CN106961446A - A kind of online transaction system and method - Google Patents

A kind of online transaction system and method Download PDF

Info

Publication number
CN106961446A
CN106961446A CN201710318695.1A CN201710318695A CN106961446A CN 106961446 A CN106961446 A CN 106961446A CN 201710318695 A CN201710318695 A CN 201710318695A CN 106961446 A CN106961446 A CN 106961446A
Authority
CN
China
Prior art keywords
password
server
session
module
safety means
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710318695.1A
Other languages
Chinese (zh)
Inventor
魏伟
尤育晓
潘钦苗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Dare Network Technology Co Ltd
Original Assignee
Zhejiang Dare Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Dare Network Technology Co Ltd filed Critical Zhejiang Dare Network Technology Co Ltd
Priority to CN201710318695.1A priority Critical patent/CN106961446A/en
Publication of CN106961446A publication Critical patent/CN106961446A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Abstract

The invention discloses a kind of online transaction system, including server, client and safety means.Present invention also offers a kind of online trading method, including:The user end to server sends consulting session cipher instruction;The server generates the first session password and the second session password, and generation session password bag of packing;Enciphering/deciphering communication is carried out using the first session password and the second session password between the server, client and safety means, online transaction is performed.The transaction system and method for commerce of the present invention, can to use different passwords in each transaction, can prevent that attacker from intercepting and reusing to user profile.And password will not be stored in safety means before transaction every time, can prevent that malice from reading.During server sends password to safety means, the method transmitted to session password encryption is taken so that transaction is safer.

Description

A kind of online transaction system and method
Technical field
The present invention relates to computer network data technical field, particularly a kind of online transaction system and method.
Background technology
With continuing to develop for technology, Internet-based banking services are also using the computer and computer network of fast development with leading to Technological penetration is interrogated to the internet of global every nook and cranny, up to the present, domestic most of banks are all proposed the net of oneself Go to bank business.In the evolution of Web bank, the safety problem of online transaction also turns into focus of concern.
At present, when user carries out online transaction, it is necessary to USBKey first be inserted into USB interface, user input password is used to To the USBKey right to use, then service end and digital end are verified, legal identity and service end to confirm user Legitimacy, confirm it is correct after can just begin to use the password built in USBKey to carry out online transaction.
But, as long as digital certificate and private key are stored in computer medium, or internal memory may be read into, then its safety Property is not high.If subscriber computer is manipulated by attacker, the digital certificate and password of user is just probably by attacker But, attacker can pretend to be user to carry out illegal operation to elder sister using these checking informations, cause user's economic loss.
The content of the invention
In view of the above-mentioned problems existing in the prior art, it is an object of the invention to provide a kind of online transaction system and side Method.
The invention provides a kind of online transaction system, including server, client and safety means;
The server includes safety control module, and the safety control module is given birth to provided with identification code verification unit, password Into unit, memory cell and arithmetic element;
The client is provided with transit module and identification code supplementary module;
The safety means are provided with identification code generation module, server authentication module, intelligent cipher module and coded communication Module.
Preferably, in the server, institute's safety control module is logical between server and safety means for completing News are encrypted;
The identification code verification unit, the identification code for verifying the generation of identification code generation module is authenticated;
The password generation unit, for generating signal code and verification password;
The memory cell, signal code and verification password for storing password generation unit generation;
The arithmetic element, for completing encryption, decryption and verification operation.
Preferably, in the client, the transit module, for completing the information between server and safety means Transmit work;
The identification code supplementary module, the checking work for aiding in completing identification code verification unit.
Preferably, in the safety means, the identification code generation module, for generating identification code;
The server authentication module, it is whether legal for authentication server;
The intelligent cipher module, the signal code for verifying password generation unit generation;
The coded communication module, for communication signal to be encrypted and decrypted.
Preferably, the intelligent cipher module is safe design chip, and the safe design chip includes intelligent card chip.
Preferably, the coded communication module is usb interface module.
Present invention also offers a kind of online trading method, including:
The user end to server sends consulting session cipher instruction;
The server generates the first session password and the second session password, and generation session password bag of packing;
Session password bag is sent to client by the server, and the client forwards session password to safety means Bag, and obtain from session password bag the first session key;
The safety means obtain the first session password and the second session password from session password bag;
Carried out between the server, client and safety means using the first session password and the second session password plus/ Decryption communication, performs online transaction.
Preferably, the identification code in the server and safety means is effective, then the client and server is exchanged Mutual public code.
Preferably, the first session password is used between safety means and client carry out enciphering/deciphering communication, described the Two session passwords are used for safety means and enciphering/deciphering communication are carried out between server.
Preferably, the process of the generation password protection bag is:
The first session password and the second session password are encrypted using client for the server, private using server It is close that first session password is encrypted, and by the server use client Public cryptographic the first session password and second The the first session password packing generation meeting for the symmetric password encryption that session password and server are pre-set using server internal Talk about password bag.
In summary, the present invention has advantages below:
The transaction system and method for commerce of the present invention, can to use different passwords in each transaction, can be with Prevent that attacker from intercepting and reusing to user profile., can be with and password will not be stored in safety means before transaction every time Prevent that malice from reading.During server sends password to safety means, the side transmitted to session password encryption is taken Method so that transaction is safer.
Brief description of the drawings
Fig. 1 is the structured flowchart of the online transaction system of the present embodiment;
Fig. 2 is the flow chart of the online trading method of the present embodiment.
Embodiment
The present invention is made with reference to embodiment and accompanying drawing further in detail, intactly to illustrate.
As shown in Figure 1-2, the invention provides a kind of online transaction system, including server, client and safety means;
The server includes safety control module, and the safety control module is given birth to provided with identification code verification unit, password Into unit, memory cell and arithmetic element;
The client is provided with transit module and identification code supplementary module;
The safety means are provided with identification code generation module, server authentication module, intelligent cipher module and coded communication Module.
In the server, institute's safety control module is carried out for completing the communication between server and safety means Encryption;
The identification code verification unit, the identification code for verifying the generation of identification code generation module is authenticated;
The password generation unit, for generating signal code and verification password;
The memory cell, signal code and verification password for storing password generation unit generation;
The arithmetic element, for completing encryption, decryption and verification operation.
In the client, the transit module, for completing the information transmission work between server and safety means Make;
The identification code supplementary module, the checking work for aiding in completing identification code verification unit.
In the safety means, the identification code generation module, for generating identification code;
The server authentication module, it is whether legal for authentication server;
The intelligent cipher module, the signal code for verifying password generation unit generation;
The coded communication module, for communication signal to be encrypted and decrypted.
The intelligent cipher module is safe design chip, and the safe design chip includes intelligent card chip.
The coded communication module is usb interface module.
Present invention also offers a kind of online trading method, including:
The user end to server sends consulting session cipher instruction;
The server generates the first session password and the second session password, and generation session password bag of packing;
Session password bag is sent to client by the server, and the client forwards session password to safety means Bag, and obtain from session password bag the first session key;
The safety means obtain the first session password and the second session password from session password bag;
Carried out between the server, client and safety means using the first session password and the second session password plus/ Decryption communication, performs online transaction.
Identification code in the server and safety means is effective, then the client and server exchanges mutual public affairs Common password.
The first session password is used between safety means and client carry out enciphering/deciphering communication, second session Password is used for safety means and enciphering/deciphering communication is carried out between server.
The process for generating the password protection bag is:
The first session password and the second session password are encrypted using client for the server, private using server It is close that first session password is encrypted, and by the server use client Public cryptographic the first session password and second The the first session password packing generation meeting for the symmetric password encryption that session password and server are pre-set using server internal Talk about password bag.
The above embodiment of the present invention is only that explanation technical solution of the present invention is used simultaneously, only the row of technical solution of the present invention Lift, the technical scheme and its protection domain being not intended to limit the invention.Using equivalent technologies mean, equivalent apparatus etc. to this hair The improvement of technical scheme disclosed in bright claims and specification is considered to be without departing from claims of the present invention And the scope disclosed in specification.

Claims (10)

1. a kind of online transaction system, it is characterised in that including server, client and safety means;
The server includes safety control module, and the safety control module is single provided with identification code verification unit, password generation Member, memory cell and arithmetic element;
The client is provided with transit module and identification code supplementary module;
The safety means are provided with identification code generation module, server authentication module, intelligent cipher module and coded communication module.
2. online transaction system as claimed in claim 1, it is characterised in that
In the server, institute's safety control module, the communication for completing between server and safety means is encrypted;
The identification code verification unit, the identification code for verifying the generation of identification code generation module is authenticated;
The password generation unit, for generating signal code and verification password;
The memory cell, signal code and verification password for storing password generation unit generation;
The arithmetic element, for completing encryption, decryption and verification operation.
3. online transaction system as claimed in claim 1, it is characterised in that
In the client, the transit module, for completing the work of the information transmission between server and safety means;
The identification code supplementary module, the checking work for aiding in completing identification code verification unit.
4. online transaction system as claimed in claim 1, it is characterised in that
In the safety means, the identification code generation module, for generating identification code;
The server authentication module, it is whether legal for authentication server;
The intelligent cipher module, the signal code for verifying password generation unit generation;
The coded communication module, for communication signal to be encrypted and decrypted.
5. online transaction system as claimed in claim 1, it is characterised in that the intelligent cipher module is safe design core Piece, the safe design chip includes intelligent card chip.
6. online transaction system as claimed in claim 1, it is characterised in that the coded communication module is usb interface module.
7. a kind of online trading method, it is characterised in that including:
The user end to server sends consulting session cipher instruction;
The server generates the first session password and the second session password, and generation session password bag of packing;
Session password bag is sent to client by the server, and the client forwards session password bag to safety means, and The first session key is obtained from session password bag;
The safety means obtain the first session password and the second session password from session password bag;
Between the server, client and safety means enciphering/deciphering is carried out using the first session password and the second session password Communication, performs online transaction.
8. such as a kind of online trading method of claim 7, it is characterised in that the identification code in the server and safety means is equal Effectively, then the client and server exchanges mutual public code.
9. online trading method as claimed in claim 8, it is characterised in that the first session password be used for safety means with Enciphering/deciphering communication is carried out between client, the second session password is used for safety means and carried out between server plus/solution Close communication.
10. online trading method as claimed in claim 9, it is characterised in that the process of the generation password protection bag is:
The first session password and the second session password are encrypted using client for the server, use server secret pair First session password is encrypted, and the first session password using client Public cryptographic and the second session by the server The the first session password packing generation session for the symmetric password encryption that password and server are pre-set using server internal is close Code bag.
CN201710318695.1A 2017-05-08 2017-05-08 A kind of online transaction system and method Pending CN106961446A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710318695.1A CN106961446A (en) 2017-05-08 2017-05-08 A kind of online transaction system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710318695.1A CN106961446A (en) 2017-05-08 2017-05-08 A kind of online transaction system and method

Publications (1)

Publication Number Publication Date
CN106961446A true CN106961446A (en) 2017-07-18

Family

ID=59482733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710318695.1A Pending CN106961446A (en) 2017-05-08 2017-05-08 A kind of online transaction system and method

Country Status (1)

Country Link
CN (1) CN106961446A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113783867A (en) * 2021-09-07 2021-12-10 福建天泉教育科技有限公司 Request authentication method and terminal

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1518825A (en) * 2001-06-21 2004-08-04 �ʼҷ����ֵ������޹�˾ Device arranged for exchanging data and method of authenticating
CN101393628B (en) * 2008-11-12 2012-08-08 飞天诚信科技股份有限公司 Novel network safe transaction system and method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1518825A (en) * 2001-06-21 2004-08-04 �ʼҷ����ֵ������޹�˾ Device arranged for exchanging data and method of authenticating
CN101393628B (en) * 2008-11-12 2012-08-08 飞天诚信科技股份有限公司 Novel network safe transaction system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113783867A (en) * 2021-09-07 2021-12-10 福建天泉教育科技有限公司 Request authentication method and terminal
CN113783867B (en) * 2021-09-07 2023-07-25 福建天泉教育科技有限公司 Authentication request method and terminal

Similar Documents

Publication Publication Date Title
US20220201477A1 (en) Anonymous authentication and remote wireless token access
CN1689297B (en) Method of preventing unauthorized distribution and use of electronic keys using a key seed
CN102880960B (en) Based on the payment by using short messages method and system of fingerprint recognition mobile phone
CN101662469B (en) Method and system based on USBKey online banking trade information authentication
CN102202300A (en) System and method for dynamic password authentication based on dual channels
US9722792B2 (en) Reading of an attribute from an ID token
CN103229452A (en) Mobile handset identification and communication authentication
CN103020825A (en) Safety payment authentication method based on software client
CN110278180B (en) Financial information interaction method, device, equipment and storage medium
CN101631305B (en) Encryption method and system
CN101483654A (en) Method and system for implementing authentication and data safe transmission
WO2018133674A1 (en) Method of verifying and feeding back bank payment permission authentication information
TWI591553B (en) Systems and methods for mobile devices to trade financial documents
CN101393628A (en) Novel network safe transaction system and method
CN103971241A (en) Two-channel payment method and system
CN103853950A (en) Authentication method based on mobile terminal and mobile terminal
KR20140134663A (en) Method for verifying the identity of a user of a communicating terminal and associated system
KR100939725B1 (en) Certification method for a mobile phone
CN103353973A (en) Banking transaction authentication method based on video verification, and banking transaction authentication system based on video verification
CN103916249A (en) Dynamic password generating method and system
CN106936588A (en) A kind of trustship method, the apparatus and system of hardware controls lock
CN108768941B (en) Method and device for remotely unlocking safety equipment
CN104125064A (en) Dynamic password authentication method, client and authentication system
Malathi et al. Achieving privacy and security using QR code by means of encryption technique in ATM
CN107609878A (en) A kind of safety certifying method and system of shared automobile

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170718

RJ01 Rejection of invention patent application after publication