[go: up one dir, main page]

CN114629662A - Identity verification method and device - Google Patents

Identity verification method and device Download PDF

Info

Publication number
CN114629662A
CN114629662A CN202210491587.5A CN202210491587A CN114629662A CN 114629662 A CN114629662 A CN 114629662A CN 202210491587 A CN202210491587 A CN 202210491587A CN 114629662 A CN114629662 A CN 114629662A
Authority
CN
China
Prior art keywords
identifier
authentication
merchant
bound
service platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210491587.5A
Other languages
Chinese (zh)
Inventor
吕斌
窦方钰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202210491587.5A priority Critical patent/CN114629662A/en
Publication of CN114629662A publication Critical patent/CN114629662A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present disclosure provides an identity verification method and apparatus. Specifically, the present disclosure provides an identity authentication method, including: receiving an authentication request from a merchant client, the authentication request including a merchant identifier and a service platform identifier; looking up a list of mobile devices associated with the merchant identifier and the service platform identifier; sending authentication information to the merchant client, the authentication information including device identifiers of one or more mobile devices in the list of mobile devices; and receiving an authentication response from one of the one or more mobile devices.

Description

Identity verification method and device
Technical Field
The present application relates to the field of internet, and in particular, to a method and an apparatus for authenticating a merchant using a mobile device.
Background
With the development of the internet, more and more merchants conduct transactions on the internet. The amount of money involved in the transaction process of the merchant is large, so that certain potential safety hazards exist. In order to ensure the security of the transaction, the identity of the merchant needs to be verified during the transaction, i.e., the merchant checks the identity. In addition, various service platforms (e.g., online shopping platform, online payment platform, online banking, consumer financial platform, etc.) are presented, and a merchant may perform transactions on a plurality of service platforms, but the authentication experiences under the plurality of service platforms are different, resulting in poor security experience of the merchant.
Therefore, an improved merchant identity authentication scheme is continued, and the efficiency and the security of the identity authentication of merchants on a plurality of service platforms are improved.
Disclosure of Invention
In order to solve the technical problem, the invention provides an identity authentication method, which comprises the following steps:
receiving an authentication request from a merchant client, the authentication request including a merchant identifier and a service platform identifier;
looking up a list of mobile devices associated with the merchant identifier and the service platform identifier;
sending authentication information to the merchant client, the authentication information including device identifiers of one or more mobile devices in the list of mobile devices; and
an authentication response is received from one of the one or more mobile devices.
Optionally, the method further comprises:
receiving a second authentication request from the merchant client, the second authentication request comprising the merchant identifier and a second service platform identifier;
looking up a second list of mobile devices associated with the merchant identifier and the second service platform identifier;
sending second authentication information to the merchant client, the second authentication information including device identifiers of one or more second mobile devices in the second mobile device list; and
receiving a second authentication response from one of the one or more second mobile devices.
Optionally, the method further comprises:
receiving an equipment binding request from a service platform server, wherein the equipment binding request comprises a merchant identifier to be bound, a mobile phone number of a mobile equipment to be bound and a service platform identifier to be bound;
sending a binding verification request to the mobile equipment to be bound, wherein the binding verification request comprises a mobile phone number of the mobile equipment to be bound;
receiving a binding verification response from the mobile device to be bound, the binding verification response including a device identifier of the mobile device to be bound; and
and performing association binding on the merchant identifier to be bound, the equipment identifier of the mobile equipment to be bound and the service platform identifier to be bound.
Optionally, the association binding includes:
and storing the to-be-bound merchant identifier and the device identifier of the to-be-bound mobile device in a partition corresponding to the to-be-bound service platform identifier in a database in an associated manner.
Optionally, the method further comprises sending an authentication result to the merchant client in response to the authentication response indicating that authentication was successful.
Optionally, the method further comprises:
establishing a communication session with the merchant client and the service platform server; and
and sending the session identifier of the communication session to the merchant client and the service platform server.
Optionally, the method further comprises,
receiving a session authentication request from the merchant client, the session authentication request including a session identifier of the merchant client;
determining whether the session identifier of the merchant client and the session identifier of the communication session are the same; and
and if the session identifier of the merchant client is the same as the session identifier of the communication session, sending a session verification response indicating that the session verification is successful to the merchant client.
Optionally, the method further comprises sending a short message authentication request to the mobile device in response to the authentication response indicating authentication failure.
Optionally, the device identifier comprises a unique device identifier UDID, an international mobile equipment identity IMEI and a mobile equipment identity MEID.
Another aspect of the present disclosure provides an authentication apparatus, including:
means for receiving an authentication request from a merchant client, the authentication request comprising a merchant identifier and a service platform identifier;
means for locating a list of mobile devices associated with the merchant identifier and the business platform identifier;
means for sending authentication information to the merchant client, the authentication information including device identifiers of one or more mobile devices in the list of mobile devices; and
means for receiving an authentication response from one of the one or more mobile devices.
Optionally, the apparatus further comprises:
means for receiving a second authentication request from the merchant client, the second authentication request comprising the merchant identifier and a second service platform identifier;
means for locating a second list of mobile devices associated with the merchant identifier and the second service platform identifier;
means for sending second authentication information to the merchant client, the second authentication information comprising device identifiers of one or more second mobile devices in the second list of mobile devices; and
means for receiving a second authentication response from one of the one or more second mobile devices.
Optionally, the apparatus further comprises:
a module for receiving a device binding request from a service platform server, the device binding request including a merchant identifier to be bound, a mobile phone number of a mobile device to be bound, and a service platform identifier to be bound;
a module for sending a binding verification request to the mobile device to be bound, wherein the binding verification request comprises a mobile phone number of the mobile device to be bound;
means for receiving a binding verification response from the mobile device to be bound, the binding verification response including a device identifier of the mobile device to be bound; and
and the module is used for performing association binding on the merchant identifier to be bound, the equipment identifier of the mobile equipment to be bound and the service platform identifier to be bound.
Optionally, wherein the association binding comprises:
and storing the to-be-bound merchant identifier and the device identifier of the to-be-bound mobile device in a partition corresponding to the to-be-bound service platform identifier in a database in an associated manner.
Optionally, the apparatus further comprises means for sending an authentication result to the merchant client in response to the authentication response indicating a successful authentication.
Optionally, the apparatus further comprises:
a module for establishing communication session with the merchant client and the service platform server; and
means for sending a session identifier for the communication session to the merchant client and the service platform server.
Optionally, the apparatus further comprises:
means for receiving a session authentication request from the merchant client, the session authentication request including a session identifier of the merchant client;
means for determining whether a session identifier of the merchant client is the same as a session identifier of the communication session; and
means for sending a session authentication response to the merchant client indicating that session authentication was successful if the merchant client's session identifier is the same as the session identifier of the communication session.
Optionally, the apparatus further comprises means for sending a short message authentication request to the mobile device in response to the authentication response indicating authentication failure.
Optionally, the device identifier comprises a unique device identifier UDID, an international mobile equipment identity IMEI and a mobile equipment identity MEID.
Yet another aspect of the present disclosure provides an authentication apparatus, including:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
receiving an authentication request from a merchant client, the authentication request including a merchant identifier and a service platform identifier;
looking up a list of mobile devices associated with the merchant identifier and the service platform identifier;
sending authentication information to the merchant client, the authentication information including device identifiers of one or more mobile devices in the list of mobile devices; and
an authentication response is received from one of the one or more mobile devices.
Drawings
Fig. 1 is a block diagram of an identity verification system according to aspects of the present disclosure.
Fig. 2 is an illustration of mobile device binding according to aspects of the present disclosure.
FIG. 3 is an illustration of merchant identity verification, according to aspects of the present disclosure.
FIG. 4 is a diagram of a selection interface on a merchant client, according to aspects of the present disclosure.
FIG. 5 is a flow chart diagram of a merchant identity verification method according to aspects of the present disclosure.
FIG. 6 is a diagram of an electronic device for merchant identity verification, according to aspects of the present application.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways than those specifically described herein, and thus the present invention is not limited to the specific embodiments disclosed below.
With the development of the internet, it is more and more important to use a secure and reliable identity authentication scheme in the transaction process. At present, the identity authentication of the merchant mainly includes some traditional authentication means: account passwords, payment shields, certificate authentications, one-time passwords (OTP), and the like. However, these conventional authentication methods have low security, limit hardware, easily cause browser blocking, and have low authentication passing rate.
The use of electronic cards to conduct merchant authentication in transactions is currently proposed. In the scheme of using the electronic card for identity verification, a merchant sets different operator roles according to rules, and the personal identity (for example, an identity card number) of an operator is bound with the merchant. When a merchant conducts transaction, an operator with authority scans the two-dimensional code by using the application on the mobile phone of the operator, so that the identity verification of the merchant is realized.
However, the electronic card generally performs authentication only on one service platform (e.g., one of an online shopping platform, an online payment platform, an online bank, a consumer financial platform, etc.), and cannot meet the requirements of the merchant for authentication on multiple service platforms. In addition, the electronic card needs to bind the personal identity information (e.g., identification number) of the operator with the merchant, and the privacy of the operator risks being leaked.
In order to solve the problems, the application provides a multi-tenant identity verification scheme.
In the multi-tenant technology (SaaS for short), a plurality of tenants (i.e., users) share the same system or program component, and isolation of data between the users can be ensured. Specifically, a single application instance is run on one server, and services are provided for multiple tenants.
In the application, the identity verification of the merchant on a plurality of service platforms is realized through a multi-tenant technology. The database sets up different partitions with respect to different service platforms (i.e., tenants). The verification information of each merchant about each service platform is respectively stored in the partition of the service platform in the database of the authentication server, so that the authentication experience of the merchants is improved.
Further, unlike the related art in which the identity verification of the merchant is performed through the personal identity of the operator, the present disclosure performs the identity verification of the merchant using an identifier (e.g., a device identifier, a mobile phone number) of a mobile device, thereby preventing the personal identity of the operator from being leaked and improving the security of the identity verification.
Figure 1 is a block diagram of a multi-tenant identity verification system, according to aspects of the present disclosure.
As shown in fig. 1, the multi-tenant authentication system of the present disclosure includes a merchant client 102, one or more business platform servers 104, an authentication server 106, and one or more mobile devices 108. The merchant client 102, the business platform server 104, the authentication server 106, and the mobile device 108 communicate directly over a wired or wireless network.
Merchant client 102 may be an electronic device, such as a computer, cell phone, tablet device, and the like. A merchant may have registered with multiple business platforms and thus may initiate transactions with multiple business platforms at merchant client 102.
Each service platform server 104 corresponds to a service platform. For example, as shown in FIG. 1, the service platform server 104-1 may correspond to an online shopping platform, the service platform server 104-2 may correspond to an online payment platform, the service platform server 104-3 may correspond to an online bank, and so on. When a merchant client 102 needs to perform a transaction on a specific service platform, the merchant client may interact with a corresponding service platform server 104.
The authentication server 106 may authenticate transactions by merchants on multiple business platforms. The authentication server 106 may implement isolation of authentication data of multiple service platforms under the same set of programs, for example, by means of database partitioning, using a SaaS structure.
Each merchant may be bound to one or more mobile devices 108, and the identity of the merchant is verified by the mobile device 108. For example, the authentication server 106 may send information of one or more mobile devices 108 to which it is bound to the merchant client, and the merchant client 102 may select one mobile device 108 and send an authentication request thereto. As one example, a two-dimensional code may be displayed on the merchant client 102 for the selected mobile device 108 to scan the code two-dimensional code with the verification request encoded therein. In another example, merchant client 102 may send a short message or link including a verification request to mobile device 108, and so on. The mobile device 108 may verify the identity of the merchant by verifying the information contained in the request and send a verification response to the authentication server 106.
Note that the connection relationships between merchant client 102, business platform 104, authentication server 106, and mobile device 108 are shown in fig. 1, but the connections between these devices are not limited to those shown in fig. 1. For example, merchant client 102 may also communicate directly with mobile device 108.
Fig. 2 is an illustration of mobile device binding according to aspects of the present disclosure.
As shown in fig. 2, merchant client 102 may send a device add request to business platform server 104 at 202. The device add request may include the phone number of the mobile device 108 to be bound. The device addition request may also include a merchant identifier for merchant client 102.
After the service platform server 104 receives the device addition request 202, the merchant is authenticated at 204. For example, the business platform server 104 may determine whether the merchant is authorized to conduct the corresponding transaction on the business platform based on the merchant identifier in the device addition request 202.
If the business platform server 104 successfully authenticates the merchant, a device binding request may be sent to the authentication server 106 at 206. The device binding request may include the mobile phone number of the mobile device 108, the merchant identifier, and the corresponding service platform identifier of the service platform server 104.
The authentication server 106 generates a binding authentication request at 208 and sends the binding authentication request at 210. The binding verification request 210 includes the mobile phone number of the mobile device 108.
After mobile device 108 receives the binding verification request, binding verification is performed at 212. Specifically, the mobile device 108 can determine whether the phone number in the binding authentication request is the same as the mobile device's 108 own phone number. If the mobile phone numbers are the same, it is determined that the binding verification is successful, and a binding verification response indicating that the binding verification is successful is sent to the authentication server 106 at 214. If the mobile phone numbers are different, it is determined that the binding verification is unsuccessful, and a binding verification response indicating that the binding verification is unsuccessful is sent to the authentication server 106 at 214.
The binding verification response may include the device identifier of mobile device 108.
The device identifier of the mobile device may uniquely identify the mobile device and may include a Unique Device Identifier (UDID), an International Mobile Equipment Identity (IMEI), and a Mobile Equipment Identity (MEID).
The authentication server 106 binds the device identifier of the mobile device 108 with the merchant identifier and the service platform identifier at 216 after receiving a binding verification response indicating that the binding verification was successful.
As described above, the authentication server 106 may be a SaaS server that allocates a partition for each service platform in the database. The merchant identifier of the merchant of the business platform and the corresponding mobile device identifier are stored in association within each partition.
FIG. 3 is an illustration of merchant identity verification, according to aspects of the present disclosure.
As shown in FIG. 3, merchant client 102 sends a transaction request to business platform server 104 at 302. The transaction request may include a merchant identifier of the merchant client 102, transaction content (e.g., transfer, settlement, refund, account opening, payroll issuance, etc.), and so forth.
After the transaction request 302 is received by the service platform server 104, the merchant is authenticated 304. For example, the service platform server 104 may determine whether the merchant is authorized to conduct a corresponding transaction on the service platform based on the merchant identifier in the transaction request.
If the business platform server 104 successfully authenticates the merchant at 304, an initialization request may be sent to the authentication server 106 at 306. The initialization request may include a mobile device identifier, a merchant identifier, and a corresponding service platform identifier for the service platform server 104.
After the authentication server 106 receives the initialization request, it may be determined at 308 whether the merchant has mobile device authentication enabled with respect to the service platform, i.e., the availability of mobile device authentication.
If the authentication server 106 determines at 308 that the merchant has mobile device authentication provisioned with respect to the service platform, a session identifier may be generated and an initialization response returned to the merchant client 102 at 310. The initialization response may include a session identifier.
Merchant client 102, after receiving the initialization response, sends an authentication request to authentication server 106 at 312.
The authentication server 106 queries the merchant's list of mobile devices for the service platform after receiving the authentication request, i.e., the list of mobile devices bound by the merchant for the service platform, e.g., the list of mobile devices bound as shown in fig. 2.
The authentication server 106 generates authentication information, which may include the mobile phone numbers and device identifiers (e.g., IMEI) of one or more mobile devices in the queried list of mobile devices. Additionally, the authentication information may also include a session identifier, transaction-related information, a device name (e.g., the name of the owner of the mobile device), and so forth.
The authentication server 106 may send the authentication information to the merchant client 102 at 316.
Merchant client 102 may select a mobile device to authenticate from the one or more mobile devices in the mobile device list at 318.
For example, merchant client 102 may render a page on a display showing the device names of one or more mobile devices in the list of mobile devices for selection by the operator.
Optionally, the merchant client 102 may also select a verification method, such as two-dimensional code verification, short message verification, link verification, and the like.
Fig. 3 shows authentication server 106 authenticating transactions of merchant client 102 on business platform server 104, but authentication server 106 may also authenticate transactions of merchant client 102 on other business platform servers (e.g., business platform servers associated with other business platform identifiers).
FIG. 4 is a diagram of a selection interface on merchant client 102, according to aspects of the present disclosure.
As shown in fig. 4, merchant client 102 may generate a selection interface on the display based on the authentication information received at 316.
The selection interface may display the device name (e.g., the name of the mobile device owner), the phone number (desensitized) of the merchant with respect to the one or more devices bound by the service platform. Optionally, the selection interface may also display a plurality of verification modes, such as two-dimensional code verification, short message verification, link verification, and the like.
Returning to fig. 3, merchant client 102 may send a device verification request to mobile device 108 at 320. For example, merchant client 102 may send device authentication request 320 to mobile device 108 according to the specified (selected) authentication manner.
The device authentication request may include a device identifier of the mobile device. Optionally, the device authentication request 320 may also include the mobile device's phone number.
The two-dimensional code verification method may include displaying the two-dimensional code on the merchant client 102 and prompting the user to perform a code scanning operation. The user obtains a device authentication request by scanning the two-dimensional code.
The short message authentication method may include sending a short message from the merchant client 102 to the mobile device 108, where the short message may include a link, and the mobile device operator may obtain a device authentication request after opening the link.
The link verification mode may send the link through the application, and the mobile device operator may obtain a device verification request after opening the link in the application.
Mobile device 108 may authenticate at 322 after receiving the device authentication request.
In particular, the mobile device 108 can compare the device identifier in the device authentication request to the mobile device 108's own device identifier. If the device identifier in the device authentication request is the same as the mobile device 108's own device identifier, the merchant's authentication may be confirmed as successful and an authentication response may be sent to the authentication server 106 at 324 indicating that the authentication was successful. If the device identifier in the device authentication request is different from the mobile device 108's own device identifier, the mobile device 108 may send an authentication response to the authentication server 106 at 324 indicating that the authentication failed.
Optionally, mobile device 108 may implement dual authentication of the device identifier and the phone number (not shown in fig. 3). In particular, if the mobile device 108 determines that the device identifier in the device authentication request is the same as its own device identifier, a request for an authentication code may further be sent to the authentication server 106. The authentication server 106 sends an authentication code to the mobile device 108 in response to receiving an authentication code request from the mobile device 108. The user of the mobile device 108 may enter the passcode into a dialog box of the application and return it to the authentication server 106 as a passcode response. The authentication server 106 compares the authentication code received from the mobile device 108 with its previously sent authentication code and if they match, determines that the authentication was successful.
The verification server 106 may send the verification results back to the merchant client 102 at 326.
Preferably, merchant client 102 may further perform session authentication. In particular, merchant client 102, after receiving authentication result 326 indicating that the authentication was successful, may send session authentication request 328 to authentication server 106. Session authentication request 328 may include a session identifier stored at merchant client 102 (as received in the initialization response).
Authentication server 106 may compare the session identifier in the session authentication request received from merchant client 102 with its own stored session identifier. If the two session identifiers are the same, the session authentication is determined to be successful. If the two session identifiers are different, it is determined that the session authentication was unsuccessful.
FIG. 5 is a flow diagram of a merchant identity verification method 500, according to aspects of the present disclosure.
The merchant authentication method 500 may be performed by an authentication server, such as the authentication server 106 shown in fig. 1-3.
At step 502, the authentication server may receive an authentication request from a merchant client, the authentication request including a merchant identifier and a service platform identifier.
At step 504, the authentication server may look up a list of mobile devices associated with the merchant identifier and the service platform identifier.
At step 506, the authentication server may send authentication information to the merchant client, the authentication information including device identifiers of one or more mobile devices in the list of mobile devices.
In an aspect, the device identifier comprises a unique device identifier UDID, an international mobile equipment identity IMEI, and a mobile equipment identity MEID.
At step 508, the authentication server may receive an authentication response from one of the one or more mobile devices.
In one aspect, the authentication server may also authenticate transactions by the merchant on another service platform. Specifically, the authentication server may receive a second authentication request from the merchant client, the second authentication request including the merchant identifier and a second service platform identifier; looking up a second mobile device list associated with the merchant identifier and a second service platform identifier; sending second authentication information to the merchant client, the second authentication information including device identifiers of one or more second mobile devices in a second mobile device list; and receiving a second authentication response from one of the one or more second mobile devices.
In an aspect, the merchant identity verification method may further include binding to the mobile device, and specifically, may include: receiving an equipment binding request from a service platform server, wherein the equipment binding request comprises a merchant identifier to be bound, a mobile phone number of a mobile equipment to be bound and a service platform identifier to be bound; sending a binding verification request to the mobile equipment to be bound, wherein the binding verification request comprises the mobile phone number of the mobile equipment to be bound; receiving a binding verification response from the mobile device to be bound, the binding verification response including a device identifier of the mobile device to be bound; and performing association binding on the merchant identifier to be bound, the device identifier of the mobile device to be bound and the service platform identifier to be bound.
In another aspect, the association binding may include: and storing the to-be-bound merchant identifier and the device identifier of the to-be-bound mobile device in a partition corresponding to the to-be-bound service platform identifier in a database in an associated manner.
In yet another aspect, the merchant authentication method may further include sending an authentication result to the merchant client in response to the authentication response indicating that the authentication is successful.
In one aspect, the merchant identity authentication method may further include establishing a communication session with the merchant client and the service platform server; and sending a session identifier of the communication session to the merchant client and the service platform server.
In a further aspect, the merchant identity verification method may further include receiving a session verification request from the merchant client, the session verification request including a session identifier of the merchant client; determining whether the session identifier of the merchant client is the same as the session identifier of the communication session; and if the session identifier of the merchant client is the same as the session identifier of the communication session, sending a session verification response to the merchant client indicating that the session verification was successful.
In an aspect, the merchant authentication method may further include sending a short message authentication request to the mobile device in response to the authentication response indicating authentication failure.
Fig. 6 is a diagram of an electronic device 600 for merchant identity verification, according to aspects of the present application.
As shown in fig. 6, electronic device 600 may include memory 602 and processor 604. The memory 602 has stored therein program instructions, and the processor 604 may be coupled to and communicate with the memory 602 via a bus 606.
Processor 604 may call program instructions in memory 602 to perform the following steps: receiving an authentication request from a merchant client, the authentication request including a merchant identifier and a service platform identifier; looking up a list of mobile devices associated with the merchant identifier and the service platform identifier; sending authentication information to the merchant client, the authentication information including device identifiers of one or more mobile devices in the list of mobile devices; and receiving an authentication response from one of the one or more mobile devices.
Optionally, processor 604 may also call program instructions in memory 602 to perform the following steps: receiving a second authentication request from the merchant client, the second authentication request comprising the merchant identifier and a second service platform identifier; searching a second mobile device list associated with the merchant identifier and a second service platform identifier; sending second authentication information to the merchant client, the second authentication information including device identifiers of one or more second mobile devices in a second mobile device list; and receiving a second authentication response from one of the one or more second mobile devices.
Optionally, processor 604 may also call program instructions in memory 602 to perform the following steps: receiving an equipment binding request from a service platform server, wherein the equipment binding request comprises a merchant identifier to be bound, a mobile phone number of a mobile equipment to be bound and a service platform identifier to be bound; sending a binding verification request to the mobile equipment to be bound, wherein the binding verification request comprises the mobile phone number of the mobile equipment to be bound; receiving a binding verification response from the mobile device to be bound, the binding verification response including a device identifier of the mobile device to be bound; and performing association binding on the merchant identifier to be bound, the device identifier of the mobile device to be bound and the service platform identifier to be bound. The device identifier comprises a unique device identifier UDID, an international mobile equipment identity IMEI and a mobile equipment identity MEID.
Optionally, processor 604 may also call program instructions in memory 602 to perform the following steps: storing the to-be-bound merchant identifier and the device identifier of the to-be-bound mobile device in a partition corresponding to the to-be-bound service platform identifier in a database in an associated manner
Optionally, processor 604 may also call program instructions in memory 602 to perform the following steps: and responding to the authentication response indicating successful authentication, and sending an authentication result to the merchant client.
Optionally, processor 604 may also call program instructions in memory 602 to perform the following steps: establishing a communication session with the merchant client and the service platform server; and sending a session identifier of the communication session to the merchant client and the service platform server.
Optionally, processor 604 may also call program instructions in memory 602 to perform the following steps: receiving a session authentication request from the merchant client, the session authentication request including a session identifier of the merchant client; determining whether the session identifier of the merchant client is the same as the session identifier of the communication session; and if the session identifier of the merchant client is the same as the session identifier of the communication session, sending a session verification response to the merchant client indicating that the session verification was successful.
Optionally, processor 604 may also call program instructions in memory 602 to perform the following steps: and sending a short message authentication request to the mobile equipment in response to the authentication response indicating authentication failure.
The illustrations set forth herein in connection with the figures describe example configurations and are not intended to represent all examples that may be implemented or fall within the scope of the claims. The term "exemplary" as used herein means "serving as an example, instance, or illustration," and does not mean "preferred" or "advantageous over other examples. The detailed description includes specific details to provide an understanding of the described technology. However, the techniques may be practiced without these specific details. In some instances, well-known structures and devices are shown in block diagram form in order to avoid obscuring the concepts of the described examples.
In the drawings, similar components or features may have the same reference numerals. Further, various components of the same type may be distinguished by following the reference label by a dash and a second label that distinguishes among the similar components. If only the first reference label is used in the specification, the description is applicable to any one of the similar components having the same first reference label irrespective of the second reference label.
The various illustrative blocks and modules described in connection with the disclosure herein may be implemented or performed with a general purpose processor, a DSP, an ASIC, an FPGA or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices (e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration).
The functions described herein may be implemented in hardware, software executed by a processor, firmware, or any combination thereof. If implemented in software executed by a processor, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Other examples and implementations are within the scope of the disclosure and the following claims. For example, due to the nature of software, the functions described above may be implemented using software executed by a processor, hardware, firmware, hard-wired, or any combination thereof. Features that implement functions may also be physically located at various locations, including being distributed such that portions of functions are implemented at different physical locations. Also, as used herein, including in the claims, "or" as used in a list of items (e.g., a list of items accompanied by a phrase such as "at least one of" or "one or more of") indicates an inclusive list, such that, for example, a list of at least one of A, B or C means a or B or C or AB or AC or BC or ABC (i.e., a and B and C). Also, as used herein, the phrase "based on" should not be read as referring to a closed condition set. For example, an exemplary step described as "based on condition a" may be based on both condition a and condition B without departing from the scope of the present disclosure. In other words, the phrase "based on," as used herein, should be interpreted in the same manner as the phrase "based, at least in part, on.
Computer-readable media includes both non-transitory computer storage media and communication media, including any medium that facilitates transfer of a computer program from one place to another. Non-transitory storage media may be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, non-transitory computer-readable media can comprise RAM, ROM, electrically erasable programmable read-only memory (EEPROM), Compact Disk (CD) ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other non-transitory medium that can be used to carry or store desired program code means in the form of instructions or data structures and that can be accessed by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a web site, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk (disk) and disc (disc), as used herein, includes CD, laser disc, optical disc, Digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above are also included within the scope of computer-readable media.
The description herein is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the scope of the disclosure. Thus, the disclosure is not intended to be limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (19)

1. An identity verification method comprising:
receiving an authentication request from a merchant client, the authentication request including a merchant identifier and a service platform identifier;
looking up a list of mobile devices associated with the merchant identifier and the service platform identifier;
sending authentication information to the merchant client, the authentication information including device identifiers of one or more mobile devices in the list of mobile devices; and
an authentication response is received from one of the one or more mobile devices.
2. The method of claim 1, further comprising,
receiving a second authentication request from the merchant client, the second authentication request comprising the merchant identifier and a second service platform identifier;
looking up a second list of mobile devices associated with the merchant identifier and the second service platform identifier;
sending second authentication information to the merchant client, the second authentication information including device identifiers of one or more second mobile devices in the second mobile device list; and
receiving a second authentication response from one of the one or more second mobile devices.
3. The method of claim 1, further comprising,
receiving an equipment binding request from a service platform server, wherein the equipment binding request comprises a merchant identifier to be bound, a mobile phone number of a mobile equipment to be bound and a service platform identifier to be bound;
sending a binding verification request to the mobile equipment to be bound, wherein the binding verification request comprises a mobile phone number of the mobile equipment to be bound;
receiving a binding verification response from the mobile device to be bound, the binding verification response including a device identifier of the mobile device to be bound; and
and performing association binding on the merchant identifier to be bound, the equipment identifier of the mobile equipment to be bound and the service platform identifier to be bound.
4. The method of claim 3, wherein the association binding comprises:
and storing the to-be-bound merchant identifier and the device identifier of the to-be-bound mobile device in a partition corresponding to the to-be-bound service platform identifier in a database in an associated manner.
5. The method of claim 1, further comprising, in response to the authentication response indicating a successful authentication, sending an authentication result to the merchant client.
6. The method of claim 1, further comprising,
establishing a communication session with the merchant client and the service platform server; and
and sending the session identifier of the communication session to the merchant client and the service platform server.
7. The method of claim 6, further comprising,
receiving a session authentication request from the merchant client, the session authentication request including a session identifier of the merchant client;
determining whether the session identifier of the merchant client and the session identifier of the communication session are the same; and
and if the session identifier of the merchant client is the same as the session identifier of the communication session, sending a session verification response indicating that the session verification is successful to the merchant client.
8. The method of claim 1, further comprising, in response to the authentication response indicating a failure to authenticate, sending a short message authentication request to the mobile device.
9. The method of claim 1, wherein the device identifier comprises a unique device identifier UDID, an international mobile equipment identity IMEI, and a mobile equipment identity MEID.
10. An authentication apparatus comprising:
means for receiving an authentication request from a merchant client, the authentication request comprising a merchant identifier and a service platform identifier;
means for looking up a list of mobile devices associated with the merchant identifier and the service platform identifier;
means for sending authentication information to the merchant client, the authentication information including device identifiers of one or more mobile devices in the list of mobile devices; and
means for receiving an authentication response from one of the one or more mobile devices.
11. The apparatus of claim 10, further comprising,
means for receiving a second authentication request from the merchant client, the second authentication request comprising the merchant identifier and a second service platform identifier;
means for looking up a second list of mobile devices associated with the merchant identifier and the second service platform identifier;
means for sending second authentication information to the merchant client, the second authentication information comprising device identifiers of one or more second mobile devices in the second list of mobile devices; and
means for receiving a second authentication response from one of the one or more second mobile devices.
12. The apparatus of claim 10, further comprising,
the mobile equipment binding method comprises the steps of receiving an equipment binding request from a service platform server, wherein the equipment binding request comprises an identifier of a merchant to be bound, a mobile phone number of the mobile equipment to be bound and an identifier of the service platform to be bound;
a module for sending a binding verification request to the mobile device to be bound, wherein the binding verification request comprises a mobile phone number of the mobile device to be bound;
means for receiving a binding verification response from the mobile device to be bound, the binding verification response including a device identifier of the mobile device to be bound; and
and the module is used for performing association binding on the merchant identifier to be bound, the equipment identifier of the mobile equipment to be bound and the service platform identifier to be bound.
13. The apparatus of claim 12, wherein the association binding comprises:
and storing the to-be-bound merchant identifier and the device identifier of the to-be-bound mobile device in a partition corresponding to the to-be-bound service platform identifier in a database in an associated manner.
14. The apparatus of claim 10, further comprising means for sending an authentication result to the merchant client in response to the authentication response indicating a successful authentication.
15. The apparatus of claim 10, further comprising,
a module for establishing communication session with the merchant client and the service platform server; and
means for sending a session identifier for the communication session to the merchant client and the service platform server.
16. The apparatus of claim 15, further comprising,
means for receiving a session authentication request from the merchant client, the session authentication request including a session identifier of the merchant client;
means for determining whether a session identifier of the merchant client is the same as a session identifier of the communication session; and
means for sending a session verification response to the merchant client indicating that session verification was successful if the session identifier of the merchant client is the same as the session identifier of the communication session.
17. The apparatus of claim 10, further comprising means for sending a short message authentication request to the mobile device in response to the authentication response indicating an authentication failure.
18. The apparatus of claim 10, wherein the device identifier comprises a unique device identifier UDID, an international mobile equipment identity IMEI, and a mobile equipment identity MEID.
19. An authentication device comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
receiving an authentication request from a merchant client, the authentication request including a merchant identifier and a service platform identifier;
looking up a list of mobile devices associated with the merchant identifier and the service platform identifier;
sending authentication information to the merchant client, the authentication information including device identifiers of one or more mobile devices in the list of mobile devices; and
an authentication response is received from one of the one or more mobile devices.
CN202210491587.5A 2022-05-07 2022-05-07 Identity verification method and device Pending CN114629662A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210491587.5A CN114629662A (en) 2022-05-07 2022-05-07 Identity verification method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210491587.5A CN114629662A (en) 2022-05-07 2022-05-07 Identity verification method and device

Publications (1)

Publication Number Publication Date
CN114629662A true CN114629662A (en) 2022-06-14

Family

ID=81906629

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210491587.5A Pending CN114629662A (en) 2022-05-07 2022-05-07 Identity verification method and device

Country Status (1)

Country Link
CN (1) CN114629662A (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102790674A (en) * 2011-05-20 2012-11-21 阿里巴巴集团控股有限公司 Authentication method, equipment and system
CN103546430A (en) * 2012-07-11 2014-01-29 网易(杭州)网络有限公司 Mobile terminal, and method, server and system for authenticating identities on basis of mobile terminal
WO2016016876A1 (en) * 2014-08-01 2016-02-04 Sibs - Sgps, S.A. Transactions processing system and method
CN105407074A (en) * 2014-09-11 2016-03-16 腾讯科技(深圳)有限公司 Authentication method, apparatus and system
US20170255765A1 (en) * 2016-03-01 2017-09-07 Filevine, Llc Systems for identity validation and association
CN108768970A (en) * 2018-05-15 2018-11-06 腾讯科技(北京)有限公司 A kind of binding method of smart machine, identity authentication platform and storage medium
US20190318337A1 (en) * 2018-04-13 2019-10-17 Violet.io, Inc. System and method for concurrent multi-merchant on-line shopping with a single check-out transaction
US20200098027A1 (en) * 2018-09-20 2020-03-26 Stripe, Inc. Systems and methods using commerce platform checkout pages for merchant transactions
US20220131854A1 (en) * 2020-10-26 2022-04-28 Stripe, Inc. Systems and methods for identity verification reuse

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102790674A (en) * 2011-05-20 2012-11-21 阿里巴巴集团控股有限公司 Authentication method, equipment and system
CN103546430A (en) * 2012-07-11 2014-01-29 网易(杭州)网络有限公司 Mobile terminal, and method, server and system for authenticating identities on basis of mobile terminal
WO2016016876A1 (en) * 2014-08-01 2016-02-04 Sibs - Sgps, S.A. Transactions processing system and method
CN105407074A (en) * 2014-09-11 2016-03-16 腾讯科技(深圳)有限公司 Authentication method, apparatus and system
US20170255765A1 (en) * 2016-03-01 2017-09-07 Filevine, Llc Systems for identity validation and association
US20190318337A1 (en) * 2018-04-13 2019-10-17 Violet.io, Inc. System and method for concurrent multi-merchant on-line shopping with a single check-out transaction
CN108768970A (en) * 2018-05-15 2018-11-06 腾讯科技(北京)有限公司 A kind of binding method of smart machine, identity authentication platform and storage medium
US20200098027A1 (en) * 2018-09-20 2020-03-26 Stripe, Inc. Systems and methods using commerce platform checkout pages for merchant transactions
US20220131854A1 (en) * 2020-10-26 2022-04-28 Stripe, Inc. Systems and methods for identity verification reuse

Similar Documents

Publication Publication Date Title
US11017389B2 (en) Systems, methods and computer program products for OTP based authorization of electronic payment transactions
US10178081B2 (en) Authentication system, method and storage medium
JP6979966B2 (en) Account linking and service processing Providing methods and devices
EP3057049A1 (en) Electronic transaction method and system, and payment platform system
US20140222676A1 (en) Mobile payment method, system and device using home shopping
US9009793B2 (en) Dynamic pin dual factor authentication using mobile device
CN107464120A (en) Exempt from the safe verification method, trade company's background system and payment system of close payment
CN102790674A (en) Authentication method, equipment and system
KR20130107188A (en) Server and method for authentication using sound code
CN105323253A (en) Identity verification method and device
KR102665574B1 (en) transaction authorization
US20190026704A1 (en) Method of registering a membership for an electronic payment, system for same, and apparatus and terminal thereof
US10210513B2 (en) Electronic payment method, system, and device
CN109496443A (en) Mobile authentication method and system for it
CN107196914A (en) Identity identifying method and device
KR101002010B1 (en) Payment system and method using smart card
CN105429928A (en) Data communication method and system, and client and server
KR101879843B1 (en) Authentication mehtod and system using ip address and short message service
JP2008199618A (en) Method, system, and computer program for using personal communication device to obtain additional information
CN111105224A (en) Payment feedback information processing method and device, electronic equipment and storage medium
KR101417758B1 (en) Method, System And Apparatus for Providing Electronic Payment by Using Login Information
CN114629662A (en) Identity verification method and device
CN114782166B (en) Method and device for processing public accumulation fund extraction business based on blockchain
TWI600308B (en) System for using valid certificate to apply mobile certificate online and method thereof
CN112836195B (en) Password modification method and device for enterprise bank authentication medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination