CN103051618A - Terminal authentication equipment and network authentication method - Google Patents
Terminal authentication equipment and network authentication method Download PDFInfo
- Publication number
- CN103051618A CN103051618A CN2012105547400A CN201210554740A CN103051618A CN 103051618 A CN103051618 A CN 103051618A CN 2012105547400 A CN2012105547400 A CN 2012105547400A CN 201210554740 A CN201210554740 A CN 201210554740A CN 103051618 A CN103051618 A CN 103051618A
- Authority
- CN
- China
- Prior art keywords
- terminal authentication
- authentication
- information
- authentication equipment
- equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention relates to terminal authentication equipment and a network authentication method. A communication interface, a display screen, a confirmation/cancel key and a password keypad are arranged on the terminal authentication equipment. The password keypad is used for inputting password information and authentication information. The display screen is used for displaying the password information and the authentication information which are input by the password keypad. The confirmation /cancel key is used by a user for confirming or cancelling the password information and the authentication information which are displayed on the display screen after the information is checked. The communication interface is connected with a client-side PC (Personal Computer) and used for sending the confirmed password information and the authentication information to the client-side PC. According to the terminal authentication equipment and the authentication method, PIN (Personal Identity Number) codes, the password information and the authentication information are input by the user through the password keypad, so that the user gets rid of an insecure PC objective environment, critical data is protected, account stealing or malicious deals, caused by malicious attack, cannot easily occur, and the security of the authentication process is ensured.
Description
Technical field
The present invention relates to the network authentication technical field, particularly relate to a kind of terminal authentication equipment and a kind of method for network authorization.
Background technology
For ensureing safety certification and payment safety on the Internet, each company, Third Party Authentication mechanism, banks etc. have all released terminal authentication equipment to realize the auxiliary security purpose, existing terminal authentication equipment has a lot, for example, USBKEY is exactly a kind of common authentication terminal equipment, the built-in single-chip microcomputer of USBKEY or intelligent card chip, certain memory space is arranged, can store user's private key and digital certificate, utilize the built-in public key algorithm of USBKEY to realize safety certification to user identity and input message, the hardware of USBKEY and PIN code have consisted of two necessary factors that can use certificate, with USBKEY as a remarkable advantage that authenticates terminal equipment be in addition, with low cost.
These terminal authentication equipment are main two kinds of safety effects in authentication business, for the purpose of directly perceived, here describe as an example of USBKEY example: the one, when logging in network Verification System or third party system, need to insert USBKEY hardware and in pc client input USBKEY PIN code, realize dual factors strong identity authentication function at PC; The built-in security password chip of the 2nd, USBKEY, USBKEY need to carry out digital signature to relevant authentication or transaction data, and related data is encrypted, and to ensure privacy and the integrality of data, ensures the non-repudiation of authentication and trading activity.
Existing USBKEY comprises that communication interface is the USB mouth, also have display screen and confirm the cancellation button, during use, the user is inserted into the USB mouth on the USBKEY first the USB interface of PC, then in PC client input USBKEY PIN code, the two-factor authentication function of this material object+PIN code makes the malicious person can not sign in to payment to user's Third Party Authentication system, has ensured the fail safe of account; When the user when carrying out authentication business, in pc client input account and concrete authentication message, these transaction data are showing screen display, need the user to confirm that rear button click confirms.This has just ensured the fail safe of authentication business.
But, because the client running environment of network authentication system and third-party payment system is unsafe PC, the all operations of user on the PC client, all may suffer the malicious attacks such as wooden horse, virus, cause the user to steal and change at the easy victim of data of PC client input.These input data owners will comprise the authentication messages such as user account, account PIN code, personal information or transaction limit, target account, specifically, input the USBKEY PIN code such as the user in the PC client, during the logging in network Verification System, because the unsafe objective environment of PC, the USBKEY PIN code is stolen by backdoor programs by malicious attacker; Also such as, transfer accounts or payment process in, the user need to be in PC client input transfer account and the amount of transferring accounts, the PC client can send to USBKEY with transaction data such as transfer account and the amounts of transferring accounts, and demonstrate the transfer account just inputted and the amount of transferring accounts at the USBKEY display screen, click " affirmation " button after user's confirmation, because the unsafe objective environment of PC, the assailant can change transfer account and the amount of transferring accounts, and user's awareness of safety a little less than, the user does not often check the demonstration data of USBKEY display screen, directly click " affirmation " button, if assailant's this moment has distorted transfer account and the amount of transferring accounts, will cause any property loss to user and bank so.As seen these input data all are responsive verify datas.If can not ensure the fail safe of these input data in business, just may cause the user to incur loss.
Summary of the invention
Technical problem to be solved by this invention provides a kind of safer terminal authentication equipment and method for network authorization that is not vulnerable to malicious attack.
The technical scheme that the present invention solves the problems of the technologies described above is as follows:
As a kind of technical theme of terminal authentication equipment, technical scheme of the present invention is: a kind of terminal authentication equipment, described terminal authentication equipment are provided with communication interface, display screen, affirmation cancellation button and code keypad;
Described code keypad is used for input encrypted message and authentication information;
Described display screen is used for the encrypted message and the authentication information that show that described code keypad is inputted;
Described affirmation cancellation button is used for affirmation or cancellation after the user checks the encrypted message of described demonstration screen display and authentication information;
Described communication interface is used for being plugged on client rs PC, and confirmed encrypted message and authentication information is sent to client rs PC.
As a kind of technical theme that adopts the method for network authorization of described terminal authentication equipment, technical scheme of the present invention is as follows:
A kind of method for network authorization comprises the steps:
The invention has the beneficial effects as follows: the security breaches that the present invention is directed to existing Verification System, by increasing code keypad in the terminal authentication Equipment Foundations, realized the protection to certifying key data such as user account, PIN code, identity information, transaction limit, trading accounts; In the terminal authentication device hardware, input by operator password keyboard or IC-card card reader, so just broken away from unsafe PC environment, avoid the assailant to obtain the information such as user account, PIN code, distorted the safety problems such as transaction limit and trading account, realized network authentication system and third party's Security of the system.In addition, the technical program is simple, is fit to promote the use of.
For a kind of technical theme of terminal authentication equipment, the present invention can also do following improvement:
Further, described code keypad comprises ten digital keys 0-9.The beneficial effect that adopts above-mentioned further scheme is by strong existing mode physical keyboard to be set, and is directly convenient, and operation is fast.
Further, described code keypad comprises the four direction button up and down.The beneficial effect that adopts above-mentioned further scheme is that the mode by soft realization arranges physical keyboard, although service speed is slightly slow, only needs the button of very few number can finish above-mentioned functions.
Further, described communication interface is USB interface.The beneficial effect that adopts above-mentioned further scheme is convenient and simple, is easy to realize.
Further, also be provided with the IC-card card reader on the described terminal authentication equipment.The beneficial effect that adopts above-mentioned further scheme is the development of terminal authentication equipment of having an eye on the future, and provides the card reading interface of IC-card, the convenient and swift IC-card accounts information that reads.
Description of drawings
Fig. 1 is existing terminal authentication equipment schematic diagram;
Fig. 2 is terminal authentication equipment schematic diagram of the present invention.
In the accompanying drawing, the list of parts of each label representative is as follows:
1, communication interface, 2, display screen, 3, confirm the cancellation button, 4, IC-card card reader, 5, code keypad, 101, the communication interface of the terminal authentication equipment of prior art, 102, the display screen of the terminal authentication equipment of prior art, 103, the affirmation cancellation button of the terminal authentication equipment of prior art.
Embodiment
Below in conjunction with accompanying drawing principle of the present invention and feature are described, institute gives an actual example and only is used for explaining the present invention, is not be used to limiting scope of the present invention.
Fig. 1 is the terminal authentication equipment of prior art, general consideration for the cost aspect, mostly adopt the mode of USBKEY to realize, below just illustrate as an example of USBKEY example how terminal authentication equipment is realized, a kind of USBKEY comprises: communication interface 101, display screen 102 and affirmation cancellation button 103, and in conjunction with the content of background technology, the user is at pc client input PIN code and Transaction Information, then check at display screen 102, at last with confirming that cancelling button 103 confirms.Because the user has the hidden danger that is maliciously tampered in the input of PC end, and the user often ignores the step of checking, and therefore may cause any property loss or information leakage.Communication interface 101 can be used the USB mouth, can also be blue tooth interface certainly.
Fig. 2 is the terminal authentication equipment of realizing that the present invention adopts, also describes in the USBKEY mode, comprising: communication interface 1, display screen 2, affirmation cancellation button 3, IC-card card reader 4, code keypad 5.
The effect of display screen 2 is prompting user operations, and shows the information of user's input;
The effect of code keypad 5 is that the user inputs account PIN code, authentication information with code keypad 5.Code keypad can adopt soft implementation or strong existing mode, so-called soft implementation, be exactly at USBKEY internal composition software, code keypad 5 can be to only have the physical button that represents up and down four direction, show numeral at display screen 2, the user can select the corresponding digit order number that will operate by the left and right press key circulation, then passes through up and down button circulation and selects concrete digital increase and decrease on this digit order number; Perhaps, code keypad 5 also can adopt strong existing mode, and namely integrated code keypad security module in USBKEY that is to say that code keypad is " 0-9 " these ten entity digital keys, and the user directly clicks the respective counts keyboard and inputs; Certainly, code keypad 5 can all be integrated on the physical keyboard with confirming cancellation button 3, and the above can also set up other function button.Even, can also be to realize like this, be not have entity code keypad 5 on the USBKEY and confirm cancellation button 3, then display screen 2 adopts a large touch-screen, code keypad 5 and affirmation cancellation button 3 are realized input and control by direct touch operation all by the software program on backstage on the large touch-screen of this piece.
The effect of IC-card card reader 4 is to read IC-card account card number, and the function such as can realize that inquiry IC-card remaining sum, circle are deposited, and the IC-card card reader is to promote situation about generally using and arrange for satisfying following IC-card.
Use the typical transferred account service flow process of terminal authentication equipment of the present invention as follows:
Need explanation, in the actual authentication process, the user also can be on the USBKEY code keypad input authentication information.If IC-card can also directly read the IC-card account by USBKEY IC card reader, need not user's input.
Need explanation, what show on the display screen 2 can be authentication information, and for example, the company that has adopts USBKEY to make network ID authentication, and authentication information is identity information or a string function request code so, certainly can also comprise other alphabet keys in the code keypad; Again for example, also can adopt this authentication method to authenticate in the network payment field, the Transaction Information such as transfer account and the amount of transferring accounts when authentication information is exactly network trading so.The user is directly in the code keypad input information of amount and transfer account of transferring accounts, and then after checking affirmation on the display screen 2, clicks " affirmation " button.Because transfer account and the amount of transferring accounts are all inputted at USBKEY, thereby have guaranteed fail safe.
Then; USBKEY can be at the Secure Transaction message of hardware internal structure through the ciphering signature protection; this Secure Transaction message can not be revised in the PC client; and directly be submitted to certificate server through PC end network; for example be Third Party Authentication end or bank service end; Third Party Authentication end or bank service end are carried out business operation after checking the transaction message fail safe, finish authentication or finish process of exchange.
The above only is preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (6)
1. a terminal authentication equipment is characterized in that, described terminal authentication equipment is provided with communication interface, display screen, affirmation cancellation button and code keypad;
Described code keypad is used for input encrypted message and authentication information;
Described display screen is used for the encrypted message and the authentication information that show that described code keypad is inputted;
Described affirmation cancellation button is used for affirmation or cancellation after the user checks the encrypted message of described demonstration screen display and authentication information;
Described communication interface is used for being connected with client rs PC, and confirmed encrypted message and authentication information is sent to client rs PC.
2. described a kind of terminal authentication equipment according to claim 1 is characterized in that described code keypad comprises ten digital keys 0-9.
3. described a kind of terminal authentication equipment according to claim 1 is characterized in that described code keypad comprises the four direction button up and down.
4. described a kind of terminal authentication equipment according to claim 1 is characterized in that described communication interface is USB interface.
5. according to claim 1 to 4 arbitrary described a kind of terminal authentication equipment, it is characterized in that, also be provided with the IC-card card reader on the described terminal authentication equipment.
6. a method for network authorization that adopts the arbitrary described terminal authentication equipment of claim 1 to 5 is characterized in that, comprises the steps:
Step 1 is connected the communication interface on the described terminal authentication equipment with client rs PC;
Step 2, the code keypad on described terminal authentication equipment is inputted PIN code, client rs PC logging in network Verification System;
Step 3, code keypad input encrypted message and the authentication information to be certified on described terminal authentication equipment;
Step 4, the display screen of user on described terminal authentication equipment checked encrypted message and the authentication information by described code keypad input, if errorless, then click the affirmation button on the described terminal authentication equipment, the encrypted message of the demonstration screen display on the described terminal authentication equipment and the authentication information network by client rs PC is submitted to the network authentication service end;
Step 5, the network authentication service end authenticates encrypted message and the authentication information of receiving.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012105547400A CN103051618A (en) | 2012-12-19 | 2012-12-19 | Terminal authentication equipment and network authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012105547400A CN103051618A (en) | 2012-12-19 | 2012-12-19 | Terminal authentication equipment and network authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103051618A true CN103051618A (en) | 2013-04-17 |
Family
ID=48064117
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012105547400A Pending CN103051618A (en) | 2012-12-19 | 2012-12-19 | Terminal authentication equipment and network authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103051618A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103338109A (en) * | 2013-05-29 | 2013-10-02 | 上海动联信息技术有限公司 | Method for tracing use record of cipher device and traceable cipher device |
CN103530936A (en) * | 2013-10-08 | 2014-01-22 | 上海众人网络安全技术有限公司 | Electronic cipherer and transaction historical record retention query method of electronic cipherer |
CN104363589A (en) * | 2014-12-09 | 2015-02-18 | 北京大唐智能卡技术有限公司 | Identity authentication method, device and terminal |
CN110971593A (en) * | 2019-11-19 | 2020-04-07 | 许昌许继软件技术有限公司 | Database secure network access method |
CN112465508A (en) * | 2019-09-06 | 2021-03-09 | 杭州海康威视数字技术股份有限公司 | Face recognition consumption payment method and device and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050066162A1 (en) * | 2003-09-19 | 2005-03-24 | Hui Lin | Method and system for internet entrance security identification and IC card verification hardware device |
CN1766920A (en) * | 2005-11-01 | 2006-05-03 | 广州好易联支付网络有限公司 | On-line safety payment system |
CN101000703A (en) * | 2006-11-30 | 2007-07-18 | 上海麦柯信息技术有限公司 | Electronic payment terminal capable of ensuring confidentiality and integrity of information transmission |
CN202210326U (en) * | 2011-09-19 | 2012-05-02 | 武汉天喻信息产业股份有限公司 | Personal payment terminal provided with keyboard |
-
2012
- 2012-12-19 CN CN2012105547400A patent/CN103051618A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050066162A1 (en) * | 2003-09-19 | 2005-03-24 | Hui Lin | Method and system for internet entrance security identification and IC card verification hardware device |
CN1766920A (en) * | 2005-11-01 | 2006-05-03 | 广州好易联支付网络有限公司 | On-line safety payment system |
CN101000703A (en) * | 2006-11-30 | 2007-07-18 | 上海麦柯信息技术有限公司 | Electronic payment terminal capable of ensuring confidentiality and integrity of information transmission |
CN202210326U (en) * | 2011-09-19 | 2012-05-02 | 武汉天喻信息产业股份有限公司 | Personal payment terminal provided with keyboard |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103338109A (en) * | 2013-05-29 | 2013-10-02 | 上海动联信息技术有限公司 | Method for tracing use record of cipher device and traceable cipher device |
CN103530936A (en) * | 2013-10-08 | 2014-01-22 | 上海众人网络安全技术有限公司 | Electronic cipherer and transaction historical record retention query method of electronic cipherer |
CN103530936B (en) * | 2013-10-08 | 2015-08-19 | 上海众人网络安全技术有限公司 | Querying method preserved in a kind of electronic cipher device and transactions history record thereof |
CN104363589A (en) * | 2014-12-09 | 2015-02-18 | 北京大唐智能卡技术有限公司 | Identity authentication method, device and terminal |
CN112465508A (en) * | 2019-09-06 | 2021-03-09 | 杭州海康威视数字技术股份有限公司 | Face recognition consumption payment method and device and storage medium |
CN110971593A (en) * | 2019-11-19 | 2020-04-07 | 许昌许继软件技术有限公司 | Database secure network access method |
CN110971593B (en) * | 2019-11-19 | 2022-04-08 | 许昌许继软件技术有限公司 | Database secure network access method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11664997B2 (en) | Authentication in ubiquitous environment | |
US11895225B2 (en) | Systems and methods for trustworthy electronic authentication using a computing device | |
CN101334884B (en) | Improve the method and system of account transfer safety | |
CN101661599B (en) | Method for authenticating validity of self-contained software of equipment system | |
CN102694781B (en) | Based on security information interaction system and the method for the Internet | |
JP2014529964A (en) | System and method for secure transaction processing via a mobile device | |
CN102195932A (en) | Method and system for realizing network identity authentication based on two pieces of isolation equipment | |
CN103390124A (en) | Device, system, and method of secure entry and handling of passwords | |
CN102945526A (en) | Device and method for improving online payment security of mobile equipment | |
US20140223185A1 (en) | Action verification methods and systems | |
US20120095919A1 (en) | Systems and methods for authenticating aspects of an online transaction using a secure peripheral device having a message display and/or user input | |
CN101335754B (en) | Method for information verification using remote server | |
CN102694782A (en) | Internet-based device and method for security information interaction | |
CN103051618A (en) | Terminal authentication equipment and network authentication method | |
CN102611702A (en) | System and method for ensuring safety of network payment | |
CN101594354B (en) | Method and system for improving account transfer safety | |
KR20130095363A (en) | A cash remittance method based on digital codes using hash function and electronic signature | |
CN102938033A (en) | System for enhancing safety of U shield for bank and application method thereof | |
KR101498120B1 (en) | Digital certificate system for cloud-computing environment and method thereof | |
CN104021322A (en) | Electronic signature method, electronic signature equipment and electronic signature client | |
KR101502944B1 (en) | System for Digital Signing Using Portable Terminal | |
KR101360843B1 (en) | Next Generation Financial System | |
CN102752265B (en) | Security information interaction system and method based on Internet | |
Kiljan et al. | What you enter is what you sign: Input integrity in an online banking environment | |
JP5135331B2 (en) | PC external signature apparatus having wireless communication capability |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130417 |
|
RJ01 | Rejection of invention patent application after publication |