CN103490893A - Information leakage testing control method, device and system and information channel safety certification device - Google Patents
Information leakage testing control method, device and system and information channel safety certification device Download PDFInfo
- Publication number
- CN103490893A CN103490893A CN201310403422.9A CN201310403422A CN103490893A CN 103490893 A CN103490893 A CN 103490893A CN 201310403422 A CN201310403422 A CN 201310403422A CN 103490893 A CN103490893 A CN 103490893A
- Authority
- CN
- China
- Prior art keywords
- information
- user
- safety certification
- server
- prosecution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides an information leakage testing control method, device and system and an information channel safety certification device. The method comprises the steps of sending an information channel safety certification service request to a service information testing control processing server through a front-end processor, receiving information with the information source recognition function and a timestamp to send a dynamic electronic license, receiving user data information of POS equipment, conducting automatic recognition and checking on information source recognition characteristic parameter values, transmission information formats and content characteristic parameter values of the user data information, memorizing POS information source identification and information encoding in the user data information, reestablishing a retrieval tag, sending user upper-sending server processing data information to a short-micro message processing server in a split-channel mode, receiving short-micro messages fed back by the service information testing control processing server to conduct analyzing and splitting, converting information source equipment characteristics in the short-micro messages in a reversed mode to be transformed into original information source equipment characteristics in the user data information, and reassembling the short-micro messages to be fed back to a user application server.
Description
Technical field
The invention relates to the Data Communication in Computer Networks technology, particularly about a kind of information-leakage detecting and control method, device, system and information channel safety certification device.
Background technology
Under the current techniques condition, for realizing that user's application system and the bipartite data message of information exchange service application system are mutual and sharing, often take the method for network interconnection to reach the purpose of exchanges data and interaction process, now some private information of a side will transmit by the opposing party's network and system, sometimes both sides also have to share some technology or data processing algorithm, thereby have the weak point on following technical security hidden danger or function:
1, realize that the safety certification measure of information channel of both sides' information exchange is usually more single, the function that provides multiple authentication freely to select is provided, convenience and the flexibility of safety certification are poor.And holder of certificate's legitimacy is not carried out to the function that technical security authentication is checked yet, have an authentication password and certificate and do not authenticate the potential safety hazard of people and equipment.
2, under the prior art condition, secure authenticated information passage and the data information exchange passage of implementation information exchange are not separated, and are shared and share, and channel information is is easily intercepted and captured, safety certification device and control system thereof are easily by network attack, and then initiating system infiltration disaster.
3, the information exchange treatment technology method under the prior art condition, data message is not carried out technical finesse and the safe prosecutions such as Data Source discriminating, format match screening, the conversion of confidential data modification, encrypting and decrypting, fractionation assembling of automation at handing-over mouthful front end boundary, so easily cause the events such as illegal connection, leakage of information and information personation.
Therefore, under the prior art condition,, not only there is the deficiency on some function in data information exchange treatment system and treatment technology method, and have obvious technical security hidden danger, not only use inconvenience, and operating cost is higher, and the wasting of resources is also more serious.
Summary of the invention
The invention provides a kind of information-leakage detecting and control method, device, system and information channel safety certification device, so that secure authenticated information passage and data information exchange passage, short micro-letter transceiver channel are separated, preventing that network attack, information from stealing with system infiltration and classified information reveals and distorts, and ensures confidentiality and the fail safe of both sides' confidential data information.
To achieve these goals, the invention provides a kind of information-leakage detecting and control method, described method comprises: send the request of information channel Security Authentication Service by front end processor to business information prosecution processing server, make described business information prosecution processing server carry out the information channel safety certification according to the authentication of setting;
Receive the information transmission dynamic electron license passport with information source recognition function and timestamp that described business information prosecution processing server is issued by short micro-letter processing server;
Receive the user data information of POS equipment, and information source recognition feature parameter value, transmission information form and the content characteristic parameter value of described user data information are automatically identified and checked;
User POS information source in described user data information sign and information encoding are remembered, rebuild retrieval symbol, and generate on the user who is uploaded to described short micro-letter processing server that security information has been implemented to hold back, hide, be out of shape and send server deal with data information;
Send on described user and send server deal with data information to described short micro-letter processing server shunting, so that described short micro-letter processing server carries out information-leakage prosecution and business account service response and processes sending server deal with data information to carry out after information combination and format being transmitted to described business information prosecution processing server on described user;
Receive short micro-letter of described business information prosecution processing server feedback, carry out analytical decomposition, and the information source device feature reverse transformation in described short micro-letter is deformed into to the information source device feature of script in described user data information;
After being ressembled, described short micro-letter feeds back to described user's application server.
In one embodiment, described send the request of information channel Security Authentication Service to business information prosecution processing server by front end processor before, described method also comprises: obtain and comprise customer digital certificate, operational factor, the digital certificates technical parameter, authenticate device information source device characteristic information, user's input feature vector information, user's characteristic information, the pre-registration of safety certification policy information and transmission information form customized information is carried out the information registering of information exchange service application system, then obtain and comprise POS equipment user information, apparatus characteristic information is trusted in user POS facility information source, the user profile of biological characteristic entrance guard device and biological information is carried out the user profile registration.
In one embodiment, described authentication comprises: IC-card certificate+password+fingerprint+authenticate device information source device feature, TF card or SD card certificate+password+facial photo+authenticate device information source device feature, U shield certificate+password+fingerprint+voice+authenticate device information source device feature.
Further, if the failure of information channel safety certification, according to instruction locking safety certification and maintenance channel.
Further, if information exchanging channel and short micro-letter passage between described information channel safety certification device and user's application server are opened in the failure of information channel safety certification.
Further, if business account service response is processed successfully, receive and successfully process feedback information.
To achieve these goals, the invention provides a kind of information-leakage measuring and controlling device, described device comprises:
The authentication request unit, for by front end processor, to business information prosecution processing server, sending the request of information channel Security Authentication Service, make described business information prosecution processing server carry out the information channel safety certification according to the authentication of setting;
The license passport receiving element, the information transmission dynamic electron license passport with information source recognition function and timestamp of issuing by short micro-letter processing server for receiving described business information prosecution processing server;
Unit is checked in user data information identification, for receiving the user data information of POS equipment, and information source recognition feature parameter value, transmission information form and the content characteristic parameter value of described user data information is automatically identified and is checked;
Information generating unit, for the sign of the user POS information source to described user data information and information encoding, remembered, rebuild retrieval symbol, and generate on the user who is uploaded to described short micro-letter processing server that security information has been implemented to hold back, hide, be out of shape and send server deal with data information;
Information shunting transmitting element, for to described short micro-letter processing server shunting, sending on described user and send server deal with data information, so that described short micro-letter processing server is to sending server deal with data information to carry out after information combination and format being transmitted to that described business information prosecution processing server carries out the information-leakage prosecution and business account service response is processed on described user;
Short micro-letter reverse transformation unit, for receiving short micro-letter of described business information prosecution processing server feedback, carry out analytical decomposition, and the information source device feature reverse transformation in described short micro-letter is deformed into to the information source device feature of script in described user data information;
Short micro-letter feedback unit, feed back to described user's application server after described short micro-letter is ressembled.
In one embodiment, described information-leakage inspection control system also comprises:
Information exchange service application system register unit, carry out for obtaining the pre-registration that comprises customer digital certificate, operational factor, digital certificates technical parameter, authenticate device information source device characteristic information, user's input feature vector information, user's characteristic information, safety certification policy information and transmission information form customized information the information registering that application system is served in information exchange;
The user profile registering unit, carry out the user profile registration for obtaining the user profile that comprises POS equipment user information, the trust of user POS facility information source apparatus characteristic information, biological characteristic entrance guard device and biological information.
In one embodiment, described authentication comprises: IC-card certificate+password+fingerprint+authenticate device information source device feature, TF card or SD card certificate+password+facial photo+authenticate device information source device feature, U shield certificate+password+fingerprint+voice+authenticate device information source device feature.
Further, described information-leakage inspection control system also comprises: the pathway closure unit, and for according to instruction locking safety certification and maintenance channel.
Further, described information-leakage inspection control system also comprises: passage is opened unit, for opening information exchanging channel and the short micro-letter passage between described information channel safety certification device and user's application server.
In one embodiment, described information-leakage inspection control system also comprises: the feedback information receiving element, and for when business account service response is processed successfully, receiving and successfully process feedback information.
To achieve these goals, the invention provides a kind of information channel safety certification device, with short micro-letter processing server, be connected, by front end processor, with business information prosecution processing server, be connected, and be connected with user POS equipment and biological characteristic entrance guard device by user's application server, described device comprises: central processing unit and the safety check mode selection key be connected with described central processing unit, parameter arranges button, application main menu button, confirm and direction control button, cancel/revise button, the voice and video processing unit, touch control display apparatus, the physical characteristics collecting device, external certificate information harvester, information partition management and top control module, information-communication device, the information exchange security control device, information source device characteristic processing module, power supply and battery charger,
Described central processing unit is for the internal information switch instruction response of described information channel safety certification device;
Described safety check mode selection key is for triggering the authentication selection function;
Described parameter arranges button for triggering the parameter setting function of described information channel safety certification device;
Described application main menu button is for the upgrading of trigger equipment system mend and application parameter maintenance function;
Described confirmation and direction are controlled button, and for generating, current secret window information input validation completes and cursor direction moves the control notification instruction;
Described cancellation/modification button is for generating the instruction of cancelling or revising current secret window information;
Described voice and video processing unit, for gathering, process, transmitting operator's voice and video information, completes speech recognition or photo and facial characteristics identification;
Described touch control display apparatus has been used for described operator's touch-screen control inputs and operation, indicates the operating state of described information channel safety certification device, and the display operation person informs information;
Described physical characteristics collecting device, for gathering user's biological characteristic, completes the biometric secure authentication;
Described external certificate information harvester reads the main security factor information of IC chip card such as comprising user identity card number, bank card number, social security card, and the electronic security(ELSEC) certificate of certification information of IC-card certificate, TF card certificate, U shield;
Described information partition management and top control module are used for cipher mode partitioned storage user profile, and extract described user profile with manner of decryption;
Described information-communication device is for receiving and send exchanges data information;
Described information exchange security control device is carried out security customization and management and control to information exchanging channel;
Described information source device characteristic processing module is automatically extracted and processes for the value of the information source recognition feature parameter according to trusting the user data information that the apparatus characteristic log-on message sends user's application server, and by the value of described information source recognition feature parameter with trust the apparatus characteristic log-on message and automatically identify and check;
Described power supply and battery charger are for being powered and the battery charging.
To achieve these goals, the invention provides a kind of information-leakage inspection control system, described system comprises: information channel safety certification device, at least one biological characteristic entrance guard device, at least one front end processor, at least one business information prosecution processing server, at least one short micro-letter processing server, user's application server and a plurality of user POS equipment;
A plurality of described user POS equipment and at least one described biological characteristic entrance guard device are connected with described user's application server by user application network, described user's application server is connected by serial ports or USB passage with the information channel safety certification device, described information channel safety certification device is connected with at least one described short micro-letter processing server by short micro-letter passage, described short micro-letter processing server is served the application system Intranet by information exchange and is connected with at least one described business information prosecution processing server, described information channel safety certification device accesses private network by long distance wireless and fire compartment wall is connected with at least one described front end processor, at least one described front end processor is served the application system Intranet by information exchange and is connected with at least one described business information prosecution processing server, wherein,
Described biological characteristic entrance guard device is used for obtaining POS equipment operating user's biological characteristic, and is transmitted to described user's application server and the information channel safety certification device carries out user safety authentication and mandate;
Described front end processor is for receiving and forward the Security Authentication Service solicited message that described information channel safety certification device is issued described business information prosecution processing server, and the service response processing result information that described business information prosecution processing server is sent is transmitted to described information channel safety certification device;
Described short micro-letter processing server receives and forwards short micro-communication service service request information that described information channel safety certification device is issued described business information prosecution processing server, and short micro-telecommunications services response processing result information that described business information prosecution processing server is sent is transmitted to described information channel safety certification device;
Described information channel safety certification device comprises: central processing unit and the safety check mode selection key be connected with described central processing unit, parameter arranges button, application main menu button, confirm and direction control button, cancel/revise button, the voice and video processing unit, touch control display apparatus, the physical characteristics collecting device, external certificate information harvester, information partition management and top control module, information-communication device, the information exchange security control device, information source device characteristic processing module, power supply and battery charger,
Described central processing unit is for the internal information switch instruction response of described information channel safety certification device; Described safety check mode selection key is for triggering the authentication selection function; Described parameter arranges button for triggering the parameter setting function of described information channel safety certification device; Described application main menu button is for the upgrading of trigger equipment system mend and application parameter maintenance function; Described confirmation and direction are controlled button, and for generating, current secret window information input validation completes and cursor direction moves the control notification instruction; Described cancellation/modification button is for generating the instruction of cancelling or revising current secret window information; Described voice and video processing unit, for gathering, process, transmitting operator's voice and video information, completes speech recognition or photo and facial characteristics identification; Described touch control display apparatus has been used for described operator's touch-screen control inputs and operation, indicates the operating state of described information channel safety certification device, and the display operation person informs information; Described physical characteristics collecting device, for gathering user's biological characteristic, completes the biometric secure authentication; Described external certificate information harvester reads the main security factor information of IC chip card such as comprising user identity card number, bank card number, social security card, and the electronic security(ELSEC) certificate of certification information of IC-card certificate, TF card certificate, U shield; Described information partition management and top control module are used for cipher mode partitioned storage user profile, and extract described user profile with manner of decryption; Described information-communication device is for receiving and send exchanges data information; Described information exchange security control device is carried out security customization and management and control to information exchanging channel; Described information source device characteristic processing module is automatically extracted and processes for the value of the information source recognition feature parameter according to trusting the user data information that the apparatus characteristic log-on message sends user's application server, and by the value of described information source recognition feature parameter with trust the apparatus characteristic log-on message and automatically identify and check; Described power supply and battery charger are for being powered and the battery charging;
Described business information prosecution processing server comprises: the security feature parameter arranges the location registration process unit, safety certification and maintenance upgrade unit, short micro-letter processing unit, business account processing unit and data storage and administrative unit;
Described security feature parameter arranges the location registration process unit for when to the user, providing described information channel safety certification device, according to user characteristics and requirement, generating client's Digital Certificate Security authentication information;
Described safety certification and maintenance upgrade unit, for calling described data storage and administrative unit to digital certificates technical parameter, authenticate device information source device characteristic information, user's characteristic information, user's input feature vector information, carry out safety certification according to operational factor, technical parameter, safety certification policy information and the transmission information form customized information of described information channel safety certification device;
Described short micro-letter processing unit is processed solicited message to application Business Processing solicited message and the prosecution of divulging a secret and is carried out service response processing and feedback result for calling described data storage and administrative unit, business account processing unit;
Described business account processing unit is for carrying out information-leakage prosecution processing and the information processing of business account of application message data;
Described data storage and administrative unit are for managing with database mode and classification storage service information.
Further, described front end processor comprises: the master control device, information channel safety certification device interface, the audio, video data processing unit, server interface and data storage and administrative unit, described master control device respectively with described information channel safety certification device interface, the audio, video data processing unit, the storage of server interface and data and administrative unit are connected;
Described information channel safety certification device interface is for carrying out bidirectional information transmitting-receiving and the exchange of described master control device and information channel safety certification device;
Described audio, video data processing unit is for receiving and dispatching user's audio frequency and video secure authenticated information of storing and processing described information channel safety certification device;
Described master control device is used to described information channel safety certification device interface, the audio, video data processing unit, and the bi-directional exchanges of information between server interface and data storage and administrative unit are connected formats processing;
Described server interface is for realizing bidirectional information transmitting-receiving and exchange between described master control device and business information prosecution processing server;
Described data buffer storage and switch processing unit be for receiving the instruction of described master control device, for transceiving data and information provide data buffer storage, information management and processing to process.
Beneficial effect of the present invention is, carry out the technical finesse such as the discriminating of information data source, format match screening, the conversion of confidential data modification, encrypting and decrypting, fractionation assembling of automation and the function of security control at the information interface front end, realized the communication that direction is controlled; The management and control of the content of receiving and sending messages and form, plain code transmission, storage and the cross processing of confidential data information have been avoided, also avoided the sharing of transmission, algorithm and data processing technique method etc. of some classified information, effectively having prevented that network attack, information from stealing with system infiltration and classified information reveals and distorts, and has ensured confidentiality and the fail safe of both sides' confidential data information; By the security control to information exchanging channel with to technical finesse and the control of the automations such as customization in advance of the discriminating of information source and information format, realized the two ends customization of information exchange, single-point handing-over, multiple authentication, two-way prosecution; Realized the suitable separation of secure authenticated information passage and data information exchange passage, carrying out directed controlled transmission by different information channels again after making exchanges data information split becomes a reality, effectively prevented information-leakage, improved the fail safe of information exchange, effectively reduce the cost of information exchange, eliminated technology hidden danger.
The accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below will the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
The result schematic diagram of the information-leakage inspection control system that Fig. 1 is the embodiment of the present invention;
The structured flowchart of the information channel safety certification device 100 that Fig. 2 is the embodiment of the present invention;
The appearance assumption diagram of the information channel safety certification device that Fig. 3 is the embodiment of the present invention;
The construction profile of the information channel safety certification device that Fig. 4, Fig. 5 and Fig. 6 are the embodiment of the present invention;
The structured flowchart of the front end processor 300 that Fig. 7 is the embodiment of the present invention;
The structured flowchart of the business information prosecution processing server 400 that Fig. 8 is the embodiment of the present invention;
The information-leakage detecting and control method flow chart that Fig. 9 is the embodiment of the present invention;
The detail flowchart of the information-leakage detecting and control method that Figure 10 is the embodiment of the present invention;
The structured flowchart of the information-leakage measuring and controlling device that Figure 11 is another embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment obtained, belong to the scope of protection of the invention.
As shown in Figure 1, the embodiment of the present invention provides a kind of information-leakage inspection control system, and described system comprises: information channel safety certification device 100, at least one biological characteristic entrance guard device 200, at least one front end processor 300, at least one business information prosecution processing server 400, at least one short micro-letter processing server 500, user's application server 600 and a plurality of user POS equipment 700.
A plurality of user POS equipment 700 and biological characteristic entrance guard device 200 are connected with user's application server 600 by user application network, and user's application server 600 is connected by serial ports or USB passage with information channel safety certification device 100.Information channel safety certification device 100 is connected with short micro-letter processing server 500 by short micro-letter passage, short micro-letter processing server 500 is served the application system Intranet by information exchange and is connected with business information prosecution processing server 400, information channel safety certification device 100 accesses private network by long distance wireless and fire compartment wall 101 is connected with front end processor phase 300, and front end processor 300 is served the application system Intranet by information exchange and is connected with business information prosecution processing server 400.
Fig. 2 is the structured flowchart of embodiment of the present invention information channel safety certification device 100, and the effect of information channel safety certification device 100 mainly comprises:
One, provide three kinds of information exchanging channels for the information exchange between user's application system and information-leakage inspection control system, the first information exchanging channel is the passage that carries out information exchange between information channel safety certification device 100 and user's application system, the second information exchanging channel is safety certification and maintenance channel, and the third information exchanging channel is at least two short micro-letters passages of receiving and sending messages.Between each passage, function is separated, share out the work and help one another, and organic interaction, the legal use for information channel safety certification device 100 provides safety certification and the relevant information technology of divulging a secret to control the processing support jointly.
Two, provide and independently select and a kind of authentication is set the user of information channel safety certification device 100 to be implemented to force the function of safety certification from multiple digital certificates and multiple secure authentication technology method to the user, improve convenience and the flexibility of safety certification.
Three, possessed the function of the information source device legitimacy being carried out to technology discriminating and safety certification, an authentication password and certificate have been eliminated and the potential safety hazard of the equipment source of authentication information not, effectively prevent the information source personation, improved the fail safe of data information exchange.
Four, possessed the data message that user's application system is sent to information exchange service application system, carry out the divulge a secret function of prosecution technical finesse of automated information at message switch mouth front end boundary, realized the controlled transmission of its information, and the autonomous customization management and control that specializes of receive and send messages content and form, effectively prevented network penetration and classified information leakage and distorted, having ensured confidentiality and the fail safe of each side's confidential data information.
Five, for the information-leakage inspection control system, the automated maintenance of information channel safety certification device 100 is disposed to the IP network connecting communication service that provides, and support for the associated safety authentication provides technical finesse.
Six, the setting for information channel safety certification device operational factor provides technical support.
As shown in Figure 2, information channel safety certification device 100 comprises: central processing unit 2001 and the safety check mode selection key 201 be connected with central processing unit 2001, parameter arranges button 202, application main menu button 203, confirm and direction control button 204, cancel/revise button 205, voice and video processing unit 206, touch control display apparatus 207, physical characteristics collecting device 208, external certificate information harvester 209, information partition management and top control module 210, information-communication device 211, information exchange security control device 212, information source device characteristic processing module 213, power supply and battery charger 214.
As shown in Fig. 3, Fig. 4, Fig. 5 and Fig. 6, information channel safety certification device 100 also comprises: camera 301, with infrared lamp, for obtaining site environment image video of living in and the photo of user face biological characteristic or channel security authenticate device, complete security monitoring in case of necessity; Microspeaker 302, be used for play cuing voice and from the alarm voice signal of server, and its volume keys available is regulated setting; Microphone 303, for gathering user speech and site environment sound; Client server connects serial ports 401, be used for connecting authenticate device and client server by the serial communication mode, realize communication and exchanges data between them, one of them work, another is standby, or all carry on a shoulder pole, generally be positioned at the trailing flank (as shown in Figure 4) of information channel safety certification device 100; External power interface 402, for connecting external power source, for authenticate device supplies distribution, generally be positioned at information channel safety certification device 100 trailing flanks (as shown in Figure 4); External connected electronic certificate interface, be used for connecting user's digital certificates and gather its information, realize information interaction and contact between authenticate device and certificate, can be IC-card certificate information reader, SD(or TF) the digital certificates interfaces such as card certificate interface, U shield certificate, IC-card certificate information reader 403 is positioned at the trailing flank of authenticate device, IC-card certificate information reader can also, for reading active user's IC-card information, comprise the information of the IC chip cards such as IC-card identity card, IC bank card, social security IC-card.SD(or TF) card certificate socket 601 is positioned at the left surface (as shown in Figure 6) of authenticate device, and U shield card certificate socket 501 is positioned at the right flank of authenticate device, be responsible for gathering user U shield information and carry out safety certification, or be connected between information channel safety certification device 100 and client server 600, carrying out the USB communication, also can download digital certificates information for the user; Receiver J-Horner 502, for frames connecting with headphone, realize the earphone output of sound, and volume can be regulated with the button on its side, is positioned at the authenticate device right flank; Mains switch 503, for carrying out the control of authenticate device power supply, opened or closed, and is positioned at the authenticate device right flank; Communication card socket 602, be used to long-range TCP wireless communication card and two different operators' SMS communication card that circumscription socket is provided, and realizes relevant communication, is positioned at the authenticate device left surface; External wireless antenna module 215, for front end processor, carrying out the telecommunication network communication antenna, strengthen the reliability of signal, is positioned at the authenticate device right flank.In addition, the authenticate device back side is for auxiliary auxiliary facilities such as the logical rechargeable batteries of cloth, and the authenticate device main frame is used to authenticate device that master control electric component and relevant matching component are provided.
In addition, information channel safety certification device 100 also comprises: power supply indicator 304, wireless network indicator light 305, short micro-letter communications status indicator light 306.
Central processing unit 2001 is to carry out the maincenter of two-way information interaction between each parts of information channel safety certification device 100, it is also the control centre of device feature, for the work between master control, management and inner each parts of cooperative information channel security authenticate device 100, complete information interaction and command service response between information channel safety certification device 100 internal parts.Between central processing unit 2001 and other parts, information interaction is all arranged, central processing unit 2001 obtains button operation information, or the input message of physical characteristics collecting device 208 and external certificate information harvester 209, or the input message of touch control display apparatus 207, and call voice and video processing unit 206, information partition management and top control module 210, information exchange security control device 212, after information source device characteristic processing module 213 is carried out front end screening management and control and safe handling to it, send to information-communication device 211, by information-communication device 211, sent to front end processor 300 again, and then be transmitted to business information prosecution processing server 400 and carry out safety certification and upgrade maintenance and process, or reception front end processor 300 forwards next business information prosecution processing server service response processing feedback result, recalls information partition management and top control module 210 further feed back to touch control display apparatus 207 and show feedback result after being processed, and call voice and video processing unit 206, information partition management and top control module 210, information exchange security control device 212 and information source device characteristic processing module 213, complete the concrete subsequent treatment work of voice and video prompting and the 400 relevant control instructions of execution business information prosecution processing server, or receive the exchanges data information that user's application server 600 is sent, and recalls information partition management and top control module 210, information source device characteristic processing module 213 and information exchange security control device 212 are carried out after front end screening management and control safety encipher etc. processes, send to short micro-letter dispensing device 212b, again and then send to short micro-letter processing server 500, and then be transmitted to business information prosecution processing server 400 and carry out safety inspection and control to process, then, customer consumption account settlement information result feedback after business information prosecution processing server 400 will be processed is given short micro-letter processing server 500, be transmitted to information exchange security control device 212 after formaing processing by it again, and then be transmitted to short micromessage receiving system 212a, the Xun Yuan road feeds back to user's application server, notify the user to carry out follow-up associative operation, or receive the information channel safety certification device 100 user right register informations that each parts collect, the subscriber authorisation secure authenticated information of information channel safety certification device 100, digital certificates technical parameter table, trust user POS apparatus characteristic log-on message, user POS device ID condition code, user POS device registration title, the customization of transmission information form, information element splits analytical algorithm automatically, classified information conversion deformation algorithm, information element automatic packaging packing algorithm, short micro-letter enciphering and deciphering algorithm, the information such as user's input feature vector information, and call voice and video processing unit 206, information partition management and top control module 210, the control of information exchange peace fills 212, information source device characteristic processing module 213 is carried out partitioned storage after safe handling to it.Detect while controlling request when receiving the crucial production equipment use authority safety certification request of information channel safety certification device 100 and user's application system and information transmission security, call voice and video processing unit 206, information partition management and top control module 210, information exchange security control device 212 and information source device characteristic processing module 213 and automatically extract secure authenticated information and carry out the maltilevel securities such as operating personnel, digital certificates, information source apparatus characteristic, swap data form and content and authenticate and complete the safety inspection of transmission information concerning security matters and control every processing.
When information channel safety certification device 100 is operated in the safety certification state, user's webmaster personnel trigger the authentication selection function by safety check mode selection key 101, make it neatly for the user network operations staff selects to determine a kind of suitable authentication, in order to complete the use authority authentication of data exchange channel.Now, information channel safety certification device 100 automatic acquisition user webmaster personal security authentication mode selection result information, call voice and video processing unit 206, information partition management and top control module 210, carry out necessary processing, preservation, and activate its authentication and select, start the user network operations staff is carried out the security certificate authentication of device rights of using and data exchange channel unlatching authority according to this authentication.User's webmaster personnel can independently select the combination attestation mode of the biological informations such as different types of digital certificates, identity card, IC bank card, password and fingerprint, complete its legitimacy safety certification.
The safety certification combination must meet following technical specification: the one, must comprise and only comprise a kind of biological characteristic authentication key element in the safety certification combination; The 2nd, carry out flexibly for the convenience of the user safety certification, the digital certificates kind can only be selected wherein a kind of; The 3rd, the default project that substantially comprises that authenticate device ID condition code, authenticate device register name are the safety certification content; The 4th, the user of registered in advance mandate just has the right to operate.So just form flexible selection and applied the safety certification example combinations that multiple digital certificates carry out the authentication of electronic authorization maltilevel security step by step, as: IC-card certificate+password+fingerprint+device ID condition code+device registration title, TF card (or SD card) certificate+password+facial photo+device ID condition code+device registration title, U shield certificate+password+fingerprint+voice+device ID condition code+device registration title etc.For improving fail safe, it must be that the registed authorization user just can carry out operational access that the safety check mode is selected change, carry out necessary fraction and operating right system, the people is set in registration and certified people can not be identical, carry out the user by brush identity card defeated close mode and operate login, but Modify password after login, just can complete replacement if forget Password must serve the personnel of application system mechanism by information exchange.
After choosing the safety check mode, just start the authentication of relevant information channel security.Now, the authentication automatic-prompting that the central processing unit 2001 of information channel safety certification device 100 is selected according to user's webmaster personnel also obtains secure authenticated information, call voice and video processing unit 206, information partition management and top control module 210, information exchange security control device 212, after carrying out necessary temporary and format processing, send to information-communication device 211, by information-communication device 211, sent to front end processor 300 again, and then be transmitted to business information prosecution processing server 400 and carry out the safety certification processing, if authentication is passed through, the short micro-letter receive path to information channel safety certification device 100 by short micro-letter processing server 500, the information that granting has information source recognition function and timeliness stamp sends the dynamic electron license passport, make and only held the dynamic electron license passport, short micro-letter sendaisle of information channel safety certification device 100 could send the exchange of data message implementation information.After this, business information prosecution processing server 400 passes through front end processor 300 processing forward security certification result to central processing unit 2001, if safety certification is passed through, recalls information partition management and top control module 210, touch control display apparatus 207 is processed rear demonstration feedback result, call after voice and video processing unit 206 is processed simultaneously feedback result is carried out to voice suggestion, recalls information exchanges security control device 212 and information source device characteristic processing module 213 simultaneously, carry out the 400 relevant control instructions of business information prosecution processing server, safety certification and the maintenance channel of lock information channel security authenticate device 100, the passage that carries out information exchange between opening information channel security authenticate device 100 and user's application system, short micro-letter sends information channel, start to carry out exchanges data, if safety certification is not passed through, central processing unit 2001 recalls information partition managements and top control module 210, touch control display apparatus 207 is processed rear demonstration feedback safety certification and is not passed through object information, after calling voice and video processing unit 206 simultaneously and being processed, feedback result is carried out to the voice suggestion user and re-start safety certification, when repeatedly safety certification is not successful, central processing unit 2001 recalls information partition managements and top control module 210, safety certification and the maintenance channel of information exchange security control device 212 lock information channel security authenticate devices 100, the information exchanging channel of information channel safety certification device 100 and user's application system, short micro-letter sends information channel, end the closed safe authentication function, the lang sound of going forward side by side is reported to the police and is sent the warning messages such as user webmaster personnel and the short micro-letter of the information exchange service personnel of application system management organization mobile phone.
When information channel safety certification device 100 is operated in parameter state is set, for user's webmaster personnel, the parameter setting function of button 102 automatic triggering authentication devices is set by parameter, completes following parameter setting: one completes the parameter setting function of information channel safety certification device 100 and user of service's ID card No. and the initialization mandate of password and sets and registration, the two completes setting and the configuration of the hardware operational factor of information channel safety certification device 100, the three complete Internet access user application server 500 the information source device feature of being trusted user POS equipment 700 selected, arrange and registration, four complete the information-leakage inspection control system operation user's name of having the right to carry out exchanges data, the register name of user POS equipment 700, registration and the setting of the security control informations such as apparatus characteristic of user POS equipment 700, realize man-machine system three's binding, only have and set the user and use the designated equipment operation information inspection control system of divulging a secret, could implement legal active data exchange, otherwise being judged to be invalid data by information source device characteristic processing Module recognition exchanges, end its every operation and exchanges data, in order to when production run, unauthorized device is got rid of, prevent illegal access, legitimacy and the fail safe of protected data exchange, information format and the content essential characteristic of five setting data exchanges, so that relevant apparatus and module are carried out information format and content essential characteristic automatic screening and the rejecting of exchanges data accordingly, on the one hand prevent information leakage, prevent on the other hand overlength and against regulation form or have the mess code of not clear intention and contain can not the customer consumption information afferent message Exchange Service application system of identifying information in.Its authorization User names and passwords are registered setting by the information exchange service personnel of application system management organization when information channel safety certification device 100 is provided, but Modify password after login, if forget Password must serve the personnel of application system management organization by information exchange and just can complete replacement, to prevent the unauthorized personnel, change the device setting.Now, information channel safety certification device 100 automatic acquisition parameter setting information, recalls information partition management and top control module 210, information exchange security control device 212, information source device characteristic processing module 213, carry out necessary processing, preservation, and activation parameter arranges result, its parameter setting is come into force, and then start to carry out the information leakage prevention and control according to this parameter Provisioning Policy.
When the information channel safety certification device is operated in the upgrade maintenance state, by application main menu button 103 upgrading of automatic initiating device system mend and application parameter maintenance functions, complete following task for user's webmaster personnel: one is implemented authenticate device application main menu by the information exchange service personnel of application system management organization and is set and registration by bonding method user's ID card No. and the initialization mandate of password; The two foundation is connected with the TCP of business information prosecution processing server, and some system and application patch are downloaded, moved, upgrade, upgrade to automatic deployment; The three sets up and is connected with the TCP of business information prosecution processing server, automatically downloads and load some applicating maintenance parameter; Four selection and the switchings that are used for the pattern of finishing the work.In this process, central processing unit 2001 receives application main menu button 203 trigger messages, start the application main menu, complete the setting of related application maintenance parameters and automatic deployment task by with business information prosecution processing server 400, carrying out information exchange, and recalls information partition management and top control module 210, touch control display apparatus 207 processed rear demonstration relevant information switching task processing result information, after calling voice and video processing unit 206 simultaneously and processing by voice suggestion feedback-related information switching task processing result information.
Confirm and direction is controlled button 204 for generating current secret window information input validation and complete and cursor direction moving the control notification instruction.In this process, complete/the input validation of operation that central processing unit 2001 reception buttons 204 send is controlled information command, and pass to the information-leakage inspection control system after recalls information partition management and top control module 210 processing, complete the subsequent treatment work of this instruction.Certainly, its cursor position also can be positioned by contactor control device.
Cancel/revise button 205 for generating the instruction of cancelling or revising current secret window information, to facilitate, the information of current secret window input is cancelled and mobile cursor is modified or re-enters wrong content.In this process, information command is controlled in the operation that central processing unit 2001 reception buttons 205 send, and is transmitted to the information-leakage inspection control system after recalls information partition management and top control module 210 processing, completes the subsequent treatment work of this instruction.
Voice and video processing unit 206, for collection when the safety certification, processing, transfer device operator's related voice video information, completes speech recognition or photo and facial characteristics identification; Perhaps for the operator of information channel safety certification device 100, forward relevant suggestion voice and the video of operation and input content.In this process, central processing unit 2001 receives the voice and video information that voice and video processing unit 206 sends, format is transmitted to the information-leakage inspection control system after processing and suitably processes, the loudspeaker that result voice and video information is fed back on the information channel safety certification device carry out the suggestion voice broadcasting, maybe touch control display apparatus 207 will be transmitted to after the video information process of feedback, for the operator carries out video and image demonstration.
Touch control display apparatus 207 is used for finishing device operator's touch-screen control inputs and operation, and the related work state of indicating device and show all information that need the operator to know.To carry out information bidirectional mutual according to setting rule for touch control display apparatus 207 and central processing unit 2001, touch control display apparatus 207 gathers user's operational order and be transmitted to central processing unit 2001 after preliminary treatment, after central processing unit 2001 recalls information partition managements and top control module 210 are processed, be transmitted to other parts or the information-leakage inspection control system is processed; Or be transmitted to after touch control display apparatus 207 is processed and complete the relevant information demonstration after the relevant demonstration of central processing unit 2001 reception information processing.
Physical characteristics collecting device 208, for the channel security verification process, automatically gathers user's biological characteristic under the control of central processing unit 2001, completes the biometric secure authentication.Biological characteristic can be fingerprint or finger vena information, even can comprise the finger temperature information collected with additional SMD intelligent temperature sensor.It can certainly be the biological characteristic that the facial characteristics, voice, nethike embrane, iris etc. of registered in advance authorized user easily extract; In this process, central processing unit 2001 receives the user biological feature that physical characteristics collecting device 208 gathers, and then is transmitted to the information-leakage inspection control system, carries out the authentication of user biological feature.
External certificate information harvester 209 for the user in safety certification process, automatically read the main security factor information of IC chip card such as user identity card number, bank card number, social security card, and the information of the multiple electronic security(ELSEC) certificate of certification such as IC-card certificate, TF card (or SD card) certificate, U shield, process and be transmitted to the information-leakage inspection control system and carry out safety certification.In this process, the instruction of central processing unit 2001 receives and response message is divulged a secret inspection control system, receive user IC chip card information that external certificate information harvester 209 collects and the information of electronic security(ELSEC) certificate of certification according to the requirement of related procedure, process and forward and submit to the information-leakage inspection control system and carry out safety certification.
Information partition management and top control module 210 are used for extracting user related information with the cipher mode partitioned storage with manner of decryption, and it is registered and arranges and respective handling.User related information and processing module mainly comprise: the subscriber authorisation secure authenticated information of information channel safety certification device 100, digital certificates technical parameter table, trust the apparatus characteristic log-on message, device ID condition code, the device registration title, the customization of transmission information form, information element splits analytical algorithm automatically, classified information conversion deformation algorithm, information element automatic packaging packing algorithm, short micro-letter enciphering and deciphering algorithm, user's input feature vector information table, master control menu modular program, the hardware setting functional program module, user function changeover program module, button Trigger Function program module, short micromessage security feature recognition function program module, the communication interface functional program module, information source device characteristic processing program module etc.After information partition management and top control module 210 reception central processing unit 2001 instructions and information are processed, the feedback processing result forwards and feeds back to relevant information processing request parts and device after further processing to central processing unit 2001.
Information-communication device 211 is for receiving exchanges data information, carry out being transmitted to other device of information-leakage inspection control system or server after information-leakage prosecution processing, automatically transmit target according to information in accordance with instruction, regulate and control suitable passage, realize security information communication and data information exchange between information channel safety certification device 100 and other device of information-leakage inspection control system or associated server.Under the control commander of central processing unit 2001, at information partition management and top control module 110, under the coordinated of information exchange security control device 212 and information source device characteristic processing module 213, receive directional data exchange message and other relevant information, after carrying out information-leakage prosecution relevant treatment, send to other device of information-leakage inspection control system or associated server, and directional data exchange message and other relevant information of reception information-leakage other device of inspection control system or associated server, after carrying out information-leakage prosecution relevant treatment, information channel safety certification device 100 and even user's application server 600 are submitted in forwarding.
When information-communication device 211 is operated in the safety certification pattern, receives central processing unit 2001 and forward the secure authenticated information of coming, after being processed, be transmitted to front end processor 300, be transmitted to business information prosecution processing server 400 after being processed by front end processor 300 formats again and carry out safety certification, business information prosecution processing server 400 carries out the safety certification processing and authentication result is fed back to front end processor according to former road and even central processing unit 2001 is processed, and further feeds back to information-communication device 211 again, after this information with information source recognition function and timeliness stamp that the business information prosecution processing server 400 Security Authentication Service response results that information-communication device 211 reception front end processors 300 are sent and short micro-letter processing server 500 send sends the dynamic electron license passport, and recalls information source device characteristic processing module 213, the passage of information exchange peace control module 212 and information partition management and top control module 210 is opened and locking and coupled system, safety certification and safeguard that processing unit is opened short micro-letter sendaisle and after locking processes, forward the relevant treatment result and feed back to voice and video processing unit 206 or touch control display apparatus 207, if voice messaging sends to Microspeaker to complete voice suggestion by voice and video processing unit 106, if demonstration information completes directed the demonstration by touch control display apparatus 207.
When information-communication device 211 is operated in the maintenance upgrade pattern, for information channel safety certification device 100 and front end processor 300 are set up the service of wireless tcp network connecting communication automatically, realize automatically downloading and disposing upgrade application patch and other data message that need to be exchanged, and it is encrypted to storage.
When information-communication device 211 is operated in the application message data exchange mode, the user safety authentication success, carry out the unlatching of giving orders of the passage of information exchange, short micro-letter passage sending function between information channel safety certification device 100 and user's application server 600, the locking and information channel safety certification device safety certification and maintenance channel are given orders, and the service of wireless tcp network connecting communication is also closed automatically.In addition, short micro-letter communication module of the short-and-medium micro-letter dispensing device 212b of the present embodiment and short micro-each self-assembly different service providers of letter information receiving device 212a, so just can reduce or avoid the information that important key message may cause with net transmission to kidnap, distort and information-leakage.In this process, target and source that information-communication device 211 transmits according to information automatically according to the instruction of central processing unit 2001, regulate and control suitable passage, realize bidirectional safe information communication and data information exchange between information channel safety certification device and other device of information-leakage inspection control system or associated server.
Information exchange security control device 212, for carrying out security customization and management and control to information exchanging channel under information partition management and top control module 210 assistance.Comprise following auxiliary equipment: at least one short micro-letter receiving system 212a, at least one short micro-letter dispensing device 212b, passage is opened and locking and coupled system 212c, safety certification and safeguard processing unit 212d, information storage and administration module 212e.Each auxiliary equipment all is connected with short message exchange security control device 212, and by between information exchange security control device 212 and other auxiliary equipment, carrying out information exchange, perhaps with central processing unit 2001, carry out information exchange, and even carry out bidirectional safe information communication and data information exchange between the transfer realization by central processing unit 2001 and other device of information-leakage inspection control system or associated server.Short micro-letter receiving system 212a, for receiving the application message data exchange processing result that short micro-letter processing server 500 is sent, or receive the information with information source recognition function and timeliness stamp that short micro-letter processing server 500 sends and send the dynamic electron license passport, giving orders to control to make only has safety certification to pass through, held the dynamic electron license passport, short micro-letter sendaisle of information channel safety certification device 100 could send data message, practices the information data exchange; Short micro-letter dispensing device 212b, for sending user data information to short micro-letter processing server; Passage is opened and locking and coupled system 212c, be used for according to the channel security authentication result, give orders and control united opening or the locking of relevant information passage, if channel security authentication success, the give orders passage that carries out information exchange between opening information channel security authenticate device 100 and user's application service 600, short micro-letter sendaisle, short micro-letter receives information channel, safety certification and the maintenance channel locking of giving orders; Otherwise, keep each passage default conditions, and safety certification repeatedly not by the time give orders locking safety certification and maintenance channel, send the warning messages such as SMS by short micro-letter processing server 500 to user or the information exchange service personnel of application system management organization in time; Safety certification and safeguard processing unit 212d, be used to the maintenance of channel security authentication and information channel safety certification device 100 that the environmental facility technical support is provided.The value of personalized information source identification (enemy and we's identification) characteristic parameter of registered signing while providing according to information channel safety certification device 100 gathers and generates processing automatically, and generate and comprise the authenticate device characteristic information according to engagement arithmetic and rule when channel security authentication and device maintenance license safety check, authenticate device ID condition code, the corresponding response message of the information such as authenticate device register name, then after sending to short micro-letter processing server further to process, be transmitted to business information prosecution processing server, carry out the maintenance license authentication of the authentication of authenticate device channel security and information channel safety certification device 100.If the maintenance of information channel safety certification device 100 license safety check is successfully passed through, call the relative program module and complete the maintenance process such as authenticate device application patch upgrading, implement the relevant treatment such as patch automatic deployment, complete upgrade maintenance; If the channel security authentication success passes through, business information prosecution processing server 400 sends an information transmission dynamic electron license passport with information source recognition function and timeliness stamp to short micro-letter receive path feedback of channel security authenticate device, completes authenticate device and registers.Otherwise, the unsuccessful information of feedback authentication, and send the warning messages such as SMS by short micro-letter processing server 500 to user or the information exchange service personnel of application system management organization in time; Information storage and administration module 212e are used to the information exchange security control device to provide message buffer storage and necessary format to process.
Information source device characteristic processing module 213 is for according to trusting the apparatus characteristic log-on message, the value of information source identification (enemy and we's identification) characteristic parameter of the user data information on the one hand user's application server sent is automatically extracted and processes, on the other hand itself and trust apparatus characteristic log-on message are automatically identified and checked, if information source is the believable equipment of registering, and short micro-letter passage has received that information sends the dynamic electron license passport, user data information and information transmission dynamic electron license passport are carried out to analytical decomposition, information source device Feature Conversion wherein is deformed into to the information source device feature that information sends the information channel safety certification device in the dynamic electron license passport, then after ressembling processing, send to short micro-letter processing server to carry out the identification of related information source apparatus characteristic and safety inspection, if safety inspection is passed through, until submitting to business information prosecution processing server, forwarding carries out the business Account Disposal after preserving this information and it being carried out to subsequent processes, otherwise, the safety inspection of information source device feature is not passed through, the information of automatically it being sent is rejected, and this equipment is piped off, simultaneously, reach with user's webmaster personnel mobile phone and carry out the warnings such as short micro-letter to the information exchange service personnel of application system management organization, after this feedback processing result is to the information channel safety certification device, after the information channel safety certification device receives the short micro-letter of feedback of upper end server, carry out analytical decomposition, information source device feature another mistake wherein is deformed in user data information to information source device feature originally to conversion, and confidential data is wherein reduced (comprising deciphering), hold back data and complete reverse dosing, hiding data carries out reverse reparation, complete the reverse true restoration disposal of necessary information full dose, and then algorithm sends to user's application server after re-starting the assembling processing according to a preconcerted arrangement, thereby controlled divulging a secret of relevant classified information.
Power supply and battery charger 214 is responsible for the charging of the power supply of information channel safety certification device and battery thereof, makes all this power supplys that share with being integrated in safe and stable arrangement on the information channel safety certification device.
Biological characteristic entrance guard device 200 is used for obtaining user POS equipment operating user (user attendant's) biological characteristic, be transmitted to user's application server 600 and information channel safety certification device 100 after completing necessary processing, carry out user safety authentication and mandate, and by the Certificate Authority result feedback to the user.Biological characteristic can be fingerprint or finger vena information, even can comprise the finger temperature information collected with additional SMD intelligent temperature sensor.It can certainly be the biological characteristic that the facial characteristics, voice, nethike embrane, iris etc. of registered in advance authorized user easily extract, so that user's application server 600 and authenticate device are achieved as follows function according to this jointly: the one, the gate inhibition management apparatus according to user's application server 600 according to biological characteristic authentication output control commander biological characteristic entrance guard device 200, automatically carry out the unlatching of electric linkage protective door or close, to control, whether allowing these user personnel to enter user's application service zone, the 2nd, user's application server 600 and information channel safety certification device 100 are jointly according to biological characteristic authentication result and predefined licensing scheme, automatically detect and determine whether that these user personnel of permission operate user POS equipment 700, if allow it to be operated user POS equipment 700, for it, distribute an exercisable user POS equipment 700, and send the dynamic login password of user's application system of effective restriction by inner mailbox for the user, completing user carries out the permission mandate that the operation of user's application system is used, simultaneously, operate and realized the people by real name, machine (equipment), system, quadruple side Dingan County of passage authenticates entirely.
Fig. 7 is embodiment of the present invention front end processor 300 structural representations, and this front end processor 300 comprises: master control device 703, information channel safety certification device interface 701, audio, video data processing unit 702, server interface 704, data storage and administrative unit 705.Master control device 703 is connected with information channel safety certification device interface 701, audio, video data processing unit 702, server interface 704, data storage and administrative unit 705 respectively.Front end processor is mainly used in having set up the bridge of service request and service response between business information prosecution processing server 400 and information channel safety certification device 100, receive safety certification and the maintenance upgrade information of information channel safety certification device 100, be transmitted to business information prosecution processing server 400 after the processing such as formaing, or connect after the safety certification of business information prosecution processing server 400 and maintenance upgrade information and result feedback information such as format at the processing and be transmitted to information channel safety certification device 100.
Information channel safety certification device interface 701 is received and dispatched and exchange with the bidirectional information of information channel safety certification device 100 for complete master control device 703 according to the agreement prescribed form, is mainly used for processing and the transmitting-receiving transfer for the information exchange between information channel safety certification device interface 701 and business information prosecution processing server 400 provides format.Under the control of master control device 703, information channel safety certification device interface 701 receives operational order, the input message of information channel safety certification device 100 inputs, store and administrative unit 705, audio, video data processing unit 702 is transmitted to server interface 704 after processing by data, then be transmitted to business information prosecution processing server 400 by server interface 704; Or server interface 704 receives service response result and the feedback information of business information prosecution processing server 400, by data, store and after administrative unit 705, audio, video data processing unit 702 process, be transmitted to information channel safety certification device interface 701, send to information channel safety certification device 100 by information channel safety certification device interface 701 again, erect the bridge of information bidirectional exchange between information channel safety certification device 100 and business information prosecution processing server 400.
Audio, video data processing unit 702 is for receiving and dispatching user's audio frequency and video secure authenticated information of storage information channel safety certification device 100, and canned data is effectively managed.
Short micro-letter processing server 500 can be multiple servers or PC, can be also the part-time front server of comprehensive multinomial identity function, be mainly used in having set up short micro-telecommunications services request between business information prosecution processing server 400 and information channel safety certification device 100 and the bridge of service response.Short micro-letter processing server 500 receptions forwarding information channel security authenticate device 100 are issued short micro-communication service service request relevant information of business information prosecution processing server 400, format is transmitted to business information prosecution processing server 400 after processing, and receive the service request response result message that described at least one business information prosecution processing server 400 sends, and after short micro-telecommunications services response processing result information format that described at least one business information prosecution processing server 400 is sent, feedback is forwarded to the information channel safety certification device 100 that sends short micro-communication service service request related message, thereby erected the information bridge of short micro-communication service service request and service response between business information prosecution processing server 400 and information channel safety certification device 100, complete the short micro-letter of its information bidirectional and reach alternately format processing and transmitting-receiving transfer.
Business information prosecution processing server 400 is used for processing and information support for the information channel safety certification device 100 of information-leakage prosecution treatment system, front end processor 300, short micro-letter processing server 500 etc. provide safety certification and information service response, is core and the maincenter of information-leakage prosecution treatment system.Simultaneously, for between other facility in information-leakage prosecution treatment system, providing the information service support, and with database mode centralized management, classification storage, process the information such as various information data table and system operational parameters, functional program module and associated electrical certificate technical parameter table, authenticate device information source device feature log-on message, authenticate device ID condition code, authenticate device register name, user's input feature vector information table, user profile tables of data, business datum table, transmission information form customized information, and relevant information processing unit.The traffic information services request message come for receiving front end processor 300 or 500 forwardings of short micro-letter processing server, for different service requests, carry out appropriate service response and information processing, and formation service response result message, feed back to front end processor 300 or short micro-letter processing server 500, after processing, format feeds back to information channel safety certification device 100, completing user safety certification and Business Processing again.
As shown in Figure 8, business information prosecution processing server 400 comprises: the security feature parameter arranges location registration process unit 801, safety certification and maintenance upgrade unit 802, short micro-letter processing unit 803, business account processing unit 804, data storage and administrative unit 805.Business information prosecution processing server 400 is used for processing and information support for the information channel safety certification device 100 of information-leakage prosecution treatment system, front end processor 300, short micro-letter processing server 500 etc. provide safety certification and information service response, is core and the maincenter of information-leakage prosecution treatment system.Mainly complete following information processing services: the one, call the security feature parameter and location registration process and correlation unit are set the information such as authenticate device 100 operational factor tables, digital certificates technical parameter table, authenticate device information source device characteristic information table, user's input feature vector information table, user's characteristic information table (comprising the biological characteristic relevant information), business datum table, technical parameter table, safety certification policy information table, transmission information form customized information are registered default; The 2nd, call safety certification and maintenance upgrade unit the information such as digital certificates technical parameter, authenticate device information source device characteristic information, user's input feature vector information, user's characteristic information (comprising the biological characteristic relevant information), business datum, technical parameter, safety certification policy information, transmission information form customized information are carried out to safety certification and management and control; And send the dynamic electron license passport according to the authentication result information that 100 passage grantings have an information source recognition function and timeliness stamp to the information channel safety certification device, and then information channel safety certification device 100 is carried out to the passage management and control, or the adjusting function program module is carried out the maintenance processing such as application system upgrading to information channel safety certification device 100; The 3rd, call short micro-letter processing unit, business account processing unit 803, data storage and 805 pairs of Business Processing requests of administrative unit and carry out the service response processing, and feedback result is controlled with the short micro-letter of voice SMS warning of associated user's mobile phone and information channel safety certification device 100 mutual simultaneously; The 4th, according to operation flow, rely on information interaction instruction directs correlation unit to work in coordination with and carry out information processing; The 5th, with database mode centralized management, classification storage, process the information such as various information data table and system operational parameters, functional program module and associated electrical certificate technical parameter table, authenticate device information source device characteristic information table, user's input feature vector information table, user's characteristic information table (comprising the biological characteristic relevant information), business datum table, technical parameter table, safety certification policy information table, transmission information form customized information, and correlation function program module running technology parameter etc.Business information prosecution processing server 400 receives front end processor 300 or server 500 forwards the traffic information services request message of coming, for different service requests, call the relevant treatment unit and carry out appropriate service response and information processing, and formation service response result message, feed back to front end processor 300 or server 500, after processing, format feeds back to information channel safety certification device 100, completing user safety certification and Business Processing again.
The security feature parameter arranges location registration process unit 801 for to user's release information channel security authenticate device 100 time, according to user characteristics and requirement, generating the secure authenticated information such as client's digital certificate, and call the security feature parameter and location registration process and correlation unit are set to information channel safety certification device 100 operational factor tables, digital certificates technical parameter table, authenticate device information source device characteristic information table, user's input feature vector information table, user's characteristic information table (comprising the biological characteristic relevant information), the business datum table, the technical parameter table, safety certification policy information table, the information such as transmission information form customized information are registered default.Converting thereof into ciphertext on the one hand is issued in information channel safety certification device 100, be stored on the other hand the user's characteristic information tables of data of the data storage of server and management processing unit and authenticate device and register in the characteristic information tables of data, in order to divulge a secret when the prosecution treatment system is carried out safety certification and upgrade maintenance and carry out the maltilevel security authentication at user login information; When to the user, selling information channel safety certification device 100, this unit collection or obtain relevant registration presupposed information, according to safety certification mechanism, the generating ciphertext partitioned storage is in the storage medium in information channel safety certification device 100 and be recorded in the data table related of the 400 data storages of business information prosecution processing server and administrative unit 805 simultaneously.
Safety certification and maintenance upgrade unit 802 carry out safety certification for calling data storage and 805 pairs of digital certificates technical parameters of administrative unit, authenticate device information source device characteristic information, user's characteristic information (comprising the biological characteristic relevant information), user's input feature vector information according to information such as the operational factor of information channel safety certification device 100, technical parameter, safety certification policy information, transmission information form customized informations; And send the dynamic electron license passport according to the authentication result information that 100 passage grantings have an information source recognition function and timeliness stamp to the information channel safety certification device, and then information channel safety certification device 100 is carried out to the passage management and control, or the adjusting function program module is carried out the maintenance processing such as application system upgrading to information channel safety certification device 100.Safety certification and maintenance upgrade unit 802 receive the safety certification request information that front end processor 300 forwards the information channel safety certification device 100 come, calling data storage and administrative unit 805, according to information channel safety certification device 100 operational factors, technical parameter, authenticate device information source device characteristic information, user's characteristic information, the safety certification policy information, the information such as transmission information form customized information are carried out as IC-card certificate+password+fingerprint+authenticate device information source device feature the user, TF card (or SD card) certificate+password+facial photo+authenticate device information source device feature, the safety certification of U shield certificate+password+fingerprint+voice+modes such as authenticate device information source device feature, guarantee with this input unit and the certificate that only have the user accredited personnel to use appointment, input meets the information of my feature and has carried out meeting the operation of my role's authority, the relevant issues of just having the right to process.Then, according to authentication result, complete suitable information processing, generate return information, feed back to front end processor 300.If safety certification is passed through, safety certification and maintenance upgrade unit 802 call short micro-letter processing unit 803, and the information that the passage granting of information channel safety certification device 100 is had to information source recognition function and timeliness stamp according to authentication result sends the dynamic electron license passport, and then information channel safety certification device 100 is carried out to the passage management and control, and start to carry out applied business information processing and the prosecution of divulging a secret processing; Or the adjusting function program module is carried out the maintenance response processing such as system upgrade to information channel safety certification device 100.Otherwise the feedback information, allow the user to correct input message, until interrupt this safety certification, process, send the warning messages such as SMS by short micro-letter processing server to user or the information exchange service personnel of application system management organization in time.
Short micro-letter processing unit 803 is processed the solicited message prosecution of divulging a secret for the applied business of calling data storage and administrative unit 805,804 pairs of short micro-letter processing servers 500 of business account processing unit and is processed solicited message and carry out the service response processing, and feedback result is controlled with the short micro-letter of voice SMS warning of associated user's mobile phone and information channel safety certification device 100 mutual simultaneously; Or calling data storage and administrative unit 805, safety certification and maintenance upgrade unit 802 in the situation that safety certification pass through, the information transmission dynamic electron license passport that there is information source recognition function and timeliness stamp to the passage granting of information channel safety certification device 100, and then information channel safety certification device 100 completes the passage management and control accordingly.Receive short micro-letter processing server 500 and forward next short micro-letter processing service request information, calling data storage and administrative unit 805, business account processing unit 804, the short micro-letter processing solicited message of application business and the prosecution of divulging a secret processing solicited message are carried out to the service response processing, then result is fed back to short micro-letter processing server 500; Or when the 100 channel security authentications of information channel safety certification device are passed through, send the information with information source recognition function and timeliness stamp to information channel safety certification device 100 and send the dynamic electron license passport, giving orders to control to make only has safety certification to pass through, hold short micro-letter sendaisle of the information channel safety certification device of dynamic electron license passport and could send out the short micro-letter data information of receipts, practiced the exchange of control that has of information data.
Business account processing unit 804 is mainly used to bear information-leakage prosecution processing and the information processing of business account of application message data.Receive short micro-telecommunications services device 500 and forward next application message data processing service request information, calling data storage and administrative unit 805, business account processing unit 804, the application information data is carried out to information-leakage prosecution processing and the processing of business account service response, then result is fed back to short micro-letter processing server 500; Whether the processing item: block expiredly, whether certificate is effectively, whether content is correct, whether feature meets, whether information format is correct etc. if having.
Data storage and administrative unit 805 are mainly used to manage concentratedly with database mode, the classification storage, process various system operational parameters, functional program module and associated electrical certificate technical parameter table, authenticate device information source device characteristic information table, user's input feature vector information table, user's characteristic information table (comprising the biological characteristic relevant information), the business datum table, the technical parameter table, safety certification policy information table, the business information such as transmission information form customized information, for other unit provides the data message support, other unit all needs calling data storage and administrative unit 805 when completing information processing.
As shown in Figure 9, the present embodiment provides a kind of information-leakage detecting and control method, and this information-leakage detecting and control method comprises:
Step 901: send the request of information channel Security Authentication Service by front end processor to business information prosecution processing server, make described business information prosecution processing server carry out the information channel safety certification according to the authentication of setting;
Step 902: receive the information transmission dynamic electron license passport with information source recognition function and timestamp that described business information prosecution processing server is issued by short micro-letter processing server;
Step 903: receive the user data information of POS equipment, and information source recognition feature parameter value, transmission information form and the content characteristic parameter value of described user data information are automatically identified and checked;
Step 904: the sign of the user POS information source in described user data information and information encoding are remembered, rebuild retrieval symbol, and generate on the user who is uploaded to described short micro-letter processing server that security information has been implemented to hold back, hide, be out of shape and send server deal with data information;
Step 905: send on described user and send server deal with data information to described short micro-letter processing server shunting, so that described short micro-letter processing server carries out information-leakage prosecution and business account service response and processes sending server deal with data information to carry out after information combination and format being transmitted to described business information prosecution processing server on described user;
Step 906: receive short micro-letter of described business information prosecution processing server feedback, carry out analytical decomposition, and the information source device feature reverse transformation in described short micro-letter is deformed into to the information source device feature of script in described user data information;
Step 907: after described short micro-letter is ressembled, feed back to described user's application server.
Flow process as shown in Figure 1 is known, in the embodiment of the present invention, information channel safety certification device 100 sends the request of information channel Security Authentication Service by front end processor to business information prosecution processing server, and receives the information transmission dynamic electron license passport with information source recognition function and timestamp that business information prosecution processing server is issued by short micro-letter processing server; Then receive the user data information of POS equipment, and information source recognition feature parameter value, transmission information form and the content characteristic parameter value of described user data information are automatically identified and checked; By the sign of the user POS information source in user data information and information encoding, remembered, rebuild retrieval symbol, and generate on the user who is uploaded to described short micro-letter processing server that security information has been implemented to hold back, hide, be out of shape and send server deal with data information, and send on described user to described short micro-letter processing server shunting the server deal with data information of sending; Finally, by receiving short micro-letter of described business information prosecution processing server feedback, carry out analytical decomposition, information source device feature reverse transformation in described short micro-letter is deformed into to the information source device feature of script in described user data information, and feeds back to described user's application server after described short micro-letter is ressembled.By said method, realized the communication that direction is controlled; The management and control of the content of receiving and sending messages and form, plain code transmission, storage and the cross processing of confidential data information have been avoided, also avoided the sharing of transmission, algorithm and data processing technique method etc. of some classified information, effectively having prevented that network attack, information from stealing with system infiltration and classified information reveals and distorts, and has ensured confidentiality and the fail safe of both sides' confidential data information; Realized the two ends customization of information exchange, single-point handing-over, multiple authentication, two-way prosecution; Realized the suitable separation of secure authenticated information passage and data information exchange passage, carrying out directed controlled transmission by different information channels again after making exchanges data information split becomes a reality, effectively prevented information-leakage, improved the fail safe of information exchange, effectively reduce the cost of information exchange, eliminated technology hidden danger.
During concrete enforcement, before step 901, this information-leakage detecting and control method also comprises: obtain and comprise customer digital certificate, operational factor, the digital certificates technical parameter, authenticate device information source device characteristic information, user's input feature vector information, user's characteristic information, the pre-registration of safety certification policy information and transmission information form customized information is carried out the information registering of information exchange service application system, then obtain and comprise POS equipment user information, apparatus characteristic information is trusted in user POS facility information source, the user profile of biological characteristic entrance guard device and biological information is carried out the user profile registration.
In one embodiment, above-mentioned authentication comprises: IC-card certificate+password+fingerprint+authenticate device information source device feature, TF card or SD card certificate+password+facial photo+authenticate device information source device feature, U shield certificate+password+fingerprint+voice+authenticate device information source device feature.
During concrete enforcement, if information channel safety certification failure, according to instruction locking safety certification and maintenance channel, if the failure of information channel safety certification, the information exchanging channel between opening information channel security authenticate device 100 and user's application server 600 and short micro-letter passage.
Figure 10 is the detail flowchart of information-leakage detecting and control method of the present invention, by the security control to information exchanging channel, in addition to the customization in advance of the discriminating of information source and information format and technical finesse and the control of the automations such as information sifting filtration in information exchanging process, realized the two ends customization to classified information, the single-point handing-over, multiple discriminating, two-way prosecution.Both realized the suitable separation of secure authenticated information passage and user's application data information exchanging channel, realized again the multichannel transmission of data information exchange, both can make a partial data exchange message according to after setting the strategy fractionation, carry out directed controlled transmission with different short micro-letter transceiver channels, also a short micro-letter transceiver channel can be used for to the dynamic password of transmission of information, and other passage is for transmitting exchanges data information itself, carry out again the decrypts information reduction after arriving target ground, improved the fail safe of information exchange.Simultaneously, carry out the information data source of automation differentiates on the information exchange border, the format match screening, the conversion of confidential data modification and reduction, encrypting and decrypting, splitting assembling waits technical finesse and transmission security to control, realized the safety handing-over of communication, form is adjustable, passage is optional, password is variable, avoided the plain code transmission of confidential data information, storage and cross processing, also avoided the transmission of some classified information, sharing of algorithm and data processing technique method etc., effectively prevented network attack, information is stolen with system infiltration and classified information leakage and is distorted, confidentiality and the fail safe of both sides' confidential data information have been ensured.For clearer description information-leakage detecting and control method of the present invention, below in conjunction with Figure 10, describe in detail, the detailed process of the information-leakage detecting and control method of Figure 10 comprises the steps:
Step 1001: two ends customization registration, the subregion kept secure, first implementation information Exchange Service application system information registering, after carry out the user profile registration.
Information exchange service application system information registering: information channel safety certification device 100 is when being issued to the user, need to obtain customer digital certificate, operational factor, the digital certificates technical parameter, authenticate device information source device characteristic information, user's input feature vector information, user's characteristic information (comprising the biological characteristic relevant information), the business datum table, the technical parameter table, the safety certification policy information, transmission information form customized informations etc. need the various information of default registration, store user's digital certificates into the ciphertext granting respectively according to its information ownership, in the tables of data of information channel safety certification device 100 and business information prosecution processing server 400, in order to divulge a secret when the prosecution treatment system is carried out safety certification and upgrade maintenance and carry out the maltilevel security authentication at the user login information of information channel safety certification device 100, according to the principle of whose preservation of whose information, the application system both sides of implementation information exchange, side's log-on message true form, the opposing party is the feature of log-on message only, but some information needs both sides to preserve separately simultaneously, meets the needs of safety certification, meets again and prevents the requirement of divulging a secret.
Carry out the user profile registration: information channel safety certification device 100 obtains user profile, the user POS information source of user POS equipment 700 and trusts the user profile such as biological information that apparatus characteristic information, biological characteristic entrance guard device and intelligent paste transducer collect, process post-registration and store in the user profile dedicated memory of information channel safety certification device 100, with difference and system data dedicated memory and information exchange service application system management organization information dedicated memory block.In order to, for realizing that real name operation, dynamic password are logined, enough information is prepared in the multiple authentication collection, realize that the quadruple of people, machine (equipment), system, passage bundlees mutual safety certification.
Step 1002: the gate inhibition pacifies control, the entrance checking, and the dynamic password granting, operating equipment is assigned.
Biological characteristic entrance guard device 200 obtains the personnel's such as administrative staff of the operation user (user attendant) of user POS equipment 700 and user information channel safety certification device 100 biological information, and send it to user's application server 600 request and carry out user safety authentication and mandate, user's application server 600 carries out the service request response processing and its result is fed back to biological characteristic entrance guard device 200 by user application network.Biological characteristic entrance guard device 200 is according to user safety authentication and the Authorization result instruction of user's application server 600, control the gate inhibition management apparatus of commander's biological characteristic entrance guard device 200, automatically carry out the unlatching of electric linkage protective door or close, to control, whether allowing these user personnel to enter user's application service zone; Simultaneously, user's application server 600 User safety certifications and Authorization result and predefined licensing scheme, automatically detect and determine whether that these user personnel of permission operate user POS equipment 700, if allow it to carry out 700 operations of user POS equipment, for it, distribute an exercisable user POS equipment 700, and provide the dynamic login password of user's application system of effective restriction by secured fashions such as inner mailboxes for the user, completing user carries out the permission mandate that the operation of user's application system is used.Biological characteristic can be fingerprint or finger vena information, even can comprise the biological characteristic authentication informations such as finger temperature information that additional SMD intelligent temperature sensor collects, it can certainly be the biological characteristic that the facial characteristics, voice, nethike embrane, iris etc. of registered in advance authorized user easily extract, operating by real name the side Dingan County that has realized people, machine (equipment), system like this authenticates entirely, realized that the gate inhibition pacifies control, the entrance checking, the dynamic password granting, operating equipment is assigned automatically.
Step 1003: the single-point traffic, the safety check mode is selected, and device is registered, the maltilevel security authentication.
Information channel safety certification device 100 carries out serial ports with user's application server 600 or the USB line is connected, and carries out wireless tcp with front end processor 300 and business information prosecution processing server 400 and be connected.Information channel safety certification device 100 is intermediary's control device facilities that user's application server 600 and business information prosecution processing server 400 carry out information exchange, for guaranteeing safety, user's application system is only opened a traffic intermediary control device facility, realizes the single-point traffic.For anti-locking apparatus is illegally used, each legal information channel safety certification device 100 has the device digital certificates that business information prosecution processing server 400 is issued, be kept in the system data dedicated memory, serve application system management organization information dedicated memory block with difference with the user profile dedicated memory with information exchange, simultaneously, its device characteristic, title, id number, Certificate Number must carry out registration in business information prosecution processing server.Information channel safety certification device 100 obtains user's webmaster personnel associated safety authentication information according to the authentication of user management personnel setting, and send it to front end processor 300 and then be transmitted to business information prosecution processing server 400, send the Security Authentication Service request.Authentication mode is for example: IC-card certificate+password+fingerprint+authenticate device information source device feature, TF card (or SD card) certificate+password+facial photo+authenticate device information source device feature, U shield certificate+password+fingerprint+voice+authenticate device information source device feature etc., guarantee with this input unit and the certificate that only have the user accredited personnel to use appointment, input meets the information of my feature and has carried out meeting the operation of my role's authority, the relevant issues of just having the right to process.Then, the requests of business information prosecution processing server 400 response Security Authentication Service are carried out the safety certification response and are processed, and the safety certification result is fed back to front end processor 300 according to former road format processing, then feed back to authenticate device.If the safety certification success, complete registering of information channel safety certification device 100.If safety certification is unsuccessful, safety certification repeatedly not by the time information channel safety certification device 100 locking safety certification and the maintenance channels of transmitting orders, and send the warning messages such as SMS by short micro-letter processing server 500 to user or the information exchange service personnel of application system management organization in time, carry out the rehabilitation of some necessity simultaneously, interrupt or exit safety certification.If the success of maintenance upgrade safety certification, automatic deployment upgrade application patch and other data message that need to be exchanged are to information channel safety certification device 100.Realized the single-point traffic, the safety check mode is selected, and device is registered, the maltilevel security authentication.
Step 1004: certificate issued, the passage regulation and control, the application login, POS registers.
After the channel security authentication success, business information prosecution processing server 400 is issued the information with information source recognition function and timeliness stamp by short micro-letter processing server 500 to information channel safety certification device 100 and is sent the dynamic electron license passport, carry out the unlatching of giving orders of the passage of information exchange, short micro-letter passage sending function between information channel safety certification device 100 and user's application server 600, the locking and the safety certification of information channel safety certification device 100 and maintenance channel are given orders, and the service of wireless tcp network connecting communication is also closed automatically.Send the information with information source recognition function and timeliness stamp to information channel safety certification device 100 and send the dynamic electron license passport, giving orders to control to make only has safety certification to pass through, hold short micro-letter sendaisle of the information channel safety certification device 100 of dynamic electron license passport and could send out the short micro-letter data information of receipts, the controlled exchange of implementation information data.After this, user POS equipment 700 obtains user's application system log-on messages such as user attendant user's name and dynamic login password, sends user's application server 600 to by user application network and carries out user's application system user (asu) login safety certification.User's application server 600 carries out the user and logins Security Authentication Service response processing, User safety certification and predefined licensing scheme, automatically detect and determine whether this user's login of permission, whether allow this user to operate active user POS equipment 700, and processing result information is fed back to user POS equipment 700 according to the request incoming road.If user log-in authentication success, user POS equipment 700 gives its information source device feature to user's application server 600 on automatically gathering, and carries out user POS and registers, if register successfully announcement information channel security authenticate device 100.Thereby completed certificate issued, passage regulation and control, application login, POS register, prevented the access of disabled user POS and used operation.
Step 1005: the border prosecution, information analysis, information source identification, form filters, Content Advisor, feature trial.
Information channel safety certification device 100 is to carry out the mediating device of data information exchange between user's application server 600 and business information prosecution processing server 400, at this, implements strict border prosecution, and entrance is set up defences.Information channel safety certification device 100 receives user's application server 600 and forwards the user data information that next user POS equipment 700 collects, at first, one side is resolved automatically to the value of the information source recognition feature parameter of user data information, extract and process, on the other hand itself and trust apparatus characteristic log-on message are automatically identified and checked, if information source is the believable equipment of registering, and short micro-letter passage has received that information sends the dynamic electron license passport, be for further processing, otherwise this user data information of automatic rejection, and this equipment is piped off, simultaneously, send warning message to user's webmaster.Secondly, on the one hand the transmission information form of user data information and the value of content characteristic parameter are automatically extracted and process, on the other hand transmission information form and the content characteristic log-on message of itself and user data information are automatically identified and checked, if the transmission information form of user data information and content characteristic and log-on message are joined the type success, meet form and content related request, be for further processing, otherwise this user data information of automatic rejection, and send warning message to user's webmaster.Realized the border prosecution, information analysis, information source identification, form filters, Content Advisor, feature trial.
Step 1006: the memory of information source sign, rebuild retrieval symbol, security information is held back, the confidential data distortion.
User POS information source sign in 100 pairs of user data informations of information channel safety certification device, information encoding etc. are remembered, and rebuild retrieval symbol according to the algorithm of customization, and generate on the user who is uploaded to short micro-letter processing server 500 that security information has been implemented to hold back, hide, be out of shape and give server deal with data information, above give short micro-letter processing server 500 and ask to carry out the service response processing.So-called security information is held back exactly on can be or not is sent the security information of assigning to be retained down, and when the result of this service request information is returned, then it is added in service response result feedback information and is given to the request person of sending.In the feedback result information of user's application server 600.So-called hiding will retain the security information of uploading exactly, after carrying out the recompile replacement according to the algorithm customized, be uploaded to the service response processing server with original out of Memory and carry out the service request processing, when the result of this service request information is returned, then it is added in service response result feedback information and is given to the service request person of sending.So-called confidential data distortion will retain the crucial security information of uploading with exactlying and comply with after the algorithm customized carries out Morphological Transitions (comprising encryption), be uploaded to the service response processing server with original out of Memory and carry out the service request processing, when the result of this service request information is returned, then it is added in service response result feedback information and is given to the service request person of sending.Realized the memory of information source sign, rebuild retrieval symbol, security information is held back, the confidential data distortion.
Step 1007: Information encapsulation, upload in shunting; Account Disposal, the shunting feedback.
Finally, on 100 couples of users of information channel safety certification device, send the server deal with data to carry out the information package encapsulation even after encryption according to the communication strategy subchannel of setting, send to short micro-letter processing server 500; Short micro-letter processing server 500 subchannels receive on users and send the server deal with data, and carry out after information combination and format are processed forwarding according to the unified communication strategy subchannel of setting and submit to that business information prosecution processing server 400 carries out information-leakage prosecution processing and business account service response is processed; Both can realize the suitable separation of secure authenticated information passage and user's application data information exchanging channel, can realize again the multichannel transmission of data information exchange, both can make a partial data exchange message according to after setting the strategy fractionation, carry out directed controlled transmission with different short micro-letter transceiver channels, also a short micro-letter transceiver channel can be used for to the dynamic password of transmission of information, and other passage is for transmitting exchanges data information itself, carry out again the decrypts information reduction after arriving target ground, improved the fail safe of information exchange.Processing item at least comprises: whether the device information Data Source is differentiated, blocks expired, and effectively whether certificate, whether content is correct, whether feature meets, whether information format is correct, the adjustment of account record is checked etc.If Account Disposal success, carry out Account Disposal successful information feedback according to the communication strategy subchannel of setting, and after it is carried out to subsequent processes until be transmitted to information channel safety certification device 100; Otherwise, automatically the information of it being sent is rejected, the unauthorized access device also will pipe off, simultaneously, reach with user's webmaster personnel mobile phone and carry out the warnings such as short micro-letter to the information exchange service personnel of application system management organization, after this feedback processing result, to information channel safety certification device 100, has realized Information encapsulation, and upload in shunting; Account Disposal, the shunting feedback.Carry out the information data source of automation differentiates on the information exchange border, the format match screening, the conversion of confidential data modification, encrypt, encapsulation waits technical finesse and transmission security to control, realized the safety handing-over of communication, form is adjustable, passage is optional, password is variable, avoided the plain code transmission of confidential data information, storage and cross processing, also avoided the transmission of some classified information, sharing of algorithm and data processing technique method etc., effectively prevented network attack, information is stolen with system infiltration and classified information leakage and is distorted, confidentiality and the fail safe of both sides' confidential data information have been ensured.
Step 1008: decrypts information, confidential data reduction, information source identification recovery, characteristic indication reparation.
After information channel safety certification device 100 receives the short micro-letter of feedback of upper end server, carry out decrypts information, parsing, fractionation, restructuring, and wherein information source device feature another mistake is deformed into the information source device feature of script in user data information to conversion, confidential data is wherein reduced (comprising deciphering), characteristic indication is repaired.
Step 1009: passage prosecution, refitting feedback.Information channel safety certification device 100 regulates and controls by passage, after feedback information is ressembled to processing, transmission feeds back to user's application server 600, complete subsequent treatment by user's application server 600, the customer service process finishes, thereby has controlled divulging a secret of relevant classified information.
As shown in figure 11, the embodiment of the present invention provides a kind of information-leakage measuring and controlling device, and this information-leakage measuring and controlling device is for realizing information channel safety certification device 100 functions.This information-leakage measuring and controlling device comprises: authentication request unit 1101, and license passport receiving element 1102, unit 1103 is checked in user data information identification, information generating unit 1104, information shunting transmitting element 1105, short micro-letter reverse transformation unit 1106, short micro-letter feedback unit 1107.
The information transmission dynamic electron license passport with information source recognition function and timestamp that license passport receiving element 1102 is issued by short micro-letter processing server for receiving described business information prosecution processing server;
User data information identification is checked unit 1103 for receiving the user data information of POS equipment, and information source recognition feature parameter value, transmission information form and the content characteristic parameter value of described user data information are automatically identified and checked;
Information shunting transmitting element 1105 is for to described short micro-letter processing server shunting, sending on described user and send server deal with data information, so that described short micro-letter processing server is to sending server deal with data information to carry out after information combination and format being transmitted to that described business information prosecution processing server carries out the information-leakage prosecution and business account service response is processed on described user;
Short micro-letter reverse transformation unit 1106 is for receiving short micro-letter of described business information prosecution processing server feedback, carry out analytical decomposition, and the information source device feature reverse transformation in described short micro-letter is deformed into to the information source device feature of script in described user data information;
Short micro-letter feedback unit 1107 feeds back to described user's application server after described short micro-letter is ressembled.
From Figure 11 and describe, in the embodiment of the present invention, information channel safety certification device 100 sends the request of information channel Security Authentication Service by front end processor to business information prosecution processing server, and receives the information transmission dynamic electron license passport with information source recognition function and timestamp that business information prosecution processing server is issued by short micro-letter processing server; Then receive the user data information of POS equipment, and information source recognition feature parameter value, transmission information form and the content characteristic parameter value of described user data information are automatically identified and checked; By the sign of the user POS information source in user data information and information encoding, remembered, rebuild retrieval symbol, and generate on the user who is uploaded to described short micro-letter processing server that security information has been implemented to hold back, hide, be out of shape and send server deal with data information, and send on described user to described short micro-letter processing server shunting the server deal with data information of sending; Finally, by receiving short micro-letter of described business information prosecution processing server feedback, carry out analytical decomposition, information source device feature reverse transformation in described short micro-letter is deformed into to the information source device feature of script in described user data information, and feeds back to described user's application server after described short micro-letter is ressembled.By said method, realized the communication that direction is controlled; The management and control of the content of receiving and sending messages and form, plain code transmission, storage and the cross processing of confidential data information have been avoided, also avoided the sharing of transmission, algorithm and data processing technique method etc. of some classified information, effectively having prevented that network attack, information from stealing with system infiltration and classified information reveals and distorts, and has ensured confidentiality and the fail safe of both sides' confidential data information; Realized the two ends customization of information exchange, single-point handing-over, multiple authentication, two-way prosecution; Realized the suitable separation of secure authenticated information passage and data information exchange passage, carrying out directed controlled transmission by different information channels again after making exchanges data information split becomes a reality, effectively prevented information-leakage, improved the fail safe of information exchange, effectively reduce the cost of information exchange, eliminated technology hidden danger.
As shown in figure 11, the information-leakage inspection control system also comprises: information exchange service application system register unit 1108 and user profile registering unit 1109, and information exchange service application system register unit 1108 carries out the information registering of information exchange service application system for obtaining the pre-registration that comprises customer digital certificate, operational factor, digital certificates technical parameter, authenticate device information source device characteristic information, user's input feature vector information, user's characteristic information, safety certification policy information and transmission information form customized information; User profile registering unit 1109 is carried out the user profile registration for obtaining the user profile that comprises POS equipment user information, the trust of user POS facility information source apparatus characteristic information, biological characteristic entrance guard device and biological information.
In one embodiment, above-mentioned authentication comprises: IC-card certificate+password+fingerprint+authenticate device information source device feature, TF card or SD card certificate+password+facial photo+authenticate device information source device feature, U shield certificate+password+fingerprint+voice+authenticate device information source device feature.
During concrete enforcement, if information channel safety certification failure, according to instruction locking safety certification and maintenance channel, if the failure of information channel safety certification, the information exchanging channel between opening information channel security authenticate device 100 and user's application server 600 and short micro-letter passage.The information-leakage inspection control system also comprises: pathway closure unit 1110, unlatching unit, road 1111 and feedback information receiving element 1112.Pathway closure unit 1110 is for according to instruction locking safety certification and maintenance channel, passage is opened unit 1111 for opening information exchanging channel and the short micro-letter passage between described information channel safety certification device and user's application server, and feedback information receiving element 1112 for receiving and successfully process feedback information when business account service response is processed successfully.
Beneficial effect of the present invention is, carry out the technical finesse such as the discriminating of information data source, format match screening, the conversion of confidential data modification, encrypting and decrypting, fractionation assembling of automation and the function of security control at the information interface front end, realized the communication that direction is controlled; The management and control of the content of receiving and sending messages and form, plain code transmission, storage and the cross processing of confidential data information have been avoided, also avoided the sharing of transmission, algorithm and data processing technique method etc. of some classified information, effectively having prevented that network attack, information from stealing with system infiltration and classified information reveals and distorts, and has ensured confidentiality and the fail safe of both sides' confidential data information; By the security control to information exchanging channel with to technical finesse and the control of the automations such as customization in advance of the discriminating of information source and information format, realized the two ends customization of information exchange, single-point handing-over, multiple authentication, two-way prosecution; Realized the suitable separation of secure authenticated information passage and data information exchange passage, carrying out directed controlled transmission by different information channels again after making exchanges data information split becomes a reality, effectively prevented information-leakage, improved the fail safe of information exchange, effectively reduce the cost of information exchange, eliminated technology hidden danger.
Those skilled in the art should understand, embodiments of the invention can be provided as method, system or computer program.Therefore, the present invention can adopt complete hardware implementation example, implement software example or in conjunction with the form of the embodiment of software and hardware aspect fully.And the present invention can adopt the form that wherein includes the upper computer program of implementing of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code one or more.
The present invention describes with reference to flow chart and/or the block diagram of method, equipment (system) and computer program according to the embodiment of the present invention.Should understand can be in computer program instructions realization flow figure and/or block diagram each flow process and/or the flow process in square frame and flow chart and/or block diagram and/or the combination of square frame.Can provide these computer program instructions to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, make the instruction of carrying out by the processor of computer or other programmable data processing device produce for realizing the device in the function of flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame appointments.
These computer program instructions also can be stored in energy vectoring computer or the computer-readable memory of other programmable data processing device with ad hoc fashion work, make the instruction be stored in this computer-readable memory produce the manufacture that comprises command device, this command device is realized the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.
These computer program instructions also can be loaded on computer or other programmable data processing device, make and carry out the sequence of operations step to produce computer implemented processing on computer or other programmable devices, thereby the instruction of carrying out on computer or other programmable devices is provided for realizing the step of the function of appointment in flow process of flow chart or a plurality of flow process and/or square frame of block diagram or a plurality of square frame.
Applied specific embodiment in the present invention principle of the present invention and execution mode are set forth, the explanation of above embodiment is just for helping to understand method of the present invention and core concept thereof; , for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention simultaneously.
Claims (15)
1. an information-leakage detecting and control method, is characterized in that, described method comprises:
Send the request of information channel Security Authentication Service by front end processor to business information prosecution processing server, make described business information prosecution processing server carry out the information channel safety certification according to the authentication of setting;
Receive the information transmission dynamic electron license passport with information source recognition function and timestamp that described business information prosecution processing server is issued by short micro-letter processing server;
Receive the user data information of POS equipment, and information source recognition feature parameter value, transmission information form and the content characteristic parameter value of described user data information are automatically identified and checked;
User POS information source in described user data information sign and information encoding are remembered, rebuild retrieval symbol, and generate on the user who is uploaded to described short micro-letter processing server that security information has been implemented to hold back, hide, be out of shape and send server deal with data information;
Send on described user and send server deal with data information to described short micro-letter processing server shunting, so that described short micro-letter processing server carries out information-leakage prosecution and business account service response and processes sending server deal with data information to carry out after information combination and format being transmitted to described business information prosecution processing server on described user;
Receive short micro-letter of described business information prosecution processing server feedback, carry out analytical decomposition, and the information source device feature reverse transformation in described short micro-letter is deformed into to the information source device feature of script in described user data information;
After being ressembled, described short micro-letter feeds back to described user's application server.
2. method according to claim 1, it is characterized in that, described send the request of information channel Security Authentication Service to business information prosecution processing server by front end processor before, described method also comprises: obtain and comprise customer digital certificate, operational factor, the digital certificates technical parameter, authenticate device information source device characteristic information, user's input feature vector information, user's characteristic information, the pre-registration of safety certification policy information and transmission information form customized information is carried out the information registering of information exchange service application system, then obtain and comprise POS equipment user information, apparatus characteristic information is trusted in user POS facility information source, the user profile of biological characteristic entrance guard device and biological information is carried out the user profile registration.
3. method according to claim 1, it is characterized in that, described authentication comprises: IC-card certificate+password+fingerprint+authenticate device information source device feature, TF card or SD card certificate+password+facial photo+authenticate device information source device feature, U shield certificate+password+fingerprint+voice+authenticate device information source device feature.
4. method according to claim 1, is characterized in that, if the failure of information channel safety certification, according to instruction locking safety certification and maintenance channel.
5. method according to claim 1, is characterized in that, if information exchanging channel and short micro-letter passage between described information channel safety certification device and user's application server are opened in the failure of information channel safety certification.
6. method according to claim 1, is characterized in that, if business account service response is processed successfully, receives and successfully process feedback information.
7. an information-leakage measuring and controlling device, is characterized in that, described device comprises:
The authentication request unit, for by front end processor, to business information prosecution processing server, sending the request of information channel Security Authentication Service, make described business information prosecution processing server carry out the information channel safety certification according to the authentication of setting;
The license passport receiving element, the information transmission dynamic electron license passport with information source recognition function and timestamp of issuing by short micro-letter processing server for receiving described business information prosecution processing server;
Unit is checked in user data information identification, for receiving the user data information of POS equipment, and information source recognition feature parameter value, transmission information form and the content characteristic parameter value of described user data information is automatically identified and is checked;
Information generating unit, for the sign of the user POS information source to described user data information and information encoding, remembered, rebuild retrieval symbol, and generate on the user who is uploaded to described short micro-letter processing server that security information has been implemented to hold back, hide, be out of shape and send server deal with data information;
Information shunting transmitting element, for to described short micro-letter processing server shunting, sending on described user and send server deal with data information, so that described short micro-letter processing server is to sending server deal with data information to carry out after information combination and format being transmitted to that described business information prosecution processing server carries out the information-leakage prosecution and business account service response is processed on described user;
Short micro-letter reverse transformation unit, for receiving short micro-letter of described business information prosecution processing server feedback, carry out analytical decomposition, and the information source device feature reverse transformation in described short micro-letter is deformed into to the information source device feature of script in described user data information;
Short micro-letter feedback unit, feed back to described user's application server after described short micro-letter is ressembled.
8. device according to claim 7, is characterized in that, described information-leakage inspection control system also comprises:
Information exchange service application system register unit, carry out for obtaining the pre-registration that comprises customer digital certificate, operational factor, digital certificates technical parameter, authenticate device information source device characteristic information, user's input feature vector information, user's characteristic information, safety certification policy information and transmission information form customized information the information registering that application system is served in information exchange;
The user profile registering unit, carry out the user profile registration for obtaining the user profile that comprises POS equipment user information, the trust of user POS facility information source apparatus characteristic information, biological characteristic entrance guard device and biological information.
9. device according to claim 7, it is characterized in that, described authentication comprises: IC-card certificate+password+fingerprint+authenticate device information source device feature, TF card or SD card certificate+password+facial photo+authenticate device information source device feature, U shield certificate+password+fingerprint+voice+authenticate device information source device feature.
10. device according to claim 7, is characterized in that, described information-leakage inspection control system also comprises: the pathway closure unit, and for according to instruction locking safety certification and maintenance channel.
11. device according to claim 7, it is characterized in that, described information-leakage inspection control system also comprises: passage is opened unit, for opening information exchanging channel and the short micro-letter passage between described information channel safety certification device and user's application server.
12. device according to claim 7, is characterized in that, described information-leakage inspection control system also comprises: the feedback information receiving element, and for when business account service response is processed successfully, receiving and successfully process feedback information.
A 13. information channel safety certification device, with short micro-letter processing server, be connected, by front end processor, with business information prosecution processing server, be connected, and be connected with user POS equipment and biological characteristic entrance guard device by user's application server, it is characterized in that, described device comprises: central processing unit and the safety check mode selection key be connected with described central processing unit, parameter arranges button, application main menu button, confirm and direction control button, cancel/revise button, the voice and video processing unit, touch control display apparatus, the physical characteristics collecting device, external certificate information harvester, information partition management and top control module, information-communication device, the information exchange security control device, information source device characteristic processing module, power supply and battery charger,
Described central processing unit is for the internal information switch instruction response of described information channel safety certification device;
Described safety check mode selection key is for triggering the authentication selection function;
Described parameter arranges button for triggering the parameter setting function of described information channel safety certification device;
Described application main menu button is for the upgrading of trigger equipment system mend and application parameter maintenance function;
Described confirmation and direction are controlled button, and for generating, current secret window information input validation completes and cursor direction moves the control notification instruction;
Described cancellation/modification button is for generating the instruction of cancelling or revising current secret window information;
Described voice and video processing unit, for gathering, process, transmitting operator's voice and video information, completes speech recognition or photo and facial characteristics identification;
Described touch control display apparatus has been used for described operator's touch-screen control inputs and operation, indicates the operating state of described information channel safety certification device, and the display operation person informs information;
Described physical characteristics collecting device, for gathering user's biological characteristic, completes the biometric secure authentication;
Described external certificate information harvester reads the main security factor information of IC chip card such as comprising user identity card number, bank card number, social security card, and the electronic security(ELSEC) certificate of certification information of IC-card certificate, TF card certificate, U shield;
Described information partition management and top control module are used for cipher mode partitioned storage user profile, and extract described user profile with manner of decryption;
Described information-communication device is for receiving and send exchanges data information;
Described information exchange security control device is carried out security customization and management and control to information exchanging channel;
Described information source device characteristic processing module is automatically extracted and processes for the value of the information source recognition feature parameter according to trusting the user data information that the apparatus characteristic log-on message sends user's application server, and by the value of described information source recognition feature parameter with trust the apparatus characteristic log-on message and automatically identify and check;
Described power supply and battery charger are for being powered and the battery charging.
A 14. information-leakage inspection control system, it is characterized in that, described system comprises: information channel safety certification device, at least one biological characteristic entrance guard device, at least one front end processor, at least one business information prosecution processing server, at least one short micro-letter processing server, user's application server and a plurality of user POS equipment;
A plurality of described user POS equipment and at least one described biological characteristic entrance guard device are connected with described user's application server by user application network, described user's application server is connected by serial ports or USB passage with the information channel safety certification device, described information channel safety certification device is connected with at least one described short micro-letter processing server by short micro-letter passage, described short micro-letter processing server is served the application system Intranet by information exchange and is connected with at least one described business information prosecution processing server, described information channel safety certification device accesses private network by long distance wireless and fire compartment wall is connected with at least one described front end processor, at least one described front end processor is served the application system Intranet by information exchange and is connected with at least one described business information prosecution processing server, wherein,
Described biological characteristic entrance guard device is used for obtaining POS equipment operating user's biological characteristic, and is transmitted to described user's application server and the information channel safety certification device carries out user safety authentication and mandate;
Described front end processor is for receiving and forward the Security Authentication Service solicited message that described information channel safety certification device is issued described business information prosecution processing server, and the service response processing result information that described business information prosecution processing server is sent is transmitted to described information channel safety certification device;
Described short micro-letter processing server receives and forwards short micro-communication service service request information that described information channel safety certification device is issued described business information prosecution processing server, and short micro-telecommunications services response processing result information that described business information prosecution processing server is sent is transmitted to described information channel safety certification device;
Described information channel safety certification device comprises: central processing unit and the safety check mode selection key be connected with described central processing unit, parameter arranges button, application main menu button, confirm and direction control button, cancel/revise button, the voice and video processing unit, touch control display apparatus, the physical characteristics collecting device, external certificate information harvester, information partition management and top control module, information-communication device, the information exchange security control device, information source device characteristic processing module, power supply and battery charger,
Described central processing unit is for the internal information switch instruction response of described information channel safety certification device; Described safety check mode selection key is for triggering the authentication selection function; Described parameter arranges button for triggering the parameter setting function of described information channel safety certification device; Described application main menu button is for the upgrading of trigger equipment system mend and application parameter maintenance function; Described confirmation and direction are controlled button, and for generating, current secret window information input validation completes and cursor direction moves the control notification instruction; Described cancellation/modification button is for generating the instruction of cancelling or revising current secret window information; Described voice and video processing unit, for gathering, process, transmitting operator's voice and video information, completes speech recognition or photo and facial characteristics identification; Described touch control display apparatus has been used for described operator's touch-screen control inputs and operation, indicates the operating state of described information channel safety certification device, and the display operation person informs information; Described physical characteristics collecting device, for gathering user's biological characteristic, completes the biometric secure authentication; Described external certificate information harvester reads the main security factor information of IC chip card such as comprising user identity card number, bank card number, social security card, and the electronic security(ELSEC) certificate of certification information of IC-card certificate, TF card certificate, U shield; Described information partition management and top control module are used for cipher mode partitioned storage user profile, and extract described user profile with manner of decryption; Described information-communication device is for receiving and send exchanges data information; Described information exchange security control device is carried out security customization and management and control to information exchanging channel; Described information source device characteristic processing module is automatically extracted and processes for the value of the information source recognition feature parameter according to trusting the user data information that the apparatus characteristic log-on message sends user's application server, and by the value of described information source recognition feature parameter with trust the apparatus characteristic log-on message and automatically identify and check; Described power supply and battery charger are for being powered and the battery charging;
Described business information prosecution processing server comprises: the security feature parameter arranges the location registration process unit, safety certification and maintenance upgrade unit, short micro-letter processing unit, business account processing unit and data storage and administrative unit;
Described security feature parameter arranges the location registration process unit for when to the user, providing described information channel safety certification device, according to user characteristics and requirement, generating client's Digital Certificate Security authentication information;
Described safety certification and maintenance upgrade unit, for calling described data storage and administrative unit to digital certificates technical parameter, authenticate device information source device characteristic information, user's characteristic information, user's input feature vector information, carry out safety certification according to operational factor, technical parameter, safety certification policy information and the transmission information form customized information of described information channel safety certification device;
Described short micro-letter processing unit is processed solicited message to application Business Processing solicited message and the prosecution of divulging a secret and is carried out service response processing and feedback result for calling described data storage and administrative unit, business account processing unit;
Described business account processing unit is for carrying out information-leakage prosecution processing and the information processing of business account of application message data;
Described data storage and administrative unit are for managing with database mode and classification storage service information.
15. information-leakage inspection control system according to claim 14, it is characterized in that, described front end processor comprises: the master control device, information channel safety certification device interface, the audio, video data processing unit, the storage of server interface and data and administrative unit, described master control device respectively with described information channel safety certification device interface, the audio, video data processing unit, server interface and data storage and administrative unit are connected;
Described information channel safety certification device interface is for carrying out bidirectional information transmitting-receiving and the exchange of described master control device and information channel safety certification device;
Described audio, video data processing unit is for receiving and dispatching user's audio frequency and video secure authenticated information of storing and processing described information channel safety certification device;
Described master control device is used to described information channel safety certification device interface, the audio, video data processing unit, and the bi-directional exchanges of information between server interface and data storage and administrative unit are connected formats processing;
Described server interface is for realizing bidirectional information transmitting-receiving and exchange between described master control device and business information prosecution processing server;
Described data buffer storage and switch processing unit be for receiving the instruction of described master control device, for transceiving data and information provide data buffer storage, information management and processing to process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310403422.9A CN103490893B (en) | 2013-09-06 | 2013-09-06 | A kind of information-leakage detecting and control method, device, system and communication channel safety certification device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310403422.9A CN103490893B (en) | 2013-09-06 | 2013-09-06 | A kind of information-leakage detecting and control method, device, system and communication channel safety certification device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103490893A true CN103490893A (en) | 2014-01-01 |
| CN103490893B CN103490893B (en) | 2016-06-29 |
Family
ID=49830867
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310403422.9A Active CN103490893B (en) | 2013-09-06 | 2013-09-06 | A kind of information-leakage detecting and control method, device, system and communication channel safety certification device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103490893B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468600A (en) * | 2014-12-18 | 2015-03-25 | 北京奇虎科技有限公司 | Data collection method and client-side |
| CN106098070A (en) * | 2016-06-21 | 2016-11-09 | 佛山科学技术学院 | A kind of identity identifying method and network system |
| CN109164984A (en) * | 2018-08-24 | 2019-01-08 | 郑州云海信息技术有限公司 | A kind of management method of storage management system and storage management system |
| CN109194672A (en) * | 2018-09-20 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | A kind of network intrusions warning system and method based on man machine language's interaction |
| CN109656606A (en) * | 2018-12-15 | 2019-04-19 | 深圳市捷诚技术服务有限公司 | POS terminal program more new control method, device, storage medium and terminal |
| CN110298274A (en) * | 2019-06-18 | 2019-10-01 | Oppo广东移动通信有限公司 | Optical finger print parameter upgrade method and Related product |
| CN112532590A (en) * | 2020-11-06 | 2021-03-19 | 北京冠程科技有限公司 | Software security boundary system and method |
| CN112784233A (en) * | 2021-01-28 | 2021-05-11 | 北京三快在线科技有限公司 | Identity verification method and device |
| CN113722095A (en) * | 2021-08-18 | 2021-11-30 | 江苏电力信息技术有限公司 | Data API dynamic configuration method of electric power data transaction platform |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576983A (en) * | 2009-06-16 | 2009-11-11 | 深圳市星龙基电子技术有限公司 | Electronic payment method and system based on mobile terminal |
| CN102724296A (en) * | 2012-05-24 | 2012-10-10 | 中国工商银行股份有限公司 | Network client monitoring system |
| CN103001970A (en) * | 2012-12-20 | 2013-03-27 | 中国工商银行股份有限公司 | Safety authentication method and safety authentication system |
-
2013
- 2013-09-06 CN CN201310403422.9A patent/CN103490893B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101576983A (en) * | 2009-06-16 | 2009-11-11 | 深圳市星龙基电子技术有限公司 | Electronic payment method and system based on mobile terminal |
| CN102724296A (en) * | 2012-05-24 | 2012-10-10 | 中国工商银行股份有限公司 | Network client monitoring system |
| CN103001970A (en) * | 2012-12-20 | 2013-03-27 | 中国工商银行股份有限公司 | Safety authentication method and safety authentication system |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468600A (en) * | 2014-12-18 | 2015-03-25 | 北京奇虎科技有限公司 | Data collection method and client-side |
| CN106098070A (en) * | 2016-06-21 | 2016-11-09 | 佛山科学技术学院 | A kind of identity identifying method and network system |
| CN106098070B (en) * | 2016-06-21 | 2019-12-17 | 佛山科学技术学院 | identity authentication method and network system |
| CN109164984A (en) * | 2018-08-24 | 2019-01-08 | 郑州云海信息技术有限公司 | A kind of management method of storage management system and storage management system |
| CN109194672A (en) * | 2018-09-20 | 2019-01-11 | 杭州安恒信息技术股份有限公司 | A kind of network intrusions warning system and method based on man machine language's interaction |
| CN109656606A (en) * | 2018-12-15 | 2019-04-19 | 深圳市捷诚技术服务有限公司 | POS terminal program more new control method, device, storage medium and terminal |
| CN110298274A (en) * | 2019-06-18 | 2019-10-01 | Oppo广东移动通信有限公司 | Optical finger print parameter upgrade method and Related product |
| CN110298274B (en) * | 2019-06-18 | 2021-06-04 | Oppo广东移动通信有限公司 | Optical fingerprint parameter upgrading method and related product |
| CN112532590A (en) * | 2020-11-06 | 2021-03-19 | 北京冠程科技有限公司 | Software security boundary system and method |
| CN112784233A (en) * | 2021-01-28 | 2021-05-11 | 北京三快在线科技有限公司 | Identity verification method and device |
| CN112784233B (en) * | 2021-01-28 | 2022-11-04 | 北京三快在线科技有限公司 | Identity verification method and device |
| CN113722095A (en) * | 2021-08-18 | 2021-11-30 | 江苏电力信息技术有限公司 | Data API dynamic configuration method of electric power data transaction platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103490893B (en) | 2016-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103295341B (en) | POS safety certification device, system and POS equipment safety authentication method | |
| CN103490893B (en) | A kind of information-leakage detecting and control method, device, system and communication channel safety certification device | |
| US11647385B1 (en) | Security system for handheld wireless devices using time-variable encryption keys | |
| TWI667585B (en) | Method and device for safety authentication based on biological characteristics | |
| US10896586B2 (en) | Methods and apparatus for management of intrusion detection systems using verified identity | |
| KR102056722B1 (en) | Authentication system, and transmit terminal, receive terminal, and right authentication method of same | |
| CN203399141U (en) | Information channel security certificate device | |
| CN111478917B (en) | Background system for providing network service for access control device and user terminal | |
| US20210320909A1 (en) | Communications system, communications device used in same, management device, and information terminal | |
| CN203350880U (en) | POS safety certification device and system | |
| KR102189301B1 (en) | System and method for providing blockchain based cloud service with robost security | |
| CN109791660A (en) | Data protection system and method | |
| KR20060123134A (en) | Method and system for establishing a communication using privacy enhancing techniques | |
| US9521139B2 (en) | System for managing multi-user sign-on in a segmented network | |
| CN105684483A (en) | Registry apparatus, agent device, application providing apparatus and corresponding methods | |
| US9992606B2 (en) | Segmented network mobile device provisioning system | |
| CN116325647A (en) | Authentication chain using public key infrastructure | |
| JP7172716B2 (en) | Authorization system, management server and authorization method | |
| US8990887B2 (en) | Secure mechanisms to enable mobile device communication with a security panel | |
| CN102111271A (en) | Network security authentication method and device as well as authentication method of hand-held electronic device | |
| JP2011502295A (en) | Method for establishing protected electronic communication between various electronic devices, in particular between an electronic service provider's electronic device and an electronic service user's electronic device | |
| CN103001970B (en) | Safety authentication method and safety authentication system | |
| KR20180074935A (en) | Electronic voting ASP system using 2-channel authentication and method thereof | |
| US20140282925A1 (en) | Personal Authentication Device and System for Securing Transactions on a Mobile Device | |
| CN109583977A (en) | A kind of certificate chain house pre-sale permit electronics license system and its application method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |