CN100583174C - Data safety processing method using online banking system safety terminal - Google Patents
Data safety processing method using online banking system safety terminal Download PDFInfo
- Publication number
- CN100583174C CN100583174C CN200610165318A CN200610165318A CN100583174C CN 100583174 C CN100583174 C CN 100583174C CN 200610165318 A CN200610165318 A CN 200610165318A CN 200610165318 A CN200610165318 A CN 200610165318A CN 100583174 C CN100583174 C CN 100583174C
- Authority
- CN
- China
- Prior art keywords
- module
- user
- terminal
- bank
- product ids
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention relates to an internet banking system security terminal and the data security processing method thereof, and belongs to the internet financial security technical field. The invention comprises a main controller, a hardware encryption and decryption module, a security memory space module, a numeric keyboard module, a display module, and a USB interface module. The invention adopts the connection relationship among all the parts that the hardware encryption and decryption module, the security memory space module, the numeric keyboard module, the display module and the USB interface module are respectively connected with a main controller. The invention can also comprises a card reader and a random number generator, the card reader and the random number generator are respectively connected with the main controller. The invention resolves the problem that the security of the internet financial operation is low in the prior art, the dependability to a computer key-board is avoided during using the internet banking, the possibility that the illegitimate acquires the financial information of a user through a series of illegal means, such as Trojan, long-distance supervisory and control, virus, etc., is eliminated fundamentally, in addition, the terminal is compatible with the tools of each bank such as USB_KEY, etc., the client-side programme is only required to be modified by the bank, the system upgrades quickly, and the development cycle is short.
Description
Technical field
The present invention relates to a kind of disposal route of utilizing online banking system safety terminal to carry out Web bank's finance operation, realization data security, belong to network finance safety technique field.
Background technology
Along with going deep into of rapid development of network technology and China's commercialization process, this emerging self-service personal finance method of service of Web bank has obtained being extensive use of.Web bank provides users with the convenient, means of payment efficiently, becomes the important motive force of ecommerce fast development.But thing followed safety problem becomes the bottleneck of restriction Web bank fast development, and user's Financial Information safety in virus, wooden horse serious threat, and this also greatly affects the development of Internet-based banking services.Relevant investigation shows that the problem that Web bank exists at present is that the user has a misgiving for the security of Web bank, causes the user relievedly to use." CFCA2005 Web bank behavior survey report " shows; transaction security is the problem that the user is concerned about most; at home among more than the 3460 ten thousand Net silver users; understand user's less than 1/3rd still of how using third party's digital certificate to protect fund security, actual user's less than 3% of using digital certificate.And potential user's (user of Web bank is used in preparation in following a year) is as selecting " Net silver " service, the ratio of overriding concern " security " is up to 91.1%, cause and user's (not preparing to use the user of Web bank in promptly following a year) not use Web bank, the first cause of also not planning to use in the future to be " worrying that network is dangerous " now.Therefore, in case the mode of accepting with the user has solved network security problem, the development of Web bank will be rapider so.
At present, the user is when using Web bank, and the soft keyboard that the QWERTY keyboard that generally uses a computer or input method carry is imported Bank Account Number, the password of oneself.And QWERTY keyboard or soft keyboard are very easy to be monitored by the hacker, the non-constant of security, and user's number of the account, password are very easy to be obtained by the disabled user, and this class accident emerges in an endless stream.In order to overcome keyboard input monitored shortcoming easily; how tame bank has released the digital certificate service now; digital certificate is kept among the USB KEY, links to each other with computing machine by USB interface, and has the digital certificate among the payment cryptographic key protection USB KEY can illegally not read.The user is when using Web bank, at first USB KEY to be inserted computing machine USB mouth, the user inputs number of the account, password and payment key by keyboard, and the payment key authentication passes through, and number of the account, encrypted message re-send to the bank server end after being handled by digital certificate.This mode has been protected user information safety effectively.But, because user's number of the account, password and payment key still by the keyboard input, still are very easy to be obtained by the disabled user.After the disabled user obtains number of the account, password, often adopt multiple behaviors such as copying bank card to transfer the fund of user account to oneself use.Therefore, though USB KEY security is higher, owing to do not break away from the restriction of computing machine input mode, user's Financial Information safety still can not get guaranteeing.
Summary of the invention
Technical matters to be solved by this invention is the disposal route that provides the higher tool terminal of a kind of dependability to realize data security, the low problem of solution Web bank's security.
The present invention solves the problems of the technologies described above the technical scheme that is adopted, and this terminal comprises: master controller, hardware enciphering and deciphering module, secure memory space module, numeric keypad module, display module, usb interface module, card reader and randomizer; Described hardware enciphering and deciphering module, secure memory space module, numeric keypad module, display module, usb interface module, card reader, randomizer are connected with described master controller respectively.Described disposal route realizes that the processing procedure of data security is as follows:
When (1) described terminal is for the first time online, described display module prompting User login related web site downloading digital certificate;
(2) described terminal is provided with initial user's PIN code by its embedded described numeric keypad module;
When (3) utilizing described terminal to carry out Web bank's financial business, described terminal is verified described user's PIN code by described master controller, if user's PIN code authentication failed forbids that then the user uses described digital certificate;
(4) described terminal receives user account by its embedded described numeric keypad module or described card reader;
(5) described terminal receives user cipher by its embedded described numeric keypad module;
(6) described terminal is carried out encryption by described hardware enciphering and deciphering module to described user account, described user cipher; Described terminal to the process that described user account, user cipher carry out encryption is: bank is equipped with independently 16 byte product IDs number for each described terminal, described 16 byte product IDs number by can disclosed 8 bytes expressly and the 8 byte random numbers that can not know form and the described 16 byte product IDs differences of each described terminal; Described terminal number is a key with described 16 byte product IDs, adopts symmetric encipherment algorithm described user account, described user cipher to be encrypted user account number and user cipher after obtaining encrypting;
(7) described terminal sends to computing machine by the user account and the user cipher data message of described usb interface module after with described encryption, sends to bank server by computing machine and carries out subsequent treatment; Described 8 bytes of described 16 byte product IDs number expressly and user account number and user cipher after the described encryption send to bank server together; After bank server is received, expressly finding corresponding described 16 byte product IDs number by described 8 bytes of searching described 16 byte product IDs number, number is user account number and user cipher after the described encryption of secret key decryption with described 16 byte product IDs then.
The invention has the beneficial effects as follows: utilize tool terminal of the present invention and data safety processing method, computing machine is only as professional media, all user's finance account cleartext informations can not occur in computing machine and network transmission process, have fundamentally stopped the disabled user and have obtained the possible of user's Financial Information by a series of illegal means such as wooden horse, remote monitoring, viruses.In addition, the instrument compatibilities such as USB KEY that this terminal and present each bank use, bank only needs suitably to revise client-side program and gets final product, and system upgrade is fast, and the construction cycle is short.
Description of drawings
The invention will be further described below in conjunction with the drawings and specific embodiments.
Fig. 1 is the structured flowchart of the online banking system safety terminal that proposes of the present invention.
Fig. 2 is the digital certificate installation procedure figure of the data safety processing method that proposes of the present invention.
Fig. 3 is that the terminal of the data safety processing method that proposes of the present invention is used process flow diagram.
Embodiment
Fig. 1 is the structural drawing of this terminal.Among the figure, card reader is used for reading user's bank card information, and number of the account is input to terminal; Terminal is carried out data interaction by usb interface module and computing machine; Display module is used for showing master controller instruction, account information, makes things convenient for user and terminal to carry out command interaction; According to the order of master controller, the user can use numeric keypad module input number of the account, password, also can import PIN code, and the user carries out data interaction by numeric keypad module and master controller; The secure memory space module is used for preserving information such as digital certificate, prevents that the disabled user from duplicating, reading; The hardware enciphering and deciphering module is used for the encryption user account information; Randomizer is used for obtaining the fixed byte random number.In specific implementation process, the function of master controller, hardware enciphering and deciphering module, randomizer and secure memory space module can be finished by a primary processor, also can and one or morely finish by primary processor from processor, promptly master controller can built in hardware encryption and decryption module, one or more in randomizer and the secure memory space module.
Fig. 2 is digital certificate installation procedure figure.When the user needs downloadable authentication or more during new authentication, at first will be by PIN code protection authentication.If the PIN code authentification failure, the then download of terminal forbidden digit certificate and renewal, after the PIN code authentication was passed through, computing machine was downloaded digital certificate get off from the Internet, and directly sends it to terminal.After terminal receives and preserves digital certificate, remind the user whether to upgrade PIN code, will original PIN code alternative with new PIN code then after the identical new PIN code of the double input of user if upgrade, as if new password more not, then still use original PIN code.At this moment, the digital certificate in the terminal will be the digital certificate after upgrading.
Fig. 3 is that terminal is used process flow diagram.When the user used Web bank, computing machine sent order to terminal, and terminal is imported PIN code display module prompting user, and the user is by the numeric keypad module input PIN code of terminal.If the PIN code authentication failed forbids that then the user uses digital certificate, after authentication is passed through, display module reminds the user with importing number of the account, and at this moment, the user can import number of the account with the numeric keypad module of card reader or terminal, after the number of the account input was finished, display module prompting user imported account number cipher.After the user imported password with the numeric keypad module, terminal was carried out the ciphering signature processing with number of the account, encrypted message, after finishing dealing with, sends to computing machine by the USB mouth, sends to bank server by computing machine and carries out subsequent treatment.In whole use; user's operation is totally independent of computing machine, and the data message that terminal outwards sends has all passed through the ciphering signature processing, therefore; monitoring softwares such as wooden horse in the computing machine can't obtain user's Financial Information, have effectively protected user's Financial Information safety.
In the aforesaid operations flow process, terminal to user account, information is carried out encryption that multiple mode is arranged, for example, following scheme can be arranged, first kind is asymmetrical encryption approach: utilize the PKI of preserving in the terminal, adopt rivest, shamir, adelman that number of the account, password are carried out encryption, after bank server is received cipher-text information, utilize private key to be decrypted again; Second kind is symmetric encryption scheme: bank is equipped with independently 16 byte product IDs number for each terminal, and wherein 8 bytes expressly can disclose, and 8 byte random numbers can not be known, and the ID difference of each terminal; Terminal is a key with ID number, adopts symmetric encipherment algorithm that user profile is encrypted, and then ID number 8 bytes plaintext and the user profile after the encryption is sent to bank server together; Bank server receives that the back expressly finds corresponding 16 byte ID numbers by 8 bytes of searching ID number, is secret key decryption user profile with 16 byte ID numbers then; The third is the complex encryption scheme: produce one group of random number by randomizer, the public key encryption that adopts rivest, shamir, adelman that this random number is preserved with terminal sends to the bank server end; After bank server is received, it is deciphered, obtain random number with corresponding private key; Terminal and bank server end use this random number as key, and the contact business datum is carried out symmetric cryptography, and after business was finished, this random number was cancelled.
Claims (1)
1. disposal route of using online banking system safety terminal to realize data security, described terminal comprises: master controller, hardware enciphering and deciphering module, secure memory space module, numeric keypad module, display module, usb interface module, card reader and randomizer;
Described hardware enciphering and deciphering module, secure memory space module, numeric keypad module, display module, usb interface module, card reader, randomizer are connected with described master controller respectively; It is characterized in that: described disposal route realizes that the processing procedure of data security is as follows:
When (1) described terminal is for the first time online, described display module prompting User login related web site downloading digital certificate;
(2) described terminal is provided with initial user's PIN code by its embedded described numeric keypad module;
When (3) utilizing described terminal to carry out Web bank's financial business, described terminal is verified described user's PIN code by described master controller, if described user's PIN code authentication failed forbids that then the user uses described digital certificate;
(4) described terminal receives user account by its embedded described numeric keypad module or described card reader;
(5) described terminal receives user cipher by its embedded described numeric keypad module;
(6) described terminal is carried out encryption by described hardware enciphering and deciphering module to described user account, described user cipher; Described terminal to the process that described user account, user cipher carry out encryption is: bank is equipped with independently 16 byte product IDs number for each described terminal, described 16 byte product IDs number by can disclosed 8 bytes expressly and the 8 byte random numbers that can not know form and the described 16 byte product IDs differences of each described terminal; Described terminal number is a key with described 16 byte product IDs, adopts symmetric encipherment algorithm described user account, described user cipher to be encrypted user account number and user cipher after obtaining encrypting;
(7) described terminal sends to computing machine by the user account and the user cipher of described usb interface module after with described encryption, sends to bank server by computing machine and carries out subsequent treatment; Described 8 bytes of described 16 byte product IDs number expressly and user account number and user cipher after the described encryption send to bank server together; After bank server is received, expressly finding corresponding described 16 byte product IDs number by described 8 bytes of searching described 16 byte product IDs number, number is user account number and user cipher after the described encryption of secret key decryption with described 16 byte product IDs then.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200610165318A CN100583174C (en) | 2006-12-18 | 2006-12-18 | Data safety processing method using online banking system safety terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200610165318A CN100583174C (en) | 2006-12-18 | 2006-12-18 | Data safety processing method using online banking system safety terminal |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101206779A CN101206779A (en) | 2008-06-25 |
CN100583174C true CN100583174C (en) | 2010-01-20 |
Family
ID=39566951
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200610165318A Expired - Fee Related CN100583174C (en) | 2006-12-18 | 2006-12-18 | Data safety processing method using online banking system safety terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100583174C (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102147662A (en) * | 2011-03-14 | 2011-08-10 | 张龙其 | Input terminal with keyboard and encryption module |
CN102663863B (en) * | 2012-03-23 | 2014-10-29 | 广州大学 | Financial POS system capable of resisting channel Trojan attack and anti-attack realization method thereof |
CN104134141B (en) * | 2014-08-11 | 2017-05-10 | 济南曼维信息科技有限公司 | E-wallet system payment method based on time synchronization |
CN104506509B (en) * | 2014-12-15 | 2018-06-19 | 广东汇卡商务服务有限公司 | A kind of authentication method based on multifunctional safe certification terminal |
CN104917763B (en) * | 2015-06-08 | 2018-04-27 | 飞天诚信科技股份有限公司 | A kind of PIN cache method |
CN105281915B (en) * | 2015-11-04 | 2018-11-20 | 博宏信息技术有限公司 | A kind of method that code keyboard generates ciphertext |
CN107612691A (en) * | 2017-11-07 | 2018-01-19 | 世纪龙信息网络有限责任公司 | Authentication information transmission method and device and user information authentication system |
-
2006
- 2006-12-18 CN CN200610165318A patent/CN100583174C/en not_active Expired - Fee Related
Non-Patent Citations (6)
Title |
---|
密码技术在电子商务安全中的应用. 刘培德等.商场现代化,第16期. 2005 |
密码技术在电子商务安全中的应用. 刘培德等.商场现代化,第16期. 2005 * |
应用密码学. 蔡乐才等,90,中国电力出版社. 2005 |
应用密码学. 蔡乐才等,90,中国电力出版社. 2005 * |
建行手机银行安全系统设计与实现. 徐捷等.中国金融电脑,第7期. 2001 |
建行手机银行安全系统设计与实现. 徐捷等.中国金融电脑,第7期. 2001 * |
Also Published As
Publication number | Publication date |
---|---|
CN101206779A (en) | 2008-06-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11877213B2 (en) | Methods and systems for asset obfuscation | |
US10009173B2 (en) | System, device, and method of secure entry and handling of passwords | |
US20160005032A1 (en) | Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors | |
US20030159053A1 (en) | Secure reconfigurable input device with transaction card reader | |
US20130028419A1 (en) | System and a method for use in a symmetric key cryptographic communications | |
CN100583174C (en) | Data safety processing method using online banking system safety terminal | |
CN101399666A (en) | Safety control method and system for digital certificate of file | |
JP2008269610A (en) | Protecting sensitive data intended for remote application | |
JP2018023029A (en) | Communication system, communication client, communication server, communication method, and program | |
CN200993803Y (en) | Internet banking system safety terminal | |
CN107920052B (en) | Encryption method and intelligent device | |
EP3292654B1 (en) | A security approach for storing credentials for offline use and copy-protected vault content in devices | |
TW201223225A (en) | Method for personal identity authentication utilizing a personal cryptographic device | |
CN115276978A (en) | Data processing method and related device | |
CN115150193A (en) | Method and system for encrypting sensitive information in data transmission and readable storage medium | |
JPWO2011058629A1 (en) | Information management system | |
Nosrati et al. | A review of mobile banking security | |
KR101146509B1 (en) | Internet banking transaction system and the method that use maintenance of public security card to be mobile | |
JP2011248792A (en) | Terminal data management system | |
WO2018052090A1 (en) | Transmission and reception system, transmission device, reception device, method, and computer program | |
Dhanasekaran et al. | Payment security mechanism of intelligent mobile terminal | |
KR101078703B1 (en) | Security services, systems using the encryption key and encryption key renewal letters to | |
CN108985079A (en) | Data verification method and verifying system | |
WO2018079708A2 (en) | Transmission/reception system, transmission device, reception device, method, and computer program | |
JP4986926B2 (en) | Encrypted communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20190315 Address after: 065201 No. 1 Hanwang Road, Yanjiao Economic and Technological Development Zone, Langfang City, Hebei Province Patentee after: Hanvon Manufacture Co.,Ltd Address before: 100094 Third Floor of Building 5, Zhongguancun Software Park, 8 Wangxi Road, Haidian District, Beijing Patentee before: Hanwang Tech Co., Ltd. |
|
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100120 Termination date: 20201218 |