CN103188212A - Security management method and service terminal of electronic wallet, and electronic wallet system - Google Patents
Security management method and service terminal of electronic wallet, and electronic wallet system Download PDFInfo
- Publication number
- CN103188212A CN103188212A CN 201110446307 CN201110446307A CN103188212A CN 103188212 A CN103188212 A CN 103188212A CN 201110446307 CN201110446307 CN 201110446307 CN 201110446307 A CN201110446307 A CN 201110446307A CN 103188212 A CN103188212 A CN 103188212A
- Authority
- CN
- China
- Prior art keywords
- stored value
- value card
- identification
- data
- identification data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title abstract description 4
- 238000012795 verification Methods 0.000 claims abstract description 67
- 238000000034 method Methods 0.000 claims abstract description 40
- 238000012545 processing Methods 0.000 claims description 23
- 230000008569 process Effects 0.000 claims description 14
- 210000001747 pupil Anatomy 0.000 claims description 8
- 230000015572 biosynthetic process Effects 0.000 claims description 3
- 230000008878 coupling Effects 0.000 claims description 3
- 238000010168 coupling process Methods 0.000 claims description 3
- 238000005859 coupling reaction Methods 0.000 claims description 3
- 210000003128 head Anatomy 0.000 claims description 2
- 239000004973 liquid crystal related substance Substances 0.000 claims description 2
- 238000004321 preservation Methods 0.000 claims description 2
- 230000006854 communication Effects 0.000 description 13
- 238000004891 communication Methods 0.000 description 9
- 230000005540 biological transmission Effects 0.000 description 7
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000002708 enhancing effect Effects 0.000 description 2
- 150000003839 salts Chemical class 0.000 description 2
- 230000011218 segmentation Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 239000007799 cork Substances 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 108700039855 mouse a Proteins 0.000 description 1
- 230000035772 mutation Effects 0.000 description 1
- 238000010561 standard procedure Methods 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a security management method and a service terminal of an electronic wallet, and an electronic wallet system. The method comprises the steps that an electronic wallet service provider starts electronic wallet security verification based on an electronic wallet service request; identification data of an electronic wallet service requester is collected based on the security verification, wherein the identification data comprises physical characteristic data; the identification data is sent to an identity verifier after encrypted by a public key; the identity verifier conducts identification verification after the identification data is decrypted by a private key; the private key and the public key form a key pair; the identity verifier sends a verification result to the electronic wallet service provider after the verification result is encrypted by the private key; and the electronic wallet service provider decrypts the verification result through the public key, and provides electronic wallet service data for the electronic wallet service requester after the identification verification is passed. The method, the service terminal and the system improve the security of electronic wallet application.
Description
Technical field
The present invention relates to the security verification technology in the internet electronic business, particularly the method for managing security of stored value card and service terminal, electronic purse system.
Background technology
Stored value card is a kind of means of payment commonly used in the present e-commerce initiative.Use the user of stored value card will open an account in relevant bank usually.When using stored value card, stored value card is installed on the e-commerce server by relevant electronic wallet application software, utilize the stored value card service system just can import into the data on the various electronic money of oneself or the electronic banking card.When bank settlement takes place, need use e-credit when (as with gatherings such as Visa card or Master cards) as the user, as long as clicking respective item (or respective icon), the user can finish.
In electronic commerce service system, be typically provided with the function management module of electronic money and stored value card, be called wallet administration device (Wallet Administration), the user can change secret password by the wallet administration device, and electronic money account, inventory and the data of checking the receipt and payment contact on the own account No..Also have the electronic transaction register in the electronic commerce service system, client can understand oneself and buy what article by the query note device, and what have been bought, and also can print Query Result.
Therefore, the use of stored value card brings a lot of facilities for people's life.Yet, carry out because the safety management of existing stored value card all only is based on the mode of secret password, and secret password being owing to more easily be cracked, that its fail safe more and more is difficult to satisfy is that the user increases day by day, for the demand of e-commerce security.Thereby, also influence the impression that the user experiences ecommerce.
Therefore, the fail safe that how further to improve electronic wallet application just becomes the industry problem demanding prompt solution.
Summary of the invention
The invention provides a kind of method for managing security of stored value card and service terminal, electronic purse system, to improve the fail safe of electronic wallet application.
For addressing the above problem, the invention provides a kind of method for managing security of stored value card, comprising:
The professional provider of stored value card starts the stored value card security verification based on the stored value card service request;
Based on described stored value card security verification, gather the identification data of stored value card service request side, described identification data comprise characteristics of human body's data;
Described identification data are sent to authentication side after with publicly-owned secret key encryption;
Authentication side carries out the identification checking after with private cipher key the identification data being deciphered; It is right that described private cipher key and described publicly-owned key constitute key;
Authentication side will verify and be sent to the professional provider of stored value card after the result is with private key encryption;
The professional provider of stored value card after the identification checking is passed through, provides stored value card business datum to stored value card service request side with the described checking result of publicly-owned secret key decryption.
Correspondingly, the present invention also provides a kind of stored value card service terminal, comprising:
Request unit is based on user's stored value card business demand operation formation stored value card service request;
Tip element, based on the stored value card security verification, the prompting user carries out the identification data acquisition;
Collecting unit after the startup, is gathered user's identification data, and described identification data comprise characteristics of human body's data;
Ciphering unit, with described identification data with publicly-owned secret key encryption;
The checking transmitting element is sent to authentication side with the described identification data after encrypting.
Correspondingly, the present invention also provides a kind of electronic purse system that comprises above-mentioned service terminal, and it also comprises: stored value card business processing device and authentication means, wherein,
Described stored value card business processing device based on the stored value card service request, starts the stored value card security verification; The identification checking result who produces with publicly-owned secret key decryption authentication means, the identification checking by after described stored value card business datum is provided;
Described authentication means is obtained the identification data with publicly-owned secret key encryption, after with private cipher key the identification data being deciphered, carries out the identification checking; It is right that described private cipher key and described publicly-owned key constitute key; And, identification verified be sent to described stored value card business processing device after the result is with private key encryption.
Compared with prior art, such scheme has the following advantages: the method for managing security of above-mentioned stored value card and service terminal, electronic purse system all adopt the identification data that comprise characteristics of human body's data to carry out the identification checking, because the relative independentability of characteristics of human body's data, be difficult for stolen and counterfeit, Reliability based on this identification checking of carrying out also improves a lot, and then has strengthened the fail safe of electronic wallet application.
And in the whole electronic wallet application process, the communication of each link all is encrypted communication by means of publicly-owned key or private cipher key.Because publicly-owned key and private cipher key are in the advantage aspect the confidentiality, the confidentiality of the communication that whole electronic wallet application process is related also improves a lot, and has further strengthened the fail safe of electronic wallet application.
In addition, for the consumer, it only need provide the identification data in the process of whole electronic wallet application, and need not other operations, with regard to energy electron gain wallet business datum, and finally realizes electronic wallet application, has also improved the convenience of electronic wallet application.
Description of drawings
Fig. 1 is a kind of execution mode schematic flow sheet of the method for managing security of stored value card of the present invention;
Fig. 2 is the process schematic diagram of a kind of embodiment of the method for managing security of stored value card of the present invention;
Fig. 3 is a kind of execution mode structural representation of electronic purse system of the present invention;
Fig. 4 is the structural representation of stored value card service terminal among a kind of embodiment of electronic purse system of the present invention;
Fig. 5 is the structural representation of stored value card business processing device among a kind of embodiment of electronic purse system of the present invention;
Fig. 6 is the structural representation of authentication means among a kind of embodiment of electronic purse system of the present invention;
Fig. 7 is the structural representation of stored value card service terminal among the another kind of embodiment of electronic purse system of the present invention;
Fig. 8 is the structural representation of authentication means among the another kind of embodiment of electronic purse system of the present invention.
Embodiment
Just as stated in the Background Art, because existing stored value card only comes maintenance safe by secret password, it can't satisfy the security requirement that the user increases day by day.Comparison data when in view of this, the method for managing security of stored value card of the present invention has used the identification data conduct that comprises characteristics of human body's data to carry out the identification checking.Because the particularity of characteristics of human body's data itself, it is difficult for stolen and counterfeit.And, the method for managing security of stored value card provided by the invention also carries out coded communication based on publicly-owned key, private cipher key to each link in the whole electronic wallet application, by publicly-owned key and private cipher key in the advantage aspect the confidentiality, improve the confidentiality of communication, with the fail safe of further enhancing electronic wallet application.
With reference to shown in Figure 1, a kind of execution mode of the method for managing security of stored value card of the present invention comprises:
Step s1, the professional provider of stored value card starts the stored value card security verification based on the stored value card service request;
Step s2 based on described stored value card security verification, gathers the identification data of stored value card service request side, and described identification data comprise characteristics of human body's data;
Step s3 is sent to authentication side with described identification data after with publicly-owned secret key encryption;
Step s4, authentication side carry out the identification checking after with private cipher key the identification data being deciphered; It is right that described private cipher key and described publicly-owned key constitute key;
Step s5, authentication side will verify and be sent to the professional provider of stored value card after the result is with private key encryption;
Step s6, the professional provider of stored value card after the identification checking is passed through, provides stored value card business datum to stored value card service request side with the described checking result of publicly-owned secret key decryption.
