[go: up one dir, main page]

WO2018121387A1 - Procédé, plateforme, appareil et système de vérification de sécurité - Google Patents

Procédé, plateforme, appareil et système de vérification de sécurité Download PDF

Info

Publication number
WO2018121387A1
WO2018121387A1 PCT/CN2017/117600 CN2017117600W WO2018121387A1 WO 2018121387 A1 WO2018121387 A1 WO 2018121387A1 CN 2017117600 W CN2017117600 W CN 2017117600W WO 2018121387 A1 WO2018121387 A1 WO 2018121387A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
fingerprint
security verification
user
device fingerprint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2017/117600
Other languages
English (en)
Chinese (zh)
Inventor
童耀刚
郑建宾
周钰
张玉凤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Publication of WO2018121387A1 publication Critical patent/WO2018121387A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates generally to the field of bank card security technologies and, in particular, to security authentication methods and systems related to applications such as cardless payment.
  • the banking system is also beginning to try more and more cardless payments.
  • no card payment there are typically two ways to place a bank card in a mobile phone: one is that in the absence of a physical card, the user applies to the bank for "air card issuance" through a specific mobile application.
  • the bank After the bank authenticates, all the information of a financial IC card will be loaded onto the SIM card or SD card of the user's mobile phone; the other is to apply for the virtual card of the physical card to the issuing bank in the case of an existing physical card.
  • the account, the issuing bank sends a virtual card to the user based on the token technology.
  • there is a problem of difficulty in authentication Generally, banks only issue cards to old customers.
  • the method of SMS authentication is also easy to have a great security risk due to the replacement of the mobile phone card or the direct stealing of the verification code.
  • some existing air card issuance methods include collecting biometric information of the user for user identity authentication, and successfully issuing the card through the authentication audit.
  • biometric information such as fingerprints and voiceprints are easily stolen and forged, and hardware devices are required to support the collection of biometric information, which requires high hardware;
  • users The biometric information is stolen or counterfeited and is not easily detected, resulting in theft or forgery being able to use this method for a large number of card applications, resulting in sustained loss of user property; (3) no mechanism to block illegal behavior.
  • the over-the-air approach also relies to a large extent on the devices used by the user, and it may often be necessary to bind the account information associated with the virtual card to a particular user device.
  • the present invention provides a security verification scheme that can improve the above problems.
  • the present invention provides a security verification method, including: receiving a service request from a user, the service request including user information and device information; creating a current device fingerprint based on the device information; acquiring a device fingerprint list, The device fingerprint list includes previously stored device fingerprints of all devices associated with the user; comparing the current device fingerprint with the device fingerprint list; and in the current device fingerprint and the device fingerprint list
  • the service request is determined to pass security verification in the case of at least one match, wherein the device information includes device hardware parameters and device usage data, and the device fingerprint is a device model constructed based on the device information.
  • the device usage data includes one or more of network information of the device, geographic location information, and user preference behavior information.
  • the network information of the device includes one or more of network connection information of the device, TCP packet attributes, connected router attributes, HTTP protocol attributes, and WiFi list.
  • the geographical location information of the device comprises one or more of a base station location location, a GPS location location, a time associated trajectory, and a common location.
  • the user preference behavior information of the device includes an operating system type, a version number, a preference setting, an application installation preference setting, an alarm time, an on/off time, an application frequency and time, and a screen operation contact.
  • comparing the current device fingerprint with the device fingerprint list comprises: item-by-item comparison according to all parameters included in the device model; assigning matching weights to each parameter; The comparison result of each parameter is weighted and averaged according to the matching weight; and it is determined according to the result of the weighted average whether the current device fingerprint matches an item in the device fingerprint list.
  • comparing the current device fingerprint with the device fingerprint list comprises: predicting, for each device fingerprint change in the device fingerprint list, according to the device historical usage situation; The current device fingerprint is compared to each of the predicted results.
  • the method further comprises performing the current device fingerprint and the device fingerprint blacklist library before comparing the current device fingerprint with the device fingerprint list.
  • the device fingerprint blacklist library saves the device fingerprint of the illegal device.
  • comparing with the device fingerprint blacklist library comprises comparing the current device fingerprint with the device fingerprint in the blacklist library step by step according to the priority of the key device parameter.
  • the key device parameters include a MAC address, an international mobile device identity IMEI, a device serial number, and a system identity.
  • the security verification method as described above further comprising periodically updating device fingerprint data in the device fingerprint list by receiving device usage data from all devices associated with the user.
  • the service request includes a card issuance request and a transaction request.
  • the user information includes a username and a password associated with the service.
  • the present invention further provides a security verification platform, including: a data receiving module, configured to receive a service request from a user, the service request including user information and device information; and a device fingerprint creation module, configured to The device information is used to create a current device fingerprint; the list obtaining module is configured to obtain a device fingerprint list, where the device fingerprint list includes previously stored device fingerprints of all devices associated with the user; and a comparison module, configured to: The current device fingerprint is compared with the device fingerprint list; and the determining module is configured to determine that the service request passes the security verification if the current device fingerprint matches at least one of the device fingerprint lists, where The device information includes device hardware parameters and device usage data, and the device fingerprint is a device model constructed based on the device information.
  • a security verification platform including: a data receiving module, configured to receive a service request from a user, the service request including user information and device information; and a device fingerprint creation module, configured to The device information is used to create a current device fingerprint; the list obtaining module is configured to obtain a
