Search

CN-122022811-A - Identity auxiliary verification system and identity auxiliary verification method

CN122022811ACN 122022811 ACN122022811 ACN 122022811ACN-122022811-A

Abstract

The invention relates to an identity auxiliary verification method and an identity auxiliary verification system. The identity auxiliary verification method is realized based on a mobile terminal, an entity chip card and a payment system, and comprises the following steps that the mobile terminal sends a transaction request to the payment system, the payment system generates a dynamic challenge factor based on the transaction request and sends the dynamic challenge factor to the mobile terminal, the mobile terminal reads a hardware identifier of the entity chip card, the mobile terminal generates a verification certificate based on the hardware identifier and the dynamic challenge factor and sends the verification certificate to the payment system, and the payment system performs validity verification on the verification certificate based on the dynamic challenge factor generated by the mobile terminal to realize identity auxiliary verification. According to the invention, payment safety and convenience can be considered.

Inventors

  • Ge Zhikan
  • CHEN ZHUO
  • HUANG HE
  • ZHANG XUDONG

Assignees

  • 中国银联股份有限公司

Dates

Publication Date
20260512
Application Date
20251027

Claims (20)

  1. 1. An identity auxiliary verification method is realized based on a mobile terminal, an entity chip card and a payment system, and comprises the following steps: the mobile terminal sends a transaction request to a payment system; A payment system generates a dynamic challenge factor based on the transaction request and transmits the dynamic challenge factor to a mobile terminal; the mobile terminal reads the hardware identifier of the entity chip card; the mobile terminal generating a verification credential based on the hardware identification and the dynamic challenge factor and transmitting the verification credential to the payment system, and The payment system performs validity verification on the verification certificate based on the dynamic challenge factor generated by the payment system so as to realize identity auxiliary verification.
  2. 2. The authentication-assisted method of claim 1, The transaction request includes transaction information and a timestamp, The hardware identification includes a unique device number and a public key certificate.
  3. 3. The authentication-assisted method of claim 2, The generating a dynamic challenge factor based on the transaction request includes: Generating a random number; Generating a transaction hash value based on the transaction information; A dynamic challenge factor is generated based on the random number, the timestamp, and the transaction hash value.
  4. 4. The authentication method of claim 3, wherein, The generating verification credentials based on the hardware identification and the dynamic challenge factor includes: Calculating to obtain a public key abstract based on the public key certificate; Generating a first string based on the unique device number, the dynamic challenge factor, and the public key digest; signing the first character string by using a private key to obtain a signature value, and The authentication credential is generated based on the dynamic challenge factor, the signature value, and the public key certificate.
  5. 5. The authentication method of claim 4, wherein, The signing the first string with the private key includes: And signing the first character string by adopting a preset private key in the safety environment of the mobile terminal.
  6. 6. The authentication method of claim 5, wherein, The validity verification includes one or more of the following: certificate validity verification based on the public key certificate; Decrypting the signature value by adopting a public key to obtain a first character string, generating a second character string based on a unique equipment number in the first character string, a dynamic challenge factor generated by a payment system, and a public key abstract obtained by calculation based on a public key certificate, and comparing consistency of the first character string and the second character string; verifying whether the difference between the time stamp and the current time contained in the dynamic challenge factor generated by the payment system itself is less than a preset value, and And verifying the consistency of the transaction hash value contained in the first character string and the transaction hash value calculated by the payment system.
  7. 7. The authentication-assisted method of claim 1, The mobile terminal reading the hardware identifier of the entity chip card comprises the following steps: The mobile terminal reads the hardware identification of the entity chip card by using a near field communication technology.
  8. 8. The authentication-assisted method of claim 1, The mobile terminal reading the hardware identifier of the entity chip card comprises the following steps: The mobile terminal is paired with an external Bluetooth card reader through Bluetooth pairing and And the Bluetooth card reader reads the hardware identifier of the entity chip card and transmits the hardware identifier to the mobile terminal.
  9. 9. The authentication-assisted method of claim 2, The timestamp bits are in milliseconds.
  10. 10. The authentication-assisted method of claim 1, The mobile terminal reading the hardware identifier of the entity chip card comprises the following steps: And triggering the mobile terminal to read the hardware identifier of the entity chip card based on the event of receiving the dynamic challenge factor.
  11. 11. An identity-assisted authentication method implemented by a mobile terminal, the method comprising the steps of: Sending a transaction request; Receiving a dynamic challenge factor, wherein the dynamic challenge factor is generated based on the transaction request; Reading a hardware identifier of the entity chip card; Authentication credentials for implementing identity-assisted authentication are generated based on the hardware identification and the dynamic challenge factor.
  12. 12. The authentication assisted method of claim 11, The transaction request includes transaction information and a timestamp, The hardware identification includes a unique device number and a public key certificate.
  13. 13. The authentication-assisted method of claim 12, The dynamic challenge factor generation based on the transaction request includes: generating a random number based on the transaction request; Generating a transaction hash value based on the transaction information, and A dynamic challenge factor is generated based on the random number, the timestamp, and the transaction hash value.
  14. 14. The authentication assisted method of claim 13, The generating authentication credentials for implementing identity-assisted authentication based on the hardware identification and the dynamic challenge factor comprises: Calculating to obtain a public key abstract based on the public key certificate; generating a first string from the unique device number, the dynamic challenge factor, and the public key digest; signing the first character string by using a private key to obtain a signature value, and The authentication credential is generated based on the dynamic challenge factor, the signature value, and the public key certificate.
  15. 15. The authentication assisted method of claim 14, The reading of the hardware identifier of the entity chip card comprises the following steps: and reading the hardware identification of the entity chip card by utilizing a near field communication technology.
  16. 16. The authentication assisted method of claim 14, The reading of the hardware identifier of the entity chip card comprises the following steps: The mobile terminal is paired with an external Bluetooth card reader, and And reading the hardware identifier of the entity chip card by the Bluetooth card reader and transmitting the hardware identifier to the mobile terminal through Bluetooth.
  17. 17. An identity auxiliary verification system comprises a mobile terminal, a payment system and an entity chip card, and is characterized in that, The entity chip card stores a hardware identification, The mobile terminal includes: a payment module for sending a transaction request to the payment system; A reading module for reading the hardware identifier of the entity chip card, and A security module that generates authentication credentials based on the hardware identification and a dynamic challenge factor described below and sends to the payment system, The payment system includes: A triggering module for generating dynamic challenge factors based on the transaction request, and And the verification module is used for verifying the validity of the verification certificate based on the dynamic challenge factor so as to realize identity auxiliary verification.
  18. 18. The authentication assisted system of claim 17, The transaction request includes transaction information and a timestamp, The hardware identification includes a unique device number and a public key certificate.
  19. 19. The authentication assisted system of claim 18, The trigger module generates a random number based on the transaction request and a transaction hash value based on transaction information in the transaction information, and generates a dynamic challenge factor based on the random number, a timestamp in the transaction information, and the transaction hash value.
  20. 20. The authentication assisted system of claim 19, The security module calculates a public key digest based on the public key certificate, the unique device number, the dynamic challenge factor and the public key digest form a first character string, a private key is adopted to sign the first character string to obtain a signature value, and the verification certificate is generated based on the dynamic challenge factor, the signature value and the public key certificate.

Description

Identity auxiliary verification system and identity auxiliary verification method Technical Field The invention relates to the technical field of financial payment safety, in particular to an identity auxiliary verification system and an identity auxiliary verification method. Background In the field of mobile payment, the current mainstream large-amount payment verification method mainly depends on multi-element digital verification means, such as passwords, short message verification codes and biological recognition (including face recognition, fingerprint recognition and the like). These approaches, while improving the security of payment to some extent, still present significant security concerns. For example, password authentication is vulnerable to phishing, and there is a risk of being stolen when a user inputs a password in an unsafe network environment. Although the short message verification code is used as a dynamic verification means, the short message verification code can be intercepted by lawless persons through a pseudo base station technology in the transmission process, so that the verification code is leaked. Moreover, although the biological recognition technology is convenient, the threat of advanced attack means such as 3D modeling and deep counterfeiting is faced in recent years, so that the security of identity verification by relying on biological features alone is greatly compromised. In addition, although the entity U shield is used as a hardware verification tool, the payment safety can be improved to a certain extent, the entity U shield has poor compatibility with mobile equipment, additional switching equipment is needed, the user carrying cost is high, the operation flow is complex, the entity U shield conflicts with the convenience requirement of mobile payment, and particularly in a large payment scene, the requirement of the user on the payment safety is higher, and the existing digital verification means and the entity U shield scheme are difficult to meet the requirement. Therefore, how to provide a safe and convenient authentication solution in a large payment scenario, for example, is a technical problem to be solved in the current financial payment security technical field. Disclosure of Invention In order to solve the problems in the prior art, the invention aims to provide an identity auxiliary verification system and an identity auxiliary verification method which are compatible with safety and convenience. The identity auxiliary verification method of one aspect of the invention is realized based on a mobile terminal, an entity chip card and a payment system, and comprises the following steps: the mobile terminal sends a transaction request to a payment system; A payment system generates a dynamic challenge factor based on the transaction request and transmits the dynamic challenge factor to a mobile terminal; the mobile terminal reads the hardware identifier of the entity chip card; the mobile terminal generating a verification credential based on the hardware identification and the dynamic challenge factor and transmitting the verification credential to the payment system, and The payment system performs validity verification on the verification certificate based on the dynamic challenge factor generated by the payment system so as to realize identity auxiliary verification. Optionally, the transaction request includes transaction information and a timestamp, The hardware identification includes a unique device number and a public key certificate. Optionally, the generating a dynamic challenge factor based on the transaction request includes: Generating a random number; Generating a transaction hash value based on the transaction information; A dynamic challenge factor is generated based on the random number, the timestamp, and the transaction hash value. Optionally, the generating the verification credential based on the hardware identification and the dynamic challenge factor comprises: Calculating to obtain a public key abstract based on the public key certificate; Generating a first string based on the unique device number, the dynamic challenge factor, and the public key digest; signing the first character string by using a private key to obtain a signature value, and The authentication credential is generated based on the dynamic challenge factor, the signature value, and the public key certificate. Optionally, signing the first string with a private key includes: And signing the first character string by adopting a preset private key in the safety environment of the mobile terminal. Optionally, the validity verification includes one or more of the following: certificate validity verification based on the public key certificate; Decrypting the signature value by adopting a public key to obtain a first character string, generating a second character string based on a unique equipment number in the first character string, a dynamic challenge factor generated