CN102238171B - Intelligent key device, and system and method for improving security of online transaction and authentication - Google Patents
Intelligent key device, and system and method for improving security of online transaction and authentication Download PDFInfo
- Publication number
- CN102238171B CN102238171B CN201110104042.6A CN201110104042A CN102238171B CN 102238171 B CN102238171 B CN 102238171B CN 201110104042 A CN201110104042 A CN 201110104042A CN 102238171 B CN102238171 B CN 102238171B
- Authority
- CN
- China
- Prior art keywords
- identifying code
- unit
- algorithm
- true form
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention relates to an intelligent key device, and a system which comprises the intelligent key device and is used for improving security of online transaction and authentication, and a related method. The intelligent key device is composed of a key system communication processing unit, a command processing unit, a verification code algorithm generation unit, a verification code verifying unit and a verification code algorithm management unit. The system for improving security of online transaction and authentication comprises a verification code server, a verification code user interface module and the intelligent key device. The intelligent key device internally installs or downloads a verification algorithm according to user requirement, and selects the currently used verification code algorithm according to default or user instructions. In an online transaction and authentication process, the intelligent key device transmits verification codes related to corresponding authentication instructions and transaction instructions to the user interface module for acknowledgement before executing the authentication instructions and the transaction instructions having higher security requirements, thereby improving security of online transaction and authentication.
Description
Technical field
The present invention relates to information security field, particularly intelligent key apparatus and for strengthening the method and system of interconnected online transaction, authentication web system security of intelligent cipher device.
Background technology
The use of the Internet online transaction system and authentication web system is more and more general, because open the Internet exists many unsafe factors, uses intelligent key system enhancing online transaction, authentication web security of system to become a general Technology Ways.
Intelligent key apparatus, is called again USB Key conventionally, is a kind of USB interface-based small hardware equipment, and the built-in CPU of equipment, memory, chip operating system (COS), can store user key or digital certificate, and built-in corresponding cryptographic algorithm.In use, utilize the authentication to user identity of cryptographic algorithms' implementation in intelligent key apparatus, or to the web transaction data Password Operations process such as sign.
CPU in intelligent key apparatus, memory, chip operating system are integrated into a safe COS chip conventionally, possess the security features such as hardware non-reproduction, guarantee the fail safe of key, digital certificate and cryptographic algorithm in cipher key system, thereby further guaranteed the fail safe that user authenticates, concludes the business.Yet current intelligent key apparatus adopts PIN code as authorizing safeguard measure substantially, cannot resist the attack patterns such as Replay Attack, network wooden horse.Improve fail safe, the most general method is except PIN code, to adopt the multiple-factor authentication modes such as fingerprint, demonstration, note.Chinese patent 200810115364.9 has adopted the mode that shows dynamic password on intelligent key apparatus, 200810002415.7 modes that adopt short-message verification of Chinese patent, and Chinese patent 200710043441.X provides the mode that adopts fingerprint.
All these multiple-factor authentication modes are improving the ability of the attack patterns such as intelligent key apparatus opposing Replay Attack and the attack of network wooden horse in varying degrees.But simultaneously because it has adopted polyfactorial authentication mode, need to obtain the support (note) of system side, or on intelligent key apparatus, increase the extra hardware systems such as fingerprint module or display module, cause system cost significantly to promote, affected the popularization of this type of scheme.
Summary of the invention
The invention provides a kind of intelligent key apparatus solution prior art in order to improve the attack pattern abilities such as intelligent key apparatus opposing Replay Attack and the attack of network wooden horse and to increase hardware system, the problem that the system cost causing increases.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of intelligent key apparatus, and this device comprises:
Identifying code algorithm generation unit;
Identifying code authentication unit; With
Identifying code algorithm management unit;
Wherein:
At least one identifying code algorithm is stored in described identifying code algorithm management unit, and notifies described identifying code algorithm generation unit current identifying code algorithm;
Described identifying code algorithm generation unit generates identifying code according to current identifying code algorithm;
Described identifying code authentication unit judges that whether identifying code is correct.
On the basis of technique scheme, the present invention can also do following restriction:
Further, this device also comprises:
Communications processor element; With
Command process unit,
Wherein:
Described communications processor element provides interface communication function for described intelligent key apparatus;
Described command process unit carries out chip operating system command process.
Further, wherein:
Communications processor element is connected with command process unit, identifying code authentication unit and identifying code algorithm management unit;
Command process unit is also connected with identifying code algorithm generation unit with identifying code authentication unit;
Identifying code algorithm generation unit is connected with identifying code algorithm management unit with identifying code authentication unit.
Further, wherein said identifying code algorithm generation unit comprises:
True form generation unit;
Identifying code true form concatenation unit;
Identifying code algorithm selected cell;
The first true form input unit;
Identifying code generates input unit; With
Identifying code generation unit.
Further, wherein:
Described true form generation unit is used for generating identifying code true form and sends to described identifying code true form concatenation unit;
Described identifying code true form concatenation unit is used for the identifying code true form receiving from true form generation unit to be spliced into complete identifying code true form, and sends to respectively described identifying code authentication unit and described identifying code to generate input unit described complete identifying code true form;
Described the first true form input unit is used for receiving true form, and sends described identifying code generation input unit to;
Described identifying code generates input unit for combining by the complete identifying code true form receiving from described identifying code true form concatenation unit with from the true form of described the first true form input unit reception, and sends to described identifying code generation unit;
Described identifying code algorithm selected cell is selected identifying code algorithm for the indication of sending according to identifying code algorithm management unit, and selection result is sent to described identifying code algorithm management unit;
Described identifying code generation unit generates the result of the combination of input unit output for Receipt Validation code, according to the indication of identifying code algorithm selected cell, select identifying code algorithm, generates the identifying code true form that finally sends to user side.
Further, the true form that wherein said true form generation unit generates is random true form, and the true form that the first true form input unit receives is nonrandom true form.
Further, wherein:
Described the first true form input unit generates input unit with described command process unit and described identifying code and is connected;
Described identifying code true form concatenation unit generates input unit with described identifying code authentication unit, true form generation unit and identifying code and is connected;
Described identifying code algorithm selected cell is connected with identifying code generation unit with described identifying code algorithm management unit;
Described identifying code generation unit is also connected with communications processor element.
Further, wherein:
Described identifying code authentication unit comprises:
Identifying code input unit;
Identifying code contrast unit;
The second true form input unit.
Further, wherein:
Described identifying code input unit is for receiving the identifying code of user's input and sending it to identifying code contrast unit;
The identifying code true form that described the second true form input unit sends for Receipt Validation code calculation generation unit, and described identifying code true form is stored and spliced, and send to identifying code contrast unit;
The identifying code true form that the identifying code that described identifying code contrast unit sends for Receipt Validation code input unit and the second true form input unit send, contrasts it, and exports comparing result to command process unit.
Further, wherein:
Identifying code input unit is connected with described communications processor element with identifying code contrast unit;
Described the second true form input unit is connected with identifying code algorithm generation unit,
Described identifying code contrast unit is connected with identifying code input unit with described true form input unit,
Described identifying code input unit is also connected with described command process unit with described identifying code contrast unit.