  • the present invention provides a security verification method, including: obtaining an authorization to collect device information from a user at a device; collecting device information from the device according to the authorization, the device information including device hardware Parameter and device usage data; and adding the device information to the service request when the user sends a service request to the secure authentication platform using the device.
  • the security verification method as described above further comprising: periodically transmitting the device usage data to the secure verification platform.
  • the present invention provides a security verification apparatus including: an authorization module for setting The device is configured to acquire the device information from the user, and the information collecting module is configured to collect device information from the device according to the authorization, where the device information includes device hardware parameters and device usage data, and an information adding module, configured to: The device information is added to the service request when the user sends a service request to the security verification platform by using the device.
  • the present invention provides a security verification system including a user device, a security verification platform as described above, and a device fingerprint library, wherein the user device includes the security verification device as described above, and wherein The device fingerprint library is configured to store the device fingerprint list.
  • FIG. 1 is a schematic application scenario of a security verification system according to an example of the present invention.
  • FIG. 2 is a schematic flow chart of a security verification method in accordance with an example of the present invention.
  • FIG. 3 is a schematic flow chart of a security verification method in accordance with another example of the present invention.
  • FIG. 4 is a schematic block diagram of a secure authentication platform in accordance with one example of the present invention.
  • Figure 5 is a schematic block diagram of a security verification device in accordance with another example of the present invention.
  • a secure authentication system in accordance with the present invention includes a secure authentication platform 101, a user device 102, and a device fingerprint library 103, wherein the secure authentication platform 101 is configured to communicate with a card issuer.
  • the scenario shown in FIG. 1 can be, for example, a card issuance process in a cardless payment process.
  • the issuing bank may rely on the secure authentication platform 101 provided by the present invention for secure verification of the card issuance request from the user device 102. That is to say, the issuing bank 104 can determine the user device 102 as a trusted device after the user device 102 passes the verification of the security verification platform, thereby performing a card issuing operation of the virtual card for the device.
  • the secure verification platform 101 can, for example, serve multiple issuers simultaneously.
  • the security verification platform 101 can also provide verification for the transaction link. For example, when the user equipment needs to use the virtual card bound to the device for payment, the payment request may also be first received by the security verification platform for device identity verification, and the payment confirmation party may determine whether the verification result is based on the verification result. Perform payment operations.
  • the secure verification platform can be implemented independently or integrated into any third party trusted service platform. The operation of the secure authentication platform 101 will be described in detail below in conjunction with FIG.
  • the user equipment 102 shown in FIG. 1 may be any device whose hardware condition meets the cardless payment conditions of each institution. Moreover, the user equipment 102 should have at least remote communication capabilities, such as by any wired or wireless means.
  • the device can be, for example, any smart device that is existing or to be developed, such as a cell phone, a computer, a laptop, a personal digital assistant (PDA), and the like.
  • PDA personal digital assistant
  • the device fingerprint library 103 can be any database device or data server or the like that has been or is to be developed. Those skilled in the art will appreciate that the device fingerprint library can be implemented independently as shown in FIG. 1, or integrated with a secure authentication platform, or with other additional data processing devices.
  • FIG. 2 is a schematic flow chart of a security verification method in accordance with an example of the present invention. The method can be performed, for example, in the secure authentication platform 101 shown in FIG. Each step will be described below in conjunction with the scenario shown in FIG.
  • the secure authentication platform 101 receives a service request from a user.
  • the service request can be, for example, issued by a user via a certain smart device it holds, such as user device 102.
  • the service request may be, for example, a virtual card application request sent to the bank.
  • the business request may also be a transaction request, such as a payment request.
  • the service request sent by the user through the smart device includes both user information and device information.
  • the user information may be, for example, a username and password, which may be set by the user for a virtual service of an institution.
  • a bank may provide users with remote customer services such as online banking or mobile banking, and users may need to register users on the local device for use of these services, usually in the form of a username and password.
  • the user information may also include any other information that uniquely identifies the identity of the user.
  • the device information needs to include at least device hardware parameters and device usage data.
  • the hardware parameters of the device include any basic hardware parameters and number of the device when the device is shipped from the factory, and any information that can uniquely identify the device.
  • the device hardware parameters may include, for example, an international mobile device identity IMEI, a factory serial number of the device, and the like.
  • Device usage data is information related to the way the user applies the device.
  • the device usage data includes one or more of network information of the device, geographic location information, and user preference behavior information.
  • the network information of the device may include one or more of network connection information of the device, TCP packet attributes, connected router attributes, HTTP protocol attributes, and WiFi list.
  • the geographic location information of the device may be, for example, one or more of a base station location location, a GPS location location, a time associated trajectory, and a common location.
  • the user preference behavior information of the device may be, for example, an operating system type, a version number, a preference setting, an application installation preference setting, an alarm time, an on/off time, an application frequency and time, a contact area when the screen is operated, a sliding direction, and a keyboard input.
  • the secure verification platform 101 will create a current device fingerprint for the device based on the device information contained in the service request.
  • a device fingerprint is a device model built on both device hardware parameters and device usage data.
  • Device usage data can be the result of long-term data collection and statistics for the device.
  • the device model constructed according to this has real-time and dynamic characteristics, and can more reliably identify each device, thereby eliminating important information leakage, for example, when the device is stolen or maliciously tampered. The risk of vicious state cards, account theft and so on.
  • the secure authentication platform 101 will also obtain a device fingerprint list that includes previously stored device fingerprints for all devices associated with the user.
  • the device fingerprint list is stored in device fingerprint library 103.
  • previously stored device fingerprints are generated based on device hardware parameters and historical device usage data.
  • the secure authentication platform 101 can receive device usage data from the device, for example, before the user sends a service request. These device usage data may, for example, be collected from the user's remote service for the user's organization on the local device and sent to the secure authentication platform along with the device hardware parameters and user information.
  • the security verification platform 101 can aggregate these hardware information and dynamic information into device fingerprints capable of characterizing the device using a pre-designed modeling algorithm, and send the generated device fingerprints to the device fingerprint library 103 along with corresponding user information.
  • the device fingerprint of each device of the user may be stored in the form of a list with the user information as an index. In practice, one A user can have one or more smart devices, so the same user information can correspond to one device fingerprint or multiple device fingerprints.
  • the secure authentication platform can also periodically update device fingerprints in the device fingerprint list by receiving device usage data from devices associated with the user. As the actual situation of the user may change, the device usage may change accordingly. For example, the user's geographic location information changes due to changes in the place of residence. By continuously receiving recent device usage, the timeliness of device fingerprints can be guaranteed to provide a better user experience.
  • the device fingerprint library can also be generated by the user directly going to the issuing bank to perform on-site filing of the device. This way of establishing the device fingerprint library is particularly suitable for the case where the user requires virtual card binding when creating an account for the card issuer through the device for the first time.
  • the secure authentication platform may also receive similar device information from a third party for device fingerprint construction. In either case, the one-way encrypted transmission is preferably used in the transmission of the device usage data to ensure the security of the user information and the device information.
  • step 27 the secure verification platform 101 compares the generated current device fingerprint with all device fingerprints in the device fingerprint list to determine the legitimacy of the device that sent the service request.
  • item-by-item comparisons can be made based on all parameters included in the device model represented by the device fingerprint.
  • This item-by-item comparison can be thought of as a static match.
  • the parameters may include device hardware parameters and device usage parameters such as network information, geographic location information, and user preference behavior information.
  • each parameter can be given a matching weight.
  • a device fingerprint is a dynamic device identification in which parameters related to device usage change as the user's state changes. There is a certain difference in timeliness between the device fingerprint stored in the device fingerprint database and the currently generated device fingerprint. Therefore, each parameter does not necessarily need to be completely consistent, but can be distinguished by weight.
  • the comparison result of the current device fingerprint and each parameter of each item in the list may be weighted and averaged according to a pre-assigned matching weight, and the multi-value matching degree is calculated.
  • the result of the weighted average that is, the multi-value matching degree, it is judged whether the current device fingerprint matches the item in the device fingerprint list.
  • the result of the weighted average can be compared to a predetermined threshold: if it is above the threshold, it is considered a match, otherwise it is considered a mismatch.
  • dynamic matching can also be employed.
  • Device fingerprinting is a dynamic device identification, especially where parameters related to device usage may change continuously. Therefore, when the device fingerprints match, in addition to the exact match between the current value and the stored value, the current value can be compared with the prediction based on the previous data.
  • the externally collected hardware information and device usage data are analyzed by a machine learning method using an external processing device integrated with the device fingerprint library or independent of the device fingerprint library, thereby predicting continuous device fingerprint changes, The predicted result is stored in the device fingerprint database as an updated device fingerprint for subsequent device fingerprint comparison.
  • the user experience can be greatly improved while ensuring security, and the convenience of the entire business process is increased.
  • dynamic or static contrast can be used simultaneously or alternately.
  • the security verification platform determines in step 29 that the received service request passes the security verification. Further, in the scenario shown in FIG. 1, the security verification platform 101 notifies the issuing bank to start a normal virtual card issuance or card binding operation.
  • the device fingerprint is constructed by combining the usage data of the device, which effectively solves the problem that the existing cardless payment issuance and the transaction link are based only on the card number information and the mobile phone code verification, thereby greatly reducing the malicious binding and The risk of stealing.
  • the user's smart device can be detected by the security verification platform in time after being stolen, so as to contact the verification platform or the issuing bank in time for the device fingerprint to freeze or update the information, and the one-way encryption is adopted. The protection measures will not lose personal information even if the smart device is stolen.
  • the solution provided by the present invention makes the verification condition requirement at the user end reduced by enhancing the authentication process on the server side.
  • the secure authentication platform 101 may be further configured to perform the current device fingerprint and the device fingerprint blacklist library before comparing the current device fingerprint with the device fingerprint list.
  • the device fingerprint blacklist library stores device fingerprints of illegal devices, and the information of these illegal devices can be collected from the outside or accumulated through the previous comparison process.
  • the comparison with the device fingerprint blacklist library can also use the static and dynamic methods described above for the device fingerprint list alignment.
  • comparing with the device fingerprint blacklist library may compare the current device fingerprint with the device fingerprint in the blacklist library step by step according to the priority of the key device parameter.
  • the key device parameters may be a MAC address, an International Mobile Equipment Identity IMEI, a device serial number, and a system identification, and the priority is from high to low in the order listed in each item. That is, In the blacklist comparison, the MAC address information included in the current device fingerprint is first compared with the MAC address information in each device fingerprint item in the blacklist library. If a match is found, the device fingerprint in the current request can be determined to be an audit failure. If no entry is found for the MAC address information, then the device serial number is compared, and so on.
  • the multi-factor separate authentication method is adopted, based on key device parameters such as MAC address, IMEI, serial number and Android ID as the blacklist device fingerprint factor, and according to The uniqueness of several device fingerprint factors and the strength priority of reliability, the device fingerprint blacklist factor level library is constructed.
  • the blacklist storage stage the uniqueness and reliability of the relevant fingerprint factor are detected, and a reliable factor is selected into the blacklist factor level library according to the detection result, thereby improving the effectiveness of the blacklist library. Accurate matching tracking of blacklisted devices can be achieved based on pre-set reliability priority levels.
  • the blacklist may be established according to the following principle: the device fingerprint information that failed in one audit enters the graylist list, and the blacklist that fails the audit multiple times.
  • other business systems of the organization can also include violating equipment in the device fingerprint blacklist according to business rules.
  • device fingerprints in the blacklist can also be recovered.
  • the user can submit the user profile to the security verification platform. After the audit is successful, the corresponding device of the user in the blacklist can be deleted.
  • the blacklist comparison Before the device fingerprint list is compared, the blacklist comparison directly rejects the illegal device, which improves the security of cardless payment issuing and the efficiency of illegal device audit in high-risk situations.
  • FIG. 3 is a schematic flow chart of a security verification method in accordance with another example of the present invention.
  • the security verification method shown in FIG. 3 can be generally implemented in the user equipment 102 shown in FIG. 1, and cooperates with the method shown in FIG. 2 to complete the security verification scheme provided by the present invention.
  • the authorization to collect device information is first obtained from the user at the device at step 31.
  • step 33 device information is collected from the user's device in accordance with the authorization.
  • the collected device information includes at least device hardware parameters and device usage data, wherein the device usage data may be, for example, network information of the device, geographic location information, and user preference behavior information.
  • the collected device information is added to the service request when the user sends the service request to the security verification platform by using the device.
  • the method illustrated in FIG. 3 may be implemented, for example, in an application (APP) installed on a user device, or as a software development kit SDK to embed an application provided by an organization to a user device.
  • APP application
  • the APP can request authorization from the user after the user creates an account (usually including a username and password) and logs in with the account, and collects device information after authorization.
  • the collected information can be sent to a secure authentication platform to create a device fingerprint for the device, regardless of whether the user makes any business requests.
  • the secure authentication platform can store all device fingerprint information from the same user account as a device fingerprint list, as described above.
  • the application on the user device may also periodically transmit device usage data to the secure authentication platform for the security verification platform to continually update the device fingerprint library to facilitate subsequent receipt of the service. The device information in the request is compared.
  • FIG. 3 is not necessarily implemented on the user's device, but may be implemented, for example, by an independent third party. Moreover, the method can also be implemented in any form of software or hardware.
  • the security verification scheme provided by the present invention has no additional functional requirements for the smart device used by the user, and generally only requires the user to authorize the authenticator or the organization to acquire the device right, which greatly improves the user experience. It also reduces the cost of equipment audits for all parties.
  • the security verification platform 400 includes a data receiving module 41, a device fingerprint creating module 43, a list obtaining module 45, a matching module 47, and a determining module.
  • the data receiving module 41 is configured to receive a service request from a user.
  • these service requests include both user information and device information, where the device information will include device hardware parameters and device usage data.
  • the device fingerprint creation module 43 is configured to create a current device fingerprint based on the device information.
  • a device fingerprint is a device model built based on device hardware parameters and device usage data.
  • the list obtaining module 45 is configured to obtain a device fingerprint list including previously stored device fingerprints of all devices associated with the user.
  • the comparison module 47 is configured to compare the current device fingerprint with each device fingerprint in the device fingerprint list.
  • the determining module 49 is configured to determine that the received service request passes the security verification if the current device fingerprint matches at least one of the device fingerprint lists.
  • the security verification platform 400 shown in Figure 4 can be configured to implement any of the operations described above in connection with the security verification process implemented at the secure authentication platform provided by the present invention.
  • Those skilled in the art will appreciate that the module partitioning shown in FIG. 4 is merely illustrative, and that these modules can be integrated or further divided according to a specific implementation and implemented in any software or hardware form.
  • FIG. 5 is a schematic block diagram of a security verification device in accordance with another example of the present invention.
  • the security verification apparatus 500 includes an authorization module 51, an information collection module 53, and an information addition module 55.
  • the security verification device 500 can be integrated or installed in a device that a user may use to send a service request to an organization.
  • the authorization module 51 is configured to acquire an authorization to collect device information from the user at the device.
  • the information collection module 53 is configured to collect device information from the user's device according to the obtained authorization.
  • the collected device information will include both device hardware parameters and device usage data.
  • the information adding module 55 is configured to add the collected device information to the service request when the user sends a service request to the security verification platform by using the device.
  • the security verification device 500 shown in FIG. 5 can be configured to implement any of the operations described above at the user device associated with the security verification process provided by the present invention.
  • Those skilled in the art can understand that the module division shown in FIG. 5 is only schematic, and the modules can be integrated or further divided according to a specific implementation, and implemented in any software or hardware form.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Collating Specific Patterns (AREA)
  • Telephone Function (AREA)
  • Lock And Its Accessories (AREA)

Abstract

L'invention concerne un procédé de vérification de sécurité consistant à : recevoir une demande de service d'un utilisateur, la demande de service comprenant des informations d'utilisateur et des informations de dispositif; créer une empreinte digitale de dispositif actuelle d'après les informations du dispositif; acquérir une liste d'empreintes digitales de dispositifs, la liste d'empreintes digitales de dispositifs comprenant les empreintes digitales de dispositifs pré-stockées de tous les dispositifs associés à l'utilisateur; comparer l'empreinte digitale de dispositif actuelle à la liste d'empreintes digitales de dispositifs; et déterminer que la demande de service a réussi la vérification de sécurité lorsque l'empreinte digitale actuelle du dispositif correspond à au moins un élément de la liste d'empreintes digitales de dispositifs, les informations du dispositif comprenant un paramètre matériel du dispositif ainsi que les données de conditions d'utilisation du dispositif, et l'empreinte digitale du dispositif étant un modèle de dispositif construit d'après le paramètre matériel du dispositif et les données de conditions d'utilisation du dispositif. L'invention concerne également une plateforme de vérification de sécurité correspondante, ainsi qu'un procédé de vérification de sécurité correspondant mis en œuvre sur un équipement utilisateur, un appareil de vérification de sécurité correspondant et un système de vérification de sécurité.
PCT/CN2017/117600 2016-12-30 2017-12-21 Procédé, plateforme, appareil et système de vérification de sécurité Ceased WO2018121387A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201611259993.X 2016-12-30
CN201611259993.XA CN106991317B (zh) 2016-12-30 2016-12-30 安全验证方法、平台、装置和系统

Publications (1)

Publication Number Publication Date
WO2018121387A1 true WO2018121387A1 (fr) 2018-07-05

Family

ID=59414363

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/117600 Ceased WO2018121387A1 (fr) 2016-12-30 2017-12-21 Procédé, plateforme, appareil et système de vérification de sécurité

Country Status (3)

Country Link
CN (1) CN106991317B (fr)
TW (1) TWI718354B (fr)
WO (1) WO2018121387A1 (fr)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110427785A (zh) * 2019-07-23 2019-11-08 腾讯科技(深圳)有限公司 设备指纹的获取方法和装置、存储介质及电子装置
CN111193714A (zh) * 2019-12-06 2020-05-22 武汉极意网络科技有限公司 一种验证码打码平台自动化追踪方法及系统
CN112765587A (zh) * 2021-01-20 2021-05-07 Oppo广东移动通信有限公司 业务操作验证方法和装置、控制方法和装置、服务器
CN113191892A (zh) * 2021-05-27 2021-07-30 中国工商银行股份有限公司 基于设备指纹的账户风险防控方法、装置、系统及介质
CN113572773A (zh) * 2021-07-27 2021-10-29 迈普通信技术股份有限公司 一种接入设备及终端接入控制方法
CN113643042A (zh) * 2021-08-20 2021-11-12 武汉极意网络科技有限公司 一种基于线上业务安全的安全验证系统
CN114499994A (zh) * 2021-12-30 2022-05-13 科大讯飞股份有限公司 设备指纹的识别方法、装置、电子设备及介质
CN115484588A (zh) * 2022-09-01 2022-12-16 泰尔卓信科技(北京)有限公司 一种移动终端id的获取方法、设备及介质
CN118656816A (zh) * 2024-05-31 2024-09-17 支付宝(杭州)信息技术有限公司 一种业务验证系统、方法、装置、存储介质及电子设备
CN120185943A (zh) * 2025-05-22 2025-06-20 上海治熵信息科技有限公司 一种基于智能机器人的数据安全管理方法和系统
EP4629562A1 (fr) * 2024-04-03 2025-10-08 Advanced Nova Technologies (Singapore) Holding Pte. Ltd. Procédé et dispositif de vérification d'identité et support de stockage

Families Citing this family (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106991317B (zh) * 2016-12-30 2020-01-21 中国银联股份有限公司 安全验证方法、平台、装置和系统
CN107404491B (zh) * 2017-08-14 2018-06-22 腾讯科技(深圳)有限公司 终端环境异常检测方法、检测装置及计算机可读存储介质
CN110737881B (zh) * 2018-07-18 2021-01-26 马上消费金融股份有限公司 一种智能设备指纹验证方法及装置
CN109120605A (zh) 2018-07-27 2019-01-01 阿里巴巴集团控股有限公司 身份验证及账户信息变更方法和装置
CN109146616A (zh) * 2018-07-27 2019-01-04 重庆小雨点小额贷款有限公司 一种业务审批方法、装置、服务器及存储介质
CN109255623A (zh) * 2018-07-27 2019-01-22 重庆小雨点小额贷款有限公司 一种业务审批方法、服务器、客户端及存储介质
CN109889487B (zh) * 2018-12-29 2021-11-12 奇安信科技集团股份有限公司 外部设备接入终端的处理方法及装置
US20210264299A1 (en) * 2019-06-26 2021-08-26 Rakuten, Inc. Fraud estimation system, fraud estimation method and program
CN110473096A (zh) * 2019-07-31 2019-11-19 阿里巴巴集团控股有限公司 基于智能合约的数据授权方法及装置
US11057189B2 (en) 2019-07-31 2021-07-06 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
US11252166B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Providing data authorization based on blockchain
US11251963B2 (en) 2019-07-31 2022-02-15 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
CN110543506B (zh) * 2019-09-10 2022-09-09 百度在线网络技术(北京)有限公司 数据分析方法、装置、电子设备及存储介质
CN112491776B (zh) * 2019-09-11 2022-10-18 华为云计算技术有限公司 安全认证方法及相关设备
CN110557829B (zh) * 2019-09-17 2020-12-11 北京东方国信科技股份有限公司 一种融合指纹库的定位方法及定位装置
CN110689019B (zh) * 2019-09-27 2022-05-24 中国银行股份有限公司 Ocr识别模型的确定方法及装置
CN112948771B (zh) * 2019-12-11 2023-04-18 浙江宇视科技有限公司 权限校验方法、装置、可读存储介质及电子设备
TWI727566B (zh) * 2019-12-26 2021-05-11 玉山商業銀行股份有限公司 設備綁定驗證方法及系統
US11310051B2 (en) 2020-01-15 2022-04-19 Advanced New Technologies Co., Ltd. Blockchain-based data authorization method and apparatus
CN111291356B (zh) * 2020-03-03 2023-01-24 Oppo广东移动通信有限公司 安全风险控制方法及相关产品
CN112073375B (zh) * 2020-08-07 2023-09-26 中国电力科学研究院有限公司 一种适用于电力物联网客户侧的隔离装置及隔离方法
CN112581123B (zh) * 2020-12-08 2024-02-23 中国银联股份有限公司 卡管理方法、用户终端、服务器、系统及存储介质
CN113037736B (zh) * 2021-03-02 2023-07-14 四川九州电子科技股份有限公司 一种认证鉴权方法、装置、系统及计算机存储介质
CN113468495A (zh) * 2021-06-30 2021-10-01 上海和数软件有限公司 一种区块链指纹识别认证个人资产的实现方法
CN113901417B (zh) * 2021-10-09 2024-01-30 中原银行股份有限公司 一种移动设备指纹生成方法及可读存储介质
CN114357403B (zh) * 2021-12-23 2025-05-27 上海淇玥信息技术有限公司 基于设备可信度的用户登陆请求处理方法、装置及设备
CN114510694A (zh) * 2022-02-14 2022-05-17 数贸科技(北京)有限公司 风控验证系统及方法
TWI813326B (zh) * 2022-06-08 2023-08-21 英屬開曼群島商網際威信股份有限公司 設備指紋推論系統及方法
TWI874795B (zh) * 2022-08-01 2025-03-01 台新國際商業銀行股份有限公司 虛擬卡號交易檢核及授權方法及系統
CN115393033A (zh) * 2022-08-15 2022-11-25 中国工商银行股份有限公司 银行卡风险识别方法及装置
CN115348037A (zh) * 2022-08-26 2022-11-15 南方电网科学研究院有限责任公司 一种终端设备的身份认证方法、装置和设备
CN116112240A (zh) * 2023-01-10 2023-05-12 中国建设银行股份有限公司 业务请求响应方法和装置
CN116975831B (zh) * 2023-09-25 2023-12-05 国网山东省电力公司日照供电公司 一种基于指纹识别技术的安全认证方法及系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103186851A (zh) * 2011-12-30 2013-07-03 上海博泰悦臻电子设备制造有限公司 基于云数据处理技术的电子支付系统
CN104867011A (zh) * 2014-02-21 2015-08-26 中国电信股份有限公司 对移动支付进行安全控制的方法与装置
CN105144216A (zh) * 2013-03-15 2015-12-09 维萨国际服务协会 捕捉移动安全装置、方法和系统
CN105989079A (zh) * 2015-02-11 2016-10-05 阿里巴巴集团控股有限公司 获取设备指纹的方法及装置
CN106991317A (zh) * 2016-12-30 2017-07-28 中国银联股份有限公司 安全验证方法、平台、装置和系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710770A (zh) * 2012-06-01 2012-10-03 汪德嘉 一种上网设备识别方法及其实现系统
CN105989373B (zh) * 2015-02-15 2019-07-23 阿里巴巴集团控股有限公司 利用训练模型实现的获取设备指纹方法及装置
CN105933266B (zh) * 2015-08-20 2019-07-12 中国银联股份有限公司 一种验证方法及服务器

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103186851A (zh) * 2011-12-30 2013-07-03 上海博泰悦臻电子设备制造有限公司 基于云数据处理技术的电子支付系统
CN105144216A (zh) * 2013-03-15 2015-12-09 维萨国际服务协会 捕捉移动安全装置、方法和系统
CN104867011A (zh) * 2014-02-21 2015-08-26 中国电信股份有限公司 对移动支付进行安全控制的方法与装置
CN105989079A (zh) * 2015-02-11 2016-10-05 阿里巴巴集团控股有限公司 获取设备指纹的方法及装置
CN106991317A (zh) * 2016-12-30 2017-07-28 中国银联股份有限公司 安全验证方法、平台、装置和系统

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110427785B (zh) * 2019-07-23 2023-07-14 腾讯科技(深圳)有限公司 设备指纹的获取方法和装置、存储介质及电子装置
CN110427785A (zh) * 2019-07-23 2019-11-08 腾讯科技(深圳)有限公司 设备指纹的获取方法和装置、存储介质及电子装置
CN111193714A (zh) * 2019-12-06 2020-05-22 武汉极意网络科技有限公司 一种验证码打码平台自动化追踪方法及系统
CN112765587A (zh) * 2021-01-20 2021-05-07 Oppo广东移动通信有限公司 业务操作验证方法和装置、控制方法和装置、服务器
CN113191892B (zh) * 2021-05-27 2024-12-13 中国工商银行股份有限公司 基于设备指纹的账户风险防控方法、装置、系统及介质
CN113191892A (zh) * 2021-05-27 2021-07-30 中国工商银行股份有限公司 基于设备指纹的账户风险防控方法、装置、系统及介质
CN113572773A (zh) * 2021-07-27 2021-10-29 迈普通信技术股份有限公司 一种接入设备及终端接入控制方法
CN113643042A (zh) * 2021-08-20 2021-11-12 武汉极意网络科技有限公司 一种基于线上业务安全的安全验证系统
CN113643042B (zh) * 2021-08-20 2024-04-05 武汉极意网络科技有限公司 一种基于线上业务安全的安全验证系统
CN114499994A (zh) * 2021-12-30 2022-05-13 科大讯飞股份有限公司 设备指纹的识别方法、装置、电子设备及介质
CN114499994B (zh) * 2021-12-30 2024-06-04 科大讯飞股份有限公司 设备指纹的识别方法、装置、电子设备及介质
CN115484588A (zh) * 2022-09-01 2022-12-16 泰尔卓信科技(北京)有限公司 一种移动终端id的获取方法、设备及介质
CN115484588B (zh) * 2022-09-01 2025-02-07 泰尔卓信科技(北京)有限公司 一种移动终端id的获取方法、设备及介质
EP4629562A1 (fr) * 2024-04-03 2025-10-08 Advanced Nova Technologies (Singapore) Holding Pte. Ltd. Procédé et dispositif de vérification d'identité et support de stockage
CN118656816A (zh) * 2024-05-31 2024-09-17 支付宝(杭州)信息技术有限公司 一种业务验证系统、方法、装置、存储介质及电子设备
CN120185943A (zh) * 2025-05-22 2025-06-20 上海治熵信息科技有限公司 一种基于智能机器人的数据安全管理方法和系统

Also Published As

Publication number Publication date
TWI718354B (zh) 2021-02-11
TW201824108A (zh) 2018-07-01
CN106991317A (zh) 2017-07-28
CN106991317B (zh) 2020-01-21

Similar Documents

Publication Publication Date Title
TWI718354B (zh) 安全驗證方法、平臺、裝置和系統
US11238457B2 (en) Multi-device transaction verification
US20220094678A1 (en) Systems and methods for user authentication based on multiple devices
JP6803935B2 (ja) 不正および改ざんに対するデバイスの論理的妥当性確認
KR102457683B1 (ko) 데이터 분석을 사용하여 인증을 수행하기 위한 시스템 및 방법
CN108804906B (zh) 一种用于应用登陆的系统和方法
US20240403863A1 (en) Multi-device authentication process and system utilizing cryptographic techniques
EP1922632B1 (fr) Procede et appareil pour mot de passe a usage unique
CN101751629B (zh) 使用变化唯一值的多因素认证的方法和系统
US11978053B2 (en) Systems and methods for estimating authenticity of local network of device initiating remote transaction
RU2742910C1 (ru) Обработка закодированной информации
US12081544B2 (en) Systems and methods for preventing unauthorized network access
KR20170039672A (ko) 장치에 대해 클라이언트를 인증하기 위한 시스템 및 방법
US11564102B2 (en) Fraudulent wireless network detection with proximate network data
CN117857071A (zh) 使用钱包卡的密码验证
CN114245889A (zh) 用于基于行为生物测定数据认证交易的系统、方法和计算机程序产品
KR101195027B1 (ko) 서비스 보안시스템 및 그 방법
HK1240346B (zh) 安全验证方法、平台、装置和系统
HK1240346A1 (en) Security verification method, platform, device, and system
HK1240346A (en) Security verification method, platform, device, and system
KR20170072654A (ko) 스마트 뱅킹 보안강화 장치 및 그 방법
HK40003671A (en) Multi-device authentication process and system utilizing cryptographic techniques
KR20160014865A (ko) 사용자 인증 방법, 및 이를 실행하는 금융 기관의 서버 및 이를 실행하는 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17886458

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17886458

Country of ref document: EP

Kind code of ref document: A1