Background technology
At present, USBKEY (USB interface electric signing tools) was as authentication and digital certificates instrument during the Internet bank used, be widely adopted, use by USBKEY can encrypt, sign, authenticate data, make transaction have the characteristic of non-repudiation, can improve the security that Web bank uses greatly.
When the user uses USBKEY, generally all be to connect on computers, when carrying out the data input, all data all are to import on computers, sending to USBKEY by computing machine calculates, and present computer virus and network hacker are very rampant, and a lot of trojan horse programs can allow the hacker pass through net background Long-distance Control user's computer.Like this, if hacker's Long-distance Control this computing machine, just can be by the leak of operating system, intercept and capture the data of issuing USBKEY midway, replace in the dark and send to the operation such as signature, encryption that USBKEY carries out these " falseness " data after some critical datas again, because USBKEY does not have verification scheme usually to data, this situation user does not have institute and discovers.So just might cause damage to the user.Use USBKEY to conclude the business to the user virtually and brought potential safety hazard.
Simultaneously; the method of falsely using after protection USBKEY is not stolen by others now generally is to use a password to protect, and generally is in use, and computing machine can require the user to input this password; password is when time efficient in operation, and need once more input this password when using USBKEY next time.But because password all is to import on computer keyboard, send to USBKEY's by computing machine, and computing machine might be by others' Long-distance Control, so this password is easy to be intercepted and captured, grasped the hacker of this password, just can pull strings from behind the scene USBKEY, under the unwitting situation of the USBKEY owner, falsely use and usurp by Long-distance Control.Even if the use dynamic password, perhaps other cryptoguard means, the password of intercepting and capturing when inferior quilt just can be to allow the hacker cause damage to the user at that time.
Further, at present on carrying out the internet during electronic transaction, often be to use real account number of user and corresponding password, these data all will be by user oneself input computing machine, send to after USBKEY encrypts, send on the internet by computing machine again, these account numbers are if the number of user's deposit card or credit card, after being intercepted and captured by others, just may make false card, and go Automatic Teller Machine (ATM) to carry out enchashment with real password, this risk is very huge.
Summary of the invention
In view of above-mentioned existing in prior technology problem, in order to improve the security of Web bank, make the relieved use of user Web bank, the Secure Transaction control method and the Secure Transaction control device that the purpose of this invention is to provide a kind of network bank trading, can strengthen the security of internet bank trade, can also strengthen simultaneously the accuracy and the reliability of transaction data, and easy to use, easy operating.
The objective of the invention is to be achieved through the following technical solutions:
A kind of Secure Transaction control method of network bank trading comprises:
A, user side send to the Internet bank by the internet with transaction message, initiate transaction request;
B, the Internet bank send the short message that comprises confirmation by communication network and arrive user's terminal device;
C, user side are according to the affirmation information of obtaining, and the processing confirmation, send by the internet then and confirm to instruct to the Internet bank, finish process of exchange.
Described transaction message comprises that data to be transacted and USB interface electric signing tools USBKEY are the electronic signature data of data computation to be transacted; Perhaps,
Described confirmation comprises transaction data information to be confirmed and trade confirmation sign indicating number, and user side judges by transaction data information to be confirmed whether transaction is correct, and can confirm the transaction operation by this trade confirmation sign indicating number, finishes process of exchange.
Described trade confirmation sign indicating number is the trading password of the described transaction of Internet bank's setting; Perhaps, described trade confirmation sign indicating number is the dynamically trading password of the described transaction of generation of the Internet bank.
Described trade confirmation sign indicating number is that limit is effectively inferior; Perhaps, described trade confirmation sign indicating number is effective in the time of setting; Perhaps, described trade confirmation sign indicating number is that limit is effectively inferior in the time of setting.
Described step B comprises:
B1, network trading control end send the short message that comprises confirmation by mobile communications network and arrive user's portable terminal; Perhaps,
B2, network trading control end send the fixed terminal of confirmation to the user by fixed communication network.
Described step C comprises:
C1, user side obtain the transaction data information to be confirmed in the affirmation information that the Internet bank sends; And whether disconnected transaction data information to be confirmed is correct, in this way, admits described transaction, otherwise, deny described transaction;
C2, admit as user side as described in transaction, send trade confirmation and instruct to the Internet bank; Whether the trade confirmation confirmation command transaction that the Internet bank sends according to user side is successful, finishes current process of exchange; Transaction as described in denying as user side sends the transaction command for stopping to the Internet bank, stops current transaction.
Described step C2 comprises:
C21, user side obtain the trade confirmation sign indicating number in the affirmation information that the Internet bank sends; And the trade confirmation sign indicating number is sent to the Internet bank as trade confirmation instruction; Perhaps,
C22, user side obtain the trade confirmation sign indicating number in the affirmation information that the Internet bank sends; And the electronic signature data that trade confirmation sign indicating number and USBKEY are calculated for the trade confirmation yardage instruction is sent to the Internet bank as trade confirmation; Perhaps,
C23, user side obtain the trade confirmation sign indicating number in the affirmation information that the Internet bank sends; And generate the trade confirmation instruction by the trade confirmation sign indicating number and be sent to the Internet bank.
A kind of Secure Transaction control device of network bank trading is located at Internet bank place, comprising:
The transaction data receiver module receives transaction message and operational order that user side is sent;
The transaction processing module, the transaction message of sending according to user side generates confirmation, for user side sends confirmation; And, finish process of exchange according to the operational order affirmation user side transaction request that user side is sent.
Described transaction processing module comprises:
The confirmation generation module, the transaction message of sending according to user side generates confirmation;
The confirmation sending module is for user side sends confirmation;
The operational order processing module is confirmed the user side transaction request according to the operational order that user side is sent, and finishes process of exchange
Described confirmation generation module comprises:
Confirmation limits module: the effective degree and/or the effective time that limit trade confirmation sign indicating number in the confirmation.
As seen from the above technical solution provided by the invention, the Secure Transaction control method of a kind of network bank trading of the present invention and Secure Transaction control device, its core is that user side sends to the Internet bank by the internet with transaction message, initiates transaction request; The Internet bank sends the short message that comprises confirmation by communication network and arrives user's terminal device; User side sends by the internet according to the affirmation information of obtaining to be confirmed to instruct to the Internet bank, finishes process of exchange.The user time can guarantee that in transaction current transaction is oneself to want the transaction that takes place, and authenticity, accuracy and the security of transaction can both be guaranteed fully.To the non repudiation of trading signature, and fully guaranteed the security of user account password in also having made full use of simultaneously USBKEY bank using on the net.
Embodiment
The Secure Transaction control method of a kind of network bank trading of the present invention, its core are that user side sends to the Internet bank by the internet with transaction message, initiate transaction request; The Internet bank sends the short message that comprises confirmation by communication network and arrives user's terminal device; User side sends by the internet according to the affirmation information of obtaining to be confirmed to instruct to the Internet bank, finishes process of exchange.
Described transaction message comprises that data to be transacted and USBKEY are the electronic signature data of data computation to be transacted.
Above, the Internet bank can send the short message that comprises confirmation by mobile communications network and arrive user's portable terminal; Perhaps, the Internet bank sends the short message that comprises confirmation by fixed communication network and arrives user's fixed terminal.
The affirmation information here generally includes user side can be used to confirm to conclude the business trade confirmation sign indicating number and the transaction data information to be confirmed of operation, just comprises data such as fund take over party in the process of exchange, payment and encloses a trade confirmation sign indicating number simultaneously.
And the trade confirmation sign indicating number here is the trading password of the described transaction of Internet bank's setting; It also can be the dynamically trading password of the described transaction of generation of the Internet bank.Certainly in order further to improve security, can set effective degree for described trade confirmation sign indicating number, effectively inferior as working as; Can be to set effective time also for described trade confirmation sign indicating number; Can also be for being to set effective degree and effective time for described trade confirmation sign indicating number simultaneously.
This moment, user side judged whether transaction data information to be confirmed is correct, judged just whether this transaction is correct, and user side obtains the transaction data information to be confirmed in the affirmation information that the Internet bank sends; User side judges whether transaction data information to be confirmed is correct, in this way, admits described transaction, otherwise, deny described transaction.Concrete grammar is that user side reads data messages such as fund take over party in the affirmation information that mobile terminal Internet access network bank sends, payment, judges whether in this way, then to admit described transaction into this transaction situation of user side, otherwise, deny described transaction.
Transaction as described in admitting as user side sends trade confirmation and instructs to the Internet bank; Whether the trade confirmation confirmation command transaction that the Internet bank sends according to user side is successful, finishes current process of exchange; Three kinds of modes are specifically arranged:
1, user side obtains the trade confirmation sign indicating number in the affirmation information that the Internet bank sends; And the trade confirmation sign indicating number is sent to the Internet bank as trade confirmation instruction;
2, user side obtains the trade confirmation sign indicating number in the affirmation information that the Internet bank sends; And be that instruction is sent to the Internet bank to the electronic signature data calculated of trade confirmation sign indicating number and/or transaction data as trade confirmation with trade confirmation sign indicating number and USBKEY;
3, user side obtains the trade confirmation sign indicating number in the affirmation information that the Internet bank sends; And generate the trade confirmation instruction by the trade confirmation sign indicating number and be sent to the Internet bank.
Transaction as described in denying as user side sends the transaction command for stopping to the Internet bank, stops current transaction.
No matter which kind of user side sends and confirms instruction, and the Internet bank is all by the said process process of closing the trade.
Embodiment one
The preferred implementation of the Secure Transaction control method of a kind of network bank trading of the present invention comprises for the example detailed process with the network bank trading as shown in Figure 1:
Step 11, user side send transaction message by network to the Internet bank;
Here user side sends transaction message to the Internet bank by the internet, and described transaction message refers to that data to be transacted and USBKEY are the electronic signature data of data computation to be transacted; Data to be transacted generally comprise the other side's identity information, dealing money and/or the type of transaction of transaction.
Step 12, the Internet bank are sent to user side with the critical data information and the trade confirmation sign indicating number of this transaction by the mode of short message portable terminal;
Critical data information refers to transaction data information to be confirmed and trade confirmation sign indicating number, and user side judges by transaction data information to be confirmed whether transaction is correct, and can confirm the transaction operation by this trade confirmation sign indicating number, finishes process of exchange.
Obviously, the Internet bank can send the short message that comprises confirmation by fixed communication network and arrive user's fixed terminal.
Certainly, before step, need to inform this user's of the Internet bank mobile terminal number, or dual mode arranged:
1, when step 11 sends transaction message, user's mobile terminal number is together sent to the Internet bank;
2, when the user registers the Internet bank, user's mobile terminal number is informed the Internet bank.
Step 13, user side judge whether the critical data information of this transaction that the Internet bank sends is correct, and execution in step 14 in this way; Otherwise, execution in step 15;
Step 14, admit that described transaction is correct, send trade confirmation and instruct to the Internet bank;
The affirmation instruction here can be obtained by following three kinds of modes:
1, user side obtains the trade confirmation sign indicating number that the Internet bank sends; And with the trade confirmation sign indicating number as trade confirmation;
2, user side obtains the trade confirmation sign indicating number of the Internet bank; And be that the electronic signature that trade confirmation sign indicating number and/or transaction data calculate configuration is instructed as trade confirmation with trade confirmation sign indicating number and USBKEY;
3, user side obtains the trade confirmation sign indicating number of the Internet bank; And by the instruction of trade confirmation sign indicating number generation trade confirmation.
Whether step 15, the Internet bank receive and judge trade confirmation that user side sends and instruct correctly, and transaction is finished in the operation of concluding the business in this way; Otherwise, refusal transaction operation;
Step 16, user side are denied described transaction, send the transaction command for stopping to the Internet bank; The Internet bank stops current transaction.
The Secure Transaction control device of a kind of network bank trading of the present invention is located at the Internet bank, comprises transaction data receiver module and transaction processing module as shown in Figure 2, and the transaction data receiver module receives transaction message and operational order that user side is sent; The transaction processing module, the transaction message of sending according to user side generates confirmation, for user side sends confirmation; And, finish process of exchange according to the operational order affirmation user side transaction request that user side is sent.
Described transaction processing module comprises confirmation generation module, confirmation sending module and operational order processing module, and wherein, the transaction message that the confirmation generation module is sent according to user side generates confirmation; The confirmation generation module can comprise that confirmation limits module, is used for limiting the effective degree and/or the effective time of confirmation trade confirmation sign indicating number.
The confirmation sending module is for user side sends confirmation;
The operational order processing module is confirmed the user side transaction request according to the operational order that user side is sent, and finishes process of exchange.The operational order of sending as user side is the trade confirmation instruction, judges then whether described trade confirmation instruction is correct, and the transaction request of sending according to user side is finished described transaction operation in this way; Otherwise, refuse described transaction operation; The operational order of sending as user side is the transaction command for stopping, then stops described transaction operation.
By technique scheme, the user time can guarantee that in transaction current transaction is oneself to want the transaction that takes place, and authenticity, accuracy and the security of transaction can both be guaranteed fully.To the non repudiation of trading signature, and fully guaranteed the security of user account password in also having made full use of simultaneously USBKEY bank using on the net.
In sum, use technical scheme of the present invention, it mainly has following several advantage:
1, be easy to realize: the change to original bank system of web is little;
2, cost is low: do not need the USBKEY that is using in the existing application is made any change and changes, just change in software and application controls and get final product.
3, highly versatile: be applicable to nearly all USBKEY on this methodological principle.
4, practical, be convenient to popularize: the application that all is mature technology.
5, safe: as to have solved prior USB KEY fully and carried out the transaction reliability of internet bank trade and the potential safety hazard of data validity and accuracy; Simultaneously user account password has been carried out sufficient protection.
In a word, use the inventive method, increased the security that the user uses, simple and convenient, be convenient to popularize.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claim.