

In the specific implementation, the transmission unit 12 will acquire the key identification and the cipher key of the cipher key In user authentication information be sent to the application server, it is preferred that the transmission unit 12 also believes the terminal iidentification Breath is sent to the application server, and the application server is receiving the user authentication information, terminal iidentification letter When breath and the key identification, relationship verifying first can be associated to the terminal identification information and the key identification.

It should be noted that before being verified to user identity, the available cipher key of the user terminal 1 The terminal identification information of key identification and the user terminal 1, and the key identification and the terminal identification information are sent out It send to application server, the application server can be with key identification described in associated storage and the terminal identification information.Using The mode of this associated storage, so that each cipher key matches unique user terminal, when user is lost cipher key, he People is not available the user authentication information in the cipher key by authentication yet, ensure that the safety of user authentication information Property.

The application server executes after incidence relation is verified searches the corresponding decruption key of the key identification, The step of user authentication information is decrypted using the decruption key, it is to be understood that the transmission is single Member 12 can preferentially send the key identification and the terminal identification information and be associated relationship to provide application server Verifying retransmits user authentication information and provides that application server is subsequent is verified, and the sequence of transmission is in embodiments of the present invention With no restriction.

Fig. 8 is referred to, for the embodiment of the invention provides the structural schematic diagrams of another user terminal.As shown in figure 8, this The user terminal 1 of inventive embodiments may include: acquiring unit 11, transmission unit 12, mark acquiring unit 13 and information Identify transmission unit 14.

Mark acquiring unit 13, for obtaining the key identification of cipher key and the terminal identification information of user terminal；

Message identification transmission unit 14, for the key identification and the terminal identification information to be sent to application service Device, so that key identification described in the application server associated storage and the terminal identification information；

In the specific implementation, before being verified to user identity, the available password key of the mark acquiring unit 13 The key identification of spoon and the terminal identification information of the user terminal, the message identification transmission unit 14 is by the key mark Know and the terminal identification information be sent to application server, the application server can with key identification described in associated storage and The terminal identification information, before being verified to user authentication information, preferentially to the key identification and the terminal iidentification Information is associated the verifying of relationship.By the way of this associated storage, so that each cipher key matches unique user Terminal 1, when user is lost cipher key, the user authentication information that other people are not available in the cipher key yet is tested by identity Card, ensure that the safety of user authentication information.

Fig. 9 is referred to, for the embodiment of the invention provides the structural schematic diagrams of another user terminal.As shown in figure 9, institute Stating user terminal 1000 may include: at least one processor 1001, such as CPU, at least one network interface 1004, Yong Hujie Mouth 1003, memory 1005, at least one communication bus 1002.Wherein, communication bus 1002 is for realizing between these components Connection communication.Wherein, user interface 1003 may include display screen (Display), keyboard (Keyboard), and optional user connects Mouth 1003 can also include standard wireline interface and wireless interface.Network interface 1004 optionally may include the wired of standard Interface, wireless interface (such as WI-FI interface).Memory 1005 can be high speed RAM memory, be also possible to non-labile deposit Reservoir (non-volatile memory), for example, at least a magnetic disk storage.Memory 1005 optionally can also be at least One is located remotely from the storage device of aforementioned processor 1001.As shown in figure 9, the memory as a kind of computer storage medium It may include operating system, network communication module, Subscriber Interface Module SIM and Information Authentication application program in 1005.

In user terminal 1000 shown in Fig. 9, network interface 1004 is mainly used for connecting application server, answers with described Data communication is carried out with server；And user interface 1003 is mainly used for providing the interface of input for user, obtains user's output Data；And processor 1001 can be used for that the payment information stored in memory 1005 is called to verify application program, and specific Execute following steps:

The user authentication information for obtaining the key identification of cipher key and being stored in advance in the cipher key；

The key identification and the user authentication information are sent to application server, so that the application server is searched The corresponding decruption key of the key identification, is decrypted the user authentication information using the decruption key, makes The application server verifies the user authentication information after decryption processing.

Below in conjunction with attached drawing 10 and attached drawing 11, describe in detail to application server provided in an embodiment of the present invention. It should be noted that application server shown in attached drawing 10 and attached drawing 11, for executing the side of embodiment illustrated in fig. 4 of the present invention Method, for ease of description, only parts related to embodiments of the present invention are shown, disclosed by specific technical details, please refers to Present invention embodiment shown in Fig. 4.

Referring to Figure 10, for the embodiment of the invention provides a kind of structural schematic diagrams of application server.As shown in Figure 10, The application server 2 of the embodiment of the present invention may include: 21 decryption unit 22 of receiving unit and verification unit 23.

Receiving unit 21, for receiving the key identification of the cipher key of user terminal transmission and being stored in advance in described close User authentication information in code key；

In the specific implementation, when user terminal receives the business processing request for routine work, and need to user When identity is verified, user terminal can be from the key identification (such as: equipment Serial Number etc.) that obtains cipher key and preparatory The user authentication information being stored in the cipher key.Preferably, the user terminal also obtains the end of the user terminal End identification information (such as: telephone number used in user terminal sequence number or user terminal etc.).

Further, the user authentication information is to use the key mark with the cipher key by application server 2 Know the user authentication information of corresponding encryption keys.Preferably, the user terminal available cipher key Key identification, and by the user authentication information of user's input not encrypted or it is stored in advance in not having in the user terminal There are the user authentication information of encryption and the key identification to be sent to the application server 2, the application server 2 can To search the corresponding encryption key of the key identification, it should be noted that the application server 2 goes out in the cipher key When factory, the key identification and corresponding encryption key are stored, the application server 2 is using the encryption key to not having The user authentication information of encryption is encrypted, and the user authentication information obtained after encryption is sent to the user The user authentication information is written in the cipher key by the user terminal for terminal.The use stored using cipher key Family verification information, hereafter, whenever carrying out subscriber authentication, without repeating continuous input user authentication information, user is only The application of the wireless induction of the user terminal need to be opened, the user terminal is mutually incuded with the cipher key, institute The subscriber authentication information can be sent to the user terminal by induction by stating cipher key.

The user terminal will acquire the user's checking in the key identification and the cipher key of the cipher key Information is sent to the application server 2, it is preferred that the terminal identification information is also sent to described answer by the user terminal With server 2, the receiving unit 21 is receiving the user authentication information, the terminal identification information and the key When mark, the application server 2 first can be associated relationship verifying to the terminal identification information and the key identification.

It should be noted that before being verified to user identity, the available cipher key of user terminal The terminal identification information of key identification and the user terminal, and the key identification and the terminal identification information are sent To application server 2, the application server 2 can be with key identification described in associated storage and the terminal identification information.Using The mode of this associated storage, so that each cipher key matches unique user terminal, when user is lost cipher key, he People is not available the user authentication information in the cipher key by authentication yet, ensure that the safety of user authentication information Property.

The decryption unit 22 executes after incidence relation is verified searches the corresponding decruption key of the key identification, The step of user authentication information is decrypted using the decruption key, it is to be understood that the user is whole End preferentially sends the key identification and the terminal identification information and is associated testing for relationship to provide the application server 2 Card retransmits user authentication information and provides that the verification unit 22 is subsequent to be verified, and the sequence of transmission is in the embodiment of the present invention In with no restriction.

Decryption unit 22, for searching the corresponding decruption key of the key identification, using the decruption key to described User authentication information is decrypted；

In the specific implementation, when the cipher key dispatches from the factory while the key mark is also stored in the application server 2 Know and corresponding decruption key, the decryption unit 22 search the corresponding decruption key of the key identification, and using the solution User authentication information described in close key pair is decrypted.

Verification unit 23, for being verified to the user authentication information after decryption processing；

In the specific implementation, the verification unit 22 verifies the user authentication information after decryption processing, it is preferred that can With output verification result to the user terminal, if verifying successfully, business processing request is carried out at subsequent business Reason；If verification failure, verification unit 23 can directly refuse the request of this business processing.

Referring to Figure 11, for the embodiment of the invention provides the structural schematic diagrams of another application server.Such as Figure 11 institute Show, the application server 2 of the embodiment of the present invention may include: receiving unit 21, decryption unit 22, verification unit 23, deposit Storage unit 24 and verifying notification unit 25.

Storage unit 24, key identification and the user terminal for the cipher key that associated storage user terminal is sent Terminal identification information；

In the specific implementation, before being verified to user identity, the key of the available cipher key of user terminal The terminal identification information of spoon mark and the user terminal, and the key identification and the terminal identification information are sent to Application server 2, the storage unit 24 can be with key identifications described in associated storage and the terminal identification information, to user Before verification information is verified, the verifying of relationship is preferentially associated to the key identification and the terminal identification information.It adopts With the mode of this associated storage, so that each cipher key matches unique user terminal, when user is lost cipher key, Other people are not available the user authentication information in the cipher key by authentication yet, ensure that the safety of user authentication information Property.

The user terminal will acquire the user's checking in the key identification and the cipher key of the cipher key Information is sent to the application server 2, it is preferred that the terminal identification information is also sent to described answer by the user terminal With server 2, the receiving unit 21 receives the user authentication information, the terminal identification information and the key mark Know.

Notification unit 25 is verified, for being associated relationship verifying to the terminal identification information and the key identification, And the decryption unit 22 is notified to search the corresponding decruption key of the key identification after being verified, it is close using the decryption The user authentication information is decrypted in key；

In the specific implementation, the receiving unit 21 receive the user authentication information, the terminal identification information with And when the key identification, the verifying notification unit 25 can first be carried out the terminal identification information and the key identification Incidence relation verifying, and notify the decryption unit 22 to execute corresponding step after being verified.

The decryption unit 22 executes after incidence relation is verified searches the corresponding decruption key of the key identification, The step of user authentication information is decrypted using the decruption key, it is to be understood that the user is whole End sends the key identification and the terminal identification information preferentially to provide the verifying notification unit 25 and be associated relationship Verifying, retransmit user authentication information and provide that the verification unit 22 is subsequent to be verified, the sequence of transmission is of the invention real It applies in example with no restriction.

In the specific implementation, the verification unit 23 verifies the user authentication information after decryption processing, export simultaneously Check results carry out subsequent business processing to business processing request if verifying successfully；If verification failure, verifies Unit 23 can directly refuse the request of this business processing.

Referring to Figure 12, for the embodiment of the invention provides a kind of structural schematic diagrams of application server.As shown in figure 12, The application server 2000 may include: at least one processor 2001, such as CPU, at least one network interface 2004 is used Family interface 2003, memory 2005, at least one communication bus 2002.Wherein, communication bus 2002 is for realizing these components Between connection communication.Wherein, user interface 2003 may include display screen (Display), keyboard (Keyboard), can be selected Family interface 2003 can also include standard wireline interface and wireless interface.Network interface 2004 optionally may include standard Wireline interface, wireless interface (such as WI-FI interface).Memory 2005 can be high speed RAM memory, be also possible to non-unstable Memory (non-volatile memory), a for example, at least magnetic disk storage.Memory 2005 optionally can also be At least one is located remotely from the storage device of aforementioned processor 2001.As shown in figure 12, as a kind of computer storage medium It may include operating system, network communication module, Subscriber Interface Module SIM and Information Authentication application program in memory 2005.

In the application server 2000 shown in Figure 12, network interface 2004 is mainly used for connecting user terminal, and described User terminal carries out data communication；And user interface 2003 is mainly used for providing the interface of input for user, obtains user's output Data；And processor 2001 can be used for calling the Information Authentication application program stored in memory 2005, and specifically execute Following steps:

The user for receiving the key identification for the cipher key that user terminal is sent and being stored in advance in the cipher key Verification information；

The corresponding decruption key of the key identification is searched, the user authentication information is carried out using the decruption key Decryption processing；

User authentication information after decryption processing is verified.

Referring to Figure 13, for the embodiment of the invention provides a kind of structural schematic diagrams of information authentication system.Such as Figure 13 institute Show, which may include user terminal 1, application server 2 and cipher key 3, user terminal 1 can by network with answer It is connected with server 2, wherein the user terminal 1 is specially the user terminal 1 of any illustrated embodiment of Fig. 7 and Fig. 8, described Application server 2 is specially the application server 2 of any illustrated embodiment of Figure 10 and Figure 11, alternatively, the user terminal 1 is specific For the user terminal 1000 of embodiment illustrated in fig. 9, the application server 2 is specially the application server of embodiment illustrated in fig. 12 2000, the cipher key 3 is for storing user authentication information.

The user terminal 1 is used to obtain the key identification of cipher key 3 and is stored in advance in the cipher key 3 User authentication information sends the key identification and the user authentication information to application server 2, so that the application service Device 2 searches the corresponding decruption key of the key identification, and the user authentication information is decrypted using the decruption key Processing, verifies the application server 2 to the user authentication information after decryption processing.

The application server 2 is used to receive the key identification of the cipher key 3 of the transmission of user terminal 1 and is stored in advance in User authentication information in the cipher key 3 searches the corresponding decruption key of the key identification, using the decruption key The user authentication information is decrypted, the user authentication information after decryption processing is verified.

Referring to Figure 14, for the embodiment of the invention provides a kind of structural schematic diagrams of electronic fare payment system.Such as Figure 14 institute Show, which may include cipher key 3, payment terminal 4 and payment server 5, and payment terminal 4 can pass through network and branch Pay server 5 connects, wherein the payment terminal 4 is specially the user terminal 1 of any illustrated embodiment of Fig. 7 and Fig. 8, described Payment server 5 is specially the application server 2 of any illustrated embodiment of Figure 10 and Figure 11, alternatively, the payment terminal 4 is specific For the user terminal 1000 of embodiment illustrated in fig. 9, the payment server 5 is specially the application server of embodiment illustrated in fig. 12 2000, the cipher key 3 is for storing user authentication information.

Payment terminal 4 is used for when paying to subject matter to be paid, obtains the key identification of cipher key 3 and pre- The user authentication information being first stored in the cipher key 3 sends order information, the key identification to payment server 5 With the user authentication information so that the payment server 5 searches the corresponding decruption key of the key identification, using described The user authentication information is decrypted in decruption key, make the payment server 5 to the user authentication information into Row verification, and delivery operation is carried out to the order information after verifying successfully.

Payment server 5 is used for when paying to subject matter to be paid, receives the password key that payment terminal 4 is sent The key identification of spoon 3 and the user authentication information being stored in advance in the cipher key 3, it is corresponding to search the key identification Decruption key is decrypted the user authentication information using the decruption key, to the user authentication information into Row verification, and delivery operation is carried out to the order information after verifying successfully.

Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..

The above disclosure is only the preferred embodiments of the present invention, cannot limit the right model of the present invention with this certainly It encloses, therefore equivalent changes made in accordance with the claims of the present invention, is still within the scope of the present invention.

Claims

1. a kind of Information Authentication method characterized by comprising

User terminal obtain the terminal identification information of user terminal, cipher key key identification and be stored in advance in the password User authentication information in key；

The terminal identification information, the key identification and the user authentication information are sent to using clothes by the user terminal Business device；

The application server is associated relationship verifying to the terminal identification information and the key identification, and logical in verifying Later the corresponding decruption key of the key identification is searched, the user authentication information is decrypted using the decruption key Processing；

2. the method according to claim 1, wherein the user authentication information is to use by application server The user authentication information of encryption keys corresponding with the key identification of the cipher key.

3. the method according to claim 1, wherein the user terminal obtains the terminal iidentification letter of user terminal Before breath, the key identification of cipher key and the user authentication information that is stored in advance in the cipher key, further includes:

User terminal obtains the key identification of cipher key and the terminal identification information of user terminal；

The key identification and the terminal identification information are sent to application server by the user terminal；

Key identification described in the application server associated storage and the terminal identification information.

4. the method according to claim 1, wherein the cipher key is near field communication (NFC) NFC Module or wireless radio frequency discrimination RFID module.

5. a kind of Information Authentication method characterized by comprising

The terminal identification information, the key identification and the user authentication information are sent to using clothes by the user terminal Business device, the terminal identification information is used to be associated relationship with the key identification and verify by the application server, described Key identification is also used to search the corresponding decruption key of the key identification after described be verified by the application server, The corresponding decruption key of the key identification by the application server for the user authentication information to be decrypted, User authentication information after the decryption processing is by the application server for being verified.