Further specify below in conjunction with the process of instantiation to the method for managing security of above-mentioned stored value card.For convenience of description, will provide a side of stored value card business datum to be called the professional provider of stored value card in electronic wallet application, a side who obtains the stored value card business datum in electronic wallet application is called stored value card service request side.
In conjunction with illustrated in figures 1 and 2, stored value card service request side can send the stored value card service request to the professional provider of stored value card based on the application demand of stored value card.For example, stored value card service request side need carry out shopping online by stored value card, and then it can send the stored value card service request to the Internet bank as the professional provider of stored value card, and this request has generally included the account of stored value card.
After the professional provider of stored value card obtains described stored value card service request, it can start the stored value card security verification based on this request, and described stored value card security verification is used for whether the described stored value card of checking service request side is the validated user of the account of this stored value card.
After the professional provider of stored value card started the stored value card security verification, just needed to gather the identification data of stored value card service request side this moment, and described identification data comprise characteristics of human body's data.Certainly, described identification data also can comprise a kind of or combination in electronics password, the payment cipher.This sentences the identification data and is characteristics of human body's data instance.Described characteristics of human body's data can comprise a kind of or combination in fingerprint, pupil, shape of face, the sound.But the present invention does not limit this, and other characteristics of human body's data that can obtain by acquisition mode are all applicable to the present invention.Be example with the fingerprint, just need to gather by fingerprint acquisition device the fingerprint of stored value card service request side this moment.The fingerprint that collects will be used for follow-up identification checking as the identification data.
As previously mentioned, in order to guarantee the communication security in the electronic wallet application process, need the communication data in the communication process is encrypted.Therefore, behind the captured identity recognition data, can initiate authentication request to authentication side.Authentication side can provide publicly-owned key after obtaining described authentication request.Thus, just can be encrypted the identification data of gathering by described publicly-owned key.Certainly, encryption to the identification data is not limited in this mode, also can in having the electronic equipment of encryption function, deposit publicly-owned key in advance in, then behind the captured identity recognition data, just receive described identification data to be encrypted operation by described electronic equipment.
After the encryption of finishing the identification data, just the identification data after encrypting can be sent to authentication side, carry out the identification checking to transfer to authentication side.At this moment, authentication side can be decrypted the identification data with private cipher key.Based on publicly-owned key and the right encrypting and decrypting characteristic of private cipher key, can only be deciphered by private cipher key by the data of publicly-owned secret key encryption, and also can only be by publicly-owned secret key decryption by the data of private key encryption.Therefore, the content of the identification data after the encryption only may be obtained by the deciphering back, authentication side that has private cipher key.Even the identification data after encrypting are obtained by its other party in communication process, its other party also can't obtain content wherein.Thereby the Information Security in the communication process has obtained assurance.
And described publicly-owned key and private cipher key meet Security Real Time Protocol (SRTP, Secure Real-time Transport Protocol).Security Real Time Protocol is at RTP (RTP; Real-time Transport Protocol) a defined agreement on the basis, being intended to provides encryption, message authentication, integrality to guarantee and the playback protection for the data of the RTP in clean culture and the multicast application program.It is developed by David Oran (Cisco) and Rolf Blom (Ericsson), and is issued as RFC 3711 in March, 2004 by IETF the earliest.
Because RTP and can being used to is controlled the RTCP Real-time Transport Control Protocol (RTCP of the session of RTP, RTP Control Protocol) contact is closely arranged, Security Real Time Protocol equally also has a companion protocol, it is called as real-time security transmission control protocol (SRTCP, Secure RTCP).Real-time security transmission control protocol provides similarly and security-related characteristic for RTCP Real-time Transport Control Protocol, those that provide for RTP just as Security Real Time Protocol.
When using RTP or RTCP Real-time Transport Control Protocol, it is optional using Security Real Time Protocol or real-time security transmission control protocol.Even but used Security Real Time Protocol or real-time security transmission control protocol, and all they characteristic (as data stream encryption and message authentication) that provides also all is optional, these characteristics can be used independently or be forbidden.Unique exception is when using real-time security transmission control protocol, must use its message authentication characteristic.
