Nothing Special   »   [go: up one dir, main page]

CN112200530B - Distributed collaborative authentication design method based on trusted exhibition industry equipment - Google Patents

Distributed collaborative authentication design method based on trusted exhibition industry equipment Download PDF

Info

Publication number
CN112200530B
CN112200530B CN202010947712.XA CN202010947712A CN112200530B CN 112200530 B CN112200530 B CN 112200530B CN 202010947712 A CN202010947712 A CN 202010947712A CN 112200530 B CN112200530 B CN 112200530B
Authority
CN
China
Prior art keywords
trusted
equipment
merchant
exhibition
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010947712.XA
Other languages
Chinese (zh)
Other versions
CN112200530A (en
Inventor
吕方
李彦迎
张国旗
张琪嵘
许云龙
梁璐
卫聪聪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sunjesoft Inc
Original Assignee
Sunjesoft Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sunjesoft Inc filed Critical Sunjesoft Inc
Priority to CN202010947712.XA priority Critical patent/CN112200530B/en
Publication of CN112200530A publication Critical patent/CN112200530A/en
Application granted granted Critical
Publication of CN112200530B publication Critical patent/CN112200530B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/14Systems for two-way working
    • H04N7/141Systems for two-way working between two video terminals, e.g. videophone
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Human Resources & Organizations (AREA)
  • Signal Processing (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Health & Medical Sciences (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • General Health & Medical Sciences (AREA)
  • Power Engineering (AREA)
  • Biomedical Technology (AREA)
  • Finance (AREA)
  • Multimedia (AREA)
  • Data Mining & Analysis (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a distributed collaborative authentication design method based on trusted exhibition equipment, which comprises the following steps: the intelligent terminal and the trusted exhibition industry equipment are utilized to cooperatively carry out multiple identity verification and merchant information verification, customer service personnel are provided with end-to-end double-record visual service for users through a video agent, and the cooperative verification capability provided by the trusted exhibition industry equipment comprises: the method comprises the steps of key blank issuing, key updating, certificate reading, bank card reading, encryption/decryption, signature/verification, a password keyboard and terminal position information, and performing extremely-fast authorization, extremely-fast part feeding and extremely-fast inspection by adopting a distributed collaborative authentication design of trusted exhibition equipment. The invention solves the problems that the existing order receiving mechanism only manages the commercial tenant offline, and has low efficiency, high cost and nonstandard flow.