6. a kind of Information Authentication method characterized by comprising

Application server receives the terminal identification information of user terminal that user terminal sends, the key identification of cipher key and pre- The user authentication information being first stored in the cipher key；

7. a kind of user terminal characterized by comprising

Acquiring unit, for obtaining the key identification of the terminal identification information of user terminal, cipher key and being stored in advance in institute State the user authentication information in cipher key；

Transmission unit, for the terminal identification information, the key identification and the user authentication information to be sent to application Server, so that the application server is associated relationship verifying to the terminal identification information and the key identification, and The corresponding decruption key of the key identification is searched after being verified, using the decruption key to the user authentication information It is decrypted, verifies the application server to the user authentication information after decryption processing.

8. terminal according to claim 7, which is characterized in that the user authentication information is to use by application server The user authentication information of encryption keys corresponding with the key identification of the cipher key.

9. terminal according to claim 7, which is characterized in that further include:

Mark acquiring unit, for obtaining the key identification of cipher key and the terminal identification information of user terminal；

Message identification transmission unit, for the key identification and the terminal identification information to be sent to application server, with Make key identification described in the application server associated storage and the terminal identification information.

10. terminal according to claim 7, which is characterized in that the cipher key is NFC module or RFID module.

11. a kind of application server characterized by comprising

Receiving unit, for receiving the terminal identification information for the user terminal that user terminal is sent, the key identification of cipher key With the user authentication information being stored in advance in the cipher key；

Notification unit is verified, for being associated relationship verifying to the terminal identification information and the key identification, and is being tested Card notifies decryption unit after passing through；

Decryption unit, for being associated pass to the terminal identification information and the key identification in the verifying notification unit After system is verified, the corresponding decruption key of the key identification is searched, the user's checking is believed using the decruption key Breath is decrypted；

12. server according to claim 11, which is characterized in that the user authentication information is by application server Use the user authentication information of encryption keys corresponding with the key identification of the cipher key.

13. server according to claim 11, which is characterized in that further include:

Storage unit, the key identification of the cipher key for the transmission of associated storage user terminal and the terminal of the user terminal Identification information.

14. server according to claim 11, which is characterized in that the cipher key is NFC module or RFID mould Block.

15. a kind of security authentication systems, which is characterized in that including cipher key, such as described in any item use of claim 7-10 Family terminal and such as described in any item application servers of claim 11-14；

Wherein, the cipher key is for storing user authentication information.

16. a kind of electric paying method characterized by comprising

When paying to subject matter to be paid, payment terminal obtains the terminal identification information of payment terminal, cipher key Key identification and the user authentication information that is stored in advance in the cipher key；

The payment terminal sends order information, the terminal identification information of the payment terminal, the key to payment server Mark and the user authentication information；

The payment server is associated relationship verifying to the terminal identification information and the key identification, and logical in verifying Later the corresponding decruption key of the key identification is searched, the user authentication information is decrypted using the decruption key Processing；

The payment server verifies the user authentication information, and carries out after verifying successfully to the order information Delivery operation.

17. according to the method for claim 16, which is characterized in that the user authentication information is to make by payment server With the user authentication information of encryption keys corresponding with the key identification of the cipher key.

18. according to the method for claim 16, which is characterized in that described to carry out paying it to subject matter to be paid Before, further includes:

Payment terminal obtains the key identification of cipher key and the terminal identification information of payment terminal；

The key identification and the terminal identification information are sent to payment server by the payment terminal；

Key identification described in the payment server associated storage and the terminal identification information.

19. according to the method for claim 16, which is characterized in that the cipher key is NFC module or RFID module.

20. a kind of payment terminal, which is characterized in that the payment terminal is specially such as the described in any item use of claim 7-10 Family terminal.

21. a kind of payment server, which is characterized in that the payment server is specially such as any one of claim 11-14 institute The application server stated.

22. a kind of electronic fare payment system, which is characterized in that including cipher key, payment terminal as claimed in claim 20 with And payment server as claimed in claim 21；

Wherein, the cipher key is for storing user authentication information.