About traffic encryption-in order to provide the maintaining secrecy of data flow (for example above-mentioned identification data), need carry out encryption and decryption to data stream.About this point, Security Real Time Protocol (in conjunction with real-time security transmission control protocol) is a kind of cryptographic algorithm only, and namely AES has formulated the use standard.This cryptographic algorithm has two kinds of encryption modes, and they can convert original AES piece ciphertext to the stream ciphertext, comprise segmentation integer counter pattern and f8 pattern.
Wherein, segmentation integer counter pattern is a kind of typical counter mode, and its allows the random access to any piece, and these characteristics are transmitted at unreliable network that may packet loss for the data flow of RTP and are very important.Generally speaking, nearly all function can both be used as counter and use, as long as the number of times that it repeats in once circulating just can not too much.But what be used for the RTP data encryption only is a common integer count-up counter.The AES that operates under this pattern is the cryptographic algorithm of its acquiescence, and what it used is the encryption key of acquiescence 128 bit lengths and the session salt key of acquiescence 112 bit lengths.
And the f8 pattern is a mutation of output feedback mode, and it has increased positioning function and has changed function of initializing, and the AES under the default value sum counter pattern of its encryption key and salt key is the same.The AES that operates under this pattern is used to UMTS 3G mobile network.
Except the AES cryptographic algorithm, Security Real Time Protocol also allows thoroughly forbidding encryption, and what used this moment is so-called " zero cryptographic algorithm ".It can be considered to second kind of cryptographic algorithm that Security Real Time Protocol is supported, or perhaps its third encryption mode of supporting.In fact, zero cryptographic algorithm is not carried out any encryption, that is to say that cryptographic algorithm is imagined into key stream only the stream that comprises " 0 ", and intactly inlet flow is copied to output stream.This pattern is that the system of all and Security Real Time Protocol compatibility all must realize, because it can be used in and not need Security Real Time Protocol to provide confidentiality to guarantee and only require that it provides the occasion of other characteristic (as authentication and message integrity).
Although Security Real Time Protocol can be included new cryptographic algorithm like a cork in technically, the Security Real Time Protocol standard is pointed out that the new cryptographic algorithm except above-mentioned cryptographic algorithm differs and is gone in the specific implementation of being added to some Security Real Time Protocol surely simply.Add a kind of new cryptographic algorithm and guarantee it with the Security Real Time Protocol standard mutually compatible unique effective means be standard-track RFC who clearly defines the new association of this algorithm of issue.
About message authentication, integrality and playback protection-more than the cryptographic algorithm itself enumerated can not protect the integrality of message, the assailant still can data falsification---can reset the data of transmitting at least over.Therefore, the Security Real Time Protocol standard method that the protected data integrality also is provided simultaneously and prevented from resetting.
In order to carry out message authentication and to protect the integrality of message, Security Real Time Protocol has used HMAC-SHA1 algorithm (definition in RFC 2104).What this algorithm used is the HMAC-SHA1 authenticate key of acquiescence 160 bit lengths.But it can not resist Replay Attack.Playback guard method suggestion recipient safeguards the index of the message that had before received, and is compared in they and each message that newly receives, and receives only the new information that those past were not played.This method extremely depends on the use (to stop the Cheating Technology at message index) of integrity protection.
After deciphered the identification data with private cipher key authentication side, authentication side compared described identification data and benchmark verification msg; If identification data and described benchmark verification msg coupling, the judgement identification checking of authentication side is passed through; If identification data and described benchmark verification msg do not match, the judgement identification checking of authentication side is not passed through.Wherein, described benchmark verification msg comprises characteristics of human body's data equally.Particularly, described authentication Fang Zhongke pre-deposits characteristics of human body's data of the validated user of each stored value card, and with characteristics of human body's data of these validated users as the benchmark verification msg.When carrying out described comparison, just can differentiate identification data that deciphering back obtains whether with benchmark verification msg coupling wherein, with to the identification checking whether by judging.In addition, the described characteristics of human body's data that pre-deposit can obtain by the validated user collection to stored value card in advance, but the present invention is not limited thereto.
After authentication side finished identification checking and obtains the checking result, it can be sent to the professional provider of stored value card after with private key encryption with described checking result.Based on above-mentioned to publicly-owned key and the right secrecy Analysis of private cipher key, to send the fail safe that also can guarantee communication process behind the described checking result of private key encryption.
Behind the checking result of the professional provider of stored value card after obtaining encryption, obtain to verify result's content with publicly-owned secret key decryption.Described publicly-owned key can pre-deposit in the professional provider's of stored value card the electronic equipment with decipher function, perhaps, before or after authentication side will verify to be sent to the professional provider of stored value card after the result is with private key encryption, publicly-owned key is sent to the professional provider of stored value card.