Further, wherein:
Described identifying code algorithm management unit comprises:
Algorithm stores unit;
Algorithm selected cell;
Algorithm download unit; With
Administrative unit.
Further, wherein:
Described administrative unit selects for algorithm types and algorithm is downloaded, notice identifying code algorithm generation unit generates identifying code, carry out identifying code verification, and according to the check results of identifying code authentication unit, judge whether to allow algorithm types to select and algorithm download, described administrative unit is also for control algolithm selected cell and algorithm download unit;
Described algorithm stores unit is used for storing identifying code algorithm, and notifies described identifying code algorithm generation unit to generate corresponding identifying code according to current algorithm type selecting;
Described algorithm download unit under the control of described administrative unit, carries out the download of identifying code algorithm by described communications processor element, and by downloaded identifying code algorithm stores in algorithm stores unit;
Described algorithm selected cell is under the control of described administrative unit, by described communications processor element, receive the algorithm types of user's input, and notify described algorithm stores unit, by described algorithm stores unit, notify described identifying code algorithm generation unit generate identifying code example and described identifying code example is sent back to algorithm selected cell, and described identifying code example is issued to user by described communications processor element.
Further, wherein,
Described algorithm stores unit is connected with described identifying code algorithm generation unit with administrative unit;
Described administrative unit is connected with described identifying code authentication unit, algorithm selected cell, algorithm download unit;
Described algorithm download unit is connected with described communications processor element, algorithm stores unit;
Described algorithm selected cell is connected with algorithm stores unit with described communications processor element.
Further, wherein said intelligent key apparatus also comprises PC communication module and the non-PC communication module being connected with communications processor element.
Further, wherein:
Described PC communication module is USB interface,
Non-PC communication module is display module and/or sounding communication module.
Further, wherein said identifying code is the non-legible identifying code of non-text attribute.
The present invention also provides a kind of system that improves online transaction and authentication security, and this system comprises:
Identifying code server;
The identifying code subscriber interface module being connected with described identifying code server; With
As above described in arbitrary, and the intelligent key apparatus being connected with described identifying code subscriber interface module.
On the basis of technique scheme, the present invention can also do following restriction:
Further, wherein said identifying code server comprises:
Server algorithm stores unit;
Server network communications processor element; With
Server algorithm management unit forms,
Wherein:
Server algorithm stores unit is connected with server algorithm management unit with server network communications processor element respectively, and
Server network communications processor element is connected with server algorithm management unit and described identifying code subscriber interface module.
Further, wherein said identifying code subscriber interface module comprises:
User interface network service processing unit;
User interface local communication processing unit;
User interface management unit;
Administrative unit I/O Interface;
Identifying code display interface; With
User rs authentication code inputting interface,
Wherein:
User interface network service processing unit is connected with user interface management unit with described server network communications processor element, user interface local communication processing unit;
User interface local communication processing unit is also connected with described intelligent key experiment device, identifying code display interface, user rs authentication code inputting interface, user interface management unit respectively;
User interface management unit is also connected with administrative unit I/O Interface.
Further, wherein said user interface local communication processing unit is connected with the communications processor element of described intelligent key apparatus.
The present invention also provides a kind of verification method for aforesaid intelligent key apparatus, comprising:
(A) described intelligent key apparatus receives user's, and in the situation that order needs verification, in order for change the order of identifying code algorithm types in the situation that or carry out step (B) in the situation that order needs verification but do not need to carry out transaction content confirmation;
(B) start identifying code algorithm generation unit, generate identifying code, identifying code and one of identifying code true form are sent to identifying code authentication unit, and described identifying code is the non-legible identifying code of non-text attribute;
(C) identifying code authentication unit sends identifying code to user side, waits for user's identification, and returns to recognition result;
(D) identifying code authentication unit judges whether user returns to identifying code, if received, enters next step identifying code checking procedure; If also do not received, judge whether overtime; When having overtime situation to occur, the finish command handling process;
(E), when identifying code authentication unit is received identifying code, itself and identifying code true form are compared;
(F) when compared result is incorrect, direct the finish command handling process.
Further, the method also comprises:
After step (A), in the situation that order does not need verification, walk normal command process flow process, until finish.
Further, wherein:
Described generation identifying code is the random identifying code that generates.
Further, wherein:
Described generation identifying code is the random identifying code that generates.
Further, wherein:
Step (B) is carried out in the situation that order needs verification.
Further, wherein:
In step (F), when comparison result is correct, enter normal command process flow process.
Further, wherein:
Step (B) is to carry out the in the situation that of changing the order of identifying code algorithm types in order;
In step (F), when comparison result is correct, enter subsequent authentication code calculation selection course, identifying code administrative unit sends the alternative identifying code example store to user side, and waits for user's selection result; If receive identifying code algorithm newtype, change default identifying code algorithm types; When not receiving newtype, by the finish command handling process,
Described verification method is the system of selection of a kind of identifying code algorithm types.
Further, wherein:
Step (B) is to carry out the in the situation that of changing the order of identifying code algorithm types in order;
In step (F), when comparison result is correct, enter subsequent authentication code calculation Renewal process, identifying code administrative unit waits for that user sends new identifying code algorithm; If receive new identifying code algorithm, identifying code algorithm carried out to Authority Verification; If Authority Verification passes through, add new identifying code algorithm; Do not pass through, the finish command handling process,
Described verification method is a kind of identifying code algorithm update method.
Further, wherein:
Step (B) needs verification in order, but does not need to carry out to carry out in the situation of transaction content confirmation; If order needs verification, and need to carry out transaction content while confirming, and start identifying code algorithm generation unit, extract transaction content, generate special identifying code true form, and according to selected identifying code generating algorithm, transaction content and special identifying code are merged to the unified identifying code of generation;
Described verification method is a kind of transaction content confirmation method.
Further, also comprise:
When identifying code authentication unit is received special identifying code, itself and special identifying code true form are compared;
When comparison result is correct, enter normal transaction command process flow process; When compared result is incorrect, the command process of directly closing the trade flow process.
Further, wherein:
Step (B) is carried out in the situation that order needs verification, also comprises:
At least two identifying code true forms of random generation, and be spliced into identifying code true form;
According at least two identifying code true forms, generate respectively at least two identifying codes accordingly;
Described identifying code, one of identifying code true form are sent to identifying code authentication unit;
Identifying code authentication unit sends one of them identifying code to user side by PC communication interface, by non-PC communication interface, sends another one identifying code to user side, waits for user's identification;
User receives identifying code from PC communication interface, is spliced into voluntarily integrity authentication code, and returns to identifying code by PC communication interface,
Described verification method is a kind of non-PC communication module verification method.
Further, described identifying code is the non-legible identifying code of non-text attribute.
The invention has the beneficial effects as follows: in intelligent key apparatus, increased identifying code algorithm generation unit, identifying code authentication unit and identifying code algorithm management unit, can before any command process of identifying code checking process, carry out identifying code verification, therefore, when having improved the attack pattern abilities such as intelligent key apparatus opposing Replay Attack and the attack of network wooden horse, without increase the hardware such as expensive fingerprint module or display module on intelligent key apparatus, also without modernization system side, easy to use, simply, with low cost.
Accompanying drawing explanation
Fig. 1 is a kind of intelligent key apparatus structured flowchart provided by the invention;
Fig. 2 is identifying code algorithm generation unit 3 structured flowcharts in Fig. 1;
Fig. 3 is identifying code authentication unit 4 structured flowcharts in Fig. 1;
Fig. 4 is identifying code algorithm management unit 5 structured flowcharts in Fig. 1;
Fig. 5 is a kind of structured flowchart that improves the system of online transaction and authentication security provided by the invention;
Fig. 6 is the flow chart of a kind of identifying code method of calibration provided by the invention;
Fig. 7 is the flow chart of a kind of identifying code algorithm types provided by the invention system of selection;
Fig. 8 is the flow chart of a kind of identifying code algorithm update method provided by the invention;
Fig. 9 is the flow chart of a kind of transaction content confirmation method provided by the invention;
Figure 10 is the flow chart of a kind of non-PC communication module verification method provided by the invention;
Figure 11 is that a kind of picture validation code provided by the invention generates and checking process figure;
Figure 12 is a kind of picture validation code schematic diagram provided by the invention.
In accompanying drawing, the list of parts of each label representative is as follows:
1, communications processor element,
2, command process unit,
3, identifying code algorithm generation unit,
301, true form generation unit, 302, identifying code true form concatenation unit, the 303, first true form input unit, 304, identifying code generates input unit, 305, identifying code generation unit, 306, identifying code algorithm selected cell,
4, identifying code authentication unit,
401, identifying code input unit, 402, identifying code contrast unit, the 403, second true form input unit,
5, identifying code algorithm management unit,
501, algorithm stores unit, 502, algorithm selected cell, 503, algorithm download unit, 504, administrative unit,
A, identifying code server,
A1, server algorithm stores unit, A2, server network communications processor element, A3, server algorithm management unit,
B, identifying code subscriber interface module,
B1, user interface network service processing unit, B2, user interface local communication processing unit, B3, user interface management unit, B4, administrative unit I/O Interface, B5, identifying code display interface, B6, user rs authentication code inputting interface
C, intelligent key apparatus.
Embodiment
Below in conjunction with accompanying drawing, principle of the present invention and feature are described, example, only for explaining the present invention, is not intended to limit scope of the present invention.
For making object of the present invention, technical scheme and effect clearer, below in conjunction with accompanying drawing and instantiation, the present invention is elaborated.
Fig. 1 is the structured flowchart of intelligent key apparatus of the present invention.As shown in Figure 1, intelligent key apparatus comprises communications processor element 1, command process unit 2, identifying code algorithm generation unit 3, identifying code authentication unit 4 and 5 five of identifying code algorithm management unit part.
Communications processor element 1 completes the interface communication function of intelligent key apparatus C, and command process unit 2 is for completing conventional COS(card operating system) command process.Identifying code algorithm generation unit 3, according to the indication of identifying code algorithm management unit 5 (selecting if there is many algorithms), is selected the identifying code algorithm of current use, generates at random identifying code true form, and wherein identifying code can be non-legible identifying code.Non-legible identifying code is non-text (letter, numeral, word etc.) attribute, and the concrete generating algorithm of non-legible identifying code itself does not belong to content of the present invention, in patent CN200710161038.7, CN200710161039.1 etc., all describes to some extent.Identifying code authentication unit 4 can be compared the identifying code of the identifying code true form that is stored in intelligent key apparatus C and user's input, and correct judgment whether.Identifying code algorithm management unit 5 is for storing identifying code algorithm and notifying identifying code algorithm generation unit 3 current identifying code algorithm.In above-mentioned intelligent key apparatus C, described communications processor element 1 carries out bidirectional data interaction respectively and between command process unit 2, identifying code authentication unit 4 and identifying code algorithm management unit 5.Described command process unit 2 is connected with described identifying code authentication unit 4 and carries out two-way communication, and described command process unit 2 is connected with identifying code algorithm generation unit 3, and it generates the information of identifying code true form to described identifying code algorithm generation unit 3, to send order.Described identifying code algorithm generation unit 3 is also connected with identifying code algorithm management unit 5 with identifying code authentication unit 4 respectively.Described identifying code algorithm generation unit 3 sends its identifying code true form generating to described identifying code authentication unit 4.Between described identifying code algorithm generation unit 3 and described identifying code algorithm management unit 5, carry out bidirectional data interaction.Above-mentioned intelligent key apparatus C in conjunction with identifying code algorithm generation unit 3 and identifying code authentication unit 4, can carry out identifying code checking procedure before any command process, with the legitimacy of confirming that the current command is processed.
As shown in Figure 2, identifying code algorithm generation unit 3 comprises: true form generation unit 301, identifying code true form concatenation unit 302, the first true form input unit 303, identifying code generate input unit 304, identifying code generation unit 305 and identifying code algorithm selected cell 306.
Wherein, the first true form input unit 303 is connected with command process unit 2 and identifying code generation input unit 304.Identifying code true form concatenation unit 302 generates input unit 304 with identifying code authentication unit 4, true form generation unit 301 and identifying code and is connected.Identifying code algorithm selected cell 306 is connected with identifying code generation unit 305 with identifying code algorithm management unit 5.Identifying code generation unit 305 is also connected with communications processor element 1.
True form generation unit 301: it can generate at random identifying code true form and send to identifying code true form concatenation unit 302, identifying code true form can be the coding of numeral, letter or various words and word, and random true form can generate repeatedly.
Identifying code true form concatenation unit 302: when true form generation unit generates true form more than 301 time, true form is spliced into complete identifying code true form by identifying code true form concatenation unit 302.Identifying code true form concatenation unit 302 can, by identifying code true form notice identifying code authentication unit 4, send to identifying code to generate input unit 304 identifying code true form.
The first true form input unit 303: when needs are inputted nonrandom generation true form, such as transaction content or other information, by the first true form input unit 303 from the external world such as command process unit 2 carries out input information, and send identifying code to and generate input unit 304.
Identifying code generates input unit 304: the true form of the identifying code true form of the random generation receiving from identifying code true form concatenation unit 302 and the nonrandom generation that receives from the first true form input unit 303 is generated to input unit 304 at identifying code and be combined into integral body, and send to identifying code generation unit 305.
Identifying code algorithm selected cell 306: the selected identifying code algorithm of identifying code generation unit 305 is selected in its indication according to identifying code algorithm management unit 5, selection result can be notified to identifying code algorithm management unit 5 simultaneously, the in the situation that of needs, identifying code algorithm selected cell 306 can also be indicated the random identifying code that generates of identifying code generation unit 305, is then beamed back identifying code algorithm management unit 5.
Identifying code generation unit 305: it can generate the integral result that input unit 304 is combined into by Receipt Validation code, according to the indication of identifying code algorithm selected cell 306, select identifying code algorithm, generate the identifying code true form of the non-legible form that finally sends to user side, and send to user side by communications processor element 1.
