CN103209182B - Online bank security protection method - Google Patents
Online bank security protection method Download PDFInfo
- Publication number
- CN103209182B CN103209182B CN201310096763.6A CN201310096763A CN103209182B CN 103209182 B CN103209182 B CN 103209182B CN 201310096763 A CN201310096763 A CN 201310096763A CN 103209182 B CN103209182 B CN 103209182B
- Authority
- CN
- China
- Prior art keywords
- login
- user
- bank
- net silver
- bank server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Storage Device Security (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of online bank security protection method, mainly solve the problem that Net silver login security present in prior art is the highest.This online bank security protection method includes: by E-bank client downloads to subscriber terminal equipment, sets up and Net silver account is forbidden logging status and allows logging status to supervise, and E-bank client carries out the E-bank server of registering and logging mandate;E-bank client is registered on E-bank server by user;User's Successful login E-bank client and obtain login authorize after, this user is set as allowing login user by E-bank server, any Net silver logs in all to be needed to log in authority checking to E-bank server request, is only logged in by the Net silver of authority checking and just can be allowed to.By such scheme, the present invention reaches that safety is higher and the most intelligentized purpose, has the highest practical value and promotional value.
Description
Technical field
The present invention relates to a kind of method for security protection, specifically, relate to a kind of online bank security protection method.
Background technology
Net silver, also known as Web bank, it refers to the financial service that bank is provided by information network, both included that traditional bank business also included the emerging service brought because of information technology application, development along with society, increasing user is opened an account by information network, inquiry, reconciliation, transfer accounts in row, inter-bank is transferred accounts, credit, the service items such as online card and Investment & Financing, thereupon, the insecurity of Net silver the most gradually embodies, in recent years, the Net silver log-on message of many users is used simple Malware to steal by hacker, the bank card of some user is even replicated, the property of user is caused heavy losses, also make the reliability of bank by serious query, have a strong impact on social harmony.
The operational approach of existing increase Network Bank security mainly has a following two:
The password that suggestion user setup is complex, and different passwords is set to different login accounts, this method considerably increases the memory difficulty of user, complex password it is set or different passwords is set all easily causes memory disorders to different accounts, and still can not eliminate safe hidden trouble.
The products such as exploitation U-shield, K are precious ensure the safety of account further, although this method adds the degree of safety of Net silver to a certain extent, but register is relatively complicated, and if do not carry with, cannot Successful login, restricted bigger.
Both the above operational approach is all to set about from the body of user, to improve Network Bank security, but still cannot fundamentally solve the potential safety hazard that Net silver logs in.Therefore, a kind of safety of invention is high, and online bank security protection method easy to use is trend of the times.
Summary of the invention
It is an object of the invention to provide a kind of online bank security protection method, the problem that present in solution prior art, Net silver login security is the highest.
To achieve these goals, the present invention adopts the following technical scheme that
Online bank security protection method, comprises the following steps:
A (), by E-bank client downloads to subscriber terminal equipment, is set up and Net silver account is forbidden logging status and allows logging status to supervise, and E-bank client carries out the E-bank server of registering and logging mandate;
B E-bank client is registered on E-bank server by () user;
(c) user Successful login E-bank client and obtain login authorize after, E-bank server this user is set as allow login user, for user use web browser access Net silver login page carry out Net silver register time carry out authority checking.
Described step (b) specifically includes following steps:
(b1) user inputs E-bank client identification information and login password;
(b2) E-bank client obtains the facility information of subscriber terminal equipment automatically, and the facility information of acquisition and the information of user's input are transferred to E-bank server;
(b3) automatically generate a key after E-bank server authentication is correct, and the facility information, the user's input information that by key and receive save as permission log-on message after binding;
(b4) key of generation is passed back to E-bank client and carries out preserving and pointing out succeeding in registration by E-bank server.
Specifically, in described step (b2), the facility information of subscriber terminal equipment includes service supplier and manufacturer's serial number.
Login mandate in described step (c) specifically includes following steps:
(c1) start the E-bank client in subscriber terminal equipment and input identification information and login password;
(c2) E-bank client reads the key that the facility information decoding of subscriber terminal equipment has preserved automatically, and the information that the facility information of acquisition, key and user input is transferred to E-bank server;
(c3) E-bank server detects whether the information received matches with the permission log-on message preserved automatically, if the two mates completely, carry out step (c4), if the two does not mates, the logging status of Net silver is remained and forbids logging in and reply login authentication failure;
(c4) it is set as this user allowing login user, generates new key, reply Net silver after preserving new key and log in mandate success and enclose new key;
(c5) E-bank client receives login and authorizes reply, preserves if it is successful, so new key is replaced old key.
Net silver register in described step (c) comprises the following steps:
(c6) user uses web browser to access Net silver login page;
(c7) user inputs Net silver login account and password in Net silver login page and submits logging request to;
(c8) E-bank server detects after receiving authority checking request whether this user is to allow login user, authorizes if allowing login user then to reply login, deletes this permission login user, if non-permitted login user, refuses to log in.
In order to further ensure that the safety that Net silver logs in, in described step (c4), E-bank server generates the permission login time information of this login while being set as user allowing login user, after allowing login time beyond this time, Net silver logging status is set as forbidding logging status by E-bank server automatically.
In the present invention, not using E-bank client before E-bank server request Net silver logs in, the logging status of Net silver is all set to forbid logging in by E-bank server.
In order to improve safety, log in authorization check to carry out at ebanking server end, when ebanking server receives Net silver logging request, directly check that this logs in the most by user's registered E-bank client authorization to E-bank server, if authorized, the login authentication of routine can be continued, otherwise refuse this and log in.
Compared with prior art, the method have the advantages that
The most in the present invention, the authority checking that Net silver logs in is prior to submitting Net silver logging request to, and the acquiescence logging status of each user in E-bank server is and forbids logging in, this forbids under logging status, any Net silver register all will be rejected, only send logging request by registered E-bank client to E-bank server, and Net silver register could be carried out in specific permission login time after the login mandate of E-bank server, therefore, the initiative that Net silver logs in rests in user's hands completely, effectively stop the malicious operation of illegal person, substantially increase the safety that Net silver logs in.
2. in the present invention, subscriber terminal apparatus information and log-on message together constitute E-bank server authentication information, the user carrying out logging request only mates ability success identity completely with information above, effectively ensure that the reliability of certification, and subscriber terminal apparatus information includes manufacturer's serial number and service supplier etc., user can be according to safety is actually needed the object independently choosing binding, password can also be set for oneself, such mode can give user's more more options, and further ensure that the safety of use.
3. can only could improve Net silver log in the thinking limitation of safety by increasing password complexity and additional equipment during the present invention breaches Traditional Thinking, by arranging E-bank server before ebanking server, it is set as the Net silver login window that time points all in prior art are all opened to the outside world giving tacit consent to logging status for forbidding logging in, only being authorized by login could be by the way of logging in the specific time, fundamentally solve the safety problem that Net silver logs in, there is prominent substantive distinguishing features and marked improvement, be suitable for large-scale promotion application.
4. in the present invention, user registration and afterwards when logging in every time, E-bank server all can stochastic generation one key, and this key can be transferred to E-bank client and preserve, and this key, user's input information, facility information together constitutes permission log-on message, i.e. log in " authorization code ", after each Successful login existing " authorization code " by be deleted i.e. lost efficacy, next time only uses new random private-key when logging in, user's input information, " authorization code " ability Successful login that facility information is constituted, " authorization code " that log in differs i.e. every time, such mode can substantially ensure that the safety that Net silver logs in, and without increasing the operating procedure of user, the most intelligent and hommization, meet actual demand.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet that in prior art, Net silver logs in.
Fig. 2 is the overall flow schematic diagram of the present invention.
Fig. 3 is the schematic flow sheet carrying out E-bank client on E-bank server in the present invention registering.
Fig. 4 is that in the present invention, E-bank client logs in the schematic flow sheet authorized.
Fig. 5 is to obtain the Net silver login process schematic diagram logged in after authorizing in the present invention-embodiment 1.
Fig. 6 is to obtain the Net silver login process schematic diagram logged in after authorizing in the present invention-embodiment 2.
Fig. 7 is to obtain the Net silver login process schematic diagram logged in after authorizing in the present invention-embodiment 3.
Detailed description of the invention
The invention will be further described with embodiment below in conjunction with the accompanying drawings, and embodiments of the present invention include but not limited to the following example.
Embodiment 1
As shown in Figure 1; traditional Net silver login method is that ebanking server is constantly in opening state; any user simply enters correct log-on message at any point in time and just can process the fund in corresponding account; it is constantly in opening state just because of ebanking server; therefore the password that in prior art, encouragement Net silver user setup is complex and use K treasured, U-shield etc.; above online bank security protection method can only improve the safety of Net silver on limited extent, can not fundamentally solve Network Bank security problem.
As shown in Figure 2; based on drawbacks described above; the present invention abandons the Net silver login mode cured the symptoms, not the disease in prior art; by setting up E-bank server Net silver forbidden logging status and allows logging status to supervise before ebanking server; make Net silver acquiescence logging status for forbidding logging in; the user only authorized by login could be logged within the specific time, and login time rests in the online bank security protection method in user's hands completely, including:
E-bank server: Net silver is forbidden logging status and allows logging status to supervise, and E-bank client is carried out registering and logging mandate.
E-bank client: be downloaded to subscriber terminal equipment, and register on E-bank server, the checking mandate leading to server at login CEInet silver makes E-bank server be set as the Net silver logon rights of this user allowing to log in, and the most just can carry out Net silver register at the Net silver login interface of ebanking server.
In order to Net silver is forbidden logging status easily and allows logging status to supervise, E-bank server can set a permission and log in list, just only the user in this permission logs in list can carry out Net silver register.
As shown in Figure 3, in order to substantially ensure that the reliability that E-bank client logs in, when carrying out E-bank client registers, E-bank client identification information and login password that user can be inputted by E-bank client are transferred to E-bank server together with the facility information of the subscriber terminal equipment of acquisition automatically, information after they can be bound by E-bank server only just can be regarded as permission log-on message, i.e. E-bank server allowing log-on message in the case of the request facility information of login user, identification information and login password are all correct.Wherein, the facility information of subscriber terminal equipment includes service supplier and manufacturer's serial number etc., according to the use habit of user, it is possible to the two do not bound, or directly arranges password etc., and user can be set voluntarily according to demand for security.Wherein, subscriber terminal equipment includes mobile phone, computer and PAD etc..
In order to improve the safety that Net silver logs in further, when carrying out E-bank client registers, E-bank server also can stochastic generation one private key, and by this private key, as allowing log-on message to preserve after user's input information and facility information binding, and this private key is passed back to E-bank client preserves, use when logging in for request, i.e. when user carries out Net silver logging request, only in the log-on message of input, the permission log-on message that private key that E-bank client reads automatically and facility information all preserve with E-bank server can realize logging in when matching and authorize.And private key during registration and private key when logging in all differ the most every time, i.e. after user obtains login mandate Successful login Net silver, E-bank server all can be by this log-on message from allowing login column the exterior and the interior to delete, generate new random private-key, and new random private-key is bound new permission log-on message with user's input information before and facility information, and new random private-key is passed back to E-bank client preserves, use for logging in next time.Such setting means effectively reduces Net silver and logs in leak, considerably increases the difficulty that cracks of hacker, thus is effectively increased the safety that Net silver logs in.
As shown in Figure 4, when user needs login Net silver to operate, then need to follow the steps below: start the E-bank client in subscriber terminal equipment and input identification information and login password;E-bank client automatically reads the facility information of subscriber terminal equipment and decodes and obtain the key preserved, and the information that the facility information of acquisition, key and user input is transferred to E-bank server verifies;E-bank server detects whether the information received matches with the permission log-on message preserved automatically, if the two mates completely, it is set as this user allowing login user, produce new key, reply Net silver after preserving new key log in mandate success and enclose new key, if the two does not mates, the logging status of Net silver is remained and forbids logging in.
As shown in Figure 5, obtain the Net silver register after logging in mandate to comprise the following steps: user uses any web browser to access log-on webpage, user inputs Net silver login account and password in browser, and logging request is sent to whether this user of E-bank server authentication is to allow login user, the legitimacy of login user is further ensured that with this, when the permission login user that decision request login user is by checking, E-bank server is with by authorizing reply authorization requests, and this permission login user is deleted in allowing to log in list, if non-permitted login user, refuse to log in.
In the present invention, before not having the E-bank client obtaining login mandate to carry out logging request, the logging status of Net silver is all set to forbid logging in by E-bank server.In order to further ensure that the safety that Net silver logs in, E-bank server also can generate the permission login time information of this login while being set as user allowing login user, and this permission login time information is sent to user, after allowing login time beyond this time, Net silver logging status is set as forbidding logging status by E-bank server automatically.Wherein, this permission login time information can be selected when user logs in every time at random by E-bank server, it is also possible to or is carried out directly setting when Net silver logs in registration by user.
Pass through such scheme, validated user can oneself determine when to log in its Net silver account, do not use its registered E-bank client before E-bank server request logs in mandate at validated user, any cannot log in its Net silver account per capita, this deployment makes E-bank server become ebanking server and provides the only way which must be passed of login service, when log in, log in duration to be grasped by user oneself, and E-bank server can carry out multiple-authentication in login process, thus from solving the problem that Net silver login security is the highest at all, substantially ensure that the safety that Net silver logs in.
In specific implementation process, E-bank server can also selected according to user, different operation requests is carried out filtration treatment, such as, if user is only selected, Net silver register is monitored, E-bank server then will log in except Net silver in addition to request, as the market operation such as payment of swiping the card directly is let pass to ebanking server and logged in.
If user needs to carry out Net silver register on different terminal units, then need in E-bank client downloads to corresponding terminal equipment, and use same identification information and login password to register, log-on message is then bound by E-bank server automatically with this terminal unit, and this terminal unit is set as legitimate device, the most just can carry out Net silver register.
In order to prevent illegal user from invading in process of exchange, when user is authorized by login and is completed to carry out transactional operation after Net silver logs in, the trade detail of Net silver can also be supervised by E-bank server, the most only just allows to carry out Net silver operation on the premise of the trade detail of validated user input is completely the same with the trade detail that ebanking server receives.
Present invention may also apply to online transaction mandate, Credit Card Payments mandate, only need to add corresponding network bank business grant column list and Credit Card Payments grant column list on E-bank server.User, before transaction occurs, needs the E-bank client using him that before completing the transaction, to E-bank server, transaction or payment authorization, trading server are checked authorization conditions, and without mandate, transaction will be rejected.
Embodiment 2
As shown in Figure 6, the present embodiment difference from embodiment 1 is that the step carrying out Net silver register after obtaining login mandate is as follows: when accessing Net silver login page as user, user inputs Net silver login account and password in browser, and logging request is sent to whether this user of E-bank server authentication is to allow login user, the legitimacy of login user is further ensured that with this, reply the login of this Net silver to have authorized successfully when the permission login user that decision request login user is by checking, after this logging request is met, log-on message transmission carries out login authentication to ebanking server, this permission login user is deleted in allowing to log in list by E-bank server again, if non-permitted login user, refuse to log in.
Embodiment 3
As shown in Figure 7, the present embodiment difference from embodiment 1 is that the step carrying out Net silver register after obtaining login mandate is as follows: when accessing Net silver login page as user, user inputs Net silver login account and password in the browser of user terminal and submits logging request to, this logging request is sent to whether this user of E-bank server authentication is to allow login user after receiving logging request by ebanking server, when the permission login user that decision request login user is by checking, ebanking server the most directly carries out conventional login certification, this permission login user is deleted in allowing to log in list by E-bank server again, to prevent other people from utilizing space repeat logon, if non-permitted login user, refuse to log in.
According to above-described embodiment, the present invention just can be realized well.
Claims (6)
1. online bank security protection method, it is characterised in that comprise the following steps:
A (), by E-bank client downloads to subscriber terminal equipment, is set up and Net silver account is forbidden logging status and allows logging status supervise and E-bank client carries out the E-bank server of registering and logging mandate;
B E-bank client is registered on E-bank server by () user;
(c) user Successful login E-bank client and obtain login authorize after, E-bank server this user is set as allow login user, for user use web browser access Net silver login page carry out Net silver register time carry out authority checking;
Described step (b) specifically includes following steps:
(b1) user inputs E-bank client identification information and login password;
(b2) E-bank client obtains the facility information of subscriber terminal equipment automatically, and the facility information of acquisition and the information of user's input are transferred to E-bank server;
(b3) automatically generate a key after E-bank server authentication is correct, and the facility information, the user's input information that by key and receive save as permission log-on message after binding;
(b4) key of generation is passed back to E-bank client and carries out preserving and pointing out succeeding in registration by E-bank server.
Online bank security protection method the most according to claim 1, it is characterised in that in described step (b2), the facility information of subscriber terminal equipment includes service supplier and manufacturer's serial number.
Online bank security protection method the most according to claim 1, it is characterised in that the login mandate in described step (c) specifically includes following steps:
(c1) start the E-bank client in subscriber terminal equipment and input identification information and login password;
(c2) E-bank client reads the key that the facility information decoding of subscriber terminal equipment has preserved automatically, and the information that the facility information of acquisition, key and user input is transferred to E-bank server;
(c3) E-bank server detects whether the information received matches with the permission log-on message preserved automatically, if the two mates completely, carry out step (c4), if the two does not mates, the logging status of Net silver is remained and forbids logging in and reply login authentication failure;
(c4) it is set as this user allowing login user, generates new key, reply Net silver after preserving new key and log in mandate success and enclose new key;
(c5) E-bank client receives login and authorizes reply, preserves if it is successful, so new key is replaced old key.
Online bank security protection method the most according to claim 3, it is characterised in that the Net silver register in described step (c) comprises the following steps:
(c6) user uses web browser to access Net silver login page;
(c7) user inputs Net silver login account and password in Net silver login page and submits logging request to;
(c8) E-bank server detects after receiving authority checking request whether this user is to allow login user, authorizes if allowing login user then to reply login, deletes this permission login user, if non-permitted login user, refuses to log in.
Online bank security protection method the most according to claim 4; it is characterized in that; in described step (c4); E-bank server generates the permission login time information of this login while being set as user allowing login user; after allowing login time beyond this time, Net silver logging status is set as forbidding logging status by E-bank server automatically.
Online bank security protection method the most according to claim 5, it is characterised in that not using E-bank client before E-bank request Net silver logs in, the logging status of Net silver is all set to forbid logging in by E-bank server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310096763.6A CN103209182B (en) | 2013-03-25 | 2013-03-25 | Online bank security protection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310096763.6A CN103209182B (en) | 2013-03-25 | 2013-03-25 | Online bank security protection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103209182A CN103209182A (en) | 2013-07-17 |
CN103209182B true CN103209182B (en) | 2016-08-03 |
Family
ID=48756266
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310096763.6A Expired - Fee Related CN103209182B (en) | 2013-03-25 | 2013-03-25 | Online bank security protection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103209182B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105141577B (en) * | 2015-07-07 | 2019-08-20 | 武汉理工大学 | A kind of asynchronous login method of oriented of Information System |
CN107864113A (en) * | 2016-09-28 | 2018-03-30 | 平安科技(深圳)有限公司 | Safe login method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101009559A (en) * | 2006-11-22 | 2007-08-01 | 李�杰 | Protection method for user account security |
CN102118743A (en) * | 2011-03-02 | 2011-07-06 | 中兴通讯股份有限公司 | Method and system for logging onto online bank with mobile phone, and bank server |
CN102333072A (en) * | 2011-06-09 | 2012-01-25 | 张欢 | Network banking trusted transaction system and method based on intelligent terminal |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7676834B2 (en) * | 2004-07-15 | 2010-03-09 | Anakam L.L.C. | System and method for blocking unauthorized network log in using stolen password |
US20070022196A1 (en) * | 2005-06-29 | 2007-01-25 | Subodh Agrawal | Single token multifactor authentication system and method |
-
2013
- 2013-03-25 CN CN201310096763.6A patent/CN103209182B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101009559A (en) * | 2006-11-22 | 2007-08-01 | 李�杰 | Protection method for user account security |
CN102118743A (en) * | 2011-03-02 | 2011-07-06 | 中兴通讯股份有限公司 | Method and system for logging onto online bank with mobile phone, and bank server |
CN102333072A (en) * | 2011-06-09 | 2012-01-25 | 张欢 | Network banking trusted transaction system and method based on intelligent terminal |
Also Published As
Publication number | Publication date |
---|---|
CN103209182A (en) | 2013-07-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9992194B2 (en) | System and method of notifying mobile devices to complete transactions | |
US20200151313A1 (en) | Applications login using a mechanism relating sub-tokens to the quality of a master token | |
JP4778899B2 (en) | System and method for risk-based authentication | |
CN101335619B (en) | Authorized using method of disposal dynamic cipher telephone or short message | |
US20070107050A1 (en) | Simple two-factor authentication | |
CN105357196A (en) | Network login method and system | |
CN109076067A (en) | Utilize the system and method for the user of multi-party Verification System certification secure data access | |
CN106850201A (en) | Intelligent terminal multiple-factor authentication method, intelligent terminal, certificate server and system | |
CN101901306A (en) | Network transaction encryption method and dynamic password equipment used by same | |
CN103209182B (en) | Online bank security protection method | |
CN101458840A (en) | Apparatus and method for personal digital ID authentication device for Internet banking operation | |
TW201421393A (en) | System for interactive 2-D barcode transaction data transmission and validation of mobile device and method thereof | |
CN103051618A (en) | Terminal authentication equipment and network authentication method | |
KR20070029537A (en) | Authentication system and method using individual unique code linked with wireless terminal | |
TW201305935A (en) | One time password generation and application method and system using the same | |
TWI640938B (en) | Online fund transfer methods and systems | |
CN103854177A (en) | Safe E-bank implementation method | |
CN101854627A (en) | Login authentication system and method | |
TW202117631A (en) | Method for verifying financial service access privilege using different computer sequences and system thereof | |
CN106415567A (en) | Proof of possession for web browser cookie based security tokens | |
CN105187356A (en) | Method and system for verifying identity of website user | |
CN104424411A (en) | B/S (Browser/Server) system login control method based on MAC (Media Access Control) address determination | |
CN104811417A (en) | Network banking application authentication method, apparatus and system, and network banking server | |
CN101916474A (en) | System, device and method for monitoring risks in bank login process | |
KR20080087475A (en) | Method for authenticating website(or server) and program recording medium, server for providing website(or server) authenticating information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C41 | Transfer of patent application or patent right or utility model | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20160608 Address after: 200000, Room 305, 1501-6 Ying Ying Road, Shanghai, Zhabei District Applicant after: Shanghai Financial Cloud Service Group Security Technology Co., Ltd. Address before: 610000, No. 1, North 78, purple North Street, Chengdu hi tech Zone, Sichuan, 2 Applicant before: Sichuan Ningchao Technology Co., Ltd. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160803 Termination date: 20180325 |
|
CF01 | Termination of patent right due to non-payment of annual fee |