Summary of the invention
The object of the present invention is to provide a kind of safety certifying method and system thereof towards signed data.This method and system thereof can solve " transaction is forged " and the new safety problems such as " transaction are kidnapped " that present urgent need solves, and can effectively prevent the various attacks that utilize the client secure leak to be initiated at online electronic transaction, especially improve the fail safe of the online transaction of present widely used band USB Key equipment.
In order to realize aforementioned purpose, the present invention proposes a kind of safety certifying method towards signed data, transmits data by communication link between interconnective client and service end, it is characterized in that, described safety certifying method may further comprise the steps:
S1: the user sends data to be signed by client to service end;
S2: service end is returned information to be certified to client, and logically shows information to be certified in client;
S3: the information to be certified that user customer shows is discerned, and confirms whether the content of information to be certified is correct, if the information content to be certified is correct, the user initiates the physical certifying operation, and enters step S5, otherwise, enter step S4;
S4: cancellation authentication operation;
S5: in client the described data among the S1 are carried out digital signature, and send to service end.
The present invention also proposes a kind of security certification system towards signed data, and wherein, client is connected by communication link with service end, it is characterized in that comprising:
Client device is used for user's input data to be signed, and sends described data to service end, logically shows the information to be certified from service end;
Server device receives the data that client is sent, and generates information to be certified based on described data and return to client;
Band button signature device is connected with described terminal equipment, is used for the affirmation of user to described information to be certified, and after the user confirmed described information to be certified, the user started described band button signature device described data are carried out digital signature.
Like this, make the legal user can be with physics mode, for example the mode of button be treated authentication information and is confirmed, has improved fail safe.The present invention can satisfy the demand for security of " finding is promptly signed ", prevent " transaction is forged " and " transaction is kidnapped " two kinds of new attacks, very little to the transaction system change of existing band signature authentication equipment simultaneously, make the user dropping under the minute quantity condition of cost, obtain higher fail safe.The present invention meets the requirement of technical costs and fail safe, satisfies the most urgent demand for security in existing the application.
The present invention is applicable to the online interaction system, for example shopping online, Internet-based banking services, declares dutiable goods etc. on the net.
Characteristics of the present invention and advantage are as follows:
1. utilize the characteristics of CAPTCHA technology,, thereby solve the serious safety problem that exists in the online electronic transaction of present widely used band USB Key in conjunction with the improvement of transaction flow.The user only need use the signature device that has button to get final product, and the signature device of this increase button is compared the USB Key equipment of present use and is only increased minimum cost, still the use habit that meets the user can be applied in the existing system fast, satisfies urgent demand.
2. the present invention need not the client of existing transaction system is improved, and only needs the server end transaction system is carried out minimum change, and realizes that the complexity of changing is very low, is easy to implement fast and use.
3. by flow scheme design, guaranteed the encrypted transmission of data to be signed, guaranteed the consistency of signature device and server end data, prevented client rogue program distorting data from the signature device end to server end.
4. by button operation, can guarantee that at first the wish of concluding the business according to validated user carries out, rogue program can't be forged user identity and concludes the business on the client; Secondly, can guarantee that data to be signed sign under the situation of customer acceptance, guarantee that transaction data meets user intention.
Embodiment
The authentication picture that utilizes physical certifying and CAPTCHA technology to generate combines and carries out safety certification, the picture that comprises transaction content that requires to adopt the CAPTCHA technology to generate will satisfy: 1, whether image content is by checking, must control by the user, and the judged result of whether passing through can not be imported on subscriber computer; Forge if 2 pictures are assailants, the user can discern immediately; 3, picture is difficult to distort, if distorted, user Ying Ke discerns immediately.
REFERENCE TO RELATED people is in No. 200610113569.4 Chinese invention patent application " digital signature equipment and its opposite equip. are realized the method for data interaction " of first to file, adopt the band button and possess the digital signature equipment USB Key that operates the band button of controlling list technique and can satisfy first requirement, because, the initiation of transaction and affirmation can directly be passed through by key control by the user, program can't analog subscriber behavior or forge user's judged result, and also can avoid in the direct input authentication result of client; Secondly, satisfy above-mentioned second requirement, need to have between user and the service side " the transaction identification sign indicating number " of a common agreement, to guarantee that this picture is from real service side, and this identification code consults to determine with offline mode, on subscriber computer, do not preserve, in process of exchange, can not occur yet, can only be shown to the user with CAPTCHA figure sheet mode and confirm with text mode.Because the assailant can't utilize program mode (PM) to obtain this information, randomness and interference by the CAPTCHA picture makes that the assailant is difficult to directly scan obtain this identification code from picture simultaneously, therefore, the assailant can't be forged into service side, has guaranteed the identity authenticity of information source; At last, satisfy the 3rd requirement, at first, mail to the Transaction Information that the client user authenticates and is represented by the figure sheet mode fully service side, do not comprise any text message, secondly, utilize multiple CAPTCHA technical finesse, transaction identification sign indicating number and information to be certified are superimposed upon in the picture, make it be difficult to be cut apart and separate.Because the assailant can't obtain the transaction identification sign indicating number, therefore it directly puppet produce the picture that meets service side's true identity, even directly distort the content of information to be certified in the former picture, also will destroy transaction identification sign indicating number in the former picture, therefore be easy to by User Recognition.
Fig. 1 is the structure chart of certificate scheme system in the expression embodiment of the present invention.As shown in the figure, certificate scheme relates to four entities: service side, client transaction software, band button signature device and user.Wherein dotted arrow is represented the off-line operation process, is used for the negotiation that user and services policies are carried out certain service.Solid arrow is represented data flow, and wherein the user represents user's button operation to the arrow between the band button signature device.
(1) service side: the service side that electronic transaction is provided, be positioned at electronic transaction service provider one end, usually comprise large database and transactional services end software, storage and processing service content, customer information and Transaction Information etc. are guaranteed tight security by the service provider.Need to prove, in the flow process of the present invention's design, can suppose that service side is believable, that is to say, the data that service side handles can not attacked by rogue program, or the possibility of this attack is very little or cost is very high.Just believe that as us bank can be not mistaken the amount of money of user account.In actual environment, this hypothesis is rational.
(2) client transaction software: being positioned on the subscriber computer, is the operating platform that the user carries out electronic transaction, for the user provides basic transaction service function.It receives the user's input with safeguard protection, carries out data interaction with electronic transaction service side, forms transaction data, and transaction data is sent to signature device, obtains sending to service side after the digital signature result.Equally, in the flow process of the present invention's design, we suppose that also the client trading environment is unsafe, also are that the client transaction software exists the possibility of being attacked by rogue program.The data that the data of user's input and transaction software are handled may be forged or distort.In actual environment, according to ordinary circumstance, the general-purpose operating system that the level of security that subscriber computer is all installed is low, WINDOWS system for example, this hypothesis is rational.
(3) band button signature device: similar with at present general USB Key, link to each other with subscriber computer by USB interface, deposit user's signature private key and certificate.Difference is that this signature device has button, and the user can directly control signature device by button and carry out certain specific operation, comprises affirmation and encryption and signature calculation function to data to be signed.Equally, we suppose to be with the button signature device is believable, and storage that it is inner or processing can or not be difficult to be attacked by rogue program, and perhaps the cost of this attack is very big.In actual environment, this hypothesis is rational.
(4) user: the user is the initiator and the final affirmation side of transaction of transaction.In system configuration, the user is except participating in the transaction by button in process of exchange, needing sometime and serve square tube and offline mode (for example the clerk counter transacting business that provides by the side of service etc.) is provided is reached certain agreement with regard to the service that is provided and (for example sign service agreement before transaction also, turn up service etc.), comprising the side's of service identity information is reached common understanding (for example adopting the numeral of certain common approval or the identification code of figure sheet mode).
It is emphasized that in the present invention the key that user and service side's off-line are consulted is identification service side's identity " a transaction identification sign indicating number ".The identity of its identification service side that is the user in the verification process of transaction prevents that rogue program from pretending to be service side to send the information to be certified of forgery.And, after this identification code is obtained by the user in the off-line negotiations process, and in whole process of exchange, only the form with the CAPTCHA picture shows in client, in client with text mode input or storage, guarantee this information not can or very difficult victim obtain with program mode (PM).
Fig. 2 is the structure chart of the band button signature device that uses in the embodiment of the present invention of expression.Fig. 3 is the internal logic structure figure of the band button signature device that uses in the embodiment of the present invention of expression.Last figure has shown the typical inner structure of forming of band button signature device of the present invention, owing in the aforementioned patent document of the applicant's application, make a detailed description, be not repeated at this, have only device and the unit relevant just to be illustrated with argumentation of the present invention.Band button signature device is a signature device commonly used in electronic transaction, and as the USB Key of issued by banks, and this signature device has button, also promptly possesses the physical certifying ability, but ins and outs REFERENCE TO RELATED people's aforementioned patent applications.The user can send different operational orders by button, mainly comprises two kinds: the one, and " transaction is initiated " operation, promptly the user carries out " transaction is initiated " by button notice signature device; The 2nd, " confirming transaction " operation after promptly the user confirms transaction data, is carried out signature by this operational notification signature device.Equally, signature device self is the computing environment of a secure closed, and the security performance of himself is not also at the row of consideration of the present invention.As shown in the drawing, signature device of the present invention is compared with prior USB Key, has increased the demo plant of data to be signed, and it is correct and meet user intention to guarantee to enter transaction data in the signature device.In general, this signature device comprises central processing unit, and coupled encryption and signature arithmetic unit, the demo plant of data to be signed, memory, input/output interface.
Central controller is used to other devices of controlling and coordinating to be attached thereto.In actual applications, a kind of preferred implementation of central controller is that hardware aspect adopts 32 arm processor, software aspect employing chip operating system (COS, Chip Operating System).
Encrypt and the signature arithmetic unit, can guarantee the confidentiality and integrity that instructs and reply can guarantee the fail safe of signature key and calculating process.This installs a kind of preferred implementation, is configured to coprocessor on the hardware, the arithmetical operation of multiple length that can operative norm, for example multiplication, exponentiation etc.It can directly carry out general encryption and decryption functions, independently finishes 3DES/AES and RSA Algorithm.It can also finish the mixed cipher system of being made up of 3DES/AES and RSA Algorithm under the control of central controller, to realize functions such as encryption and decryption computing, digital signature.
Memory is used to preserve key, certificate, transaction data etc.For the scheme of this invention, can adopt polytype memory simultaneously, comprise RAM, EEPROM, Flash ROM etc.
Input/output interface is used to receive, handle and responds instruction from client.When this signature device utilized USB Key to realize, input/output interface adopted the USB controller.
The demo plant of data to be signed is encrypted or signature operation data to be signed accordingly according to user's button operation.
Should be pointed out that above-mentioned each device is not limited to exist with the form of independent community, each can be as a part of central controller in these devices, also can wherein any several means be combined into an independent community.
The demo plant of data to be signed further, is described with reference to Fig. 3.This device comprises trading instruction judging unit, transaction data processing unit, key command judging unit.
The trading instruction judging unit is used to judge the type of the instruction that signature device is received from client, and when being judged as the instruction that comprises transaction data its instruction body is passed to the transaction data processing unit.The concrete function of this unit is a type of judging the instruction that is received according to the instruction head, and the notice relevant device is handled.If judging the instruction of receiving is the instruction that comprises transaction data, then instructs judging unit from this instruction, to isolate the instruction body and pass to the transaction data processing unit.
The transaction data processing unit is used for parsing actual transaction data from the instruction body that passes over, and carries out corresponding the processing according to the judged result of key command judging unit.Mainly comprise the processing of two classes, a kind of is that transaction data is carried out encryption, and a kind of is that transaction data is carried out signature operation.
The key command judging unit is used to receive and judge the key command that the user sends according to the situation of the transaction data of being discerned.When digital signature equipment detects button corresponding to different operating by the key command judging unit, just can carry out corresponding encryption or signature operation.As shown in Figure 2, on signature device USB Key, the key command judging unit comprises " key is initiated in transaction " and " trade confirmation key ".The user presses " key is initiated in transaction " behind transaction initial input transaction data, subsequently, to determine the transaction data item that shows on the client or negate according to the wish of oneself, if confirm that data item is correct and meet user intention, just press " trade confirmation key ", otherwise need not button.Whether system carries out corresponding encryption or signature operation according to the operational order of pressing the identification user of different key with decision.
The process of carrying out electronic transaction and digital signature based on above-mentioned entity and software may further comprise the steps as shown in Figure 4:
In step 400, user and service side's off-line are consulted " the transaction identification sign indicating number " of a common approval.The user preserves this transaction identification sign indicating number, with as the voucher in real trade process verification service side identity.Service side sets up the association between identification code and this user in background data base.This step does not take place in the real trade process, and the non-computer internet channel consults before any real trade, for example phone, note, scratch card or negotiation face-to-face.After this step can be finished once, carry out repeatedly transaction and effectively also can regularly carry out, upgrade the transaction identification sign indicating number.Identification code is distributed in user's hand by picture generation person is unified, is preserved by the user.Aforesaid other any ways that are meant not via computer equipment of distributing.
In step 401, the user uses the transaction software on the client, implements basic transaction operation, the input Transaction Information.Input is pressed band button signature device after finishing and (hereinafter to be referred as " key is initiated in transaction " USB Key), by such physical operations, is initiated authentication.It is pointed out that " key is initiated in transaction " and " trade confirmation key " described later not only can be that button also can be to stir input blocks such as key, soft keyboard, handwriting input.
In step 402, USB Key will carry out encryption from the transaction data that the client transaction software receives after receiving " transaction initiate " instruction, and the transaction data after will encrypting returns to the client transaction software, send to server by it.
In step 403, after server receives transaction data after the encryption, data decryption and transaction key message (for example user name, number of the account, dealing money etc.) that will be wherein and and the transaction identification sign indicating number of this user's correspondence together give the CAPTCHA module and handle.
In step 404, the CAPTCHA module generates the background picture of band interfere information at first at random, be added to after respectively transaction data and transaction identification sign indicating number being handled then on the picture background, usually the transaction data that contains much information can be placed on bottom, the transaction identification sign indicating number overlays on the transaction data, principle is that both are not easy to cut apart, and can not influence identification again simultaneously.Return the picture to be certified that comprises transaction data and transaction identification sign indicating number after finishing.
In step 405, server returns picture to be certified to the client transaction software, be presented on the screen by it, and the prompting user carries out recognition and verification.
In step 406, the User Recognition image content, whether the transaction identification sign indicating number of at first discerning in the picture is consistent with the own transaction identification sign indicating number of consulting in 400 steps, discerns transaction data in the picture then and whether meets the transaction wish of oneself.At this, identification is meant that the user is with the direct identification information content of naked eyes.
In step 407, if above-mentioned both are all correct, then forward step 409 to, otherwise, as long as wherein one incorrect, then forward step 408 to.
In step 408, treat the authentification failure of verify data, the client transaction software will be cancelled this transaction, and according to different situations, carry out some subsequent operation.Treating the verification process of verify data finishes.
In step 409, treat the authentication success of verify data, the user notifies USB Key approval to transaction data by pressing " trade confirmation " key this moment.
In step 410, after USB Key receives " trade confirmation " key command, will sign to the transaction data of before having received, and the data after will signing return to the client transaction software.
In step 411, the transaction data after the client transaction software will be signed sends to server, and continues the subsequent operation of this transaction or close the trade.Treating the verification process of verify data in this transaction finishes.
In said process, client and service side are the participation both sides of electronic transaction, communicate via Internet, follow ICP/IP protocol, need to guarantee confidentiality, integrality and the authenticity of communication data by encrypting and signing.The authentication method that above-mentioned logic and physics combine in verification process, adopts programmed logic and physics control dual mode that the information content is confirmed simultaneously, can improve fail safe.
The transaction software of client comprises the function of two aspects.One carries out finishing the basic transaction function alternately with service end; Its two, integrated sign software is supported USB Key, drives by USB Key and sends the digital signature order to USB Key, and receive the response of USB Key.Can certainly separate sign software and transaction software.
The order of client transaction software and USB Key and data interaction, the support that needs USB Key to drive.The driving that is present in client at present is one of target of trojan horse program attack.Certain dynamic link library file in the driving is replaced or be hidden in to trojan horse program, just can intercept and capture and distort the data that enter USB Key.Can in technique scheme, increase the process and the relevant apparatus of the integrality of check driving, but this there is no need, because USB Key inside can confirm that if data are distorted, the user can refuse signature according to user's physical identification to transaction data.
In said process, signature device USB Key provide timeout mechanism, can stop associative operation in official hour, finishes this transaction.Timeout mechanism can limit the time that rogue program is attacked picture to be certified, strengthens the difficulty that picture is forged or distorts, and strengthens the fail safe of verification process.Although timeout mechanism also can make user's " initiation " transaction in process of exchange simultaneously, and the identification transaction data correct after, because of certain reason, in the time of can't pressing the button on the USB Key, automatically stop this transaction, the Transaction Information of guaranteeing customer acceptance can not be in effective status for a long time, gives attacker with opportunity.On the other hand, service side's timeout mechanism that also can be provided with among timeout mechanism and the USB Key is used.
Need to prove, USB Key only provides " affirmation " button, can not provide " cancellation " button, and the operation that all users need Cancel Transaction is provided with the interface form by the client transaction software directly, this mode can not brought extra safety problem to verification process.Because, attacker at the client transaction software might be intercepted and captured " cancellation " operation of user's input, and replace with " determining " operation, but this information is invalid to service Fang Eryan, service side receives only the affirmation information that has private key signature from USB Key inside, and this private key attacker can't obtain, and therefore can't reach the attack purpose.
In addition, because the transaction identification sign indicating number is identical in repeatedly concluding the business, the assailant can intercept and capture the authentication picture in a verification process, analyze transaction identification sign indicating number wherein, just can forge the authentication picture in next time in the transaction.Therefore this certificate scheme suggestion user and service side regularly consult new transaction identification sign indicating number, or take dynamic transaction identification sign indicating number (for example after consulting a fixing transaction identification sign indicating number, affix simply changes rule), to increase the difficulty that the assailant obtains the transaction identification sign indicating number.
Below, be example explanation the present invention with the transferred account service of online Private Banking.
Fig. 5 is the figure of the CAPTCHA picture example that comprises data to be certified used in the embodiment of the present invention of expression.This figure just illustrates the CAPTCHA picture that comprises transaction identification sign indicating number and transaction data that service side's transaction system utilizes the CAPTCHA technology to generate.Wherein, IXG5B is " a transaction identification sign indicating number ", and it is the numeral that consulted before concluding the business by user and service side and the identification code of character types.And information such as the name in an account book on the background, number of the account, the amount of money are transaction data.Online Private Banking client transaction software shows this picture, and requires the user that the such transaction data of similar Fig. 5 is confirmed, confirms that correctly digital signature is carried out by " trade confirmation " key notice USB Key in the back, and transaction just can be proceeded.
Of the present invention focusing on, in the comparatively safe computing environment in service side, utilize the CAPTCHA technology to generate the very difficult authentication picture of being forged or distorting by rogue program, Transaction Information is included in wherein, in client by being used for image content identification and confirming, simultaneously, directly transaction data is signed with physics mode control USB Key.That is, the authentication method that logic and physics combine is meant in verification process, adopts programmed logic and physics control dual mode that the information content is confirmed simultaneously.In following example, what logical course used is the CAPTCHA technology, and authentication information is the picture that comprises information to be certified that can be shown by computer that utilizes that the CAPTCHA technology generates.
The Web bank's ta vservice detailed process that utilizes reality of the present invention as shown in Figure 6.
In step 600, the user is provided with the transaction identification sign indicating number at ta vservice when the online personal banking of bank counter application.
In step 601, the user uses online Private Banking client transaction software input Transaction Information.
In step 602, the client transaction software sends USB Key with Transaction Information.
In step 603, the client transaction software shows Transaction Information, and the prompting user is by " key is initiated in transaction ".
In step 604, the user presses " transaction is initiated " key on the USB Key after confirming that the Transaction Information of oneself importing is errorless.
In step 605, USB Key returns the client transaction software after Transaction Information is encrypted.
In step 606, the client transaction software is sent the transaction data of transaction request and encryption to bank.
In step 607, bank's backstage transaction system is obtained this user's transaction identification sign indicating number, utilizes the CAPTCHA module to handle itself and transaction data, generates picture to be certified, and returns to the client transaction software and show.
In step 608, User Recognition authentication image content if wherein transaction identification sign indicating number and transaction data are all correct, then enters step 613, otherwise, as long as have one incorrect, then enter step 609.
In step 609, the client transaction software judges whether the user is pressing the button that Cancels Transaction.If then enter step 610, otherwise enter step 611.
In step 610, client transaction software notice USB Key Cancels Transaction.USB Key handles accordingly.
In step 611, USB Key cancels this transaction automatically behind certain hour, and to the clients report error reason.
In step 612, the client transaction software is to the bank statement mistake and cancel this transaction, notifies the user, and flow process finishes.
In step 613, the user presses " trade confirmation " key on the USB Key.Operational order comprises safe computing order and reading and writing data order, described safe computing order comprises data encryption, data decryption, digital signature, digital digest, and described reading and writing data order comprises the read write command of SCSI (Small ComputerSystems Interface small computer system interface) regulation.
In step 614, USB Key requires client transaction software prompting user to import signature private key protection PIN.
In step 615, the client transaction software is sent the PIN of user's input into USB Key, and USB Key judges whether PIN is correct.If PIN is correct, then enters step 617, otherwise enter step 616.
In step 616, USB Key is to client transaction software reporting errors and cancellation operation.
In step 617, USB Key carries out the computing of transaction data digital signature.
In step 618, USB Key returns to the client transaction software with signed data.
In step 619, the transaction data after the client transaction software will be signed sends to bank.
In step 620, bank's certifying signature legitimacy is also carried out the account transfer operation, preserves transaction record simultaneously.
Therefore, after user end to server of the present invention sends a request message, server end returns one group of authentication picture (CAPTCHA picture), this picture has comprised the server end identity information and has needed signed data information, client notifies the user that this information is confirmed, is signed by button notice signature apparatus by the user by the back.This has just realized the need signed data being confirmed with physics mode in client, has increased client and has distorted difficulty with data falsification, has strengthened carrying out the fail safe of signed data.
The present invention can satisfy the demand for security of " finding is promptly signed ", prevent " transaction is forged " and " transaction is kidnapped " two kinds of new attacks, very little to the transaction system change of existing band signature authentication equipment simultaneously, make the user dropping under the minute quantity condition of cost, obtain higher fail safe.The present invention meets the requirement of technical costs and fail safe, satisfies the most urgent demand for security in existing the application.