Description

Distributed collaborative authentication design method based on trusted exhibition industry equipment
Technical Field
The invention relates to the field of financial security, in particular to a distributed collaborative authentication design method based on trusted exhibition industry equipment.
Background
The current acquiring mechanism is in an offline mode for special merchant equipment management, off-line credit card of financial institutions and credit canvasing, and has the problems of low efficiency, high cost and nonstandard flow. The problem that the bill receiving mechanism has high difficulty in managing the equipment of the merchant and flows in the form, and the like, and the false merchant and the illegal use of the bill receiving equipment are caused to be outstanding, the risk of the black ash industry involved in the bill receiving service is increased, the health and sustainable development of the bill receiving service are not favorable, and the requirement of the latest supervision cannot be met. The defects of the prior art scheme are as follows:
1. The order receiving equipment applies that the traditional mode order receiving mechanism adopts an offline mode for the management of merchants, users need to go to a fixed network point to queue for business handling in business hours, the cost is high, long-time queuing is probably needed, and the user satisfaction is low. And due to the factors of supervision and approval, the cost of the bank for opening the website is high.
2. The order receiving equipment is used for inspection, in the current technical mode, the order receiving mechanism passes through an on-line mode on the equipment of the commercial tenant, the cost is high, the efficiency is low, and the pushing resistance of relevant supervision policies is increased.
3. The information of the order receiving equipment is changed, the information of the merchant equipment is changed or the equipment is replaced, and the conditions all need to go to off-line flow, the flow is complex, the input cost is high and the efficiency is low.
4. The order receiving device key management is performed by writing a device key into the order receiving device in a fixed place and managing the order receiving device in an offline mode after the key is changed. Low efficiency and high time cost. The prior art has the defects of off-line mode, manual auditing and fixed location, and based on single equipment limitation, the technical requirement of on-line associated authentication of merchants and equipment is not met.
Disclosure of Invention
Therefore, the invention provides a distributed collaborative authentication design method based on trusted exhibition equipment, which aims to solve the problems that the existing order receiving organization only manages merchants offline, and has low efficiency, high cost and nonstandard flow.
In order to achieve the above object, the present invention provides the following technical solutions:
The invention discloses a distributed collaborative authentication design method based on trusted exhibition equipment, which comprises the following steps:
And the close-range data transmission is carried out by adopting a Bluetooth transmission protocol between the order receiving device of the trusted exhibition industry device and the intelligent terminal, wherein the intelligent terminal comprises: the mobile phone and Pad utilize the intelligent terminal to assist in multiple identity verification and merchant information verification, customer service personnel provide end-to-end double-record visual service for users through video agents, and the collaborative verification capability provided by the trusted exhibition industry equipment comprises: the method comprises the steps of key blank issuing, key updating, certificate reading, bank card reading, encryption/decryption, signature/verification, a password keyboard and terminal position information, and performing extremely-fast authorization, extremely-fast part feeding and extremely-fast inspection by adopting a distributed collaborative authentication design of trusted exhibition equipment.
Further, the trusted exhibition industry equipment can read identity card information through NFC near field communication, fingerprint identification codes are acquired through the fingerprint module, each trusted exhibition industry equipment is provided with a unique tamper-proof equipment code, and accurate positioning of the trusted exhibition industry equipment is acquired based on LBS mobile location service.
Further, the intelligent terminal verifies the identity of the merchant, and the hardware environment is verified by adopting a video agent technology and an eID electronic identity identification technology based on a common execution environment REE, a trusted execution environment TEE and a secure element environment SE of the mobile phone.
Further, the video agent enables customer service personnel to provide end-to-end double-record visual service for users, through a remote video technology, the customer service personnel can receive video call connection initiated by a user end in a business handling process through an end-side application program, so that end-to-end double-record service is provided for the users remotely, meanwhile, online identity verification, business information confirmation, real-time online verification, remote verification and other business handling related services can be performed on the users, eID personnel certification integrated application service provides eID Internet real-name authentication, eID/cloud decoding, network identity certificate generation, bank card identification and business license two-dimensional code identification basic functions.
Further, the process of the fast-forward part is as follows:
s1, customer service personnel enter a business entry page, connection is established between an intelligent terminal and trusted exhibition industry equipment through Bluetooth, and the intelligent terminal is provided with an exhibition industry applet;
s2, the trusted exhibition industry equipment reads identity card information of a merchant legal person and an authorized person through NFC, sends the information to an exhibition industry applet through Bluetooth, and initiates network identity verification through application service to carry out identity verification after face living body identification;
S3, inputting basic information of the merchant through the intelligent terminal, reading business license information, supporting filling of other basic information of the merchant, and verifying whether the legal information of the merchant is consistent with the current transacted license information at the application server;
s4, after verification is passed, the exhibition industry applet reads the equipment code and the current coordinate address of the trusted exhibition industry equipment through Bluetooth, and the equipment code and the current coordinate address are stored in an application server;