After the checking result showed that the identification checking is passed through, stored value card professional provider namely provided the stored value card business datum to stored value card service request side.Be example with aforesaid shopping online still, at this moment, will be according to the amount of money of the related commodity of shopping online as the professional provider's of stored value card the Internet bank, to the operation of withholing of the account of described stored value card, to finish the delivery operation of shopping online.And, after the operation of withholing is finished, feed back the information of withholing of described stored value card account to stored value card service request side.
And if the professional provider of stored value card is known the identification authentication failed from the checking result, then can stop the stored value card business.Thereby, make that usurp other people user's (validated user of stored value card) identity carries out the operation of electronic wallet application and can't finish, with the fund of protection validated user and the safety of personal information.
By the said process analysis as can be known, stored value card service request side only need assist to finish the collection of identification data, just can and then finish the flow process of whole electronic wallet application, and during guaranteed the fail safe of communication data by the mode of coded communication.Therefore, whole electronic wallet application process is very convenient for stored value card service request side, and has fail safe preferably.
Except by authentication side stored value card service request side being carried out the identification checking, also can before the identification data of gathering stored value card service request side, just carry out local verification earlier.After local verification passes through, just begin to gather the identification data of stored value card service request side; And after the local verification failure, stop described stored value card business.Described local verification comprises: a kind of or combination in electronics password authentication, the payment cipher checking.Be example with the payment cipher, stored value card service request side can be by carrying out local verification at stored value card service terminal input payment cipher, and when then the payment cipher that prestores at payment cipher and service terminal was consistent, local verification passed through; Otherwise, then local verification failure.Then, the combination by local verification and identification checking can further strengthen the fail safe of electronic wallet application.
In addition, for ease of consulting historical electronic wallet application process, described authentication side can also obtain the stored value card business datum that the professional provider of stored value card provides synchronously.Described stored value card business datum will be preserved a period of time in described authentication side.During with the electronic wallet application process before for example stored value card service request Fang Xiang consults, can transfer by described authentication side, with the convenience of further enhancing electronic wallet application.
Correspondingly, the present invention also provides the stored value card service terminal and comprises the electronic purse system of described service terminal, to realize above-mentioned electronic wallet application process.Be elaborated below in conjunction with the concrete structure of instantiation to stored value card service terminal and electronic purse system.
With reference to shown in Figure 3, a kind of execution mode of electronic purse system of the present invention can comprise: stored value card service terminal 10, stored value card business processing device 20 and authentication means 30.
In one embodiment, with reference to shown in Figure 4, described stored value card service terminal 10 can comprise:
Collecting unit 102 after the startup, is gathered user's identification data, and described identification data comprise characteristics of human body's data;
Checking transmitting element 104 is sent to authentication side with the described identification data after encrypting.
As previously mentioned, described characteristics of human body's data can comprise a kind of or combination in fingerprint, pupil, shape of face, the sound.Correspondingly, described collecting unit 102 is for realizing the device of corresponding human body characteristics data acquisition.For example, described characteristics of human body's data are fingerprint; Described collecting unit 102 is fingerprint acquisition device; Described characteristics of human body's data are the combination of pupil or shape of face or pupil, shape of face; Described collecting unit 102 is camera head; Described characteristics of human body's data are sound; Described collecting unit 102 is microphone.
In addition, as previously mentioned, described identification data can also comprise a kind of in electronics password, the payment cipher or combination, and then described collecting unit 102 is external input device (for example in keyboard, liquid crystal touch screen, the mouse a kind of).
And described Tip element 101 can comprise a kind of or combination in display device, the loud speaker, so that the prompting of stored value card service request side image and/or voice mode to be provided.
In addition, described Tip element 101 and described collecting unit 102 can also integrate, to improve the integrated level of described stored value card service terminal 10.
In specific implementation, described stored value card service terminal can comprise a kind of in mobile phone, panel computer, the car-mounted terminal, but the present invention is not limited thereto.
In one embodiment, with reference to shown in Figure 5, described stored value card business processing device 20 can comprise:
Requesting processing 201 after the startup, based on the stored value card service request, starts the stored value card security verification;
Resolution unit 202, the identification checking result so that publicly-owned secret key decryption authentication means produces starts business data processing unit 203 in the identification checking by the back;
Business data processing unit 203 after the startup, provides described stored value card business datum based on the stored value card service request to the stored value card service terminal.
In one embodiment, with reference to shown in Figure 6, described authentication means 30 can comprise:
Key generates described publicly-owned key and described private cipher key to generation unit 302 according to described benchmark verification msg;
The system that above-mentioned each device and service terminal constitute realizes that the process of electronic wallet application can just repeat no more with reference to the explanation of the method for managing security of aforementioned electronic wallet herein.