As shown in Figure 3, identifying code authentication unit 4 is comprised of following functional unit: the second true form input unit 403, identifying code input unit 401, identifying code contrast unit 402.Wherein, identifying code input unit 401 is connected with communications processor element 1 with identifying code contrast unit 402, identifying code contrast unit 402 is connected with identifying code input unit 401 with the second true form input unit 403, and identifying code input unit 401 is also connected with command process unit 2 with identifying code contrast unit 402, and the second true form input unit 403 is also connected with identifying code algorithm generation unit 3.
The second true form input unit 403: the identifying code true form of its Receipt Validation code calculation generation unit 3 inputs, and send to identifying code contrast unit 402.When needs are inputted a plurality of identifying code true form, it is also stored and splicing work accordingly as required.
Identifying code input unit 401: it receives the identifying code of user's input by communications processor element 1.Identifying code input unit 401 as required, can be determined maximum latency by the overtime mechanism that waits, and when overtime situation occurs, notify user and command process unit 2 to process.
Identifying code contrast unit 402: the identifying code true form that the identifying code that its Receipt Validation code input unit 401 sends and the second true form input unit 403 send, it is contrasted, and export comparing result, notification command processing unit 2 and user carry out subsequent treatment.
As shown in Figure 4, identifying code algorithm management unit 5 at least one identifying code algorithm of storage, and notify identifying code algorithm generation unit 3 current identifying code algorithm.Identifying code algorithm management unit 5 comprises: algorithm stores unit 501, algorithm selected cell 502, administrative unit 504, algorithm download unit 503.Wherein, algorithm stores unit 501 is connected with algorithm generation unit 3 with administrative unit 504.Administrative unit 504 is connected with identifying code authentication unit 4, algorithm selected cell 502, algorithm download unit 503.Algorithm download unit 503 is connected with communications processor element 1, algorithm stores unit 501.Algorithm selected cell 502 is connected with algorithm stores unit 501 with communications processor element 1.
Administrative unit 504: it plays algorithm types and selects and algorithm download management function, the in the situation that of needs, can notify identifying code algorithm generation unit 3 to generate accidental validation code, carry out identifying code checking procedure, and according to the check results of identifying code authentication unit 4, judge whether to allow algorithm types to select and algorithm download.
Algorithm selected cell 502: it receives the algorithm types of user's input by communications processor element 1, and notify algorithm stores unit 501 in the situation that administrative unit 504 allows.Algorithm selected cell 502 can all algorithm types of poll, and by algorithm stores unit 501, notice identifying code algorithm generation unit 3 generates all identifying code examples, sends back to algorithm selected cell 502, by communications processor element 1, issues user.
Non-legible identifying code can be picture validation code, picture validation code is that (R represents red by RGB, G represents green, it is blue that B represents) picture that is combined into of pixel, in picture, comprise the identifying code character (Arabic numerals, capital and small letter English alphabet, Chinese text) that naked eyes can be identified, described identifying code character is depicted as by rgb pixel point, and people with the naked eye identifies the identifying code character in graphical verification code.
Can carry out multiple processing to picture validation code, obtain the picture validation code of different patterns, for example identifying code character can adopt Arabic numerals, capitalization English letter, small letter English alphabet, Chinese capitalization Arabic numerals (one, two, three), Chinese text; In picture validation code, can comprise Background, noise, interference figure; The color of each identifying code character is random, and same identifying code character is described to form by multiple color; Each identifying code character position in picture validation code is random, and the font of each identifying code character is random; Identifying code character adopts 3D pattern, identifying code Characters Stuck together; Identifying code character can rotation, distortion, convergent-divergent, carry out smear processing, carry out ripple DIFFUSION TREATMENT; Can the content of picture validation code adopt thinking conversion regime (for example: 1+1=?), problem mode (for example: Great Wall where?).Select one or more in these processing modes, can independent assortment go out the picture validation code of different patterns, each combined method, corresponding to a kind of picture validation code generating algorithm, can be stored in picture validation code generating algorithm algorithm stores unit 501.
When user need to generate the picture validation code that comprises random Arabic numerals and random small letter English alphabet, user is by the authority of administrative unit 504 acquisition algorithm type selecting, obtain after authority, the picture validation code generating algorithm that user selects user to need by algorithm selected cell 502, identifying code algorithm management unit 501 sends to identifying code algorithm selected cell 306 by the picture validation code generating algorithm of choosing by communications processor element 1.
True form generation unit 301 is random to be generated character (Arabic numerals, small letter English alphabet) and sends to identifying code true form concatenation unit 302, and identifying code true form concatenation unit 302 is spliced into character string by the character repeatedly generating.
Identifying code true form concatenation unit 302 is inputted the second true form input unit 403, the second true form input units 403 by character string character string is sent to identifying code contrast unit 402, so that character string follow-up and user's input compares.
Identifying code true form concatenation unit 302 sends to character string identifying code to generate input unit 304 simultaneously, identifying code generates input unit 304 character string is sent to identifying code generation unit 305, identifying code generation unit 305 is selected graphical verification code generating algorithm according to the indication of identifying code algorithm selected cell 306, generate and finally send to the picture validation code of user side, and send to user side by communications processor element 1.
User sees after picture validation code, character string in identification picture validation code, and the character string of identification is passed through to communications processor element 1 input validation code input unit 401, identifying code input unit 401 is issued identifying code contrast unit 402 by the character string of user's input, contrast with the character string of the second true form input unit 403 inputs, and export comparing result, and notification command processing unit 2 and user carry out subsequent treatment, and the generation of picture validation code and checking process are as shown in figure 11.
Figure 12 is a pictures identifying code that utilizes described picture validation code generating algorithm to generate, this picture validation code is described to form by rgb pixel, identifying code character in picture is " 983A052K714C110Y ", identifying code character is comprised of Arabic numerals " 983052714110 " and capitalization English letter " AKCY ", the position of each character in picture is random, comprises interfering line in picture.
Algorithm stores unit 501: it is for storing various identifying code algorithms, and the in the situation that of needs, notify described identifying code algorithm generation unit 3 to generate corresponding identifying code according to current algorithm type selecting.
Algorithm download unit 503: it,, in the situation that administrative unit 504 allows, carries out algorithm download management.Algorithm download unit 503 can be downloaded new identifying code algorithm by communications processor element 1, and is stored in algorithm stores unit 501.For preventing that mistake from downloading or malice algorithm, download unit can adopt common algorithm completeness check to carry out the legal verification of algorithm.The legal verification mode of various known algorithms can be taked.
As shown in Figure 5, this system comprises identifying code server A, identifying code subscriber interface module B, intelligent key apparatus.Wherein, identifying code subscriber interface module is connected with identifying code server A respectively at intelligent key apparatus.
Identifying code server A comprises server algorithm stores unit A1, server network communications processor element A2, server algorithm management unit A3.Wherein, server algorithm stores unit A1 is connected with server algorithm management unit A3 with server network communications processor element A2 respectively, and server network communications processor element A2 is connected with server algorithm management unit A3 and described identifying code subscriber interface module B.
