CN105264817B - Multi-factor authentication technology - Google Patents

Multi-factor authentication technology Download PDF

Info

Publication number
CN105264817B
CN105264817B CN201480025044.8A CN201480025044A CN105264817B CN 105264817 B CN105264817 B CN 105264817B CN 201480025044 A CN201480025044 A CN 201480025044A CN 105264817 B CN105264817 B CN 105264817B
Authority
CN
China
Prior art keywords
user
processing system
verification information
verifying
data processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201480025044.8A
Other languages
Chinese (zh)
Other versions
CN105264817A (en
Inventor
尤卡·萨洛宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bookit Ajanvarauspalvelu Oy
Original Assignee
Bookit Ajanvarauspalvelu Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/800,641 external-priority patent/US9578022B2/en
Application filed by Bookit Ajanvarauspalvelu Oy filed Critical Bookit Ajanvarauspalvelu Oy
Publication of CN105264817A publication Critical patent/CN105264817A/en
Application granted granted Critical
Publication of CN105264817B publication Critical patent/CN105264817B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/082Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying multi-factor authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a kind of verification techniques, have introduction stage and Qualify Phase.In the Qualify Phase, the verification information of at least two classifications is collected for user, one of classification is related to the measurable physical features of user, another classification is related to the communication resource that user can obtain, and third classification is related to the knowledge that user possesses.At Qualify Phase (7-10 ... 7-44), challenge (7-10 ... 7-24 is formed using some information in the verification information being collected into;7-62) to be presented to the user.Be received for the response for being formed by challenge from user, and be at least partially based on collected verification information it is at least part of compared with (7-44,7-66) determine the correctness of the response received.For the response computation correctness index.If correctness index meets or is more than first threshold, which passes through.