s5, the exhibition industry applet transmits the business data to a background server for auditing, and the auditing is notified by pushing information at the exhibition industry;
S6, the merchant applies for and acquires the key from the application server through the trusted exhibition facility, and the key is written in the trusted exhibition facility.
Further, the merchant basic information in S3 includes: common contact names, common contact mobile phone numbers and common mailboxes, and other merchant basic information filled in comprises: merchant name, merchant abbreviation, contact phone, merchant address, company website, business category, business profile, province, city, legal name, legal identification number, authorizer name, authorization identification number.
Further, the extremely fast inspection flow is as follows:
a1, entering a merchant self-help inspection page through a merchant canvasing applet, wherein the intelligent terminal is connected with trusted exhibition equipment through Bluetooth;
A2, the merchant applet end sends a GPS acquisition instruction, and the trusted exhibition industry equipment end returns GPS longitude and latitude information;
a3, the small program end of the merchant initiates inspection parameters to check the inspection parameters to the background server, the background server checks the inspection parameters, if the instruction is not resent to acquire GPS longitude and latitude information, if the instruction is successful to inquire the latest payment running water of the equipment to the order receiving platform, the order receiving platform returns an inquiry result, and if the payment operation of the merchant does not exist, the inspection is restarted;
A4, initiating a certificate reading instruction by the merchant exhibition applet, reading the identity card information by the trusted exhibition equipment, feeding back to the merchant applet end, calling an identity verification page by the merchant applet end, carrying out live experience verification and sending network identity verification;
A5, pulling up the video seat, pushing a self-service inspection page, and reconfirming by an online teller and a merchant;
A6, the merchant canvasing applet initiates a signature instruction, an operator at the trusted exhibition industry equipment end performs signature confirmation, the merchant applet receives signature information, the background stores the signature information, the remote video end obtains the operator signature information, the remote video end sends a notice of successful inspection storage, and the application server end stores an inspection record.
Further, the trusted exhibition industry equipment end in the A2 is provided with a built-in positioning module, and the current position information is obtained through the positioning module in the trusted exhibition industry equipment and fed back to the merchant exhibition industry applet.
Further, the living experience certificate in the A4 comprises face recognition verification, fingerprint recognition verification and pupil recognition verification.
Further, after the intelligent terminal and the order receiving equipment are successfully authenticated in a distributed cooperation manner, the intelligent terminal and the order receiving equipment perform remote key blank issuing, equipment updating and equipment locking functions through a background service, the equipment communicates with the background service through a remote communication channel, remote key blank issuing is performed, equipment information and a corresponding trusted exhibition equipment key are stored in an encryption machine, and a background server is directly connected with the encryption machine to complete key generation and issuing.
The invention has the following advantages:
The invention discloses a distributed collaborative authentication design method based on trusted exhibition equipment, which effectively optimizes the auditing flow of a receipt business, and carries out on-line and off-line integrated, digital and intelligent transformation on a pure on-line and off-line management flow and a paper file interaction and manual management flow through the on-line distributed collaborative authentication design method, thereby greatly saving the auditing time of special merchants and improving the transaction efficiency;
according to the invention, equipment safety elements (equipment codes, equipment address positions, fingerprint feature codes and the like) are acquired through a trusted exhibition industry equipment side, data exchange communication is carried out through a near-field communication technology and a mobile terminal APP, and the data exchange communication is sent to a background for automatic recording, so that the problem that the authentication and verification of special merchants can only be completed through paper file exchange in a traditional offline mode through APP remote video capability is solved;
The invention realizes the flow of remote on-line equipment inspection, avoids the problem of non-uniform and nonstandard flow inspection of off-line equipment, improves inspection efficiency, meets the requirement of supervision, and saves the operation cost of an acquirer;
The invention discloses a distributed collaborative authentication method, which is characterized in that an NFC (near field communication) identity card of trusted exhibition industry equipment is used for reading an identity card, a fingerprint identification code and related equipment information are collected, and the remote inspection authentication of equipment and merchants is carried out in cooperation with the remote audio and video capability of a mobile phone APP;
the invention is based on a trusted exhibition industry device TSM security management architecture, and combines a distributed collaborative authentication method to realize functions of key blank issue, key update, device locking and the like under risk control;
After the authentication of the equipment and the merchant is successful through the distributed collaboration, the remote key issuing, equipment updating and equipment locking functions are performed through the background service. The device communicates with the background service through a remote communication channel to perform remote key blank transmission. The background server is directly connected with the encryption machine to complete key generation and issuing;
the invention can rapidly complete the identity authentication, the authorization, the business part feeding and the business inspection of the business based on the video agent technology and the eID network identity authentication technology.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below. It will be apparent to those skilled in the art from this disclosure that the drawings described below are merely exemplary and that other embodiments may be derived from the drawings provided without undue effort.
The structures, proportions, sizes, etc. shown in the present specification are shown only for the purposes of illustration and description, and are not intended to limit the scope of the invention, which is defined by the claims, so that any structural modifications, changes in proportions, or adjustments of sizes, which do not affect the efficacy or the achievement of the present invention, should fall within the ambit of the technical disclosure.
Fig. 1 is a collaborative authentication data flow chart of a distributed collaborative authentication design method based on trusted display industry equipment according to an embodiment of the present invention;
FIG. 2 is a signaling diagram of a business process of a distributed collaborative authentication design method based on trusted display industry equipment according to an embodiment of the present invention;
FIG. 3 is a signaling diagram of a business inspection flow of a distributed collaborative authentication design method based on trusted display industry equipment according to an embodiment of the present invention;
Detailed Description
Other advantages and advantages of the present invention will become apparent to those skilled in the art from the following detailed description, which, by way of illustration, is to be read in connection with certain specific embodiments, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples
The invention discloses a distributed collaborative authentication design method based on trusted exhibition equipment, which comprises the following steps:
The acquisition equipment of the trusted exhibition industry equipment and the intelligent terminal are used for carrying out close-range data transmission by adopting a Bluetooth transmission protocol, the intelligent terminal is used for assisting in carrying out multiple identity verification and checking of merchant information, customer service personnel are provided with end-to-end double-record visual service through a video agent, and the collaborative verification capability provided by the trusted exhibition industry equipment comprises the following steps: the method comprises the steps of key blank issuing, key updating, certificate reading, bank card reading, encryption/decryption, signature/verification, a password keyboard and terminal position information, and performing extremely-fast authorization, extremely-fast part feeding and extremely-fast inspection by adopting a distributed collaborative authentication design of trusted exhibition equipment.
The trusted exhibition industry equipment can read identity card information through NFC near field communication, fingerprint identification codes are acquired by utilizing the fingerprint module, each trusted exhibition industry equipment is provided with a unique tamper-proof equipment code, and accurate positioning of the trusted exhibition industry equipment is acquired based on LBS mobile location service. The intelligent terminal verifies the identity of the merchant, and based on the common execution environment REE, the trusted execution environment TEE and the secure element environment SE of the mobile phone, the hardware environment performs identity verification by adopting a video agent technology and an eID electronic identity identification technology.
The risk prevention and control capability of the order-receiving service is improved, the identity verification strength of network clients is improved through a sound network identity authentication system, continuous consistency verification of special merchants, responsible persons, accounts, terminals, addresses and the like is realized, and the digital service management and risk monitoring capability is effectively enhanced
The video seat enables customer service personnel to provide end-to-end double-record visual service for users, through a remote video technology, the customer service personnel can receive video call connection initiated by a user end in a business handling process through an end-side application program, thereby providing end-to-end double-record service for users remotely, and simultaneously performing online identity verification, business information confirmation, real-time online verification, remote verification and other business handling related services with the users, wherein the eID personnel integrated application service provides eID Internet real-name authentication, eID/cloud decoding, network identity credential generation, bank card identification and business license two-dimensional code identification basic functions. The eID is mainly used for solving the online identity recognition problem under privacy protection, is not clear text identity information, but cipher information carried on a bank card safety intelligent chip, and is used for future online identity recognition, a user only needs to insert the bank card carrying the eID into a universal intelligent card reader and input a cipher or is close to the back of a mobile phone with NFC near field communication function, and a website can judge the authenticity and the effectiveness of the eID on line in the background, but does not grasp the identity information of an eID holder and does not need to store the identity information of the user.
The business environment of the optimal combined rule bill collection mechanism is expanded, the traditional business management flow is mainly dependent on off-line paper business acceptance through widening financial service channels, and is innovated into an on-line and off-line integrated business development system, an automatic and intelligent business processing center is explored and constructed according to bill collection business datamation and based on large-digital multi-channel identity verification and business risk evaluation models, the bill collection service operation efficiency and operation cost are improved through a light financial service mode, the market competitiveness of payment products of the combined rule bill collection mechanism is enhanced, the continuous down regulation of bill collection price is partially offset, and the direct profit level of the bill collection mechanism is greatly reduced. The payment order-receiving service supply capability is improved, the order-receiving mechanism production capability is effectively released through cost reduction and efficiency improvement, the service supply capability of the middle and small micro-merchants, particularly the service supply capability of the small micro-merchants, the availability of regular payment products of the small micro-merchants is improved, and the payment business and fund security of the small micro-merchants are improved. The financial customer service experience can be improved, the original lengthy receipt service waiting time is effectively shortened, the quick exhibition mode of on-site acceptance, on-site opening and immediate use is gradually realized, services such as full-day online remote video handling about merchant reservation, pre-handling, pre-approval and the like can be provided, and the online and offline integrated service extreme experience of multiple channels is constructed.
The process of the fast feeding part comprises the following steps:
s1, customer service personnel enter a business entry page, connection is established between an intelligent terminal and trusted exhibition industry equipment through Bluetooth, and the intelligent terminal is provided with an exhibition industry applet;
s2, the trusted exhibition industry equipment reads identity card information of a merchant legal person and an authorized person through NFC, sends the information to an exhibition industry applet through Bluetooth, and initiates network identity verification through application service to carry out identity verification after face living body identification;
S3, inputting basic information of the merchant through the intelligent terminal, reading business license information, supporting filling of other basic information of the merchant, and verifying whether the legal information of the merchant is consistent with the current transacted license information at the application server;
s4, after verification is passed, the exhibition industry applet reads the equipment code and the current coordinate address of the trusted exhibition industry equipment through Bluetooth, and the equipment code and the current coordinate address are stored in an application server;
s5, the exhibition industry applet transmits the business data to a background server for auditing, and the auditing is notified by pushing information at the exhibition industry;
S6, the merchant applies for and acquires the key from the application server through the trusted exhibition facility, and the key is written in the trusted exhibition facility.
The specific merchant part feeding process is that canvasing small programs of the intelligent terminal enter a merchant part feeding page, the intelligent terminal is connected with trusted exhibition industry equipment through Bluetooth, and the trusted exhibition industry equipment reads identity card information of a merchant legal person and an authorized person through NFC by contacting with the identity card. And transmits the relevant information to the showcase applet via bluetooth. The method comprises the steps that a camera of an intelligent terminal is used for carrying out living body face recognition, network identity verification is initiated at an application server after recognition is completed, an identity verification platform is used for carrying out identity verification, a verification result is fed back to the application server, a development applet judges whether the identity verification is passed or not, a common contact name, a common contact mobile phone number and a common mailbox of a merchant are input after the identity verification is passed, and OCR optical character recognition is carried out; if the user does not pass, the user reenters the merchant package page and re-verifies the user.
OCR optical character recognition reads business license information and supports the supplement of other merchant names, merchant short names, contact phones, merchant addresses, company websites, business categories, business profiles, provinces, cities, regions, legal names, legal identification numbers, authorizer names and authorized identification numbers. Verifying whether the legal person is matched with the current customer identity or not in a network identity verification platform, and feeding a verification result back to the exhibition industry applet; and if the verification is not passed, re-entering the merchant feed page for re-verification, and if the verification is passed, applying for reading the equipment codes of the trusted display equipment. The unique device code and the current coordinate address are acquired from the trusted display industry device through Bluetooth, and canvasing small programs are submitted to an application server after being combined with other information, and the information of the package is saved.
Canvasing applet transmits merchant data to a mobile phone counter for remote video acceptance, pulls up a video seat to enter an online counter business handling process, confirms application willingness, initiates application to a receipt platform for auditing after non-perception identity verification, the receipt system carries out auditing and feeds back auditing results, a background server records and displays auditing results, if auditing is not passed, the video seat checks auditing failure reasons, the merchant is fed back for modification and then submits model auditing again, and the receipt system is submitted again for auditing; and the audit of the order receiving system is passed, and the application server receives the audit result of the order receiving system and pushes the message to the exhibition industry applet.
The merchant applies for obtaining the key from the application server through the trusted exhibition industry equipment, the application server applies for the key from the order receiving platform, the application server feeds back the key to the application server after obtaining the key, the application server performs blank issuing to the trusted exhibition industry equipment, and the key is filled into the trusted exhibition industry equipment, so that the verification of the merchant in-package is completed. The distributed collaborative authentication method is realized, and the on-site remote inspection authentication of the equipment and the merchant is carried out by the NFC (near field communication) identification card of the trusted exhibition industry equipment, the acquisition of the fingerprint identification code and the related equipment information and the cooperation of the remote audio and video capability of the mobile phone APP.
The extremely fast inspection flow is as follows:
a1, entering a merchant self-help inspection page through a merchant canvasing applet, wherein the intelligent terminal is connected with trusted exhibition equipment through Bluetooth;
A2, the merchant applet end sends a GPS acquisition instruction, and the trusted exhibition industry equipment end returns GPS longitude and latitude information;
a3, the small program end of the merchant initiates inspection parameters to check the inspection parameters to the background server, the background server checks the inspection parameters, if the instruction is not resent to acquire GPS longitude and latitude information, if the instruction is successful to inquire the latest payment running water of the equipment to the order receiving platform, the order receiving platform returns an inquiry result, and if the payment operation of the merchant does not exist, the inspection is restarted;
A4, initiating a certificate reading instruction by the merchant exhibition applet, reading the identity card information by the trusted exhibition equipment, feeding back to the merchant applet end, calling an identity verification page by the merchant applet end, carrying out live experience verification and sending network identity verification;
A5, pulling up the video seat, pushing a self-service inspection page, and reconfirming by an online teller and a merchant;
A6, the merchant canvasing applet initiates a signature instruction, an operator at the trusted exhibition industry equipment end performs signature confirmation, the merchant applet receives signature information, the background stores the signature information, the remote video end obtains the operator signature information, the remote video end sends a notice of successful inspection storage, and the application server end stores an inspection record.
The specific flow of the merchant patrol is that a merchant exhibition applet is opened, a merchant self-help patrol functional page is entered, and the intelligent terminal is connected with the trusted exhibition device through Bluetooth. The exhibition industry applet sends an instruction to request to acquire GPS information, and the GPS longitude and latitude information is acquired through a positioning module in the trusted exhibition industry device and fed back to the exhibition industry applet. Initiating inspection parameter verification through an exhibition industry applet, verifying the inspection parameters at an application server, and entering a GPS information acquisition step again if the inspection is not passed; and if the verification is passed, inquiring the latest payment flow information of the device. Inquiring the latest payment running water of the trusted exhibition industry equipment through the order receiving platform, feeding back an inquiry result to an application server, judging whether the latest payment running water exists through canvasing small programs, and prompting card swiping payment if the latest payment running water does not exist; if so, sending a certificate reading instruction.
And reading the identity card information of the legal person or the authorized person by using the trusted exhibition industry equipment, feeding back to the merchant exhibition industry applet, then carrying out living face recognition, and initiating network identity verification through the application server after the living face recognition passes. Performing identity verification on a network identity verification platform, feeding back a verification result to the exhibition industry applet, judging whether the identity verification is passed or not, and if not, performing living face recognition again; and if the video passes, initiating remote video re-verification.
Remote video acceptance is carried out through the mobile phone counter, a self-service inspection page is pushed, and online teller and commercial tenant confirm again. Canvasing applet receives or checks self-help inspection page information, initiates a signature instruction, performs signature confirmation on an operator at a trusted display industry equipment end, receives signature information by a merchant canvasing applet, sends the signature information to an application server end to store the signature information, and a remote video end obtains the operator signature information. And the remote video end sends a notice of successful storage inspection, and the application server end stores an inspection record to finish inspection. The remote on-line equipment inspection flow is realized, the problem that the off-line equipment flow is not uniform and is not standard is avoided, the inspection efficiency is improved, the supervision requirement is met, and the operation cost of an acquirer is saved.
The embodiment discloses a distributed collaborative authentication design method based on trusted exhibition equipment, which effectively optimizes the auditing flow of receipt business, and carries out on-line and off-line integrated, digital and intelligent transformation on the purely on-line and off-line management flow of paper file interaction and manual management flow through the on-line distributed collaborative authentication design method, thereby greatly saving auditing time of special merchants and improving handling efficiency;
according to the invention, equipment safety elements (equipment codes, equipment address positions, fingerprint feature codes and the like) are acquired through a trusted exhibition industry equipment side, data exchange communication is carried out through a near-field communication technology and a mobile terminal APP, and the data exchange communication is sent to a background for automatic recording, so that the problem that the authentication and verification of special merchants can only be completed through paper file exchange in a traditional offline mode through APP remote video capability is solved;
The invention realizes the flow of remote on-line equipment inspection, avoids the problem of non-uniform and nonstandard flow inspection of off-line equipment, improves inspection efficiency, meets the requirement of supervision, and saves the operation cost of an acquirer;
The invention discloses a distributed collaborative authentication method, which is characterized in that an NFC (near field communication) identity card of trusted exhibition industry equipment is used for reading an identity card, a fingerprint identification code and related equipment information are collected, and the remote inspection authentication of equipment and merchants is carried out in cooperation with the remote audio and video capability of a mobile phone APP;
the invention is based on a trusted exhibition industry device TSM security management architecture, and combines a distributed collaborative authentication method to realize functions of key blank issue, key update, device locking and the like under risk control;
After the authentication of the equipment and the merchant is successful through the distributed collaboration, the remote key issuing, equipment updating and equipment locking functions are performed through the background service. The device communicates with the background service through a remote communication channel to perform remote key blank transmission. The background server is directly connected with the encryption machine to complete key generation and issuing;
the invention can rapidly complete the identity authentication, the authorization, the business part feeding and the business inspection of the business based on the video agent technology and the eID network identity authentication technology.
While the invention has been described in detail in the foregoing general description and specific examples, it will be apparent to those skilled in the art that modifications and improvements can be made thereto. Accordingly, such modifications or improvements may be made without departing from the spirit of the invention and are intended to be within the scope of the invention as claimed.

Claims (6)

1. The distributed collaborative authentication design method based on the trusted exhibition industry equipment is characterized by comprising the following steps of:
The method comprises the steps that short-distance data transmission is carried out by utilizing a receipt device of the trusted exhibition industry device and an intelligent terminal through a Bluetooth transmission protocol, multiple identity verification and merchant information verification are carried out cooperatively by utilizing the intelligent terminal and the trusted exhibition industry device, customer service personnel provide end-to-end double-record visual service for users through a video agent, and collaborative verification capability provided by the trusted exhibition industry device comprises the following steps: the method comprises the steps of key blank issuing, key updating, certificate reading, bank card reading, encryption/decryption, signature/verification, a password keyboard and terminal position information, and performing extremely-fast authorization, extremely-fast part feeding and extremely-fast inspection by adopting a distributed collaborative authentication design of trusted exhibition equipment;
the trusted exhibition industry equipment can read identity card information through NFC near field communication, fingerprint identification codes are acquired by utilizing a fingerprint module, each trusted exhibition industry equipment has unique untampered equipment codes, and accurate positioning of the trusted exhibition industry equipment is acquired based on LBS mobile location service;
the intelligent terminal verifies the identity of the commercial tenant, and based on a common execution environment REE, a trusted execution environment TEE and a secure element environment SE of the mobile phone, the hardware environment verifies the identity by adopting a video agent technology and an eID electronic identity identification technology;
The video agent enables customer service personnel to provide end-to-end double-record visual service for users, the customer service personnel receives video call connection initiated by a user end in the business handling process through an end-side application program by a remote video technology, so that end-to-end double-record service is provided for the users remotely, meanwhile, online identity verification, business information confirmation, real-time online verification and remote verification and business handling related service with the users are performed for the users, and eID personnel card integrated application service provides eID Internet real-name authentication, eID/cloud decoding, network identity credential generation, bank card identification and business license two-dimensional code identification basic functions;
The process of the fast feeding part comprises the following steps:
s1, customer service personnel enter a business entry page, connection is established between an intelligent terminal and trusted exhibition industry equipment through Bluetooth, and the intelligent terminal is provided with an exhibition industry applet;
s2, the trusted exhibition industry equipment reads identity card information of a merchant legal person and an authorized person through NFC, sends the information to an exhibition industry applet through Bluetooth, and initiates network identity verification through application service to carry out identity verification after face living body identification;
S3, inputting basic information of the merchant through the intelligent terminal, reading business license information, supporting filling of other basic information of the merchant, and verifying whether the legal information of the merchant is consistent with the current transacted license information at the application server;
s4, after verification is passed, the exhibition industry applet reads the equipment code and the current coordinate address of the trusted exhibition industry equipment through Bluetooth, and the equipment code and the current coordinate address are stored in an application server;
s5, the exhibition industry applet transmits the business data to a background server for auditing, and the auditing is notified by pushing information at the exhibition industry;
S6, the merchant applies for and acquires the key from the application server through the trusted exhibition facility, and the key is written in the trusted exhibition facility.
2. The distributed collaborative authentication design method based on trusted display industry equipment according to claim 1, wherein the merchant basic information in S3 comprises: common contact names, common contact mobile phone numbers and common mailboxes, and other merchant basic information filled in comprises: merchant name, merchant abbreviation, contact phone, merchant address, company website, business category, business profile, province, city, legal name, legal identification number, authorizer name, authorization identification number.
3. The distributed collaborative authentication design method based on trusted display industry equipment as set forth in claim 1, wherein the extremely fast inspection flow is:
a1, entering a merchant self-help inspection page through a merchant canvasing applet, wherein the intelligent terminal is connected with trusted exhibition equipment through Bluetooth;
A2, the merchant applet end sends a GPS acquisition instruction, and the trusted exhibition industry equipment end returns GPS longitude and latitude information;
a3, the small program end of the merchant initiates inspection parameters to check the inspection parameters to the background server, the background server checks the inspection parameters, if the instruction is not resent to acquire GPS longitude and latitude information, if the instruction is successful to inquire the latest payment running water of the equipment to the order receiving platform, the order receiving platform returns an inquiry result, and if the payment operation of the merchant does not exist, the inspection is restarted;
A4, initiating a certificate reading instruction by the merchant exhibition applet, reading the identity card information by the trusted exhibition equipment, feeding back to the merchant applet end, calling an identity verification page by the merchant applet end, carrying out live experience verification and sending network identity verification;
A5, pulling up the video seat, pushing a self-service inspection page, and reconfirming by an online teller and a merchant;
A6, the merchant canvasing applet initiates a signature instruction, an operator at the trusted exhibition industry equipment end performs signature confirmation, the merchant applet receives signature information, the background stores the signature information, the remote video end obtains the operator signature information, the remote video end sends a notice of successful inspection storage, and the application server end stores an inspection record.
4. The distributed collaborative authentication design method based on trusted display equipment as claimed in claim 3, wherein the trusted display equipment end in the A2 is provided with a built-in positioning module, and the current position information is acquired through the positioning module in the trusted display equipment and fed back to the merchant display applet.
5. The distributed collaborative authentication design method based on trusted display devices of claim 3, wherein the living experience in A4 includes face recognition verification, fingerprint recognition verification, pupil recognition verification.
6. The distributed collaborative authentication design method based on trusted display equipment as claimed in claim 1, wherein after the intelligent terminal and the acquiring equipment are successfully authenticated by the distributed collaborative authentication of the equipment and the merchant, the intelligent terminal performs remote key blank issuing, equipment updating and equipment locking functions through a background service, the equipment communicates with the background service through a remote communication channel to perform remote key blank issuing, wherein equipment information and a corresponding trusted display equipment key are stored in an encryption machine, and a background server is directly connected with the encryption machine to complete key generation and issuing.
CN202010947712.XA 2020-09-10 2020-09-10 Distributed collaborative authentication design method based on trusted exhibition industry equipment Active CN112200530B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010947712.XA CN112200530B (en) 2020-09-10 2020-09-10 Distributed collaborative authentication design method based on trusted exhibition industry equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010947712.XA CN112200530B (en) 2020-09-10 2020-09-10 Distributed collaborative authentication design method based on trusted exhibition industry equipment

Publications (2)

Publication Number Publication Date
CN112200530A CN112200530A (en) 2021-01-08
CN112200530B true CN112200530B (en) 2024-07-05

Family

ID=74015538

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010947712.XA Active CN112200530B (en) 2020-09-10 2020-09-10 Distributed collaborative authentication design method based on trusted exhibition industry equipment

Country Status (1)

Country Link
CN (1) CN112200530B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113536273A (en) * 2021-08-09 2021-10-22 北京国民安盾科技有限公司 Method and system for collaborative biometric identification between devices
CN115664689B (en) * 2022-07-07 2024-03-08 湖南汉马科技有限公司 Internet identity verification service system
CN118736720B (en) * 2024-09-04 2024-11-15 成都智安易智能设备有限公司 Multiple authentication method and system based on service library remote authorization

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104936128A (en) * 2014-12-08 2015-09-23 深圳市腾讯计算机系统有限公司 Off-line data transfer method, device and system
CN111585966A (en) * 2020-04-08 2020-08-25 北京科蓝软件系统股份有限公司 End, pipe and cloud integrated internet credible exhibition industry safety system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102329258B1 (en) * 2014-10-28 2021-11-19 삼성전자주식회사 Apparatus and method for payment using a secure module
WO2017084013A1 (en) * 2015-11-16 2017-05-26 华为技术有限公司 Transaction authentication method, device, mobile terminal, pos terminal and server
CN108512862B (en) * 2018-05-30 2023-12-05 博潮科技(北京)有限公司 Internet of things terminal security authentication management and control platform based on certificate-free identification authentication technology
CN109711133B (en) * 2018-12-26 2020-05-15 巽腾(广东)科技有限公司 Identity information authentication method and device and server

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104936128A (en) * 2014-12-08 2015-09-23 深圳市腾讯计算机系统有限公司 Off-line data transfer method, device and system
CN111585966A (en) * 2020-04-08 2020-08-25 北京科蓝软件系统股份有限公司 End, pipe and cloud integrated internet credible exhibition industry safety system

Also Published As

Publication number Publication date
CN112200530A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
US8938793B2 (en) System and method for secure management of transactions
US7757945B2 (en) Method for electronic payment
CN112200530B (en) Distributed collaborative authentication design method based on trusted exhibition industry equipment
US20120030108A1 (en) System and method for the remote identification and verification of a client's identity during the provision of financial services
US20180225659A1 (en) Information processing device and information processing method
US20080017702A1 (en) System and Method for Conducting Electronic Account Transactions
JP5405965B2 (en) Fund transfer system
CN111294398A (en) Method and device for carrying out digital currency payment based on service providing equipment and mobile terminal
KR20140125449A (en) Transaction processing system and method
US20110029428A1 (en) Mobile Remittance Network
CA2946426A1 (en) Systems and methods for onsite or remote dispensing of credit instruments
KR20170141930A (en) System for providing financial service and method for transfer thereof
CN113688362B (en) ID card information security processing method and device
KR101794831B1 (en) Electronic financial processing system using personal atm terminal and method for processing thereof
JP2009140352A (en) System and method for confirming service consumption
KR102140708B1 (en) Method and server for providing financial service
KR20120013047A (en) Method and system for providing the service
KR100977028B1 (en) Remittance system and remittance method
JP4714575B2 (en) Recipient identity authentication system and method in product delivery, computer program
KR20120132729A (en) Method of remittance proxy service using CMS and the remittance proxy system
KR20110007940A (en) Remittance system and remittance method
KR20090104215A (en) Gold trading method and system and program recording medium therefor
KR101740911B1 (en) System, apparatus and method for servicing loan based on code
AU2011101729A4 (en) Accessing information
KR20110078147A (en) Authentication method and system using text message for payment using payment card

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant