CN106161354A

CN106161354A - Service authentication method, device, equipment and service server

Info

Publication number: CN106161354A
Application number: CN201510150292.1A
Authority: CN
Inventors: 皮维
Original assignee: Alibaba Group Holding Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2015-03-31
Filing date: 2015-03-31
Publication date: 2016-11-23

Abstract

This application discloses service authentication method, device, equipment and service server, described method includes: when terminal unit is after service server sends the business request information of the ID comprising terminal use, service server returns the business of the facility information comprising the binding wearable device corresponding with ID and submits message to, when terminal unit detects and is connected with this binding wearable device, business is submitted to message be forwarded to bind wearable device, the service authentication message submitting to message encryption to generate business according to preset cipher mode is sent to terminal unit by binding wearable device, when terminal unit forwards this service authentication message to after service server, when being used preset cipher mode checking service authentication message correct by service server, by this service authentication.The wearable device that the embodiment of the present application employing and terminal unit have binding relationship carries out service authentication, therefore simplifies service authentication operating process, improves service authentication efficiency.

Description

Service authentication method, device, equipment and service server

Technical field

The application relates to network communication technology field, particularly relate to service authentication method, device, equipment and Service server.

Background technology

Along with the development of intelligent terminal and popularizing of network application, user can be each by install in terminal Planting applications client and realize miscellaneous service operation, such as, social class instant messaging service, shopping pays class Business etc..State in realization in business procedure, generally require and carry out service authentication, maltilevel security is i.e. set User identity is verified by verification mode, thus ensures the safety of business, and such as, maltilevel security is tested Card mode includes the combination of login password, the business verification multiple check mode such as password and note check code. But, owing to above-mentioned maltilevel security verification mode needs user to input multiple password, therefore cause business to be reflected Power process is loaded down with trivial details, and Consumer's Experience is poor.

Summary of the invention

The application provides service authentication method, device, equipment and service server, to solve existing business The problem that authentication process is loaded down with trivial details.

First aspect according to the embodiment of the present application, it is provided that a kind of service authentication method, is applied to terminal and sets Standby, described method includes:

Send business request information to service server, described business request information comprises terminal use and exists The ID of registration on described service server；

Receive described service server and submit message to according to the business that described business request information returns, described Business submits the facility information comprising the binding wearable device corresponding with described ID in message to；

Set when detecting that current and described binding is wearable according to the facility information of described binding wearable device During standby connection, described business submission message is forwarded to described binding wearable device；

Receiving the service authentication message that described binding wearable device returns, described service authentication message is institute State the message generated after described business is submitted to message encryption according to preset cipher mode by binding wearable device；

Described service authentication message is sent to described service server, so that described service server uses Described preset cipher mode is verified when described service authentication message is correct, by this service authentication.

Second aspect according to the embodiment of the present application, it is provided that another kind of service authentication method, is applied to business Server, described method includes:

The business request information that receiving terminal apparatus sends, comprises terminal use in described business request information The ID of registration on described service server；

Returning business according to described business request information to described terminal unit and submit message to, described business carries Hand over the facility information comprising the binding wearable device corresponding with described ID in message, so that described According to the facility information of described binding wearable device, terminal unit is determining that current and described binding is wearable When equipment connects, described business submission message is forwarded to described binding wearable device；

Receiving the service authentication message that described terminal unit sends, described service authentication message is described binding The message that wearable device generates after according to preset cipher mode to described business being submitted message encryption；

Use described preset cipher mode to verify when described service authentication message is correct, reflected by this business Power.

The third aspect according to the embodiment of the present application, it is provided that another kind of service authentication method, is applied to whole End equipment has the binding wearable device of binding relationship, and described method includes:

The business that receiving terminal apparatus forwards submits message to, and described business submits to message to be that service server connects After receiving business request information, the message returned to described terminal unit, described business request information is wrapped The ID registered on described service server containing terminal use, described business is submitted in message and is comprised The facility information of the described binding wearable device corresponding with described ID；

Message is submitted to be encrypted generation service authentication message described business according to preset cipher mode；

Described service authentication message is sent to described terminal unit, so that described terminal unit is by described industry Business authentication message sends to described service server, described service server use described preset encryption Mode is verified when described service authentication message is correct, by this service authentication.

Fourth aspect according to the embodiment of the present application, it is provided that a kind of service authentication device, is applied to terminal and sets Standby, described device includes:

Transmitting element, for sending business request information to service server, in described business request information Comprise the ID that terminal use registers on described service server；

Receive unit, for receiving the business that described service server returns according to described business request information Submitting message to, described business is submitted in message and is comprised the binding wearable device corresponding with described ID Facility information；

Detector unit, for according to the facility information of described binding wearable device detect the most whether with institute State binding wearable device to connect；

Described transmitting element, be additionally operable to detect be connected with described binding wearable device time, by described Business submits to message to be forwarded to described binding wearable device；

Described reception unit, is additionally operable to receive the service authentication message that described binding wearable device returns, Described service authentication message is that described business is submitted to by described binding wearable device according to preset cipher mode The message generated after message encryption；

Described transmitting element, is additionally operable to send described service authentication message extremely described service server, with Described service server is made to use described preset cipher mode to verify when described service authentication message is correct, logical Cross this service authentication.

The 5th aspect according to the embodiment of the present application, it is provided that another kind of service authentication device, is applied to business On server, described device includes:

Receive unit, the business request information sent for receiving terminal apparatus, described business request information In comprise the ID that terminal use registers on described service server；

Transmitting element, disappears for returning business submission according to described business request information to described terminal unit Breath, described business submits the equipment comprising the binding wearable device corresponding with described ID in message to Information so that described terminal unit according to the facility information of described binding wearable device determine current with When described binding wearable device connects, described binding is wearable to be set to submit to message to be forwarded to described business Standby；

Described reception unit, is additionally operable to receive the service authentication message that described terminal unit sends, described industry Business authentication message is that described business is submitted to message to add according to preset cipher mode by described binding wearable device The message generated after close；

Authentication unit, is used for using described preset cipher mode to verify when described service authentication message is correct, By this service authentication.

The 6th aspect according to the embodiment of the present application, it is provided that another kind of service authentication device, is applied to whole End equipment has the binding wearable device of binding relationship, and described device includes:

Receiving unit, the business forwarded for receiving terminal apparatus submits message to, and described business submits message to After receiving business request information for service server, the message returned to described terminal unit, described industry Business request message comprises the ID that terminal use registers on described service server, described business Submit the facility information comprising the described binding wearable device corresponding with described ID in message to；

Signal generating unit, for submitting to message to be encrypted generation industry described business according to preset cipher mode Business authentication message；

Transmitting element, for described service authentication message is sent to described terminal unit, so that described end Described service authentication message is sent to described service server by end equipment, described service server adopt When verifying that described service authentication message is correct with described preset cipher mode, by this service authentication.

The 7th aspect according to the embodiment of the present application, it is provided that a kind of terminal unit, including: processor；With In the memorizer storing described processor executable；

Wherein, described processor is configured to:

Eighth aspect according to the embodiment of the present application, it is provided that a kind of service server, including: processor； For storing the memorizer of described processor executable；

Wherein, described processor is configured to:

The 9th aspect according to the embodiment of the present application, it is provided that a kind of wearable device, described wearable device With terminal unit, there is binding relationship, including:

Processor；For storing the memorizer of described processor executable；

Wherein, described processor is configured to:

The wearable device that the embodiment of the present application employing and terminal unit have binding relationship carries out service authentication, Owing to during whole service authentication, terminal unit has only to transmit between wearable device and service server Authentication information, without terminal use on the terminal device perform input cipher type operation, therefore Simplify service authentication operation, improve service authentication efficiency, enhance terminal use in business operation mistake Consumer's Experience in journey.

It should be appreciated that it is only exemplary and explanatory that above general description and details hereinafter describe , the application can not be limited.

Accompanying drawing explanation

Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet this Shen Embodiment please, and for explaining the principle of the application together with description.

Fig. 1 is the application scenarios schematic diagram of the application service authentication embodiment；

Fig. 2 A is an embodiment flow chart of the application service authentication method；

Fig. 2 B is another embodiment flow chart of the application service authentication method；

Fig. 2 C is another embodiment flow chart of the application service authentication method；

Fig. 3 A is another embodiment flow chart of the application service authentication method；

Fig. 3 B is another embodiment flow chart of the application service authentication method；

Fig. 4 is a kind of hardware structure diagram of the application service authentication device place equipment；

Fig. 5 is an embodiment block diagram of the application service authentication device；

Fig. 6 is another embodiment block diagram of the application service authentication device；

Fig. 7 is another embodiment block diagram of the application service authentication device.

Detailed description of the invention

Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Following When description relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous Key element.Embodiment described in following exemplary embodiment does not represent the institute consistent with the application There is embodiment.On the contrary, they only with as appended claims describes in detail, the one of the application The example of the apparatus and method that a little aspects are consistent.

It is only merely for describing the purpose of specific embodiment at term used in this application, and is not intended to be limiting The application." a kind of ", " described " of singulative used in the application and appended claims " it is somebody's turn to do " be also intended to include most form, unless context clearly shows that other implications.Also should manage Solving, term "and/or" used herein refers to and comprises one or more project of listing being associated Any or all may combination.

Although should be appreciated that may use term first, second, third, etc. various to describe in the application Information, but these information should not necessarily be limited by these terms.These terms only be used for by same type of information that This distinguishes.Such as, in the case of without departing from the application scope, the first information can also be referred to as Two information, similarly, the second information can also be referred to as the first information.Depend on linguistic context, as in this institute Use word " if " can be construed to " and ... time " or " when ... time " or " response In determining ".

See Fig. 1, be the application scenarios schematic diagram of the application service authentication embodiment:

In Fig. 1, service server can be configured, by this industry by third party business platform operator Registration user can be provided miscellaneous service to apply by business server, in order to ensure the safety of service application, Before service application is provided, business can be carried out service authentication.Assume the terminal use shown in Fig. 1 For the registration user of service server, this terminal use holds terminal unit and wearable device simultaneously, wherein, Terminal unit can be connected with wearable device by short haul connection mode, such as bluetooth approach, simultaneously Terminal unit can be connected with service server by wired or wireless network.End in the embodiment of the present application End equipment can refer specifically to mobile phone, panel computer etc., certainly, is also not precluded within PC (Personal Computer, personal computer) on application；Wearable device can refer specifically to various BLE (Bluetooth Low Energy, low-power consumption bluetooth) equipment, such as, Intelligent bracelet, intelligent watch etc..

In traditional service authentication scene, terminal use is by entering between terminal unit and service server Row mutual finishing service authentication, often includes inputting log-in password, business password, short in interaction The troublesome operation such as letter check code, therefore service authentication process efficiency is the highest；Along with popularizing of wearable device, Increasing terminal use selects that wearable device carries out with terminal unit pairing and is connected, thus passes through Wearable device completes various additional function, for example, unlocking terminal equipment, the health of acquisition terminal user Data etc., therefore wearable device is applied to service authentication process by the embodiment of the present application.In Fig. 1, The binding relationship of the facility information of ID and wearable device can be pre-saved by service server, During service authentication, when wearable device is connected with terminal unit, terminal unit is by wearing The authentication information that equipment of wearing generates is transferred to service server, by service server according to the guarantor pre-saved Fixed binding relationship finishing service authentication.Owing to during whole service authentication, terminal unit has only to transmission Authentication information between wearable device and service server, without terminal use on the terminal device Perform the operation of input cipher type, therefore simplify service authentication operation, improve service authentication efficiency, Enhance terminal use's Consumer's Experience during business operation.Below in conjunction with accompanying drawing 1 to the application Embodiment is described in detail.

Seeing Fig. 2 A, be an embodiment flow chart of the application service authentication method, this embodiment is applied In terminal equipment side, comprise the following steps:

Step 201: send business request information to service server, comprise end in this business request information The ID that end subscriber is registered on service server.

Service authentication in the embodiment of the present application refers mainly to terminal use by the business installed on terminal unit Before APP (Application, application) has asked certain business operation, the safety to business operation Property carries out the process verified.Wherein, business operation refer mainly to service server to terminal use provide each Planting application function, such as, what Third-party payment server provided a user with carries out net purchase article paying behaviour Make payment function, or instant communication server provide a user with to the many matchmakers in network storage space Body file is downloaded the download function etc. of operation.

In order to complete miscellaneous service operation, terminal use can register business account in advance on service server Family, thus after based on account working registering service server, carry out business operation.Account working is can With the information by service server unique identification terminal user, it generally comprises account name and account password, Can also comprise business password further, wherein, the information comprised in account name can be as terminal use ID, such as, account entitled user1 ABC.com, then " user1 " can be as user Mark.

In the embodiment of the present application, terminal use holds terminal unit and wearable device simultaneously, and this terminal sets The standby various equipment with network connecting function, such as, smart mobile phone of referring mainly to, panel computer etc., can Wearable device refers mainly to various BLE equipment, such as, Intelligent bracelet, intelligent watch etc..Wherein, corresponding In BLE equipment, terminal unit has Bluetooth function the most simultaneously, when BLE equipment is complete with terminal unit After becoming pairing, can be connected to for a long time on this terminal unit by bluetooth approach, and in connected state, Information to terminal unit transmission small data quantity.Therefore the present embodiment can utilize the above-mentioned of wearable device Characteristic, during business operation, service server the authentication information transmitted by wearable device is complete Become service authentication process.The present embodiment, can be first by above-mentioned terminal unit and can before realizing service authentication Wearable device is bound, owing to each terminal unit may binding multiple wearable devices, therefore this Shen Please the wearable device that be used for service authentication be referred to as binding wearable device by embodiment.

Wherein, open the stage in binding, when terminal unit is connected with binding wearable device foundation, can To obtain the facility information of the other side, this facility information can include Bluetooth address and the device identification of equipment, Device identification generally can refer to the MAC (Media Access Control, media access control layer) of equipment Address；On the business operation interface of terminal unit, can provide for carrying out binding to terminal use Option, when terminal use selects this option, can send binding with triggering terminal equipment to service server Request message, service server, according to this bind-request message, returns to terminal unit and comprises this terminal use Message is opened in the binding of the ID at family, and this binding is opened what message was transmitted to be connected by terminal unit Binding wearable device, binding wearable device can pass through preset cipher mode, such as asymmetric cryptosystem Algorithm, generates PKI and private key for this ID, and sends binding response message to terminal unit, should The facility information that can comprise above-mentioned private key and binding wearable device in binding response message (such as, is tied up Determine Bluetooth address and the device identification of wearable device), further, it is also possible to include the equipment of terminal unit Information (such as, the Bluetooth address of terminal unit and device identification)；Above-mentioned binding response is disappeared by terminal unit Breath sends to service server, and service server preserves ID and above-mentioned private key, binds wearable setting The standby binding relationship between facility information and the facility information of terminal unit, in order to follow-up business takes Business device carries out service authentication based on above-mentioned binding relationship.Optionally, terminal unit can also be in the business of transmission During authentication message, the business check code that transmission terminal use registers on service server simultaneously, accordingly, Service server can first verify business check code, after this business check code is correct, then preserves above-mentioned tying up Determine relation, to ensure that the safety in stage is opened in binding.It addition, in the embodiment of the present application, terminal use Can also in the business interface of terminal unit the binding relationship of unbinding wearable device and terminal unit, Such as, after terminal use clicks on unbinding button, the business check code of input registration, work as business service When the business check code of device checking input is identical with the business check code preserved, from binding relationship list Delete corresponding binding relationship.

In the service authentication stage, when terminal use selects to perform industry on the business operation interface of terminal unit During business operation, this terminal unit sends business request information to service server, in this business request information The ID of terminal use can be comprised.

Step 202: receive the business submission message that service server returns according to business request information, should Business submits the facility information comprising the binding wearable device corresponding with ID in message to.

After service server receives business request information, can carry according in this business request information ID search the binding relationship that pre-saves, it is thus achieved that the binding corresponding with this ID is wearable The facility information of equipment；Then service server returns business to terminal unit and submits message to, and in this industry The facility information carrying this binding wearable device in message is submitted in business to.

Step 203: currently wearable with binding when detecting according to the facility information of binding wearable device When equipment connects, business is submitted to message be forwarded to bind wearable device.

Submit to after message when terminal unit receives business, can detect and the most whether wearable set with to be tested Standby connection, when being connected with wearable device to be tested, it is thus achieved that the facility information of this wearable device to be tested, Then judge the facility information of this wearable device to be tested whether with the facility information one of binding wearable device Cause, if the two is consistent, then may determine that wearable device to be tested, for binding wearable device, now may be used Wearable device is bound so that business to be submitted to message be forwarded to.

Step 204: receive the service authentication message that binding wearable device returns, this service authentication message The message generated after business being submitted to message encryption for binding wearable device according to preset cipher mode.

After binding wearable device receives business submission message, preset cipher mode can be used business Generate service authentication message after submitting message encryption to, and this service authentication message is sent to terminal unit. Wherein, preset cipher mode can refer to by opening stage employing asymmetrical encryption algorithm in aforementioned binding raw Business is submitted to message to be encrypted by the PKI become.

Step 205: send service authentication message to service server, so that service server uses pre- Put cipher mode and verify when service authentication message is correct, by this service authentication.

The service authentication message received is sent to service server by terminal unit, and service server uses Preset cipher mode checking service authentication message is the most correct, and wherein, preset cipher mode can refer to pass through Service authentication message is solved by the private key opening stage employing asymmetrical encryption algorithm generation in aforementioned binding Close, the description of integrating step 202 understands, and service server can be protected in advance searching according to ID During the binding relationship deposited, it is thus achieved that the private key corresponding with this ID.When service server verifies this business When authentication message is correct, determine that this service authentication passes through, complete this business operation process.

Optionally, when wearable device is after the business that receives submits message to, it is also possible to acquisition terminal user User profile, such as, geographical location information, user health information etc., and to terminal unit send During service authentication message, send this user profile simultaneously, terminal unit this user profile is forwarded to industry Business server, when service server determines that this service authentication passes through, can record above-mentioned user simultaneously Information, thus all information produced this terminal use during business operation carry out full storage, Or, user profile can also be presented on the business interface of this service authentication by service server, with rich Rich terminal use's interest during business operation, such as, when user profile is user's heart rate, Can be presented below as information " your heart rate reaches 150, next time the most so anxiety ", the most such as, when with When family information is user's height above sea level, " you complete in the place of height above sea level 6000 meters can be presented below as information This business operation, has surmounted 10000 users ".

Seeing Fig. 2 B, be another embodiment flow chart of the application service authentication method, this embodiment should It is used in service server side, comprises the following steps:

Step 211: the business request information that receiving terminal apparatus sends, comprises in this business request information The ID that terminal use registers on service server.

Step 212: returning business according to business request information to terminal unit and submit message to, this business carries Hand over the facility information comprising the binding wearable device corresponding with ID in message, so that terminal unit According to the facility information of binding wearable device determine current with bind wearable device be connected time, by industry Business submits to message to be forwarded to bind wearable device.

Step 213: the service authentication message that receiving terminal apparatus sends, this service authentication message is binding The message that wearable device generates after according to preset cipher mode to business being submitted message encryption.

Step 214: when using preset cipher mode checking service authentication message correct, by this business Authentication.

Seeing Fig. 2 C, be another embodiment flow chart of the application service authentication method, this embodiment should It is used in wearable device side, comprises the following steps:

Step 221: the business that receiving terminal apparatus forwards submits message to, this business submits to message to be business After server receives business request information, the message returned to terminal unit, in this business request information Comprising the ID that terminal use registers on service server, this business is submitted to and is comprised in message and use The facility information of the binding wearable device that family mark is corresponding.

Step 222: submit to message to be encrypted generation service authentication business according to preset cipher mode and disappear Breath.

Step 223: service authentication message is sent to terminal unit, so that terminal unit is by service authentication Message sends to service server, service server use preset cipher mode checking service authentication to disappear When ceasing correct, by this service authentication.

Embodiment shown in above-mentioned Fig. 2 B and Fig. 2 C is with the main difference of Fig. 2 A illustrated embodiment, The main equipment performing embodiment is different, and service authentication process is consistent, the therefore concrete mistake of service authentication Journey can be found in the associated description of Fig. 2 A illustrated embodiment, does not repeats them here.It should be noted that adopt When realizing service authentication by the embodiment of the present application, it is also possible to compatible existing service authentication mode, i.e. at end End subscriber is non-selected time binding wearable device is used for service authentication, still can use existing password Input modes etc. realize service authentication, do not limit this embodiment of the present application.

From the embodiment shown in above-mentioned Fig. 2 A to Fig. 2 C, these embodiments use to be had with terminal unit The wearable device having binding relationship carries out service authentication, due to terminal unit during whole service authentication Have only to transmit the authentication information between wearable device and service server, exist without terminal use Perform the operation of input cipher type on terminal unit, therefore simplify service authentication operation, improve business Authentication efficiency, enhances terminal use's Consumer's Experience during business operation.

Seeing Fig. 3 A, be another embodiment flow chart of the application service authentication method, this embodiment is tied Close the application scenarios shown in Fig. 1, by binding wearable device (BLE equipment), terminal unit and industry That is engaged between server is mutual, describes binding opening process in detail, comprises the following steps:

Step 301: terminal unit is set up bluetooth with BLE equipment and is connected.

In the present embodiment, it is assumed that terminal use has registered account working on service server, wherein assumes The ID (Identification, mark) of registration is " USER ", and business check code is " abcdef ". Service server can preserve the corresponding pass between the ID of registration and business check code in data base System, wherein it is possible to directly preserve this ID " USER ", it is also possible to generated by service server and have This embodiment of the present application, as ID, is not limited by regular length and unique numeral.

When terminal unit is set up after bluetooth is connected with BLE equipment, and terminal unit can record BLE equipment Facility information, including Bluetooth address and the BLE device id of BLE equipment, BLE equipment is permissible simultaneously The facility information of record terminal unit, including Bluetooth address and the terminal unit ID of terminal unit.

Step 302: terminal unit carries out the binding bound to service server transmission request and BLE equipment Request message.

After terminal use passes through registered account working registering service server, if terminal use exists Have selected binding option on the business interface that terminal unit presents, such as, click on binding button, then terminal Equipment sends bind-request message to service server.

Step 303: service server returns binding according to bind-request message to terminal unit and opens message.

In this step, this binding is opened can comprise the ID of terminal use and first anti-heavy in message Putting information (challenge), a challenge may be used for identifying the unique of this bind-request message Property.

Step 304: terminal unit this binding is opened message be encrypted acquisition crypto-binding open message.

In this step, terminal unit can be that message interpolation header is opened in binding, and this header is used for table Show that the type of message is opened in this binding, in order to ensure the safety of message transmission between BLE equipment, eventually End equipment can use the symmetric encipherment algorithm consulted with BLE equipment in advance to open binding to disappear further Breath is encrypted.

Step 305: terminal unit is connected by the bluetooth set up opens message transmission extremely by crypto-binding BLE equipment.

Crypto-binding is opened message and is decrypted by step 306:BLE equipment, it is thus achieved that message is opened in binding.

BLE equipment receives after crypto-binding opens message, corresponding to the description of step 304, and this BLE Crypto-binding can be opened message by the symmetric encipherment algorithm consulted with terminal unit in advance and carry out by equipment Deciphering, and after identifying type of message according to header, determine that receiving binding opens message, now BLE Equipment can obtain binding and open the ID carried in message.

Step 307:BLE equipment is that message generation binding response message is opened in binding.

In this step, BLE equipment is that this ID generates PKI and private key by asymmetrical encryption algorithm, And preserve the corresponding relation of ID and PKI, then carry in the binding response message generated private key, The facility information of BLE equipment and the facility information of terminal unit.

Step 308:BLE equipment is encrypted acquisition crypto-binding response message to this binding response message.

In this step, binding response message can be added header by BLE equipment, and this header is used for table Show the type of this binding response message, the most still use the symmetric cryptography consulted with terminal unit in advance to calculate Binding response message is encrypted by method.

Step 309:BLE equipment is connected the transmission of crypto-binding response message to end by the bluetooth set up End equipment.

Step 310: crypto-binding response message is decrypted by terminal unit, it is thus achieved that binding response message.

After terminal unit receives crypto-binding response message, corresponding to the description of step 308, this terminal Crypto-binding response message can be entered by equipment by the symmetric encipherment algorithm consulted with BLE equipment in advance Row deciphering, and after identifying type of message according to header, determine and receive binding response message, and This binding response message carries a challenge, so that service server is by a challenge Identify that this binding response message opens message corresponding to the binding in step 303.

Step 311: business is verified password by terminal unit and binding response message is transferred to service server.

Step 312: after service server verifies that this business check code is effectively, preserve terminal use and BLE Binding relationship between equipment.

In this step, service server can search the log-on message of terminal use according to ID, obtains The business check code of end-user registration be " abcdef ", compare the business check code received and When " abcdef " is identical, binding relationship list preserves ID " USER " and disappears with binding response Tying up between the private key, the facility information of BLE equipment and the facility information of terminal unit that carry in breath Determine relation.

Seeing Fig. 3 B, be another embodiment flow chart of the application service authentication method, this embodiment is tied Close the application scenarios shown in Fig. 1, on the basis of Fig. 3 A illustrated embodiment, set by binding is wearable Standby (BLE equipment), mutual between terminal unit and service server, describe service authentication in detail Process, comprises the following steps:

Step 321: terminal unit sends business request information to service server, this business request information In comprise ID.

When terminal use carries out business operation on the business interface of terminal unit, such as, pay Operation, then terminal unit sends the business request information comprising ID to service server.

Step 322: service server searches binding relationship according to the ID in business request information, obtains Binding information that must be corresponding with this ID.

Understand in conjunction with Fig. 3 A illustrated embodiment, when service server searches binding relationship row according to ID During table, it is possible to obtain private key, the facility information of BLE equipment and the terminal unit corresponding with this ID Facility information.

Step 323: service server sends business to terminal unit and submits message to.

In this step, service server can generate comprise BLE equipment facility information (BLE equipment Bluetooth address and BLE device id) and the business submission message of the second anti-replay information (challenge), 2nd challenge may be used for identifying this business and submits the uniqueness of message to.

Step 324: according to the facility information of BLE equipment, terminal unit verifies that current and this BLE equipment connects Connect.

In this step, terminal unit can be verified current with corresponding according to the Bluetooth address of BLE equipment BLE equipment connects, and the BLE device id of this BLE equipment opens the BLE of stage record with binding When device id is consistent, determine that the current and bound BLE equipment opening stage binding is connected.

Step 325: this business is submitted to message to be encrypted acquisition encryption business and submitted message to by terminal unit.

In this step, terminal unit can be that business submits to message to add header, and this header is used for table Show that this business submits the type of message to, and the symmetric encipherment algorithm passing through to consult with BLE equipment in advance is to this Business submits to message to be encrypted.

Step 326: encryption business is submitted to message to send to BLE equipment by terminal unit.

Encryption business is submitted to message to be decrypted by step 327:BLE equipment, it is thus achieved that business submits message to.

After BLE equipment receives encryption business submission message, corresponding to the description in step 325, should Encryption business can be submitted to message by the symmetric encipherment algorithm consulted with terminal unit in advance by BLE equipment Be decrypted, and according to header identify type of message be business submit to message.

Step 328:BLE equipment is that business is submitted to by the PKI that ID generates by the binding stage of opening Message is encrypted acquisition service authentication message.

In this step, BLE equipment can search the PKI corresponding with ID, then by this PKI Submitting to message to be encrypted business, such as, a kind of cipher mode can refer specifically to HOTP (HMAC-Based One-Time Password, a password based on HMAC) algorithm, wherein HMAC (Hash-based Message Authentication Code, Hash operation message authentication code) refers to With a key and message for input, generates one eap-message digest as the cipher mode exported.

Step 329:BLE equipment is encrypted acquisition encryption service authentication message to service authentication message.

In this step, BLE equipment still uses the symmetric encipherment algorithm consulted with terminal unit in advance to industry Business authentication message is encrypted generation encryption service authentication message.

Encryption service authentication message is sent to terminal unit by step 330:BLE equipment.

Step 331: encryption service authentication message is decrypted by terminal unit, it is thus achieved that service authentication message.

Corresponding to the description of step 329, this terminal unit can be by right with what BLE equipment was consulted in advance Claim AES that encryption service authentication message is decrypted, it is thus achieved that service authentication message.

Step 332: terminal unit returns service authentication message to service server.

In this step, terminal unit can carry the 2nd challenge in service authentication message, so that industry By the 2nd challenge, business server identifies that this service authentication message is corresponding to the business in step 323 Submit message to.

Step 333: service server is correct by the private key checking service authentication message corresponding with ID Time, by this service authentication.

In this step, service server by the private key decryption services authentication message corresponding with ID, Obtaining the facility information of BLE equipment, now service server is verified the facility information of BLE equipment and ties up Determine the facility information of BLE equipment that preserves in relation consistent time, determine that this service authentication message is by checking.

From the embodiment shown in above-mentioned Fig. 3 A and Fig. 3 B, this embodiment uses to be had with terminal unit The wearable device of binding relationship carries out service authentication, due to terminal unit during whole service authentication Need to transmit the authentication information between wearable device and service server, without terminal use at end Perform the operation of input cipher type on end equipment, therefore simplify service authentication operation, improve business mirror Power efficiency, enhances terminal use's Consumer's Experience during business operation.

Corresponding with the embodiment of aforementioned service authentication method, present invention also provides service authentication device Embodiment.

The difference in functionality that the application service authentication device embodiment is had according to service authentication device can be answered With on terminal unit, service server or wearable device.Device embodiment can be realized by software, Can also realize by the way of hardware or software and hardware combining.As a example by implemented in software, patrol as one Collect the device in meaning, be that the processor by its place server is by corresponding in nonvolatile memory Computer program instructions reads and runs formation in internal memory.For hardware view, as shown in Figure 4, For a kind of hardware structure diagram of the application service authentication device place equipment, except the processor shown in Fig. 4, Outside internal memory, network interface and nonvolatile memory, in embodiment, the equipment at device place is usual Actual functional capability according to this server, it is also possible to include other hardware, this is repeated no more.

Seeing Fig. 5, for an embodiment block diagram of the application service authentication device, this device is applied to end End equipment, including: transmitting element 510, reception unit 520 and detector unit 530.

Wherein, transmitting element 510, for sending business request information, described business to service server Request message comprises the ID that terminal use registers on described service server；

Receive unit 520, for receiving what described service server returned according to described business request information Business submits message to, comprises the binding corresponding with described ID wearable in described business submission message The facility information of equipment；

The most whether detector unit 530, detect for the facility information according to described binding wearable device It is connected with described binding wearable device；

Described transmitting element 510, be additionally operable to detect be connected with described binding wearable device time, will Described business submits to message to be forwarded to described binding wearable device；

Described reception unit 520, the service authentication being additionally operable to receive the return of described binding wearable device disappears Breath, described service authentication message be described binding wearable device according to preset cipher mode to described business The message generated after submitting message encryption to；

Described transmitting element 510, is additionally operable to send to described service server described service authentication message, So that described service server uses described preset cipher mode to verify when described service authentication message is correct, By this service authentication.

In an optional implementation:

Described transmitting element 510, it is also possible to for sending before described business request information, when with institute When stating binding wearable device foundation connection, send bind-request message to described service server；

Described reception unit 520, it is also possible to be used for receiving described service server according to described bind request Message is opened in the binding that message returns, and described binding is opened and comprised described ID in message；

Described transmitting element 510, it is also possible to for described binding opened message be transmitted to described binding can Wearable device, so that described binding wearable device is that described ID is raw by asymmetrical encryption algorithm Becoming PKI and private key, wherein, described PKI is for submitting message encryption to described business, and described private key is used In verifying that described service authentication message is the most correct；

Described reception unit 520, it is also possible to the binding sent for receiving described binding wearable device should Answer message, described binding response message comprises the equipment letter of described private key, described binding wearable device Breath and the facility information of described terminal unit；

Described transmitting element 510, it is also possible to for described binding response message is sent to described business clothes Business device so that described service server to preserve described ID and described private key, described binding wearable Binding relationship between the facility information of equipment and the facility information of described terminal unit.

In another optional implementation:

Described transmitting element 510, it is also possible to for described terminal use is noted on described service server The business check code of volume sends to described service server, so that described service server is verifying described industry After business check code is correct, preserve described binding relationship.

In another optional implementation:

Described binding response message is the message that be with the addition of the first header by described binding wearable device；

Described transmitting element 510, can be specifically for tying up described in identifying according to described first header After determining the type of response message, described binding response message is sent to described service server；And,

Described transmitting element, after submitting to message to add the second header for described business, by institute Business of stating submits to message to be forwarded to described binding wearable device；Wherein, described service authentication message is institute State binding wearable device to submit to after message according to business described in described second header identification, by described The message that PKI generates after described business is submitted to message encryption, so that described service server uses described Private key verifies that described service authentication message is the most correct.

In another optional implementation:

Described detector unit 530 can include (not shown in Fig. 5):

Connect detection sub-unit, for detecting whether be connected with wearable device to be tested；

Connect and determine subelement, for when being connected with wearable device to be tested, it is judged that institute is to be tested wearable The facility information of equipment is the most consistent with the facility information of described binding wearable device, when consistent, really Fixed described wearable device to be tested is described binding wearable device.

Seeing Fig. 6, for another embodiment block diagram of the application service authentication device, this device is applied to Service server, including: receive unit 610, transmitting element 620 and authentication unit 630.

Wherein, receive unit 610, the business request information sent for receiving terminal apparatus, described industry Business request message comprises the ID that terminal use registers on described service server；

Transmitting element 620, carries for returning business according to described business request information to described terminal unit Handing over message, described business is submitted to and is comprised the binding wearable device corresponding with described ID in message Facility information so that described terminal unit according to the facility information of described binding wearable device determine work as Before when being connected with described binding wearable device, submit to message to be forwarded to described binding described business and can wear Wear equipment；

Described reception unit 610, is additionally operable to receive the service authentication message that described terminal unit sends, institute Stating service authentication message is that the submission of described business is disappeared by described binding wearable device according to preset cipher mode The message generated after encryption for information；

Authentication unit 630, described service authentication message is correct to be used for using described preset cipher mode to verify Time, by this service authentication.

In an optional implementation:

Described reception unit 610, it is also possible to before the business request information that receiving terminal apparatus sends, Receive the bind-request message that described terminal unit sends；

Described transmitting element 620, it is also possible to be used for according to described bind-request message to described terminal unit Returning binding and open message, described binding is opened and is comprised described ID in message, so that described terminal After described binding is opened the binding wearable device that message is transmitted to built vertical connection by equipment, described tie up Determining wearable device by asymmetrical encryption algorithm is described ID generation PKI and private key, wherein, Described PKI is for submitting message encryption to described business, and described private key is used for verifying that described service authentication disappears Cease the most correct；

Described reception unit 610, it is also possible to for receiving the binding response message that described terminal unit sends, Described binding response message comprises described private key, the facility information of described binding wearable device and The facility information of described terminal unit；

Described device can also include (not shown in Fig. 7):

Storage unit, for preserving described ID and described private key, described binding wearable device Binding relationship between the facility information of facility information and described terminal unit.

In another optional implementation:

Described reception unit 610, it is also possible to for receiving the business check code that described terminal unit sends, Described business check code is the check code that described terminal use registers on described service server；

Described authentication unit 630, it is also possible to for when verifying described business check code and the institute pre-saved State the business check code of terminal use consistent time, trigger described storage unit and perform to preserve described binding relationship.

In another optional implementation:

Described reception unit 610, it is also possible to for returning industry at described transmitting element to described terminal unit Business is submitted to after message, receives the user profile that described terminal unit sends, described user profile be described in tie up Determine wearable device and submit to after message receiving described business, user's letter of the described terminal use of collection Breath；

Described device can also include (not shown in Fig. 6):

Display unit, for being presented on the business interface of this service authentication described by described user profile.

Seeing Fig. 7, for another embodiment block diagram of the application service authentication device, this device is applied to Wearable device, including: receive unit 710, signal generating unit 720 and transmitting element 730.

Wherein, receiving unit 710, the business forwarded for receiving terminal apparatus submits message, described industry to Business submits to message to be after service server receives business request information, to disappearing that described terminal unit returns Breath, comprises the ID that terminal use registers on described service server in described business request information, Described business submits the equipment comprising the described binding wearable device corresponding with described ID in message to Information；

Signal generating unit 720, for submitting to message to be encrypted life described business according to preset cipher mode Become service authentication message；

Transmitting element 730, for described service authentication message is sent to described terminal unit, so that institute State terminal unit described service authentication message to be sent to described service server, by described business service Device uses described preset cipher mode to verify when described service authentication message is correct, by this service authentication.

In an optional implementation:

Described reception unit 710, it is also possible to before the business submission message that receiving terminal apparatus forwards, Message is opened in the binding receiving the forwarding of described terminal unit, and it is described business service that message is opened in described binding After device receives bind-request message, the message returned to described terminal unit, message is opened in described binding In comprise described ID；

Described signal generating unit 720, it is also possible to being used for by asymmetrical encryption algorithm is that described ID is raw Becoming PKI and private key, wherein, described PKI is for submitting message encryption to described business, and described private key is used In verifying that described service authentication message is the most correct；

Described transmitting element 730, it is also possible to for sending binding response message, institute to described terminal unit State in binding response message and comprise described private key, the facility information of described binding wearable device, Yi Jisuo State the facility information of terminal unit, so that described binding response message is sent to described by described terminal unit After service server, described service server preserve described ID and described private key, described binding Binding relationship between the facility information of wearable device and the facility information of described terminal unit.

In another optional implementation:

Described device can also include (not shown in Fig. 7):

Collecting unit, after receiving described business submission message at described reception unit, gathers described The user profile of terminal use；

Described transmitting element 730, it is also possible to for described user profile is sent to described terminal unit, So that described user profile is forwarded to described service server by described terminal unit.

In said apparatus, the function of unit and the process that realizes of effect specifically refer in said method corresponding Step realize process, do not repeat them here.

For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part ginseng See that the part of embodiment of the method illustrates.Device embodiment described above is only schematically, The wherein said unit illustrated as separating component can be or may not be physically separate, makees The parts shown for unit can be or may not be physical location, i.e. may be located at a place, Or can also be distributed on multiple NE.Can select according to the actual needs part therein or The whole module of person realizes the purpose of the application scheme.Those of ordinary skill in the art are not paying creativeness In the case of work, i.e. it is appreciated that and implements.

As seen from the above-described embodiment, these embodiments use and have the wearable of binding relationship with terminal unit Equipment carries out service authentication, owing to during whole service authentication, terminal unit has only to transmit wearable setting Authentication information between standby and service server, performs input on the terminal device without terminal use The operation of cipher type, therefore simplifies service authentication operation, improves service authentication efficiency, enhance end End subscriber Consumer's Experience during business operation.

Those skilled in the art, after considering description and putting into practice invention disclosed herein, will readily occur to this Other embodiment of application.The application is intended to any modification, purposes or the adaptability of the application Change, these modification, purposes or adaptations are followed the general principle of the application and include this Shen Please undocumented common knowledge in the art or conventional techniques means.Description and embodiments only by Being considered as exemplary, the true scope of the application and spirit are pointed out by claim below.

It should be appreciated that the application be not limited to described above and illustrated in the accompanying drawings accurately Structure, and various modifications and changes can carried out without departing from the scope.Scope of the present application is only by institute Attached claim limits.

Claims

1. a service authentication method, it is characterised in that be applied to terminal unit, described method includes:

Method the most according to claim 1, it is characterised in that described terminal unit is to business service Before device sends business request information, also include:

When being connected with the foundation of described binding wearable device, send bind request to described service server Message；

Receive described service server and open message according to the binding that described bind-request message returns, described Binding is opened and is comprised described ID in message；

Described binding is opened message and is transmitted to described binding wearable device, so that described binding is wearable Equipment is that described ID generates PKI and private key, wherein, described PKI by asymmetrical encryption algorithm For described business is submitted to message encryption, described private key is used for the most just verifying described service authentication message Really；

Receive the binding response message that described binding wearable device sends, described binding response message is wrapped Equipment letter containing described private key, the facility information of described binding wearable device and described terminal unit Breath；

Described binding response message is sent to described service server, so that described service server preserves Described ID and described private key, the facility information of described binding wearable device and described terminal Binding relationship between the facility information of equipment.

Method the most according to claim 2, it is characterised in that described method also includes:

The business check code described terminal use registered on described service server sends to described business Server, so that described service server is after verifying that described business check code is correct, preserves described binding Relation.

Method the most according to claim 2, it is characterised in that

Described described binding response message is sent to described service server, including: when according to described the After one header identifies the type of described binding response message, described binding response message is sent to institute State service server；

Described by described business submission message be forwarded to described binding wearable device, including: for described industry After business submits to message to add the second header, described business submission message is forwarded to described binding wearable Equipment；Wherein, described service authentication message is that described binding wearable device is according to described second header After identifying that described business submits message to, generate after described business being submitted to message encryption by described PKI Message, so that described service server uses described private key to verify, described service authentication message is the most correct.

5. according to the arbitrary described method of Claims 1-4, it is characterised in that tie up described in described basis The facility information determining wearable device detects that current and described binding wearable device is connected, including:

Detect whether to be connected with wearable device to be tested；

When being connected with wearable device to be tested, it is judged that wearable device to be tested facility information whether with The facility information of described binding wearable device is consistent, when consistent, determines described wearable device to be tested For described binding wearable device.

6. a service authentication method, it is characterised in that be applied to service server, described method includes:

Method the most according to claim 6, it is characterised in that described receiving terminal apparatus sends Before business request information, also include:

Receive the bind-request message that described terminal unit sends；

Returning binding according to described bind-request message to described terminal unit and open message, described binding is opened Logical message comprises described ID, is transmitted to so that described binding is opened message by described terminal unit After the binding wearable device of built vertical connection, calculated by asymmetric cryptosystem described binding wearable device Method is that described ID generates PKI and private key, and wherein, described PKI disappears for submitting described business to Encryption for information, described private key is used for verifying that described service authentication message is the most correct；

Receive the binding response message that described terminal unit sends, described binding response message comprises described Private key, the facility information of described binding wearable device and the facility information of described terminal unit；

Preserve described ID and described private key, the facility information of described binding wearable device and Binding relationship between the facility information of described terminal unit.

Method the most according to claim 7, it is characterised in that before preserving described binding relationship, Described method also includes:

Receiving the business check code that described terminal unit sends, described business check code is described terminal use The check code of registration on described service server；

When verifying that described business check code is consistent with the business check code of the described terminal use pre-saved, Perform to preserve described binding relationship.

9. according to the arbitrary described method of claim 6 to 8, it is characterised in that described according to described industry Business request message, after described terminal unit returns business submission message, also includes:

Receiving the user profile that described terminal unit sends, described user profile is that described binding is wearable to be set Standby after receiving described business submission message, the user profile of the described terminal use of collection；

Described user profile is presented on the business interface of this service authentication described.

10. a service authentication method, it is characterised in that be applied to, with terminal unit, there is binding relationship Binding wearable device, described method includes:

11. methods according to claim 10, it is characterised in that described receiving terminal apparatus forwards Business submit to before message, also include:

Message is opened in the binding receiving the forwarding of described terminal unit, and it is described business that message is opened in described binding After server receives bind-request message, the message returned to described terminal unit, described binding is open-minded Message comprises described ID；

It is that described ID generates PKI and private key, wherein, described PKI by asymmetrical encryption algorithm For described business is submitted to message encryption, described private key is used for the most just verifying described service authentication message Really；

To described terminal unit send binding response message, described binding response message comprises described private key, The facility information of described binding wearable device and the facility information of described terminal unit, so that described Described binding response message is sent to described service server by terminal unit, by described service server Preserve described ID and described private key, the facility information of described binding wearable device and described Binding relationship between the facility information of terminal unit.

12. according to the method described in claim 10 or 11, it is characterised in that described method also includes:

After receiving described business submission message, gather the user profile of described terminal use；

Described user profile is sent to described terminal unit, so that described user is believed by described terminal unit Breath is forwarded to described service server.

13. methods according to claim 12, it is characterised in that described wearable device includes: Low-power consumption bluetooth BLE equipment；

Described user profile includes at least one following information: geographical location information, user health information.

14. 1 kinds of service authentication devices, it is characterised in that be applied to terminal unit, described device includes:

15. devices according to claim 14, it is characterised in that

Described transmitting element, is additionally operable to sending before described business request information, when can with described binding Wearable device is set up when connecting, and sends bind-request message to described service server；

Described reception unit, is additionally operable to receive described service server and returns according to described bind-request message Binding open message, described binding is opened and is comprised described ID in message；

Described transmitting element, is additionally operable to that described binding is opened message and is transmitted to described binding wearable device, So that described binding wearable device is that described ID generates PKI and private by asymmetrical encryption algorithm Key, wherein, described PKI is for submitting message encryption to described business, and described private key is used for verifying described Service authentication message is the most correct；

Described reception unit, is additionally operable to receive the binding response message that described binding wearable device sends, Described binding response message comprises described private key, the facility information of described binding wearable device and The facility information of described terminal unit；

Described transmitting element, is additionally operable to send described binding response message extremely described service server, with Described service server is made to preserve described ID and described private key, the setting of described binding wearable device Binding relationship between standby information and the facility information of described terminal unit.

16. devices according to claim 15, it is characterised in that

Described transmitting element, is additionally operable to the business described terminal use registered on described service server Check code sends to described service server, so that described service server is verifying described business check code After Zheng Que, preserve described binding relationship.

17. devices according to claim 15, it is characterised in that described binding response message is served as reasons Described binding wearable device with the addition of the message of the first header；

Described transmitting element, disappears specifically for identifying described binding response according to described first header After the type of breath, described binding response message is sent to described service server；And,

18. according to the arbitrary described device of claim 14 to 17, it is characterised in that described detection list Unit includes:

19. 1 kinds of service authentication devices, it is characterised in that be applied on service server, described device Including:

20. devices according to claim 19, it is characterised in that

Described reception unit, before being additionally operable to the business request information that receiving terminal apparatus sends, receives institute State the bind-request message that terminal unit sends；

Described transmitting element, is additionally operable to return binding according to described bind-request message to described terminal unit Opening message, described binding is opened and is comprised described ID in message, so that described terminal unit is by institute State binding open the binding wearable device that message is transmitted to built vertical connection after, wearable by described binding Equipment is that described ID generates PKI and private key, wherein, described PKI by asymmetrical encryption algorithm For described business is submitted to message encryption, described private key is used for the most just verifying described service authentication message Really；

Described reception unit, is additionally operable to receive the binding response message that described terminal unit sends, described in tie up Determine response message comprises described private key, the facility information of described binding wearable device and described end The facility information of end equipment；

Described device also includes:

21. devices according to claim 20, it is characterised in that

Described reception unit, is additionally operable to receive the business check code that described terminal unit sends, described business Check code is the check code that described terminal use registers on described service server；

Described authentication unit, is additionally operable to when the described terminal verifying described business check code and pre-save is used When the business check code at family is consistent, triggers described storage unit and perform to preserve described binding relationship.

22. according to the arbitrary described device of claim 19 to 21, it is characterised in that

Described reception unit, is additionally operable to return business submission at described transmitting element to described terminal unit and disappears After breath, receiving the user profile that described terminal unit sends, described user profile is that described binding is wearable Equipment is submitted to after message receiving described business, the user profile of the described terminal use of collection；

Described device also includes:

23. 1 kinds of service authentication devices, it is characterised in that be applied to, with terminal unit, there is binding relationship Binding wearable device, described device includes:

24. devices according to claim 23, it is characterised in that

Described reception unit, before being additionally operable to the business submission message that receiving terminal apparatus forwards, receives described Message is opened in the binding that terminal unit forwards, and it is that described service server receives that message is opened in described binding After bind-request message, the message returned to described terminal unit, described binding is opened and is comprised institute in message State ID；

Described signal generating unit, be additionally operable to by asymmetrical encryption algorithm be described ID generate PKI and Private key, wherein, described PKI is for submitting message encryption to described business, and described private key is used for verifying institute State service authentication message the most correct；

Described transmitting element, is additionally operable to send binding response message to described terminal unit, and described binding should Answer and message comprises described private key, the facility information of described binding wearable device and described terminal set Standby facility information, so that described binding response message is sent to described business service by described terminal unit After device, described service server preserve described ID and described private key, described binding is wearable sets Binding relationship between the facility information of standby facility information and described terminal unit.

25. according to the device described in claim 23 or 24, it is characterised in that described device also includes:

Described transmitting element, is additionally operable to send to described terminal unit described user profile, so that described Described user profile is forwarded to described service server by terminal unit.

26. 1 kinds of terminal units, it is characterised in that including: processor；For storing described processor The memorizer of executable instruction；

Wherein, described processor is configured to:

27. 1 kinds of service servers, it is characterised in that including: processor；For storing described process The memorizer of device executable instruction；

Wherein, described processor is configured to:

28. 1 kinds of wearable devices, it is characterised in that described wearable device has with terminal unit to be tied up Determine relation, including:

Processor；For storing the memorizer of described processor executable；

Wherein, described processor is configured to: