CN101051907A - Safety certifying method and its system for facing signature data - Google Patents
Safety certifying method and its system for facing signature data Download PDFInfo
- Publication number
- CN101051907A CN101051907A CNA2007100991536A CN200710099153A CN101051907A CN 101051907 A CN101051907 A CN 101051907A CN A2007100991536 A CNA2007100991536 A CN A2007100991536A CN 200710099153 A CN200710099153 A CN 200710099153A CN 101051907 A CN101051907 A CN 101051907A
- Authority
- CN
- China
- Prior art keywords
- client
- information
- user
- data
- certified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The security authentication method includes following steps: (1) through client end, user sends data to be signed to server end; (2) server end returns information to be authenticated to client end, and the said information is displayed at client end in logic mode; (3) user recognizes the said information, and validates whether the content of the information to be authenticated is collect; if yes, user initiates physical authentication operation, carries out digital signature on the data at client end, and sends it to server end, otherwise, canceling the authentication operation. Features are: low cost, high security, being suitable to online interactive system such as network shopping, bank service, and reporting tax through network.
Description
Technical field
The present invention relates to a kind of safety certifying method and system thereof, relate in particular to a kind of signed data safety certifying method and system thereof that is applied to the online interaction system, belong to field of information security technology towards signed data.
Background technology
In existing network trading environment, people often adopt the safe handling during independently signature authentication equipment is concluded the business, for example the USB Key of issued by banks.But practice shows that even adopted independently safety means, still there is very big potential safety hazard in network trading.Tracing it to its cause just is, user's employed client environment in transaction is dangerous.The client environment here is meant the application program that is installed on the subscriber computer and relevant software and hardware running environment thereof.At present the employed client of user mostly adopts the lower general-purpose operating system of safe class, for example Windows XP etc.Carry out security inspection owing to the uncontrollable user's computer of internet trading system and to it, therefore, the user is carrying out alternately with internet trading system by a unsafe client often, and is being concluded the business by client transaction software representative of consumer.
Even used safe signature authentication equipment, but because these equipment are passive unsafe transaction clients that are controlled by, therefore also can't guarantee the fail safe of whole process of exchange, there are various potential safety hazards, for example the transaction data that is sent in the signature authentication equipment by client is forged or is distorted by the Malware on the client, can't guarantee " finding is promptly signed ", the user is caused damage in transaction.In fact, nearest research also shows, online transaction system at present the generic USB Key that extensively adopts, there are two kinds and are called the new attack of " transaction is kidnapped " and " transaction forgery ", by destroying the conclude the business authenticity of user identity and the authenticity of transaction content, make the user under complete unwitting situation, pretend to be the user to conclude the business, or directly steal user's fund, result in greater loss to the user.
Because the extensive use of online transaction at present, the user who uses band hardware identification equipment to conclude the business has also broken through 1,000,000, and people often think and adopted USB Key just can carry out safe transaction, do not recognize the potential safety hazard and the seriousness thereof of existence.In fact, existing Web bank all finishes on client the affirmation of transaction data, after the user confirms to finish, just this transmission of transaction data is given USB Key the computing of signing.Yet, be hidden in rogue program on the subscriber computer the communicating by letter between client software and the USB Key that can monitoring network go to bank, can the intercepting transaction data, forge or distort the amount of money wherein then and be transferred to USB Key, what cause that the user signs is not the transaction data of confirming just now.
Therefore, press for the new technological means of employing and solve above-mentioned safety problem.Because the user is in process of exchange, be the passive result that transaction system is handled that accepts, its prerequisite is that the hypothesis transaction system is safe, the wish that can run counter to the user is not operated, and the user can't intervene the behavior of transaction system, because user and transaction between the client also are a kind of logical processes alternately.So just to the rogue program on the client with opportunity.Therefore, a kind of thinking that solves is from strengthening the controllability of user to process of exchange, also promptly improve the degree of participation of user in process of exchange, the user can directly be authenticated transaction content, the control transaction flow.Because user's participation is a physical process, therefore it can't can effectively stop above-mentioned potential safety hazard by any rogue program simulation.On the other hand, also must consider new solution to the influence of existing online transaction system and the urgency of application, this scheme of will looking for novelty is changed as far as possible little to existing system, can use fast again simultaneously.
The present invention relates to a kind of prior art, be called the CAPTCHA technology, its English full name is: " Completely Automated Program to Tell Computer and Human Apart ", perhaps " Completely Automated Public Turing test to tell Computer andHuman Apart ".Its implication all is meant " a fully automatic program is distinguished people and machine ", and " machine " here comprises the software of hardware device and operation on it.Its thought is a kind of program of design, make the people can pass through the test of this program easily, and machine (program) can't pass through test, thereby reach the purpose of differentiating people and machine.This technology is widely used at internet arena, and almost the CAPTCHA of certain form has all been used in each website that needs the user to register, as the identifying code of a common picture form will importing when the Website login.At this moment, the identifying code of picture form is exactly this test program, and the people can be easy to discern the content in the identifying code of picture form, and computer program is difficult to identification, thereby prevents the automatic registration or the authentication of program.The principle of this technology and realization are very simple, but its effect that reaches is fine, a kind of typical C APTCHA checking picture for example shown in Figure 7.
The general normal person of this picture can be identified as AKSXB7, but just very difficult for a computer program, because alphabetical present situation, position all do not have rule, but also added interference and Shadows Processing etc.The CAPTCHA technology realizes simple, can be according to different application and security needs realization authentication picture in various degree.The authentication picture that utilizes the CAPTCHA technology to generate just can be incorporated into the physical certifying process in the transaction flow, because the user is a physical process to the identification that authenticates picture, thereby the user is participated directly in the process of exchange.And this physical process can't be simulated by any computer program, also just makes rogue program can't simulate or distort the authentication transaction content that picture comprised.
But just known to the inventor, the authentication picture that also physical certifying and CAPTCHA technology is not generated combines the technology of carrying out safety certification at present.
Summary of the invention
The object of the present invention is to provide a kind of safety certifying method and system thereof towards signed data.This method and system thereof can solve " transaction is forged " and the new safety problems such as " transaction are kidnapped " that present urgent need solves, and can effectively prevent the various attacks that utilize the client secure leak to be initiated at online electronic transaction, especially improve the fail safe of the online transaction of present widely used band USB Key equipment.
In order to realize aforementioned purpose, the present invention proposes a kind of safety certifying method towards signed data, transmits data by communication link between interconnective client and service end, it is characterized in that, described safety certifying method may further comprise the steps:
S1: the user sends data to be signed by client to service end;
S2: service end is returned information to be certified to client, and logically shows information to be certified in client;
S3: the information to be certified that user customer shows is discerned, and confirms whether the content of information to be certified is correct, if the information content to be certified is correct, the user initiates the physical certifying operation, and enters step S5, otherwise, enter step S4;
S4: cancellation authentication operation;
S5: in client the described data among the S1 are carried out digital signature, and send to service end.
The present invention also proposes a kind of security certification system towards signed data, and wherein, client is connected by communication link with service end, it is characterized in that comprising:
Client device is used for user's input data to be signed, and sends described data to service end, logically shows the information to be certified from service end;
Server device receives the data that client is sent, and generates information to be certified based on described data and return to client;
Band button signature device is connected with described terminal equipment, is used for the affirmation of user to described information to be certified, and after the user confirmed described information to be certified, the user started described band button signature device described data are carried out digital signature.
Like this, make the legal user can be with physics mode, for example the mode of button be treated authentication information and is confirmed, has improved fail safe.The present invention can satisfy the demand for security of " finding is promptly signed ", prevent " transaction is forged " and " transaction is kidnapped " two kinds of new attacks, very little to the transaction system change of existing band signature authentication equipment simultaneously, make the user dropping under the minute quantity condition of cost, obtain higher fail safe.The present invention meets the requirement of technical costs and fail safe, satisfies the most urgent demand for security in existing the application.
The present invention is applicable to the online interaction system, for example shopping online, Internet-based banking services, declares dutiable goods etc. on the net.
Characteristics of the present invention and advantage are as follows:
1. utilize the characteristics of CAPTCHA technology,, thereby solve the serious safety problem that exists in the online electronic transaction of present widely used band USB Key in conjunction with the improvement of transaction flow.The user only need use the signature device that has button to get final product, and the signature device of this increase button is compared the USB Key equipment of present use and is only increased minimum cost, still the use habit that meets the user can be applied in the existing system fast, satisfies urgent demand.
2. the present invention need not the client of existing transaction system is improved, and only needs the server end transaction system is carried out minimum change, and realizes that the complexity of changing is very low, is easy to implement fast and use.
3. by flow scheme design, guaranteed the encrypted transmission of data to be signed, guaranteed the consistency of signature device and server end data, prevented client rogue program distorting data from the signature device end to server end.
4. by button operation, can guarantee that at first the wish of concluding the business according to validated user carries out, rogue program can't be forged user identity and concludes the business on the client; Secondly, can guarantee that data to be signed sign under the situation of customer acceptance, guarantee that transaction data meets user intention.
Description of drawings
The present invention is further illustrated below in conjunction with the drawings and specific embodiments.
Fig. 1 is the structure chart of certificate scheme system in the expression embodiment of the present invention.
Fig. 2 is the structure chart of the band button signature device that uses in the embodiment of the present invention of expression.
Fig. 3 is the internal logic structure figure of the band button signature device that uses in the embodiment of the present invention of expression.
Fig. 4 is the typical transaction flow chart that the certificate scheme in the embodiment of the present invention is used in expression.
Fig. 5 is the figure of the CAPTCHA picture example that comprises data to be certified used in the embodiment of the present invention of expression.
Fig. 6 is that expression utilizes the present invention to realize the figure of the example of Web bank's transferred account service.
Fig. 7 is the figure of a kind of typical C APTCHA checking of expression picture.
Embodiment
The authentication picture that utilizes physical certifying and CAPTCHA technology to generate combines and carries out safety certification, the picture that comprises transaction content that requires to adopt the CAPTCHA technology to generate will satisfy: 1, whether image content is by checking, must control by the user, and the judged result of whether passing through can not be imported on subscriber computer; Forge if 2 pictures are assailants, the user can discern immediately; 3, picture is difficult to distort, if distorted, user Ying Ke discerns immediately.
REFERENCE TO RELATED people is in No. 200610113569.4 Chinese invention patent application " digital signature equipment and its opposite equip. are realized the method for data interaction " of first to file, adopt the band button and possess the digital signature equipment USB Key that operates the band button of controlling list technique and can satisfy first requirement, because, the initiation of transaction and affirmation can directly be passed through by key control by the user, program can't analog subscriber behavior or forge user's judged result, and also can avoid in the direct input authentication result of client; Secondly, satisfy above-mentioned second requirement, need to have between user and the service side " the transaction identification sign indicating number " of a common agreement, to guarantee that this picture is from real service side, and this identification code consults to determine with offline mode, on subscriber computer, do not preserve, in process of exchange, can not occur yet, can only be shown to the user with CAPTCHA figure sheet mode and confirm with text mode.Because the assailant can't utilize program mode (PM) to obtain this information, randomness and interference by the CAPTCHA picture makes that the assailant is difficult to directly scan obtain this identification code from picture simultaneously, therefore, the assailant can't be forged into service side, has guaranteed the identity authenticity of information source; At last, satisfy the 3rd requirement, at first, mail to the Transaction Information that the client user authenticates and is represented by the figure sheet mode fully service side, do not comprise any text message, secondly, utilize multiple CAPTCHA technical finesse, transaction identification sign indicating number and information to be certified are superimposed upon in the picture, make it be difficult to be cut apart and separate.Because the assailant can't obtain the transaction identification sign indicating number, therefore it directly puppet produce the picture that meets service side's true identity, even directly distort the content of information to be certified in the former picture, also will destroy transaction identification sign indicating number in the former picture, therefore be easy to by User Recognition.
Fig. 1 is the structure chart of certificate scheme system in the expression embodiment of the present invention.As shown in the figure, certificate scheme relates to four entities: service side, client transaction software, band button signature device and user.Wherein dotted arrow is represented the off-line operation process, is used for the negotiation that user and services policies are carried out certain service.Solid arrow is represented data flow, and wherein the user represents user's button operation to the arrow between the band button signature device.
(1) service side: the service side that electronic transaction is provided, be positioned at electronic transaction service provider one end, usually comprise large database and transactional services end software, storage and processing service content, customer information and Transaction Information etc. are guaranteed tight security by the service provider.Need to prove, in the flow process of the present invention's design, can suppose that service side is believable, that is to say, the data that service side handles can not attacked by rogue program, or the possibility of this attack is very little or cost is very high.Just believe that as us bank can be not mistaken the amount of money of user account.In actual environment, this hypothesis is rational.
(2) client transaction software: being positioned on the subscriber computer, is the operating platform that the user carries out electronic transaction, for the user provides basic transaction service function.It receives the user's input with safeguard protection, carries out data interaction with electronic transaction service side, forms transaction data, and transaction data is sent to signature device, obtains sending to service side after the digital signature result.Equally, in the flow process of the present invention's design, we suppose that also the client trading environment is unsafe, also are that the client transaction software exists the possibility of being attacked by rogue program.The data that the data of user's input and transaction software are handled may be forged or distort.In actual environment, according to ordinary circumstance, the general-purpose operating system that the level of security that subscriber computer is all installed is low, WINDOWS system for example, this hypothesis is rational.
(3) band button signature device: similar with at present general USB Key, link to each other with subscriber computer by USB interface, deposit user's signature private key and certificate.Difference is that this signature device has button, and the user can directly control signature device by button and carry out certain specific operation, comprises affirmation and encryption and signature calculation function to data to be signed.Equally, we suppose to be with the button signature device is believable, and storage that it is inner or processing can or not be difficult to be attacked by rogue program, and perhaps the cost of this attack is very big.In actual environment, this hypothesis is rational.
(4) user: the user is the initiator and the final affirmation side of transaction of transaction.In system configuration, the user is except participating in the transaction by button in process of exchange, needing sometime and serve square tube and offline mode (for example the clerk counter transacting business that provides by the side of service etc.) is provided is reached certain agreement with regard to the service that is provided and (for example sign service agreement before transaction also, turn up service etc.), comprising the side's of service identity information is reached common understanding (for example adopting the numeral of certain common approval or the identification code of figure sheet mode).
It is emphasized that in the present invention the key that user and service side's off-line are consulted is identification service side's identity " a transaction identification sign indicating number ".The identity of its identification service side that is the user in the verification process of transaction prevents that rogue program from pretending to be service side to send the information to be certified of forgery.And, after this identification code is obtained by the user in the off-line negotiations process, and in whole process of exchange, only the form with the CAPTCHA picture shows in client, in client with text mode input or storage, guarantee this information not can or very difficult victim obtain with program mode (PM).
Fig. 2 is the structure chart of the band button signature device that uses in the embodiment of the present invention of expression.Fig. 3 is the internal logic structure figure of the band button signature device that uses in the embodiment of the present invention of expression.Last figure has shown the typical inner structure of forming of band button signature device of the present invention, owing in the aforementioned patent document of the applicant's application, make a detailed description, be not repeated at this, have only device and the unit relevant just to be illustrated with argumentation of the present invention.Band button signature device is a signature device commonly used in electronic transaction, and as the USB Key of issued by banks, and this signature device has button, also promptly possesses the physical certifying ability, but ins and outs REFERENCE TO RELATED people's aforementioned patent applications.The user can send different operational orders by button, mainly comprises two kinds: the one, and " transaction is initiated " operation, promptly the user carries out " transaction is initiated " by button notice signature device; The 2nd, " confirming transaction " operation after promptly the user confirms transaction data, is carried out signature by this operational notification signature device.Equally, signature device self is the computing environment of a secure closed, and the security performance of himself is not also at the row of consideration of the present invention.As shown in the drawing, signature device of the present invention is compared with prior USB Key, has increased the demo plant of data to be signed, and it is correct and meet user intention to guarantee to enter transaction data in the signature device.In general, this signature device comprises central processing unit, and coupled encryption and signature arithmetic unit, the demo plant of data to be signed, memory, input/output interface.
Central controller is used to other devices of controlling and coordinating to be attached thereto.In actual applications, a kind of preferred implementation of central controller is that hardware aspect adopts 32 arm processor, software aspect employing chip operating system (COS, Chip Operating System).
Encrypt and the signature arithmetic unit, can guarantee the confidentiality and integrity that instructs and reply can guarantee the fail safe of signature key and calculating process.This installs a kind of preferred implementation, is configured to coprocessor on the hardware, the arithmetical operation of multiple length that can operative norm, for example multiplication, exponentiation etc.It can directly carry out general encryption and decryption functions, independently finishes 3DES/AES and RSA Algorithm.It can also finish the mixed cipher system of being made up of 3DES/AES and RSA Algorithm under the control of central controller, to realize functions such as encryption and decryption computing, digital signature.
Memory is used to preserve key, certificate, transaction data etc.For the scheme of this invention, can adopt polytype memory simultaneously, comprise RAM, EEPROM, Flash ROM etc.
Input/output interface is used to receive, handle and responds instruction from client.When this signature device utilized USB Key to realize, input/output interface adopted the USB controller.
The demo plant of data to be signed is encrypted or signature operation data to be signed accordingly according to user's button operation.
Should be pointed out that above-mentioned each device is not limited to exist with the form of independent community, each can be as a part of central controller in these devices, also can wherein any several means be combined into an independent community.
The demo plant of data to be signed further, is described with reference to Fig. 3.This device comprises trading instruction judging unit, transaction data processing unit, key command judging unit.
The trading instruction judging unit is used to judge the type of the instruction that signature device is received from client, and when being judged as the instruction that comprises transaction data its instruction body is passed to the transaction data processing unit.The concrete function of this unit is a type of judging the instruction that is received according to the instruction head, and the notice relevant device is handled.If judging the instruction of receiving is the instruction that comprises transaction data, then instructs judging unit from this instruction, to isolate the instruction body and pass to the transaction data processing unit.
The transaction data processing unit is used for parsing actual transaction data from the instruction body that passes over, and carries out corresponding the processing according to the judged result of key command judging unit.Mainly comprise the processing of two classes, a kind of is that transaction data is carried out encryption, and a kind of is that transaction data is carried out signature operation.
The key command judging unit is used to receive and judge the key command that the user sends according to the situation of the transaction data of being discerned.When digital signature equipment detects button corresponding to different operating by the key command judging unit, just can carry out corresponding encryption or signature operation.As shown in Figure 2, on signature device USB Key, the key command judging unit comprises " key is initiated in transaction " and " trade confirmation key ".The user presses " key is initiated in transaction " behind transaction initial input transaction data, subsequently, to determine the transaction data item that shows on the client or negate according to the wish of oneself, if confirm that data item is correct and meet user intention, just press " trade confirmation key ", otherwise need not button.Whether system carries out corresponding encryption or signature operation according to the operational order of pressing the identification user of different key with decision.
The process of carrying out electronic transaction and digital signature based on above-mentioned entity and software may further comprise the steps as shown in Figure 4:
In step 400, user and service side's off-line are consulted " the transaction identification sign indicating number " of a common approval.The user preserves this transaction identification sign indicating number, with as the voucher in real trade process verification service side identity.Service side sets up the association between identification code and this user in background data base.This step does not take place in the real trade process, and the non-computer internet channel consults before any real trade, for example phone, note, scratch card or negotiation face-to-face.After this step can be finished once, carry out repeatedly transaction and effectively also can regularly carry out, upgrade the transaction identification sign indicating number.Identification code is distributed in user's hand by picture generation person is unified, is preserved by the user.Aforesaid other any ways that are meant not via computer equipment of distributing.
In step 401, the user uses the transaction software on the client, implements basic transaction operation, the input Transaction Information.Input is pressed band button signature device after finishing and (hereinafter to be referred as " key is initiated in transaction " USB Key), by such physical operations, is initiated authentication.It is pointed out that " key is initiated in transaction " and " trade confirmation key " described later not only can be that button also can be to stir input blocks such as key, soft keyboard, handwriting input.
In step 402, USB Key will carry out encryption from the transaction data that the client transaction software receives after receiving " transaction initiate " instruction, and the transaction data after will encrypting returns to the client transaction software, send to server by it.
In step 403, after server receives transaction data after the encryption, data decryption and transaction key message (for example user name, number of the account, dealing money etc.) that will be wherein and and the transaction identification sign indicating number of this user's correspondence together give the CAPTCHA module and handle.
In step 404, the CAPTCHA module generates the background picture of band interfere information at first at random, be added to after respectively transaction data and transaction identification sign indicating number being handled then on the picture background, usually the transaction data that contains much information can be placed on bottom, the transaction identification sign indicating number overlays on the transaction data, principle is that both are not easy to cut apart, and can not influence identification again simultaneously.Return the picture to be certified that comprises transaction data and transaction identification sign indicating number after finishing.
In step 405, server returns picture to be certified to the client transaction software, be presented on the screen by it, and the prompting user carries out recognition and verification.
In step 406, the User Recognition image content, whether the transaction identification sign indicating number of at first discerning in the picture is consistent with the own transaction identification sign indicating number of consulting in 400 steps, discerns transaction data in the picture then and whether meets the transaction wish of oneself.At this, identification is meant that the user is with the direct identification information content of naked eyes.
In step 407, if above-mentioned both are all correct, then forward step 409 to, otherwise, as long as wherein one incorrect, then forward step 408 to.
In step 408, treat the authentification failure of verify data, the client transaction software will be cancelled this transaction, and according to different situations, carry out some subsequent operation.Treating the verification process of verify data finishes.
In step 409, treat the authentication success of verify data, the user notifies USB Key approval to transaction data by pressing " trade confirmation " key this moment.
In step 410, after USB Key receives " trade confirmation " key command, will sign to the transaction data of before having received, and the data after will signing return to the client transaction software.
In step 411, the transaction data after the client transaction software will be signed sends to server, and continues the subsequent operation of this transaction or close the trade.Treating the verification process of verify data in this transaction finishes.
In said process, client and service side are the participation both sides of electronic transaction, communicate via Internet, follow ICP/IP protocol, need to guarantee confidentiality, integrality and the authenticity of communication data by encrypting and signing.The authentication method that above-mentioned logic and physics combine in verification process, adopts programmed logic and physics control dual mode that the information content is confirmed simultaneously, can improve fail safe.
The transaction software of client comprises the function of two aspects.One carries out finishing the basic transaction function alternately with service end; Its two, integrated sign software is supported USB Key, drives by USB Key and sends the digital signature order to USB Key, and receive the response of USB Key.Can certainly separate sign software and transaction software.
The order of client transaction software and USB Key and data interaction, the support that needs USB Key to drive.The driving that is present in client at present is one of target of trojan horse program attack.Certain dynamic link library file in the driving is replaced or be hidden in to trojan horse program, just can intercept and capture and distort the data that enter USB Key.Can in technique scheme, increase the process and the relevant apparatus of the integrality of check driving, but this there is no need, because USB Key inside can confirm that if data are distorted, the user can refuse signature according to user's physical identification to transaction data.
In said process, signature device USB Key provide timeout mechanism, can stop associative operation in official hour, finishes this transaction.Timeout mechanism can limit the time that rogue program is attacked picture to be certified, strengthens the difficulty that picture is forged or distorts, and strengthens the fail safe of verification process.Although timeout mechanism also can make user's " initiation " transaction in process of exchange simultaneously, and the identification transaction data correct after, because of certain reason, in the time of can't pressing the button on the USB Key, automatically stop this transaction, the Transaction Information of guaranteeing customer acceptance can not be in effective status for a long time, gives attacker with opportunity.On the other hand, service side's timeout mechanism that also can be provided with among timeout mechanism and the USB Key is used.
Need to prove, USB Key only provides " affirmation " button, can not provide " cancellation " button, and the operation that all users need Cancel Transaction is provided with the interface form by the client transaction software directly, this mode can not brought extra safety problem to verification process.Because, attacker at the client transaction software might be intercepted and captured " cancellation " operation of user's input, and replace with " determining " operation, but this information is invalid to service Fang Eryan, service side receives only the affirmation information that has private key signature from USB Key inside, and this private key attacker can't obtain, and therefore can't reach the attack purpose.
In addition, because the transaction identification sign indicating number is identical in repeatedly concluding the business, the assailant can intercept and capture the authentication picture in a verification process, analyze transaction identification sign indicating number wherein, just can forge the authentication picture in next time in the transaction.Therefore this certificate scheme suggestion user and service side regularly consult new transaction identification sign indicating number, or take dynamic transaction identification sign indicating number (for example after consulting a fixing transaction identification sign indicating number, affix simply changes rule), to increase the difficulty that the assailant obtains the transaction identification sign indicating number.
Below, be example explanation the present invention with the transferred account service of online Private Banking.
Fig. 5 is the figure of the CAPTCHA picture example that comprises data to be certified used in the embodiment of the present invention of expression.This figure just illustrates the CAPTCHA picture that comprises transaction identification sign indicating number and transaction data that service side's transaction system utilizes the CAPTCHA technology to generate.Wherein, IXG5B is " a transaction identification sign indicating number ", and it is the numeral that consulted before concluding the business by user and service side and the identification code of character types.And information such as the name in an account book on the background, number of the account, the amount of money are transaction data.Online Private Banking client transaction software shows this picture, and requires the user that the such transaction data of similar Fig. 5 is confirmed, confirms that correctly digital signature is carried out by " trade confirmation " key notice USB Key in the back, and transaction just can be proceeded.
Of the present invention focusing on, in the comparatively safe computing environment in service side, utilize the CAPTCHA technology to generate the very difficult authentication picture of being forged or distorting by rogue program, Transaction Information is included in wherein, in client by being used for image content identification and confirming, simultaneously, directly transaction data is signed with physics mode control USB Key.That is, the authentication method that logic and physics combine is meant in verification process, adopts programmed logic and physics control dual mode that the information content is confirmed simultaneously.In following example, what logical course used is the CAPTCHA technology, and authentication information is the picture that comprises information to be certified that can be shown by computer that utilizes that the CAPTCHA technology generates.
The Web bank's ta vservice detailed process that utilizes reality of the present invention as shown in Figure 6.
In step 600, the user is provided with the transaction identification sign indicating number at ta vservice when the online personal banking of bank counter application.
In step 601, the user uses online Private Banking client transaction software input Transaction Information.
In step 602, the client transaction software sends USB Key with Transaction Information.
In step 603, the client transaction software shows Transaction Information, and the prompting user is by " key is initiated in transaction ".
In step 604, the user presses " transaction is initiated " key on the USB Key after confirming that the Transaction Information of oneself importing is errorless.
In step 605, USB Key returns the client transaction software after Transaction Information is encrypted.
In step 606, the client transaction software is sent the transaction data of transaction request and encryption to bank.
In step 607, bank's backstage transaction system is obtained this user's transaction identification sign indicating number, utilizes the CAPTCHA module to handle itself and transaction data, generates picture to be certified, and returns to the client transaction software and show.
In step 608, User Recognition authentication image content if wherein transaction identification sign indicating number and transaction data are all correct, then enters step 613, otherwise, as long as have one incorrect, then enter step 609.
In step 609, the client transaction software judges whether the user is pressing the button that Cancels Transaction.If then enter step 610, otherwise enter step 611.
In step 610, client transaction software notice USB Key Cancels Transaction.USB Key handles accordingly.
In step 611, USB Key cancels this transaction automatically behind certain hour, and to the clients report error reason.
In step 612, the client transaction software is to the bank statement mistake and cancel this transaction, notifies the user, and flow process finishes.
In step 613, the user presses " trade confirmation " key on the USB Key.Operational order comprises safe computing order and reading and writing data order, described safe computing order comprises data encryption, data decryption, digital signature, digital digest, and described reading and writing data order comprises the read write command of SCSI (Small ComputerSystems Interface small computer system interface) regulation.
In step 614, USB Key requires client transaction software prompting user to import signature private key protection PIN.
In step 615, the client transaction software is sent the PIN of user's input into USB Key, and USB Key judges whether PIN is correct.If PIN is correct, then enters step 617, otherwise enter step 616.
In step 616, USB Key is to client transaction software reporting errors and cancellation operation.
In step 617, USB Key carries out the computing of transaction data digital signature.
In step 618, USB Key returns to the client transaction software with signed data.
In step 619, the transaction data after the client transaction software will be signed sends to bank.
In step 620, bank's certifying signature legitimacy is also carried out the account transfer operation, preserves transaction record simultaneously.
Therefore, after user end to server of the present invention sends a request message, server end returns one group of authentication picture (CAPTCHA picture), this picture has comprised the server end identity information and has needed signed data information, client notifies the user that this information is confirmed, is signed by button notice signature apparatus by the user by the back.This has just realized the need signed data being confirmed with physics mode in client, has increased client and has distorted difficulty with data falsification, has strengthened carrying out the fail safe of signed data.
The present invention can satisfy the demand for security of " finding is promptly signed ", prevent " transaction is forged " and " transaction is kidnapped " two kinds of new attacks, very little to the transaction system change of existing band signature authentication equipment simultaneously, make the user dropping under the minute quantity condition of cost, obtain higher fail safe.The present invention meets the requirement of technical costs and fail safe, satisfies the most urgent demand for security in existing the application.
Claims (16)
1. the safety certifying method towards signed data transmits data by communication link between interconnective client and service end, it is characterized in that, described safety certifying method may further comprise the steps:
S1: the user sends data to be signed by client to service end;
S2: service end is returned information to be certified to client, and logically shows information to be certified in client;
S3: the information to be certified that user customer shows is discerned, and confirms whether the content of information to be certified is correct, if the information content to be certified is correct, the user initiates the physical certifying operation, and enters step S5, otherwise, enter step S4;
S4: cancellation authentication operation;
S5: in client the described data among the S1 are carried out digital signature, and send to service end.
2. safety certifying method according to claim 1 is characterized in that:
In the operation of the physical certifying described in the step S3, be meant by band button signature device, send in the mode of physics and confirm instruction.
3. safety certifying method according to claim 1 is characterized in that:
In step S1, the user carries out manual triggers by described band button signature device, initiates the authentication to described data, sends described data by client to service end.
4. safety certifying method according to claim 1 is characterized in that:
In step S1, the user imports described data earlier, manual triggers authentication then, and after described band button signature device was encrypted described data, the user sent the described data of having encrypted by client to service end.
5. safety certifying method according to claim 4 is characterized in that:
In step S2, described service end receives after the described data of having encrypted, and deciphering obtains described data, and, with adding the identification code good, generate information to be certified, and return to client with user's as offered.
6. according to each described safety certifying method in claim 1 or 5, it is characterized in that:
In step S2, service end utilizes CAPTCHA technology or multiple CAPTCHA technology to generate information to be certified, and returns to client.
7. safety certifying method according to claim 1 is characterized in that:
In step S2, logically show information to be certified, be meant that demonstration utilizes CAPTCHA technology or multiple CAPTCHA technology picture that generate, that comprise information to be certified.
8. safety certifying method according to claim 1 is characterized in that:
The information to be certified that shows in step S2 comprises identity information and the described data of representing described information generation person to be certified.
9. safety certifying method according to claim 8 is characterized in that:
In step S3, confirm whether the content of information to be certified is correct, comprising: confirm based on the service end identification code that the user obtains in advance whether described information generation person's to be certified identity information is correct; And, whether consistent by the described data confirming to comprise in the described information to be certified with the data that the user sends in step S1, and confirm whether described data are correct.
10. safety certifying method according to claim 1 is characterized in that:
In step S5, the described data among the step S1 are carried out digital signature, be after by described band button signature device the described data among the step S1 being carried out digital signature, to send to described service end by client.
11. the security certification system towards signed data, wherein, client is connected by communication link with service end, it is characterized in that comprising:
Client device is used for user's input data to be signed, and sends described data to service end, logically shows the information to be certified from service end;
Server device receives the data that client is sent, and generates information to be certified based on described data and return to client;
Band button signature device is connected with described terminal equipment, is used for the affirmation of user to described information to be certified, and after the user confirmed described information to be certified, the user started described band button signature device described data are carried out digital signature.
12. security certification system according to claim 11 is characterized in that:
Described band button signature device is independent of described client, and has input block.
13. security certification system according to claim 11 is characterized in that:
Described client logically shows the information to be certified from service end, is meant that demonstration utilizes CAPTCHA technology or multiple CAPTCHA technology picture that generate, that comprise information to be certified.
14. security certification system according to claim 11 is characterized in that:
Described band button signature device sends to described service end by described client after carrying out digital signature for described data.
15. security certification system according to claim 11 is characterized in that:
Described band button signature device is encrypted for the data of user's input, issues client then, sends to service end by client.
16. security certification system according to claim 11 is characterized in that:
Described information to be certified comprises identity information and the described data of representing described information generation person to be certified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100991536A CN101051907B (en) | 2007-05-14 | 2007-05-14 | Safety certifying method and its system for facing signature data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007100991536A CN101051907B (en) | 2007-05-14 | 2007-05-14 | Safety certifying method and its system for facing signature data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101051907A true CN101051907A (en) | 2007-10-10 |
| CN101051907B CN101051907B (en) | 2012-08-22 |
Family
ID=38783122
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007100991536A Expired - Fee Related CN101051907B (en) | 2007-05-14 | 2007-05-14 | Safety certifying method and its system for facing signature data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101051907B (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101252439B (en) * | 2008-04-10 | 2010-09-01 | 北京飞天诚信科技有限公司 | System and method for increasing information safety equipment security |
| WO2010139210A1 (en) * | 2009-05-31 | 2010-12-09 | 北京飞天诚信科技有限公司 | Method and system for improving security of network application |
| CN102025738A (en) * | 2010-12-03 | 2011-04-20 | 北京飞天诚信科技有限公司 | Method, equipment and system for processing transaction message |
| CN102194070A (en) * | 2010-03-18 | 2011-09-21 | F2威尔股份有限公司 | Data processing method and system as well as computer program product thereof |
| CN102195830A (en) * | 2010-03-18 | 2011-09-21 | F2威尔股份有限公司 | Test management method and system as well as computer program product |
| CN102360409A (en) * | 2011-09-29 | 2012-02-22 | 北京百度网讯科技有限公司 | Method for generating verification codes as well as method and detection for verification |
| CN101763677B (en) * | 2009-10-23 | 2012-03-07 | 北京派瑞根科技开发有限公司 | System for authenticating endorsement signature on information medium |
| CN101321066B (en) * | 2008-05-20 | 2012-03-07 | 北京深思洛克软件技术股份有限公司 | Information safety device for internetwork communication |
| CN101763678B (en) * | 2009-10-23 | 2012-05-23 | 北京派瑞根科技开发有限公司 | System for authenticating signature on information medium |
| CN101668288B (en) * | 2009-08-25 | 2012-08-22 | 钱袋网(北京)信息技术有限公司 | Identity authenticating method, identity authenticating system and terminal |
| CN102647410A (en) * | 2012-03-14 | 2012-08-22 | 上海众人网络安全技术有限公司 | Information safe system and method based on light sensation identification |
| CN101616148B (en) * | 2009-07-31 | 2013-04-24 | 北京握奇数据系统有限公司 | Internet transaction identity authentication method and device |
| CN103986581A (en) * | 2014-05-28 | 2014-08-13 | 天地融科技股份有限公司 | Information interaction system |
| CN104021328A (en) * | 2014-06-24 | 2014-09-03 | 上海众人科技有限公司 | Phishing website identification method and system based on light sensitive technology |
| WO2015161691A1 (en) * | 2014-04-25 | 2015-10-29 | 天地融科技股份有限公司 | Secure data interaction method and system |
| CN105117963A (en) * | 2007-12-21 | 2015-12-02 | 飞天诚信科技股份有限公司 | Device and method based on digital signature |
| CN105184566A (en) * | 2015-06-16 | 2015-12-23 | 飞天诚信科技股份有限公司 | Work method of intelligent secret key equipment |
| CN105956855A (en) * | 2016-01-22 | 2016-09-21 | 天地融科技股份有限公司 | Transaction method and system of electronic signature device |
| CN106059773A (en) * | 2016-05-27 | 2016-10-26 | 深圳市星龙基电子技术有限公司 | Digital signature method and system |
| CN107947935A (en) * | 2017-11-09 | 2018-04-20 | 深圳市文鼎创数据科技有限公司 | A kind of endorsement method of message, system and terminal device |
| TWI678909B (en) * | 2015-08-14 | 2019-12-01 | 香港商阿里巴巴集團服務有限公司 | Safety authentication method, device and system |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7200576B2 (en) * | 2005-06-20 | 2007-04-03 | Microsoft Corporation | Secure online transactions using a captcha image as a watermark |
| CN100542088C (en) * | 2005-08-11 | 2009-09-16 | 北京握奇数据系统有限公司 | A kind of physical certifying method and a kind of electronic installation |
-
2007
- 2007-05-14 CN CN2007100991536A patent/CN101051907B/en not_active Expired - Fee Related
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105117963A (en) * | 2007-12-21 | 2015-12-02 | 飞天诚信科技股份有限公司 | Device and method based on digital signature |
| CN101252439B (en) * | 2008-04-10 | 2010-09-01 | 北京飞天诚信科技有限公司 | System and method for increasing information safety equipment security |
| CN101321066B (en) * | 2008-05-20 | 2012-03-07 | 北京深思洛克软件技术股份有限公司 | Information safety device for internetwork communication |
| WO2010139210A1 (en) * | 2009-05-31 | 2010-12-09 | 北京飞天诚信科技有限公司 | Method and system for improving security of network application |
| CN101635715B (en) * | 2009-05-31 | 2012-09-12 | 飞天诚信科技股份有限公司 | Method and system for improving network application safety |
| CN101616148B (en) * | 2009-07-31 | 2013-04-24 | 北京握奇数据系统有限公司 | Internet transaction identity authentication method and device |
| CN101668288B (en) * | 2009-08-25 | 2012-08-22 | 钱袋网(北京)信息技术有限公司 | Identity authenticating method, identity authenticating system and terminal |
| CN101763678B (en) * | 2009-10-23 | 2012-05-23 | 北京派瑞根科技开发有限公司 | System for authenticating signature on information medium |
| CN101763677B (en) * | 2009-10-23 | 2012-03-07 | 北京派瑞根科技开发有限公司 | System for authenticating endorsement signature on information medium |
| CN102195830A (en) * | 2010-03-18 | 2011-09-21 | F2威尔股份有限公司 | Test management method and system as well as computer program product |
| CN102194070A (en) * | 2010-03-18 | 2011-09-21 | F2威尔股份有限公司 | Data processing method and system as well as computer program product thereof |
| CN102025738B (en) * | 2010-12-03 | 2014-03-26 | 飞天诚信科技股份有限公司 | Method, equipment and system for processing transaction message |
| CN102025738A (en) * | 2010-12-03 | 2011-04-20 | 北京飞天诚信科技有限公司 | Method, equipment and system for processing transaction message |
| CN102360409A (en) * | 2011-09-29 | 2012-02-22 | 北京百度网讯科技有限公司 | Method for generating verification codes as well as method and detection for verification |
| CN102360409B (en) * | 2011-09-29 | 2015-09-02 | 北京百度网讯科技有限公司 | A kind ofly generate the method for identifying code, the method for checking and device thereof |
| CN102647410A (en) * | 2012-03-14 | 2012-08-22 | 上海众人网络安全技术有限公司 | Information safe system and method based on light sensation identification |
| WO2015161691A1 (en) * | 2014-04-25 | 2015-10-29 | 天地融科技股份有限公司 | Secure data interaction method and system |
| CN103986581A (en) * | 2014-05-28 | 2014-08-13 | 天地融科技股份有限公司 | Information interaction system |
| CN103986581B (en) * | 2014-05-28 | 2018-01-16 | 天地融科技股份有限公司 | A kind of information interaction system |
| CN104021328A (en) * | 2014-06-24 | 2014-09-03 | 上海众人科技有限公司 | Phishing website identification method and system based on light sensitive technology |
| CN104021328B (en) * | 2014-06-24 | 2018-02-06 | 上海众人网络安全技术有限公司 | Fishing website discrimination method and system based on light sensation technology |
| CN105184566A (en) * | 2015-06-16 | 2015-12-23 | 飞天诚信科技股份有限公司 | Work method of intelligent secret key equipment |
| WO2016202106A1 (en) * | 2015-06-16 | 2016-12-22 | 飞天诚信科技股份有限公司 | Work method for smart key device |
| CN105184566B (en) * | 2015-06-16 | 2018-07-17 | 飞天诚信科技股份有限公司 | A kind of working method of intelligent cipher key equipment |
| TWI678909B (en) * | 2015-08-14 | 2019-12-01 | 香港商阿里巴巴集團服務有限公司 | Safety authentication method, device and system |
| CN105956855A (en) * | 2016-01-22 | 2016-09-21 | 天地融科技股份有限公司 | Transaction method and system of electronic signature device |
| CN105956855B (en) * | 2016-01-22 | 2022-02-22 | 天地融科技股份有限公司 | Transaction method and transaction system of electronic signature device |
| CN106059773A (en) * | 2016-05-27 | 2016-10-26 | 深圳市星龙基电子技术有限公司 | Digital signature method and system |
| CN106059773B (en) * | 2016-05-27 | 2019-08-02 | 深圳市星龙基电子技术有限公司 | Digital signature method and system |
| CN107947935B (en) * | 2017-11-09 | 2021-09-17 | 深圳市文鼎创数据科技有限公司 | Message signature method, system and terminal equipment |
| CN107947935A (en) * | 2017-11-09 | 2018-04-20 | 深圳市文鼎创数据科技有限公司 | A kind of endorsement method of message, system and terminal device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101051907B (en) | 2012-08-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101051907A (en) | Safety certifying method and its system for facing signature data | |
| US11188652B2 (en) | Access management and credential protection | |
| US11625720B2 (en) | Secure in-line payments for rich internet applications | |
| EP2605567B1 (en) | Methods and systems for increasing the security of network-based transactions | |
| US8869238B2 (en) | Authentication using a turing test to block automated attacks | |
| US20110265156A1 (en) | Portable security device protection against keystroke loggers | |
| US11588638B2 (en) | Digital notarization using a biometric identification service | |
| CN101221641B (en) | On-line trading method and its safety affirmation equipment | |
| JP2006005921A (en) | Verifying human interaction to computer entity by way of trusted component on computing device | |
| CN1805339A (en) | Digital signature supporting personal trusted device and its method for implementing signature | |
| US20090220075A1 (en) | Multifactor authentication system and methodology | |
| CN102195940A (en) | Virtual-machine-technology-based data security input and submission method and system | |
| US9811827B2 (en) | System and method for providing transaction verification | |
| KR101360843B1 (en) | Next Generation Financial System | |
| He et al. | Understanding mobile banking applications’ security risks through blog mining and the workflow technology | |
| US20200204377A1 (en) | Digital notarization station that uses a biometric identification service | |
| TWI648688B (en) | Cross-validation fund transfer methods and systems | |
| Balfe et al. | Augmenting internet-based card not present transactions with trusted computing: An analysis | |
| Nagaraju et al. | A Secure Authentication and Authorization Scheme for Online Banking Systems in Cloud | |
| Saini | Comparative Analysis of Top 5, 2-Factor Authentication Solutions | |
| JP2023507568A (en) | System and method for protection against malicious program code injection | |
| Kassim et al. | Security policy issues in Internet banking in Malaysia | |
| AU2013100799A4 (en) | Secure in-line payments for rich internet applications | |
| Ahmed et al. | SECURITY THREATS ON E-VOTING SYSTEM IN NIGERIA | |
| Ajakaiye et al. | Online Based Authentication and Secure Payment Methods for M-Commerce Applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee after: BEIJING WATCHDATA Co.,Ltd. Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd. |
|
| DD01 | Delivery of document by public notice | ||
| DD01 | Delivery of document by public notice |
Addressee: BEIJING WATCHDATA Co.,Ltd. Person in charge of patentsThe principal of patent Document name: Notice of termination of patent right |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120822 |