CN101101686A - Electronic bank authentication method, system and smart card using the method - Google Patents

Electronic bank authentication method, system and smart card using the method Download PDF

Info

Publication number
CN101101686A
CN101101686A CNA200610061487XA CN200610061487A CN101101686A CN 101101686 A CN101101686 A CN 101101686A CN A200610061487X A CNA200610061487X A CN A200610061487XA CN 200610061487 A CN200610061487 A CN 200610061487A CN 101101686 A CN101101686 A CN 101101686A
Authority
CN
China
Prior art keywords
private key
smart card
user
electronic bank
bank authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA200610061487XA
Other languages
Chinese (zh)
Other versions
CN100511292C (en
Inventor
曹珍富
董晓蕾
周渊
郑志彬
位继伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Shanghai Jiao Tong University
Original Assignee
Huawei Technologies Co Ltd
Shanghai Jiao Tong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd, Shanghai Jiao Tong University filed Critical Huawei Technologies Co Ltd
Priority to CNB200610061487XA priority Critical patent/CN100511292C/en
Publication of CN101101686A publication Critical patent/CN101101686A/en
Application granted granted Critical
Publication of CN100511292C publication Critical patent/CN100511292C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本发明提供一种电子银行认证方法,采用该方法的电子银行认证系统和智能卡。所述电子银行认证系统包括智能卡,对智能卡进行读写的具有终端的刷卡机,通过网络和刷卡机相连的服务器;刷卡机通过终端接收生物特征信息,利用系统私钥对生物特征信息为输入的第一函数值秘密签名,产生用户私钥,并且将用户私钥存入智能卡;智能卡利用用户私钥对待签消息为输入的第二函数值签名,并且将签名后的消息通过刷卡机发送给服务器;服务器利用预先存储的生物特征信息和系统公钥对签名进行验证。

The invention provides an electronic bank authentication method, an electronic bank authentication system and a smart card using the method. The electronic bank authentication system includes a smart card, a card reader with a terminal for reading and writing the smart card, and a server connected to the card reader through the network; the card reader receives biometric information through the terminal, and uses the system private key to input the biometric information. The first function value is secretly signed to generate the user's private key, and the user's private key is stored in the smart card; the smart card uses the user's private key to sign the second function value of the message to be signed, and sends the signed message to the server through the card reader ; The server uses the pre-stored biometric information and system public key to verify the signature.

Description

电子银行认证方法,及采用该方法的系统和智能卡Electronic bank authentication method, and system and smart card using the method

技术领域technical field

本发明涉及保密通信,具体地说涉及电子银行认证方法,采用该方法的电子银行认证系统和智能卡。The present invention relates to secure communication, in particular to an electronic bank authentication method, an electronic bank authentication system using the method and a smart card.

背景技术Background technique

随着全球信息网络的建立和完善,电子银行的发展已经成为不可阻挡的潮流。为广大客户提供多渠道多形式的网络金融服务,大大突破和延伸了传统银行柜台业务。与传统银行业相比,电子银行具有极大的优势。首先,电子银行采用了全新的运营模式;其次,电子银行成本低、效率高。因此,它在全球的发展十分迅猛。然而,由于电子银行交易双方——银行与客户互不见面,使得这种交易既方便又存在一定的安全隐患。对于交易双方来说,信息传递的私密性、真实完整性和不可否认性都是影响交易安全的关键因素。With the establishment and improvement of the global information network, the development of electronic banking has become an irresistible trend. Provide customers with multi-channel and multi-form online financial services, greatly breaking through and extending the traditional bank counter business. Compared with traditional banking, electronic banking has great advantages. Firstly, electronic banking adopts a brand-new operation mode; secondly, electronic banking has low cost and high efficiency. Therefore, it is developing very rapidly in the world. However, since the two sides of the electronic banking transaction——the bank and the customer do not meet each other, this transaction is convenient but also has certain security risks. For both parties to a transaction, the privacy, integrity and non-repudiation of information transmission are key factors affecting transaction security.