Description

Multi-factor authentication technology
Patent case information
The present invention claims in the U.S. Patent application of on March 13rd, 2013 " multi-factor authentication technology " submitting, entitled The priority of sequence number 13/800,641.The content of above-indicated parent application is incorporated herein by reference.
Technical field
The present invention relates to the verifyings in telecommunication system.Verifying can be executed to examine the identity of user, and optionally may be used To examine the other parameters of such as address etc.
Background technique
Have been developed for the user that several proof schemes come verify data processing equipment or communication terminal.Known to one kind Proof scheme was related in the introduction stage, and at this stage, establishing new user account includes that introduction (is stepped on to the user name of verifying element Record name) and password.Subsequent Qualify Phase includes that request user inputs user name-password combination.If the user name-of input is close Code character is closed and pre-stored (introduction) combinations matches, then the verification result of user is affirmative.
So simple system is highly susceptible to the attack of invasion and fraud.Invader can access in many ways Verifying system.They, which may result in, installs Malware in the computer of user.During the Malware will record login The keyboard that user carries out inputs and keyboard input is transmitted to invader.Another technology is that eavesdropping authentication server and user are whole Communication channel between end.The third technology is intrusion authentication server.
Many trials have been carried out to alleviate safety issue relevant to current authentication scheme.Many improved verifyings Scheme is based on the example (paradigm) for being referred to as " what you know, what you have ".User name-password combination is that " you know Road what " example, and mobile network mark be " what you have " example.For example, the introduction stage of verifying may relate to teach Lead the mobile logo (such as No. MSISDN) for verifying system.In Qualify Phase, pseudo noise code is can be generated in authentication server, The mobile terminal of user is sent by the pseudo noise code and user is requested to be returned within the relatively short time from another terminal The pseudo noise code of (such as computer).Because Modern Mobile Communications Systems use the verifying of PIN-based code, thus possess and be coupled to Instruct the mobile terminal to the mobile logo of verifying system be to by just in the additional degree of the relevant safety of user already authenticated Amount.Reference paper #1 and #2 (they are the PCT application being jointly owned and U.S. Patent application) individually disclose various verifyings Technology.Particularly, a kind of technology for being referred to as dynamic dialog matrix (DDM) is disclosed in reference paper #1, in the art, in Mediator (proxy server) changes the sender number for distributing to short message service (SMS) message and by different sender number Distribute to each SMS message in sequence.When client (mobile subscriber) responds the SMS message in the sequence, each response disappears Cease have unique sender address (mobile terminal number) and recipient address (distribute to query messages using mediator as The address of sender address) combination.The unique combinations of the sender address and recipient address are used as data structure (referred to as DDM row and column address), and include the response by the unit that the two addresses identify.By DDM, mediator is not just known that Which response belongs to which inquiry, and mediator also knows that the mobile subscriber for sending response message is exactly with certain reasonability The individual that query messages are sent to.Know which sender address already is allocated to interested inquiry without other people. Therefore, know which recipient address is response message should be sent to without other people.
In reference paper #2, Fig. 9 A, Fig. 9 B and Fig. 9 B and its associated description disclose following technology: wherein general-purpose computations The combination of machine and mobile terminal be used to verify that (and for additional function, some functions in these functions may be with this hair It is bright uncorrelated).Figure 10 and its associated description of reference paper #2 discloses a kind of system architecture, which can be used to real The existing present invention.The content of above-mentioned reference paper is incorporated herein by reference.
Although improvement has been carried out in known proof scheme, some leftover problems are still had.For example, most of Proof scheme all there is rigidity, and this is unnecessary, as it means that regardless of the value of transaction or previously going through for user What history or other correlative factors are, require identical security level.Another problem is user name, password and mobile mark The combination of knowledge may be stolen from a legitimate user.
Therefore, there is still a need for verification technique about flexibility, safety or both improve.
Summary of the invention
The scheme of the invention is data processing system, comprising: storage system stores program code instruction and data;With And processing system, including at least one processing unit, wherein the processing system executes at least the one of said program code instruction Part simultaneously handles the data.The storage system includes at least one the verifying member that can be performed by the processing system Part.At least one described verifying element indicates the processing system: executing at least one introduction relevant at least one user Stage, wherein at least one described introduction stage, collected at least two in following at least three classification for the user The verification information of classification: first category, the measurable physical features about the user;Second category, can about the user With the communication resource of acquisition;And third classification, the knowledge possessed about the user.
At least one described verifying element also indicates the processing system and executes relevant at least one user at least one A Qualify Phase.In at least one described Qualify Phase, at least part of collected verification information is used to be formed at least One challenge is to be presented to the user.It is received at least one response for being formed by challenge from the user, and And be at least partially based on collected verification information it is at least part of compared with determine the correctness of the response received. For at least one correctness index of at least one response computation received from the user;If at least one is calculated Correctness index meets or is more than first threshold, then the user's checking passes through.
Under typical service condition, the user is that identity is waited for by the identifying object of the authenticated. Optionally, at least one described verifying element is implemented on the accessible server of multiple users.Alternately or additionally, until A few verifying element is implemented at least one communication terminal associated with the user to be verified.At least partially in Implement verifying element on communication terminal associated with the user to have an advantage that, verifying element is able to access that user interface and communication The sensor of terminal.One exemplary but non-limiting example in, the verifying element implemented on the communication terminal can be with Request user is directed at their nose with the specified finger of their left or right hands, and hereafter verifying element capture execution, this requires appearance Then the photo of the user of gesture compares the photo in introduction stage pre-stored photo, or by the photo of capture External certificate element (such as server) is sent to be compared with pre-stored photo.In order to increase safety, specify Finger and hand can change at random.As used in this disclosure, " random " refers to can only be guessed still not with identifying object Determine that the mode known changes verifying challenge.In other words, if identifying object does not know the sequence of variation, challenge is verified Variation is random.It will be apparent to those skilled in the art that if verifying the element communication accessible in user's (identifying object) Client component is partially embodied as in terminal, then the client component must be protected by cryptographic technique and be provided with number Certification.
The user is usually associated with having the communication terminal of at least one network address.
It, can be based on the identity of the user for the first threshold of calculated correctness index in order to improve flexibility The value and/or characteristic of transaction to be verified.For example, verifying element can be required for meter for being worth higher transaction The threshold value of the correctness index of calculating, which is higher than, is worth lower transaction.Even if implementing verifying in the case where not can determine that exact value Method be also it is beneficial, in verification method, access certain types or information (such as patient information of hospital) require correctness The threshold value of index is high, even if accessing this information, there is no associated amounts.Alternately or additionally, for calculated The first threshold of correctness index can be based on the foregoing history of user.
In order to provide very high safety, the stage is instructed at least one, at least one verifying element indicates processing system System collects the verification information of at least three classifications for the user.In Qualify Phase, processing system is described using being collected into The verification information of at least three classifications.It is all necessary that this very high safety, which is not for All Activity, if The value and/or characteristic of transaction meet preassigned, then verifying element can indicate that processing system collects and uses at least three classes Other verification information.
Using the information for being less than three classifications, the introduction stage can be related to collection ratio to be made in Qualify Phase The verification information of larger class quantity.In other words, one or two of verification information can not be used in Qualify Phase Classification, if the value and/or characteristic traded allow to do so.In some embodiments, verifying element indicates processing system System randomly chooses at least one classification and/or the verification information at least Qualify Phase classification ready for use.It states again, In practice, " random " includes " pseudorandom ", that is to say, that verifies the information used and/or classification changes as follows: that is, Identifying object is only capable of guessing next Qualify Phase will use which verification information or classification.
In some embodiments, about the verifying message of the first category of the measurable physical features of user (that is, " what you have ") it include at least one of physiologic information and sound characteristic.This can be measured by modern smart phone The non-exhaustive list of user's physical features.For example, can by the camera of smart phone capture user face, iris and/or The physiologic information of at least one fingerprint.Alternatively or additionally, the sound of user can be captured by the microphone of smart phone Sample.
For additional safety, the physiologic information of multiple alternative image datas can be collected with configuration verification element Data set (" version "), wherein face, iris, fingerprint are representative examples.Then verifying element can select at random Select at least one of multiple data sets.For example, the verifying element can indicate that user touches them with their left index finger Nose, or touch with their right fist their chin, then challenging user keeps it selected with corresponding to of capturing The image data for the data set selected responds.In other words, it is executed by the randomly selected user that camera captures " version " of posture should match with the photo of the identical posture previously stored in the introduction stage.
The exemplary but non-exhaustive list of the example of the verification information (" what you have ") of second category includes following information At least one of: at least one cellular network address;Use multiple and different communication channels of at least one cellular network address; At least one e-mail address;And at least one social networks address.It is additional security verified in order to provide, the second class Other verification information may include multiple data sets, which can be configured as in the multiple data sets of random selection extremely It is one few.For example, verifying element can indicate that user or their communication terminal send response to random network address/chain It connects.Alternatively or additionally, verifying element can indicate user or their communication terminal on randomly selected Internet resources Verification information is sent, which can be MAC Address, and No. ISDN etc..
