WO2014032549A1 - Telecommunication service provider based mobile identity authentication and payment method and system - Google Patents

Description

 Method and system for mobile identity authentication and payment based on telecommunication service provider

 The present invention relates to a mobile identity authentication and payment method and system, and more particularly to a method and system for fast mobile identity authentication and payment based on a telecommunications service provider.

Background technique

 In real life, people need to carry out various certifications on different occasions to confirm their identity, such as attending meetings and making consumption. However, excessive passes or documents can cause inconvenience in carrying, and the authentication process is cumbersome and time consuming. In addition, prior art authentication methods often have security problems, which are prone to the consequences of personal data leakage, especially when making consumption.

 At present, credit card and bank-based consumer payment occupy a certain market quota, but the payment method requires a user name, a login user name and a password as a method for identification, and the prior art has the drawback that it is easy to cause the system and the account. Security issues, frequent misappropriation of identity, theft of credit cards and other issues, interfere with normal consumption order. Secondly, entering the user name, login user name and password will cause the leakage of personal information and provide an opportunity for the criminals. In addition, people who do not have a bank account or a credit card are inconvenienced when paying offsite.

Summary of the invention

Accordingly, the present invention provides a method of identity authentication, comprising: (a) connecting to a verification device using a user device; (b) transmitting an authentication request to the identity authentication system server by the verification device; (c) authenticating the system server according to the authentication Requesting to generate a URL webpage address and an encryption code, embedding the encryption code in the URL webpage address to obtain an encrypted webpage address including the encrypted code, and transmitting the URL address containing the encrypted code to the verification device; (d) The verification device instructs the user to use a suitable device to receive the URL web address containing the encrypted code to connect to the identity authentication system server; and (e) the identity authentication system server uses the characteristics of the appropriate device for identity authentication. The encryption code further includes using a condition parameter, the condition parameter includes: (i) a valid number of times, and the definition thereof The number of times the encryption code can be used; and (ii) the effective time, which defines the usable time of the encryption code.

 In an embodiment of the method for identity authentication, wherein the identity authentication system server determines the user device according to an Internet Protocol Address of the user device included in the authentication request before transmitting the URL page address including the encrypted code to the verification device. Whether it is a mobile device using the mobile phone network to obtain a device determination result, and transmitting the device determination result together with the encrypted URL page address back to the verification device, and then the verification device performs the following steps: (i) if The user device is a mobile device that uses the mobile phone network to access the Internet, and directly transmits the encrypted web page address including the encrypted code to the mobile device for the identity authentication through the mobile phone network; or (ii) if the user device is not using the mobile phone network The mobile device surfing the Internet requires the user to use the mobile device that accesses the Internet via the mobile phone network and transmit the URL address containing the encrypted code to the mobile device for identity authentication through a specific delivery method.

 In another embodiment of the method for identity authentication described above, wherein the suitable device is a mobile device that uses a mobile phone network to access the Internet, the mobile device using the mobile phone network to connect to the identity authentication system can use a URL web address including an encrypted code to connect to the identity authentication system. server. The specific delivery methods include barcodes, microwaves, and sound waves.

In another embodiment, wherein the mobile device is characterized by the mobile device's telephone number (MSISDN), and the identity authentication system server obtains the mobile device's telephone number (MSISDN) by: (i) obtaining the mobile device's internet Protocol address (Internet Protocol Address) and communication port (Port) and obtain the telephone number (MSISDN) and telecommunication service corresponding to the Internet Protocol Address and the port from the corresponding telecommunication service provider An identifier (IMSI); or (ii) reading data of a subscriber identity module (Sim Card) in the mobile device and determining a telecommunications service provider identifier (IMSI) and a telephone number of the mobile device based on the data (MSISDN); or (iii) Obtaining a Telecommunications Service Identifier (IMSI) and a mobile device's telephone number (MSISDN) from the header of the authentication request (HTTP Header). In another aspect, the present invention provides a system for identity authentication, comprising: (a) a user device; (b) a verification device, wherein the user connects to the verification device using the user device and inputs data to the verification device, the verification device according to the And the (c) identity authentication system server receives the authentication request and generates a URL webpage address and an encryption code according to the authentication request; wherein the identity authentication system server embeds the encryption code into the URL webpage address to obtain the URL page including the encryption code The address and the URL address containing the encrypted code are transmitted back to the verification device, and the verification device instructs the user to use a suitable device to receive the URL of the URL containing the encrypted code to connect to the identity authentication system server for identity authentication. Encrypted encoding includes the use of conditional parameters including: (a) a valid number of times that defines the number of times the ciphering code can be used; and (b) an effective time that defines the usable time of the ciphering code.

 In an embodiment of the above-described identity authentication system, wherein the identity authentication system server includes a device determining module to: according to the Internet of the user device included in the authentication request, before transmitting the URL address including the encrypted code to the verification device The Internet Protocol Address determines whether the user device is a mobile device using the mobile phone network to obtain the device determination result, and transmits the device determination result together with the URL address including the encrypted code to the verification device, and then the verification device performs the following: Step: (i) if the user device is a mobile device that uses the mobile phone network to access the Internet, directly transmits the URL address containing the encrypted code to the mobile device through the mobile phone network to perform the identity authentication; or (ii) if the user device is not A mobile device that uses a mobile phone network to access a network requires the user to use a mobile device that is connected to the mobile phone network and transmit the encrypted web page address containing the encrypted code to the mobile device for the identity authentication by a specific delivery method.

In another embodiment, the specific delivery modes include barcodes, microwaves, and sound waves, and specific examples include fast response matrix codes, near field communication (NFC), Bluetooth, infrared, wireless fidelity (Wi-Fi), and radio frequency identification ( RFID). In another embodiment, the mobile device, the authentication device, and the identity authentication system server each include an authentication abort module to force the suspension of identity authentication as needed and in different situations. One of the specific cases is that the discovery is spoofed by the phishing network or the intermediary, and the identity authentication system server notifies the verification device to stop the service to the user.

 In a further aspect, the present invention provides a method of mobile payment, comprising: (a) connecting to a verification device using a user device; (b) transmitting an authentication request to the identity authentication system server by the verification device; (c) identity authentication system server Generating a URL webpage address and an encryption code according to the authentication request, embedding the encryption code into the URL webpage address to obtain a URL webpage address including the encryption code, and transmitting the URL webpage address including the encryption code back to the verification apparatus; (d) using the encryption code included URL page address for user authentication; and (e) use established user identity for mobile payment. Wherein the encryption encoding comprises using a condition parameter, the condition parameter comprising: (i) an effective time, which defines a usable time of the encrypted encoding; (ii) an effective number of times, which defines a usable number of times of the encrypted encoding; And (iii) the amount to be paid, which defines the amount the user needs to pay.

In an embodiment of the method for mobile payment, wherein the identity authentication system server determines the user device according to an Internet Protocol Address of the user device included in the authentication request before transmitting the URL page address including the encrypted code to the verification device. Whether the mobile device using the mobile phone network to obtain the device determination result, and transmitting the device determination result together with the URL address including the encrypted code to the verification device, and then the verification device performs the following steps: 1. If the user device is using the mobile device A mobile device that accesses the Internet via a mobile phone transmits a URL address containing an encrypted code directly to the mobile device through the mobile phone network; or II. If the user device is not a mobile device that uses the mobile phone network to access the Internet, the user is required to use the mobile phone network to access the Internet. The mobile device transmits the URL address containing the encrypted code to the mobile device through a specific delivery method. In another embodiment, the step of authenticating the user using the URL web page address including the encryption code comprises: (i) the verification device transmitting the URL web page address including the encrypted code to the mobile device; (ii) the mobile device Receiving a URL web page address including an encrypted code, the URL containing the encrypted code web page address directing the user device to the identity authentication system server; and (iii) the identity authentication system server confirming the identity of the user based on the characteristics of the mobile device.

 In another embodiment, the specific delivery manner includes a barcode, a microwave, and an acoustic wave, and specific examples include a fast response matrix code, near field communication (NFC), Bluetooth, infrared, wireless fidelity (Wi-Fi), and radio frequency identification. (RFID).

 In another embodiment, wherein the mobile device is characterized by the mobile device's telephone number (MSISDN), and the identity authentication system server obtains the mobile device's telephone number (MSISDN) by: I. obtaining the user device's internet protocol address ( Internet Protocol Address and a port and obtain a telephone number (MSISDN) and a telecommunication service provider identifier corresponding to the Internet Protocol Address and the port from a corresponding telecommunication service provider (IMSI); or II. reading data of a subscriber identity module (Sim Card) in the mobile device and determining a Telecommunications Service Provider Identifier (IMSI) and a mobile device's telephone number (MSISDN) based on the data; or III. The header of the (HTTP Header) authentication request obtains the Telecommunications Service Provider Identifier (IMSI) and the mobile device's telephone number (MSISDN:).

 In another embodiment, the step of performing mobile payment using the established user identity comprises: 1. determining whether the encryption code is valid; II. determining whether the account amount of the user is sufficient; and ΠΙ. according to determining step I and The result of II completes the transaction or cancels the transaction.

In another aspect, the present invention provides a method for presetting a fast mobile payment, comprising: (a) pre-generating a URL webpage address and an encryption code, and embedding the encryption code into a URL webpage address to obtain a URL webpage address including an encryption code; (b) using a mobile device to read a URL web address containing an encrypted code, the URL containing the encrypted code, the web page address directing the mobile device to the identity authentication system server; (c) the identity authentication system server root The identity of the user is confirmed based on the characteristics of the mobile device; and (d) the mobile payment is made using the established user identity. Wherein the encryption coding comprises using a condition parameter, the condition parameter comprising: (i) a valid number of values of 1, which defines that the encryption code can be used only once; (ii) an effective time, which defines the encryption code The usable time; (iii) the amount to be paid, which defines the amount the user needs to pay.

 In an embodiment, wherein the mobile device is characterized by the mobile device's telephone number (MSISDN), and the identity authentication system server obtains the user device's telephone number (MSISDN) by: (i) obtaining the mobile device's internet protocol An Internet Protocol Address and a port (Port) and a corresponding telephone number (MSISDN) and a telecommunications service provider corresponding to the Internet Protocol Address and the port from the corresponding telecommunications service provider An identifier (IMSI); or (ii) reading data of a subscriber identity module (Sim Card) in the mobile device and determining a telecommunications service provider identifier (IMSI) and a telephone number of the mobile device based on the data ( MSISDN); or (iii) Obtaining a Telecommunications Service Provider Identifier (IMSI) and a telephone number (MSISDN) of the mobile device from the header of the (HTTP Header) authentication request.

 In another embodiment, the step of performing mobile payment using the established user identity comprises: 1. determining whether the encryption code is valid; II. determining whether the account amount of the user is sufficient; and ΠΙ. according to determining step I and The result of II completes the transaction or cancels the transaction.

 In another aspect, the present invention provides a method for remittance, comprising: (a) user A using a mobile device to connect to an identity authentication system server; (b) an identity authentication system server confirming the identity of user A and the telecommunications service to which user A belongs (c) User A enters the telecommunications service provider and telephone number to which User B belongs and the amount of the remittance; (d) The identity authentication system server confirms the identity of User B based on the telecommunications service provider and telephone number to which User B belongs; and (e) The remittance amount is directly deducted from the user's telecommunications account and the remittance amount is remitted to the user B's telecommunications account.

In a further aspect, the present invention provides another method of remittance, comprising: (a) user B connects to an identity authentication system server using a mobile device; (b) said identity authentication system server Confirming the identity of the user B and the telecommunications service provider to which the user B belongs; (C) the user B inputs the telephone number of the user A and the associated telecommunications service provider and the amount requested to be transferred;

(d) the identity authentication system server confirms the identity of the user A according to the phone number of the user A and the associated telecommunications service provider; (e) the identity authentication system server sends information to the mobile device of the user A, To request remittance, the information includes the data of the user B; and (f) the user A decides to conduct the remittance or cancel the remittance procedure.

 In an embodiment, the telecommunications service provider to which the user A belongs and the telecommunications service provider to which the user B belongs are the same telecommunications service provider.

 In another embodiment, the telecommunications service provider to which the subscriber A belongs and the telecommunications service provider to which the subscriber B belongs are different telecommunications service providers.

 In another aspect, the present invention provides an identity authentication system, comprising: (a) an identity authentication system server loaded with an identity authentication system and storing data records and account passwords for querying identity authentication; (b) mobile devices Including a communication device; (c) an identity authentication request provider, the identity authentication request provider is connected to the identity authentication system and inputs an identity code, a password, and an IP of the mobile device of the identity authentication request provider ( Intemet Protocol), wherein the identity authentication system establishes the identity authentication request provider by using an identity identification code and a password of the identity authentication request provider, and then uses the IP location information of the mobile device from a telecommunication carrier The mobile user mobile data server obtains the mobile device's phone number and generates an encrypted code, and then transmits the mobile device's phone number and the encrypted code to the identity authentication request provider for identity authentication.

 In an embodiment, wherein the mobile device includes a communication device to receive an encryption code from an identity authentication request provider, the communication device includes NFC near field communication, Bluetooth, WIFI, infrared, bar code, ultrasound, and RFID.

In another embodiment, the identity authentication system includes an authentication determining unit, an authentication status unit, and a password management unit, and the authentication determining unit is configured to determine whether the user logs in, whether the user repeats the authentication, and whether the phone number is consistent; the authentication status unit is used to determine Change user The authentication status; the user telephone number judging unit confirms whether the telephone number obtained by the identity authentication system from the telecommunications carrier matches the telephone number provided by the authentication request provider, and feeds back the information to the identity authentication system.

 In a further aspect, the present invention provides a mobile payment method based on a two-dimensional code and a telecommunication service provider, comprising: (a) displaying two-dimensional code information obtained from a mobile payment system to a payer, the two-dimensional code information Including an encryption code and a URL location of the mobile payment system; (b) reading the two-dimensional code information using a mobile device, the mobile device utilizing a URL location connection of the mobile payment system in the two-dimensional code information Go to the mobile payment system; (c) the mobile payment system determines the telecommunication service provider used by the user by using the IP address of the mobile device, and then acquires the data of the user from the telecommunication service provider to confirm the user (d) completing the mobile payment using the confirmed identity of the user.

 In an embodiment, wherein the user profile includes the user's phone number, user type, and available payment amount.

 In another embodiment, the step of completing the mobile payment using the identity of the confirmed user comprises: viewing the account deposit status of the user, and performing the following steps: (i) if the deposit is insufficient, ending the mobile payment and The user displays the cash and retry information that needs to be deposited; or (ii) if the deposit is sufficient, the mobile payment system notifies the telecommunication service provider to deduct the payment amount from the user's telephone account to complete the mobile payment .

The invention has many advantages. First, users can use their mobile phones for quick authentication or shopping, saving time and efficiency. Secondly, the establishment of the user identity is guaranteed by a third party (telecom service provider) and the security is improved. In addition, users can additionally set login passwords and email notifications, which increases the flexibility of use and further enhances security. Even if the mobile device is lost, there is no need to worry about the account being taken, and the user will be automatically emailed to remind people that they are Use authentication/payment services to prevent misappropriation by others. Users can also customize different effective times, effective time and effective amount according to their needs to meet the different needs of different situations. Furthermore, the flexibility of the present invention is high, and it can be applied to different categories as long as the steps are finely adjusted according to different usage methods.

 Moreover, after using the payment or authentication program of the present invention, the system will display mobile advertisements to the user, and the advertisements can provide the user with information such as shopping discounts, which is different from other advertisement channels, and the method has exact cuts, and no false real people browse. At the same time, it can bring more convenient preferential collection and use to users.

 The advantages of using a method that includes an encrypted encoded URL page address are: a) no need to install specific software, as long as any particular device reads the software, it can receive the URL to open the web page; b) users do not need to change user habits, users are accustomed to using NFC Or QR code scanning software, open the web browsing information after reading (the different place is, not browsing information, open the web page can be authenticated or paid, can make the user more easy to use); c) can use the web page for authentication and payment, Increase cross-platform capabilities and reduce development and maintenance costs; d) For different people's needs, and hope to be more convenient, you can download specific software to run.

DRAWINGS

 The performance and advantages of the present invention will be further understood by reference to the appended claims and appended claims.

 BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a system diagram of an embodiment of an identity authentication system based on a telecommunications carrier of the present invention.

 2 is a flow chart of an identity authentication system based on a telecommunications carrier of the present invention.

 3 is a system diagram of an embodiment of a mobile payment system based on a two-dimensional code and a telecommunications service provider of the present invention.

 4 is a flow chart of an embodiment of a mobile payment system based on a two-dimensional code and a telecommunications service provider of the present invention.

 Figure 5 is a block diagram of a mobile identity authentication system in accordance with one embodiment of the present invention.

 6 is a simplified flow chart of mobile identity authentication in one embodiment of the present invention.

7 is a flow chart of mobile payment using an identity authentication system in one embodiment of the present invention. Figure 8 is a flow diagram of default fast mobile payment using an identity authentication system in accordance with one embodiment of the present invention.

 Figure 9 is a block diagram of a system for reciprocating funds between users using an identity authentication system in accordance with one embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Embodiment 1 of an identity authentication system based on a telecommunications carrier (telecom service provider)

 The technical solutions in this embodiment will be clearly and completely described in the following with reference to the accompanying drawings in the embodiments. Of course, the described embodiments are only a part of the embodiments of the present invention, but not all embodiments, based on the present invention. It is intended that the appended claims be interpreted as falling within the scope of the appended claims

 1 is a system diagram of the present embodiment, including an identity authentication request provider 120, various communication devices 121 receivable in a mobile device, a user mobile device 122, a wireless network 123 of a telecommunications carrier, and an internal carrier. The network 124, the mobile subscriber mobile data server 125 of the telecommunications carrier, the mobile subscriber payment processing server 126 of the telecommunications service provider, the internetwork (Internet) 127 and the identity authentication system server 128.

 As shown in FIG. 1, an identity authentication system based on a telecommunication operator (telecom service provider) is characterized in that it includes:

The identity authentication request provider 120, that is, the merchant that requires confirmation of the identity of the user, the identity authentication request provider 120 first inputs the merchant identification code, the password, and the client (ie, the server facing the user, for example: webpage, electronic gate) After waiting for the IP location and other information, the authentication process is obtained from the identity authentication system. The encryption code and/or the identity authentication request provider's mobile terminal's phone number (when the identity authentication request provider's client's IP address is confirmed) In the case of the mobile terminal, if the merchant finds that the telephone number obtained from the identity authentication is incorrect, the authentication processing encryption code can be transmitted to the user's mobile device 122 through the communication device of the user terminal of the identity authentication request provider 120; The user mobile device 122, that is, the user's mobile device/mobile terminal, the user uses an application program preinstalled in the mobile device 122 or opens a webpage of the system, and the communication device 121 that activates the mobile device receives the identity processing encryption code;

 The telecommunications carrier's wireless network 123 and the internal network 124, the telecommunications carrier can provide the user's data directly or indirectly;

 The identity authentication system, the identity authentication system is authenticated and processed by the encryption code, the query code is valid, and after the user data provided by the telecommunication operator is used, the identity authentication system provides the phone number provided by the telecommunication operator and the required authentication. Matching, or providing the user's phone number to the identity authentication request provider 120, is determined by the identity authentication request provider 120; and

 The authentication system server 128, which is loaded with an authentication system and stores identity authentication data that can be updated, modified, and accessed.

 The above-mentioned identity authentication system using the telecommunication operator is further characterized in that the application telecommunication operator can directly obtain user data, such as a phone number, from the http header or indirectly using the IP location of the user to browse to the telecommunication carrier server. And the location of the globally located identity authentication system includes an authentication determination unit, an authentication status unit, and a password management unit, wherein the authentication determination unit determines the number of user logins, whether the user repeats the authentication, and whether the telephone number is consistent; the authentication status unit determines and changes the user. Authentication status; user telephone number judging unit, after the user confirms that the identity authentication system obtains the telephone number from the telecommunications carrier and the telephone number of the authentication request provider is matched, the user telephone number judging unit determines that the user's telephone number is correct and feeds back to the The identity authentication system.

 The communication device 121 of the user terminal of the identity authentication request provider is one of NFC near field communication, Bluetooth, WIFI, infrared, bar code, ultrasonic and RFID communication devices, and other mobile terminal communication devices 121 may also be used.

 As shown in FIG. 2, the authentication system of the present invention is as follows:

Step 130: The authentication process begins. Step 131: The identity authentication request provider 120 transmits its identity code, password, and IP address of the client (ie, the server facing the user, for example, a web page, an electronic gate, etc.) to the identity authentication system.

 Step 132: The identity authentication request provider 120 obtains the mobile phone number of the mobile terminal that processes the encryption code and the identity authentication request provider 120 from the identity authentication system (when the IP address confirmation of the 120 client of the identity authentication request provider is mobile) Terminal Step 133: The Identity Authentication Request Provider 120 compares whether the mobile phone number of the client of the identity authentication request provider 120 obtained from the identity authentication system is the same as that required.

 Step 134: If it matches, the user identity is passed.

 Step 135: If there is no match, the identity authentication request provider 120 will enable the appropriate delivery device to wait for the user to receive the identity authentication process encryption code, for example: display the two-dimensional code, and let the user use the video scan to transmit the message to the mobile device. terminal.

 Step 136: The user opens the application or the mobile authentication website.

 Step 137: Obtain user telephone information from the telecommunications carrier, for example: telephone number. Step 138: Establish the identity of the identity authentication system user based on the obtained phone number.

 Step 139: The user turns on the receiving function of the suitable communication device 121 in the mobile device 122, for example: the camera function.

 Step 140: Obtain an identity authentication process encryption code.

 Steps 141 and 142: The mobile identity authentication system confirms whether there is a request for authentication, determines whether it is a duplicate authentication, and prevents duplicate authentication from the same request. If yes, it displays that the authentication information has been completed, and if not, proceeds to the next step to continue the authentication.

 Step 143: The system will transfer the user's mobile phone number to the merchant system, allowing the merchants to compare themselves to increase operational flexibility.

This embodiment provides an identity authentication system based on a telecom operator, which solves the problem of lack of strong protection and login cumbersome in the account, and does not require the user to install any software. Registration or use of an identity encoder can be used, which simply improves the security of the account, and is convenient and practical.

 The technical solution is as follows: An identity authentication system based on a telecommunication carrier, characterized in that it comprises:

 The identity authentication request provider 120, that is, the merchant that requires confirmation of the identity of the user, the identity authentication request provider first inputs the merchant identification code, the password, and the IP location data of the client, and obtains the authentication processing encryption code from the identity authentication system. When the IP address confirmation of the client of the identity authentication request provider 120 is the mobile terminal, the phone number of the mobile terminal of the client of the identity authentication request provider 120 is obtained, and if the identity authentication request provider 120 finds the phone number obtained from the identity authentication system. If the number is incorrect, the authentication device may be transmitted to the mobile device 122 of the user through the communication device 121 of the client of the identity authentication request provider 120, where the user terminal is a server facing the user;

 The user mobile device 122, that is, the user's mobile device/mobile terminal, the user uses the application program preinstalled in the mobile device 122 or opens the webpage of the system, and the communication device 121 that activates the mobile device receives the identity processing plus code;

 The telecommunications carrier's wireless network 123 and the internal network 124, the telecommunications carrier can provide the user's data directly or indirectly;

 The identity authentication system, the identity authentication system obtains the identity authentication processing encryption code, the query coding effective condition, and after using the user data provided by the telecommunication operator, the identity authentication system compares with the telephone number provided by the telecommunication operator and the identity authentication requirement The match provided by the authentication provider 120, or providing the user's phone number to the identity authentication request provider 120, is determined by the identity authentication request provider 120;

 The identity authentication system server 128, which is loaded with an identity authentication system and stored, is available for querying identity authentication data records and account passwords.

Further, the telecom operator can directly obtain the user profile from the http header or indirectly using the IP location when the user browses to the telecommunication carrier server. Further, the user data obtained by the telecom carrier server is a phone number and a globally located location.

 Further, the identity authentication system includes an authentication determination unit, an authentication status unit, and an information storage unit, wherein the authentication determines whether the user repeats the authentication, whether the phone number is consistent; the authentication status unit determines and changes the user authentication status; and the information storage unit to the system Internal information storage management.

 Further, the authentication judging unit includes: a user telephone number judging unit, after the user confirms that the identity authentication system obtains a phone number from the telecommunication operator and matches the self-phone number, the user phone number judging unit determines that the user phone number is correct and Feedback to the identity authentication system.

 Further, the communication device 121 of the user terminal of the identity authentication request provider is one of NFC near field communication, Bluetooth, WIFI, infrared, bar code, ultrasonic and RFID communication devices.

 In this embodiment, the various communication devices 121 of the mobile terminal (the user mobile device 122) receive the information of the identity authentication required in the external or mobile network, and then use the data of the mobile user provided by the telecommunication operator attached to the mobile device. The system will compare the phone numbers, return the results to the identity certification request provider 120, or provide the user's phone number to the identity certification request provider 120 for their own comparison.

 According to the above configuration, the advantageous effects of the present embodiment are as follows: The present invention uses the mobile phone number as the authentication criterion, is easy to apply, is globally unique and public, not private. By providing the user's data by the telecom operator, it is possible to automatically identify the user's identity without having to pre-register or install any software, and provide convenience. Disguised and bundled with mobile terminals into a third-party guaranteed identity. People without a token can implement third-party protection for the account.

Specifically, the advantages of using this identity authentication system over other identity authentication systems are as follows: 1. Fast and secure login function with no login name and password: Merchants can use this identity authentication system instead of entering the login name and password, which saves the time and procedures required for the user to log in. Identity data.

 2, with third-party guarantee function: Many important decisions, such as: trading, transfer and payment, etc., can use the system to ensure that the function is not stolen, more traditional time-saving, simple and no special token.

 3. Function with identity tag: If the registration before the event starts, the identity authentication system can be used as self-registration for users to increase the efficiency of the event.

 In this embodiment, the various communication devices 121 of the mobile device or the information of the identity authentication request in the mobile network are used, and the data of the mobile user provided by the telecommunication operator attached to the mobile device, such as a telephone number, etc., is used. The system will compare the phone numbers, return the results to the certification request provider, or provide the user's phone number to the certification request provider, and they will make their own comparisons. Each certification will be recorded in the system for easy access.

 By opening the mobile identity service of the present invention without carrying any tokens or installing any identity software, anyone can process personal data on any computer (including personal computers, laptops, mobile terminals, etc.) without any restrictions, to increase The convenience and quality of life.

 When some activities need to be named or registered, the identity authentication system can be used to allow the activity participants to self-register or report to the organizer's computer, which can improve the efficiency of the activity.

 When it is necessary to confirm the identity of the person who receives the item, the identity authentication system can be used to increase the reliability of the recipient's phone number.

Based on two-dimensional code and telecommunications, business (telecom service providers) mobile Xuanfu system

3 is a system diagram of the present embodiment, including a payment request provider 11, two-dimensional code information 12 showing payment requests, a user mobile device 122, a wireless network 123 of a telecommunications service provider, an internal network 124 of a telecommunications service provider, Mobile subscriber IP address of telecommunications service provider The address data server 16, the mobile subscriber payment processing server 126 of the telecommunications service provider, the internet (Internet) 127, and the payment transaction server 19.

 Comparing Figure 1 with Figure 3, it can be seen that the system construction in the two figures is basically the same, but the different components in Figure 3 are more visualized to make it easier to understand. Also, since the present embodiment applies the identity authentication system to a mobile payment system based on a two-dimensional code, a part of the components in FIG. 3 have different names relative to the corresponding components in FIG. Suitable naming, for example: identity authentication request provider 120 is the payment request provider 11 in this example; various communication devices 121 receivable in the mobile device are specifically two-dimensional code information 12; mobile user mobile data server of the telecommunication operator In this embodiment, the mobile subscriber IP address data server 16 of the telecommunications service provider; the identity authentication system server 128 becomes the payment transaction server 19.

 4 is a flow chart of this embodiment, and the specific steps are as follows:

 Step 101: The consumer begins to pay with the mobile payment system.

 Step 102: The consumer reads the barcode content through the downloaded application and photography function of the mobile device.

 Step 103: The consumer obtains payment information from the barcode.

 Step 104: The consumer can proceed with the payment process in the downloaded application or on the web page entering the mobile payment system.

 Steps 105 and 106: The mobile payment system confirms whether there is a payment request and prevents the same transaction from being repeated.

 Steps 107 and 108: The mobile payment system uses the IP address of the mobile device to check with the IP address range of the telecommunication service provider to find an appropriate telecommunication service provider.

 Step 109: If the IP address is correct, the mobile payment system obtains the mobile account information from the appropriate telecommunication service provider.

Steps 110 and 111: The mobile payment system checks the deposit status of the account. If the deposit is insufficient, the payment system displays to the consumer information that needs to deposit cash or transfer cash to increase the payment amount. Step 112: The payment system asks the consumer to enter a personal password that has been established when the first use payment system is established.

 Steps 113 and 114: The payment is confirmed by the consumer.

 Step 115: The mobile payment system notifies the telecommunications service provider to deduct the payment amount from the telephone account of the user's mobile device.

 Step 116: The mobile payment system connects the user's telephone account with the payment request, and sets the payment preparation status to the paid status, preventing duplicate payment and notifying the merchant that the payment has been successfully made.

 Step 117: The consumer completes the payment process using the mobile payment system.

 As shown in FIG. 3 and FIG. 4, a mobile payment system based on a two-dimensional code and a telecommunication service provider, characterized in that it includes;

 The payment request provider 11 , that is, the merchant who requests payment and provides the payment amount, and the payment request provider displays the two-dimensional code information 12 obtained from the mobile payment system to the payer;

 The user mobile device 122, the payer uses the two-dimensional code reading application pre-installed in the mobile device 122, or uses the application designed for the invention to activate the video scanning function of the mobile device 122 to read the second The payment encryption code in the dimension code information 12 and the URL location of the system;

 The wireless network provided by the telecommunication service provider 123 and the internal network service 124, each telecommunication service provider pre-assigns different IP addresses to the user's mobile device, and the IP location is equal to the user's personal identity code. The mobile payment system uses this mechanism to obtain user information, such as phone number, user type (monthly payment, stored value card or roaming), available payment amount, etc., using the IP address;

After the payer clicks on the URL to enter the web version of the mobile payment system, or processes the URL message using the application designed for the invention, the mobile payment system obtains the payment code from the URL, checks the payment status, and uses the mobile terminal when browsing. IP position to phase After the telecommunications service provider obtains the user's data, the payment amount is deducted from the mobile phone account of the user mobile device 122.

 The embodiment provides a mobile payment system based on a two-dimensional code and a telecommunication service provider, which aims to solve the problem of inconsistent payment methods in online and offline environments, and can be used without prior registration by a bank or a credit card provider. There is no need for the intervention of banks and credit card companies, which greatly improves the security of payment payments. At the same time, people without bank and credit card accounts can achieve mobile payment effects, which is convenient and practical.

 The technical solution is as follows:

 In this embodiment, the online and offline payment information is displayed in a pattern by using a two-dimensional code, and then the barcode function (the barcode here refers to the two-dimensional code information 12) is read by the photographing function of the mobile device 122 held by the consumer, and then Using the IP address of the mobile device 122, the mobile account information is obtained from the telecommunication service provider to automatically identify the identity of the consumer; and the user mobile phone account is used as the payment account, and each consumption is recorded in the system for convenient access.

 According to the above structure, the advantageous effects are as follows: Using the mobile phone number account as a payment path, the use is safe and convenient, the consumer can use the mobile device 122 as a payment tool with confidence and equal access, and pay the offline and online expenses in the same manner. It can be used without registering in advance with a bank or credit card provider. Without the intervention of banks and credit card companies, the security of payment is greatly enhanced, and people without bank and credit card accounts can realize the dream of mobile payment.

 Specifically, the advantages of using this mobile payment system compared to other payment systems are as follows:

1. With the function of mobile cash register: Merchants can activate the merchant payment function after any mobile terminal device logs in to the mobile payment system, and then display the QR code that generates the payment request to the customer, and the customer can pass the mobile in real time. The payment system pays instantly; the merchant knows the payment result in real time, saves the time for the merchant to go back and forth to the traditional cash register, improves the operational efficiency, and saves the time for the customer to wait for the payment confirmation. Since any mobile terminal can be used as a mobile receiver The use of the machine, so that you can avoid expensive and expensive cash registers, the cost can be reduced, and can reach

2, with the function of payment on paper: Many traditional cash registers are equipped with simple screens, can not display rich pictures. The merchant using the mobile payment system only needs to print the QR code of the payment request, and the customer can use the mobile payment method according to the two-dimensional code on the paper. The advantage is that the mobile payment method can be adapted to the mobile payment method without changing or replacing the hardware. It is a low-cost, quick-to-do modification.

 3. Function with service bill payment: If the monthly or quarterly electricity and gas bills load the QR code of the payment request, the payer can use the mobile payment system to pay with the mobile terminal at home or anywhere, saving the special Increase time efficiency by going to a specialty store or using an online verification payment program.

 4. With the new consumer experience / merchant market promotion function: Different from SMS text mobile payment, the system will provide more rewards, discounts, sweepstakes and personal special treats after the payer pays the bill or Rich consumer information. The moment after the customer pays, it is also a good time for the merchant to publicize to the consumer, and it is also the time for consumers to get multiple benefits and a lot of shopping information. The benefit to merchants is to promote market flow of products and introduce different customer groups to different points of sale.

 5. Features with personal privacy protection: During the mobile payment process, the payer's personal information will not be disclosed to third parties. The disadvantage of SMS mobile payment is that the payer must disclose the number of the mobile phone; when using any card type, such as a credit card or debit card, the disadvantage is that the personal data on the card has the opportunity to be stolen and the payer is unaware .

 6. Environmentally-friendly functions: Due to the use of ubiquitous hardware (mobile terminals), this mobile payment system can be used for payment or collection purposes, eliminating the need to manufacture resources for the mobile payment system's proprietary equipment.

Since the mobile payment service of the present invention is not provided by providing data such as a credit card or a bank card, when a young person signs up for a party or a group event, it is only necessary to use ordinary personal smart electricity. In this way, the payment system of the present invention can be paid immediately after registration on the Internet, without waiting, eliminating the time required for young people to register, and facilitating the event organizer to more efficiently know the number of payers and the total amount charged.

 When a business or tourist person comes to a different place, you can purchase a mobile phone recharge card, which can save high roaming charges. Secondly, you can immediately open a mobile payment service, exempting the credit card from paying foreign exchange rates and enjoying electronic payment. Convenience and a complete consumption record. When it is necessary to increase the available amount of the account, the consumer can recharge to a nearby telecommunications store or convenience store to increase the account payment flexibility to reduce the risk of loss.

Embodiment 2 of identity authentication system and method

Figure 5 is a block diagram of the identity authentication system of the present embodiment. In this embodiment, the principles and techniques used are substantially the same as those of the first embodiment described above, with some modifications and improvements. In theory, the system configurations of the two embodiments are the same. Comparing Fig. 1 with Fig. 5, it can be found that there are quite a few differences between the two figures. The reason is that Fig. 5 is simplified, showing only the main hardware configuration of the identity authentication system. The identity authentication system includes a user device 20 (a device used by a user requiring authentication), an identity authentication system server 128, a mobile subscriber mobile data server 125 of the telecommunications carrier, and a verification device 26 (ie, the identity authentication request provider of FIG. 1) 120 devices used). The user device 20 includes a non-mobile device and a mobile device 122 (mobile terminal), and the non-mobile device includes a device such as a computer that can be connected to the Internet, and the mobile device 122 includes all built-in Subscriber Identity Modules (SIMs). Portable devices connected to the network, such as mobile phones, Personal Digital Assistants (PDAs), and tablets. The identity authentication system server 128 is responsible for the authentication work, which receives the authentication request from the verification device 26, and then the identity authentication system server 128 generates the URL web page address and the encryption code (the code is encrypted to prevent others from modifying) according to the authentication request, and The encrypted code is embedded in the URL web page address to obtain a URL web page address containing the encrypted code, and the URL web page address including the encrypted code is transmitted back to the verification device 26, and the verification device 26 thereafter uses the URL address of the web page containing the encrypted code for identity authentication. Verification device 26 After obtaining the URL of the URL containing the encrypted code, the URL page address including the encrypted code is transmitted to the user device 20 when the identity authentication is required to start the user's true authentication process. When the user's authentic authentication process is initiated, all core authentication steps are performed at the identity authentication system server 128, and the detailed steps are described below. The identity authentication of the present invention is completed by the assistance of a third party, which is a telecommunications service provider (telecom operator). The mobile subscriber mobile data server 125 of the telecommunications service provider stores the personal data of the mobile subscriber, including his/her name, address, Mobile phone number, account number, account balance, and more. In one embodiment, the user needs to require the telecommunications service provider to enable the service, and in addition, the user may also register with the identity authentication system server 128 to indicate that they are using the service. The identity authentication system server 128 is coupled to the mobile user mobile data server 125 and obtains the telephone number of the user's mobile device and the user's data to confirm the identity of the user. The verification device 26 is provided in a related mechanism that requires authentication, and has the ability to communicate with the user device 20 by a specific delivery method. The specific delivery mode includes all delivery modes supported by the user device 20, such as barcode, microwave, sound wave, specifically including fast response matrix code, near field communication (NFC), Bluetooth, infrared, wireless fidelity (Wi-Fi), and radio frequency. Identification (RFID) and so on. The verification device 26 can be a computer, a server, or the like.

Referring to Figure 6, a simplified flow chart of the identity authentication of this embodiment is shown. This embodiment of the invention is explained herein by taking the user as an example of establishing his identity through a website. First, the authentication process begins at step 28, where the user first opens a particular application installed on the user device 20, or connects to the website via the network function of the user device 20, the website being hosted by the verification device 26, the website It can be a website that requires certification, such as shopping websites, online banking, consumer websites, and government websites. Briefly, the purpose of step 30 is to connect to the verification device 26 using the user device 20, which is a TCP/IP connection between the user device 20 and the verification device 26, including any wired or wireless technology available now or in the future. Wireless technologies include Wi-Fi, General Packet Radio Service (GPRS), Third Generation Mobile Communications (3G), and Fourth Generation Mobile Communications (4G). After connecting to the verification device 26 (the website it hosts), the user can enter data (or not lose) The authentication device 26 collects the necessary data, including the Internet Protocol Address and the communication port (Port) of the user device 20 used by the user. Then, in step 32, the verification device 26 generates an authentication request according to the collected data, and sends the authentication request to the identity authentication system server 128, where the authentication request includes data input by the user, and an Internet Protocol Address of the user device 20. And the communication port (Port). After receiving the authentication request, the identity authentication system server 128 determines whether the user device is a mobile device connected to the mobile phone network (for example, 3G/4G) based on the Internet Protocol address and the communication port (Port) of the user device 20, thereby obtaining device determining. As a result, the identity authentication system server 128 generates a URL web page address and encryption code based on the authentication request, and embeds the encryption code into the URL web page address to obtain a URL web page address including the encrypted code (step 34), after which the identity authentication system server 128 The device determination result and the URL web page address including the encryption code are transmitted back to the verification device 26 (step 36). At step 38, the verification device 26 uses the resulting URL web page address containing the encrypted code for identity authentication. Encryption coding includes the use of conditional parameters such as the number of valid times and the effective time, the effective number defines the number of times the encryption code can be used, and the effective time defines the usable time of the encryption code. The effective number and effective time of the encryption code are set by the verification device 26 as needed. The setting is included in the authentication request, and the identity authentication system server 128 receives the authentication request and generates the appropriate data (including settings). URL page address and encryption code. If you need to perform authentication actions frequently, you can set the number of times of multiple times, such as 10 times. On the contrary, if it is not necessary or for security reasons, you can set the encryption code to be used only once. After the first use, the encryption code is used. It will become invalid, even if others get it. By the same token, the effective time of the encryption code limits the usage time of the encryption code. The encryption code can be set to be valid only for a certain period of time, such as one day, one week or one month, exceeding the valid time, even if the encryption code is left.佘 Effective times, the encryption code will also become invalid, which greatly improves security. After the verification device 26 obtains the URL of the URL containing the encrypted code, the identity authentication can be performed. The present invention mainly uses the user's phone number to complete the identity authentication, so the user must finally use the mobile device 122 to perform the final authentication step, as before. The mobile device 122 includes all portable devices that have a Subscriber Identity Module (SIM card) built in and can be connected to the network, such as a mobile phone, a Personal Digital Assistant (PDA), and a tablet. Since the identity authentication system server 128 transmits the device determination result together while transmitting the URL page address including the encrypted code to the verification device 26, the verification device 26 knows that the user is using a non-mobile device or mobile device 122, if the user device 20 is The mobile device 122, which uses the mobile phone network to access the Internet, transmits the URL page address containing the encrypted code directly to the mobile device 122 via the mobile phone network. The mobile device 122 uses the browser or software to read the URL of the URL containing the encrypted code. Identity authentication is performed. Conversely, if the user device 20 is not a mobile device 122 that uses the mobile phone network to access the Internet, the authentication device 26 requires the user to switch to the mobile device 122 on the mobile phone network and transmit the URL containing the encrypted code through a specific delivery method. The web page address is transferred to the mobile device 122 for identity authentication. The step of determining that the user device 20 is a mobile device that uses the mobile phone network to access the Internet or the mobile device that does not use the mobile phone network to access the Internet may also be performed by the verification device 26, since the user device 20 is sometimes in the same space as the verification device 26. For example, when the user device 20 is first connected to the verification device 26, the verification device 26 can detect the Internet Protocol Address of the user device 20 to obtain the device determination result, and then the verification device 26 is transmitting. Include an encrypted encoded URL web page address to require the user to open the URL page address containing the encrypted code directly for use in a browser or software for authentication or to switch to another mobile device 122 using the mobile phone network for authentication.

As mentioned above, the specific delivery mode referred to in the present invention includes all transmission modes supported by the user device 20, such as barcode, microwave, sound wave, specifically including fast response matrix code, near field communication (NFC), Bluetooth, infrared, wireless. Fidelity (Wi-Fi) and Radio Frequency Identification (RFID) and many more. As an example, the verification device 26 may transmit the URL web page address containing the encrypted code to the mobile device via a barcode (Quick Response Matrix Code), first the verification device 26 displays the barcode, including in any form such as projection, display display, and the like. The user turns on the associated program of the mobile device 122 to read the barcode and receives the URL web address containing the encrypted code, after which the web address will direct the mobile device 122 to the identity authentication system server 128, after which the identity authentication system server 128 will act according to the mobile device 122. The characteristics identify the user's identity. The feature of the mobile device 122 referred to herein refers to the mobile subscriber international number (MSISDN) of the mobile device 122, referred to herein as the telephone number. There are a number of methods that can be used to determine the mobile device 122's telephone number (MSISDN) and the telecommunications service provider identifier/International Mobile Subscriber Identifier (IMSI). In one embodiment of the invention, the following method is used: First, the mobile device When the server 122 is directed to the identity authentication system server 128, the identity authentication system server 128 obtains the Internet Protocol address (IP address) of the mobile device 122, because each telecommunication service provider registers and manages from the regional Internet. The organization Regional Internet registry (RIR) obtains a certain range of unique Internet Protocol addresses, which are known to the telecommunication service provider according to the scope of the Internet Protocol address, and then the identity authentication system server 128 transmits the Internet Protocol address of the mobile device 122. The mobile subscriber data server 125 to the corresponding telecommunications service provider and the mobile subscriber mobile data server 125 are required to pair to provide the telephone number and subscriber data corresponding to the internet protocol address. The present invention is applicable to Internet Protocol version 4 (IPv4), Internet Protocol version 6, IPv6, or any future available Internet protocol version. In order to more accurately confirm the identity of the user, when the mobile device 122 is directed to the identity authentication system server 128, the identity authentication system server 128 can obtain the Internet Protocol Address and the communication port (Port) of the mobile device, and then the identity. The authentication system server 128 transmits the Internet Protocol Address and the port of the mobile device to the mobile user mobile data server 125 of the corresponding telecommunication service provider and requests the mobile user to move the data server 125 for matching. Correct. The mobile user mobile data server 125 stores a mapping table of an Internet Protocol Address and a communication port (Port), and the mapping table records a specific mobile internet protocol address (Internet Protocol Address) and a communication port (Port). The mobile phone number (MSISDN), according to the determined telephone number (MSISDN), the corresponding user can also be determined. Because each mobile phone number (MSISDN) is bundled with a unique Mobile Internet Protocol Address and Port, the user identity determined by this method is true and unique, and is obtained. Third party (telecom company) guarantee. After the mobile device 122 is directed to the identity authentication system server 128, the authentication process is automatically performed, and the user does not need to perform any operations. The identity authentication system server 128 automatically completes the authentication and transmits the result back to the mobile device 122 and the verification device 26, the authentication procedure. Then it ends. In order to further enhance security, the system of the present invention incorporates a forced suspension function that can be performed on either of the user's mobile device 122, the authentication device 26, or the identity authentication system server 128, for example, the user feels on the way to authentication. If there is a problem with the website or according to its own wishes, the user can enable the forced suspension function to end the authentication process. On the other hand, the verification device 26 or the identity authentication system server 128 can automatically enable the forced suspension function when a malicious attack or system instability is detected to prevent data leakage and the like. The forced abort function is controlled by an authentication abort module included in mobile device 122, authentication device 26, and identity authentication system server 128.

 The embodiment of the identity authentication has been described in detail above. The method and system for identity authentication can be applied to different categories and environments as needed, such as identification of a visitor, authentication of a pass, and confirmation of a consumer identity. The following describes the identity authentication method and the specific application of the system.

Embodiment for performing mobile payment using the system in Embodiment 2 of the identity authentication system and method of the present invention

The embodiments of the identity authentication system and method are described in detail above. The following describes its application in mobile payment (ie, consumer shopping), the main principles of application in mobile payment and The procedure is basically the same as the second embodiment of the identity authentication system and method described above, except that the steps are partially increased or decreased.

 The hardware configuration required for the application of the mobile payment in this embodiment is the same as that of the second embodiment of the identity authentication system. As shown in FIG. 5, the user equipment 20, the identity authentication system server 128, the mobile user mobile data server 125, and the verification are included. Device 26. In this embodiment, the authentication request provider is a retailer, and the verification device 26 is typically a server hosting a retailer's shopping website. In addition, the identity authentication system server 128 is responsible for the central settlement of transactions in addition to the authentication work. In other words, the identity authentication system server 128 is equivalent to the mobile subscriber IP address data server 16 of the telecommunication service provider and the mobile subscriber payment of the telecommunication service provider in the embodiment of the mobile payment system based on the two-dimensional code and the telecommunication operator (telecom service provider) The combination of the processing server 126, it is conceivable that the mobile user IP address data server 16 and the mobile user payment processing server 126 are combined to obtain an identity authentication system server 128, which has a mobile user IP address data server 16 and a mobile user payment processing server 126. The function of the person.

Figure 7 shows a flow chart for mobile payment using an authentication system. The process begins in step 42, and the basic flow of the mobile payment is similar to the process of the second embodiment of the identity authentication system. First, the user connects to the verification device 26 using the user device 20, i.e., browses the relevant shopping website (step 44), and the user selects the appropriate item and settles the account. At step 46, the verification device 26 (shopping website) obtains data such as the amount of money the user needs to pay and obtains the IP address and communication port of the user device 20, and the verification device 26 then sets the data and the IP address and communication port of the user device 20. (Port) is transmitted to the identity authentication system server 128. In step 48, the identity authentication system server 128 generates a URL webpage address and an encryption code based on the received data, and embeds the encryption code into the URL webpage address to obtain a URL webpage address including the encrypted code, and according to the IP address and communication of the user device 20. The port determines whether it is a mobile device that uses the mobile phone network to access the Internet, and then passes the URL page address and device determination result containing the encrypted code back to the verification device 26. The steps here are basically the same as the steps of the second embodiment of the identity authentication system, except that the mobile payment implementation is implemented. The cryptographically encoded usage condition parameter of the example includes, in addition to the effective time and the effective number of times, an amount to be paid, which defines the amount the user needs to pay. After receiving the URL page address and the device determination result including the encryption code, the verification device 26 knows whether the user device 20 is the mobile device 122 accessing the Internet using the mobile phone network based on the device determination result (step 50), if the mobile phone network is used for mobile Internet access The device 122 allows the URL address containing the encrypted code to be directly transmitted to the mobile device 122 through the mobile phone network. If the mobile device 122 is not using the mobile phone network, the user is required to switch to the mobile device 122 on the mobile phone network. The URL page address containing the encrypted code is transmitted to the mobile device 122 by a particular delivery method. Even if the verification device 26 allows the URL page address containing the encrypted code to be transmitted directly to the mobile device 122 over the mobile telephone network, the user has other options, the user may select the mobile device 122 being used for payment (step 52), or may choose to use other The mobile device 122 makes a payment (step 54). After the user makes a selection, the web page address containing the encrypted code is received (step 58). When the verification device 26 knows that the user device 20 is not the mobile device 122 that uses the mobile phone network to access the Internet based on the device determination result, the user is required to receive the URL page address including the encrypted code using the mobile device 122 surfing the Internet through the mobile phone network, and the user switches to the mobile device. After device 122, step 58 is performed. After the user's mobile device 122 receives the URL page address including the encrypted code, the subsequent program is the same as the process of the second embodiment of the identity authentication system, and is not repeated here in detail. Briefly, the mobile device 122 reads the URL web page address containing the encrypted code, which will direct the mobile device to the identity authentication system server 128, after which the identity authentication system server 128 will retrieve the user data from the telecommunications service provider (step 60). And thereby establishing the identity of the user (step 62), the user data report including the user's phone number, its corresponding account information, and account balance. The detailed method is to use the mapping of the IP address and the communication port (Port), which has been explained in detail in the second embodiment of the identity authentication system above. After the identity of the user is established, the identity authentication system server 128 checks if the encryption code is valid (step 64), such as whether the valid time parameter is still within the validity period, whether the effective number is established, and the like. If the encryption code is valid, proceed to step 68. If not, proceed to step 66 to send the invalidation message to the user and end the payment procedure. At step 68, the identity authentication system server 128 checks whether the user account has sufficient amount to pay for the transaction. If the amount is sufficient, proceed to step 72. Otherwise, proceed to step 70. In step 70, the identity authentication system server 128 notifies the user that the amount is insufficient, prompting the user. Add value and end the payment process. At step 72, the identity authentication system server 128 processes the payment, requesting the mobile subscriber's mobile data server 125 of the telecommunications service provider to deduct the corresponding amount in the user's corresponding account, and the deducted amount is transferred to the corresponding shopping website's account accordingly. The corresponding shopping website has been previously registered or registered with the identity authentication system server 128 and obtained the merchant code. The identity authentication system server 128 uses the merchant code to confirm the identity of the merchant and knows its related data, such as account number, address, and the like. After the deduction is successful, the mobile user mobile data server 125 sends the confirmation information to the identity authentication system server 128. After receiving the confirmation information, the identity authentication system server 128 updates the user's data, such as the used amount, and finally sends the payment success information to The retailer's verification device 26 and the user's mobile device 122 complete the payment process at step 74 and finally terminate the payment process (step 76). The user uses the mobile payment for consumption, and the used account port is the user's mobile phone account account port, and the consumption amount is directly displayed on the user's mobile phone bill. When it is necessary to increase the available amount of the account, the user can purchase the mobile phone recharge card to recharge anytime and anywhere to increase the flexibility of the payment. As can be seen from the above, the identity authentication system server 128, in addition to performing the authentication work in the embodiment of the mobile payment, is also responsible for the central settlement of the transaction, and the identity authentication system server 128 communicates with the mobile user mobile data server 125 and the verification device 26 of the retailer. The settlement of the processing amount, in which the user's mobile device 122 never contacts or communicates with the mobile user mobile data server 125.

 Example of setting up fast moving

FIG. 8 is a flow chart of the present invention utilizing the identity authentication system of the second embodiment of the identity authentication system for default fast mobile payment. The application of the preset fast mobile payment mainly omits part of the above mobile payment embodiment, and generates a URL webpage address and an encryption code in advance. The encryption code is embedded in the URL page address to obtain the URL address of the URL containing the encrypted code for use, thereby improving efficiency and facilitating fast payment/purchase.

As with the embodiment of the mobile payment system of the system in the second embodiment using the identity authentication system and method, the merchant needs to register or register with the identity authentication system server 128 first to enable the identity authentication system server 128 to recognize its identity. As shown in FIG. 8, in step 77, the merchant transmits data such as the amount of money that the user needs to pay to the identity authentication system server 128, and the identity authentication system server 128 generates a URL webpage address and encryption code in advance based on the data, and encrypts the code. Embedding a URL webpage address to obtain a URL webpage address including an encrypted code, the encryption code includes conditional parameters such as an amount to be paid (which defines the amount of money the user needs to pay), a valid number of times, and a valid time, and these condition parameters can be defined by the merchant. . Normally, the effective number is set to 1, because an encrypted code corresponds to one item. When someone purchases the item, the identity authentication system server 128 immediately updates the data, and the effective number becomes 0 to prevent others from repeating the same. Encrypted encoding, causing confusion. However, in special cases or individual needs, the effective number can also be set to be greater than 1, such as 2, 3, 5, and so on. The webpage address including the encrypted code is pre-generated, and can be set in a specific manner in an individual place, and the specific manner includes all the delivery modes supported by the user's mobile device 122, such as a barcode, a microwave, an acoustic wave, and specifically includes a quick response matrix code. Near Field Communication (NFC), Bluetooth, Infrared, Wireless Fidelity (Wi-Fi), and Radio Frequency Identification (RFID). For example, a quick response matrix code including a URL page address containing an encrypted code can be placed next to the item in the store, and when the buyer selects, the mobile device 122 can be immediately read to read the quick response matrix code (i.e., step 78). For another example, at different point of sale, the URL page address including the encrypted code can be transmitted through Near Field Communication (NFC), Bluetooth, infrared, etc., to allow the mobile device 122 to receive, and the user can select the desired product at any time without After the attendant's participation. After the user receives the URL web page address including the encrypted code using the mobile device 122, the web page address directs the mobile device 122 to the identity authentication system server 128, and then the identity authentication system server 128 obtains the user data according to the characteristics of the mobile device 122 (step 79). And establish the user Share (step 80). Subsequent steps 81-87 and steps 64, 66, 68, 70, 72 in FIG.

74 and 76 are the same, have been described in detail above, and will not be repeated here.

Embodiment of the system in Embodiment 2 using the identity authentication system and method of the present invention allows users to remit money to each other

This embodiment is to facilitate mutual money transfer (transfer of money) between different users through the system of the present invention without going through a bank. 9 shows a block diagram of the present embodiment in which mobile devices 122 of different users communicate with the identity authentication system server 128 of the telecommunications service provider, and the identity authentication system server 128 and the mobile user mobile data server 125 communicate with each other. The remittance mentioned here refers to the transfer of the amount of mobile accounts of different users. First, User A (remittance user) wants to transfer the amount in his mobile account (telephone account) to the mobile account of User B (the user receiving the remittance), who can open the dedicated application of mobile device 122 or open a specific The URL is connected to the authentication system server 128. The identity authentication system server 128 then obtains the IP address and communication port (Port) of the mobile device 122 as described above, communicates with the mobile user mobile data server 125, maps and establishes the identity of the user. The specific steps have been described in detail above and will not be repeated here. After the identity of the user A is confirmed, the user A needs to input the telephone number of the user B, the telecommunications service provider used by the user B, and the transferred amount, and transmit to the identity authentication system server 128, and the identity authentication system server 128 then moves with the corresponding mobile user. The data server 125 contacts, and uses the phone number to search for the identity and data of the user B (such as its telecommunications account number, etc.). After the identity of both parties is confirmed, the identity authentication system server 128 performs central settlement, requiring the same telecommunications service provider or mobile subscriber data server 125 of a different telecommunications service provider to directly deduct the corresponding amount from the subscriber's telecommunications account and The corresponding amount is added to User B's telecommunications account. Upon completion of the settlement, the identity authentication system server 128 will send a success message to both parties' mobile devices to complete the procedure. The transfer of the amount will be directly displayed in the telecom statement of both parties. According to the above, User A and User B may be customers of the same telecommunications service provider or customers of different telecommunications service providers. In addition, in addition to user A's active remittance to user B, user B (user who requests remittance) can also Remittance is required to require User A (the user who is required to send money) (ie, the remittance procedure can also be initiated by User B). User B first connects to the identity authentication system server 128 to establish identity, and then enters the phone number of User A, the telecommunications service provider used by User A, and the amount requested to be transferred. The identity authentication system server 128 establishes the identity of the user A based on the provided data, and transmits the information (including the data of the user B) to the mobile device 122 of the user A to request the money transfer. However, User A has the right to decide, and if it agrees, proceed with the steps described above. If User A does not agree, it can cancel the remittance process.

The various embodiments of the present invention have been described in detail above, but the application of the present invention is not limited to the embodiments in the specification, and the system configuration and structure are not limited to the above embodiments. In addition, modifications may be made to the construction of the system, or different functions may be added to make the system of the present invention more complete and convenient. For example, different existing or future encryption technologies may be added to the encryption code to prevent data leakage, and data encryption technologies such as SSL may be added to the embodiments to protect users. Also, after the user is authenticated by the identity authentication system server 128, the user can additionally set the login password and email notification, which increases the flexibility of use and further enhances the security. The next time the user connects to the identity authentication system server 128, In the automatic step performed by the identity authentication system server 128, the user must also enter his or her login password to obtain the identity confirmation of the system. When the identity authentication system server 128 detects an abnormal situation, such as the identity of the user may be stolen, the identity authentication system server 128 suspends the authentication process and automatically emails the user to remind the user that someone is using the authentication service, requesting the user Determine if it is his or her own, otherwise the certification process cannot proceed. Furthermore, all of the embodiments described above may incorporate a forced suspension function that can be performed on either of the user's mobile device 122, the authentication device 26, or the identity authentication system server 128, for example, the user is on the way to authentication. If the website is faulty or according to its own wishes, the user can enable the forced suspension function to end the authentication process, and then the identity authentication system server will notify the merchant to stop the service to the user, in case of being spoofed by the phishing network or the intermediary, so that the user can be provided more Great protection. On the other hand, the verification device 26 or the identity authentication system server 128 is detecting a malicious attack or The forced abort function can be automatically enabled in case of unstable system to prevent data leakage and the like. The forced abort function is controlled by an authentication abort module included in mobile device 122, authentication device 26, and identity authentication system server 128.

 Having thus described several embodiments, those skilled in the art will recognize that various modifications, other structures, and equivalents can be used without departing from the spirit of the invention. Accordingly, the above description should not be taken as limiting the scope of the invention as defined by the following claims.

Claims

Claims 1. A method of identity authentication, including:  (a) using a user device to connect to the verification device;  (b) transmitting, by the verification device, an authentication request to the identity authentication system server; (c) the identity authentication system server generates a URL webpage address and an encryption code according to the authentication request, and embeds the encryption code into the URL webpage address to obtain a URL webpage address including an encryption code, and then encrypts the inclusion The encoded URL web page address is transmitted back to the verification device;  (d) the verification means instructing the user to receive the URL page address containing the encrypted code to connect to the identity authentication system server using a suitable device;  (e) The identity authentication system server uses the characteristics of the suitable device to perform the identity authentication.  2. The method of claim 1, wherein the cryptographic encoding further comprises a condition parameter, the condition parameter comprising:  (i) a valid number of times, which defines the number of times the encrypted code can be used; and  ( ϋ ) Valid time, which defines the usable time of the encrypted code. 3. The method according to claim 1, wherein the identity authentication system server transmits an internet of the user device included in the authentication request before transmitting the URL page address including the encrypted code to the verification device Determining, by the protocol address, whether the user device is a mobile device using the mobile phone network to obtain a device determination result, and transmitting the device determination result to the verification device together with the URL address including the encrypted code, and then The verification device performs the following steps: (i) if the user device is a mobile device using a mobile phone network to access the Internet, transmitting the URL address containing the encrypted code to the mobile device directly through the mobile phone network for the identity authentication; or  (ii) if the user device is not a mobile device that uses the mobile phone network to access the Internet, the user is required to use the mobile device that accesses the Internet via the mobile phone network and transmit the URL address containing the encrypted code to the website through a specific delivery method. The mobile device is described for performing the identity authentication.  4. The method of claim 1, wherein the suitable device is a mobile device that uses a mobile phone network to access the Internet, and the mobile device using the mobile phone network to connect to the Internet can use the URL address containing the encrypted code to connect to The identity authentication system server.  5. The method of claim 3 wherein the particular mode of delivery comprises a barcode, a microwave, and an acoustic wave.  6. The method of claim 4, wherein the mobile device is characterized by the mobile device's telephone number (MSISDN) and the identity authentication system server obtains the mobile device's telephone number (MSISDN) For:  (i) obtaining an Internet Protocol Address and a communication port of the mobile device and obtaining, from the corresponding telecommunication service provider, an Internet Protocol Address and the communication port (Port) Phone number (MSISDN) and telecommunication service provider identifier (IMSI); or  Reading (数据) data of a subscriber identity module (Sim Card) in the mobile device and determining a Telecommunications Service Provider Identifier (IMSI) and a mobile device's telephone number (MSISDN) based on the data; or  (iii) Obtaining a Telecommunications Service Provider Identifier (IMSI) and a telephone number (MSISDN) of the mobile device from the header of the authentication request (HTTP Header). 7. A system for identity authentication, including: (a) user equipment;  (b) a verification device, wherein the user connects to the verification device using the user device and inputs data to the verification device, the verification device transmitting an authentication request based on the material;  (c) an identity authentication system server to receive the authentication request and generate a URL web page address and an encryption code according to the authentication request;  The identity authentication system server embeds the encrypted code into the URL webpage address to obtain a URL webpage address including an encrypted code, and transmits the URL address containing the encrypted code to the verification device, the verification device Instructing the user to use the appropriate device to receive the URL page address containing the encrypted code to connect to the identity authentication system server for the identity authentication.  8. The system of claim 7, wherein the cryptographic encoding comprises a condition parameter, the condition parameter comprising:  (a) a number of times, which defines the number of times the encryption code can be used; and  (b) Effective time, which defines the usable time of the encrypted code.  9. The system of claim 7, wherein the identity authentication system server includes a device determining module to include, according to the authentication request, before transmitting the URL page address including the encrypted code to the verification device Determining, by the user device, an internet protocol address whether the user device is a mobile device using a mobile phone network to obtain a device determination result, and transmitting the device determination result together with the encrypted encoded URL web page address Determining the verification device, and then the verification device performs the following steps:  (i) if the user device is a mobile device that uses the mobile phone network to access the Internet, transmitting the URL page address containing the encrypted code directly to the mobile device via the mobile phone network for the identity authentication; or (ii) if the user device is not a mobile device that uses the mobile phone network to access the Internet, the user is required to use the mobile device that is connected to the mobile phone network and pass the special The delivery method transmits the URL address containing the encrypted code to the mobile device for the identity authentication.  10. The system of claim 9 wherein the particular delivery means comprises a barcode, a microwave, and an acoustic wave.  11. The system of claim 9, wherein the particular delivery method comprises a fast response matrix code, Near Field Communication (NFC), Bluetooth, Infrared, Wireless Fidelity (Wi-Fi), and Radio Frequency Identification (RFID).  12. The system of claim 9, wherein the mobile device, the verification device, and the identity authentication system server each include an authentication abort module to forcibly suspend the identity authentication based on a particular situation.  13. The system of claim 12, wherein the particular condition is that the discovery is spoofed by a phishing network or an intermediary, the identity authentication system server notifying the verification device to stop servicing the user.  14. A method of mobile payment, comprising:  (a) using a user device to connect to the verification device;  (b) transmitting, by the verification device, an authentication request to the identity authentication system server; (c) the identity authentication system server generates a URL webpage address and an encryption code according to the authentication request, and embeds the encryption code into the URL webpage address to obtain a URL webpage address including an encryption code, and then encrypts the inclusion The encoded URL web page address is transmitted back to the verification device;  (d) authenticating the user using the URL page address containing the encrypted code; and  (e) The mobile payment is made using an established user identity.  15. The method of claim 14, wherein the cryptographic encoding comprises a condition parameter, the condition parameter comprising:  (i) a number of effective times, which defines the number of times the encrypted code can be used; (ii) a valid time, which defines the usable time of the encrypted code; and (iii) The amount to be paid, which defines the amount the user needs to pay.  16. The method according to claim 14, wherein the identity authentication system server determines an internet protocol address of the user device included in the authentication request before transmitting the URL page address including the encrypted code to the verification device Determining, by the Internet Protocol Address, whether the user equipment is a mobile device using a mobile phone network to obtain a device determination result, and transmitting the device determination result to the verification device together with the URL address including the encrypted code And then the verification device performs the following steps:  I. if the user device is a mobile device using a mobile phone network to access the mobile device, transmitting the URL address containing the encrypted code to the mobile device directly through the mobile phone network; or  II. If the user device is not a mobile device using a mobile phone network to access the Internet, the user is required to use the mobile device that accesses the Internet via the mobile phone network and transmit the URL address containing the encrypted code to the Mobile devices.  17. The method of claim 14, wherein the step of authenticating the user using the URL containing the encrypted encoded web page address comprises:  (i) the verification device transmits the URL page address including the encrypted code to the mobile device;  (ii) the mobile device receives a URL web page address including an encrypted code, the encrypted web page address including the encrypted code directing the user device to the identity authentication system server;  (iii) said identity authentication system server confirms the identity of said user based on characteristics of said mobile device. 18. The method of claim 16 wherein the particular mode of delivery comprises a barcode, a microwave, and an acoustic wave. 19. The method of claim 16, wherein the particular delivery method comprises a fast response matrix code, Near Field Communication (NFC), Bluetooth, Infrared, Wireless Fidelity (Wi-Fi), and Radio Frequency Identification (RFID).  20. The method of claim 17, wherein the mobile device is characterized by a mobile device's telephone number (MSISDN) and the identity authentication system server obtains the mobile device's telephone number (MSISDN) For:  Obtaining an Internet Protocol Address and a communication port of the user device, and obtaining, from the corresponding telecommunication service provider, the Internet Protocol Address and the communication port (Port) Telephone number (MSISDN) and telecommunication service provider identifier (IMSI); or  II. reading data of a subscriber identity module (Sim Card) in the mobile device and determining a telecommunications service provider identifier (IMSI) and a mobile device's telephone number (MSISDN) based on the data; or  III. Obtain an Operator of the Telecommunications Service Provider (IMSI) and a telephone number (MSISDN) of the mobile device from the header of the authentication request (HTTP Header).  21. The method of claim 14, wherein the step of performing the mobile payment using an established user identity comprises:  I. determining whether the encryption code is valid;  II. determining whether the account amount of the user is sufficient; and  III. Complete the transaction or cancel the transaction based on the results of determining steps I and II.  22. A method of preset fast mobile payment, comprising: (a) pre-generating a URL webpage address and an encryption code, and embedding the encryption code in the URL webpage address to obtain a URL webpage address including an encrypted code; (b) reading, by the mobile device, the URL address including the encrypted code, the URL containing the encrypted code, and the mobile device is directed to the identity authentication system server;  (c) the identity authentication system server confirms the identity of the user based on characteristics of the mobile device; and  (d) The mobile payment is made using an established user identity.  23. The method of claim 22, wherein the cryptographic encoding comprises a condition parameter, the condition parameter comprising:  (i) a valid number of values of 1, which defines that the encrypted code can only be used once; (ii) a valid time, which defines the usable time of the encrypted code; and  (iii) The amount to be paid, which defines the amount the user needs to pay.  24. The method of claim 22, wherein the mobile device is characterized by a phone number (MSISDN) of the mobile device, and the method of the identity authentication system server obtaining a phone number (MSISDN) of the user device For:  (i) obtaining an Internet Protocol Address and a communication port of the mobile device and obtaining, from the corresponding telecommunication service provider, an Internet Protocol Address and the communication port (Port) Telephone number (MSISDN) and telecommunication service provider identifier (IMSI); or  (ii) reading data of a subscriber identity module (Sim Card) in the mobile device and determining a telecommunications service provider identifier (IMSI) and a telephone number (MSISDN) of the mobile device based on the data; or  (iii) Obtaining a Telecommunications Service Provider Identifier (IMSI) and a telephone number (MSISDN) of the mobile device from the header of the authentication request (HTTP Header).  25. The method of claim 22, wherein the step of performing the mobile payment using an established user identity comprises: I. determining whether the encryption code is valid; II. determining whether the account amount of the user is sufficient; and  III. Complete the transaction or cancel the transaction based on the results of determining steps I and II.  26. A method of remittances, including:  (a) User A connects to the identity authentication system server using a mobile device;  (b) the identity authentication system server confirms the identity of the user A and the telecommunications service provider to which the user A belongs;  (c) User A enters the telecommunications service provider and telephone number to which User B belongs and the amount of the remittance;  (d) the identity authentication system server confirms the identity of the user B according to the telecommunications service provider and telephone number to which the user B belongs;  (e) deducting the remittance amount directly from the telecommunications account of the user A and remitting the remittance amount to the telecommunications account of the user B.  27. A method of remittances, including:  (a) User B uses a mobile device to connect to the identity authentication system server;  (b) the identity authentication system server confirms the identity of the user B and the telecommunications service provider to which the user B belongs;  (c) User B enters the telephone number of User A and the associated telecommunications service provider and the amount requested to be transferred;  (d) the identity authentication system server confirms the identity of the user A according to the phone number of the user A and the associated telecommunications service provider;  (e) the identity authentication system server sends information to the mobile device of the user A to request remittance, the information including the data of the user B; (f) User A decides to make a remittance or cancel the remittance procedure.  The method according to claim 26 or 27, wherein the telecommunications service provider to which the user A belongs and the telecommunications service provider to which the user B belongs are the same telecommunications service provider. 29. The method according to claim 26 or 27, wherein the telecommunications service provider to which the user A belongs and the telecommunications service provider to which the user B belongs are different telecommunication service providers. (a) an authentication system server loaded with an identity authentication system and storing data records and account passwords for querying identity authentication;  (b) mobile devices;  (c) an identity authentication request provider, the identity authentication request provider connecting to the identity authentication system and inputting an identity identification code, a password, and an IP location data of the mobile device;  The identity authentication system establishes the identity authentication request provider by using the identity authentication code and the password of the identity authentication request provider, and then obtains the mobile device from the mobile operator's mobile data server by using the IP location information of the mobile device. The mobile device's phone number is generated and encrypted, and the mobile device's phone number and the encrypted code are transmitted to the identity authentication request provider for identity authentication.  31. The system of claim 30, wherein the mobile device comprises a communication device to receive the encrypted code from the identity authentication request provider, the communication device comprising NFC near field communication, Bluetooth, WIFI, infrared , barcodes, ultrasound and RFID. The system according to claim 30, wherein the identity authentication system includes an authentication determination unit, an authentication status unit, and a password management unit, and the authentication determination unit is configured to determine whether the user logs in, whether the user repeats the authentication, and whether the phone number is The authentication status unit is configured to determine and change a user authentication status; the user phone number determining unit is configured to confirm that the phone number obtained by the identity authentication system from the telecommunication carrier is provided by the authentication request provider Whether the phone number matches, and feeds back information to the identity authentication system. (b) reading the two-dimensional code information using a mobile device, the mobile device connecting to the mobile payment system by using a URL location of the mobile payment system in the two-dimensional code information;  (c) the mobile payment system determines the telecommunication service provider used by the user by using the IP address of the mobile device, and then obtains the data of the user from the telecommunication service provider to confirm the identity of the user;  (d) completing the mobile payment using the confirmed identity of the user.  34. The method of claim 33, wherein the user profile comprises a phone number of the user, a type of user, and an available payment amount.  35. The method of claim 33, wherein the step of completing the mobile payment using the confirmed identity of the user comprises:  View the user's account deposit status and perform the following steps:  (i) if the deposit is insufficient, end the mobile payment and display to the user the cash and retry information required to be deposited; or  (ϋ) If the deposit is sufficient, the mobile payment system notifies the telecommunications service provider to deduct the payment amount from the user's telephone account to complete the mobile payment.