In other embodiments, with reference to shown in Figure 7, the request unit 105 in the described stored value card service terminal produces and sends the identification checking to authentication means 30 and ask also based on the stored value card security verification.Described authentication means 30 can be fed back publicly-owned key (can be to generation unit by key) after obtaining described identification checking request.Described ciphering unit 103 just can obtain authentication means 30 based on the publicly-owned key that described identification checking request provides, and is encrypted with the identification data that collecting unit 102 is gathered.
In other embodiments, described stored value card service terminal can also comprise local verification unit (not shown).Described local verification unit starts local verification based on the stored value card security verification, after local verification passes through, starts described collecting unit 102.Described local verification comprises: a kind of or combination in electronics password authentication, the payment cipher checking.
In other embodiments, described stored value card service terminal can also comprise data preservation unit, in described electronic wallet application, preserves the stored value card business datum that the professional provider of stored value card provides synchronously.Thus, on the stored value card service terminal, also can consult the historical record of electronic wallet application, to improve the convenience of electronic wallet application.
In other embodiments, the described stored value card business datum that provides of described stored value card business processing device 20 can also synchronized transmission to authentication means 30.
In other embodiments, with reference to shown in Figure 8, described authentication means 30 can also comprise business datum record cell 304, described stored value card business processing device 20 provide described stored value card business according to the time, obtain and preserve described stored value card business datum synchronously.
More than disclose many aspects of the present invention and execution mode, it will be understood by those skilled in the art that other side of the present invention and execution mode.Disclosed many aspects and execution mode just are used for illustrating among the present invention, are not to be limitation of the invention, and real protection range of the present invention and spirit should be as the criterion with claims.
Claims (29)
1. the method for managing security of a stored value card is characterized in that, comprising:
The professional provider of stored value card starts the stored value card security verification based on the stored value card service request;
Based on described stored value card security verification, gather the identification data of stored value card service request side, described identification data comprise characteristics of human body's data;
Described identification data are sent to authentication side after with publicly-owned secret key encryption;
Authentication side carries out the identification checking after with private cipher key the identification data being deciphered; It is right that described private cipher key and described publicly-owned key constitute key;
Authentication side will verify and be sent to the professional provider of stored value card after the result is with private key encryption;
The professional provider of stored value card after the identification checking is passed through, provides stored value card business datum to stored value card service request side with the described checking result of publicly-owned secret key decryption.
2. the method for managing security of stored value card according to claim 1 is characterized in that also comprise: authentication side gathers the benchmark verification msg in advance, and described benchmark verification msg comprises characteristics of human body's data; The authentication root generates described publicly-owned key and described private cipher key according to described benchmark verification msg;
Described identification checking comprises:
After described identification data are deciphered by authentication side, with described identification data and the comparison of described benchmark verification msg;
If identification data and described benchmark verification msg coupling, the identification checking is passed through;
If identification data and described benchmark verification msg do not match the identification authentication failed.
3. the method for managing security of stored value card as claimed in claim 1 or 2 is characterized in that, described characteristics of human body's data comprise a kind of or combination in fingerprint, pupil, shape of face, the sound.
4. the method for managing security of stored value card according to claim 1 is characterized in that, described identification data also comprise a kind of or combination in electronics password, the payment cipher.
5. the method for managing security of stored value card according to claim 1 is characterized in that, the professional provider of described stored value card stops described stored value card business after the identification authentication failed.
6. the method for managing security of stored value card according to claim 1 is characterized in that, also comprises: after the identification data of gathering stored value card service request side, initiate identification checking request to authentication side; Authentication side provides based on described authentication request and encrypts the required publicly-owned key of described identification data.
7. the method for managing security of stored value card according to claim 1 is characterized in that, also comprises:
Before the identification data of gathering stored value card service request side, carry out local verification;
After local verification passes through, gather the identification data of stored value card service request side;
After the local verification failure, stop described stored value card business.
8. as the method for managing security of stored value card as described in the claim 7, it is characterized in that described local verification comprises: a kind of or combination in electronics password authentication, the payment cipher checking.
9. the method for managing security of stored value card according to claim 1, it is characterized in that, also comprise: authentication side will verify and be sent to after the result is with private key encryption before or after the professional provider of stored value card, publicly-owned key will be sent to the professional provider of stored value card.
10. the method for managing security of stored value card according to claim 1 is characterized in that, also comprises: authentication side obtains the described stored value card business datum that the professional provider of stored value card provides synchronously.
11. a stored value card service terminal is characterized in that, comprising:
Request unit is based on user's stored value card business demand operation formation stored value card service request;
Tip element, based on the stored value card security verification, the prompting user carries out the identification data acquisition;
Collecting unit after the startup, is gathered user's identification data, and described identification data comprise characteristics of human body's data;
Ciphering unit, with described identification data with publicly-owned secret key encryption;
The checking transmitting element is sent to authentication side with the described identification data after encrypting.
12. stored value card service terminal as claimed in claim 11 is characterized in that, described characteristics of human body's data comprise a kind of or combination in fingerprint, pupil, shape of face, the sound.
13. stored value card service terminal as claimed in claim 12 is characterized in that, described characteristics of human body's data are fingerprint; Described collecting unit is fingerprint acquisition device.
14. stored value card service terminal as claimed in claim 12 is characterized in that, described characteristics of human body's data are the combination of pupil or shape of face or pupil, shape of face; Described collecting unit is camera head.
15. stored value card service terminal as claimed in claim 12 is characterized in that, described characteristics of human body's data are sound; Described collecting unit is microphone.
16. stored value card service terminal as claimed in claim 11 is characterized in that, described identification data also comprise a kind of or combination in electronics password, the payment cipher; Described collecting unit is external input device.
17. stored value card service terminal as claimed in claim 16 is characterized in that, described external input device comprises a kind of in keyboard, liquid crystal touch screen, the mouse.
18. stored value card service terminal as claimed in claim 11 is characterized in that, described Tip element comprises a kind of or combination in display device, the loud speaker.
19. stored value card service terminal as claimed in claim 11 is characterized in that, described Tip element and described collecting unit integrate.
20. stored value card service terminal as claimed in claim 11 is characterized in that, the described request unit produces and sends the identification checking to authentication side and ask also based on the stored value card security verification;
Described ciphering unit obtains the publicly-owned key that authentication side provides based on described identification checking request.
21. stored value card service terminal as claimed in claim 11 is characterized in that, described stored value card service terminal also comprises the local verification unit, based on the stored value card security verification, starts local verification, after local verification passes through, starts described collecting unit.
22. stored value card service terminal as claimed in claim 21 is characterized in that, described local verification comprises: a kind of or combination in electronics password authentication, the payment cipher checking.
23. stored value card service terminal as claimed in claim 11, it is characterized in that, described stored value card service terminal also comprises data preservation unit, in described stored value card Business Processing process, preserves the described stored value card business datum that the professional provider of stored value card provides synchronously.
24. stored value card service terminal as claimed in claim 11 is characterized in that, described stored value card service terminal comprises a kind of in mobile phone, panel computer, the car-mounted terminal.
25. an electronic purse system is characterized in that, comprises the described stored value card service terminal of claim 11, also comprises: stored value card business processing device and authentication means, wherein,
Described stored value card business processing device based on the stored value card service request, starts the stored value card security verification; The identification checking result who produces with publicly-owned secret key decryption authentication means, the identification checking by after described stored value card business datum is provided;
Described authentication means is obtained the identification data with publicly-owned secret key encryption, after with private cipher key the identification data being deciphered, carries out the identification checking; It is right that described private cipher key and described publicly-owned key constitute key; And, identification verified be sent to described stored value card business processing device after the result is with private key encryption.
26. electronic purse system as claimed in claim 25 is characterized in that, described stored value card business processing device comprises:
Requesting processing after the startup, based on the stored value card service request, starts the stored value card security verification;
Resolution unit, the identification checking result so that publicly-owned secret key decryption authentication means produces starts the business data processing unit in the identification checking by the back;
The business data processing unit after the startup, provides described stored value card business datum based on the stored value card service request to the stored value card service terminal.
27. electronic purse system as claimed in claim 26 is characterized in that, the stored value card synchronizing traffic data that described business data processing unit provides is sent to authentication means.
28. electronic purse system as claimed in claim 25 is characterized in that, described authentication means comprises:
Pre-collecting unit is gathered the benchmark verification msg in advance, and described benchmark verification msg comprises characteristics of human body's data;
Key generates described publicly-owned key and described private cipher key to generation unit according to described benchmark verification msg;
Identity authenticating unit is obtained the identification data with publicly-owned secret key encryption, after with private cipher key the identification data being deciphered, carries out the identification checking; Identification verified be sent to described stored value card business processing device after the result is with private key encryption.
29. electronic purse system as claimed in claim 28, it is characterized in that, described authentication means also comprises the business datum record cell, when described stored value card business processing device provides described stored value card business datum, obtains and preserve described stored value card business datum synchronously.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110446307 CN103188212A (en) | 2011-12-27 | 2011-12-27 | Security management method and service terminal of electronic wallet, and electronic wallet system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110446307 CN103188212A (en) | 2011-12-27 | 2011-12-27 | Security management method and service terminal of electronic wallet, and electronic wallet system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103188212A true CN103188212A (en) | 2013-07-03 |
Family
ID=48679181
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110446307 Pending CN103188212A (en) | 2011-12-27 | 2011-12-27 | Security management method and service terminal of electronic wallet, and electronic wallet system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103188212A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104463582A (en) * | 2014-11-25 | 2015-03-25 | 重庆天元仙宝科技发展有限公司 | Payment method for electronic currency |
| CN104811310A (en) * | 2015-03-30 | 2015-07-29 | 赵宇翔 | Display method and wearing device |
| CN106839577A (en) * | 2017-02-08 | 2017-06-13 | 佛山市小鲜互联电器科技有限公司 | A kind of shopping refrigerator with operating right feature recognition |
| CN107196954A (en) * | 2017-06-15 | 2017-09-22 | 网宿科技股份有限公司 | A kind of service access method, apparatus and system |
| WO2018121555A1 (en) * | 2016-12-28 | 2018-07-05 | 飞天诚信科技股份有限公司 | Hardware wallet and hardware wallet holder identity verification method |
| CN109754241A (en) * | 2018-12-27 | 2019-05-14 | 江苏恒宝智能系统技术有限公司 | A kind of hard money packet and the verification method based on hard money packet |
-
2011
- 2011-12-27 CN CN 201110446307 patent/CN103188212A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104463582A (en) * | 2014-11-25 | 2015-03-25 | 重庆天元仙宝科技发展有限公司 | Payment method for electronic currency |
| CN104811310A (en) * | 2015-03-30 | 2015-07-29 | 赵宇翔 | Display method and wearing device |
| WO2018121555A1 (en) * | 2016-12-28 | 2018-07-05 | 飞天诚信科技股份有限公司 | Hardware wallet and hardware wallet holder identity verification method |
| CN106839577A (en) * | 2017-02-08 | 2017-06-13 | 佛山市小鲜互联电器科技有限公司 | A kind of shopping refrigerator with operating right feature recognition |
| CN107196954A (en) * | 2017-06-15 | 2017-09-22 | 网宿科技股份有限公司 | A kind of service access method, apparatus and system |
| CN109754241A (en) * | 2018-12-27 | 2019-05-14 | 江苏恒宝智能系统技术有限公司 | A kind of hard money packet and the verification method based on hard money packet |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2491049C (en) | Method of preventing unauthorized distribution and use of electronic keys using a key seed | |
| Anderson et al. | A new family of authentication protocols | |
| CN105900375B (en) | Apparatus, system and method for protecting identity in authenticated transactions | |
| US7702916B2 (en) | Method and system for secure authentication | |
| US6138239A (en) | Method and system for authenticating and utilizing secure resources in a computer system | |
| US9900148B1 (en) | System and method for encryption | |
| CN106934605B (en) | User identity management method and system in digital currency | |
| US20070162961A1 (en) | Identification authentication methods and systems | |
| US20100153273A1 (en) | Systems for performing transactions at a point-of-sale terminal using mutating identifiers | |
| WO2015161699A1 (en) | Secure data interaction method and system | |
| TW200818838A (en) | Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords | |
| GB2434724A (en) | Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters | |
| CN101216923A (en) | A system and method to enhance the data security of e-bank dealings | |
| CN101695038A (en) | Method and device for detecting SSL enciphered data safety | |
| CN101393628A (en) | Novel network safe transaction system and method | |
| CN103186936A (en) | Management method for network voting and network voting system | |
| CN103188212A (en) | Security management method and service terminal of electronic wallet, and electronic wallet system | |
| CN110098925A (en) | Based on unsymmetrical key pond to and random number quantum communications service station cryptographic key negotiation method and system | |
| CN101944216A (en) | Double-factor online transaction security authentication method and system | |
| Dandash et al. | Fraudulent Internet Banking Payments Prevention using Dynamic Key. | |
| KR20040007417A (en) | Transaction certification | |
| CN103188215A (en) | Security management method and service terminal of electronic bank, and electronic bank system | |
| CN101547098A (en) | Method and system for security certification of public network data transmission | |
| Nashwan et al. | Mutual chain authentication protocol for SPAN transactions in Saudi Arabian banking | |
| TWI766171B (en) | Account data processing method and account data processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C05 | Deemed withdrawal (patent law before 1993) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130703 |