CN201947283U - Security certificate device of Internet banking remote payment based on multi-interface safety smart card - Google Patents
Security certificate device of Internet banking remote payment based on multi-interface safety smart card Download PDFInfo
- Publication number
- CN201947283U CN201947283U CN2011200210552U CN201120021055U CN201947283U CN 201947283 U CN201947283 U CN 201947283U CN 2011200210552 U CN2011200210552 U CN 2011200210552U CN 201120021055 U CN201120021055 U CN 201120021055U CN 201947283 U CN201947283 U CN 201947283U
- Authority
- CN
- China
- Prior art keywords
- intelligent card
- safety
- many interfaces
- bank
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The utility model relates to a security certificate device of Internet banking remote payment based on a multi-interface safety smart card, which comprises a certificate server and an internet banking server which is connected with the certificate server. The internet banking server is connected with the multi-interface safety smart card through a non-contact transmission channel of security certificate information, therefore the cost of allocating a universal serial bus (USB) Key is saved, and users can use the internet banking more conveniently. A human-machine interface displays key information of each trade on a display interface of the multi-interface safety smart card human-machine interface, the trade can only be conducted successfully after users press a confirm button on the multi-interface safety smart card human-machine interface, thereby effectively resolving the problems that two safety holes exist in the existing widely used UBS Key, further guaranteeing the safety and reliability of trades.
Description
Technical field:
The utility model relates to a kind of safety certification device of the Web bank's remote payment based on many interfaces safety intelligent card.
Background technology:
Bank card has been that form with magnetic stripe card exists and develops since being born all the time.Magnetic stripe card is when offering convenience to people, because it is very easy to be brought the great number financial risks by imitated to the bank card tissue.For taking precautions against the risk of fraud of magnetic stripe card, the bank card tissue has been released bank card by the strategy of magnetic stripe card to smart chip card migration (being the EMV migration).A lot of countries and regions have been implemented migration.China has also entered the transition stage of magnetic stripe card to the upgrading of intelligent chip bank card at present, and domestic technique condition and environment for card use all possess.The intelligent chip bank card directly adopts the mode of many interfaces (being contact interface, noncontact interface and human-computer interaction interface) safety intelligent card to be undoubtedly a kind of selection that settles at one go in this escalation process.It can not only realize comprising the multiple transaction of PBOC2.0, EMV by contact interface, guarantees fail safe; Can realize functions such as safe small amount payment transaction by the noncontact interface; And can also use the human-computer interaction interface of smart card to show crucial Transaction Information and can wait for the user key-press affirmation to the user.Like this, the user can easily realize one card for multiple uses.
Net silver claims online bank, the Internet bank again, be meant that bank utilizes the Internet technology, provide to the client by Internet open an account, account transfer in the cancellation, inquiry, accounting checking, row, inter-bank are transferred accounts, credit, demonstrate,prove traditional services projects such as Securities, Investment ﹠ Financing on the net, the client can be stayed indoors just can manage current and fixed deposit, check, credit card and personal investment etc. in safe and convenient ground.
Because online transaction is not aspectant, the user can send request at any time and any place, and traditional personal identification method normally leans on user name and login password that user's identity is authenticated.But, if user's password when login in mode expressly in transmission over networks, be easy to victim and intercept and capture, and then identity that can fake user, ID authentication mechanism will be broken.
At present, Net silver personal authentication medium (security tool) mainly contains: password, digital certificate of file, dynamic password card, dynamic mobile phone password, mobile password board, mobile digital certificate etc.Wherein, in fact mobile digital certificate is exactly a kind of USBKey.Domestic different bank address is different, claims U shield as industrial and commercial bank, and agricultural bank claims K treasured etc.USBKey is depositing user's personal digital certificate.Carrying out personal identification by USBKey is safest relatively a kind of mode in the present Net silver authenticating method.
One of problem of using the USBKey authentication mode is will apply for the bank card before founding banking except the user, also needs additionally to allot corresponding USBKey again to the user.Along with day by day popularizing of Net silver, select USBKey to protect the user of Net silver safety to reach very large quantity.If use the bank card of many interfaces safety intelligent card, then can directly use many interfaces Intelligent Bank card to replace USBKey.Thereby can save a sizable cost that is used to allot USBKey, have favorable social and economic benefits.Simultaneously when the user uses Net silver, owing to only need have many interfaces safety intelligent card (mode with bank card occurs), thereby and no longer need additionally to use again the use of the more convenient user of USBKey to Net silver.
In addition, USBKey is not what be perfectly safe, and the USBKey physical presence two big security breaches of current extensive use: 1) there is leak in interactive operation.The assailant can Long-distance Control, and the USBKey that falsely uses the user carries out authentication, and the user can't know.2) can't prevent that data from being distorted.User's a transaction may victim interception screen be distorted and is an other transaction before sending into USB Key and encrypting, and can distort transaction like this and authentication is passed through under the unwitting situation of user.Above these two kinds of safety problems can solve in conjunction with the human-computer interaction interface in the safety intelligent card of many interfaces.The key message that is about to each transaction is presented on the display interface in the safety intelligent card human-computer interaction interface of many interfaces, and only after the user presses affirmation button on the safety intelligent card human-computer interaction interface of many interfaces, conclude the business and normally successfully to carry out, thereby guaranteed the safe and reliable of transaction.
Summary of the invention:
The purpose of this utility model is to overcome the deficiencies in the prior art and a kind of safety certification device of realizing under the support of many interfaces safety intelligent card based on public key certificate based on Web bank's remote payment of many interfaces safety intelligent card is provided.
The purpose of this utility model is achieved in that the bank net server that comprises certificate server, is connected with certificate server, it is characterized in that: the bank net server through safety certification contactless transmission channel of information is connected with many interfaces safety intelligent card.
The contactless transmission channel of described secure authenticated information comprise the computer that is connected with the bank net server, the contact type intelligent card read write line that is connected with computer, with the contactless many interfaces safety intelligent card that is connected of contact type intelligent card read write line, the intelligent card read/write device module at the noncontact interface that is applicable to many interfaces safety intelligent card is installed on the computer.
The contactless transmission channel of described secure authenticated information comprises the wireless communication line that is connected with the bank net server, the mobile phone terminal with short-range wireless communication module, the many interfaces safety intelligent card that is connected with mobile phone terminal, is provided with the short-range wireless communication module of contact type intelligent card reader/writer mode in mobile phone terminal.
Described many interfaces safety intelligent card is meant that increasing by one again on the basis of traditional contact interface and many interfaces, noncontact interface safety intelligent card has the ultrathin flexible display, the human-computer interaction interface of fexible film button and ultrathin flexible battery, be used to the user to show some key messages and wait for the safety intelligent card at the interface of user key-press input validation, it meets " China's finance integrated circuit (IC) calliper model (V2.0) ", " contactless payment IC-card payment standard " and international standard ISO10536 series standard, support ISO/IEC 14443-A and ISO/IEC 7816 agreements, support the cryptographic algorithm of national Password Management office approval, this cryptographic algorithm comprises SM1, SSF33 and RSA and digest algorithm, the smart card series products that can be used as many interfaces Intelligent Bank card.
The related data that needs between computer or mobile phone terminal and the bank net server to receive and dispatch is to be delivered to carry out digital signature, encryption and decryption processing in the safety intelligent card of many interfaces on the basis that above-mentioned contactless transmission channel is set up, and return results, many interfaces safety intelligent card carries out the digital signature processing to the transaction key message before, want to show on the display interface in its human-computer interaction interface earlier, have only and just understand the combine digital signature operation after waiting the user to press affirmation button on the human-computer interaction interface.
The utlity model has following good effect: many interfaces safety intelligent card is applied to realize the safety certification of the remote payment of Web bank by using many interfaces safety intelligent card in the safety certification of bank's (hereinafter to be referred as Net silver) remote payment on the net.By computer or have the mobile phone terminal of short-range wireless communication module and many interfaces safety intelligent card between the foundation of contactless transmission channel, can utilize the safety function of many interfaces safety intelligent card to carry out operations such as authentication and data encryption, thereby realize the Net silver remote payment.On this basis, when with many interfaces safety intelligent card as many interfaces Intelligent Bank card after, just can directly block and replace traditional USBKey with this, can save a sizable cost that is used to allot USBKey, have favorable social and economic benefits.Simultaneously when the user uses Net silver, owing to only need have many interfaces safety intelligent card (mode with bank card occurs), thereby and no longer need additionally to use again the use of the more convenient user of USBKey (user who particularly has the mobile phone terminal of short-range wireless communication module) to Net silver.The key message that at every turn conclude the business in conjunction with the human-computer interaction interface in the safety intelligent card of many interfaces is presented on the display interface in the safety intelligent card human-computer interaction interface of many interfaces and only concludes the business and could normally successfully carry out after the user presses affirmation button on the safety intelligent card human-computer interaction interface of many interfaces in addition, thereby the USBKey that has solved current extensive use well in esse two big security breaches problems, that is: 1) there is leak in interactive operation.The assailant can Long-distance Control, and the USBKey that falsely uses the user carries out authentication, and the user can't know.2) can't prevent that data from being distorted.User's a transaction may victim interception screen be distorted and is an other transaction before sending into USB Key and encrypting, and can distort transaction like this and authentication is passed through under the unwitting situation of user, thereby has guaranteed the safe and reliable of transaction.
Description of drawings:
Fig. 1 is a basic schematic diagram of the present utility model.
Fig. 2 is the schematic diagram of setting up of contactless transmission channel between computer of the present utility model and many interfaces safety intelligent card.
Fig. 3 is the schematic diagram of setting up of contactless transmission channel between mobile phone terminal of the present utility model and many interfaces safety intelligent card.
Fig. 4 is a certificate distribution procedure schematic diagram of the present utility model.
Fig. 5 is a safety authentication protocol schematic diagram of the present utility model.
Embodiment:
As shown in Figure 1, the bank net server that the utility model comprises certificate server, is connected with certificate server, bank net server through safety certification the contactless transmission channel of information be connected with many interfaces safety intelligent card.
The used many interfaces safety intelligent card of the utility model is meant increases the personal-machine interactive interface safety intelligent card of (promptly have ultrathin flexible display, fexible film button and ultrathin flexible battery, can be used for showing some key messages and the interface that can wait for the user key-press input validation for the user) again on the basis of traditional many interfaces (being contact interface and noncontact interface) safety intelligent card.It meets standards such as " China's finance integrated circuit (IC) calliper model (V2.0) ", " contactless payment IC-card payment standard " and international standard ISO10536 series, support ISO/IEC 14443-A and ISO/IEC 7816 agreements, support cryptographic algorithm (comprising SM1, SSF33 and RSA etc.) that national Password Management office is approved and digest algorithm (as SHA-1 etc.), can be used as the smart card series products of many interfaces Intelligent Bank card.
1, the foundation of the contactless transmission channel of secure authenticated information
Specifically can be divided into two kinds of forms:
As shown in Figure 2, first kind of form, the contactless transmission channel of described secure authenticated information comprise the computer that is connected with the bank net server, the contact type intelligent card read write line that is connected with computer, with the contactless many interfaces safety intelligent card that is connected of contact type intelligent card read write line, the intelligent card read/write device module at the noncontact interface that is applicable to many interfaces safety intelligent card is installed on the computer.
The foundation of contactless transmission channel between computer and many interfaces safety intelligent card.The intelligent card read/write device module that will have the noncontact interface that is applicable to many interfaces safety intelligent card on the computer, like this could and many interfaces safety intelligent card between set up contactless transmission channel.General type is to increase an external contact type intelligent card read write line on computers, and the supporting program (as driver etc.) of corresponding read write line is installed in computer.
As shown in Figure 3, second kind of form, the contactless transmission channel of described secure authenticated information comprises the wireless communication line that is connected with the bank net server, the mobile phone terminal with short-range wireless communication module, the many interfaces safety intelligent card that is connected with mobile phone terminal, is provided with the short-range wireless communication module of contact type intelligent card reader/writer mode in mobile phone terminal.
Foundation with contactless transmission channel between the mobile phone terminal of short-range wireless communication module and many interfaces safety intelligent card.This kind form is that the short-range wireless communication module in this mobile phone terminal is set to the contact type intelligent card reader/writer mode, thereby sets up contactless transmission channel with many interfaces safety intelligent card, 2, safety authentication protocol
Safety authentication protocol is meant the user and uses in the Net silver process in the utility model, agreement and the standard followed when carrying out both sides' identification safety authentication between computer or mobile phone terminal and the bank net server.This safety authentication protocol is to be based upon on the basis of the certificate that uses public-key.User's public key certificate and private key and corresponding enciphering and deciphering algorithm, digest algorithm are all in the safety intelligent card of many interfaces, so in safety certification process, the related data that needs sending and receiving between computer or mobile phone terminal and the bank net server all is to be delivered to processing (as digital signature, encryption and decryption etc.) and the return results that carries out in the safety intelligent card of many interfaces on the basis that above-mentioned contactless transmission channel is set up.In addition, many interfaces safety intelligent card carries out the digital signature processing to the transaction key message before, want to show on the display interface in its human-computer interaction interface earlier, have only and just understand the combine digital signature operation after waiting the user to press affirmation button on the human-computer interaction interface.
Safety certification partly may further comprise the steps:
1) distribution of public key certificate (as shown in Figure 4):
A, certificate server are that bank net server and terminal use generate public key certificate separately;
B, certificate server off-line write bank net server public key certificate to many interfaces safety intelligent card;
C, certificate server transmitting bank ebanking server client public key certificate;
2) safety certification: by public key certificate, realize both sides' (being terminal use and bank) authentication (as shown in Figure 5) between computer or mobile phone terminal and the bank net server.The message that safety authentication protocol sent is as follows:
C->S:PEs(
Nc)
S->C:PEc(
Ns,TIMEcs,TYPEcs,AMOUNTcs,EXTcs,SIGs(
Nc))
C->S:PEs(
Ns,SIGc(
TIMEcs,TYPEcs,AMOUNTcs,EXTcs))
Wherein,
CExpression computer or mobile phone terminal transmit leg,
SExpression bank net server recipient; PEc represents to use
CPublic key encryption, SIGc represents to use
CPrivate key signature; PEs represents to use
SPublic key encryption, SIGs represents to use
SPrivate key signature;
NcThe proof factor that the expression transmit leg produces,
NsThe proof factor that the expression recipient produces;
TIMEcsThe operating time of expression transaction,
TYPEcsThe operation species of expression transaction,
AMOUNTcsThe expression operation amount of money,
EXTcsExpansion is reserved in expression;
The step that safety authentication protocol is carried out is as follows:
The first step, after the transaction beginning, terminal send side sends with server recipient certificate public key encryption authentication request to the server recipient, and request content comprises that terminal produces proof factor
Nc
In second step, the bank net server is searched the corresponding certificate of this user according to the user profile of current use Net silver, and verify this certificate legitimacy to certificate server after, produces a proof factor
Ns, utilize the private key of oneself right
NcSign the transaction operating time back and current transaction
TIMEcs, the transaction operation species
TYPEcs, the operation amount of money
AMOUNTcs, reserve expansion
EXTcsEncrypt with recipient's encrypted public key etc. information, pass to terminal then;
In the 3rd step, the cipher-text information that terminal is sent the bank net server is carried out DecryptDecryption (earlier with the private key DecryptDecryption of self, using the PKI visa server signature of the bank net server that prestores again), checks
NcAfter the unanimity;
In the 4th step, after checking was passed through, portable terminal was right
TIMEcs, TYPEcs, AMOUNTcs, EXTcsEtc. information with (in terminal these information being sent into and to be carried out in the safety intelligent card of many interfaces before the digital signature processing after the oneself private key signature, many interfaces safety intelligent card is wanted on the display interface in its human-computer interaction interface crucial Transaction Information to be shown earlier, the user such as having only to press behind the affirmation button on the human-computer interaction interface just can the combine digital signature operation), together with
NsTogether, send ebanking server to behind the public key encryption with the bank net server;
In the 5th step, ebanking server will be received
NsWith original
NsCompare.If identical, expression both sides identification safety authentication passes through Transaction Success.Simultaneously that portable terminal is right
TIMEcs, TYPEcs, AMOUNTcs, EXTcsPrivate key signature result's preservation Deng Transaction Information is put on record; If inequality, then Fail Transaction.
Claims (4)
1. safety certification device based on Web bank's remote payment of many interfaces safety intelligent card, the bank net server that comprise certificate server, is connected with certificate server is characterized in that: the bank net server through safety certification contactless transmission channel of information is connected with many interfaces safety intelligent card.
2. the safety certification device of the Web bank's remote payment based on many interfaces safety intelligent card according to claim 1, it is characterized in that: the contactless transmission channel of described secure authenticated information comprise the computer that is connected with the bank net server, the contact type intelligent card read write line that is connected with computer, with the contactless many interfaces safety intelligent card that is connected of contact type intelligent card read write line, the intelligent card read/write device module at the noncontact interface that is applicable to many interfaces safety intelligent card is installed on the computer.
3. the safety certification device of the Web bank's remote payment based on many interfaces safety intelligent card according to claim 1, it is characterized in that: the contactless transmission channel of described secure authenticated information comprises the wireless communication line that is connected with the bank net server, the mobile phone terminal with short-range wireless communication module, the many interfaces safety intelligent card that is connected with mobile phone terminal, is provided with the short-range wireless communication module of contact type intelligent card reader/writer mode in mobile phone terminal.
4. the safety certification device of the Web bank's remote payment based on many interfaces safety intelligent card according to claim 1, it is characterized in that: described many interfaces safety intelligent card is meant on the basis of traditional contact interface and many interfaces, noncontact interface safety intelligent card increases a human-computer interaction interface that has ultrathin flexible display, fexible film button and ultrathin flexible battery again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011200210552U CN201947283U (en) | 2011-01-24 | 2011-01-24 | Security certificate device of Internet banking remote payment based on multi-interface safety smart card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011200210552U CN201947283U (en) | 2011-01-24 | 2011-01-24 | Security certificate device of Internet banking remote payment based on multi-interface safety smart card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201947283U true CN201947283U (en) | 2011-08-24 |
Family
ID=44474617
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011200210552U Expired - Lifetime CN201947283U (en) | 2011-01-24 | 2011-01-24 | Security certificate device of Internet banking remote payment based on multi-interface safety smart card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201947283U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103377427A (en) * | 2012-04-18 | 2013-10-30 | 张永红 | Information interaction system and method thereof |
| CN104622150A (en) * | 2015-02-13 | 2015-05-20 | 绵阳安智圣达创意科技有限公司 | Convenient pillow with small drawer in office room |
-
2011
- 2011-01-24 CN CN2011200210552U patent/CN201947283U/en not_active Expired - Lifetime
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103377427A (en) * | 2012-04-18 | 2013-10-30 | 张永红 | Information interaction system and method thereof |
| CN104622150A (en) * | 2015-02-13 | 2015-05-20 | 绵阳安智圣达创意科技有限公司 | Convenient pillow with small drawer in office room |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102118251B (en) | Security authentication method for internet banking remote payment based on multi-interface intelligent safety card | |
| CN112805967B (en) | System and method for password authentication of contactless card | |
| CN102737311B (en) | Internet bank security authentication method and system | |
| CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
| CN101651675B (en) | By the method and system that authentication code is verified client | |
| CN103955733B (en) | Electronic identity card chip card, card reader and electronic identity card verification system and method | |
| US20110103586A1 (en) | System, Method and Device To Authenticate Relationships By Electronic Means | |
| US10965465B2 (en) | Systems and methods for cryptographic authentication of contactless cards | |
| CN109039652B (en) | Digital certificate generation and application method | |
| CA2914956C (en) | System and method for encryption | |
| CN112789643A (en) | System and method for password authentication of contactless cards | |
| CN103729948A (en) | Electronic payment method of mobile terminal with NFC (near field communication) and fingerprint functions | |
| CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
| CN101770619A (en) | Multiple-factor authentication method for online payment and authentication system | |
| CN101162535B (en) | Method and system for realizing magnetic stripe card trading by IC card | |
| CN102710611A (en) | Network security authentication method and system | |
| CN102013001A (en) | Card reader with authentication function and authentication method thereof | |
| TWI775288B (en) | Payment token application method, equipment, system and server | |
| CN102238193A (en) | Data authentication method and system using same | |
| CN104182875A (en) | Payment method and payment system | |
| CN112655010A (en) | System and method for password authentication of contactless cards | |
| CN102118394A (en) | Safety authentication method for remote payment through internet banking based on dual-interface safety intelligent card | |
| CN201946038U (en) | Security certificate device of internet-banking remote payment based on dual-interface safety smart card | |
| US8190898B2 (en) | Portable electronic entity and communication method | |
| CN104103132A (en) | Mobile uKey [USB (universal serial bus) Key] and card-less cash withdrawal System and mobile uKey and card-less cash withdrawal method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: ZHENGZHOU XINDA JIE'AN INFORMATION TECHNOLOGY CO., Free format text: FORMER NAME: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 450001 No. 11 Lianhua street, hi tech Development Zone, Henan, Zhengzhou Patentee after: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. Address before: 450001 No. 11 Lianhua street, hi tech Development Zone, Henan, Zhengzhou Patentee before: Zhengzhou Xinda Jie An Information Technology Co., Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP02 | Change in the address of a patent holder |
Address after: 450001 Henan city of Zhengzhou Province, West Zheng Dong new things are integrated services northbound Zhengzhou national trunk highway logistics building 14 floors of A towers Patentee after: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. Address before: 450001 No. 11 Lianhua street, hi tech Development Zone, Henan, Zhengzhou Patentee before: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP02 | Change in the address of a patent holder |
Address after: 450046 Henan city of Zhengzhou Province, East West northbound Zheng Dong new district are integrated services Zhengzhou national trunk highway logistics building 14 floors of A towers Patentee after: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. Address before: 450001 Henan city of Zhengzhou Province, West Zheng Dong new things are integrated services northbound Zhengzhou national trunk highway logistics building 14 floors of A towers Patentee before: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. |
|
| CX01 | Expiry of patent term |
Granted publication date: 20110824 |
|
| CX01 | Expiry of patent term |