[go: up one dir, main page]

CN111275432A - Security authentication method, device and system - Google Patents

Security authentication method, device and system Download PDF

Info

Publication number
CN111275432A
CN111275432A CN202010057796.XA CN202010057796A CN111275432A CN 111275432 A CN111275432 A CN 111275432A CN 202010057796 A CN202010057796 A CN 202010057796A CN 111275432 A CN111275432 A CN 111275432A
Authority
CN
China
Prior art keywords
electronic card
unit
key
certificate
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010057796.XA
Other languages
Chinese (zh)
Inventor
陈勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Schoolpark Commercial Investment Co ltd
Original Assignee
Beijing Yishouelf Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Yishouelf Technology Co Ltd filed Critical Beijing Yishouelf Technology Co Ltd
Priority to CN202010057796.XA priority Critical patent/CN111275432A/en
Publication of CN111275432A publication Critical patent/CN111275432A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/354Card activation or deactivation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Finance (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a security authentication method for a payable electronic card, comprising the following steps: s1, starting the display of the electronic card; s2, inputting authentication information of the user and activating the electronic card; s3, binding the authentication information to the electronic card to form binding information; and S4, uploading the binding information to a legal platform, so that the platform can start or close the set function of the electronic card according to the binding information in subsequent services. The invention also discloses a device and a system for safety certification. The safety authentication, the device and the system implementing the technical scheme of the invention can ensure the unique correspondence between the electronic card and the user, and are favorable for preventing the electronic card from being stolen or illegally accessed.

Description

一种安全认证的方法、装置及系统A security authentication method, device and system

技术领域technical field

本发明涉及一种物联网领域,特别涉及一种安全认证的方法、装置及系统。The invention relates to the field of Internet of Things, and in particular, to a method, device and system for security authentication.

背景技术Background technique

可扫码支付的电子卡片,通过卡片实现扫码支付,让老人孩子用得上支付宝,卡片具有动态支付码,可实现离线一键支付,该电子卡片相当于老人孩子零钱卡,通过支付宝APP智能绑定电子卡片的ID,还可通过支付宝APP查询消费记录,实现充值等。The electronic card that can scan the code to pay can realize the scan code payment through the card, so that the elderly and children can use Alipay. The card has a dynamic payment code, which can realize offline one-click payment. The electronic card is equivalent to the change card for the elderly and children. By binding the ID of the electronic card, you can also query consumption records through the Alipay APP to realize recharge, etc.

随着电子支付的日趋广泛使用,卡片具有功能也越爱越多,需要对卡片的合法性和唯一性进行验证,以保证卡片的增值服务提供给合法指定的用户服务。电子卡片不像手机可以输入虚拟账户名密码来保证唯一性,传统电子卡片的唯一ID都是出厂时设定,由每个生产厂家在生产过程保证ID的唯一性,这样不同厂家之间无法保证卡片的ID不会重复,随着卡片的功能(包括支付、增值服务)越来越多,卡片的身份识别也很重要,人们需要排除克隆或非法卡片,以保证用户使用的卡片ID的唯一对应用户本人。With the increasing use of electronic payment, the card has more and more functions, and it is necessary to verify the legality and uniqueness of the card to ensure that the value-added services of the card are provided to legally designated users. Unlike mobile phones, electronic cards can enter a virtual account name and password to ensure uniqueness. The unique ID of traditional electronic cards is set at the factory. Each manufacturer ensures the uniqueness of the ID during the production process, so there is no guarantee between different manufacturers. The ID of the card will not be repeated. With the increasing number of functions of the card (including payment and value-added services), the identification of the card is also very important. People need to exclude cloned or illegal cards to ensure the unique correspondence of the card ID used by the user. the user himself.

发明内容SUMMARY OF THE INVENTION

为了解决以上的问题,本发明提供一种安全认证的方法、装置及系统。In order to solve the above problems, the present invention provides a method, device and system for security authentication.

本发明的技术方案是这样实现的:The technical scheme of the present invention is realized as follows:

本发明公开了一种安全认证的方法,用于可支付的电子卡片,包括:The invention discloses a method for security authentication, which is used for a payable electronic card, including:

S1、启动电子卡片的显示;S1. Start the display of the electronic card;

S2、输入用户的认证信息,激活所述的电子卡片;S2, input the authentication information of the user, and activate the electronic card;

S3、将所述的认证信息绑定所述的电子卡片,以形成绑定信息;S3, binding the authentication information to the electronic card to form binding information;

S4、将所述的绑定信息上传到合法的平台,以致平台在后续的服务中,根据所述的绑定信息而开启或关闭电子卡片的设定的功能。S4. Upload the binding information to a legitimate platform, so that the platform will enable or disable the function of setting the electronic card according to the binding information in subsequent services.

进一步地,在所述的步骤S4前还具有以下步骤:Further, there are the following steps before the step S4:

A1、设定所述的电子卡片的ID和密钥并制作证书;A1. Set the ID and key of the electronic card and make a certificate;

A2、将所述的证书烧录到所述的电子卡片;A2. Burn the certificate into the electronic card;

A3、解码所述的证书,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。A3. Decode the certificate, and extract the ID and key together with the authentication information to form binding information.

进一步地,在所述的步骤S4前还具有以下步骤:Further, there are the following steps before the step S4:

B1、设定所述的电子卡片的ID和密钥;B1. Set the ID and key of the electronic card;

B2、将所述的ID和密钥烧录到所述的电子卡片的安全芯片;B2. Burn the ID and the key to the security chip of the electronic card;

B3、解码所述的安全芯片,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。B3. Decode the security chip, and extract the ID and key together with the authentication information to form binding information.

进一步地,所述的步骤S1后还具有以下步骤:Further, there are the following steps after the described step S1:

S11,若有非法程序读取所述的电子卡片,则禁止非法读取。S11, if an illegal program reads the electronic card, the illegal reading is prohibited.

本发明公开了一种安全认证的装置,用于可支付的电子卡片,包括:The invention discloses a safety authentication device for a payable electronic card, comprising:

启动单元,用于启动电子卡片的显示;a starting unit for starting the display of the electronic card;

激活单元,用于输入用户的认证信息,激活所述的电子卡片;an activation unit for inputting the user's authentication information to activate the electronic card;

绑定单元,用于将所述的认证信息绑定所述的电子卡片,以形成绑定信息;a binding unit for binding the authentication information to the electronic card to form binding information;

上传单元,用于将所述的绑定信息上传到合法的平台,以致平台在后续的服务中,根据所述的绑定信息而开启或关闭电子卡片的设定的功能。The uploading unit is used for uploading the binding information to a legal platform, so that the platform can enable or disable the function of setting the electronic card according to the binding information in subsequent services.

进一步地,在所述的上传单元前还具有以下单元:Further, there are the following units in front of the uploading unit:

证书制作单元,用于设定所述的电子卡片的ID和密钥并制作证书;a certificate making unit, used to set the ID and key of the electronic card and make a certificate;

证书烧录单元,用于将所述的证书烧录到所述的电子卡片;a certificate burning unit, used for burning the certificate to the electronic card;

证书解码单元,用于解码所述的证书,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。The certificate decoding unit is used for decoding the certificate, and extracting the ID and key together with the authentication information to form binding information.

进一步地,在所述的上传单元前还具有以下单元:Further, there are the following units in front of the uploading unit:

设定单元,用于设定所述的电子卡片的ID和密钥;a setting unit for setting the ID and key of the electronic card;

烧录单元,用于将所述的ID和密钥烧录到所述的电子卡片的安全芯片;a burning unit, for burning the ID and the key to the security chip of the electronic card;

解码单元,用于解码所述的安全芯片,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。The decoding unit is used for decoding the security chip, and extracting the ID and key together with the authentication information to form binding information.

进一步地,所述的启动单元后还具有以下单元:Further, the startup unit also has the following units:

禁止单元用于若有非法程序读取所述的电子卡片,则禁止非法读取。The prohibiting unit is used for prohibiting illegal reading if an illegal program reads the electronic card.

本发明公开了一种安全认证的系统,包括可支付的电子卡片、后台服务器,所述的后台服务器连接所述的电子卡片,电子卡片包括上述的装置。The invention discloses a security authentication system, comprising a payable electronic card and a back-end server, wherein the back-end server is connected to the electronic card, and the electronic card includes the above-mentioned device.

实施本发明的一种安全认证、装置及系统,具有以下有益的技术效果:Implementing a security authentication, device and system of the present invention has the following beneficial technical effects:

区别于现有技术中,可扫码支付的电子卡片无法保证与用户对应的唯一性,本发明的安全认证、装置及系统可保证电子卡片与用户的唯一对应性,有利于防止被盗或被非法访问。Different from the prior art, the electronic card that can scan the code payment cannot guarantee the uniqueness corresponding to the user, the security authentication, device and system of the present invention can ensure the unique correspondence between the electronic card and the user, which is beneficial to prevent theft or being stolen. Unauthorized access.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that are used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained based on these drawings without any creative effort.

图1为本发明的第一实施例安全认证的方法流程图;1 is a flowchart of a method for security authentication according to a first embodiment of the present invention;

图2为本发明的第二实施例安全认证的方法流程图;2 is a flowchart of a method for security authentication according to a second embodiment of the present invention;

图3为本发明的第三实施例安全认证的方法流程图;3 is a flowchart of a method for security authentication according to a third embodiment of the present invention;

图4为本发明的第一实施例安全认证的装置模块图;4 is a block diagram of a device for security authentication according to the first embodiment of the present invention;

图5为本发明的第二实施例安全认证的装置模块图;5 is a block diagram of a device for security authentication according to a second embodiment of the present invention;

图6为本发明的第三实施例安全认证的装置模块图;6 is a block diagram of a device for security authentication according to a third embodiment of the present invention;

图7是本发明的实施例安全认证的系统模块图。FIG. 7 is a system block diagram of security authentication according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

请参阅图1,本发明的实施例,一种安全认证的方法,用于可支付的电子卡片,包括:Referring to FIG. 1, an embodiment of the present invention, a method for security authentication, used for a payable electronic card, includes:

S1、启动电子卡片的显示;S1. Start the display of the electronic card;

可以按下电子卡片的电源按键,启动显示单元的显示。You can press the power button of the electronic card to start the display of the display unit.

S2、输入用户的认证信息,激活所述的电子卡片;S2, input the authentication information of the user, and activate the electronic card;

用户的认证信息包括用户的姓名、身份证号码或个人设定的密码,还可以是人脸识别的特征信息。The user's authentication information includes the user's name, ID number or a password set by the individual, and may also be the feature information of face recognition.

新卡的使用,首先让用户输入用户的认证信息保存于电子卡片中,再由电子卡片传输到平台(后台服务器),在平台,电子卡片的ID与用户的认证信息一一对应,成为整体标志唯一的电子卡片。To use the new card, first let the user input the user's authentication information and save it in the electronic card, and then transmit the electronic card to the platform (backend server). The only electronic card.

在电子卡片增加身份识别功能,即唯一ID,以确保相同厂家的每张卡片ID唯一,也可以确保不同厂家的每张卡片ID唯一。The identification function is added to the electronic card, that is, the unique ID, to ensure that each card ID of the same manufacturer is unique, and it can also ensure that each card ID of different manufacturers is unique.

S3、将所述的认证信息绑定所述的电子卡片,以形成绑定信息;S3, binding the authentication information to the electronic card to form binding information;

电子卡片需要使用某些特定服务时需要经过身份认证,以防止卡片克隆,而用户关心的服务被其他用户偷窃使用;每张使用特定服务的卡片都有唯一ID且是合法的,以便一旦出现某些异常,例如卡片丢失等,卡片可以被很快锁定;Electronic cards need to be authenticated when using some specific services to prevent card cloning, and services that users care about are stolen and used by other users; each card using a specific service has a unique ID and is legal, so that once a certain service appears Some exceptions, such as card loss, etc., the card can be locked quickly;

验证的算法和ID可以放置在单独的安全芯片里面,也可以放置在芯片指定数据区,但这个数据区一定要做保护,一旦有非法程序读取这片数据区域内容,要么直接禁止非法程序读取,要么该数据区域内容自毁。The verification algorithm and ID can be placed in a separate security chip or in the designated data area of the chip, but this data area must be protected. Once an illegal program reads the content of this data area, the illegal program reading is directly prohibited. fetch, or the contents of the data area are self-destructed.

S4、将所述的绑定信息上传到合法的平台,以致平台在后续的服务中,根据所述的绑定信息而开启或关闭电子卡片的设定的功能。S4. Upload the binding information to a legitimate platform, so that the platform will enable or disable the function of setting the electronic card according to the binding information in subsequent services.

用户绑定电子卡片以便使用某些增值服务(例如支付、会员特权)时,平台验证电子卡片的ID和密钥合法性和唯一性,电子卡片也可以验证平台的合法性,确认是合法卡片和合法平台后,平台同步电子卡片信息,以便后续服务使用。When a user binds an electronic card to use some value-added services (such as payment, membership privileges), the platform verifies the validity and uniqueness of the ID and key of the electronic card, and the electronic card can also verify the legitimacy of the platform, confirming that it is a legal card and After the legal platform is established, the platform synchronizes the electronic card information for subsequent service use.

在另一实施例中,请参阅图2,在步骤S4前还具有以下步骤:In another embodiment, referring to FIG. 2 , before step S4, there are the following steps:

A1、设定所述的电子卡片的ID和密钥并制作证书;A1. Set the ID and key of the electronic card and make a certificate;

A2、将所述的证书烧录到所述的电子卡片;A2. Burn the certificate into the electronic card;

A3、解码所述的证书,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。A3. Decode the certificate, and extract the ID and key together with the authentication information to form binding information.

即:先分配ID和密钥生成证书,That is: first assign ID and key to generate certificate,

生产时再烧写到电子卡片,Then burn and write to the electronic card during production,

电子卡片程序运行时,提取到ID和密钥信息。When the electronic card program runs, the ID and key information are extracted.

当用户绑定电子卡片去使用某些增值服务时,平台根据密钥和ID验证电子卡片的唯一性和合法性,电子卡片也可以验证平台的合法性,确认是合法卡片后平台同步卡片信息。When a user binds an electronic card to use some value-added services, the platform verifies the uniqueness and legitimacy of the electronic card according to the key and ID, and the electronic card can also verify the legitimacy of the platform. After confirming that it is a legitimate card, the platform synchronizes the card information.

或,在再一实施例中,请参阅图3、在所述的步骤S4前还具有以下步骤:Or, in yet another embodiment, referring to FIG. 3, the following steps are also performed before the step S4:

B1、设定所述的电子卡片的ID和密钥;B1. Set the ID and key of the electronic card;

B2、将所述的ID和密钥烧录到所述的电子卡片的安全芯片;B2. Burn the ID and the key to the security chip of the electronic card;

B3、解码所述的安全芯片,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。B3. Decode the security chip, and extract the ID and key together with the authentication information to form binding information.

即:先将分配的ID和密钥烧写到安全芯片,That is: first program the assigned ID and key to the security chip,

卡片生产时集成该安全芯片。The security chip is integrated during card production.

电子卡片程序运行时,提取到ID和密钥信息。When the electronic card program runs, the ID and key information are extracted.

用户绑定卡片以便使用某些增值服务(例如支付、会员特权)时,平台验证卡片的ID和密钥合法性和唯一性,卡片也可以验证平台的合法性,确认是合法卡片和合法平台后,平台同步卡片信息,以便后续服务使用。When the user binds the card to use some value-added services (such as payment, membership privileges), the platform verifies the validity and uniqueness of the card's ID and key, and the card can also verify the legitimacy of the platform. After confirming that it is a legitimate card and a legitimate platform , the platform synchronizes card information for subsequent service use.

另外,步骤S1后还具有以下步骤:In addition, there are the following steps after step S1:

S11,若有非法程序读取所述的电子卡片,则禁止非法读取。S11, if an illegal program reads the electronic card, the illegal reading is prohibited.

下面进一步介绍实现以上方法的装置,在装置中没有记载的部分,可参考以上方法的记载。The device for implementing the above method is further described below. For the part not described in the device, reference may be made to the description of the above method.

请参阅图4、第一实施例,一种安全认证的装置1,用于可支付的电子卡片,包括:Please refer to FIG. 4, the first embodiment, a security authentication device 1, used for a payable electronic card, including:

启动单元10,用于启动电子卡片的显示;a start-up unit 10 for starting the display of the electronic card;

激活单元20,用于输入用户的认证信息,激活所述的电子卡片;The activation unit 20 is used for inputting the authentication information of the user to activate the electronic card;

绑定单元30,用于将所述的认证信息绑定所述的电子卡片,以形成绑定信息;a binding unit 30, configured to bind the authentication information to the electronic card to form binding information;

上传单元40,用于将所述的绑定信息上传到合法的平台,以致平台在后续的服务中,根据所述的绑定信息而开启或关闭电子卡片的设定的功能。The uploading unit 40 is used for uploading the binding information to a legitimate platform, so that the platform can enable or disable the function of setting the electronic card according to the binding information in subsequent services.

在第二实施例中,请参阅图5,上传单元40前还具有以下单元:In the second embodiment, referring to FIG. 5 , the uploading unit 40 also has the following units in front of it:

证书制作单元,用于设定所述的电子卡片的ID和密钥并制作证书;a certificate making unit, used to set the ID and key of the electronic card and make a certificate;

证书烧录单元,用于将所述的证书烧录到所述的电子卡片;a certificate burning unit, used for burning the certificate to the electronic card;

证书解码单元,用于解码所述的证书,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。The certificate decoding unit is used for decoding the certificate, and extracting the ID and key together with the authentication information to form binding information.

在第三实施例中,请参阅图6,在上传单元前40还具有以下单元:In the third embodiment, referring to FIG. 6 , the upload unit 40 also has the following units:

设定单元,用于设定所述的电子卡片的ID和密钥;a setting unit for setting the ID and key of the electronic card;

烧录单元,用于将所述的ID和密钥烧录到所述的电子卡片的安全芯片;a burning unit, for burning the ID and the key to the security chip of the electronic card;

解码单元,用于解码所述的安全芯片,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。The decoding unit is used for decoding the security chip, and extracting the ID and key together with the authentication information to form binding information.

另外,启动单元10后还具有以下单元:In addition, after starting the unit 10, it also has the following units:

禁止单元15,用于若有非法程序读取所述的电子卡片,则禁止非法读取。The prohibiting unit 15 is used for prohibiting illegal reading if there is an illegal program reading the electronic card.

可以采用软件的方法验证身份的唯一性和合法性;The uniqueness and legitimacy of identity can be verified by means of software;

也可以采用硬件辅助的方法验证身份的唯一性和合法性;Hardware-assisted methods can also be used to verify the uniqueness and legitimacy of the identity;

请参阅图7、实施例一,一种安全认证的系统100,包括可支付的电子卡片200、后台服务器300,后台服务器300连接电子卡片200,电子卡片200包括上述的装置1,Please refer to FIG. 7 . In the first embodiment, a security authentication system 100 includes a payable electronic card 200 and a background server 300. The background server 300 is connected to the electronic card 200, and the electronic card 200 includes the above-mentioned device 1,

后台服务器300可有线连接或通过3G、4G、WIFI等无线连接电子卡片200。The backend server 300 can be wired or wirelessly connected to the electronic card 200 through 3G, 4G, WIFI, or the like.

系统100的工作过程如下:The working process of the system 100 is as follows:

启动新出售的电子卡片200的显示单元;Activate the display unit of the newly sold electronic card 200;

电子卡片200开始运行认证系统以激活电子卡片200,等待用户输入姓名、身份证或密码或人脸识别特征;The electronic card 200 starts to run the authentication system to activate the electronic card 200, and waits for the user to input the name, ID card or password or face recognition feature;

认证信息绑定电子卡片200,以形成绑定信息;The authentication information is bound to the electronic card 200 to form binding information;

用户绑定电子卡片200后,使用某些增值服务(例如支付、会员特权)时,后台服务器300(平台)验证电子卡片200的ID和密钥合法性和唯一性。After the user binds the electronic card 200, when using some value-added services (eg payment, membership privileges), the background server 300 (platform) verifies the validity and uniqueness of the ID and key of the electronic card 200.

电子卡片200也可以验证平台的合法性,确认是合法卡片和合法平台后,平台同步卡片信息,以便后续服务使用。The electronic card 200 can also verify the legitimacy of the platform, and after confirming that it is a legitimate card and a legitimate platform, the platform synchronizes the card information for subsequent service use.

实施本发明的一种安全认证、装置及系统,具有以下有益的技术效果:Implementing a security authentication, device and system of the present invention has the following beneficial technical effects:

区别于现有技术中,可扫码支付的电子卡片无法保证与用户对应的唯一性,本发明的安全认证、装置及系统可保证电子卡片与用户的唯一对应性,有利于防止被盗或被非法访问。Different from the prior art, the electronic card that can scan the code payment cannot guarantee the uniqueness corresponding to the user, the security authentication, device and system of the present invention can ensure the unique correspondence between the electronic card and the user, which is beneficial to prevent theft or being stolen. Unauthorized access.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each process and/or block in the flowchart illustrations and/or block diagrams, and combinations of processes and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing device to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing device produce Means for implementing the functions specified in a flow or flow of a flowchart and/or a block or blocks of a block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory result in an article of manufacture comprising instruction means, the instructions The apparatus implements the functions specified in the flow or flows of the flowcharts and/or the block or blocks of the block diagrams.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process such that The instructions provide steps for implementing the functions specified in the flow or blocks of the flowcharts and/or the block or blocks of the block diagrams.

尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。Although the preferred embodiments of the present invention have been described, additional changes and modifications to these embodiments may occur to those skilled in the art once the basic inventive concepts are known. Therefore, the appended claims are intended to be construed to include the preferred embodiment and all changes and modifications that fall within the scope of the present invention.

显然,本领域的技术人员可以对本发明实施例进行各种改动和变型而不脱离本发明实施例的精神和范围。这样,倘若本发明实施例的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present invention without departing from the spirit and scope of the embodiments of the present invention. Thus, provided that these modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (9)

1.一种安全认证的方法,用于可支付的电子卡片,其特征在于,包括:1. A method of safety authentication, for a payable electronic card, is characterized in that, comprising: S1、启动电子卡片的显示;S1. Start the display of the electronic card; S2、输入用户的认证信息,激活所述的电子卡片;S2, input the authentication information of the user, and activate the electronic card; S3、将所述的认证信息绑定所述的电子卡片,以形成绑定信息;S3, binding the authentication information to the electronic card to form binding information; S4、将所述的绑定信息上传到合法的平台,以致平台在后续的服务中,根据所述的绑定信息而开启或关闭电子卡片的设定的功能。S4. Upload the binding information to a legitimate platform, so that the platform will enable or disable the function of setting the electronic card according to the binding information in subsequent services. 2.根据权利要求1所述的方法,其特征在于,在所述的步骤S4前还具有以下步骤:2. method according to claim 1 is characterized in that, also has following steps before described step S4: A1、设定所述的电子卡片的ID和密钥并制作证书;A1. Set the ID and key of the electronic card and make a certificate; A2、将所述的证书烧录到所述的电子卡片;A2. Burn the certificate into the electronic card; A3、解码所述的证书,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。A3. Decode the certificate, and extract the ID and key together with the authentication information to form binding information. 3.根据权利要求1所述的方法,其特征在于,在所述的步骤S4前还具有以下步骤:3. method according to claim 1, is characterized in that, also has following steps before described step S4: B1、设定所述的电子卡片的ID和密钥;B1. Set the ID and key of the electronic card; B2、将所述的ID和密钥烧录到所述的电子卡片的安全芯片;B2. Burn the ID and the key to the security chip of the electronic card; B3、解码所述的安全芯片,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。B3. Decode the security chip, and extract the ID and key together with the authentication information to form binding information. 4.根据权利要求1或2或3所述的方法,其特征在于,所述的步骤S1后还具有以下步骤:4. the method according to claim 1 or 2 or 3, is characterized in that, also has following steps after described step S1: S11,若有非法程序读取所述的电子卡片,则禁止非法读取。S11, if an illegal program reads the electronic card, the illegal reading is prohibited. 5.一种安全认证的装置,用于可支付的电子卡片,其特征在于,包括:5. A device for security authentication, used for a payable electronic card, characterized in that, comprising: 启动单元,用于启动电子卡片的显示;a starting unit for starting the display of the electronic card; 激活单元,用于输入用户的认证信息,激活所述的电子卡片;an activation unit for inputting the user's authentication information to activate the electronic card; 绑定单元,用于将所述的认证信息绑定所述的电子卡片,以形成绑定信息;a binding unit for binding the authentication information to the electronic card to form binding information; 上传单元,用于将所述的绑定信息上传到合法的平台,以致平台在后续的服务中,根据所述的绑定信息而开启或关闭电子卡片的设定的功能。The uploading unit is used for uploading the binding information to a legal platform, so that the platform can enable or disable the function of setting the electronic card according to the binding information in subsequent services. 6.根据权利要求5所述的装置,其特征在于,在所述的上传单元前还具有以下单元:6. The device according to claim 5, characterized in that, before the uploading unit, it also has the following units: 证书制作单元,用于设定所述的电子卡片的ID和密钥并制作证书;a certificate making unit, used to set the ID and key of the electronic card and make a certificate; 证书烧录单元,用于将所述的证书烧录到所述的电子卡片;a certificate burning unit, used for burning the certificate to the electronic card; 证书解码单元,用于解码所述的证书,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。The certificate decoding unit is used for decoding the certificate, and extracting the ID and key together with the authentication information to form binding information. 7.根据权利要求5所述的装置,其特征在于,在所述的上传单元前还具有以下单元:7. The device according to claim 5, characterized in that, it also has the following units before the uploading unit: 设定单元,用于设定所述的电子卡片的ID和密钥;a setting unit for setting the ID and key of the electronic card; 烧录单元,用于将所述的ID和密钥烧录到所述的电子卡片的安全芯片;a burning unit, for burning the ID and the key to the security chip of the electronic card; 解码单元,用于解码所述的安全芯片,提取所述的ID和密钥与所述的认证信息共同形成绑定信息。The decoding unit is used for decoding the security chip, and extracting the ID and key together with the authentication information to form binding information. 8.根据权利要求5或6或7所述的装置,其特征在于,所述的启动单元后还具有以下单元:8. The device according to claim 5, 6 or 7, characterized in that, the startup unit further has the following units: 禁止单元,用于若有非法程序读取所述的电子卡片,则禁止非法读取。The prohibiting unit is used for prohibiting illegal reading if an illegal program reads the electronic card. 9.一种安全认证的系统,包括可支付的电子卡片、后台服务器,所述的后台服务器连接所述的电子卡片,其特征在于,所述的电子卡片包括权利要求5至8任一项权利要求所述的装置。9. A system for security authentication, comprising a payable electronic card and a back-end server, wherein the back-end server is connected to the electronic card, wherein the electronic card comprises any one of claims 5 to 8 The device described is required.
CN202010057796.XA 2020-01-18 2020-01-18 Security authentication method, device and system Pending CN111275432A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010057796.XA CN111275432A (en) 2020-01-18 2020-01-18 Security authentication method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010057796.XA CN111275432A (en) 2020-01-18 2020-01-18 Security authentication method, device and system

Publications (1)

Publication Number Publication Date
CN111275432A true CN111275432A (en) 2020-06-12

Family

ID=70998728

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010057796.XA Pending CN111275432A (en) 2020-01-18 2020-01-18 Security authentication method, device and system

Country Status (1)

Country Link
CN (1) CN111275432A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140279566A1 (en) * 2013-03-15 2014-09-18 Samsung Electronics Co., Ltd. Secure mobile payment using media binding
CN105976180A (en) * 2016-04-29 2016-09-28 宇龙计算机通信科技(深圳)有限公司 Method and system for secure payment
CN106209383A (en) * 2016-07-13 2016-12-07 广东商联支付网络技术有限公司 A kind of method and device of mobile payment security certification
CN110084586A (en) * 2018-01-25 2019-08-02 上海方付通商务服务有限公司 A kind of mobile terminal safety payment system and method
CN210895544U (en) * 2020-01-18 2020-06-30 北京随手精灵科技有限公司 Electronic card capable of being safely authenticated

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140279566A1 (en) * 2013-03-15 2014-09-18 Samsung Electronics Co., Ltd. Secure mobile payment using media binding
CN105976180A (en) * 2016-04-29 2016-09-28 宇龙计算机通信科技(深圳)有限公司 Method and system for secure payment
CN106209383A (en) * 2016-07-13 2016-12-07 广东商联支付网络技术有限公司 A kind of method and device of mobile payment security certification
CN110084586A (en) * 2018-01-25 2019-08-02 上海方付通商务服务有限公司 A kind of mobile terminal safety payment system and method
CN210895544U (en) * 2020-01-18 2020-06-30 北京随手精灵科技有限公司 Electronic card capable of being safely authenticated

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
中国人民银行移动支付技术标准课题研究组: "《中国移动支付技术标准体系研究报告》", 30 September 2016, 中国金融出版社, pages: 41 - 42 *
于丽: "《校园网络基础设施建设的项目设计与实践》", 30 July 2017, 南开大学出版社, pages: 381 - 389 *
刘娟: "手环就是身份标识,小米联合支付宝推"手环支付"", pages 1 - 4, Retrieved from the Internet <URL:https://mp.weixin.qq.com/s/tnt6DQep-W3ekp93v8YtBg> *
卢斌等: "《医院后勤管理信息化应用指南》", 31 December 2019, 研究出版社, pages: 130 - 135 *
崔萌: "《计算机网络通信技术研究》", 12 December 2014, 电子科技大学出版社, pages: 27 *
百度经验: "HUAWEI WATCH GT2手表支付宝功能使用指导", pages 1 - 3, Retrieved from the Internet <URL:https://jingyan.baidu.com/article/363872ec9de3982e4aa16f48.html> *

Similar Documents

Publication Publication Date Title
US12113792B2 (en) Authenticator centralization and protection including selection of authenticator type based on authentication policy
US10205711B2 (en) Multi-user strong authentication token
CN106688004B (en) Transaction authentication method and device, mobile terminal, POS terminal and server
US20170039568A1 (en) Personalized and Dynamic Tokenization Method and System
CN110807624A (en) Digital currency hardware cold wallet system and transaction method thereof
US20150244718A1 (en) Biometric authentication
TW201741922A (en) Biometric-based safety authentication method and device
US20140359730A1 (en) Input validation, user and data authentication on potentially compromised mobile devices
KR20160139885A (en) Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method
CN103973711A (en) A verification method and device
CN112039665A (en) A key management method and device
KR101741917B1 (en) Apparatus and method for authenticating using speech recognition
CN113794571A (en) Authentication method, device and medium based on dynamic password
CN104102858B (en) Application program cipher processing method, device and terminal
CN119211938B (en) Method, device, storage medium and electronic device for identity authentication
CN111275432A (en) Security authentication method, device and system
CN210895544U (en) Electronic card capable of being safely authenticated
KR101768318B1 (en) Method, apparatus, and computer program for user authentication
US20170372306A1 (en) Payment by mobile device secured by f-puf
JP7705389B2 (en) SYSTEM AND METHOD FOR CROSS-COUPLING RISK ANALYSIS AND ONE-TIME PASSWORD - Patent application
TWI906543B (en) Decentralized zero-trust identity verification-authentication system and method
CN120281544A (en) Authentication method and system
KR20120094218A (en) Method for storing and using personal information in a portable terminal
KR101678102B1 (en) Method for controlling an access using an ic card reader and computer readable recording media storing program for executing method thereof
CN119961905A (en) A security verification method and system based on face recognition

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
TA01 Transfer of patent application right

Effective date of registration: 20220704

Address after: 528200 east of the second floor and east of the third floor of building g, NATO Industrial Zone, Guicheng Science Park, Nanhai District, Foshan City, Guangdong Province

Applicant after: TELEPOWER EDUCATION Co.,Ltd.

Address before: 1-1907, 3rd floor, North Haidian Road, Beijing

Applicant before: Beijing yishouelf Technology Co.,Ltd.

TA01 Transfer of patent application right
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20230310

Address after: Room 916, Block 2, Juyuan Business Center, No. 16, Foping 4th Road, Guicheng Street, Nanhai District, Foshan City, Guangdong Province, 528200 (residence application)

Applicant after: Guangdong Schoolpark Commercial Investment Co.,Ltd.

Address before: 528200 east of the second floor and east of the third floor of building g, NATO Industrial Zone, Guicheng Science Park, Nanhai District, Foshan City, Guangdong Province

Applicant before: TELEPOWER EDUCATION Co.,Ltd.

TA01 Transfer of patent application right
RJ01 Rejection of invention patent application after publication

Application publication date: 20200612

RJ01 Rejection of invention patent application after publication