正是出于安全性和易用性的考虑,智能卡在近些年受到了金融行业的广泛应用。银行卡智能化的快速兴起主要来自这样几个方面的驱动力:第一,智能卡跨行业应用越来越广泛;第二,现金交易逐渐减少;第三,信用卡欺诈活动日益猖獗;第四,全球智能卡支付系统日益普及。但是,目前对于智能卡的保护基本上是基于口令的方式。为了不遗忘口令,用户往往采用简单易记的口令,这就削弱了系统的安全性。同时,用户遗忘口令的现象也时有发生。并且,口令与用户的身份并不能绑定,获得口令的人都可以利用信用卡进行消费。It is for security and ease of use considerations that smart cards have been widely used in the financial industry in recent years. The rapid rise of bank card intelligence is mainly driven by the following aspects: first, smart cards are more and more widely used across industries; second, cash transactions are gradually decreasing; third, credit card fraud is becoming more and more rampant; fourth, the global Smart card payment systems are gaining popularity. However, the current protection of smart cards is basically based on passwords. In order not to forget passwords, users often use simple and easy-to-remember passwords, which weakens the security of the system. At the same time, the phenomenon that the user forgets the password also occurs from time to time. Moreover, the password cannot be bound to the user's identity, and anyone who obtains the password can use the credit card for consumption.

图1是一种现有技术的电子银行认证的流程图。Fig. 1 is a flow chart of electronic bank authentication in the prior art.

如图1所示,在步骤1,用户通过刷卡,输入帐户信息;As shown in Figure 1, in step 1, the user enters the account information by swiping the card;

步骤2,用户从前台键盘输入帐户密码(口令),将用户密码(口令)送入后台服务器,实施认证过程;Step 2, the user enters the account password (password) from the front keyboard, and the user password (password) is sent to the background server to implement the authentication process;

步骤3,利用卡内的秘密k,与后台服务器通过认证协议进行认证;Step 3, use the secret k in the card to authenticate with the background server through an authentication protocol;

步骤4,一旦认证通过就按照用户的合理意愿,完成合理交易。Step 4, once the authentication is passed, complete a reasonable transaction according to the user's reasonable wishes.

这里,卡内的秘密k以两种情况存在:(1)在对称密码环境中,k是智能卡与后台服务器的共享秘密;(2)在公钥密码环境中,k是用户私钥,相应的,在后台服务器,存有与此私钥对应的公钥证书。Here, the secret k in the card exists in two situations: (1) in the symmetric cryptographic environment, k is the shared secret between the smart card and the background server; (2) in the public key cryptographic environment, k is the user’s private key, and the corresponding , in the background server, there is a public key certificate corresponding to this private key.

图2是另一种现有技术的电子银行认证的流程图。Fig. 2 is another flow chart of electronic bank authentication in the prior art.

如图2所示,在步骤1,用户通过刷卡,输入帐户信息;As shown in Figure 2, in step 1, the user enters the account information by swiping the card;

在步骤2,用户从前台键盘输入智能卡个人鉴别码(PIN码),启动智能卡;In step 2, the user enters the smart card personal identification code (PIN code) from the keyboard at the front desk to start the smart card;

在步骤3,利用卡内的秘密k,与后台服务器进行认证协议;In step 3, use the secret k in the card to carry out an authentication protocol with the background server;

在步骤4,一旦认证通过就按照用户的合理意愿,完成合理交易。In step 4, once the authentication is passed, a reasonable transaction is completed according to the user's reasonable wishes.

显然,第二种现有技术的方案较第一种现有技术的方案合理,而且安全性要高。Apparently, the second prior art solution is more reasonable than the first prior art solution, and has higher security.

在现有的技术中,IC卡和口令的组合实际就是启动银行业务的钥匙。然而,用户在设置口令的时候,往往以“生日”、“名字”,以及其他容易记忆的数字和/或字母组合作为口令。而且在用户输入口令的时候,可能遭遇摄像机的拍摄。因此,智能卡遗失后,用户帐户很可能被盗用。而且,原有系统的网络认证的趋势是采取较方便认证的公钥密码技术,但这需要银行建立公钥基础设施(PKI)以实现对数字证书的管理和使用。例如,我国的“中国人民银行”很多年前就投资开发了CA(数字证书)系统。但这更加繁琐且开销昂贵。In the existing technology, the combination of IC card and password is actually the key to start banking business. However, when users set passwords, they often use "birthday", "name", and other easily memorized numbers and/or letter combinations as passwords. And when the user enters the password, it may encounter the shooting of the camera. Therefore, when the smart card is lost, the user account is likely to be compromised. Moreover, the network authentication trend of the original system is to adopt the public key cryptography technology which is more convenient for authentication, but this requires the bank to establish a public key infrastructure (PKI) to realize the management and use of digital certificates. For example, my country's "People's Bank of China" invested in the development of a CA (digital certificate) system many years ago. But this is more tedious and expensive.

发明内容Contents of the invention

本发明的目的是在不破坏原有系统的功能的基础上,增强系统的安全性,而且改进的新系统与原有系统可以完全兼容。The purpose of the present invention is to enhance the security of the system without destroying the functions of the original system, and the improved new system is fully compatible with the original system.

具体而言,在本发明方案中,引入了生物特征。生物特征的作用是双重的,既配合口令实施智能卡本地认证,又可利用生物特征实施远程网络认证。最终要求实现两个目标:(1)智能卡本地认证不仅仅依靠口令,还要利用生物特征信息;(2)在与后台服务器进行的网络认证时,采用以生物特征为公钥的身份基密码技术,从而达到无需数字证书及其相应的而且昂贵的公钥基础设施的目的。Specifically, in the solution of the present invention, biometric features are introduced. The function of biometric feature is double, it not only cooperates with password to implement smart card local authentication, but also utilizes biometric feature to implement remote network authentication. The final requirement is to achieve two goals: (1) Local authentication of smart cards not only relies on passwords, but also uses biometric information; (2) In the network authentication with the background server, identity-based cryptography using biometrics as the public key is used , so as to achieve the purpose of eliminating the need for digital certificates and their corresponding and expensive public key infrastructure.

根据第一方面,本发明提供一种电子银行认证方法,包括利用系统私钥对生物特征信息为输入的第一函数值秘密签名,产生用户私钥;利用用户私钥对待签消息为输入的第二函数值签名;利用预先存储的生物特征信息和系统公钥对签名进行验证。According to the first aspect, the present invention provides an electronic bank authentication method, including using the system private key to secretly sign the first function value of the biometric information as input, and generating the user private key; using the user private key as the input of the message to be signed Two-function value signature; use pre-stored biometric information and system public key to verify the signature.

根据第二方面,提供一种电子银行认证系统,包括智能卡,对智能卡进行读写的具有终端的刷卡机,通过网络和刷卡机相连的服务器;刷卡机通过终端接收生物特征信息,利用系统私钥对生物特征信息为输入的第一函数值秘密签名,产生用户私钥,并且将用户私钥存入智能卡;智能卡利用用户私钥对待签消息为输入的第二函数值签名,并且将签名后的消息通过刷卡机发送给服务器;服务器利用预先存储的生物特征信息和系统公钥对签名进行验证。According to the second aspect, an electronic bank authentication system is provided, including a smart card, a card reader with a terminal for reading and writing the smart card, and a server connected to the card reader through the network; the card reader receives biometric information through the terminal, and uses the system private key Secretly sign the first function value of the biometric information as the input, generate the user private key, and store the user private key in the smart card; the smart card uses the user private key to sign the second function value of the message to be signed as the input, and the signed The message is sent to the server through the card reader; the server uses the pre-stored biometric information and system public key to verify the signature.

根据第三方面,提供一种用于电子银行认证系统的智能卡,所述电子银行认证系统包括智能卡,对智能卡进行读写的具有终端的刷卡机,通过网络和刷卡机相连的服务器;所述智能卡存储有用户私钥,所述用户私钥由刷卡机利用系统私钥对生物特征信息为输入的第一函数值秘密签名而产生;智能卡利用用户私钥对待签消息为输入的第二函数值签名,并且将签名后的消息通过刷卡机发送给服务器,以便服务器利用预先存储的生物特征信息和系统公钥对签名进行验证。According to a third aspect, there is provided a smart card for an electronic bank authentication system, the electronic bank authentication system includes a smart card, a card reader with a terminal for reading and writing the smart card, and a server connected to the card reader through a network; the smart card The user's private key is stored, and the user's private key is generated by the card reader using the system private key to secretly sign the first function value of the biometric information as the input; the smart card uses the user's private key to sign the second function value of the message to be signed as the input , and send the signed message to the server through the card reader, so that the server can use the pre-stored biometric information and system public key to verify the signature.

本发明采用了基于生物特征的认证系统,不仅可以完成高效安全的电子交易,而且由于基于生物特征的特殊性,用户的身份与生物特征是唯一绑定的。这样即使他人获得智能卡,也无法完成认证操作。同时,用户也可以选择无需记忆任何口令的方式。由于我们采用了有效的身份基密码技术来实现网络认证,所以省略了开销昂贵的公钥基础设施建设。The invention adopts an authentication system based on biometric features, which not only can complete efficient and safe electronic transactions, but also because of the particularity based on biometric features, the user's identity and biometric features are uniquely bound. In this way, even if another person obtains the smart card, the authentication operation cannot be completed. At the same time, the user can also choose a method that does not need to memorize any password. Since we use effective identity-based cryptography to implement network authentication, expensive public key infrastructure construction is omitted.

附图说明Description of drawings

下面将通过举例参照附图对本发明进行更详细的说明,图中:The present invention will be described in more detail below by way of example with reference to the accompanying drawings, in the figure:

图1是一种现有技术的电子银行认证的流程图;Fig. 1 is a flow chart of electronic bank authentication in the prior art;

图2是另一种现有技术的电子银行认证的流程图;FIG. 2 is a flow chart of another electronic bank authentication in the prior art;

图3是根据本发明的一种实施方案的电子银行认证的流程图。FIG. 3 is a flowchart of electronic bank authentication according to an embodiment of the present invention.

具体实施方式Detailed ways

图3是根据本发明的一种实施方案的电子银行认证的流程图。需要说明的是,在实施本发明的电子银行认证方法之前,用户需要向银行注册,将原始生物特征存入智能卡和后台服务器。另外,刷卡机中有系统私钥mk。FIG. 3 is a flowchart of electronic bank authentication according to an embodiment of the present invention. It should be noted that, before implementing the electronic bank authentication method of the present invention, the user needs to register with the bank, and store the original biometric features in the smart card and the background server. In addition, there is a system private key mk in the credit card machine.

如图3所示,电子银行系统包括智能卡,具有前台终端的刷卡机,和后台服务器。后台服务器和刷卡机通过网络相连。As shown in Figure 3, the electronic banking system includes a smart card, a credit card machine with a front terminal, and a background server. The background server and the credit card machine are connected through the network.

在步骤1,用户通过刷卡,输入帐户信息。In step 1, the user enters the account information by swiping the card.

在步骤2,用户从前台键盘输入智能卡个人鉴别码(PIN码),以及输入生物特征,只有两者都匹配才能启动智能卡。In step 2, the user enters the smart card personal identification number (PIN code) from the front keyboard, and enters the biometric feature, and the smart card can only be activated if both match.

在步骤3,刷卡机利用系统私钥mk为用户生成与交易日期和生物特征对应的临时认证私钥tk,即用户私钥,然后将tk导入卡中。In step 3, the card reader uses the system private key mk to generate a temporary authentication private key tk corresponding to the transaction date and biological characteristics for the user, that is, the user's private key, and then imports tk into the card.

在步骤4,刷卡机将用户的意愿按某种固定格式转换成消息m,利用导入智能卡中的tk对消息m进行基于身份的数字签名,并通过后台服务器存储的用户原始生物特征进行验证。In step 4, the card reader converts the user's wishes into a message m in a certain fixed format, uses the tk imported into the smart card to perform an identity-based digital signature on the message m, and verifies the user's original biometrics stored in the background server.

在步骤5,一旦验证通过就按照用户的意愿,完成合理交易。In step 5, once the verification is passed, a reasonable transaction is completed according to the user's wishes.

在步骤6,将利用tk进行的基于身份的数字签名存入后台服务器,作为交易背书文件。背书文件可以在规定期限后销毁。In step 6, the identity-based digital signature using tk is stored in the background server as a transaction endorsement document. Endorsement documents can be destroyed after a specified period.

下文说明基于身份的具体数字签名算法。The specific digital signature algorithm based on identity is described below.

根据本发明,基于身份的签名算法是由系统参数产生算法S、私钥提取算法Ext、签名算法Sig、验证算法Ver四个算法组成。这四个算法描述如下:According to the present invention, the identity-based signature algorithm is composed of four algorithms: a system parameter generation algorithm S, a private key extraction algorithm Ext, a signature algorithm Sig, and a verification algorithm Ver. The four algorithms are described as follows:

系统参数产生算法S:产生系统参数。System parameter generation algorithm S: generate system parameters.

算法如下:The algorithm is as follows:

步骤1:系统随机生成两个大小不同且大小相近的大素数p和q,其中,p和q都是强素数。Step 1: The system randomly generates two large prime numbers p and q with different sizes and similar sizes, where p and q are both strong prime numbers.

步骤2:计算n=pq和φ=(p-1)(q-1)。Step 2: Calculate n=pq and φ=(p-1)(q-1).

步骤3:选取整数e,1<e<φ,且e与φ互素。Step 3: Select an integer e, 1<e<φ, and e and φ are mutually prime.

步骤4:使用扩展欧几里德算法计算满足ed≡1mod(φ)的唯一整数d,1<d<φ。这里,整数e和d是乘法逆元。需要说明,整数e和d也可以采用其它方式确定。Step 4: Use the extended Euclidean algorithm to calculate the unique integer d satisfying ed≡1mod(φ), 1<d<φ. Here, the integers e and d are multiplicative inverses. It should be noted that the integers e and d may also be determined in other ways.

步骤5:选取哈希函数 H : { 0,1 } * &RightArrow; Z n * 。需要说明,其它的签名函数也是可行的。Step 5: Pick a Hash Function h : { 0,1 } * &Right Arrow; Z no * . It should be noted that other signature functions are also feasible.

步骤6:系统公共参数为(n,e,H),私钥mk为d。系统公钥为e。Step 6: The system public parameters are (n, e, H), and the private key mk is d. The system public key is e.

私钥提取算法Ext:利用系统私钥对生物特征信息为输入的签名函数值秘密签名,产生用户私钥。Private key extraction algorithm Ext: Use the system private key to secretly sign the biometric information as the input signature function value to generate the user private key.

给定用户的生物特征信息ID∈{0,1}*和时间信息t,算法如下:Given a user’s biometric information ID ∈ {0, 1} * and time information t, the algorithm is as follows:

步骤1:计算PID=H(ID||t),其中||表示字符串的连接符。这里,生物特征信息是必要的输入。需要说明,生物特征信息和时间信息可以采用其它的组合方式,比如与、或的方式。Step 1: Calculate P ID =H(ID||t), where || represents a connector of a character string. Here, biometric information is a necessary input. It should be noted that biometric information and time information may be combined in other ways, such as and or or.

步骤2:计算SID=(PID)dmod(n)。Step 2: Calculate S ID = (P ID ) d mod (n).

步骤3:SID就是生物特征信息ID和时间信息t对应的私钥tk。Step 3: S ID is the private key tk corresponding to biometric information ID and time information t.

签名算法Sig:利用用户私钥对待签消息为输入的签名函数值签名。需要说明,这里的签名函数可以采用与私钥提取算法不同的签名算法。Signature algorithm Sig: Use the user's private key to sign the signature function value of the input message. It should be noted that the signature function here may adopt a signature algorithm different from the private key extraction algorithm.

对于待签的消息m,算法如下:For the message m to be signed, the algorithm is as follows:

步骤1:随机选取整数r∈Zn。选取操作可以由随机数发生装置完成。Step 1: Randomly select an integer r∈Z n . The selection operation can be completed by a random number generator.

步骤2:计算α=remod(n)。Step 2: Calculate α= re mod(n).

步骤3:计算h=H(m||α),其中||表示字符串的连接符。这里,待签消息是必要的输入。需要说明,待签消息和参数α之间可以采用其它的组合方式,比如与、或的方式。Step 3: Calculate h=H(m||α), where || represents a connector of a character string. Here, the message to be signed is a necessary input. It should be noted that other combinations may be used between the message to be signed and the parameter α, such as and, or.

步骤4:计算β=(r·SID)hmod(n)。Step 4: Calculate β=(r·S ID ) h mod (n).

步骤5:(α,β)就是针对消息m的签名。Step 5: (α, β) is the signature for message m.

验证算法Ver:利用预先存储的生物特征信息和系统公钥对签名进行验证。Verification Algorithm Ver: Use the pre-stored biometric information and system public key to verify the signature.

对于签名(α,β),利用ID,t,验证算法如下:For the signature (α, β), using ID, t, the verification algorithm is as follows:

步骤1:计算PID=H(ID||t)Step 1: Calculate P ID = H(ID||t)

步骤2:计算h=H(m||α)。Step 2: Calculate h=H(m||α).

步骤3:验证βe=(α·PID)hmod(n)是否成立。如果成立,输出1表示接受这个签名,否则输出0,表示拒绝这个签名。Step 3: Verify whether β e =(α·P ID ) h mod(n) holds. If true, output 1 to accept the signature, otherwise output 0 to reject the signature.

本发明可以在不改动原有系统架构的基础上增加系统的安全性。安全性的增强具体表现在生物特征信息的一举多用和可实现的、有效的、可证安全的身份基密码技术的应用。本发明的方案具有如下的特点:(1)对智能卡的保护不仅仅依赖口令,而且利用生物特征识别;(2)生物特征信息作为用户的身份信息,利用可实现的、有效的、可证安全的身份基密码技术实现网络认证;(3)交易完成后的背书文件在网络认证时一次完成;(4)由于本发明利用生物特征作为用户的身份,利用身份基密码技术进行网络认证和数字签名,所以可以省去通常实现公钥密码算法所依赖的公钥基础设施的昂贵开销。The invention can increase the security of the system without changing the original system architecture. The enhancement of security is embodied in the multiple uses of biometric information and the application of realizable, effective, and provably safe identity-based cryptography. The solution of the present invention has the following characteristics: (1) the protection of the smart card not only depends on the password, but also utilizes biometric identification; (3) the endorsement file after the transaction is completed is completed once in the network authentication; (4) because the present invention utilizes the biometric feature as the identity of the user, the identity-based cryptographic technology is used to carry out network authentication and digital signature , so the expensive overhead of the public key infrastructure that is usually used to implement public key cryptographic algorithms can be saved.

显而易见,在此描述的本发明可以有许多变化,这种变化不能认为偏离本发明的精神和范围。因此,所有对本领域技术人员显而易见的改变,都包括在本权利要求书的涵盖范围之内。It will be apparent that the invention described herein may be varied in many ways, and such variations are not to be regarded as departing from the spirit and scope of the invention. Therefore, all changes obvious to those skilled in the art are included within the scope of the claims.

Claims (13)

1.一种电子银行认证方法,包括利用系统私钥对生物特征信息为输入的第一函数值秘密签名,产生用户私钥;利用用户私钥对待签消息为输入的第二函数值签名;利用预先存储的生物特征信息和系统公钥对签名进行验证。1. An electronic bank authentication method, comprising using the system private key to secretly sign the first function value of the biometric information as input to generate the user's private key; utilizing the user's private key to sign the second function value of the message to be signed; using The pre-stored biometric information and system public key verify the signature. 2.如权利要求1所述的电子银行认证方法,其特征在于所述第一函数和/或第二函数是哈希函数。2. The electronic bank authentication method according to claim 1, characterized in that the first function and/or the second function is a hash function. 3.如权利要求1所述的电子银行认证方法,其特征在于所述第一函数以生物特征信息和时间信息的组合为输入。3. The electronic bank authentication method according to claim 1, characterized in that the first function takes a combination of biometric information and time information as input. 4.如权利要求1所述的电子银行认证方法,其特征在于利用用户私钥对待签消息为输入的第二函数值签名的步骤包括产生随机数,利用随机数处理用户私钥,以及利用处理后的用户私钥签名;所述方法包括利用系统公钥处理该随机数产生第一参数;所述签名验证的步骤基于所述第一参数进行。4. The electronic bank authentication method as claimed in claim 1, wherein the step of using the user private key to sign the second function value input to the message to be signed comprises generating a random number, processing the user private key with the random number, and using the processing Signature with the user's private key; the method includes using the system public key to process the random number to generate a first parameter; the signature verification step is performed based on the first parameter. 5.如权利要求4所述的电子银行认证方法,其特征在于所述第二函数以待签消息和所述第一参数的组合为输入。5. The electronic bank authentication method according to claim 4, characterized in that the second function takes the combination of the message to be signed and the first parameter as input. 6.如权利要求1所述的电子银行认证方法,其特征在于所述系统公钥和系统私钥是乘法逆元。6. The electronic bank authentication method according to claim 1, characterized in that said system public key and system private key are multiplicative inverse elements. 7.如权利要求3或5所述的电子银行认证方法,其特征在于所述组合通过连接方式形成。7. The electronic bank authentication method according to claim 3 or 5, characterized in that said combination is formed by connection. 8.如权利要求1所述的电子银行认证方法,其特征在于包括将所述利用用户私钥对待签消息为输入的第二函数值签名的步骤中得到的签名存入后台服务器,作为交易背书文件。8. The electronic bank authentication method as claimed in claim 1, characterized in that it comprises storing the signature obtained in the step of signing the second function value input to the message to be signed using the user's private key into the background server as a transaction endorsement document. 9.一种电子银行认证系统,包括智能卡,对智能卡进行读写的具有终端的刷卡机,通过网络和刷卡机相连的服务器;9. An electronic bank authentication system, including a smart card, a card reader with a terminal for reading and writing the smart card, and a server connected to the card reader through a network; 刷卡机通过终端接收生物特征信息,利用系统私钥对生物特征信息为输入的第一函数值秘密签名,产生用户私钥,并且将用户私钥存入智能卡;The card reader receives the biometric information through the terminal, uses the system private key to secretly sign the first function value inputted by the biometric information, generates the user's private key, and stores the user's private key into the smart card; 智能卡利用用户私钥对待签消息为输入的第二函数值签名,并且将签名后的消息通过刷卡机发送给服务器;The smart card uses the user's private key to sign the second function value input to the message to be signed, and sends the signed message to the server through the card reader; 服务器利用预先存储的生物特征信息和系统公钥对签名进行验证。The server uses pre-stored biometric information and system public key to verify the signature. 10.如权利要求9所述的电子银行认证系统,其特征在于智能卡包括随机数发生装置,用于产生随机数,智能卡利用随机数处理用户私钥,以及利用处理后的用户私钥签名,智能卡利用系统公钥处理该随机数产生第一参数;服务器基于所述第一参数进行签名的验证。10. The electronic bank authentication system as claimed in claim 9, wherein the smart card includes a random number generator for generating random numbers, the smart card uses the random number to process the user's private key, and utilizes the processed user's private key to sign, the smart card The system public key is used to process the random number to generate a first parameter; the server performs signature verification based on the first parameter. 11.如权利要求9所述的电子银行认证系统,其特征在于所述刷卡机包括分别匹配智能卡个人鉴别码和输入生物特征,在两者都匹配的情况下启动智能卡的装置。11. The electronic bank authentication system as claimed in claim 9, wherein the card reader includes a device for matching the smart card personal identification code and the input biometric feature respectively, and activating the smart card when both are matched. 12.一种用于电子银行认证系统的智能卡,所述电子银行认证系统包括智能卡,对智能卡进行读写的具有终端的刷卡机,通过网络和刷卡机相连的服务器;12. A smart card for an electronic bank authentication system, the electronic bank authentication system comprising a smart card, a card reader with a terminal for reading and writing the smart card, and a server connected to the card reader through a network; 所述智能卡存储有用户私钥,所述用户私钥由刷卡机利用系统私钥对生物特征信息为输入的第一函数值秘密签名而产生;The smart card stores the user's private key, and the user's private key is generated by the card swiping machine using the system private key to secretly sign the first function value input to the biometric information; 智能卡利用用户私钥对待签消息为输入的第二函数值签名,并且将签名后的消息通过刷卡机发送给服务器,以便服务器利用预先存储的生物特征信息和系统公钥对签名进行验证。The smart card uses the user's private key to sign the second function value of the message to be signed, and sends the signed message to the server through the card reader, so that the server uses the pre-stored biometric information and the system public key to verify the signature. 13.如权利要求12所述的智能卡,其特征在于包括随机数发生装置,用于产生随机数,智能卡利用随机数处理用户私钥,以及利用处理后的用户私钥签名,智能卡利用系统公钥处理该随机数产生第一参数;服务器基于所述第一参数进行签名的验证。13. The smart card as claimed in claim 12, characterized in that it includes a random number generator for generating random numbers, the smart card uses the random number to process the user's private key, and uses the processed user's private key to sign, the smart card uses the system public key The random number is processed to generate a first parameter; the server performs signature verification based on the first parameter.
CNB200610061487XA 2006-07-03 2006-07-03 Electronic bank identification method, system and intelligent card adopting the method Expired - Fee Related CN100511292C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB200610061487XA CN100511292C (en) 2006-07-03 2006-07-03 Electronic bank identification method, system and intelligent card adopting the method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB200610061487XA CN100511292C (en) 2006-07-03 2006-07-03 Electronic bank identification method, system and intelligent card adopting the method

Publications (2)

Publication Number Publication Date
CN101101686A true CN101101686A (en) 2008-01-09
CN100511292C CN100511292C (en) 2009-07-08

Family

ID=39035951

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB200610061487XA Expired - Fee Related CN100511292C (en) 2006-07-03 2006-07-03 Electronic bank identification method, system and intelligent card adopting the method

Country Status (1)

Country Link
CN (1) CN100511292C (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103268437A (en) * 2013-05-10 2013-08-28 飞天诚信科技股份有限公司 Method for improving safety of signed data
CN106022037A (en) * 2016-05-11 2016-10-12 湖南财政经济学院 Financial terminal authentication method and device
WO2017032263A1 (en) * 2015-08-27 2017-03-02 阿里巴巴集团控股有限公司 Identity authentication method and apparatus
CN107133755A (en) * 2009-10-08 2017-09-05 崔云虎 Utilize bio-identification card and CSD tracking containers and the system of logistics
CN107947934A (en) * 2017-11-08 2018-04-20 中国银行股份有限公司 The fingerprint recognition Verification System and method of mobile terminal based on banking system
CN113472521A (en) * 2020-03-30 2021-10-01 山东浪潮质量链科技有限公司 Block chain-based real-name digital identity management method, signature device and verification device

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2321741B (en) * 1997-02-03 2000-10-04 Certicom Corp Data card verification system
JPH11316543A (en) 1998-02-13 1999-11-16 Matsushita Electric Ind Co Ltd Card data authentication system
AUPQ702900A0 (en) * 2000-04-20 2000-05-18 Grosvenor Leisure Incorporated Secure biometric loop
CN1319010C (en) * 2003-03-26 2007-05-30 祥群科技股份有限公司 Card type biometric identification device and method

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107133755A (en) * 2009-10-08 2017-09-05 崔云虎 Utilize bio-identification card and CSD tracking containers and the system of logistics
CN107133755B (en) * 2009-10-08 2021-07-23 崔云虎 System for tracking containers and logistics using biometric identification cards and CSDs
CN103268437A (en) * 2013-05-10 2013-08-28 飞天诚信科技股份有限公司 Method for improving safety of signed data
CN103268437B (en) * 2013-05-10 2016-02-24 飞天诚信科技股份有限公司 A kind of method improving signed data security
WO2017032263A1 (en) * 2015-08-27 2017-03-02 阿里巴巴集团控股有限公司 Identity authentication method and apparatus
US11294993B2 (en) 2015-08-27 2022-04-05 Advanced New Technologies Co., Ltd. Identity authentication using biometrics
CN106022037A (en) * 2016-05-11 2016-10-12 湖南财政经济学院 Financial terminal authentication method and device
CN107947934A (en) * 2017-11-08 2018-04-20 中国银行股份有限公司 The fingerprint recognition Verification System and method of mobile terminal based on banking system
CN107947934B (en) * 2017-11-08 2021-07-30 中国银行股份有限公司 Fingerprint identification and authentication system and method of mobile terminal based on bank system
CN113472521A (en) * 2020-03-30 2021-10-01 山东浪潮质量链科技有限公司 Block chain-based real-name digital identity management method, signature device and verification device

Also Published As

Publication number Publication date
CN100511292C (en) 2009-07-08

Similar Documents

Publication Publication Date Title
US5955717A (en) Transaction verification protocol for Smart Cards
US7188362B2 (en) System and method of user and data verification
US12219069B1 (en) Signcrypted biometric electronic signature tokens
EP3273635B1 (en) Secure channel establishment
US7822987B2 (en) Data card verification system
CN104850984B (en) The method for safe operation that a kind of off-line cash is paid
KR101261683B1 (en) Method of generating a public key for an electronic device and electronic device
CN109064324A (en) Method of commerce, electronic device and readable storage medium storing program for executing based on alliance&#39;s chain
CN101542971B (en) Fuzzy biometrics based signatures
WO2001095559A1 (en) Method and device for secure wireless transmission of information
Bai et al. Elliptic curve cryptography based security framework for Internet of Things (IoT) enabled smart card
CN104809490A (en) Card anti-counterfeiting system based on multidimensional code and authentication method based on card anti-counterfeiting system
CN107332665B (en) Partial blind signature method based on identity on lattice
CN101101686A (en) Electronic bank authentication method, system and smart card using the method
Brickell et al. Interactive identification and digital signatures
CN101295384A (en) Electronic payment method
Seo et al. Electronic funds transfer protocol using domain-verifiable signcryption scheme
CN109257181A (en) Without the blind label decryption method of elliptic curve under certificate environment
Mohammadi et al. ECC-based biometric signature: A new approach in electronic banking security
CN100409245C (en) A Realization Method of Using Bank Card as PKI on Computer
CN110838918B (en) Anti-quantum certificate issuing method and system based on public key pool and signature offset
Lipmaa A simple cast-as-intended e-voting protocol by using secure smart cards
CN109088732A (en) A kind of CA certificate implementation method based on mobile terminal
CN105228088B (en) Self-updating public key key exchange method for mobile payment near field communication
CN101882195A (en) A method for making an identity certificate and a counterfeit identification device thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090708

Termination date: 20200703

CF01 Termination of patent right due to non-payment of annual fee