CN107977564B - Transaction authentication processing method, authentication server, terminal and transaction equipment - Google Patents

Abstract

The invention provides a transaction authentication processing method which comprises the steps of obtaining a user medium authentication request and a C L F authentication request which are sent by a terminal after a target application is downloaded, distributing a corresponding medium authentication mark to the terminal according to the user medium authentication request, distributing a corresponding C L F authentication mark to the terminal according to a C L F authentication request, establishing a binding relation corresponding to the unique safe application mark, the medium authentication mark and the C L F authentication mark of the target application, and sending the binding relation to the terminal and transaction equipment so that the terminal and the transaction equipment can authenticate the medium authentication mark and the C L F authentication mark.

Description

A transaction authentication processing method, authentication server, terminal and transaction device

technical field

The invention relates to the field of mobile payment, in particular to a transaction authentication processing method, an authentication server, a terminal and a transaction device.

Background technique

With the development of intelligent terminals, most of the existing intelligent terminals on the market support dual cards (such as SIM cards), and even support virtual soft cards (soft SIM cards) simulated by an operating system on the basis of dual cards. In this way, there will be multiple secure storage media for smart terminals, but the secure storage media corresponding to different applications are indeed diverse, and the different secure storage media corresponding to different applications are also randomly changeable (users can configure it by themselves), As a result, security authentication cannot be performed on the security storage medium, resulting in poor transaction security.

SUMMARY OF THE INVENTION

Embodiments of the present invention provide a transaction authentication processing method, an authentication server, a terminal, and a transaction device, so as to improve the security of terminal transactions.

In a first aspect, an embodiment of the present invention provides a transaction authentication processing method, where the transaction authentication processing method includes:

Obtain the user media authentication request and CLF authentication request sent by the terminal after downloading the target application;

Allocate a corresponding medium authentication mark to the terminal according to the user medium authentication request, and allocate a corresponding CLF authentication mark to the terminal according to the CLF authentication request;

Establish a binding relationship corresponding to the unique security application label, the medium authentication label, and the CLF authentication label of the target application, and send it to the terminal and the transaction device, so that the terminal and the transaction device can compare the medium authentication label and the CLF authentication label. Certification mark for certification.

Preferably, before the step of acquiring the user media authentication request and the CLF authentication request sent by the terminal after downloading the target application, the steps further include:

Obtain the application release request corresponding to the target application sent by the business platform;

A corresponding security application identifier is allocated according to the target application.

In a second aspect, an embodiment of the present invention further provides a transaction authentication processing method, where the transaction authentication processing method includes:

Detecting a business transaction request sent by a business application; the business transaction request includes a security application flag, a medium authentication flag and a CLF authentication flag;

According to the business transaction request, obtain the media authentication mark stored in the user identification card and the CLF authentication mark stored in the CLF;

The acquired media authentication label and CLF authentication label are verified according to the binding relationship obtained and saved by the target application from the authentication server, where the binding relationship includes the security application label, the media authentication label and the CLF authentication label corresponding to the target application. connection relation;

When the verification is passed, the CLF corresponding to the CLF certification mark is notified to initiate a transaction connection request to the transaction device, so that the transaction device can verify the transaction connection request.

Preferably, the transaction connection request includes a binding relationship corresponding to the target application.

Preferably, before the service transaction request sent by the detection service application, it further includes:

Verify the user identity information according to the received user identity information verification request;

After the authentication of the identity information is passed, the business transaction request sent by the business application is detected.

Preferably, before the service transaction request sent by the detection service application, it further includes:

Obtain and store the binding relationship between the security application identifier, the media authentication identifier and the CLF authentication identifier sent from the authentication server;

According to the binding relationship, the media authentication mark is written into the corresponding user identification card, and the CLF authentication mark is written into the corresponding CLF; wherein,

The authentication server is configured to allocate the media authentication label and the CLF authentication label correspondingly according to the user medium authentication request and the CLF authentication request sent by the business application carrying the security application label, and assign the media authentication label, the CLF authentication label and the security application label Make an association to establish a binding relationship.

In a third aspect, an embodiment of the present invention further provides a transaction authentication processing method, where the transaction authentication processing method includes:

The transaction device acquires and stores the binding relationship sent from the authentication server, and the binding relationship includes the association relationship between the security application identifier, the medium authentication identifier and the CLF authentication identifier;

The transaction device detects, in real time, a transaction connection request sent by the terminal, where the transaction connection request includes a binding relationship marked by the security application corresponding to the initiating business transaction request;

The transaction device authenticates the binding relationship in the transaction connection request according to the stored binding relationship;

When the authentication is passed, the transaction device establishes a transaction connection with the terminal based on the NFC communication protocol.

In a fourth aspect, an embodiment of the present invention further provides a transaction authentication processing method, where the transaction authentication processing method includes:

Sending the user medium authentication request and the CLF authentication request to the authentication server; the user medium authentication request and the CLF authentication request both carry the security application identifier corresponding to the target application;

Receive the medium authentication mark allocated by the authentication server according to the user medium authentication request, and the CLF authentication mark allocated by the authentication server according to the CLF authentication request; to carry the target application when sending a business transaction request based on the target application The corresponding security application flag, medium authentication flag and CLF authentication flag send a service transaction request.

In a fifth aspect, an embodiment of the present invention further provides an authentication server, where the authentication server includes:

a first obtaining module, configured to obtain the user media authentication request and the CLF authentication request sent by the terminal after downloading the target application;

a first allocation module, configured to allocate a corresponding medium authentication mark to the terminal according to the user medium authentication request, and allocate a corresponding CLF authentication mark to the terminal according to the CLF authentication request;

The processing module is used to establish the binding relationship corresponding to the unique security application label, the medium authentication label and the CLF authentication label of the target application, and send it to the terminal and the transaction device, so that the terminal and the transaction device can verify the Media certification mark and CLF certification mark for certification.

Preferably, the authentication server further includes:

a second obtaining module, configured to obtain an application publishing request corresponding to the target application sent by the business platform;

The second allocation module is configured to allocate a corresponding security application identifier according to the target application.

In a sixth aspect, an embodiment of the present invention further provides a terminal, where the terminal includes:

a first detection module, configured to detect a service transaction request sent by a service application; the service transaction request includes a security application label, a medium authentication label and a CLF authentication label;

a third obtaining module, configured to obtain the media authentication mark stored in the user identity card and the CLF authentication mark stored in the CLF according to the business transaction request;

The first verification module is configured to verify the acquired medium authentication mark and the CLF authentication mark according to the binding relationship obtained and saved by the target application from the authentication server, where the binding relationship includes the security application mark corresponding to the target application, the medium The relationship between the certification mark and the CLF certification mark;

and a notification module, configured to notify the CLF corresponding to the CLF certification mark to initiate a transaction connection request to the transaction device when the verification is passed, so that the transaction device can verify the transaction connection request.

Preferably, the transaction connection request includes a binding relationship corresponding to the target application.

Preferably, the terminal further includes:

a second verification module, configured to verify the user identity information according to the received user identity information verification request;

After the authentication of the identity information is passed, the first detection module is triggered to detect the service transaction request sent by the service application.

Preferably, the terminal further includes:

a fourth acquisition module, configured to acquire and store the binding relationship between the security application identifier, the media authentication identifier and the CLF authentication identifier sent from the authentication server;

a storage module, configured to write the media authentication mark into the corresponding user identification card according to the binding relationship, and write the CLF authentication mark into the corresponding CLF; wherein,

The authentication server is configured to allocate the media authentication label and the CLF authentication label correspondingly according to the user medium authentication request and the CLF authentication request sent by the business application carrying the security application label, and assign the media authentication label, the CLF authentication label and the security application label Make an association to establish a binding relationship.

In a seventh aspect, an embodiment of the present invention further provides a transaction device, where the transaction device includes:

a fifth acquisition module, configured to acquire and store the binding relationship sent from the authentication server, the binding relationship including the association relationship between the security application identifier, the media authentication identifier and the CLF authentication identifier;

The second detection module is used for real-time detection of a transaction connection request sent by the terminal, where the transaction connection request includes a binding relationship marked by a security application corresponding to the initiating business transaction request;

an authentication module, configured to authenticate the binding relationship in the transaction connection request according to the stored binding relationship;

The connection module is used for establishing a transaction connection with the terminal based on the NFC communication protocol when the authentication is passed.

In an eighth aspect, an embodiment of the present invention further provides a terminal, where the terminal includes:

a sending module, configured to send the user medium authentication request and the CLF authentication request to the authentication server; the user medium authentication request and the CLF authentication request both carry the security application identifier corresponding to the target application;

a receiving module, configured to receive the medium authentication mark allocated by the authentication server according to the user medium authentication request, and the CLF authentication mark allocated by the authentication server according to the CLF authentication request; so that when the service transaction request is sent based on the target application, The service transaction request is sent with the security application label, the medium authentication label and the CLF authentication label corresponding to the target application.

The embodiment of the present invention obtains the user media authentication request and the CLF authentication request sent by the terminal after downloading the target application; allocates the corresponding media authentication mark to the terminal according to the user media authentication request, and allocates the corresponding media authentication label to the terminal according to the CLF authentication request The CLF certification mark of the target application is established; the binding relationship corresponding to the unique security application mark, the medium certification mark and the CLF certification mark of the target application is established, and sent to the terminal and the transaction device for the terminal and the transaction device. The media certification mark and the CLF certification mark are used for authentication, thereby improving the security of the transaction. The reliability of the transaction in the transaction system under the multi-user secure storage medium and multi-NFC connection is guaranteed.

Description of drawings

In order to illustrate the technical solutions of the embodiments of the present invention more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments of the present invention. Obviously, the drawings in the following description are only some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative labor.

1 is a flowchart of a transaction authentication processing method provided by a first embodiment of the present invention;

2 is a flowchart of a transaction authentication processing method provided by a second embodiment of the present invention;

3 is a flowchart of a transaction authentication processing method provided by a third embodiment of the present invention;

4 is a flowchart of a transaction authentication processing method provided by a fourth embodiment of the present invention;

5 is a flowchart of a transaction authentication processing method provided by a fifth embodiment of the present invention;

6 is a flowchart of a transaction authentication processing method provided by a sixth embodiment of the present invention;

7 is a flowchart of application installation processing in a transaction authentication processing method provided by an embodiment of the present invention;

8 is an authentication flow chart before generating a transaction connection request in a transaction authentication processing method provided by an embodiment of the present invention;

9 is an authentication flow chart after generating a transaction connection request in a transaction authentication processing method provided by an embodiment of the present invention;

10 is a structural diagram of an authentication server provided in a seventh embodiment of the present invention;

FIG. 11 is one of the structural diagrams of the terminal provided in the seventh embodiment of the present invention;

FIG. 12 is the second structural diagram of the terminal provided in the seventh embodiment of the present invention;

FIG. 13 is the third structural diagram of the terminal provided in the seventh embodiment of the present invention;

14 is a functional module structure diagram of a transaction device provided in the seventh embodiment of the present invention;

FIG. 15 is the fourth structural diagram of the terminal provided in the seventh embodiment of the present invention;

FIG. 16 is a structural diagram of a mobile terminal to which the seventh embodiment of the present invention is applied.

Detailed ways

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

first embodiment

Referring to FIG. 1, FIG. 1 is a flowchart of a transaction authentication processing method provided by an embodiment of the present invention, as shown in FIG. 1, including the following steps:

Step 101, obtaining a user medium authentication request and a CLF authentication request sent by the terminal after downloading the target application;

The transaction authentication processing method provided in this embodiment is mainly applied in a terminal transaction system, and is used for managing and distributing the security application flag, the medium authentication flag and the CLF authentication flag in the transaction authentication process of the terminal.

In this embodiment, the above-mentioned terminal is an NFC (Near Field Communication, Near Field Communication) terminal based on a TEE (Trusted Execution Environment, Trusted Execution Environment) technology, such as a mobile phone. The mobile phone has multiple storage media, and the storage media is preferably a user identification card, such as a SIM card and/or a UIM card; specifically, the user identification card is a card with NFC functions, such as an NFC-SIM card . An NFC transaction chip (CLF) is arranged in the terminal, and the CLF is used to establish a communication connection with the transaction device.

In this step, the above-mentioned target application is an application released by the business platform, and the application needs to be authenticated first before release. Optionally, the above transaction authentication processing method further includes an authentication process for the application. Specifically, before the step of acquiring the user medium authentication request and the CLF authentication request sent by the terminal after downloading the target application, the method further includes:

Obtain the application release request corresponding to the target application sent by the business platform;

A corresponding security application identifier is allocated according to the target application.

Specifically, before releasing the application, the business platform first applies to the authentication server for a target application release request. After the authentication server passes the authentication of the target application, the authentication server assigns a legal and unique security application identifier to the target application to be released on the business platform. .

There is a service application in the terminal, through which the target application published by the service platform can be downloaded. And the service application can send a user media authentication request and a CLF authentication request to the authentication server according to the downloaded security application identifier of the target application.

Step 102: Allocate a corresponding medium authentication sign to the terminal according to the user medium authentication request, and allocate a corresponding CLF authentication sign to the terminal according to the CLF authentication request;

In this step, the authentication server will assign the corresponding media authentication label to the service application according to the user's media authentication request, and at the same time assign the corresponding CLF authentication label to the service application according to the CLF authentication label; thus, when the service application sends a service transaction request, it will Carry the Safety Application Mark, Media Certification Mark and CLF Certification Mark. Further, the validity of the business transaction request can be verified according to the security application label, the medium authentication label and the CLF authentication label carried in the business transaction request, which will be described in detail in the following embodiments.

Step 103: Establish a binding relationship corresponding to the unique security application label, the medium authentication label and the CLF authentication label of the target application, and send it to the terminal and the transaction device for the terminal and the transaction device to authenticate the medium mark and the CLF certification mark for certification.

In this step, since the service application of the terminal carries the security application label corresponding to the target application when sending the user medium authentication request and the CLF authentication request, the binding corresponding to the security application label, the medium authentication label and the CLF authentication label can be established. relation.

It can be understood that the above-mentioned user medium authentication request should include the information of the storage medium, that is, the information of the SIM card. When the authentication server authenticates the SIM card for the first time, after the authentication is passed, the corresponding SIM card can be assigned. The medium authentication mark; if the SIM card has been authenticated on the authentication server before, the medium authentication mark allocated during the previous authentication is directly allocated to the SIM card. Similarly, the CLF authentication request contains CLF information. When the authentication server authenticates the CLF for the first time, after the authentication is passed, the CLF can be assigned the corresponding media authentication mark; if the CLF has been authenticated on the authentication server before , then directly assign the media certification mark assigned during the previous certification to the CLF.

When the authentication server establishes the binding relationship corresponding to the security application label, the media authentication label and the CLF authentication label, it will push the binding relationship to the terminal and the transaction device, so that the terminal and the transaction device can compare the binding relationship during the transaction process. The media certification mark and the CLF certification mark are used for authentication to improve the security of transactions.

It should be noted that the above-mentioned terminal may include one CLF, or may include multiple CLFs. When there are multiple CLFs on the terminal, the security levels and business operation types corresponding to different CLFs are different, and the transaction data of different security levels are separated from the physical connection. Therefore, different transactions may be realized through different NFC physical connections. However, in this embodiment, since the CLF authentication mark and the security application mark are respectively set for the CLF and the target application, and the binding relationship between the two is established, the CLF used in the transaction process can be authenticated, which improves the efficiency of complex transactions. Security of transactions in the scene.

It should be noted that the specific structure of the above-mentioned transaction equipment can be set according to actual needs. In the present invention, it is preferably a POS (point of sale) equipment, and can also be other transaction equipment with POS equipment functions.

The embodiment of the present invention obtains the user media authentication request and the CLF authentication request sent by the terminal after downloading the target application; allocates the corresponding media authentication mark to the terminal according to the user media authentication request, and allocates the corresponding media authentication label to the terminal according to the CLF authentication request The CLF certification mark of the target application is established; the binding relationship corresponding to the unique security application mark, the medium certification mark and the CLF certification mark of the target application is established, and sent to the terminal and the transaction device for the terminal and the transaction device. The media certification mark and the CLF certification mark are used for authentication, thereby improving the security of the transaction. The reliability of the transaction in the transaction system under the multi-user secure storage medium and multi-NFC connection is guaranteed.

Second Embodiment

Referring to FIG. 2, FIG. 2 is a flowchart of a transaction authentication processing method provided by an embodiment of the present invention. As shown in FIG. 2, the transaction authentication processing method includes the following steps:

Step 201, detecting a service transaction request sent by a service application; the service transaction request includes a security application label, a medium authentication label, and a CLF authentication label;

The transaction authentication processing method provided in this embodiment is mainly applied in a terminal transaction system, and is used for performing transaction process authentication on the terminal.

Specifically, the service application may initiate a service transaction request to the authentication module, and when the authentication module receives the service transaction request, an authentication operation will be performed. The authentication module stores the binding relationship pushed by the authentication server, and the binding relationship includes the association relationship between the security application label, the media authentication label, and the CLF authentication label; Transaction operations are authenticated, which are described in detail below.

Step 202, according to the business transaction request, obtain the media authentication mark stored in the user identity card and the CLF authentication mark stored in the CLF;

Step 203: Verify the acquired media authentication label and CLF authentication label according to the binding relationship obtained and saved from the authentication server in the target application authentication phase, where the binding relationship includes the security application label and the media authentication label corresponding to the target application The relationship with the CLF certification mark;

When the authentication module detects the above-mentioned business transaction request, it will obtain the stored medium authentication mark from the corresponding user identification card according to the medium authentication mark corresponding to the business transaction request, and send the stored medium authentication mark to the corresponding user ID card according to the medium authentication mark corresponding to the business transaction request. The corresponding user identification card obtains the media authentication mark, and obtains the CLF authentication mark from the corresponding CLF according to the CLF authentication mark corresponding to the business transaction request; when both the media authentication mark and CLF authentication mark consistent with the binding relationship can be obtained, the media The certification mark and the CLF certification mark are passed, and the business transaction request is determined to be legal.

Step 204, when the verification is passed, notify the CLF corresponding to the CLF authentication mark to initiate a transaction connection request to the transaction device, so that the transaction device can verify the transaction connection request.

In this step, after the legality verification of the business transaction request is passed, the corresponding CLF will be notified to initiate a transaction connection request to the transaction device, so that the transaction device and the terminal can establish a connection and enter the transaction operation process.

Optionally, in order to further improve the security of the transaction process, in this embodiment, a transaction device may also be set to verify the above transaction connection request. The mode of this verification operation can be set according to actual needs, for example, the above-mentioned binding relationship can be verified. Optionally, in this embodiment, the transaction connection request includes the binding relationship corresponding to the target application.

The above transaction connection request includes initiating the binding relationship between the business transaction request and the target application, and the transaction device verifies the binding relationship. Specifically, the authentication server pushes the binding relationship to the terminal, and also pushes it to the transaction device, and the transaction device matches and verifies whether the transaction connection request is correct, preventing others from forging the binding relationship on the terminal. Since the binding relationship in the transaction connection request is verified on the transaction device to realize the legality verification of the transaction connection request, the security of the transaction is improved.

In this embodiment of the present invention, the terminal authenticates the medium authentication mark and the CLF authentication mark during the transaction process, and at the same time loads the binding relationship between the security application mark, the medium authentication mark and the CLF authentication mark in the transaction connection request sent by the CLF, It is used for transaction equipment to authenticate the binding relationship, thereby ensuring the legitimacy of the user ID card and the CLF, and at the same time ensuring the legitimacy of the binding relationship, thus improving the security of the transaction.

Third Embodiment

Referring to FIG. 3, FIG. 3 is a flowchart of a transaction authentication processing method provided by an embodiment of the present invention. As shown in FIG. 3, based on the second embodiment of the transaction authentication processing method of the present invention, in the third embodiment, before the above step 201 Also includes:

Step 205, verifying the user identity information according to the received user identity information verification request;

The above step 201 is specifically: after the identity information verification is passed, detecting the service transaction request sent by the service application.

In this embodiment, the user identity is unique and can be identified and authenticated through biotechnology. The authentication method can be set according to actual needs. In this embodiment, preferably, the authentication process may be power-on authentication, and in other embodiments, it may also be startup authentication of a security application. Specifically, it can be authenticated by means of a character password, iris authentication, face recognition authentication, and the like. When the authentication is passed, it is considered that all operations are master operations, that is, the identity information of all applications is considered to be authenticated.

Fourth Embodiment

Further, referring to FIG. 4 , based on the above-mentioned embodiment, in this embodiment, before the transaction process is performed, the target application needs to be installed first, and the binding relationship between the security application label, the medium authentication label and the CLF authentication label is set, as follows: This is explained in detail. Specifically, in this embodiment, the above transaction authentication processing method further includes:

Step 206: Acquire and store the binding relationship between the security application identifier, the media authentication identifier and the CLF authentication identifier sent by the authentication server; the authentication server is used for the user medium authentication request and CLF sent by the business application carrying the security application identifier. The authentication request corresponds to the distribution of the medium authentication mark and the CLF authentication mark, and the media authentication mark, the CLF authentication mark and the security application mark are associated to establish a binding relationship.

Step 207, according to the binding relationship, write the media authentication mark into the corresponding user identity card, and write the CLF authentication mark into the corresponding CLF.

The business platform is the platform that publishes the above target application. Before releasing the target application, it first applies to the authentication server for a target application release request. After the authentication server passes the authentication of the target application, the authentication server allocates the target application to the business platform to be released. Legally unique and secure app designation. Then the user can use the terminal to access the service platform, so that the service application can download and install the target application published by the service platform.

After the service application is downloaded, it will send the user media authentication request and CLF authentication request to the authentication server with the security application identifier of the target application, so that the authentication server assigns the corresponding media authentication identifier and CLF authentication identifier to the terminal. Both the authentication request and the CLF authentication request carry the security application flag, so that the binding relationship corresponding to the security application flag, the medium authentication flag and the CLF authentication flag can be established. Then push the binding relationship to the terminal and the transaction device. After the terminal obtains the binding relationship, it will write the media authentication mark in the binding relationship into the corresponding user identification card, and the CLF certification mark will be written into the corresponding user ID card. Write to CLF for authentication in subsequent transaction processes.

Fifth Embodiment

Referring to FIG. 5, FIG. 5 is a flowchart of a transaction authentication processing method provided by an embodiment of the present invention. As shown in FIG. 5, the transaction authentication processing method includes the following steps:

Step 301, the transaction device acquires and stores the binding relationship sent from the authentication server, and the binding relationship includes the association relationship between the security application identifier, the medium authentication identifier and the CLF authentication identifier;

Step 302, the transaction device detects a transaction connection request sent by the terminal in real time, and the transaction connection request includes a binding relationship marked by a security application corresponding to the initiating business transaction request;

Step 303, the transaction device authenticates the binding relationship in the transaction connection request according to the stored binding relationship;

Step 304, when the authentication is passed, the transaction device establishes a transaction connection with the terminal based on the NFC communication protocol.

In this embodiment, after the transaction device obtains the binding relationship sent by the authentication server, it will detect the transaction connection request sent by the terminal, and when detecting the transaction connection request, the transaction device verifies the transaction connection request. After the verification is passed, the NFC communication method can be used to establish a transaction connection. After the transaction connection is established, user authentication and transaction parameter authentication (transaction MAC, etc., the original NFC transaction process) are performed; when the transaction is finally completed, the business data is updated.

In the embodiment of the present invention, since the binding relationship is verified in the transaction device, it can effectively prevent others from forging the binding relationship on the terminal, thus improving the security of the transaction. In addition, the present invention only increases the legality authentication process of the request while ensuring the existing transaction subject process. Therefore, the security of the transaction process is improved while ensuring that the transaction speed is basically unchanged.

Sixth Embodiment

Referring to FIG. 6, FIG. 6 is a flowchart of a transaction authentication processing method provided by an embodiment of the present invention. As shown in FIG. 6, the transaction authentication processing method includes the following steps:

Step 401, sending a user medium authentication request and a CLF authentication request to an authentication server; the user medium authentication request and the CLF authentication request both carry a security application identifier corresponding to the target application;

Step 402: Receive the medium authentication mark allocated by the authentication server according to the user's medium authentication request, and the CLF authentication mark allocated by the authentication server according to the CLF authentication request; so that when the service transaction request is sent based on the target application, the information is carried. The service transaction request is sent using the security application identifier, media authentication identifier and CLF authentication identifier corresponding to the target application.

In this step, after the service application downloads the above target application, it will send the user media authentication request and the CLF authentication request according to the security application identifier corresponding to the target application, and the security application identifier is carried in the authentication request for the authentication server to use After the user medium and CLF authentication are performed, the corresponding medium authentication mark and CLF authentication mark are allocated, and the binding relationship between the three is established. At the same time, after the business application obtains the above-mentioned medium authentication mark and CLF authentication mark, when the business application sends a business transaction request, according to the application corresponding to the service type, it will carry the security application mark, medium authentication mark and CLF authentication mark of the application. , for the follow-up process to verify the legitimacy of the business transaction request sent this time.

Further, as shown in FIG. 7 to FIG. 9 , the specific flow of the transaction operation using the transaction authentication processing method provided by the present invention will be described in detail below.

As shown in Figure 7, an application needs to be installed first before performing a transaction operation, which specifically includes:

Step 601, the business platform applies to the intelligent authentication system for an application release request;

Step 602, the intelligent authentication system assigns a security application label;

Step 603, download and install an application through a business application;

Step 604, the service application applies for a user medium authentication request;

Step 605, the intelligent authentication system assigns a medium authentication mark;

Step 606, the business application applies for a CLF authentication request;

Step 607, the intelligent authentication system assigns the CLF authentication mark;

Step 608, the intelligent authentication system establishes the binding relationship between the security application label, the medium authentication label and the CLF authentication request, and writes it into the intelligent authentication module of the terminal.

Step 609, the intelligent authentication module of the terminal writes the medium authentication mark into the NFC-SIM card;

Step 610, the intelligent authentication module of the terminal writes the CLF authentication mark into the CLF;

Step 611, the intelligent authentication system synchronizes the above-mentioned binding relationship to the transaction device.

The installation of the application is completed through the above steps 601 to 611. After the installation is completed, in the transaction authentication process, the process before the terminal initiates a transaction connection request is shown in Figure 8, which specifically includes:

Step 701, the user identity security application verifies the user identity;

Step 702, the business application initiates a business transaction request to the intelligent authentication module of the terminal when the user identity security application passes the verification of the user identity;

Step 703, the intelligent authentication module will send a media authentication request to the user media security application according to the service transaction request, so as to obtain the media authentication mark in the NFC-SIM card through the user media security application, and return the medium authentication mark to the intelligent authentication module, For the intelligent authentication module to perform media authentication;

Step 704, the intelligent authentication module obtains the CLF authentication mark in the CLF to perform CLF authentication;

Step 705, the intelligent authentication module notifies the corresponding CLF to initiate the NFC connection;

Step 706, the CLF initiates a transaction connection request with the binding relationship.

As shown in Figure 9, after the terminal initiates a transaction connection request to the transaction device, the process of the transaction authentication performed by the transaction device is as follows:

Step 801, the NFC connector communicates with the intelligent authentication module in the transaction device according to the transaction connection request, so as to authenticate the binding relationship in the transaction connection request;

Step 802, when the authentication is passed, the NFC connector establishes a transaction connection with the CLF of the terminal;

Step 803, after the successful connection, the authentication management in the transaction device and the NFC-SIM card of the terminal perform user authentication and transaction parameter authentication (transaction MAC, etc., the original NFC transaction process);

In step 804, the NFC-SIM card writes the service data after the transaction, thereby completing the transaction.

Seventh Embodiment

Referring to FIG. 10, FIG. 10 is a structural diagram of an authentication server provided by the implementation of the present invention. As shown in FIG. 9, the authentication server includes:

The first obtaining module 1001 is configured to obtain the user media authentication request and the CLF authentication request sent by the terminal after downloading the target application;

a first allocation module 1002, configured to allocate a corresponding medium authentication mark to the terminal according to the user medium authentication request, and allocate a corresponding CLF authentication mark to the terminal according to the CLF authentication request;

The processing module 1003 is used to establish the binding relationship corresponding to the unique security application label, the media authentication label and the CLF authentication label of the target application, and send it to the terminal and the transaction device, so that the terminal and the transaction device can verify the corresponding binding relationship. The above media certification mark and CLF certification mark are used for certification.

Optionally, the above authentication server also includes

a second obtaining module, configured to obtain an application publishing request corresponding to the target application sent by the business platform;

The second allocation module is configured to allocate a corresponding security application identifier according to the target application.

Further, referring to FIG. 11, FIG. 11 is a structural diagram of a terminal provided by the implementation of the present invention. As shown in FIG. 11, the terminal includes:

The first detection module 1101 is used to detect a service transaction request sent by a service application; the service transaction request includes a security application label, a medium authentication label and a CLF authentication label;

The third obtaining module 1102 is configured to obtain the medium authentication mark stored in the user identification card and the CLF authentication mark stored in the CLF according to the business transaction request;

The first verification module 1103 is configured to verify the acquired media authentication mark and the CLF authentication mark according to the binding relationship obtained and saved by the target application from the authentication server, where the binding relationship includes the security application mark corresponding to the target application, The relationship between the media certification mark and the CLF certification mark;

The notification module 1104 is configured to notify the CLF corresponding to the CLF authentication mark to initiate a transaction connection request to the transaction device when the verification is passed, so that the transaction device can verify the transaction connection request.

Optionally, the transaction connection request includes the binding relationship corresponding to the target application.

Further, referring to FIG. 12 , in this embodiment, in order to realize user identity verification, the above-mentioned terminal further includes:

The second verification module 1105 is configured to verify the user identity information according to the received user identity information verification request;

After the authentication of the identity information is passed, the first detection module 1101 is triggered to detect the service transaction request sent by the service application.

Further, before the transaction is performed, the authentication server also needs to authenticate the security application, the user identification card and the CLF, and assign a corresponding authentication mark. Specifically, referring to FIG. 13 , in this embodiment, the above-mentioned terminal further includes:

The fourth obtaining module 1106 is configured to obtain and store the binding relationship between the security application label, the media authentication label and the CLF authentication label sent from the authentication server;

The storage module 1107 is configured to write the media authentication mark into the corresponding user identification card according to the binding relationship, and write the CLF authentication mark into the corresponding CLF; wherein,

The authentication server is configured to allocate the media authentication label and the CLF authentication label correspondingly according to the user medium authentication request and the CLF authentication request sent by the business application carrying the security application label, and assign the media authentication label, the CLF authentication label and the security application label Make an association to establish a binding relationship.

Further, referring to FIG. 14, FIG. 14 is a structural diagram of a transaction device provided by the implementation of the present invention. As shown in FIG. 14, the transaction device includes:

The fifth obtaining module 1401 is configured to obtain and store the binding relationship sent from the authentication server, where the binding relationship includes the association relationship between the security application label, the media authentication label and the CLF authentication label;

The second detection module 1402 is configured to detect, in real time, a transaction connection request sent by the terminal, where the transaction connection request includes a binding relationship marked by a security application corresponding to the initiating business transaction request;

An authentication module 1403, configured to authenticate the binding relationship in the transaction connection request according to the stored binding relationship;

The connection module 1404 is configured to establish a transaction connection with the terminal based on the NFC communication protocol when the authentication is passed.

Further, referring to FIG. 15, FIG. 15 is a structural diagram of a terminal provided by the implementation of the present invention. As shown in FIG. 15, the terminal includes:

The sending module 1501 is configured to send the user medium authentication request and the CLF authentication request to the authentication server; the user medium authentication request and the CLF authentication request both carry the security application identifier corresponding to the target application;

Receiving module 1502, configured to receive the medium authentication mark allocated by the authentication server according to the user medium authentication request, and the CLF authentication mark allocated by the authentication server according to the CLF authentication request; to send a business transaction request based on the target application , and send the service transaction request with the security application label, the medium authentication label and the CLF authentication label corresponding to the target application.

It can be understood that the authentication server, terminal and transaction device provided by the present invention are used to implement the above-mentioned transaction authentication processing method, and correspond to the transaction authentication processing method. Repeat.

Eighth Embodiment

Further, referring to FIG. 16, FIG. 16 is a structural diagram of a mobile terminal to which an embodiment of the present invention is applied. As shown in FIG. 16, the mobile terminal 1600 includes: at least one processor 1601, a memory 1602, at least one network interface 1604, and a user interface 1603. The various components in mobile terminal 1600 are coupled together by bus system 1605 . It will be appreciated that the bus system 1605 is used to implement connection communication between these components. In addition to the data bus, the bus system 1605 also includes a power bus, a control bus, and a status signal bus. However, for the sake of clarity, the various buses are labeled as bus system 1605 in FIG. 16 .

Among them, the user interface 1603 may include a display, a keyboard, or a pointing device (eg, a mouse, a trackball, a touch pad or a touch screen, etc.).

It can be understood that the memory 1602 in the embodiment of the present invention may be a volatile memory or a non-volatile memory, or may include both volatile and non-volatile memory. Wherein, the non-volatile memory may be Read-Only Memory (ROM), Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (Erasable PROM, EPROM), Erase programmable read-only memory (Electrically EPROM, EEPROM) or flash memory. The volatile memory may be random access memory (RAM), which is used as an external cache. By way of example and not limitation, many forms of RAM are available, such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (Double DataRate SDRAM, DDRSDRAM), enhanced synchronous dynamic random access memory (Enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (Synch link DRAM, SLDRAM) And direct memory bus random access memory (Direct Rambus RAM, DRRAM). The memory 1602 of the systems and methods described herein is intended to include, but not be limited to, these and any other suitable types of memory.

In some embodiments, memory 1602 stores the following elements, executable modules or data structures, or subsets thereof, or extended sets of them: operating system 16021 and applications 16022.

The operating system 16021 includes various system programs, such as a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and processing hardware-based tasks. The application program 16022 includes various application programs, such as a media player (Media Player), a browser (Browser), etc., for implementing various application services. A program for implementing the method of the embodiment of the present invention may be included in the application program 16022 .

In this embodiment of the present invention, by calling the program or instruction stored in the memory 1602, specifically, the program or instruction stored in the application program 16022, the processor 1601 is used to: detect the business transaction request sent by the business application; The business transaction request includes the safety application mark, the medium certification mark and the CLF certification mark;

According to the business transaction request, obtain the media authentication mark stored in the user identification card and the CLF authentication mark stored in the CLF;

The acquired media authentication label and CLF authentication label are verified according to the binding relationship obtained and saved by the target application from the authentication server, where the binding relationship includes the security application label, the media authentication label and the CLF authentication label corresponding to the target application. connection relation;

When the verification is passed, the CLF corresponding to the CLF certification mark is notified to initiate a transaction connection request to the transaction device, so that the transaction device can verify the transaction connection request.

The methods disclosed in the above embodiments of the present invention may be applied to the processor 1601 or implemented by the processor 1601 . The processor 1601 may be an integrated circuit chip with signal processing capability. In the implementation process, each step of the above-mentioned method can be completed by an integrated logic circuit of hardware in the processor 1601 or an instruction in the form of software. The above-mentioned processor 1601 may be a general-purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), an off-the-shelf programmable gate array (Field Programmable Gate Array, FPGA) or other Programming logic devices, discrete gate or transistor logic devices, discrete hardware components. Various methods, steps, and logical block diagrams disclosed in the embodiments of the present invention can be implemented or executed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in conjunction with the embodiments of the present invention may be directly embodied as executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software modules may be located in random access memory, flash memory, read-only memory, programmable read-only memory or electrically erasable programmable memory, registers and other storage media mature in the art. The storage medium is located in the memory 1602, and the processor 1601 reads the information in the memory 1602, and completes the steps of the above method in combination with its hardware.

It will be appreciated that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or a combination thereof. For hardware implementation, the processing unit may be implemented in one or more Application Specific Integrated Circuits (ASIC), Digital Signal Processing (DSP), Digital Signal Processing Device (DSP Device, DSPD), programmable logic Devices (Programmable Logic Device, PLD), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA), general purpose processors, controllers, microcontrollers, microprocessors, other electronic units for performing the functions described in this application or a combination thereof.

For a software implementation, the techniques described herein may be implemented through modules (eg, procedures, functions, etc.) that perform the functions described herein. Software codes may be stored in memory and executed by a processor. The memory can be implemented in the processor or external to the processor.

Optionally, the transaction connection request includes the binding relationship corresponding to the target application.

Optionally, the following operations are performed by calling the program or instruction stored in the memory 1602:

Verify the user identity information according to the received user identity information verification request;

After the authentication of the identity information is passed, the business transaction request sent by the business application is detected.

Optionally, the following operations are performed by calling the program or instruction stored in the memory 1602:

Obtain and store the binding relationship between the security application identifier, the media authentication identifier and the CLF authentication identifier sent from the authentication server;

According to the binding relationship, the media authentication mark is written into the corresponding user identification card, and the CLF authentication mark is written into the corresponding CLF; wherein,

The authentication server is configured to allocate the media authentication label and the CLF authentication label correspondingly according to the user medium authentication request and the CLF authentication request sent by the business application carrying the security application label, and assign the media authentication label, the CLF authentication label and the security application label Make an association to establish a binding relationship.

Those of ordinary skill in the art can realize that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may implement the described functionality using different methods for each particular application, but such implementations should not be considered beyond the scope of the present invention.

Those skilled in the art can clearly understand that, for the convenience and brevity of description, the specific working process of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which will not be repeated here.

In the embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.

Units described as separate components may or may not be physically separated, and components shown as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solutions in the embodiments of the present invention.

In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.

The functions, if implemented in the form of software functional units and sold or used as independent products, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention can be embodied in the form of a software product in essence, or the part that contributes to the prior art or the part of the technical solution. The computer software product is stored in a storage medium, including Several instructions are used to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: a U disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk and other mediums that can store program codes.

The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed by the present invention. should be included within the protection scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.

Claims (16)

1. A transaction authentication processing method is characterized by comprising the following steps:

acquiring a user medium authentication request and a C L F authentication request which are sent by a terminal after downloading a target application;

distributing a corresponding medium authentication mark to the terminal according to the user medium authentication request, and distributing a corresponding C L F authentication mark to the terminal according to the C L F authentication request, wherein the user medium authentication request comprises information of a storage medium SIM card, and distributing a corresponding medium authentication mark to the SIM card after an authentication server authenticates the SIM card for the first time and the authentication passes;

and establishing a binding relationship corresponding to the unique secure application mark, the medium authentication mark and the C L F authentication mark of the target application, and sending the binding relationship to the terminal and the transaction equipment so that the terminal and the transaction equipment can authenticate the medium authentication mark and the C L F authentication mark.

2. The transaction authentication processing method of claim 1, wherein the step of obtaining the user media authentication request and the C L F authentication request sent by the terminal after downloading the target application further comprises:

acquiring an application release request corresponding to the target application sent by a service platform;

and distributing corresponding safe application marks according to the target application.

3. A transaction authentication processing method is characterized by comprising the following steps:

detecting a service transaction request sent by a service application, wherein the service transaction request comprises a safety application mark, a medium authentication mark and a C L F authentication mark, the user medium authentication request comprises information of a storage medium SIM card, and after an authentication server authenticates the SIM card for the first time and passes the authentication, the authentication server allocates a corresponding medium authentication mark to the SIM card;

acquiring a medium authentication mark stored in a user identity identification card and a C L F authentication mark stored in C L F according to the service transaction request;

verifying the obtained medium authentication mark and the C L F authentication mark according to a binding relationship which is obtained and stored by a target application from an authentication server, wherein the binding relationship comprises an association relationship among a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application;

when the verification is passed, the C L F is informed that the corresponding C L F of the authentication mark initiates a transaction connection request to the transaction device, so that the transaction device can verify the transaction connection request.

4. The transaction authentication processing method of claim 3, wherein the transaction connection request includes a binding corresponding to the target application.

5. The transaction authentication processing method of claim 3, wherein the detecting the service transaction request sent by the service application further comprises:

verifying the user identity information according to the received user identity information verification request;

and when the identity information passes the verification, detecting a service transaction request sent by the service application.

6. The transaction authentication processing method of claim 3, wherein the detecting the service transaction request sent by the service application further comprises:

acquiring and storing a binding relationship between a security application mark, a medium authentication mark and a C L F authentication mark sent from an authentication server;

writing the medium authentication mark into a corresponding user identification card according to the binding relationship, and writing the C L F authentication mark into a corresponding C L F, wherein,

the authentication server is used for correspondingly distributing a medium authentication mark and a C L F authentication mark according to a user medium authentication request and a C L F authentication request which are sent by a service application carrying security application mark, and associating the medium authentication mark, the C L F authentication mark and the security application mark to establish a binding relationship.

7. A transaction authentication processing method is characterized by comprising the following steps:

the transaction equipment acquires and stores a binding relationship sent from the authentication server, wherein the binding relationship comprises an association relationship of a security application mark, a medium authentication mark and a C L F authentication mark;

the transaction equipment detects a transaction connection request sent by a terminal in real time, wherein the transaction connection request comprises a binding relation of a safety application mark corresponding to a service transaction request; the user medium authentication request comprises information of a storage medium SIM card, and after the authentication server authenticates the SIM card for the first time and the authentication passes, a corresponding medium authentication mark is distributed to the SIM card; if the SIM card is authenticated on the authentication server before, directly distributing a medium authentication mark distributed during authentication before to the SIM card;

the transaction equipment authenticates the binding relationship in the transaction connection request according to the stored binding relationship;

and when the authentication is passed, the transaction equipment establishes transaction connection with the terminal based on the NFC communication protocol.

8. A transaction authentication processing method is characterized by comprising the following steps:

sending a user medium authentication request and a C L F authentication request to an authentication server, wherein the user medium authentication request and the C L F authentication request both carry a safety application mark corresponding to a target application, the user medium authentication request comprises information of a storage medium SIM card, and after the authentication server authenticates the SIM card for the first time and passes the authentication, the authentication server distributes a corresponding medium authentication mark to the SIM card;

and receiving a medium authentication mark distributed by the authentication server according to the user medium authentication request and a C L F authentication mark distributed by the authentication server according to the C L F authentication request, and sending the service transaction request by carrying a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application when sending the service transaction request based on the target application.

9. An authentication server, characterized in that the authentication server comprises:

the first acquisition module is used for acquiring a user medium authentication request and a C L F authentication request which are sent after a terminal downloads a target application, wherein the user medium authentication request comprises information of a storage medium SIM card, and a corresponding medium authentication mark is distributed to the SIM card after an authentication server authenticates the SIM card for the first time and the authentication passes;

the first distribution module is used for distributing a corresponding medium authentication mark to the terminal according to the user medium authentication request and distributing a corresponding C L F authentication mark to the terminal according to the C L F authentication request;

and the processing module is used for establishing a binding relationship corresponding to the unique security application mark, the media authentication mark and the C L F authentication mark of the target application, and sending the binding relationship to the terminal and the transaction equipment so that the terminal and the transaction equipment can authenticate the media authentication mark and the C L F authentication mark.

10. The authentication server of claim 9, wherein the authentication server further comprises:

the second acquisition module is used for acquiring an application release request corresponding to the target application sent by the service platform;

and the second allocation module is used for allocating the corresponding security application marks according to the target application.

11. A terminal, characterized in that the terminal comprises:

the system comprises a first detection module, a second detection module and a third detection module, wherein the first detection module is used for detecting a service transaction request sent by a service application, the service transaction request comprises a safety application mark, a medium authentication mark and a C L F authentication mark, the user medium authentication request comprises information of a storage medium SIM card, and after an authentication server authenticates the SIM card for the first time and passes the authentication, the authentication server distributes a corresponding medium authentication mark to the SIM card;

a third obtaining module, configured to obtain, according to the service transaction request, a medium authentication indicator stored in the user identity card and a C L F authentication indicator stored in C L F;

the first verification module is used for verifying the acquired medium authentication mark and the C L F authentication mark according to a binding relationship which is acquired and stored by a target application from an authentication server, wherein the binding relationship comprises an association relationship among a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application;

and the notification module is used for notifying the C L F corresponding to the authentication mark of the C L F to initiate a transaction connection request to the transaction equipment when the verification is passed so that the transaction equipment can verify the transaction connection request.

12. The terminal of claim 11, wherein the transaction connection request includes a binding corresponding to the target application.

13. The terminal of claim 11, wherein the terminal further comprises:

the second verification module is used for verifying the user identity information according to the received user identity information verification request;

and after the identity information passes the verification, triggering the first detection module to detect a service transaction request sent by the service application.

14. The terminal of claim 11, wherein the terminal further comprises:

a fourth obtaining module, configured to obtain and store a binding relationship between the security application identifier, the media authentication identifier, and the C L F authentication identifier sent from the authentication server;

a storage module, configured to write the media authentication indicator into a corresponding subscriber identity module card according to the binding relationship, and write the C L F authentication indicator into a corresponding C L F, where,

the authentication server is used for correspondingly distributing a medium authentication mark and a C L F authentication mark according to a user medium authentication request and a C L F authentication request which are sent by a service application carrying security application mark, and associating the medium authentication mark, the C L F authentication mark and the security application mark to establish a binding relationship.

15. A transaction device, characterized in that the transaction device comprises:

the fifth acquisition module is used for acquiring and storing a binding relationship sent from the authentication server, wherein the binding relationship comprises an association relationship among a security application mark, a medium authentication mark and a C L F authentication mark, the user medium authentication request comprises information of a storage medium SIM card, and the authentication server authenticates the SIM card for the first time and allocates a corresponding medium authentication mark to the SIM card after the authentication passes;

the second detection module is used for detecting a transaction connection request sent by the terminal in real time, wherein the transaction connection request comprises a binding relation of a safety application mark corresponding to the service transaction request;

the authentication module is used for authenticating the binding relationship in the transaction connection request according to the stored binding relationship;

and the connection module is used for establishing transaction connection with the terminal based on the NFC communication protocol when the authentication is passed.

16. A terminal, characterized in that the terminal comprises:

the system comprises a sending module, a certification server and a certification module, wherein the sending module is used for sending a user medium certification request and a C L F certification request to the certification server, the user medium certification request and the C L F certification request both carry a safety application mark corresponding to a target application, the user medium certification request comprises information of a storage medium SIM card, and after the SIM card is certified and certified by the certification server for the first time, a corresponding medium certification mark is distributed to the SIM card;

and the receiving module is used for receiving a medium authentication mark distributed by the authentication server according to the user medium authentication request and a C L F authentication mark distributed by the authentication server according to the C L F authentication request, and carrying a security application mark, a medium authentication mark and a C L F authentication mark corresponding to the target application to send the service transaction request when sending the service transaction request based on the target application.

Images