The exemplary but non-exhaustive list of verification information (" what you have ") example of third classification includes in following information At least one: usemame/password/PIN code;Real problems/answer;The position (such as position of terminal instruction) of user;It is fixed When information.
In the background compared with simple authentication scheme, the combination of user name, password and/or PIN code is known, and they It can be used for the example in the third classification of verification information in the disclosure as " what you have ".Similar to " you are mother maiden When name what is " etc real problems and known to answer is also.User name, password, PIN code and real problems are answered Case is shared, which to be characterized in them all, is inputted via the keyboard or key (this can be realized by touch-sensitive display) of terminal 's.It should be noted that modern smart phone generally includes the sensor that can be used to collect the verification information of third classification.Example Such as, it can indicate that user beats the rhythm for the music that they like.The rhythm can be collected by the microphone of smart phone.It can Alternatively, if smart phone has gyroscope (various dimensions inclination or acceleration transducer), user can strike in air Smart phone is beaten or swung, which can be captured by inclination or acceleration transducer.Know that the legal of what be music be User can tap the rhythm but listener-in is then difficult to only guess out the music from rhythm or even remembers the rhythm.This The more simple version of kind mode includes indicating that user beats several beats with the interval that only legitimate user knows.Alternatively Or furthermore it is possible to inclination or acceleration sensing are utilized in a manner of indicating that user describes posture or writing words in air Device.The description or writing be inclined by or acceleration transducer capture and with the pre-stored version ratio that is captured in the introduction stage Compared with.
Illustrate again, if the verification information (" what you know ") of third classification includes multiple data sets and the element It is configured as randomly choosing at least one data set from multiple data sets, then additional safety can be provided.For example, this is tested The problem of card element can propose random selection, instruction user execute randomly selected movement, which passes through smart phone Sensor is captured and is compared in introduction stage pre-stored version, etc..
In some embodiments, (multiple) verifying elements are configured as thinking to use only for locality and/or time The verifying of family identity is effective.For example, service worker can be authorized to access particular place (premises) in some time.
Detailed description of the invention
Fig. 1 can be used to the block diagram of the embodiment of the present invention of authorization mobile payment;
Fig. 2A and Fig. 2 B is the signaling diagram for showing exemplary event series in system shown in Figure 1;
Referring now to Fig. 2A, it is described below the exemplary use being related to the initial transaction of individual services provider Situation.
Fig. 3 is shown in the system described before for the exemplary of various information processings and/or mediator server Block diagram;
Fig. 4 shows the schematic block diagram of mobile terminal;
Fig. 5 shows how user in the introduction stage before authentication can optionally use Internet-browser and shifting Both mobile phones;
Fig. 6 be show the verifying application downloading and install from application shop in the introduction stage can how with mediator front end The signaling diagram of cooperation;
Fig. 7 is to show the signaling diagram that how can cooperate with actual mediator in Qualify Phase verifying application;And
Fig. 8 is the variation example of scene shown in Fig. 5, wherein service provider tissue executes initial registration, by alias identifications point Provisioned user, and mediator only knows the alias identifications of the user.
Specific embodiment
1, it can use the typical scene of verifying
Fig. 1, Fig. 2A and Fig. 2 B show how configuration the embodiment of the present invention and other legal entities cooperate with It is formed convenient for providing the compound frame of service and payment.It will illustrate about a variety of of verifying about being described below for the compound frame Viewpoint.Viewpoint first is that, hyundai electronics commercial affairs are related to multiple cooperation entities, also relate to the problem of many is mutually authenticated naturally. The another kind viewpoint to be illustrated is, there are many different situations, requirement of these situations for verification process is different, especially It is the requirement about safety and convenience, this should suitably be balanced.There are also one kind viewpoints to be illustrated to be, although being related to To a large amount of entity, but still can be for multiple or all real in these entities for centralized validation service device Body executes verifying.
Specifically, Fig. 1, Fig. 2A and Fig. 2 B show the various features in compound use, in this case, move Employ the family owner of Payment Card (and one or more) verified using at least one communication terminal and authorize via Payment card issuing or process payment repeat from the credit card of user to the movement for operating the businessman for service provider Payment.As it is used herein, mobile payment refers to a kind of payment transaction at least partly acted on over the mobile network.Repeat into Capable mobile payment is that frequency is more than primary mobile payment.In general, about the information previously traded can be utilized with So that subsequent transaction is more convenient or effective.This reasonable compound use as shown here illustrates following fact: existing big The variable of security level needed for the influence verification processing of amount.
Fig. 1 can be used for the block diagram of the embodiment of the present invention of authorization mobile payment, and Fig. 2A and Fig. 2 B is to show Fig. 1 institute Show the signaling diagram of sequence of events in system.Fig. 1 shows a kind of embodiment, wherein is known as the centralization of mediator 1-300 Authentication server is located at and meets in the environment 1-100 of PCI, wherein " PCI " represents payment card industry.Meet the environment 1- of PCI 100 it is up to specification by the PCI safety standard committee announce, be currently in address www.pcisecuritystandards.org Upper announcement.It is basic It is not necessary to implement to meet the environment of PCI or install intermediary in this context for the angle of pure technology Body, but this implementation can aid in other entity trusts mediators 1-300 of such as process payment and businessman etc.
Meeting the other elements in the environment 1-100 of PCI includes process payment 1-200, its associated database 1- 202 and at least one businessman 1-205 is as legal entity.Database 1-202 stores the common account about user and businessman With address information 1-210.Although storing this information is considered as the preferable service management for progress such as audits, tight This is not indispensable for the present embodiment for lattice.
Shop or service provider 1-400 on each line except environment 1-100 of some businessman 1-250 by meeting PCI, 1-401 to 1-40n is operated.When discussing representative service provider, usually using reference label 1-400, and working as is needed When mentioning individual services provider, reference label 1-401 to 1-40n can be used.Meeting except the environment 1-100 of PCI A key factor be user naturally, the allusion quotation representativeness user in user is indicated with reference label 1-600.
In this embodiment, user 1-600 has multiple roles.Firstly, user is the client of process payment 1-200, It and is correspondingly the owner of one or more Payment Cards, one in one or more Payment Cards is with reference label 1-610 It indicates.While reference label 1-610 indicates Payment Card, reference label 1-612 expression is enough to identify the Payment Card comprehensively Information about Payment Card 1-610.In other words, if not additional verifying measure, such as that mentioned in the present specification A little introductions, then the knowledge about complete information 1-612 can make any people with the knowledge be paid (sincerity payment Or fraudulent payment), the payment can the owner 1-610 to Payment Card charge.User 1-600 is also Mobile Access Network The user of the user of 1-500 and at least one mobile terminal 1-620.
When being come into operation according to the system of Fig. 1, hypothesis and condition below comes into force:
1, there are initial trust relationships between process payment 1-200 and mediator 1-300.For example, the trusting relationship It can be established by the legal contract signed between the operator (as legal entity) of processor 1-200 and mediator 1-300, The legal entity indicates processor 1-200 and mediator 1-300 (as network node) mutual trust.As used herein , for example, " initial trust relationships " may mean that, authorized mediator 1-300 is initial at one group by process payment 1-200 Processing transaction in limitation.During system operatio, limitation can be increased.
2, there are initial trust relationships between each service provider 1-401 to 1-40n and process payment 1-200. There may also be initial trust relationships between each service provider 1-401 to 1-40n and mediator 1-300.
3, between process payment 1-200 and the user 1-600 of the owner as a multiple Payment Card 1-610 living There are initial trust relationships.
4, exist just between mediator 1-300 and user 1-600 as the mobile subscriber for using mobile terminal 1-620 Beginning trusting relationship.
However, this group of initial trust relationships have some blank.Firstly, meeting PCI in process payment 1-200 work Environment 1-100 in service condition under, it is important that complete credit card information 1-612 (is namely sufficient for fraudulent The information of purchase) environmental externality for meeting PCI will not be delivered to.Such as, which means that although mediator 1-300 is trusted To adjust the payment card transaction between service provider and mobile subscriber's (as the Payment Card owner) between two parties, however the mediator It allows for being operated in the case where the information of not comprehensive identity user Payment Card.In addition, an open problem is, It is what connects the Payment Card 1-610 of each user and mobile terminal 1-620.
Another open problem is, various service provider 1-401 to 1-40n or provides mutual related service How the subset of service provider can be authorized to the user of the authorized move transaction from a service provider 1-600 provides service.
Referring now to Fig. 2A, it is described below and is related to using feelings with the exemplary of the initial transaction of individual services provider Condition.In step 2-2, user 1-600 is registered to the website of processor 1-200.In registration, user 1-600 authorization is exemplary Service provider 1-401 is provided may the service charged of the Payment Card 1-610 to user.For example, the registration can be mutual By being executed using any terminal with internet function in networking.Modern smart phone may be used as browser or have mutual The terminal of network savvy, but telephony feature and browser function should be distinguished.Telephony feature, which usually passes through, utilizes subscriber identity module (SIM) it verifies, and browser function is using username/password combination then usually by individually being verified, for example, user name/close Code character, which is closed, can fetch confirmation by sending confirmation chain to the email account of user during initial registration.In some embodiment party In formula, initial registration 2-2 may need the strong authentication of bank validation or some other forms, and subsequent use is (as configuration changes Become) weaker verifying may be needed, such as the user-id/password combination issued during initial registration 2-2.
Repeat mobile payment to authorize, user effectively give allow service provider 1-401 by reference to Payment Card 1-610 provides the license of service to user 1-600.In step 2-4, processor 1-200 storage is given about user 1-600 The information of license out.For example, processor 1-200 can store information tuple 1-212, information tuple 1-212 includes user True identity, mobile logo, payment card number and service provider mark.Illustrate again, information tuple 1-212 is considered as The good service management mode carried out for audit objective, but strictly speaking, it is not exhausted for realizing payment To necessary.
" token " 1-214 is created in step 2-6, processor 1-200, " token " 1-214 indicates the letter to mediator 1-300 The tuple 1-212 of breath has been set up.For the purpose of the present embodiment, token 1-214 is the abundant mark of information tuple 1-212 The filtering version or compact version of the license provided from user 1-600 to service provider.For example, about the complete of user's Payment Card Full identification information 1-612 may be not transferred into the entity other than the environment for meeting PCI.Not with complete identification information 1-612 Together, token 1-614 only includes the information for being enough identity user/card owner 1-600 specific payment card.In current context In, such information is shown as " Payment Card REF " in the accompanying drawings because these items of information can make mediator with reference to user/ Block the specific payment card 1-610 of owner 1-600.In the example shown, " Payment Card REF " item of information can have value " VISA_4567 ", it is identified as a result, identifies specific payment card without identifying the payment comprehensively in the Payment Card of active user Card.In step 2-8, token 1-214 is sent mediator 1-300 by publisher/process payment 1-200.In optional step In 2-10, token is sent to service provider 1-401 by publisher/process payment.
In step 2-20, service provider 1-401 detects the mobile terminal invited service and be supplied to user 1-600 The chance of 1-620.There are ways to detect this chance by service provider 1-401.For example, service provider 1-401 can be examined Some services from service provider will be requested or have requested that by measuring user, and the service provider can provide The user is given in related service.Alternatively or additionally, user 1-600 can navigate to the website of service provider, and request to close In the information of service, to allow to invite service into the mobile terminal for being sent to user.In step 2-22, service provider 1- Service recommendations are sent to mediator 1-300 by 401.Service recommendations 2-22 contains the token 1-214 created in step 2-6 Identifier.Service recommendations 2-22 also include about the details invited, such as provide what service and price be It is how many etc..In step 2-24, mediator 1-300 reformats the mobile terminal 1- for inviting and forwarding it to user 620.Other than the details invited, the 2-24 that invites after reformatting includes " Payment Card REF " item of information, and the item of information is only Do not identify for user/card owner 1-600 mark Payment Card but comprehensively the card.Although inviting 2- after reformatting 24 are sent to the mobile terminal 1-620 of user, but service provider 1-401 is it is not necessary to send mediator for mobile ID 1-300, because being obtained in the token 1-214 that mobile ID can be sent to mediator from step 2-8.
In step 2-26, user 1-600 is responded from their mobile terminal 1-620.Assuming that using in this patent The DDM technology that other places describe in specification, for example, user 1-600 only needs to send " Y " for showing "Yes" and is used for table Any other content (not including response) of bright "No".Similarly, it may include selective listing (such as A, B, C, D) that this, which is invited, User can select an option for selecting " A " of A by replying.Even if multiple service provider 1-401 to 1-40n are each It is invited from transmission is multiple, DDM technology still is able to track which service provider which response from the user corresponds to from Which service invite.In step 2-28, which clothes what mediator 1-300 identified user response using DDM technology is Business is invited.In optional step 2-30 and 2-32, mediator 1-300 can request to come from publisher/service provider 1-200 Receiving, such as this can execute credit check.If credit check the result is that certainly, publisher/service provider 1-200 provides the receiving of centering mediator request.There are two purposes for the interaction of message 2-30 and 2-32.Firstly, mediator will be about The information that user receives is transferred to publisher/process payment 1-200 with for billing purposes, secondly, mediator request distribution Side/process payment 1-200 carries the credit or security check consistent with publisher/process payment policy.In step In 2-34, it is assumed that verify the result is that certainly, then the receiving of user is transmitted to service provider 1-401 by mediator 1-300.
In step 2-36, mediator, publisher/service provider and/or service provider can send confirmation to shifting Employ family/card owner 1-600.Strictly, the mode which has been considered as and the service management mode for being, but It is that the confirmation is not indispensable for providing the service of request.It in some embodiments, can be with different Sequence and/or passes through different entity and carry out step 2-30 and subsequent step.Such as from figure it will be apparent that step 2-34 it Afterwards, mediator, publisher/each of service provider and/or service provider know all with being all also clear that It is ready, and any entity can send to user and confirm.
It is repeated although above-mentioned steps 2-2 to 2-34 is enough to establish with regard to a mobile subscriber/terminal with a service provider Payment, however remain desirable to convenient for will invite and combine from the business of multiple related service providers.For example, it is assumed that service Provider 1-401 is airline.Under this assumption, chance detecting step 2-20 can be carried out, so that airline is symbol An example of the businessman 1-250 in the environment 1-100 of PCI is closed, which notifies service provider 1-401, service provider 1-401 is the example in shop on the line met outside the environment 1-100 of PCI.
Referring now to Fig. 2 B, step 2-20 to 2-34 is described by reference to Fig. 2A, thus is not repeated to describe.In order to read Person is convenient, and step 2-20 to 2-34 is repeated with legend of abridging in fig. 2b.
Second major part in Fig. 2 B, i.e. step 2-42 to 2-56, be related to token creation with repeat from The payment of family 1-600 to service provider 2 (1-402).The largely use with reference Fig. 2A description that these steps are realized In repeating the token creation from user 1-600 to service provider 1 (1-402), (detailed content is referring to step 2-2 to 2-8) It is similar.However, actual embodiment is different.Fig. 2 B the token creation stage (step 2-42 ..., step 2- It 56) is not user 1-600 initiation but mediator 1-300 initiation in.Therefore, user need not clearly be directed to each service Provider registers mobile payment.On the other hand, the control put 2 creation tokens and be not completely out of user is provided for user and service System.In a preferred implementation, it is desirable that the user for creating token for related service provider permits, but gives user Bring inconvenience should be limited to minimum.Step 2-42 to step 2-56 illustrates a kind of method for realizing this purpose.
As step 2-26's as a result, mediator 1-300 knows that user 1-600 is authorized to from service provider 1 The service of (1-401) carries out mobile payment.Mediator 1-300 uses this information now, and prompt is handled in step 2-42 Device 1-200 request is used to create the license of the token for user 1-600 and service provider 2 (1-402) this combination.In step In rapid 2-44, processor 1-200 requests the license of token in the creation from user 1-600.In step 2-46, mediator 1- 300 forward the request to the mobile terminal 1-620 of user 1-600.In the present embodiment, user receives token creation, and Positive response (such as " Y ") is sent in step 2-48.In step 2-50, the license that user creates token is sent to processor 1- 200, processor 1-200 create the record for being used to indicate user's license in step 2-52.In step 2-54, payment processing Device creates actual token, which is sent to mediator in step 2-56.Last three steps in the stage, i.e. step 2-52 to step 2-56 and each step 2-4 being created of first token in Fig. 2A are similar to step 2-6.
It is with the difference of step 2-4 to step 2-6 in Fig. 2A, is that mediator has been based on user in fig. 2b Requested service (and acceptable charge) this knowledge from service provider 1 initiate token creation processing, for The mediator of service provider 1 appreciates relevant service provider.Mediator does not have the institute of token creation processing requirement There is information, has not also needed.On the contrary, mediator only needs to know user 1-600 and service provider 2 (1-402) this combination Token should be created, or should from user request be directed to this creation license.Remaining of user's license and token are thin Section (most notably Payment Card identification information 1-612) has been processed device 1-200 and has known.
There is also the need to it is noted that user needs to verify his/her and/or which is specified from one or more clothes The multiple while service of business provider, which is invited, to be received and which is rejected.It is described before can use in patent specification DDM technology verifying is provided and/or user response invited with service matches.In some embodiments, at least for gold For the lower transaction of volume and/or transaction relevant to the user with good history, it is convenient to omit DDM technology.
It notifies to the token creation process of mediator as in step 2-56 as a result, present to 2 (1- of service provider 402) token creation is notified.Notifying process 2-58 specially leaves the open problem which entity to send the notice about. Depending on embodiment, which can be sent from processor 1-200 or mediator 1-300 because they all have it is identical Available information.
Wherein service provider 2 (1-402), which is sent, invites step 2-62 that user 1-600 and user receives to step 2-76 is similar to step 2-34 with each step 2-22, only difference is that service provider.(step 2- in the first scenario 22 to step 2-34), service provider is service provider 1, and (step 2-62 to step 2-76) clothes in the latter case Business provider is service provider 2.
Mediator 1-300 resides in the environment for meeting PCI and meets PCI specification and the fact that authenticate can have A variety of different implementations.For example, the legal entity that mediator can have been carried out safe examination by employee implements and operation.It can Alternatively or additionally, mediator or at least its some key components by a deep trusted side or multi-party can arrange or prison Pipe, the credibility of mediator are examined by cryptographic technique (such as digital authenticating).Alternatively or additionally, mediator is some Key component can be the firmware encoded in a manner of being similar to mobile SIM card, and the SIM card is by using challenge-response mechanism It is verified.The software of trust key component and challenge-response mechanism including intermediary's body function can be encoded into firmware, in Mediator (as proxy server) can be executed based on the firmware.
2, exemplary hardware platform
Fig. 3 is schematically illustrated in the various information processings and/or intermediary server carried out in the system described before Exemplary block diagram.For example, the such server architecture substantially indicated by reference label 3-100 can be used to realize mediator 1- 300 and/or for publisher/process payment and service provider server.Two major function blocks described herein It is server computer 3-100 and storage system 3-190.Server computer 3-100 includes reference label 3-110 table of applying greatly The one or more central processing unit CP1...CPn shown.Embodiment including multiple processing unit 3-110 is preferably provided with Load balancing units 3-115, load balancing units 3-115 balance the processing load between multiple processing unit 3-110.It is multiple Processing unit 3-110 can be implemented as independent processor module or as in the intracorporal physical processor core of single component shell Or virtual processor.Server computer 3-100 further includes for the network interface 3-120 with various data network communications, respectively Kind data network is indicated approximately through reference mark DN.Data network DN may include local area network (such as Ethernet) and/or Wide area network (such as internet).Assuming that server computer 3-100 is used as mediator 1-300, then it can be via data network DN and other servers cooperate.Reference label 3-125 indicates mobile network's interface, passes through mobile network's interface server meter Calculation machine 3-100 can net AN with various accesses and communicate, and the access net is the mobile terminal that terminal user or client use in turn MT service.
The server computer 3-100 of the present embodiment can also include local user interface 3-140.Dependent on embodiment party Formula, user interface 3-140 may include local input-output circuit for local user interface, such as keyboard, mouse and aobvious Show device (not shown).Alternatively or additionally, the management of server computer 3-100 can remotely be implemented, by being connect using network Mouth 3-120 is implemented with any terminal with internet function for providing user interface.The property of user interface depends on making With which type of computer come service implementation device computer 3-100.If server computer 3-100 is special purpose computer, Then it can not need local user interface, and server computer 3-100 can be typically administered remotely, such as from internet Web browser is managed.This long-range management can be used to carry out via server computer own and client terminal it Between the identical network interface 3-120 of transmission realize.
Server computer 3-100 further includes the memory 3- for storing program instruction, operating parameter and variable 150.Reference label 3-160 indicates the program for being suitable for server computer 3-100.
Server computer 3-100 further includes the circuit for various clocks, interruption etc., these circuits are approximately through reference Label 3-130 is indicated.Server computer 3-100 further includes to the memory interface 3-145 of storage system 3-190.Work as server When computer 3-100 is closed, the software that storage system 3-190 can store for realizing processing function, when powering on, the software It is read into semiconductor memory 3-150.Storage system 3-190 also keeps operation and variable during power-off.In large capacity reality (i.e. wherein individual server computer 3-100 is a large number of users service via each mobile terminal MT), storage system are applied in mode 3-190 can be used to storage dynamic dialog matrix associated with client and mobile terminal MT.Various element 3-110 to 3-150 Communicated with each other via bus 3-105, as well known to the skilled person, bus 3-105 carry address signal, data-signal with And control signal.
Technology of the invention can be realized as follows in server computer 3-100.Program groups 3-160 includes being used to indicate Processor 3-110 group executes the program code instruction of the function (including verifying) of the method for the present invention, and optionally takes with other Business device cooperation is provided with enhancing service.
Fig. 4 shows the schematic block diagram of mobile terminal.Mobile terminal MT includes having at least one central processing unit Processing system 4-202.The mobile terminal further includes storage system 4-250, as well known to the skilled person, memory System 4-250 typically comprises the combination of fast volatile memory and slower nonvolatile memory.In addition, mobile terminal MT includes or using user interface 4-210, user interface 4-210 includes input circuit 4-212 and output circuit 4-214.Input Circuit 4-212 includes the microphone and user input equipment of mobile terminal, such as key and/or touch screen.Output circuit 4-214 Display and earphone or loudspeaker including mobile terminal.Mobile terminal MT further includes reception/transmitting line 4-220, connects and transmits/receives Power transmission road 4-220 includes transmission circuit 4-222, receives circuit 4-224 and antenna 4-226.Subscriber identity module SIM 4-230 quilt Authentication function is used to verify the user of mobile terminal and identify user for the order of access net AN.It is typical modern mobile whole End further includes WLAN (Wireless LAN) circuit 4-234, and circuit 4-234 accesses mobile terminal as WLAN is linked into The wlan client of point AP.
In order to support mountable program module, the memory 4-250 of mobile terminal generally includes routine, mountable to download Program module, and mountable program module is stored as application (application program) 4-260 in memory 4-250 by centre Unit CP is managed to execute.Fig. 4 shows a kind of arrangement, and wherein mobile terminal is configured as, via data network DN, access net AN, day Line 4-226 and circuit 4-224 is received, from supplier is specific or platform-specific application shop AS downloads mountable program module. Instead of via access net from application shop download software or in addition to via access net from application shop download software other than, other Arrangement it is equally possible, such as mountable program module is downloaded into individual data terminal (not shown) via data network DN, Mountable program module can be sent to the WLAN circuitry 4-234 of mobile terminal from the individual data terminal, or can be with It is connected via some other short distances, such as bluetooth or universal serial bus (USB, not separately shown).Access net AN is usually to have There is the mobile communications network of broadband ability, and data network DN is typically internet or some execution Internet protocols (IP) Close subnet, commonly known as Intranet or extranet.In this summary level, previously discussed all elements in Fig. 4 It can be traditional element used in related fields.As will be described in more detail, via access network A N and data network The accessible one or more external hosts of DN.Finally, reference label 4-280 is indicated in memory 4-250 for storing parameter With the region of temporary variable.
Other than user interface 4-210, mobile terminal is typically comprised for detecting the optional of environmental variance or parameter Sensor 4-240.The non-exhaustive list of sensor 4-240 include: camera, IR (infrared) detection/telecommunication circuit, GPS and/ Or other positions determine circuit, compass, gyroscope (inclination sensor), RFID (radio frequency identification) and/or NFC (near-field communication) electricity Road etc..
By sensor 4-240, what is executed in the terminal can collect the ring about mobile terminal using 4-260 Border, periphery, position and/or orientation information.This sensor-based information is referred to collectively as sensitive information.Include using 4-260 Program for operating sensor realizes function.According to the application being performed, mobile terminal can be configured to control in response to user It makes and spontaneously and/or step by step collects this sensitive information, so that 4- is applied in the detection triggering of a type of sensitive information 260 to indicate that mobile terminal collects further information, sensing or other information.Pass through illustrative but non-limiting example, sense The main source of measurement information may include that mobile terminal may be used to determine it adjacent to interested object or the part of known location Radiation.The radiation for detecting this local restriction can be used to the position of verifying user, that is, verifying that user is wherein can be with Receive the position of local restriction radiation.For example, local restriction radiation can change over time and change.It grasps in the terminal The verifying application capture local restriction of work is radiated and the fact that store the related information content of radiation is proved, captured interior Mobile terminal is in radiation scope at the time of appearance is transmitted.
For example the detection of the local restriction radiation of infrared, bluetooth or near-field communication etc can trigger the application and collect and come from The sensitive information relevant to orientation of sensor 4-240, for example, compass is directed toward and/or gyroscope/inclination information and optional Accurate GPS information.The position of mobile terminal is orientated and may be used as the multiple of verifying about the information near interested object Aspect.Although for example, may indicate that by the not absolute certainty of scene of the camera capture of mobile terminal but still shifting Dynamic terminal is at the position that can capture the scene.
3, exemplary authentication technology
Fig. 1 and Fig. 2A to Fig. 2 B and its associated description are elaborated from establishing what New Account was bought to relatively simple increment How to require to verify in a variety of situations.In example in front, the user of mobile terminal authorizes multiple payments, and awards naturally The individual demand for weighing the payment is verified.Techniques described herein can also in the incoherent verification processing of financial transaction It uses.For example, online ballot processing is the example that voter needs the case where being verified.
Fig. 3 and Fig. 4 and its description show the hardware platform suitable for service implementation device or mediator and mobile terminal. Disclosure below illustrates how to improve known proof scheme using mobile-terminal platform.
Referring now to Figure 5, the exemplary teachings stage will be described.It is how optional in the introduction stage that Fig. 5 shows user 1-600 Ground uses both Internet-browser and mobile phone simultaneously.As it was noted above, browser function and telephony feature can be It realizes in single physical terminal, or is realized in different physical terminals.Use general purpose computer as the reasons why browser can Including being desirable for the bigger keyboard and display being capable of providing than phone, it is desirable alternatively to using being coupled to general purpose computer Intelligent card reader carries out strong authentication.
Step 5-2 to step 5-16 is related to technology as known in the art and thus provides only simple description.In step In 5-2, user 1-600 starts the processing for creating new user account.According to this exemplary optional feature, user 1-600 With the server communication for being used as the front end mediator 1-300.As a part of introduction process, front end will instruct result storage in In the accessible database of mediator.By using different front ends, actual mediator does not need the burden in introduction stage. User 1-600 inputs their identification information (as identified the user and writing full name, address, electricity needed for the address of the user Sub- mail address, mobile logo etc.).In order to realize financial transaction using Payment Card, user is commonly entered as combined Fig. 1 and figure Payment Card details described in 2A to Fig. 2 B.In step 5-4, front end usually executes the strong authentication about user.For example, bank tests Card and/or smart card authentication and PIN signature can be used for this purpose.
Step 5-10 to step 5-14 is related to coupling mobile logo with newly created user account.In step 5-10, Mediator front end sends challenge word, such as random string to browser.In step 5-12, user replicates random string It is sent from mobile terminal to mobile terminal, and in step 5-14.Now, mediator front end has confirmed in step 5-2 The mobile logo of input belongs to the individual that account creation is initiated in step 5-2.Since mobile logo is executed by PIN code, thus Step 5-10 to step 5-14 helps to reinforce the first verification process.
In step 5-16, from supplier is specific or the downloading of platform-specific application shop and Installation Validation application program (" are answered With ").For example, front end can indicate that user 1-600 navigates to application shop downloading verifying application program or front end can be thus Purpose sends to mobile terminal and links.Alternatively, front end can request application shop to send downloading to mobile terminal Link.Downloading and installation application program are technologies as known in the art, thus are omitted the detailed description.
In step 5-22 and step 5-24, front end sends many introduction problems to browser and/or mobile terminal.In step In rapid 5-26 and step 5-28, browser and/or mobile terminal send the response for being directed to introduction problem.Arrow 5-40 show by As a result it is stored in some long term memory.Some introduction problems belong to first category, first category be about user can Measure physical features.The verifying application of installation in the terminal cooperates with front end for this purpose.For example, it is assumed that eyes of user The item that photo will be used as in the first category about measurable physical features.The front end and verifying application can be in the following manner Cooperation.In the present specification, it is assumed that verifying application is that a kind of " intelligence " is applied, i.e., it is a kind of need it is considerably less detailed from front end The application that microdactylia enables.In one embodiment, requests verification application in front end returns to the photo of eyes of user.Verifying application instruction User by the left eye of the camera of mobile terminal alignment user or right eye and activate shutter (or verifying application can activate from Timing function).When the photo has been captured, verifying application is by ensuring that there are accurate edge acuities come verification film Interior eyes suitably cut the photo and optionally check the quality of photo.Alternatively, verifying application can will be shot Any content be sent to front end carry out processing and quality ensure.The process can be repeated for another eyes.
Another example of the measurable physical features for the user that can be captured in the introduction stage by mobile terminal be as Pass through the sample sound of the user of the microphones capture of mobile terminal.
It should be noted that single voice capturing can provide the information for belonging to two classifications.For example, if the introduction stage Being related to indicating that user says or sing favorite phrase or song, then sound characteristic is measurable physical features, and user The knowledge of pass phrase or song is that user gathers around acquainted example.Like phrase or song in face of saying legitimate user this is chosen The invader of war will must be known by the phrase or what song is, and it also requires replicating the sound of the legitimate user.
Fig. 6 is signaling diagram, illustrates to download from application shop and how the verifying installed applies in introduction stage and mediator Front end cooperation.In Fig. 6, the mobile terminal of user is divided into four parts.Mobile phone refers to the communication energy of mobile terminal Power, verifying application program refer to the application downloaded and installed from application shop in the step 5-16 of Fig. 5, and UI refers to mobile whole The user interface at end, by the user interface, the verifying application can be communicated with user, be referred to now labeled as the part of sensor For the various sensors of smart phone.The non-exhaustive list for the sensor that can be used in the verification include: camera, microphone, Gyroscope (orientation or inclination sensor), positioning device, clock and the sensitive pad of touch or display.
In step 6-10, mediator front end requests verification application capture sensing data, this be user feature and/or The knowledge that user possesses.If the photo of a part of the photo or user of the user of the camera capture of mobile terminal is to embody to use One schematic example of the sensing data of family feature.It is captured by the gyroscope (orientation or inclination sensor) of mobile terminal Posture is the knowledge for embodying user and possessing by the microphone of mobile terminal or the sensitive pad of touch or the rhythm of display capture Sensing data schematic example.The challenge for saying or singing the favorite phrase of user or song is to indicate surveying for user Amount sound characteristic likes the example of the sensing data of the knowledge of phrase or song plus legitimate user.
Let us assumes initially that verifying application is configured as the photo of one group of user of capture in step 6-22, verifying application User interface is sent instructions to, so that user knows the movement of their progress of expectation.For example, verifying application can indicate that user uses Mobile terminal is held in him in a manner of it can capture posture by camera simultaneously by the left ear-lobe that their right hand pinches them Left hand in.In step 6-24, the sensor of application activating mobile terminal is verified, refers to camera in this example.? In step 6-26, receiving sensor data (in this example: photo) is applied in verifying.Step 6-22 to step 6-26 is altogether with ginseng Label 6-20 is examined to indicate.This series of steps 6-20 can think highly of by different instructions and alternately through different sensings Multiple arbitrary number of times.For example, when the photo and posture of sufficient amount of user characteristics part (such as iris) are (such as by by user Index finger be placed on the quiet posture before mouth) when being captured by camera, then verifying application can indicate that user generates happiness The rhythm of joyous music.For example, the rhythm can be caught by the microphone, touch sensitizing input or gyroscope of mobile terminal It obtains.Illustrate again, controls the reason of instructing the stage rather than from the verifying of practical mediator from mediator front end and be, wish Hope the burden of practical mediator as few as possible.In scene described herein, front end will instruct the result in stage to be stored in intermediary In the accessible database of body.Arrow 6-30,6-40 describe respectively is sent to mediator from verifying reference for sensing data The movement of front end and some long term memory.
Fig. 7 is signaling diagram, illustrates how verifying application cooperates in Qualify Phase and actual mediator.In short, verifying The step of stage may include the verifying quote request sensing data installed in mediator guiding mobile terminal, the sensor number The knowledge possessed according to the measurable physical features and/or user that represent user.These are step 7-10 to step 7-30, these steps Suddenly very similar with corresponding step shown in Fig. 6, thus repeated description is omitted.Step 6-10 is to step 6-30 and step 7- 10 are to the difference between step 7-30, firstly, Fig. 6 and Fig. 7 relate separately to introduction stage and Qualify Phase, second, verify rank Section is controlled by actual mediator, and instructs the stage as shown in Figure 6 by mediator front-end control to alleviate the negative of practical mediator Lotus.
As performed by the introduction stage (6-40), store instead of the sensing data that will be returned to database, mediator Previously stored sensing data (step 7-42) is fetched from database now.It, will be in verification step in step 7-44 The sensor data set of acquisition is compared with previously stored sensor data set.Since sensing data is never complete It is complete accurate or repeatable, thus this analysis is fuzzyyer than username and password.The allusion quotation executed in comparison step Type movement is standardization.For example, the amplitude of sensing data sample or quantity can be amplified, so that the peak value of sample, average Value or root mean square (RMS) value obtain standardized value.
Step in the Fig. 7 described before (is i.e. can be before or after step 7-10 to step 7-44) and be related to user The communication resource or the challenge responses circulation of both that the knowledge possessed or user can obtain.Reference label 7-60 indicates this The challenge-response pair of sample.In this example, challenge-response can be with by verifying the knowledge that possesses of user and user to 7-60 The communication resource of acquisition and contribute to verifying.The scene is that at least one address based on user's mobile phone has been taught The stage of leading, which is taught, gives mediator database this hypothesis.At least one address can indicate the telephone number of user (MSISDN), e-mail address, social networks address etc..In step 7-62, mediator is sent to the mobile terminal of user The problem of Knowledge based engineering challenge, such as first pet, house, vehicle, ship about user etc..In this example, mediator Challenge 7-62 is sent from randomly selected mediator address.In step 7-64, for by inputting requested knowledge It responds, and the response is sent to randomly selected mediator address.For example, randomly selected mediator address can be Number in mobile network's address space, and medium can be the message in mobile communication system, such as short message (SMS), Multimedia Message (MMS) etc..Alternatively, mediator can send the link of random format with to the Email of user Location responds, which has been taught in the introduction stage and has given mediator database.In fact, random address quilt Mediator suitably manages, but they show to be randomized for user and invader.It is legal only to have already accessed to The individual of the mobile terminal of user or email account can send for the challenge response (any response, correctly or not Correctly).And only know which answer can send to be directed in the individual that the introduction stage is taught to mediator database to be somebody's turn to do The correct response of challenge.In step 7-66, mediator inspection responds the correctness of 7-64.The Correctness checking can in sound Answer the message of middle offer and/or for transmitting the communication resource of response correlation.Fig. 7 describes signaling diagram, wherein if challenge- It responds to not being related to sensing the collection of data, then mediator is around the verifying application installed in mobile terminal.Alternative real It applies in mode, may be by verifying application in all challenge-responses pair.
In step 7-68, if user has been able to provide the response for being directed to all challenges, mediator is completed to this The verifying of user.If some responses are incorrect, mediator may authorize some other trials to the user.Alternatively or In addition, some challenge-responses used in the verification are to not rigid correctly or incorrectly response.Particularly, with the survey of user The physical features obtained or sensor-based verifying are related, cannot be matched forever in the response that Qualify Phase provides in the study stage The response of offer, and should be using related or other similarity measurements.In some embodiments, measuring based on user The verifying of physical features can calculate statistical represent and measure (such as median, average value of multiple challenge-responses pair etc.), And complete the verifying of user for certain if statistics measurement up to standard meets given threshold value.
In step 7-70, mediator reports the result of verifying to interested multi-party, these interested multi-party allusion quotations It include to type other entities of user and such as service provider etc.For example, if the purpose of verifying is payment verification, in Mediator can notify service provider that there is the user of given User ID to have been verified by.
Fig. 8 is the variation example of scene shown in Fig. 5, and wherein business provider organizes to execute initial registration, by alias identifications The user is distributed to, and the mediator just knows that the alias identifications of the user.In fig. 8, the method and step of " 5-xx " is marked It is similar with the step of being described referring to Fig. 5, thus repeated description is omitted.Two steps 5-2 ' and 5-4 ' at the beginning are marked with one Skim because the step 5-2 and 5-4 in they and Fig. 5 the difference is that, in fig. 8, these steps by service provider or The tissue of service provider executes.In other words, service provider is created an account for the user, and executes initial authentication.Step Rapid 8-6 and step 8-8 is new and in steps of 5 without step relatively etc..These steps can be being executed in any order In rapid, alias identifications are distributed to the user by service provider tissue, and alias identifications are sent to mediator front end and transmission To the terminal of user.Service provider tissue is also for example and user terminal link is sent to mediator front end by user's Terminal is re-introduced to mediator front end.Since this point, scene shown in Fig. 8 is similar to scene shown in Fig. 5.When When verifying is completed, such as step 7-70 shown in fig. 7, the mediator will notify interested multi-party (such as financial institution) tool There is the user of given alias identifications to have been verified by.
The description of aforementioned authentication concentrates in the verifying of user.Instead of user's checking or other than user's checking, this Disclosure can be used to verify require user position or think user place.For example, task is that tour is multiple The safe police officer in place can prove their position by the sensing data of the sensor collection using mobile terminal.Verifying The position of user is substantially similar with the verifying identity of user.The sensing data of user, mobile terminal and peace are represented instead of collecting The verifying application of dress in the terminal can collect the sensing data for representing position.For example, captured in specific time and place GPS coordinate and/or photo can be used to confirm user in the given time in the place.
Multiple factors are often relied on for the quantity for the challenge-response circulation that given verification process requires, for example, verifying The relevant value of the transaction of execution, risk or required degree of secrecy, the foregoing history of user, suspicious activity (such as short time Inside another country is gone to from a country suddenly) etc..
Very strong verifying may be implemented by each scheme and feature of implementing this specification.Security level may be implemented It is exactly to steal the reality by cooperating the legitimate user with criminal to steal the unique channel of legitimate user's network identity Body user and the communication resource.Some embodiments of mediator can be read as by implementing some of Knowledge based engineering responses It seeks help or the feature of alarm information prevents this identity theft.If mediator receives a large amount of this message (such as one It is a or two), then the mediator can determine that the legitimate user is swindled.Mediator can notify police and/or requirement The account of financial institution's temporary close user.
Foregoing description (description especially relevant to Fig. 1, Fig. 2A and Fig. 2 B) is that a large amount of services mention with centralized mediator The embodiment of the services such as supplier, payment card issuing, process payment, right authority is related.Those skilled in the art will recognize Know, for single entity, such as service provider, also can be implemented and/or manage intermediary's body function.Anyway, matched The centralized mediator of multiple and different entity services is set to relative to the wherein their own verification method of each entity management Distributed embodiments have multiple benefits.For example, centralized mediator is more convenient for a user, because they only need Instruct a verifying system.The centralization mediator is more square for financial institution, service provider and/or Right Structure Just, because they do not need maintenance verifying system at all.Can also implement hybrid verification method, wherein user by bank card, Chip card or the strong authentication of other forms verify themselves to financial institution.As this verify for the first time as a result, financial machine Structure can create user account and agree to that centralized mediator is verified about single transaction.
Reference paper
The open WO2004/019223 of 1.PCT application
2. the U.S. Patent Application Serial Number 13/452,229 being jointly owned.
The content of reference paper is incorporated herein by reference.

Claims (25)

1. a kind of data processing system (1-100,1-300,3-100,1-620, MT), comprising:
Storage system (3-150) stores program code instruction (3-160) and data (3-180);
Processing system (3-110), including at least one processing unit (CP1 ... CPn), wherein the processing system executes institute It states at least part of program code instruction and handles the data;
Wherein, the storage system includes at least one the verifying element that can be performed by the processing system, wherein described At least one verifying element indicates the processing system:
Execute at least one introduction stage (5-22 ... 5-40) relevant at least one user (1-600), wherein in institute It states at least one introduction stage, the verifying for collecting at least two classifications in following at least three classification for the user is believed Breath:
First category (6-20), about the measurable physical features of the user, the measurable physical features of the user are at least Image data including executing the image of at least one physical gesture for user;
Second category, about the communication resource (7-60) provided by mobile device associated with the user;And
Third classification (6-20,7-60), the knowledge possessed about the user (1-612),
At least one Qualify Phase (7-10 ... 7-44) relevant at least one described user is executed, wherein that collects tests At least two classification for demonstrate,proving information includes at least the first category,
Wherein, at least one described Qualify Phase, at least part of collected verification information is used to form at least one A challenge (7-10 ... 7-24;7-62) to be presented to the user, wherein being formed by least one challenge includes from institute Second category and the verification information from least one of other two classification are stated, at least one is formed by wherein described and chooses War includes the address generated at random as the verification information from the second category, and the address generated at random must be used It responds to become correctly response in sending at least one,
Wherein, at least one response (7-30 for being formed by challenge;It 7-64) is received from the user, and extremely Be at least partly based on collected verification information it is at least part of compared with (7-44,7-66) determine the response received Correctness,
Wherein, at least one correctness index of at least one response computation received from the user;And
Wherein, if at least one calculated correctness index meets or is more than first threshold, the user's checking is logical It crosses.
2. data processing system according to claim 1, wherein the user (1-600) is that identity is waited for by the data The identifying object of processing system (1-300,3-100) verifying.
3. data processing system according to claim 1 or 2, wherein at least one described verifying element is partly more The accessible server of a user (1-300,3-100) and associated with the user to be verified at least one is logical Implement on letter terminal (1-620, MT).
4. data processing system according to claim 1 or 2, wherein it is described at least one verifying element with wait be tested Operation in the associated communication terminal of the user (1-620, MT) of card.
5. data processing system according to claim 1 or 2, wherein the user with have at least one network address Communication terminal (1-620, MT) it is associated.
6. data processing system according to claim 1 or 2, wherein the processing system includes that can be led to by multiple users Cross respective communication terminal (1-620, MT) access at least one server (1-300,3-100), and it is described at least one Verifying element operates at least one described server.
7. data processing system according to claim 1 or 2, wherein identity of the first threshold based on the user The value and/or characteristic of transaction to be verified.
8. data processing system according to claim 1 or 2, wherein the first threshold is previous based on the user's History.
9. data processing system according to claim 1 or 2, wherein at least one described verifying element indicates the place Reason system:
The stage is instructed at least one, the verifying letter of three classifications at least three classification is collected for the user Breath;And
In at least one Qualify Phase, the verification information of three classifications at least three classifications being collected into is used.
10. data processing system according to claim 9, wherein make a reservation for if the value and/or characteristic of transaction meet one group Standard, then at least one described verifying element indicates that the processing system is collected and used at least three classification at least The verification information of three classifications.
11. data processing system according to claim 1 or 2, wherein at least one described verifying element indicates the place Reason system randomly chooses at least one classification or the verification information at least Qualify Phase classification ready for use.
12. data processing system according to claim 1 or 2, wherein the verifying message of the first category includes physiology At least one of information and sound characteristic.
13. data processing system according to claim 12, wherein the physiologic information include by with user's phase At least image data of associated communication terminal capture.
14. data processing system according to claim 13, wherein the sound characteristic include by with user's phase At least one SoundRec of associated communication terminal capture.
15. data processing system according to claim 12, wherein the physiologic information include in following feature extremely A few associated image data:
The face of user;
The iris of user;
At least one fingerprint of user.
16. data processing system according to claim 12, wherein at least one described verifying element is configured as:
Collect multiple data sets of the physiologic information of described image data;
Randomly choose at least one of the multiple data set;
The image data corresponding at least one selected data set that challenge user makes it through capture responds.
17. data processing system according to claim 1 or 2, wherein the verification information of the second category includes as follows At least one of information:
At least one cellular network address;
Use multiple and different communication channels of at least one cellular network address;
At least one e-mail address;And
At least one social networks address.
18. data processing system according to claim 17, wherein the verification information of the second category includes multiple numbers According to collection, wherein at least one described verifying element is configured as randomly choosing at least one of the multiple data set.
19. data processing system according to claim 1 or 2, wherein the verification information of the third classification includes as follows At least one of information:
Usemame/password/PIN code;
Real problems/answer;
The position of user;And
Timing information.
20. data processing system according to claim 1 or 2, wherein the verification information of the third classification includes multiple Data set, and at least one described verifying element is configured as randomly choosing at least one of the multiple data set.
21. data processing system according to claim 1 or 2, wherein the verifying of the user identity is only for specifically Point and/or time are effective.
22. data processing system according to claim 1 or 2, wherein at least one described verifying element indicates the place Reason system:
At least one instruct stage, at least one verification information is associated with the instruction of emergency;And
It is urgent to detecting and notifying the emergency at least one right authority at least one Qualify Phase The instruction of situation responds.
23. data processing system according to claim 1 or 2, wherein the verification information of the third classification includes passing through The rhythm of one or more action sensors capture of communication terminal associated with the user.
24. a kind of data processing method, comprising:
Program code instruction and data are stored in storage system;
Execute said program code instruction at least part, and by include at least one processing unit processing system come Handle at least part in the data;
Wherein, described to execute instruction the processing system:
Execute at least one introduction stage relevant at least one user, wherein at least one described introduction stage, The verification information of at least two classifications in following at least three classification is collected for the user:
First category, about the measurable physical features of the user, the measurable physical features of the user, which include at least, to be used The image data of the image of at least one physical gesture is executed in user;
Second category, about the communication resource provided by mobile device associated with the user;And
Third classification, about the knowledge that the user possesses,
Execute relevant at least one described user at least one Qualify Phase, wherein the verification information collected it is described extremely Few two classifications include at least the first category,
Wherein, at least one described Qualify Phase, at least part of collected verification information is used to form at least one A challenge is to be presented to the user, wherein being formed by least one challenge includes from the second category and from it Remaining the verification information of at least one of two classifications, to be formed by least one challenge include as from described wherein described The address of the verification information of second category generated at random, the address generated at random are necessarily used for sending at least one response To become correctly response,
Wherein, be received at least one response for being formed by challenge from the user, and be at least partially based on At least part of comparison of collected verification information determines the correctness of the response received,
Wherein, at least one correctness index of at least one response computation received from the user;And
Wherein, if at least one calculated correctness index meets or is more than first threshold, the user's checking is logical It crosses.
25. a kind of non-transient memorizer device, including program code instruction and data, wherein executing said program code instruction At least part simultaneously indicates institute by least part that the processing system including at least one processing unit handles the data State processing system:
Execute at least one introduction stage relevant at least one user, wherein at least one described introduction stage, The verification information of at least two classifications in following at least three classification is collected for the user:
First category, about the measurable physical features of the user, the measurable physical features of the user, which include at least, to be used The image data of the image of at least one physical gesture is executed in user;
Second category, about the communication resource provided by mobile device associated with the user;And
Third classification, about the knowledge that the user possesses,
Execute relevant at least one described user at least one Qualify Phase, wherein the verification information collected it is described extremely Few two classifications include at least the first category,
Wherein, at least one described Qualify Phase, at least part of collected verification information is used to form at least one A challenge is to be presented to the user, wherein being formed by least one challenge includes from the second category and from it Remaining the verification information of at least one of two classifications, to be formed by least one challenge include as from described wherein described The address of the verification information of second category generated at random, the address generated at random are necessarily used for sending at least one response To become correctly response,
Wherein, be received at least one response for being formed by challenge from the user, and be at least partially based on At least part of comparison of collected verification information determines the correctness of the response received,
Wherein, at least one correctness index of at least one response computation received from the user;And
Wherein, if at least one calculated correctness index meets or is more than first threshold, the user's checking is logical It crosses.
CN201480025044.8A 2013-03-13 2014-03-13 Multi-factor authentication technology Active CN105264817B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/800,641 US9578022B2 (en) 2001-08-21 2013-03-13 Multi-factor authentication techniques
US13/800,641 2013-03-13
PCT/FI2014/050184 WO2014140426A1 (en) 2013-03-13 2014-03-13 Multi-factor authentication techniques

Publications (2)

Publication Number Publication Date
CN105264817A CN105264817A (en) 2016-01-20
CN105264817B true CN105264817B (en) 2019-06-04

Family

ID=51535039

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480025044.8A Active CN105264817B (en) 2013-03-13 2014-03-13 Multi-factor authentication technology

Country Status (2)

Country Link
CN (1) CN105264817B (en)
WO (1) WO2014140426A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3455766A4 (en) 2016-05-10 2019-11-27 National ICT Australia Limited Authenticating a user
WO2018149497A1 (en) * 2017-02-16 2018-08-23 Huawei Technologies Co., Ltd. System and method for authentication of a user
CN108932646B (en) * 2017-05-26 2021-04-13 中移(杭州)信息技术有限公司 User tag verification method and device based on operator and electronic equipment
CN107808460A (en) * 2017-09-19 2018-03-16 深圳市橙子兄弟信息科技有限公司 Coin-feed machine and accounting data processing system
CN111062727A (en) * 2019-12-29 2020-04-24 黄策 Extended biometric verification

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012131899A1 (en) * 2011-03-29 2012-10-04 富士通フロンテック株式会社 Biometric authentication apparatus, biometric authentication system, and biometric authentication method

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7552467B2 (en) * 2006-04-24 2009-06-23 Jeffrey Dean Lindsay Security systems for protecting an asset
EP2053531B1 (en) * 2007-10-25 2014-07-30 BlackBerry Limited Authentication certificate management for access to a wireless communication device
US8189878B2 (en) * 2007-11-07 2012-05-29 Verizon Patent And Licensing Inc. Multifactor multimedia biometric authentication
GB2457491A (en) * 2008-02-15 2009-08-19 Listertalent Ltd Identifying a remote network user having a password
US8516562B2 (en) * 2008-05-13 2013-08-20 Veritrix, Inc. Multi-channel multi-factor authentication
US8782404B2 (en) * 2010-09-07 2014-07-15 Nicholas L. Lamb System and method of providing trusted, secure, and verifiable operating environment
US20120310743A1 (en) * 2011-01-04 2012-12-06 Rajul Johri Using mobile devices to make secure and reliable payments for store or online purchases
US9659164B2 (en) * 2011-08-02 2017-05-23 Qualcomm Incorporated Method and apparatus for using a multi-factor password or a dynamic password for enhanced security on a device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012131899A1 (en) * 2011-03-29 2012-10-04 富士通フロンテック株式会社 Biometric authentication apparatus, biometric authentication system, and biometric authentication method

Also Published As

Publication number Publication date
CN105264817A (en) 2016-01-20
WO2014140426A1 (en) 2014-09-18

Similar Documents

Publication Publication Date Title
US11832099B2 (en) System and method of notifying mobile devices to complete transactions
JP7391860B2 (en) Extending secure key storage for transaction confirmation and cryptocurrencies
US9864987B2 (en) Account provisioning authentication
US11206258B2 (en) Identity confirmation during authentication requests using nearby mobile computing devices
US9578022B2 (en) Multi-factor authentication techniques
US8572701B2 (en) Authenticating via mobile device
US8407112B2 (en) Transaction authorisation system and method
US20240267230A1 (en) Verification and encryption scheme in data storage
US20090172402A1 (en) Multi-factor authentication and certification system for electronic transactions
JP2021510978A (en) Systems and methods for binding verifiable claims
US20130282589A1 (en) Multi-factor mobile transaction authentication
CN106575401A (en) System and method for performing authentication using data analytics
CN107735999A (en) The certification for passing through multiple approach based on functions of the equipments and user's request
CN106664208A (en) System and method for establishing trust using secure transmission protocols
CN106575326A (en) System and method for implementing a one-time-password using asymmetric cryptography
US10489565B2 (en) Compromise alert and reissuance
CN106416189A (en) Systems, apparatus and methods for improved authentication
JP2009510644A (en) Method and configuration for secure authentication
CN105264817B (en) Multi-factor authentication technology
CN108122108A (en) Mobile device authentication system and mobile equipment authentication method
CN101425901A (en) Control method and device for customer identity verification in processing terminals
Xu et al. A secure mobile payment framework based on face authentication
CN108964921A (en) Verification System, authentication method and service server
KR100563544B1 (en) Method for authenticating a user with one-time password
Guma Development of a secure multi-factor authentication algorithm for mobile money applications

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant