CN101101686A - Electronic bank identification method, system and intelligent card adopting the method - Google Patents

Electronic bank identification method, system and intelligent card adopting the method Download PDF

Info

Publication number
CN101101686A
CN101101686A CNA200610061487XA CN200610061487A CN101101686A CN 101101686 A CN101101686 A CN 101101686A CN A200610061487X A CNA200610061487X A CN A200610061487XA CN 200610061487 A CN200610061487 A CN 200610061487A CN 101101686 A CN101101686 A CN 101101686A
Authority
CN
China
Prior art keywords
private key
user
smart card
signature
card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA200610061487XA
Other languages
Chinese (zh)
Other versions
CN100511292C (en
Inventor
曹珍富
董晓蕾
周渊
郑志彬
位继伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Shanghai Jiaotong University
Original Assignee
Huawei Technologies Co Ltd
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd, Shanghai Jiaotong University filed Critical Huawei Technologies Co Ltd
Priority to CNB200610061487XA priority Critical patent/CN100511292C/en
Publication of CN101101686A publication Critical patent/CN101101686A/en
Application granted granted Critical
Publication of CN100511292C publication Critical patent/CN100511292C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

This electronic bank authentication system includes: (1) intelligent cards (IC), (2) the card reader (CR), with a terminal, reads and writes on IC and (3) the server connects to CR via the net. CR (1) receives the biological feature info (BFI) via the terminal; (2) uses the system private key to secretly signs on the first function value which input is BFI; (3) generates the user private key (UPK) and stores it into IC. IC (1) uses UPK to signs on the second function value which input is the message to be signed; (2) sends the signed message to the server via CR. The server uses the pre-stored BFI and the system public key to authenticate the signature.

Description

Electronic bank identification method, and the system and the smart card of this method of employing
Technical field
The present invention relates to secret communication, relate in particular to electronic bank identification method, adopt the e-bank's Verification System and the smart card of this method.
Background technology
Along with the foundation of global information network and perfect, the development of e-bank has become irresistible trend.For numerous clients provide multi-form by all kinds of means network finance service, big quantum jump and extended the traditional bank counter service.Compare with the conventional silver industry, e-bank has great advantage.At first, e-bank has adopted brand-new operation mode; Secondly, e-bank's cost is low, efficient is high.Therefore, it is very swift and violent in the development in the whole world.Yet, because the both parties of e-bank---bank does not meet mutually with the client, make this transaction not only make things convenient for but also have certain potential safety hazard.For both parties, the privacy of information transmission, true integrality and non-repudiation all are the key factors that influences transaction security.
Just for the consideration of security and ease for use, smart card is being subjected to the widespread use of financial industry in recent years.The intelligentized rapid rising of bank card is mainly from the driving force of several like this aspects: the first, and the inter-trade application of smart card is more and more widely; The second, money transaction reduces gradually; The 3rd, the credit card fraud activity is becoming increasingly rampant; The 4th, global smart card payment system is universal day by day.But, the present mode that is based on password for the protection of smart card basically.In order not forget password, the user often adopts the password that is simple and easy to remember, this has just weakened the security of system.Simultaneously, user's phenomenon of forgeing password also happens occasionally.And password and user's identity can not be bound, and the people who obtains password can utilize credit card to consume.
Fig. 1 is the process flow diagram that a kind of e-bank of prior art authenticates.
As shown in Figure 1, in step 1, the user is by swiping the card the input account information;
Step 2, the user sends user cipher (password) into background server from foreground keyboard input account password (password), implements verification process;
Step 3 is utilized the secret k in the card, authenticates by authentication protocol with background server;
Step 4 is in case authentication is finished reasonable transaction by just according to user's reasonable wish.
Here, the secret k in the card exists with two kinds of situations: (1) in the symmetric cryptography environment, k is the shared secret of smart card and background server; (2) in the public key cryptography environment, k is a private key for user, and is corresponding, at background server, has the public key certificate of private key correspondence therewith.
Fig. 2 is the process flow diagram that the e-bank of another kind of prior art authenticates.
As shown in Figure 2, in step 1, the user is by swiping the card the input account information;
In step 2, the user starts smart card from foreground keyboard input smart card personal identity number (PIN code);
In step 3, utilize the secret k in the card, carry out authentication protocol with background server;
In step 4, in case authentication is finished reasonable transaction by just according to user's reasonable wish.
Obviously, the scheme of second kind of prior art is reasonable than the scheme of first kind of prior art, and security wants high.
In existing technology, the combination of IC-card and password is actual to be exactly the key that starts banking.Yet, the user when password is set, often with " birthday ", " name ", and other easily numerals of memory and/or monogram as password.And when the user enters password, may meet with the shooting of video camera.Therefore, after smart card was lost, user account was stolen probably.And the trend of the network authentication of original system is to take the public key cryptography technology of more convenient authentication, but this needs bank to set up Public Key Infrastructure(PKI) to realize management and the use to digital certificate.For example, " People's Bank of China " of China just invested and developed CA (digital certificate) system very many years ago.But this is more loaded down with trivial details and expense is expensive.
Summary of the invention
The objective of the invention is on the basis of the function of not destroying original system, the security of enhanced system, and also improved new system and original system can be compatible fully.
Particularly, in the present invention program, introduced biological characteristic.The effect of biological characteristic is dual, has both cooperated password to implement the smart card local authentication, can utilize biological characteristic to implement the telecommunication network authentication again.The final requirement realized two targets: (1) smart card local authentication not only relies on password, also will utilize biological information; (2) when the network authentication that carries out with background server, adopting with the biological characteristic is the identity base cryptographic technique of PKI, thereby reaches the purpose that need not digital certificate and corresponding and expensive Public Key Infrastructure thereof.
According to first aspect, the invention provides a kind of electronic bank identification method, comprise and utilize system's private key that biological information is the secret signature of first functional value of input, generation private key for user; Utilize private key for user to treat and sign the second functional value signature of message for input; Utilize biological information and system's PKI of storage in advance that signature is verified.
According to second aspect, a kind of e-bank Verification System is provided, comprise smart card, the machine for punching the card that smart card is read and write, the server that links to each other with machine for punching the card by network with terminal; Machine for punching the card receives biological information by terminal, and utilizing system's private key is secret signature of first functional value of input to biological information, produces private key for user, and deposits private key for user in smart card; Smart card utilizes private key for user to treat and signs the second functional value signature of message for input, and the message after will signing sends to server by machine for punching the card; The biological information that server by utilizing is stored in advance and system's PKI are verified signature.
According to the third aspect, a kind of smart card that is used for e-bank's Verification System is provided, described e-bank Verification System comprises smart card, the machine for punching the card with terminal that smart card is read and write, the server that links to each other with machine for punching the card by network; Described smart cards for storage has private key for user, and it is that the secret signature of importing of first functional value produces to biological information that described private key for user utilizes system's private key by machine for punching the card; Smart card utilizes private key for user to treat and signs the second functional value signature of message for input, and the message after will signing sends to server by machine for punching the card, so that the biological information that server by utilizing is stored in advance and system's PKI are verified signature.
The present invention has adopted the Verification System based on biological characteristic, not only can finish the electronic transaction of highly effective and safe, and owing to the singularity based on biological characteristic, user's identity and biological characteristic are unique bindings.Even other people obtain smart card like this, also can't finish authentication operation.Simultaneously, the user also can select to need not to remember the mode of any password.Because we have adopted effective identity base cryptographic technique to realize network authentication, so omitted the Public Key Infrastructure construction of expense costliness.
Description of drawings
Below will the present invention will be described in more detail with reference to accompanying drawing by way of example, among the figure:
Fig. 1 is the process flow diagram that a kind of e-bank of prior art authenticates;
Fig. 2 is the process flow diagram that the e-bank of another kind of prior art authenticates;
Fig. 3 is the process flow diagram that the e-bank according to a kind of embodiment of the present invention authenticates.
Embodiment
Fig. 3 is the process flow diagram that the e-bank according to a kind of embodiment of the present invention authenticates.Need to prove that before implementing electronic bank identification method of the present invention, the user need register to bank, deposits the primeval life feature in smart card and background server.In addition, the private key mk of system is arranged in the machine for punching the card.
As shown in Figure 3, e-banking system comprises smart card, has the machine for punching the card of preceding station terminal, and background server.Background server links to each other by network with machine for punching the card.
In step 1, the user is by swiping the card the input account information.
In step 2, the user is from foreground keyboard input smart card personal identity number (PIN code), and the input biological characteristic, has only the both to mate and could start smart card.
In step 3, machine for punching the card utilizes the private key mk of system to be user's generation interim authentication private key tk corresponding with trade date and biological characteristic, and promptly private key for user imports tk in the card then.
In step 4, machine for punching the card converts user's wish to message m by certain set form, and the tk that utilize to import in the smart card carries out digital signature based on identity to message m, and verifies by the user primeval life feature of background server storage.
In step 5, in case checking is finished reasonable transaction by just according to user's wish.
In step 6, deposit the digital signature of utilizing tk to carry out in background server, as transaction endorsement file based on identity.The endorsement file can be destroyed after the prescribed timelimit.
Concrete Digital Signature Algorithm based on identity hereinafter is described.
According to the present invention, form by systematic parameter generation algorithm S, private key extraction algorithm Ext, signature algorithm Sig, four algorithms of verification algorithm Ver based on the signature algorithm of identity.These four arthmetic statements are as follows:
Systematic parameter produces algorithm S: produce systematic parameter.
Algorithm is as follows:
Step 1: system generates two at random and varies in size and big or small close big prime number p and q, and wherein, p and q are strong primes.
Step 2: calculate n=pq and φ=(p-1) (q-1).
Step 3: choose integer e, 1<e<φ, and e and φ are coprime.
Step 4: use the expansion Euclidean algorithm to calculate the unique integer d that satisfies ed ≡ 1mod (φ), 1<d<φ.Here, integer e and d are multiplicative inverses.Need explanation, integer e and d also can adopt alternate manner to determine.
Step 5: choose hash function H : { 0,1 } * → Z n * 。Need explanation, other signature function also is feasible.
Step 6: system's common parameter is that (H), private key mk is d for n, e.System's PKI is e.
Private key extraction algorithm Ext: utilize system's private key that biological information is the secret signature of the signature function value of input, generation private key for user.
Given user's biological information ID ∈ 0,1} *With temporal information t, algorithm is as follows:
Step 1: calculate P ID=H (ID||t), wherein || the connector of expression character string.Here, biological information is necessary input.Need the explanation, biological information and temporal information can adopt other array mode, such as with or mode.
Step 2: calculate S ID=(P ID) dMod (n).
Step 3:S IDBe exactly the private key tk of biological information ID and temporal information t correspondence.
Signature algorithm Sig: utilize private key for user to treat and sign the signature function value signature of message for input.Need explanation, the signature function here can adopt the signature algorithm different with the private key extraction algorithm.
For message m to be signed, algorithm is as follows:
Step 1: picked at random integer r ∈ Z nSelection operation can be finished by random number generator.
Step 2: calculate α=r eMod (n).
Step 3: calculate h=H (m|| α), wherein || the connector of expression character string.Here, message to be signed is necessary input.Need the explanation, wait to sign the array mode that can adopt other between message and the parameter alpha, such as with or mode.
Step 4: calculate β=(rS ID) hMod (n).
Step 5:(α β) is exactly signature at message m.
Verification algorithm Ver: utilize biological information and system's PKI of storage in advance that signature is verified.
For the signature (α β), utilizes ID, t, verification algorithm is as follows:
Step 1: calculate P ID=H (ID||t)
Step 2: calculate h=H (m|| α).
Step 3: checking β e=(α P ID) hWhether mod (n) sets up.If set up, this signature is accepted in output 1 expression, otherwise exports 0, this signature of expression refusal.
The present invention can increase Security of the system on the basis of not changing the original system framework. The enhancing of security is in particular in that one action of biological information is multiplex and attainable, effective , the application of the identity base cryptographic technique of approved safe. The solution of the present invention has following spy Point: (1) not only relies on password to the protection of smart card, and utilizes living things feature recognition; (2) biological information is as user's identity information, utilize attainable, effective, can The identity base cryptographic technique of card safety realizes network authentication; (3) the endorsement file after transaction is finished When network authentication, once finish; (4) because the present invention utilizes biological characteristic as user's body Part, utilize identity base cryptographic technique to carry out network authentication and digital signature, so can save logical The normal expensive expense that realizes the PKIX that public key algorithm relies on.
Obviously, the present invention described here can have many variations, and this variation can not be recognized For departing from the spirit and scope of the present invention. Therefore, all it will be apparent to those skilled in the art Change, all be included within the covering scope of these claims.

Claims (13)

1. an electronic bank identification method comprises and utilizes system's private key that biological information is the secret signature of first functional value of input, generation private key for user; Utilize private key for user to treat and sign the second functional value signature of message for input; Utilize biological information and system's PKI of storage in advance that signature is verified.
2. electronic bank identification method as claimed in claim 1 is characterized in that described first function and/or second function are hash functions.
3. electronic bank identification method as claimed in claim 1 is characterized in that the be combined as input of described first function with biological information and temporal information.
4. electronic bank identification method as claimed in claim 1, it is characterized in that utilizing private key for user to treat signing message to comprise the generation random number for the step of second functional value signature of input, utilize the random number process private key for user, and utilize the private key for user signature after handling; Described method comprises utilizes this random number of system's public-key process to produce first parameter; The step of described signature verification is carried out based on described first parameter.
5. electronic bank identification method as claimed in claim 4 is characterized in that described second function is to wait to sign the input that is combined as of message and described first parameter.
6. electronic bank identification method as claimed in claim 1 is characterized in that described system PKI and system's private key are multiplicative inverses.
7. as claim 3 or 5 described electronic bank identification methods, it is characterized in that described combination forms by connected mode.
8. electronic bank identification method as claimed in claim 1 is characterized in that comprising depositing the described signature that utilizes private key for user to treat and obtain in the step of label message for second functional value signature of input in background server, as transaction endorsement file.
9. e-bank's Verification System comprises smart card, the machine for punching the card with terminal that smart card is read and write, the server that links to each other with machine for punching the card by network;
Machine for punching the card receives biological information by terminal, and utilizing system's private key is secret signature of first functional value of input to biological information, produces private key for user, and deposits private key for user in smart card;
Smart card utilizes private key for user to treat and signs the second functional value signature of message for input, and the message after will signing sends to server by machine for punching the card;
The biological information that server by utilizing is stored in advance and system's PKI are verified signature.
10. e-bank as claimed in claim 9 Verification System, it is characterized in that smart card comprises random number generator, be used to produce random number, smart card utilizes the random number process private key for user, and utilizing the private key for user after handling to sign, smart card utilizes this random number of system's public-key process to produce first parameter; The checking that server is signed based on described first parameter.
11. e-bank as claimed in claim 9 Verification System, it is characterized in that described machine for punching the card comprises mates smart card personal identity number and input biological characteristic respectively, starts the device of smart card under the situation of both couplings.
12. a smart card that is used for e-bank's Verification System, described e-bank Verification System comprises smart card, the machine for punching the card with terminal that smart card is read and write, the server that links to each other with machine for punching the card by network;
Described smart cards for storage has private key for user, and it is that the secret signature of importing of first functional value produces to biological information that described private key for user utilizes system's private key by machine for punching the card;
Smart card utilizes private key for user to treat and signs the second functional value signature of message for input, and the message after will signing sends to server by machine for punching the card, so that the biological information that server by utilizing is stored in advance and system's PKI are verified signature.
13. smart card as claimed in claim 12, it is characterized in that comprising random number generator, be used to produce random number, smart card utilizes the random number process private key for user, and utilizing the private key for user after handling to sign, smart card utilizes this random number of system's public-key process to produce first parameter; The checking that server is signed based on described first parameter.
CNB200610061487XA 2006-07-03 2006-07-03 Electronic bank identification method, system and intelligent card adopting the method Expired - Fee Related CN100511292C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB200610061487XA CN100511292C (en) 2006-07-03 2006-07-03 Electronic bank identification method, system and intelligent card adopting the method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB200610061487XA CN100511292C (en) 2006-07-03 2006-07-03 Electronic bank identification method, system and intelligent card adopting the method

Publications (2)

Publication Number Publication Date
CN101101686A true CN101101686A (en) 2008-01-09
CN100511292C CN100511292C (en) 2009-07-08

Family

ID=39035951

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB200610061487XA Expired - Fee Related CN100511292C (en) 2006-07-03 2006-07-03 Electronic bank identification method, system and intelligent card adopting the method

Country Status (1)

Country Link
CN (1) CN100511292C (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268437A (en) * 2013-05-10 2013-08-28 飞天诚信科技股份有限公司 Method for improving safety of signed data
CN106022037A (en) * 2016-05-11 2016-10-12 湖南财政经济学院 Financial terminal authentication method and device
WO2017032263A1 (en) * 2015-08-27 2017-03-02 阿里巴巴集团控股有限公司 Identity authentication method and apparatus
CN107133755A (en) * 2009-10-08 2017-09-05 崔云虎 Utilize bio-identification card and CSD tracking containers and the system of logistics
CN107947934A (en) * 2017-11-08 2018-04-20 中国银行股份有限公司 The fingerprint recognition Verification System and method of mobile terminal based on banking system
CN113472521A (en) * 2020-03-30 2021-10-01 山东浪潮质量链科技有限公司 Block chain-based real-name digital identity management method, signature device and verification device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2321741B (en) * 1997-02-03 2000-10-04 Certicom Corp Data card verification system
AUPQ702900A0 (en) * 2000-04-20 2000-05-18 Grosvenor Leisure Incorporated Secure biometric loop
CN1319010C (en) * 2003-03-26 2007-05-30 祥群科技股份有限公司 Card type biological in\dentification device and method

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107133755A (en) * 2009-10-08 2017-09-05 崔云虎 Utilize bio-identification card and CSD tracking containers and the system of logistics
CN107133755B (en) * 2009-10-08 2021-07-23 崔云虎 System for tracking containers and logistics using biometric identification cards and CSDs
CN103268437A (en) * 2013-05-10 2013-08-28 飞天诚信科技股份有限公司 Method for improving safety of signed data
CN103268437B (en) * 2013-05-10 2016-02-24 飞天诚信科技股份有限公司 A kind of method improving signed data security
WO2017032263A1 (en) * 2015-08-27 2017-03-02 阿里巴巴集团控股有限公司 Identity authentication method and apparatus
US11294993B2 (en) 2015-08-27 2022-04-05 Advanced New Technologies Co., Ltd. Identity authentication using biometrics
CN106022037A (en) * 2016-05-11 2016-10-12 湖南财政经济学院 Financial terminal authentication method and device
CN107947934A (en) * 2017-11-08 2018-04-20 中国银行股份有限公司 The fingerprint recognition Verification System and method of mobile terminal based on banking system
CN107947934B (en) * 2017-11-08 2021-07-30 中国银行股份有限公司 Fingerprint identification and authentication system and method of mobile terminal based on bank system
CN113472521A (en) * 2020-03-30 2021-10-01 山东浪潮质量链科技有限公司 Block chain-based real-name digital identity management method, signature device and verification device

Also Published As

Publication number Publication date
CN100511292C (en) 2009-07-08

Similar Documents

Publication Publication Date Title
CA2196356C (en) Transaction verification protocol for smart cards
CN101651675B (en) By the method and system that authentication code is verified client
CN100511292C (en) Electronic bank identification method, system and intelligent card adopting the method
US20070118736A1 (en) Customization of a bank card for other applications
CN111656732A (en) Device for storing a digital key for signing transactions on a blockchain
US20070118753A1 (en) Customization of an electronic circuit
CN101842795A (en) System, method and device for enabling interaction with dynamic security
CN103955733A (en) Electronic identity card chip card, card reader and electronic identity card verification system and method
CN104376465A (en) Safe mobile payment method
CN112036847A (en) Anti-counterfeiting verification method and system for offline payment of digital currency
CN101582761B (en) Identity authentication method adopting password firewall
US7083089B2 (en) Off-line PIN verification using identity-based signatures
US20190108521A1 (en) Unpredictable number generation
CN102136057A (en) 2.4G/13.56M safety radio frequency card reader and authentication method thereof
JP2007298985A (en) Method for implementing pki application of bank card on computer
CN111914308B (en) Method for signing mobile data by using CA certificate in smart card
CN106936800A (en) The method and apparatus for monitoring the number of downloads of application
Golovashych The technology of identification and authentication of financial transactions. from smart cards to NFC-terminals
Munjal et al. Secure and cost effective transaction model for financial services
CN101697204B (en) Electronic signature
Lee et al. Smart card based off-line micropayment framework using mutual authentication scheme
Abd Elwahab et al. A security layer for smart card applications authentication
CN201604388U (en) Financial instrument including electronic paper
CN201583975U (en) Multifunctional signature device
CN201946057U (en) Equipment for authenticating signature on information medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090708

Termination date: 20200703