Server algorithm stores unit A1 can store a plurality of identifying code algorithms.Server algorithm management unit A3 can basis and subscriber interface module and the mutual information of intelligent key apparatus C carry out the management of algorithm download.For preventing that mistake from downloading or malice algorithm, identifying code algorithm can adopt common algorithm completeness check to carry out the legal verification of algorithm.The legal verification mode of various known algorithms can be taked.
Identifying code subscriber interface module B comprises user interface network service processing unit B1, user interface local communication processing unit B2, user interface management unit B 3, administrative unit I/O Interface B4, identifying code display interface B5 and user rs authentication code inputting interface B6.Wherein, user interface network service processing unit B1 is connected with user interface management unit B 3 with server network communications processor element A2, user interface local communication processing unit B2.User interface local communication processing unit B2 is also connected with cipher key system communications processor element 1, identifying code display interface B5, user rs authentication code inputting interface B6, user interface management unit B 3 in intelligent key apparatus C respectively.User interface management unit B 3 is also connected with administrative unit I/O Interface B4.
User interface network service processing unit B1 is responsible for and identifying code server A communicates, and user interface local communication processing unit B2 is responsible for and intelligent key apparatus C communicates.Identifying code server A can communicate by user interface network service processing unit B1 and user interface local communication processing unit B2 and intelligent key apparatus C.User interface management unit B 3 is undertaken by administrative unit I/O Interface B4 and user alternately.Identifying code display interface B5 receives from user interface local communication processing unit B2 the identifying code that intelligent key apparatus C sends over, and is presented on user terminal.The result of user to identifying code identification, can input by user rs authentication code inputting interface B6, and be sent in intelligent key apparatus C and gone to verify by user interface local communication processing unit B2.
Based on above-mentioned intelligent key apparatus, the invention provides a kind of identifying code method of calibration, its concrete identifying code checking process as shown in Figure 6:
Intelligent key apparatus C receives user's;
If order needs verification, start identifying code algorithm generation unit 3, by the random identifying code true form that generates of identifying code algorithm generation unit 3, described identifying code true form is sent to identifying code authentication unit 4;
Identifying code authentication unit 4 sends described identifying code true form to user side, waits for user's identification, and receives the recognition result that user returns;
Identifying code authentication unit 4 judges whether user returns to recognition result, if received, enters next step identifying code checking procedure; If also do not received, judge whether overtime; When having overtime situation to occur, the finish command handling process;
When identifying code authentication unit 4 is received the recognition result that user returns, itself and identifying code true form are compared;
According to the result of contrast, determine to enter normal chip operating system command process flow process, or direct the finish command handling process.
During conventional PIN code input process, mean that user is when input PIN code in conjunction with this flow process and intelligent key system, need the accidental validation code that shows on entr screen simultaneously, when both are simultaneously correct, user's PIN code just effectively.
During conventional trade confirmation link, mean that this user is when trade confirmation in conjunction with this flow process and intelligent key system, can receive that intelligent key system beams back the Transaction Information coming by non-legible identifying code, and this information is confirmed.Thereby prevent the situation that transaction is cheated by wooden horse.
For preventing wooden horse, take the technology such as OCR, the non-legible identifying codes such as picture are carried out to OCR to be identified automatically, thereby the checking behavior of deception identifying code authentication unit 4, intelligent key apparatus can be preserved a plurality of identifying code generating algorithms and select for user, also can upgrade new identifying code generating algorithm, to improve security of system.
The invention provides the system of selection of a kind of identifying code algorithm types and identifying code algorithm update method:
Concrete identifying code algorithm is selected flow process as shown in Figure 7:
Intelligent key apparatus C receives user's;
If order, for changing the order of identifying code algorithm types, starts identifying code algorithm generation unit 3, by the random identifying code true form that generates of identifying code algorithm generation unit 3, described identifying code true form is sent to identifying code authentication unit 4;
Identifying code authentication unit 4 sends described identifying code true form to user side, waits for user's identification, and receives the recognition result that user returns;
Identifying code authentication unit 4 judges whether user returns to recognition result, if received, enters next step identifying code checking procedure; If also do not received, judge whether overtime; When having overtime situation to occur, the finish command handling process;
When identifying code authentication unit 4 is received the recognition result that user returns, itself and identifying code true form are compared;
If comparing result is incorrect, direct the finish command handling process;
If comparison result is correct, the alternative identifying code example that 504 transmissions of identifying code administrative unit are stored is to user side, and wait receives user's selection result;
If receive user's selection result, according to user's selection result, change default identifying code algorithm types; If do not receive user's selection result, the finish command handling process.
While select upgrading new identifying code generating algorithm, more new technological process is as shown in Figure 8 for concrete identifying code algorithm:
Intelligent key apparatus receives user's.
In the situation that order does not belong to the order of replacing identifying code algorithm types, walk normal chip operating system command process flow process, until finish.
If order, for changing the order of identifying code algorithm types, starts identifying code algorithm generation unit 3, generate at random non-legible identifying code, non-legible identifying code and one of identifying code true form are sent to identifying code authentication unit 4.
Identifying code authentication unit 4 sends non-legible identifying code to user side, waits for user's identification, and returns to recognition result.
Identifying code authentication unit 4 judges whether user returns to identifying code, if received, enters next step identifying code checking procedure.If also confiscated, judge whether overtime.When having overtime situation to occur, the finish command handling process.
When identifying code authentication unit 4 is received identifying code, itself and identifying code true form are compared.
When compared result is incorrect, direct the finish command handling process.
When comparison result is correct, enter subsequent authentication code calculation Renewal process.Identifying code administrative unit 504 waits for that user sends new identifying code algorithm.
Receive new identifying code algorithm, identifying code algorithm is carried out to Authority Verification.
Authority Verification passes through, and adds new identifying code algorithm.Do not pass through, the finish command handling process.
When adopting special identifying code, when increasing the description of transaction content in identifying code, the present invention not only can strengthen the fail safe of command authority, prevents that mistake from authorizing, and can also confirm transaction content, prevents from forging the attacks such as transaction.Commonly use network bank business based of take is example, in identifying code, can comprise network bank business based information, such as account No., the amount of money and special identifying code, send to PC side user side, user receives identifying code, by the artificial determination methods such as vision or the sense of hearing, confirms that Transaction Information is effective, extract in identifying code special identifying code simultaneously, send special identifying code and return identifying code authentication unit 4 and carry out verification.After verification succeeds, allow current transaction normally to carry out, otherwise cancel current transaction.
Concrete flow process Reference Transactions content check method flow is as shown in Figure 9:
Intelligent key apparatus receives user's.
In the situation that order does not need verification, walk normal chip operating system command process flow process, until finish.
If order needs verification, but do not need to carry out transaction content while confirming, start identifying code algorithm generation unit 3, generate at random non-legible identifying code true form, non-legible identifying code true form is sent to identifying code authentication unit 4; Identifying code authentication unit 4 sends identifying code true form to user side, waits for user's identification, and receives the recognition result that user returns; Identifying code authentication unit 4 judges whether user returns to recognition result, if received, enters next step identifying code checking procedure; If also do not received, judge whether overtime; When having overtime situation to occur, the finish command handling process; When identifying code authentication unit 4 is received the recognition result that user returns, itself and identifying code true form are compared; If comparison result is correct, enter normal chip operating system command process flow process; If comparison result is incorrect, direct the finish command handling process.
If order needs verification, and need to carry out transaction content while confirming, start identifying code algorithm generation unit 3, extract transaction content, the special identifying code true form of random generation, and according to selected identifying code generating algorithm, transaction content and special identifying code true form are merged to the non-legible identifying code that generates unification.
Non-legible identifying code and special one of identifying code true form are sent to identifying code authentication unit 4 simultaneously.
Identifying code authentication unit 4 sends non-legible identifying code to user side, waits for user's identification, and returns to recognition result.
Identifying code authentication unit 4 judges whether user returns to special identifying code, if received, enters next step identifying code checking procedure.If also confiscated, judge whether overtime.When having overtime situation to occur, the finish command handling process.
When identifying code authentication unit 4 is received special identifying code, itself and special identifying code true form are compared.
When comparison result is correct, enter normal transaction command process flow process.When compared result is incorrect, the command process of directly closing the trade flow process.
When intelligent key apparatus is except the communication module (normally USB interface) by being directly connected with PC end, while also possessing other communication modules such as limited demonstration, sounding, can carry out the some or all of transmission of identifying code by these non-PC communication modules, user receives these information by non-PC communication module, the verification code information of receiving in conjunction with PC end, be spliced into complete verification code information, by PC, hold communication module to send back to intelligent key apparatus and carry out identifying code verification.
The idiographic flow of non-PC communication module verification method is as shown in figure 10:
Intelligent key apparatus receives user's.
In the situation that order does not need verification, walk normal chip operating system command process flow process, until finish.
If order needs verification, start identifying code algorithm generation unit 3.
Random generation identifying code true form 1 and identifying code true form 2, and be spliced into identifying code true form.
According to identifying code true form 1 and generate corresponding non-legible identifying code 1.According to identifying code true form 2, generate corresponding identifying code 2.
Non-legible identifying code 1, identifying code 2, one of identifying code true form are sent to identifying code authentication unit 4.
Identifying code authentication unit 4 sends non-legible identifying code 1 to user side by PC communication interface, by non-PC communication interface, sends identifying code 2 to user side, waits for user's identification.
User receives non-legible identifying code 1 from PC communication interface, from non-PC communication interface, receives identifying code 2, and is spliced into voluntarily integrity authentication code, and returns to identifying code by PC communication interface.
Identifying code authentication unit 4 judges whether user returns to identifying code, if received, enters next step identifying code checking procedure.If also confiscated, judge whether overtime.When having overtime situation to occur, the finish command handling process.
When identifying code authentication unit 4 is received identifying code, itself and identifying code true form are compared.
When comparison result is correct, enter normal chip operating system command process flow process.When compared result is incorrect, direct the finish command handling process.
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (24)
1. an intelligent key apparatus, is characterized in that, comprising:
Identifying code algorithm generation unit;
Identifying code authentication unit;
Identifying code algorithm management unit;
Communications processor element; With
Command process unit;
Wherein:
At least one identifying code algorithm is stored in described identifying code algorithm management unit, and notifies described identifying code algorithm generation unit current identifying code algorithm;
Described identifying code algorithm generation unit generates identifying code according to current identifying code algorithm;
Described identifying code authentication unit judges that whether identifying code is correct;
Described communications processor element provides interface communication function for described intelligent key apparatus;
Described command process unit carries out chip operating system command process;
Wherein, described identifying code algorithm generation unit comprises:
True form generation unit;
Identifying code true form concatenation unit;
Identifying code algorithm selected cell;
The first true form input unit;
Identifying code generates input unit; With
Identifying code generation unit;
Described true form generation unit is used for generating identifying code true form and sends to described identifying code true form concatenation unit;
Described identifying code true form concatenation unit is used for the identifying code true form receiving from true form generation unit to be spliced into complete identifying code true form, and sends to respectively described identifying code authentication unit and described identifying code to generate input unit described complete identifying code true form;
Described the first true form input unit is used for receiving true form, and sends described identifying code generation input unit to;
Described identifying code generates input unit for combining by the complete identifying code true form receiving from described identifying code true form concatenation unit with from the true form of described the first true form input unit reception, and sends to described identifying code generation unit;
Described identifying code algorithm selected cell is selected identifying code algorithm for the indication of sending according to identifying code algorithm management unit, and selection result is sent to described identifying code algorithm management unit;
Described identifying code generation unit generates the result of the combination of input unit output for Receipt Validation code, according to the indication of identifying code algorithm selected cell, select identifying code algorithm, generates the identifying code true form that finally sends to user side.
2. intelligent key apparatus according to claim 1, is characterized in that, wherein:
Communications processor element is connected with command process unit, identifying code authentication unit and identifying code algorithm management unit;
Command process unit is also connected with identifying code algorithm generation unit with identifying code authentication unit;
Identifying code algorithm generation unit is connected with identifying code algorithm management unit with identifying code authentication unit.
3. intelligent key apparatus according to claim 1, is characterized in that, the true form that wherein said true form generation unit generates is random true form, and the true form that the first true form input unit receives is nonrandom true form.
4. intelligent key apparatus according to claim 1, is characterized in that, wherein:
Described the first true form input unit generates input unit with described command process unit and described identifying code and is connected;
Described identifying code true form concatenation unit generates input unit with described identifying code authentication unit, true form generation unit and identifying code and is connected;
Described identifying code algorithm selected cell is connected with identifying code generation unit with described identifying code algorithm management unit;
Described identifying code generation unit is also connected with communications processor element.
5. intelligent key apparatus according to claim 1, is characterized in that, wherein:
Described identifying code authentication unit comprises:
Identifying code input unit;
Identifying code contrast unit;
The second true form input unit;
Described identifying code input unit is for receiving the identifying code of user's input and sending it to identifying code contrast unit;
The identifying code true form that described the second true form input unit sends for Receipt Validation code calculation generation unit, and described identifying code true form is stored and spliced, and send to identifying code contrast unit;
The identifying code true form that the identifying code that described identifying code contrast unit sends for Receipt Validation code input unit and the second true form input unit send, contrasts it, and exports comparing result to command process unit.
6. intelligent key apparatus according to claim 5, is characterized in that, wherein:
Identifying code input unit is connected with described communications processor element with identifying code contrast unit;
Described the second true form input unit is connected with identifying code algorithm generation unit,
Described identifying code contrast unit is connected with identifying code input unit with described true form input unit,
Described identifying code input unit is also connected with described command process unit with described identifying code contrast unit.
7. intelligent key apparatus according to claim 1, is characterized in that, wherein:
Described identifying code algorithm management unit comprises:
Algorithm stores unit;
Algorithm selected cell;
Algorithm download unit; With
Administrative unit;
Described administrative unit selects for algorithm types and algorithm is downloaded, notice identifying code algorithm generation unit generates identifying code, carry out identifying code verification, and according to the check results of identifying code authentication unit, judge whether to allow algorithm types to select and algorithm download, described administrative unit is also for control algolithm selected cell and algorithm download unit;
Described algorithm stores unit is used for storing identifying code algorithm, and notifies described identifying code algorithm generation unit to generate corresponding identifying code according to current algorithm type selecting;
Described algorithm download unit under the control of described administrative unit, carries out the download of identifying code algorithm by described communications processor element, and by downloaded identifying code algorithm stores in algorithm stores unit;
Described algorithm selected cell is under the control of described administrative unit, by described communications processor element, receive the algorithm types of user's input, and notify described algorithm stores unit, by described algorithm stores unit, notify described identifying code algorithm generation unit generate identifying code example and described identifying code example is sent back to algorithm selected cell, and described identifying code example is issued to user by described communications processor element.
8. intelligent key apparatus according to claim 7, is characterized in that, wherein,
Described algorithm stores unit is connected with described identifying code algorithm generation unit with administrative unit;
Described administrative unit is connected with described identifying code authentication unit, algorithm selected cell, algorithm download unit;
Described algorithm download unit is connected with described communications processor element, algorithm stores unit;
Described algorithm selected cell is connected with algorithm stores unit with described communications processor element.
9. intelligent key apparatus according to claim 1, is characterized in that, wherein said intelligent key apparatus also comprises PC communication module and the non-PC communication module being connected with communications processor element.
10. intelligent key apparatus according to claim 9, is characterized in that, wherein:
Described PC communication module is USB interface,
Non-PC communication module is display module and/or sounding communication module.
11. according to the intelligent key apparatus described in claim 1 to 10 any one, it is characterized in that, wherein said identifying code is the non-legible identifying code of non-text attribute.
12. 1 kinds of systems that improve online transaction and authentication security, is characterized in that, comprising:
Identifying code server;
The identifying code subscriber interface module being connected with described identifying code server; With
As described in as arbitrary in claim 1 to 11, and the intelligent key apparatus being connected with described identifying code subscriber interface module;
Wherein said identifying code server comprises:
Server algorithm stores unit;
Server network communications processor element; With
Server algorithm management unit forms,
Wherein:
Server algorithm stores unit is connected with server algorithm management unit with server network communications processor element respectively, and
Server network communications processor element is connected with server algorithm management unit and described identifying code subscriber interface module;
Described server algorithm stores unit is used for storing a plurality of identifying code algorithms;
Described server algorithm management unit is used for the management that basis and subscriber interface module and the mutual information of intelligent key apparatus are carried out algorithm download;
Described server network communications processor element is for communicating by letter with server algorithm stores unit, server algorithm management unit, identifying code subscriber interface module.
13. systems according to claim 12, is characterized in that, wherein said identifying code subscriber interface module comprises:
User interface network service processing unit;
User interface local communication processing unit;
User interface management unit;
Administrative unit I/O Interface;
Identifying code display interface; With
User rs authentication code inputting interface,
Wherein:
User interface network service processing unit is connected with user interface management unit with described server network communications processor element, user interface local communication processing unit;
User interface local communication processing unit is also connected with described intelligent key experiment device, identifying code display interface, user rs authentication code inputting interface, user interface management unit respectively;
User interface management unit is also connected with administrative unit I/O Interface;
Described user interface network service processing unit is for communicating with identifying code server; Described user interface local communication processing unit is for communicating with intelligent key apparatus; Described user interface management unit is for being undertaken alternately by described administrative unit I/O Interface and user; The identifying code of described identifying code display interface for sending over from described user interface local communication processing unit reception intelligent key apparatus, and be presented on user terminal; The result that described user rs authentication code inputting interface is identified identifying code for inputting user, and send in intelligent key apparatus and go to verify by described user interface local communication processing unit.
14. systems according to claim 13, is characterized in that, wherein said user interface local communication processing unit is connected with the communications processor element of described intelligent key apparatus.
15. 1 kinds based on the verification method of intelligent key apparatus as claimed in claim 1, it is characterized in that, comprising:
(A) described intelligent key apparatus receives user's, and in the situation that order needs verification, in order for change the order of identifying code algorithm types in the situation that or carry out step (B) in the situation that order needs verification but do not need to carry out transaction content confirmation;
(B) start identifying code algorithm generation unit, generate identifying code, identifying code and one of identifying code true form are sent to identifying code authentication unit, and described identifying code is the non-legible identifying code of non-text attribute;
(C) identifying code authentication unit sends identifying code to user side, waits for user's identification, and returns to recognition result;
(D) identifying code authentication unit judges whether user returns to identifying code, if received, enters next step identifying code checking procedure; If also do not received, judge whether overtime; When having overtime situation to occur, the finish command handling process;
(E), when identifying code authentication unit is received identifying code, itself and identifying code true form are compared;
(F) when compared result is incorrect, direct the finish command handling process.
16. verification methods according to claim 15, is characterized in that, also comprise:
After step (A), in the situation that order does not need verification, walk normal command process flow process, until finish.
17. verification methods according to claim 15, is characterized in that, wherein:
Described generation identifying code is the random identifying code that generates.
18. verification methods according to claim 15, is characterized in that, wherein:
Described command process flow process is normal COS command process flow process.
19. verification methods according to claim 15, is characterized in that, wherein:
In step (F), when comparison result is correct, enter normal command process flow process.
20. verification methods according to claim 15, is characterized in that, wherein:
When step (B) is carried out in the situation that order is the order of replacing identifying code algorithm types:
In step (F), when comparison result is correct, enter subsequent authentication code calculation selection course, identifying code administrative unit sends the alternative identifying code example store to user side, and waits for user's selection result; If receive identifying code algorithm newtype, change default identifying code algorithm types; When not receiving newtype, by the finish command handling process,
Described verification method is the system of selection of a kind of identifying code algorithm types.
21. verification methods according to claim 15, is characterized in that, wherein:
When step (B) is carried out in the situation that order is the order of replacing identifying code algorithm types:
In step (F), when comparison result is correct, enter subsequent authentication code calculation Renewal process, identifying code administrative unit waits for that user sends new identifying code algorithm; If receive new identifying code algorithm, identifying code algorithm carried out to Authority Verification; If Authority Verification passes through, add new identifying code algorithm; Do not pass through, the finish command handling process,
Described verification method is a kind of identifying code algorithm update method.
22. verification methods according to claim 15, is characterized in that, wherein:
When step (B) needs verification in order, but while not needing to carry out to carry out in the situation of transaction content confirmation: if order needs verification, and need to carry out transaction content while confirming, start identifying code algorithm generation unit, extract transaction content, generate special identifying code true form, and according to selected identifying code generating algorithm, transaction content and special identifying code are merged to the non-legible identifying code that generates unification;
Described verification method is a kind of transaction content confirmation method.
23. verification methods according to claim 22, is characterized in that, also comprise:
When identifying code authentication unit is received special identifying code, itself and special identifying code true form are compared;
When comparison result is correct, enter normal transaction command process flow process; When compared result is incorrect, the command process of directly closing the trade flow process.
24. verification methods according to claim 15, is characterized in that, wherein:
When step (B) is carried out in the situation that order needs verification, also comprise:
At least two identifying code true forms of random generation, and be spliced into identifying code true form;
According at least two identifying code true forms, generate respectively at least two identifying codes accordingly;
Described identifying code, one of identifying code true form are sent to identifying code authentication unit;
Identifying code authentication unit sends one of them identifying code to user side by PC communication interface, by non-PC communication interface, sends another one identifying code to user side, waits for user's identification;
User receives identifying code from PC communication interface, is spliced into voluntarily integrity authentication code, and returns to identifying code by PC communication interface,
Described verification method is a kind of non-PC communication module verification method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110104042.6A CN102238171B (en) | 2010-04-23 | 2011-04-25 | Intelligent key device, and system and method for improving security of online transaction and authentication |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010154216.5 | 2010-04-23 | ||
| CN201010154216 | 2010-04-23 | ||
| CN201110104042.6A CN102238171B (en) | 2010-04-23 | 2011-04-25 | Intelligent key device, and system and method for improving security of online transaction and authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102238171A CN102238171A (en) | 2011-11-09 |
| CN102238171B true CN102238171B (en) | 2014-03-19 |
Family
ID=44833729
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110104042.6A Active CN102238171B (en) | 2010-04-23 | 2011-04-25 | Intelligent key device, and system and method for improving security of online transaction and authentication |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102238171B (en) |
| WO (1) | WO2011131152A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110830930B (en) * | 2019-11-19 | 2021-09-24 | 东北石油大学 | Verification code anti-sniffing processing method and device |
| CN111669426B (en) * | 2020-04-20 | 2021-12-07 | 河南芯盾网安科技发展有限公司 | Method and system for sharing security carrier by cross-platform terminals |
| CN112134853B (en) * | 2020-08-31 | 2022-08-02 | 武汉美和易思数字科技有限公司 | Question stealing prevention method and system based on identity verification analysis |
| CN114189373B (en) * | 2021-12-01 | 2024-05-07 | 湖北华丛科技有限公司 | Artificial intelligence data processing storage device and storage system thereof |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200713970A (en) * | 2005-09-30 | 2007-04-01 | Fulhua Microelectronics Corp | System and method for code authentication |
| CN101043335A (en) * | 2007-03-12 | 2007-09-26 | 中国建设银行股份有限公司 | Information security control system |
| CN101056196A (en) * | 2006-04-12 | 2007-10-17 | 腾讯科技(深圳)有限公司 | Secure login method, client and its server |
| CN101174946A (en) * | 2006-10-30 | 2008-05-07 | 株式会社日立制作所 | Content transmiting device, conetent receiving deivce and content encrypting method |
| CN101252439A (en) * | 2008-04-10 | 2008-08-27 | 北京飞天诚信科技有限公司 | System and method for increasing information safety equipment security |
| CN101266638A (en) * | 2008-04-16 | 2008-09-17 | 北京飞天诚信科技有限公司 | Software protection method and system |
| CN101350723A (en) * | 2008-06-20 | 2009-01-21 | 北京天威诚信电子商务服务有限公司 | USB Key equipment and method for implementing verification thereof |
| CN101593380A (en) * | 2008-05-28 | 2009-12-02 | 北京飞天诚信科技有限公司 | A kind of gate control system and authentication method that generates and verify based on dynamic password |
-
2011
- 2011-04-25 CN CN201110104042.6A patent/CN102238171B/en active Active
- 2011-04-25 WO PCT/CN2011/073272 patent/WO2011131152A1/en active Application Filing
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200713970A (en) * | 2005-09-30 | 2007-04-01 | Fulhua Microelectronics Corp | System and method for code authentication |
| CN101056196A (en) * | 2006-04-12 | 2007-10-17 | 腾讯科技(深圳)有限公司 | Secure login method, client and its server |
| CN101174946A (en) * | 2006-10-30 | 2008-05-07 | 株式会社日立制作所 | Content transmiting device, conetent receiving deivce and content encrypting method |
| CN101043335A (en) * | 2007-03-12 | 2007-09-26 | 中国建设银行股份有限公司 | Information security control system |
| CN101252439A (en) * | 2008-04-10 | 2008-08-27 | 北京飞天诚信科技有限公司 | System and method for increasing information safety equipment security |
| CN101266638A (en) * | 2008-04-16 | 2008-09-17 | 北京飞天诚信科技有限公司 | Software protection method and system |
| CN101593380A (en) * | 2008-05-28 | 2009-12-02 | 北京飞天诚信科技有限公司 | A kind of gate control system and authentication method that generates and verify based on dynamic password |
| CN101350723A (en) * | 2008-06-20 | 2009-01-21 | 北京天威诚信电子商务服务有限公司 | USB Key equipment and method for implementing verification thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2011131152A1 (en) | 2011-10-27 |
| CN102238171A (en) | 2011-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101897165B (en) | Method of authentication of users in data processing systems | |
| CN101842795B (en) | For carrying out mutual system, the method and apparatus with dynamic security | |
| EP3304394B1 (en) | Authentication methods and systems | |
| CN102158488B (en) | Dynamic countersign generation method and device and authentication method and system | |
| CN104361493A (en) | Electronic payment method on basis of biological characteristics | |
| CN101340294A (en) | Cipher keyboard apparatus and implementing method thereof | |
| CN107609877A (en) | The exchanging method and system of a kind of bio-identification | |
| CN106506496A (en) | A kind of methods, devices and systems that withdraws the money without card | |
| CN102238171B (en) | Intelligent key device, and system and method for improving security of online transaction and authentication | |
| CN106411950A (en) | Block-chain transaction ID based authentication method, device and system | |
| CN105678535A (en) | Payment method and device | |
| CN108960820A (en) | A kind of real name identification method based on block chain, system and storage medium | |
| CN102315934A (en) | System and method for generating and transmitting picture identifying code under limited resource | |
| CN101917720A (en) | System and method for authenticating identity of mobile phone user | |
| CN101594354B (en) | Method and system for improving account transfer safety | |
| Saranraj et al. | ATM security system using Arduino | |
| CN105956839A (en) | Payment method and payment device applied to smart home platform | |
| CN107294988A (en) | A kind of auth method and its system based on bank's identity information and eID | |
| CN1643551A (en) | Method and system for user authentication in a digital communication system | |
| CN109801633A (en) | Method for processing business, device, electronic equipment and storage medium | |
| CN108597154A (en) | A kind of Internet of Things communication module group secure startup system and start method and POS machine | |
| CN107977841A (en) | The method and its terminal of two-dimension code safe payment are realized based on driving layer | |
| CN102542696A (en) | Security information interaction system and method | |
| KR20150105937A (en) | Method for loan covenant and apparatus for using the same | |
| KR20140142465A (en) | Method for loan covenant and apparatus for using the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |