CN102739398A - Online bank identity authentication method and apparatus thereof - Google Patents
Online bank identity authentication method and apparatus thereofDownload PDFInfo
- Publication number
- CN102739398A CN102739398ACN2011100908874ACN201110090887ACN102739398ACN 102739398 ACN102739398 ACN 102739398ACN 2011100908874 ACN2011100908874 ACN 2011100908874ACN 201110090887 ACN201110090887 ACN 201110090887ACN 102739398 ACN102739398 ACN 102739398A
- Authority
- CN
- China
- Prior art keywords
- authorization code
- net silver
- processor
- user
- keyboard
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription42
- 238000013475authorizationMethods0.000claimsabstractdescription47
- BQCADISMDOOEFD-UHFFFAOYSA-NSilverChemical compound[Ag]BQCADISMDOOEFD-UHFFFAOYSA-N0.000claimsdescription70
- 229910052709silverInorganic materials0.000claimsdescription70
- 239000004332silverSubstances0.000claimsdescription70
- 230000008676importEffects0.000claimsdescription8
- 238000012360testing methodMethods0.000claimsdescription8
- 238000005516engineering processMethods0.000description5
- 230000003068static effectEffects0.000description2
- VBMOHECZZWVLFJ-GXTUVTBFSA-N(2s)-2-[[(2s)-6-amino-2-[[(2s)-6-amino-2-[[(2s,3r)-2-[[(2s,3r)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-6-amino-2-[[(2s)-2-[[(2s)-2-[[(2s)-2,6-diaminohexanoyl]amino]-5-(diaminomethylideneamino)pentanoyl]amino]propanoyl]amino]hexanoyl]amino]propanoyl]amino]hexanChemical compoundNC(N)=NCCC[C@@H](C(O)=O)NC(=O)[C@H](CCCCN)NC(=O)[C@H](CCCCN)NC(=O)[C@H]([C@@H](C)O)NC(=O)[C@H]([C@H](O)C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCCN)NC(=O)[C@H](C)NC(=O)[C@H](CCCN=C(N)N)NC(=O)[C@@H](N)CCCCNVBMOHECZZWVLFJ-GXTUVTBFSA-N0.000description1
- 244000188472Ilex paraguariensisSpecies0.000description1
- 101000896740Solanum tuberosum Cysteine protease inhibitor 9Proteins0.000description1
- 238000005336crackingMethods0.000description1
- 230000007812deficiencyEffects0.000description1
- 238000011161developmentMethods0.000description1
- 238000005242forgingMethods0.000description1
- 108010068904lysyl-arginyl-alanyl-lysyl-alanyl-lysyl-threonyl-threonyl-lysyl-lysyl-arginineProteins0.000description1
- 238000012423maintenanceMethods0.000description1
- 230000001360synchronised effectEffects0.000description1
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
Technical field
The present invention relates to the Internet bank, relate in particular to the realization of the identity on-line authentication in the Internet bank.
Background technology
Along with the fast development of the Internet and ecommerce, Web bank's (hereinafter to be referred as Net silver) online transaction amount of money constantly enlarges, and network information security problem shows especially day by day, and the consumer more and more pays close attention to the safety problem of Net silver.In order to guarantee the safety of Net silver, need use identity identifying technology when carrying out the Net silver operation.
There are two kinds of widely used authentication hardware products can realize safer Net silver system login at present, i.e. dynamic puzzle-lock and USB Key.
Dynamic password (Dynamic Password) also claim disposal password, and it refers to user's password according to time or the continuous dynamic change of access times, and each password only uses once.Dynamic password adopts a kind of specialized hardware that is referred to as dynamic token, and built-in power, password generate chip and display screen.The password of this product generates the special cryptographic algorithm of chip operation, generates current password and is presented on the display screen according to current time and access times.Certificate server adopts the identical current valid password of algorithm computation.Because each password that uses must be produced by dynamic token, has only validated user just to hold this hardware, as long as cipher authentication passes through, system just can think that this user's identity is reliable.And the each password that uses of user is all inequality, even the hacker has intercepted and captured password one time, the identity that also can't utilize this password to come counterfeit validated user is because login next time must be used the another one dynamic password.
Dynamic puzzle-lock system needs two password key elements, and a key element is static PIN code (identity code), is provided with voluntarily, is taken care of by the user.Another key element is a dynamic password, is dynamically generated by cipher token, and is unpredictable, and synchronous with the access control maintenance of background server, tested by background server.Therefore, correct static PIN code and the dynamic password of the essential input of user could be through authentication.
The certification mode that USB Key adopts conbined public or double key (PKI) to encrypt, USB Key is a kind of hardware device of USB interface.Its built-in single-chip microcomputer or intelligent card chip has certain memory space, can store user's private key and digital certificate, utilizes the built-in public key algorithm of USB Key to realize the authentication to user identity.Because private key for user is kept in the coded lock, uses any way all can't read in theory, therefore guaranteed the fail safe of authentification of user.
USB Key product is put forward by encryption lock manufacturer the earliest; Original USB encryption lock is mainly used in and prevents that software from cracking and duplicating, and protection software is not by piracy, and the purpose of USB Key is different; USB Key is mainly used in network authentication, main digital certificate and the private key for user preserved in the lock.USB Key producer is with USB Key and PKI (Public Key Infrastructure; PKIX) technology combines; Developed the safe middleware that meets the PKI standard, utilized USB Key to preserve digital certificate and private key for user, and provide and meet PKI standard programming interface using the developer; Like PKCS#1l and MSCAPI, so that exploitation is based on the application program of PKI.Because USB Key itself is as crypto key memory, the hardware configuration of himself has determined the user can only pass through manufacturer's DLL visit data, and this digital certificate that has just guaranteed to be kept among the USB Key can't be replicated.
Dynamic puzzle-lock and USB Key are good safety products, but if based on the PKI system, use USB Key builds the key management platform of following the PKI standard more easily, and this also is that USB Key uses one of reason more widely.
In fact USB Key is exactly the signature device of a hardware.Say on the principle that the program on any PC can use USB Key to carry out data signature, also comprise attacker certainly.Therefore, attacker is probably forged network bank business based packet and is signed with USB Key, gains the Net silver trust by cheating and user account is caused attack.In order to address this problem, USB Key needs user authorization code usually, and USB Key signs to data after having checked authorization code.
Fig. 1 has described existing Net silver flow for authenticating ID, and it roughly comprises, step 101: before usingidentification authentication system 1, the user must be atNet silver client 2 input authorization codes; Step 102: authorization code is expressly passed toidentification authentication system 1 byNet silver client 2; When the authorization code of 1 pair of input of identification authentication system verify be judged as mate successfully after, just can carry out later digital signature and handle, just:identification authentication system 1 is with authorization code that receives and comparing of having preserved; If mate successfully; Then can carry out ensuing signature operation, otherwise beam back error message, the detailed process of digital signature then comprises; Step 105: byNet silver client 2 transaction data to be signed is passed toidentification authentication system 1, the request digital signature is handled; Step 106: will signing afterwards byidentification authentication system 1, data send toNet silver client 2; And step 107: will sign the back data passes tobank backstage 3 byNet silver client 2.
Because the Net silver operation also need be used account password except the above-mentioned authorization code of needs, therefore, the flow process of Net silver authentication also comprises step 103: the user imports account password on the keyboard ofNet silver client 2; And step 104:Net silver client 2 sends toidentification authentication system 1 with account password;Identification authentication system 1 is encrypted account password earlier; When receiving data to be signed; Ciphertext and data to be signed afteridentification authentication system 1 can be encrypted account password are combined into data, then the data after the combination are signed, and the data after will signing send toNet silver client 2.
To sum up, existing identity identifying method is because the user is input authorization code and an account password onNet silver client 2; Send toidentification authentication system 1 byNet silver client 2 again; Thereby authorization code and/or account password can appear at mode expressly on the keyboard ofNet silver client 2 with internal memory in, andNet silver client 2 is as the part in the open network environment, the assailant is easy to it is attacked; Intercept and capture authorization code and/or account password, accomplish the transaction that forges a signature.
Summary of the invention
The technical problem that the present invention will solve is to overcome the deficiency of above-mentioned prior art, and proposes a kind of method and device that can guarantee the Net silver authentication of authentication process safety effectively.
The present invention solves the problems of the technologies described above the technological means that is adopted and comprises; A kind of Net silver identity identifying method is proposed; Comprise: a device is set; This device comprise one can carry out processor that digital signature handles, link to each other with this processor can with miscellaneous equipment in the Net silver communicate by letter an interface that is connected and a keyboard that links to each other with this processor, in this device, store a licencing key;
When network bank business based, need to import an authorization code via this keyboard earlier, after this authorization code empirical tests was qualified, this processor could carry out digital signature to transaction data to be handled, and sent miscellaneous equipment in the Net silver to via the transaction data of this interface after with signature process.
Method of the present invention when initialization, is stored Net silver certificate and user certificate, and by the user this licencing key is set in this device; When network bank business based, miscellaneous equipment is at first signed to request msg with own certificate and is sent this device in the Net silver, has only verified that at this device the Net silver signature for after correctly, just points out the user on this device, to import authorization code.
Method of the present invention, the proof procedure of this authorization code are will be compared via stored authorized password in the authorization code of keyboard input and this device by this processor, and both mate, and it is qualified to be judged as.
Method of the present invention; After this authorization code empirical tests is qualified; When miscellaneous equipment in the Net silver need be when the user obtains security information; The user carries out encryption via this keyboard input security information and through this processor to this security information, then to the data after the encryption separately or combine other transaction data to carry out digital signature to handle, and sends miscellaneous equipment in the Net silver to via the data of this interface after with signature process.
Method of the present invention, this security information refers to account number cipher.
Method of the present invention; After this authorization code empirical tests is qualified; Keep certain term of validity, before the deadline, the data signature operation of being undertaken by this device does not need to verify again authorization code again; After the term of validity finishes, the data signature action need user who is undertaken by this device re-enter authorization code and verify qualified.
The present invention solves the problems of the technologies described above the technological means that is adopted and also comprises, proposes a kind of device of Net silver authentication, comprises a processor, an interface that links to each other with this processor and a keyboard, in this device, stores a licencing key; When miscellaneous equipment in the Net silver needs the user that data are carried out digital signature; Get and import an authorization code via this keyboard earlier; After this authorization code empirical tests is qualified; This processor just carries out digital signature to transaction data to be handled, and sends miscellaneous equipment in the Net silver to via the transaction data of this interface after with signature process.
Device of the present invention, this device comprises the body of a card form, and this processor and keyboard are arranged in this body, and this interface is arranged on this body edges.
Device of the present invention, this interface are to link to each other with this body collapsiblely.
Device of the present invention, this keyboard comprises 10 numeric keys.
Compared with prior art; The method of Net silver authentication of the present invention and device; Through on the device that is independent of the Net silver client, realizing the input of authorization code and account password, can guarantee that authorization code and account password can not be stolen, thereby can guarantee authentication process safety effectively.
Description of drawings
Fig. 1 is the flow process signal of the method for existing Net silver authentication.
Fig. 2 is the flow process signal of the method for Net silver authentication of the present invention.
Fig. 3 is the structural representation of the device of Net silver authentication of the present invention.
Fig. 4 is the electric principle signal of the device of Net silver authentication of the present invention.
Embodiment
In order to further specify principle of the present invention and structure, combine accompanying drawing to a preferred embodiment of the present invention will be described in detail at present.
The flow process of the method for Net silver authentication of the present invention is as shown in Figure 2, and it roughly comprises:
Step 201: when the needs user imports authorization code and starts the authentication process; The input of authorization code is to realize through the keyboard that is embedded on thedevice 1 of authentication; 1 pair of authorization code of the device of authentication is compared, and matees successfully just to use thisidentification authentication system 1 to carry out authentication.
Step 202: when thedevice 1 of authentication needed account number cipher information, the input of account number cipher also is directly to realize through the keyboard on theidentification authentication system 1, and was encrypted then.
Step 203: thedevice 1 of authentication receives data to be signed fromNet silver client 2;
Step 204: account number cipher after thedevice 1 of authentication will be encrypted and data to be signed are formed data and these data are carried out digital signature handle, and data send toNet silver client 2 after the signature process.
Step 205:Net silver client 2 will be signed the back data passes tobank backstage 3.
The method of Net silver authentication of the present invention, user's authorization code has the regular hour term of validity, and in the term of validity, the data signature operation of on thedevice 1 of Net silver authentication, carrying out does not need to verify again authorization code again.After the term of validity finishes, need the user to re-enter authorization code in thedevice 1 enterprising line data signature operation of Net silver authentication.
The structure of thedevice 1 of Net silver authentication of the present invention is as shown in Figure 3, and it comprises thebody 11 of a card form and theinterface 12 that is arranged on thesebody 11 edges.Preferably, thisinterface 12 is to link to each other with thisbody 11 collapsiblely.Thisinterface 12 can be a USB interface, and time spent andbody 11 do not stack, and open during use, and the part that leans out can be inserted in theNet silver client 2.
The electric principle of thedevice 1 of Net silver authentication of the present invention is as shown in Figure 4, and it comprises theprocessor 111 andkeyboard 112 that is encapsulated in thisbody 11, and thisprocessor 111 is electrically connected with this interface 12.Also can comprise thememory 113 that is electrically connected with thisprocessor 111 in thisbody 11, need to prove that thismemory 113 is located in thisprocessor 111 in can being.Preferably; Thiskeyboard 112 comprises 10 numeric keys 1121 (referring to Fig. 3); And can adopt capacitance type touch key to reduce the thickness ofbody 11, the user can be compared through a kind of hash algorithm and the licencing key that leaves the user preset in thememory 113 in byprocessor 111 through the authorization code ofkeyboard 112 inputs.
Thedevice 1 of Net silver authentication of the present invention is stored Net silver certificate and user certificate indevice 1 during initialization, carry out the preset of licencing key by the user through the keyboard that installs on 1.When network bank business based, Net silver needs the user that transaction data is signed, and Net silver is at first signed to request msg with the certificate of oneself.Device 1 just points out user's input authorization code ondevice 1 to carry out digital signature to authorize thisdevice 1 after authentication Net silver signature iscorrect.Device 1 is just signed the user cipher piece of transaction data and/or encryption after checking is authorized effectively, submits to Net silver backstage service routine then.
Thedevice 1 of Net silver authentication of the present invention can be used as a CSP (Cryptographic Service Provide cryptographic service supply) and uses, comprising the realization of various password standards and algorithm.According to the needs of different Net silvers, can customize out different services.
Compared with prior art; The method of Net silver authentication of the present invention and device; Guaranteed that authorization code and account password expressly only appear atdevice 1 inside that is independent ofNet silver client 2,device 1 is as an off-line device, and degree of safety is higher; The assailant can not obtain any useful message of user, the situation that online transaction can not occur forging a signature.
More than be merely preferable possible embodiments of the present invention, and unrestricted protection scope of the present invention, so the equivalent structure that all utilizations specification of the present invention and accompanying drawing content are made changes, all be included in protection scope of the present invention.
Claims (10)
1. the method for a Net silver authentication is characterized in that, comprising:
One device is set; This device comprise one can carry out processor that digital signature handles, link to each other with this processor can with miscellaneous equipment in the Net silver communicate by letter an interface that is connected and a keyboard that links to each other with this processor, in this device, store a licencing key;
When network bank business based, need to import an authorization code via this keyboard earlier, after this authorization code empirical tests was qualified, this processor could carry out digital signature to transaction data to be handled, and sent miscellaneous equipment in the Net silver to via the transaction data of this interface after with signature process.
2. according to the described method of claim 1, it is characterized in that, when initialization, in this device, store Net silver certificate and user certificate, and this licencing key is set by the user; When network bank business based, miscellaneous equipment is at first signed to request msg with own certificate and is sent this device in the Net silver, has only verified that at this device the Net silver signature for after correctly, just points out the user on this device, to import authorization code.
3. according to the described method of claim 2, it is characterized in that the proof procedure of this authorization code is will be compared via stored authorized password in the authorization code of keyboard input and this device by this processor, both mate, and it is qualified to be judged as.
4. according to the described method of claim 1; It is characterized in that; After this authorization code empirical tests was qualified, when miscellaneous equipment in the Net silver need be when the user obtains security information, the user carried out encryption via this keyboard input security information and through this processor to this security information; Send miscellaneous equipment in the Net silver to then separately or combine other transaction data to carry out digital signature to handle, and via the data of this interface after with signature process to the data after the encryption.
5. according to the described method of claim 4, it is characterized in that this security information refers to account number cipher.
6. according to the described method of claim 1; It is characterized in that, after this authorization code empirical tests is qualified, keep certain term of validity; Before the deadline; The data signature operation of being undertaken by this device does not need to verify again authorization code again, after the term of validity finishes, the data signature action need user who is undertaken by this device re-enter authorization code and verify qualified.
7. the device of a Net silver authentication is characterized in that, comprises a processor, an interface that links to each other with this processor and a keyboard, in this device, stores a licencing key; When miscellaneous equipment in the Net silver needs the user that data are carried out digital signature; Get and import an authorization code via this keyboard earlier; After this authorization code empirical tests is qualified; This processor just carries out digital signature to transaction data to be handled, and sends miscellaneous equipment in the Net silver to via the transaction data of this interface after with signature process.
8. according to the described device of claim 7, it is characterized in that this device comprises the body of a card form, this processor and keyboard are arranged in this body, and this interface is arranged on this body edges.
9. according to the described device of claim 8, it is characterized in that this interface is to link to each other with this body collapsiblely.
10. according to the described device of claim 8, it is characterized in that this keyboard comprises 10 numeric keys.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100908874ACN102739398A (en) | 2011-04-12 | 2011-04-12 | Online bank identity authentication method and apparatus thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100908874ACN102739398A (en) | 2011-04-12 | 2011-04-12 | Online bank identity authentication method and apparatus thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102739398Atrue CN102739398A (en) | 2012-10-17 |
Family
ID=46994243
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100908874APendingCN102739398A (en) | 2011-04-12 | 2011-04-12 | Online bank identity authentication method and apparatus thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102739398A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103117854A (en)* | 2012-12-10 | 2013-05-22 | 涂国坚 | Safe internet bank implementation method |
| CN105308623A (en)* | 2014-03-17 | 2016-02-03 | 中国工商银行股份有限公司 | Device and method for providing online service |
| CN110086818A (en)* | 2019-05-05 | 2019-08-02 | 绍兴文理学院 | A kind of cloud file security storage system and access control method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262348A (en)* | 2008-03-19 | 2008-09-10 | 阎琳 | USB digital signature device and its operation method |
| US20080255992A1 (en)* | 2007-04-16 | 2008-10-16 | Chung-Yu Lin | Double recognizing method by means of telephone number and identification code for online credit card transactions over the internet |
| CN101609391A (en)* | 2009-08-05 | 2009-12-23 | 天津深楠信息安全有限公司 | The PIN code secured inputting method of a kind of USB KEY |
| CN101695066A (en)* | 2009-09-28 | 2010-04-14 | 北京深思洛克软件技术股份有限公司 | Security authentication method and information security authentication equipment |
- 2011
- 2011-04-12CNCN2011100908874Apatent/CN102739398A/enactivePending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080255992A1 (en)* | 2007-04-16 | 2008-10-16 | Chung-Yu Lin | Double recognizing method by means of telephone number and identification code for online credit card transactions over the internet |
| CN101262348A (en)* | 2008-03-19 | 2008-09-10 | 阎琳 | USB digital signature device and its operation method |
| CN101609391A (en)* | 2009-08-05 | 2009-12-23 | 天津深楠信息安全有限公司 | The PIN code secured inputting method of a kind of USB KEY |
| CN101695066A (en)* | 2009-09-28 | 2010-04-14 | 北京深思洛克软件技术股份有限公司 | Security authentication method and information security authentication equipment |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103117854A (en)* | 2012-12-10 | 2013-05-22 | 涂国坚 | Safe internet bank implementation method |
| CN105308623A (en)* | 2014-03-17 | 2016-02-03 | 中国工商银行股份有限公司 | Device and method for providing online service |
| CN105308623B (en)* | 2014-03-17 | 2019-05-31 | 中国工商银行股份有限公司 | Device and method for providing online online service |
| CN110086818A (en)* | 2019-05-05 | 2019-08-02 | 绍兴文理学院 | A kind of cloud file security storage system and access control method |
| CN110086818B (en)* | 2019-05-05 | 2020-05-19 | 绍兴文理学院 | Cloud file secure storage system and access control method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8112787B2 (en) | System and method for securing a credential via user and server verification | |
| US9887989B2 (en) | Protecting passwords and biometrics against back-end security breaches | |
| CN100566254C (en) | Improve the method and system of safety of intelligent key equipment | |
| US10523441B2 (en) | Authentication of access request of a device and protecting confidential information | |
| US20180144114A1 (en) | Securing Blockchain Transactions Against Cyberattacks | |
| JP3595109B2 (en) | Authentication device, terminal device, authentication method in those devices, and storage medium | |
| CN100459488C (en) | Portable one-time dynamic password generator and security authentication system using the same | |
| AU2004288540B2 (en) | Portable security transaction protocol | |
| CN104798083B (en) | Method and system for authenticating access requests | |
| US20030135740A1 (en) | Biometric-based system and method for enabling authentication of electronic messages sent over a network | |
| CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
| CN115618399A (en) | Identity authentication method and device based on block chain, electronic equipment and readable medium | |
| TWM623435U (en) | System for verifying client identity and transaction services using multiple security levels | |
| CN101479987A (en) | Biometric credential verification framework | |
| CN107809317A (en) | A kind of identity identifying method and system based on token digital signature | |
| WO2007094165A1 (en) | Id system and program, and id method | |
| CN100566250C (en) | A kind of point to point network identity identifying method | |
| CN1921395B (en) | Method for improving security of network software | |
| TWI526871B (en) | Server, user device, and user device and server interaction method | |
| CN114830092A (en) | System and method for protecting against malicious program code injection | |
| CN101482957A (en) | Credible electronic transaction method and transaction system | |
| CN116112242B (en) | Unified safety authentication method and system for power regulation and control system | |
| CN115134144B (en) | Enterprise-level business system authentication method, device and system | |
| KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
| WO2011152084A1 (en) | Efficient mutual authentication method, program, and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20121017 |