CN105308623A - Device and method for providing online service - Google Patents

Device and method for providing online service Download PDF

Info

Publication number
CN105308623A
CN105308623A CN201480032949.8A CN201480032949A CN105308623A CN 105308623 A CN105308623 A CN 105308623A CN 201480032949 A CN201480032949 A CN 201480032949A CN 105308623 A CN105308623 A CN 105308623A
Authority
CN
China
Prior art keywords
online service
network online
network
host machine
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201480032949.8A
Other languages
Chinese (zh)
Other versions
CN105308623B (en
Inventor
曾凯
王怡
周大文
刘华军
安思宇
陈梦霄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Publication of CN105308623A publication Critical patent/CN105308623A/en
Application granted granted Critical
Publication of CN105308623B publication Critical patent/CN105308623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • H04L69/085Protocols for interworking; Protocol conversion specially adapted for interworking of IP-based networks with other networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

Provided are a device and method for providing online service. The device is independent of a host machine, is connected to the host machine via an interface, and comprises: an online service access module having a built-in browser for accessing an online server and obtaining an online service interface in hypertext markup language (HTML) code format; a remote desktop service controller connected to the online service access module for rendering the online service interface obtained by the online service access module into an online service interface in an image format displayed on the host machine, and providing the online service interface in the image format for the host machine for display. The present invention solves the technical problem in the prior art of high security risk when using online service on a fixed PC, thus reducing security risk and improving data security.

Description

Device and method for providing online service
Network online service provides device and method
Technical field
The present invention relates to the technical field of data processing, more particularly to a kind of network online service provides device and method.Background technology
With the development of mechanics of communication, the technologies such as ecommerce, E-Government occur in succession, the transaction that will face-to-face be carried out the need for tradition, online services in 24 hours of network are realized by public telephone network, internet, 3G network etc., great convenience is created for the provider and user of service.
However, network online service is also faced with very big security threat while providing convenient, the attack of application layer is particularly susceptible to, so as to limit the possibility that user uses network online service on any PC.
At present, the attack pattern of application layer mainly has following several:
1) phishing attacks, i.e. attacker is by the fake site designed in advance, the characteristics of realizing weak using client secure inveigles client to log in, and causes client to be taken in and reveal information or cause damage.Single cipher type(Including static password and dynamic password)Authentication mode it is poor for the protective capacities of such attack;
2) extension horse is attacked, δ Ρ, attacker's embedded malicious code in the webpage of website of control has been obtained(Generally it can quote to realize by IFrame, Script), when the user accessed the web page, embedded malicious code utilizes leak, third party ActiveX leaks or the other plug-in units of browser in itself(For example:Flash, PDF plug-in unit etc.)Leak, downloaded in the case of user is unwitting and perform malice wooden horse;
3) go beyond one's commission attack, because service end is not very strict to the control of access, attacker can distort hypertext transfer protocol by rogue program(HTTP-Hypertext Transfer Protocol, HTTP) message content, access uncommitted sensitive information or illegally perform write operation, this kind of attack can cause large-scale information leakage or information loss.
Because what access came typically from server is HTML(Hyper Text Mark-up Language, HTML) form web page contents, due to the leak that PC itself is present, these contents are highly susceptible to the attack of application layer, only by the preventive means of Internet, for example:Only pass through fire wall, SSL(Secure Sockets Layer, SSL), intruding detection system(Intrusion Detection Systems, IDS) etc. carry out security protection be far from being enough.Therefore, user can first carry out a series of environmental preparation work, for example when providing online service using legacy network:Installation system patch, setting trust website, set IE options, install control, addition root certificate Etc., user is exactly under attack to avoid by this complicated preamble preparation and follow-up updating operation.Exactly because however, needing to carry out protected working complicated above, cause user to use network online service on fixed PC.If the awareness of safety of client itself is not enough, or because the inevitable weakness of application program of complexity, still there can be certain security risk using network online service on fixed PC, especially in arbitrary PC scenes, uncertain factor increase, security is more difficult to ensure that.At present great security risk is there is by way of PC carries out network online service.The content of the invention
Device is provided the embodiments of the invention provide a kind of network online service, to reach reduction security risk, the purpose of the security of data is improved, the device is connected independently of host machine by interface with host machine, including:
Network online service access modules, are built-in with browser, for accessing network line server, obtain the network online service interface of HTML HTML code form;
Remote desktop service controller, it is connected with the network online service access modules, for by the network online service interface acquired in the network online service access modules, the network online service interface of picture format shown on host machine is depicted as, and is supplied to the host machine to be shown at the network online service interface of the picture format.
In one embodiment, above-mentioned network online service provides device and also included:
Network online service processing module, signature packet is constructed for receiving the transaction data that the user of host machine transmission inputs in the network online service interface of the picture format, and according to the transaction data;
Signature verification module, is connected with the network online service processing module, for being signed according to the signature packet to the transaction data, and the transaction data after signature is submitted into the network line server progress signature verification.
In one embodiment, above-mentioned network online service provides device and also included:Display screen, for showing the signature verification module during being signed according to the signature packet to the transaction data, it is necessary to the Transaction Information that user confirms.
In one embodiment, above-mentioned network online service provides device and also included:Acknowledgement key, confirms for user to the Transaction Information of the display screen display.
In one embodiment, the host machine includes:TV or computer.
In one embodiment, in the case where the host machine is TV, the interface is HDMI HDMI;
Or, in the case where the host machine is computer, the interface is general-purpose serial bus USB interface. The embodiment of the present invention additionally provides a kind of network online service and provides method, to reach reduction security risk, improves the purpose of the security of data, wherein, this method includes:
Network line server is accessed, the network online service interface of HTML HTML code form is obtained;By the network online service interface of acquired HTML code form, the network online service interface of picture format shown on host machine is depicted as, and be supplied to the host machine to be shown at the network online service interface of the picture format.
In one embodiment, after being supplied to the host machine to be shown at the network online service interface of the picture format, methods described also includes:
The transaction data that the user of host machine transmission inputs in the network online service interface of the picture format is received, and signature packet is constructed according to the transaction data;
The transaction data is signed according to the signature packet, and the transaction data after signature is submitted into network line server and carries out signature verification.
In one embodiment, the transaction data that is inputted in the network online service interface of the picture format of user that host machine is sent is being received, and before constructing signature packet according to the transaction data, methods described also includes;
The checking information inputted in the network online service interface for receiving the picture format that user shows on host machine;The checking information is sent to by the network line server by the network in the host machine and carries out authentication.
In one embodiment, the checking information includes:Username and password.
In one embodiment, by the network online service interface of acquired HTML code form, the network online service interface of picture format shown on host machine is depicted as, including;
According to predetermined coded system by the network online service interface of HTML code form, the network online service interface of picture format is converted to.
In one embodiment, before network line server is accessed, methods described also includes:
Receive the connection request that the client control in host machine is initiated;
Determine whether the connection request meets condition of contact, if it is satisfied, then accessing the network line server.In embodiments of the present invention, propose a kind of device and method that network online service offer is provided, the device is independently of host machine, it is provided with network online service access modules, remote desktop service controller, network online service access modules obtain the web interface of html format, then the web interface of html format is converted to the web interface of picture format and delivered by remote desktop service controller and shown on host machine, because the web interface of picture format is difficult to be cracked, therefore it can effectively solve to use network online service on fixed PC in the prior art The larger technical problem of existing security risk, has reached reduction security risk, improves the technique effect of the security of data.Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, the accompanying drawing used required in being described below to embodiment is briefly described, apparently, drawings in the following description are only some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.In the accompanying drawings:
Fig. 1 is that the network online service of the embodiment of the present invention provides the structured flowchart of device;
Fig. 2 is that the network online service of the embodiment of the present invention provides method flow diagram;
Fig. 3 is that the network online service of the embodiment of the present invention provides the schematic appearance of device;
Fig. 4 is that the network online service of the embodiment of the present invention provides the hardware architecture diagram of device;
Fig. 5 is that the network online service of the embodiment of the present invention provides the high-level schematic functional block diagram of device;
Fig. 6 is that the use network online service of the embodiment of the present invention provides the method flow diagram that device starts network online service;
Fig. 7 is the method flow diagram that processing is traded by network online service offer device of the embodiment of the present invention.Embodiment
Inventor considers that the main cause for safety problem occur is the insecurity of web page access, and PC itself leak etc., to this, inventor expects if encryption of checking or information for information etc. is performed not on PC, it should can reduce security risk, for example, the safety operation that information sign etc. will can be transplanted in an independent device, this device is allowed to exist independently of host machine, simultaneously, this device is after HTML web page contents are had access to, it is converted into the web page contents for the graphical format for being difficult to be decoded and attacking, then delivered on host machine and shown, so as to can just effectively improve the security of information.
A kind of network online service being provided in embodiments of the present invention device being provided, the device is connected independently of host machine by interface with host machine, as shown in figure 1, the device includes:
Network online service access modules 101, are built-in with browser, for accessing network line server, obtain the network online service interface of HTML HTML code form;
Remote desktop service controller 102, is connected with network online service access modules 101, for by the network online service interface acquired in network online service access modules 101, being depicted as the net of picture format shown on host machine Network online service interface, and it is supplied to the host machine to be shown at the network online service interface of the picture format.
In the above-described embodiments, propose a kind of device that network online service offer is provided, the device is independently of host machine, it is provided with network online service access modules, remote desktop service controller, network online service access modules obtain the web interface of html format, then the web interface of html format is converted to the web interface of picture format and delivered by remote desktop service controller and shown on host machine, because the web interface of picture format is difficult to be cracked, therefore can effectively it solve in the prior art on fixed PC using the larger technical problem of the security risk present in network online service, reduction security risk is reached, improve the technique effect of the security of data.
When it is implemented, since it is desired that user authentication information or transaction data etc., therefore, it is also desirable to which by input of the monitoring users on host machine to ensure effective progress of transaction, in a specific embodiment, said apparatus also includes:Network online service processing module, signature packet is constructed for receiving the transaction data that the user of host machine transmission inputs in the network online service interface of the picture format, and according to the transaction data;Signature verification module, is connected with the network online service processing module, for being signed according to the signature packet to the transaction data, and the transaction data after signature is submitted into the network line server progress signature verification.
In view of during signature, some information need user to confirm, if not only trouble will be shown but also dangerous on these information projections to host machine, therefore it can be provided in network online service and a display screen is set on device, during showing that the signature verification module is signed to the transaction data by the display screen, the Transaction Information for needing user to confirm, further, there is provided in the network online service and be also provided with acknowledgement key on device, for user to showing that the Transaction Information of screen display confirms.
In the specific implementation, host machine can include:The machine with display screen and input function such as TV or computer, it is contemplated that different machines is applied to different interfaces, and in the case where host machine is TV, interface can select HDMI(High Definition Multimedia Interface, HDMI) interface, in the case where host machine is computer, interface can select USB(Universal Serial Bus, USB) interface.
Device is provided based on the network online service shown in above-mentioned Fig. 1, the embodiment of the present invention additionally provides a kind of use above-mentioned network online service offer device and is traded the method for processing, as shown in Fig. 2 comprising the following steps:
Step 201:Network line server is accessed, the network online service interface of HTML HTML code form is obtained;
Step 202:By the network online service interface of acquired HTML code form, the network online service interface of picture format shown on host machine is depicted as, and be supplied to the host machine to be shown at the network online service interface of the picture format. After above-mentioned steps 102, the above method also includes:The transaction data that the user of host machine transmission inputs in the network online service interface of the picture format is received, and signature packet is constructed according to the transaction data;The transaction data is signed according to the signature packet, and the transaction data after signature is submitted into network line server and carries out signature verification.
In the specific implementation, because it is only a small device for being similar to USB flash disk that above-mentioned network online service, which provides device, built-in inside browser and some processors, need with when need for host machine and triggered, for example, in the device by built-in browser, access before network line server, the above method also includes:Receive the connection request that the client control in host machine is initiated;Determine whether the connection request meets condition of contact, if it is satisfied, then starting the built-in browser;Pass through network line server described in the built-in browser access, i.e., there is client control in host machine, the connection request of user can be sent to above-mentioned network online service by this control provides device, and network line server is accessed with triggering device.
Above-mentioned steps 202 can include:Receive the network online service interface that network line server is sent to the HTML forms of remote desktop service controller;According to predetermined coded system by the network online service interface of the html format, the network line server interface of the picture format shown on host machine is encoded to.Because each frame figure of projection is all to encode to export by particular form, the element in the page(Typing html text frame)Position and content be difficult analysis, so as to add hacker's parsing or distort the difficulty of page elements, reduce the risk for attack of going beyond one's commission.
During User logs in network line server, in addition it is also necessary to which the basic log-on message to user verifies, for example:Username and password, therefore receiving the transaction data that is inputted in the network line server interface of the picture format of user that host machine is sent, and before carrying out tissue, construction signature packet to the transaction data, in addition to:The checking information inputted in the network line server interface for receiving the picture format that user shows on host machine;The checking information is sent to by network line server by the network in the host machine and carries out authentication.I.e., receive the authentication informations such as the username and password that user inputs in network online service login page, client control in host machine is monitored and sends operation information to delivers to network line server on above-mentioned network online service offer device, the network that the checking information that the device inputs user passes through host machine.After network line server is verified, logging in network online service success.
The embodiment of the present invention additionally provides a specific embodiment and comes that the present invention will be described, it is important to note, however, that the specific embodiment merely to the present invention is better described, does not constitute inappropriate limitation of the present invention.
In this example, it is proposed that a kind of network online service device and data processing method, the network online service device can access computer by USB interface(The computer is hereinafter referred to as host PC), profile can be similar to U disks, be provided with the apparatus in display screen and button, device and be provided with operating system and browser, while providing high property Can CPU, be provided simultaneously with big internal memory and big storage capacity, all data operations and processing are all that the CPU inside device is completed.By the way that computing environment is isolated with host PC, the risk by pc client common attack is reduced, it is ensured that transaction security;
Host PC provides human-computer interaction interface for the carry-on network online service device, and host PC mainly includes:Keyboard, display and network communicating function, during data processing, network online service device has bypassed the processing of host's PC application program aspects, common pc client attack is evaded, driving and control program necessary to network online service have been pre-installed in network online service device, client is without voluntarily installing, realize plug and play, facilitate client and network online service is carried out in mobile PC scene, either upgrade maintenance is installed for the follow-up patch of the network online service device, all by the way of being pushed away under server.
That is, the device can build the software and hardware environment of a relative closure independently of host PC, in this context, client can conveniently and efficiently carry out network online service, it need not be configured in host PC and preparation, and process of exchange is not easily susceptible to the influence of client common attack.
It is the schematic appearance of the device as shown in Figure 3, including:Device body, display screen, operating key and USB interface, single-chip microcomputer is packaged with device body, display screen is used to show signing messages, operating key turns over line unit comprising above and below, cancel key, acknowledgement key, the signing messages that line unit is used to check in display screen is turned over up and down, cancel key and acknowledgement key are used to control to sign, the device is connected by USB port with host PC, wherein above-mentioned signing messages is mainly used for the province checking to user, for example, user name, Transaction Information etc. can be shown on this display screen, confirmed for user.
It is the hardware architecture diagram of network online service device as shown in Figure 4, the device includes:
1) central processing unit and the central processing unit and random access memory that are connected with central processing unit(Random Access Memory, RAM) it is used for (SuSE) Linux OS and its upper level applications built in running(Browser etc.);
2) FLASH memory, wherein being preinstalled with the softwares such as operating system, browser, control and client driving;
3) safety chip, realizes the signature computing to the certificate of transaction;
4) USB interface, realizes the connection with host PC, and is powered to device, accesses host PC using device as IP device, is communicated with host PC by usb expansion agreement;
5) long-range connecting interface, is connected, the remote service for setting up client of the present apparatus with being installed on host PC is connected with USB interface;
6) graphic output interface, is connected with USB interface, and the network online service interface for the picture format that the Net silver interface of the browser access according to built in the present apparatus is generated is exported to pc client;
7) client input receiving interface, is connected with USB interface, receives the information that client inputs in client; 8) network online service request transmission interface, is connected with USB interface, the request message such as login and transaction of the browser access Net silver built in dispensing device;
9) network online service response receives interface, is connected with USB interface, receives the service response that network online service is returned;
10) upgrading more new interface, is connected with USB interface, receives the upgrade information of the softwares such as the device Built In Operating System pushed away under network line server, browser, control and client driving, and receives more redaction;
11) display, for showing trading signature information;
12) operating key, control shows the page turning up and down of trading signature information, cancels or confirms trading signature process.
Above-mentioned central processing unit can use high performance Arm Cortex A8 processors, and dominant frequency 1G, 1G RAM, 512M flash memory, above-mentioned safety chip can use Z8D168 series etc..
It is the high-level schematic functional block diagram of the present apparatus as shown in Figure 5, including:Remote desktop service control module 501, network online service module 502, signature verification module 503, interactive module 504, memory module 505, client drive module 506, communication module 507, online upgrading module 508, wherein, network online service module 502 is connected with remote desktop service control module 501, signature verification module 503, memory module 505, communication module 507 respectively, and signature verification module 503 and interactive module 504 are connected;Client drive module 506, online upgrading module 508 are connected with memory module 505 respectively;Communication module 507 is connected with remote desktop service control module 501 and online upgrading module 508 respectively, and these modules are specifically described below:
Remote desktop service control module 501, pass through remote desktop service, realize the communication of the present apparatus and pc client, the interface of browser access network online service according to built in device, and it is depicted as the network line server interface of graphical format, project and shown on host PC, while receiving input operation of the client on host PC.Wherein, each frame figure of projection is all to encode to export by particular form, the element in the page(For example:Html text frame)Position and content be difficult analysis, this mode adds hacker's parsing or distorts the difficulty of page elements, effectively reduces the risk for attack of going beyond one's commission.
Network online service module 502, the built-in (SuSE) Linux OS of CPU, RAM operation and browser based on device, accesses network line server, and carry out data calculating and processing according to guest operation.Because built-in browser execution is in the (SuSE) Linux OS customized in device, the wooden horse of general Windows operating system can not constitute a threat to it, and device, externally without interface is write, hacker is difficult to tamper with browser.Therefore, the browser execution provides guarantee in an enclosed environment isolated with host's PC for network online service security.
Signature verification module 503, during network online service, calls safety chip, and signature authentication is carried out to Transaction Information using customer's certificate. Interactive module 504, in device carries out signature process to network online service, the Transaction Information of signature is shown by the display screen in device, while receiving the operation that client is carried out using the operating key of the present apparatus.
Memory module 505, stores the softwares such as (SuSE) Linux OS, browser, control and the client driving of customization.Client drive module 506, after device access PC, fictionalizes in a CD-ROM equipment, CD-ROM equipment preset pc client program and drives to realize the data communication between device and PC, for client on PC first using the device when install.
Communication module 507, pass through usb expansion agreement, accessed device as IP device in host PC, realize the communication between device and host PC, use network layer protocol, so that host PC accesses internet for the application in device provides network connection, and when the present apparatus is communicated with host PC, set up bidirectional safe socket layer(Secure Sockets Layer, SSL) escape way, the device accesses as IP device, just bypassed the processing of host's PC application layers, evaded the rogue program on host's PC(Such as wooden horse)The risk of attacks brought, reduces the risk that client attacks by extension horse.
Online upgrading module 508, according to the upgrade information of the softwares such as the Built In Operating System pushed away under network line server, browser, control and client driving, updates the version of each application.
Network online service device is to during client's offer network online service, data processing is related to the data flowing of host PC, pc client and device between the parties, pc client need on host PC installation and operation, pc client is the agency that device is interacted with host PC, the device accesses host PC as IP device, communicated with host PC by usb expansion agreement, host PC accesses internet for the application in device and provides network connection, and basic human-computer interaction interface is provided for device, wherein mainly including:Graphical interfaces is shown, input through keyboard etc., and the pc client that concrete function can be installed in host PC is realized.
As hinge, pc client mainly possesses the function of following three aspect:
1) agency of device is served as, carries out realizing data transfer with PC, pc client is communicated by remote desktop service agreement with the network online service device, and the browser interface run in device is rendered and showed on PC.
2) human-computer interaction interface is served as, graphical interfaces is substantially carried out and shows, monitors the operations such as keyboard, mouse input;
3) using host PC network service, access network line server is provided for device(For example, banking system)Network connection.
After device access PC, fictionalize preset pc client program and driving in a CD-ROM equipment, CD-ROM equipment and (realize device and PC data communication), use the device first on a PC, it is only necessary to which client-side program and driving are installed, be all preset at due to accessing control and driver used in network line server in device, because This does not need user to be installed, and improves Consumer's Experience, two-way SSL escape ways are established between the network online service device and PC and enter row data communication, it is ensured that the security of data transfer.
It is handling process when starting network online service using network online service device as shown in Figure 6, comprises the following steps:
Step 601:User starts pc client, and pc client initiates connection request to the present apparatus;
Step 602:After present apparatus startup, check whether connection request comes from pc client, whether ask legal, whether device possesses whether operating system, browser, remote service built in condition of contact, i.e. detection means etc. is normally run.
Step 603:Network online service device is after judging to meet condition of contact, remote desktop service control module 501 starts remote desktop service, the remote service that window is rendered is provided for pc client, network online service module 502 starts built-in browser, wait client to initiate the request using online banking service, then notify pc client connection to finish.
Step 604:Pc client is after notice is received, starting-window rendering program, passes through the remote desktop service access device.
Step 605:Remote desktop service control module 501 draws the browser interface built in device to graphically, and projects on PC display devices, and starts monitoring client's input operation, including:Mouse, button etc. are operated.
Step 606:Client inputs the URL of network online service in the browser address bar of the pattern manipulation interface of pc client(Uniform Resource Locator, URL) address, during client inputs, client monitors client's input.
Step 607:After client completes input, browser control part built in the calling device of network online service module 502 of the device, check that client inputs the legitimacy of network address by white list mechanism, fishing website is found in time and alarm signal is issued the user with, so as to reduce the risk of phishing attacks.
Step 608:Browser built in the device calls the network service that host PC operating systems are provided by pc client, logging request is initiated to website of bank, the data that 507 pairs of communication module is transmitted between the device and bank end, are encrypted, to ensure the security of data.
Step 609:Bank server returns to login page data by Internet to pc client program, and login page data forwarding is given the device by client.
Step 610:Browser resolves data built in the device, show login page, and notify pc client program, and browser window is projected to PC display devices to graphically and shown, the login page of network online service is presented to user. Step 611:User inputs the authentication informations such as user name, password in network online service login page, and pc client is monitored and operation is transmitted into device.
Step 612:The data that browser built in device inputs user on PC networks by delivering to network line server.
Step 613:Network line server is after being verified, logging in network online service success.
It is a specific embodiment of the trading processing process based on this device as shown in Figure 7, mainly includes the following steps that:Step 701:Device is by Web bank's page(Equivalent to the network line server interface of html format)Pc client display device is projected in a graphic format, and client is traded(For example transfer accounts), Web bank requires that user is digitally signed using certificate to transaction data, to ensure integrality and non repudiation.
Step 702:User inputs transaction data by pc client human-computer interaction interface, and client monitors guest operation, transmits it to the network online service module 502 of device, and data are signed to device request.
Step 703:The Net silver control of browser built in the calling device of network online service module 502 carries out tissue to transaction data, constructs signature packet.
Step 704:By driving access signature authentication module 503, data are signed.
Step 705:Interactive module 504 includes the crucial Transaction Information for needing user to confirm in signature process on the display screen of device, asks user examine simultaneously button and confirms.
Step 706:Signed data is submitted to bank server by pc client and carries out sign test by network online service module 502, if sign test success, performs transaction.
In the specific implementation, above-mentioned network online service device can be using transmission means such as USB transmission, Bluetooth transmission or WIFI transmission with host PC communication, and when being transmitted by modes such as bluetooth or WIFI, USB only provides function of supplying power.
It is worth noting that, above-mentioned interface is using USB interface merely to better illustrating the present invention, can also be using other interfaces, HDMI can also for example be increased, it is connected by HDMI with the HDTV with network savvy, using the display function of TV, interim computer system is built, so as to reach the mode for further expanding and accessing network online service.
Carry with by what this example was provided, facilitate easy-to-use network online service device, computer is accessed by USB interface, the similar USB key of profile, with display screen and key device, Built In Operating System and browser, and high performance CPU, big internal memory, massive store ability, while there is operation independent disposal ability, so as to effectively improve security and ease for use that user carries out network online service under any PC scenes.The data operation of this device and processing are all that the CPU inside device is completed, and computing environment is isolated with host PC, is reduced common by pc client The risk of attack; become apparent especially for the meaning protected under mobile PC scene using network online service; integrated security chip in device; interactive digital signature function is provided; there is provided the effect of " finding is to sign "; it ensure that the security of user network online service; driving and control program necessary to network online service have been pre-installed in device; client is without voluntarily installing; the purpose of plug and play is realized, facilitates client to carry out network online service in mobile PC scene.
In another embodiment, a kind of software is additionally provided, the software is used to perform the technical scheme described in above-described embodiment and preferred embodiment.
In another embodiment, a kind of storage medium is additionally provided, be stored with above-mentioned software in the storage medium, the storage medium includes but is not limited to:CD, floppy disk, hard disk, scratch pad memory etc..
As can be seen from the above description, the embodiment of the present invention realizes following technique effect:Propose a kind of device that network online service offer is provided, the device is independently of host machine, it is provided with network online service access modules, remote desktop service controller, network online service access modules obtain the web interface of html format, then the web interface of html format is converted to the web interface of picture format and delivered by remote desktop service controller and shown on host machine, because the web interface of picture format is difficult to be cracked, therefore can effectively it solve in the prior art on fixed PC using the larger technical problem of the security risk present in network online service, reduction security risk is reached, improve the technique effect of the security of data.
Obviously, those skilled in the art should be understood that, each module or each step of the above-mentioned embodiment of the present invention can be realized with general computing device, they can be concentrated on single computing device, or be distributed on the network that multiple computing devices are constituted, alternatively, they can be realized with the executable program code of computing device, so as to, it can be stored in storage device and be performed by computing device, and in some cases, can be with the step shown or described by being performed different from order herein, or they are fabricated to each integrated circuit modules respectively, or be fabricated to single integrated circuit module to realize by the multiple modules or step in them.So, the embodiment of the present invention is not restricted to any specific hardware and software combination.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for those skilled in the art, the embodiment of the present invention there can be various modifications and variations.Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., should be included in the scope of the protection.

Claims (1)

  1. Claims
    1st, a kind of network online service provides device, it is characterised in that independently of host machine, be connected by interface with host machine, including:
    Network online service access modules, are built-in with browser, for accessing network line server, obtain the network online service interface of HTML HTML code form;
    Remote desktop service controller, it is connected with the network online service access modules, for by the network online service interface acquired in the network online service access modules, the network online service interface of picture format shown on host machine is depicted as, and is supplied to the host machine to be shown at the network online service interface of the picture format.
    2nd, network online service as claimed in claim 1 provides device, it is characterised in that also include:
    Network online service processing module, signature packet is constructed for receiving the transaction data that the user of host machine transmission inputs in the network online service interface of the picture format, and according to the transaction data;
    Signature verification module, is connected with the network online service processing module, for being signed according to the signature packet to the transaction data, and the transaction data after signature is submitted into the network line server progress signature verification.
    3rd, network online service as claimed in claim 1 or 2 provides device, it is characterised in that also include:Display screen, for showing the signature verification module during being signed according to the signature packet to the transaction data, it is necessary to the Transaction Information that user confirms.
    4th, network online service as claimed in claim 3 provides device, it is characterised in that also include:Acknowledgement key, confirms for user to the Transaction Information of the display screen display.
    5th, network online service as claimed in claim 1 provides device, it is characterised in that the host machine includes:TV or computer.
    6th, network online service as claimed in claim 5 provides device, it is characterised in that:
    In the case where the host machine is TV, the interface is HDMI HDMI;Or, in the case where the host machine is computer, the interface is general-purpose serial bus USB interface.7th, a kind of network online service provides method, it is characterised in that including:
    Network line server is accessed, the network online service interface of HTML HTML code form is obtained;By the network online service interface of acquired HTML code form, the network online service interface of picture format shown on host machine is depicted as, and be supplied to the host machine to be shown at the network online service interface of the picture format. 8th, method as claimed in claim 7, it is characterised in that after being supplied to the host machine to be shown at the network online service interface of the picture format, methods described also includes:
    The transaction data that the user of host machine transmission inputs in the network online service interface of the picture format is received, and signature packet is constructed according to the transaction data;
    The transaction data is signed according to the signature packet, and the transaction data after signature is submitted into network line server and carries out signature verification.
    9th, method as claimed in claim 8, it is characterized in that, receiving the transaction data that is inputted in the network online service interface of the picture format of user that host machine is sent, and before constructing signature packet according to the transaction data, methods described also includes;
    The checking information inputted in the network online service interface for receiving the picture format that user shows on host machine;The checking information is sent to by the network line server by the network in the host machine and carries out authentication.
    10th, method as claimed in claim 9, it is characterised in that the checking information includes:Username and password.
    11st, method as claimed in claim 7, it is characterised in that by the network online service interface of acquired HTML code form, is depicted as the network online service interface of picture format shown on host machine, including;
    According to predetermined coded system by the network online service interface of HTML code form, the network online service interface of picture format is converted to.
    12nd, the method as any one of claim 7 to 11, it is characterised in that before network line server is accessed, methods described also includes:
    Receive the connection request that the client control in host machine is initiated;
    Determine whether the connection request meets condition of contact, if it is satisfied, then accessing the network line server.
CN201480032949.8A 2014-03-17 2014-03-17 Network online service provides device and method Active CN105308623B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/073521 WO2015139172A1 (en) 2014-03-17 2014-03-17 Device and method for providing online service

Publications (2)

Publication Number Publication Date
CN105308623A true CN105308623A (en) 2016-02-03
CN105308623B CN105308623B (en) 2019-05-31

Family

ID=54143608

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480032949.8A Active CN105308623B (en) 2014-03-17 2014-03-17 Network online service provides device and method

Country Status (2)

Country Link
CN (1) CN105308623B (en)
WO (1) WO2015139172A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003034772A1 (en) * 2001-10-19 2003-04-24 Smarttrust Systems Oy Method and arrangement in a communications network
CN1671102A (en) * 2005-03-23 2005-09-21 蔡冠群 Personal electronic identification device and safety identification method thereof
US20080130940A1 (en) * 2006-11-30 2008-06-05 Whitelaw James E Method and system for obscuring and securing financial data in an online banking application
CN101444039A (en) * 2006-05-11 2009-05-27 伊内尔肯有限公司 External signature device for a PC, with wireless communication capacity
CN101546546A (en) * 2009-05-14 2009-09-30 北京千家悦网络科技有限公司 Network data converter and method for controlling data conversion
CN101739622A (en) * 2008-11-06 2010-06-16 同方股份有限公司 Trusted payment computer system
CN102739398A (en) * 2011-04-12 2012-10-17 深圳市证通电子股份有限公司 Online bank identity authentication method and apparatus thereof

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7506253B2 (en) * 2004-05-21 2009-03-17 Electronics For Imaging, Inc. Methods and apparatus for recording web information
US9508072B2 (en) * 2011-08-26 2016-11-29 Paypal, Inc. Secure payment instruction system
CN103095662B (en) * 2011-11-04 2016-08-03 阿里巴巴集团控股有限公司 A kind of online transaction safety certifying method and online transaction security certification system
CN102394888A (en) * 2011-11-11 2012-03-28 汉口银行股份有限公司 Safety login method of online banking reservation information
CN102739679A (en) * 2012-06-29 2012-10-17 东南大学 URL(Uniform Resource Locator) classification-based phishing website detection method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003034772A1 (en) * 2001-10-19 2003-04-24 Smarttrust Systems Oy Method and arrangement in a communications network
CN1671102A (en) * 2005-03-23 2005-09-21 蔡冠群 Personal electronic identification device and safety identification method thereof
CN101444039A (en) * 2006-05-11 2009-05-27 伊内尔肯有限公司 External signature device for a PC, with wireless communication capacity
US20080130940A1 (en) * 2006-11-30 2008-06-05 Whitelaw James E Method and system for obscuring and securing financial data in an online banking application
CN101739622A (en) * 2008-11-06 2010-06-16 同方股份有限公司 Trusted payment computer system
CN101546546A (en) * 2009-05-14 2009-09-30 北京千家悦网络科技有限公司 Network data converter and method for controlling data conversion
CN102739398A (en) * 2011-04-12 2012-10-17 深圳市证通电子股份有限公司 Online bank identity authentication method and apparatus thereof

Also Published As

Publication number Publication date
WO2015139172A1 (en) 2015-09-24
CN105308623B (en) 2019-05-31

Similar Documents

Publication Publication Date Title
JP4949348B2 (en) Method and client system for realizing secure payment online
US9369475B2 (en) System and method for securing a third party communication with a hosting web page
CN103944890B (en) Virtual interaction system based on customer end/server mode and method
US6438600B1 (en) Securely sharing log-in credentials among trusted browser-based applications
US11797636B2 (en) Intermediary server for providing secure access to web-based services
US20100199086A1 (en) Network transaction verification and authentication
JP4813595B2 (en) System and method for providing secure communications for transactions
US20130104220A1 (en) System and method for implementing a secure USB application device
CN106850503B (en) Login-free identity authentication method and device
US20220197970A1 (en) Systems and methods for improved remote display protocol for html applications
CN102447720A (en) Method for remotely controlling personal computer (PC) by mobile phone
CN112333141B (en) Method, device and system for providing Internet Web application service based on remote application
US20080060062A1 (en) Methods and systems for preventing information theft
CN112966257B (en) Authorization method and device for application program
CN112202813B (en) Network access method and device
JP2016036064A (en) Virtual communication system
CN101599954B (en) Safety input system, safety input method and auxiliary display device based on auxiliary display unit
Zhang et al. Trusted e-commerce user agent based on USB Key
KR20100019165A (en) System and method for providing internet banking service
CN112836186A (en) Page control method and device
CN105308623A (en) Device and method for providing online service
Zhang Network Security Middleware Based on USB Key
CN112383542B (en) User login method and system, authentication end and user end
US20210258332A1 (en) Apparatus and method for providing cyber security training content
JP2016036133A (en) Virtual communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant