CN101101686A - Electronic bank identification method, system and intelligent card adopting the method - Google Patents
Electronic bank identification method, system and intelligent card adopting the method Download PDFInfo
- Publication number
- CN101101686A CN101101686A CNA200610061487XA CN200610061487A CN101101686A CN 101101686 A CN101101686 A CN 101101686A CN A200610061487X A CNA200610061487X A CN A200610061487XA CN 200610061487 A CN200610061487 A CN 200610061487A CN 101101686 A CN101101686 A CN 101101686A
- Authority
- CN
- China
- Prior art keywords
- private key
- user
- smart card
- signature
- card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
This electronic bank authentication system includes: (1) intelligent cards (IC), (2) the card reader (CR), with a terminal, reads and writes on IC and (3) the server connects to CR via the net. CR (1) receives the biological feature info (BFI) via the terminal; (2) uses the system private key to secretly signs on the first function value which input is BFI; (3) generates the user private key (UPK) and stores it into IC. IC (1) uses UPK to signs on the second function value which input is the message to be signed; (2) sends the signed message to the server via CR. The server uses the pre-stored BFI and the system public key to authenticate the signature.
Description
Technical field
The present invention relates to secret communication, relate in particular to electronic bank identification method, adopt the e-bank's Verification System and the smart card of this method.
Background technology
Along with the foundation of global information network and perfect, the development of e-bank has become irresistible trend.For numerous clients provide multi-form by all kinds of means network finance service, big quantum jump and extended the traditional bank counter service.Compare with the conventional silver industry, e-bank has great advantage.At first, e-bank has adopted brand-new operation mode; Secondly, e-bank's cost is low, efficient is high.Therefore, it is very swift and violent in the development in the whole world.Yet, because the both parties of e-bank---bank does not meet mutually with the client, make this transaction not only make things convenient for but also have certain potential safety hazard.For both parties, the privacy of information transmission, true integrality and non-repudiation all are the key factors that influences transaction security.
Just for the consideration of security and ease for use, smart card is being subjected to the widespread use of financial industry in recent years.The intelligentized rapid rising of bank card is mainly from the driving force of several like this aspects: the first, and the inter-trade application of smart card is more and more widely; The second, money transaction reduces gradually; The 3rd, the credit card fraud activity is becoming increasingly rampant; The 4th, global smart card payment system is universal day by day.But, the present mode that is based on password for the protection of smart card basically.In order not forget password, the user often adopts the password that is simple and easy to remember, this has just weakened the security of system.Simultaneously, user's phenomenon of forgeing password also happens occasionally.And password and user's identity can not be bound, and the people who obtains password can utilize credit card to consume.
Fig. 1 is the process flow diagram that a kind of e-bank of prior art authenticates.
As shown in Figure 1, in step 1, the user is by swiping the card the input account information;
Here, the secret k in the card exists with two kinds of situations: (1) in the symmetric cryptography environment, k is the shared secret of smart card and background server; (2) in the public key cryptography environment, k is a private key for user, and is corresponding, at background server, has the public key certificate of private key correspondence therewith.
Fig. 2 is the process flow diagram that the e-bank of another kind of prior art authenticates.
As shown in Figure 2, in step 1, the user is by swiping the card the input account information;
In step 2, the user starts smart card from foreground keyboard input smart card personal identity number (PIN code);
In step 3, utilize the secret k in the card, carry out authentication protocol with background server;
In step 4, in case authentication is finished reasonable transaction by just according to user's reasonable wish.
Obviously, the scheme of second kind of prior art is reasonable than the scheme of first kind of prior art, and security wants high.
In existing technology, the combination of IC-card and password is actual to be exactly the key that starts banking.Yet, the user when password is set, often with " birthday ", " name ", and other easily numerals of memory and/or monogram as password.And when the user enters password, may meet with the shooting of video camera.Therefore, after smart card was lost, user account was stolen probably.And the trend of the network authentication of original system is to take the public key cryptography technology of more convenient authentication, but this needs bank to set up Public Key Infrastructure(PKI) to realize management and the use to digital certificate.For example, " People's Bank of China " of China just invested and developed CA (digital certificate) system very many years ago.But this is more loaded down with trivial details and expense is expensive.
Summary of the invention
The objective of the invention is on the basis of the function of not destroying original system, the security of enhanced system, and also improved new system and original system can be compatible fully.
Particularly, in the present invention program, introduced biological characteristic.The effect of biological characteristic is dual, has both cooperated password to implement the smart card local authentication, can utilize biological characteristic to implement the telecommunication network authentication again.The final requirement realized two targets: (1) smart card local authentication not only relies on password, also will utilize biological information; (2) when the network authentication that carries out with background server, adopting with the biological characteristic is the identity base cryptographic technique of PKI, thereby reaches the purpose that need not digital certificate and corresponding and expensive Public Key Infrastructure thereof.
According to first aspect, the invention provides a kind of electronic bank identification method, comprise and utilize system's private key that biological information is the secret signature of first functional value of input, generation private key for user; Utilize private key for user to treat and sign the second functional value signature of message for input; Utilize biological information and system's PKI of storage in advance that signature is verified.
According to second aspect, a kind of e-bank Verification System is provided, comprise smart card, the machine for punching the card that smart card is read and write, the server that links to each other with machine for punching the card by network with terminal; Machine for punching the card receives biological information by terminal, and utilizing system's private key is secret signature of first functional value of input to biological information, produces private key for user, and deposits private key for user in smart card; Smart card utilizes private key for user to treat and signs the second functional value signature of message for input, and the message after will signing sends to server by machine for punching the card; The biological information that server by utilizing is stored in advance and system's PKI are verified signature.
According to the third aspect, a kind of smart card that is used for e-bank's Verification System is provided, described e-bank Verification System comprises smart card, the machine for punching the card with terminal that smart card is read and write, the server that links to each other with machine for punching the card by network; Described smart cards for storage has private key for user, and it is that the secret signature of importing of first functional value produces to biological information that described private key for user utilizes system's private key by machine for punching the card; Smart card utilizes private key for user to treat and signs the second functional value signature of message for input, and the message after will signing sends to server by machine for punching the card, so that the biological information that server by utilizing is stored in advance and system's PKI are verified signature.
The present invention has adopted the Verification System based on biological characteristic, not only can finish the electronic transaction of highly effective and safe, and owing to the singularity based on biological characteristic, user's identity and biological characteristic are unique bindings.Even other people obtain smart card like this, also can't finish authentication operation.Simultaneously, the user also can select to need not to remember the mode of any password.Because we have adopted effective identity base cryptographic technique to realize network authentication, so omitted the Public Key Infrastructure construction of expense costliness.
Description of drawings
Below will the present invention will be described in more detail with reference to accompanying drawing by way of example, among the figure:
Fig. 1 is the process flow diagram that a kind of e-bank of prior art authenticates;
Fig. 2 is the process flow diagram that the e-bank of another kind of prior art authenticates;
Fig. 3 is the process flow diagram that the e-bank according to a kind of embodiment of the present invention authenticates.
Embodiment
Fig. 3 is the process flow diagram that the e-bank according to a kind of embodiment of the present invention authenticates.Need to prove that before implementing electronic bank identification method of the present invention, the user need register to bank, deposits the primeval life feature in smart card and background server.In addition, the private key mk of system is arranged in the machine for punching the card.
As shown in Figure 3, e-banking system comprises smart card, has the machine for punching the card of preceding station terminal, and background server.Background server links to each other by network with machine for punching the card.
In step 1, the user is by swiping the card the input account information.
In step 2, the user is from foreground keyboard input smart card personal identity number (PIN code), and the input biological characteristic, has only the both to mate and could start smart card.
In step 3, machine for punching the card utilizes the private key mk of system to be user's generation interim authentication private key tk corresponding with trade date and biological characteristic, and promptly private key for user imports tk in the card then.
In step 4, machine for punching the card converts user's wish to message m by certain set form, and the tk that utilize to import in the smart card carries out digital signature based on identity to message m, and verifies by the user primeval life feature of background server storage.
In step 5, in case checking is finished reasonable transaction by just according to user's wish.
In step 6, deposit the digital signature of utilizing tk to carry out in background server, as transaction endorsement file based on identity.The endorsement file can be destroyed after the prescribed timelimit.
Concrete Digital Signature Algorithm based on identity hereinafter is described.
According to the present invention, form by systematic parameter generation algorithm S, private key extraction algorithm Ext, signature algorithm Sig, four algorithms of verification algorithm Ver based on the signature algorithm of identity.These four arthmetic statements are as follows:
Systematic parameter produces algorithm S: produce systematic parameter.
Algorithm is as follows:
Step 1: system generates two at random and varies in size and big or small close big prime number p and q, and wherein, p and q are strong primes.
Step 2: calculate n=pq and φ=(p-1) (q-1).
Step 3: choose integer e, 1<e<φ, and e and φ are coprime.
Step 4: use the expansion Euclidean algorithm to calculate the unique integer d that satisfies ed ≡ 1mod (φ), 1<d<φ.Here, integer e and d are multiplicative inverses.Need explanation, integer e and d also can adopt alternate manner to determine.
Step 5: choose hash function
。Need explanation, other signature function also is feasible.
Step 6: system's common parameter is that (H), private key mk is d for n, e.System's PKI is e.
Private key extraction algorithm Ext: utilize system's private key that biological information is the secret signature of the signature function value of input, generation private key for user.
Given user's biological information ID ∈ 0,1}
*With temporal information t, algorithm is as follows:
Step 1: calculate P
ID=H (ID||t), wherein || the connector of expression character string.Here, biological information is necessary input.Need the explanation, biological information and temporal information can adopt other array mode, such as with or mode.
Step 2: calculate S
ID=(P
ID)
dMod (n).
Step 3:S
IDBe exactly the private key tk of biological information ID and temporal information t correspondence.
Signature algorithm Sig: utilize private key for user to treat and sign the signature function value signature of message for input.Need explanation, the signature function here can adopt the signature algorithm different with the private key extraction algorithm.
For message m to be signed, algorithm is as follows:
Step 1: picked at random integer r ∈ Z
nSelection operation can be finished by random number generator.
Step 2: calculate α=r
eMod (n).
Step 3: calculate h=H (m|| α), wherein || the connector of expression character string.Here, message to be signed is necessary input.Need the explanation, wait to sign the array mode that can adopt other between message and the parameter alpha, such as with or mode.
Step 4: calculate β=(rS
ID)
hMod (n).
Step 5:(α β) is exactly signature at message m.
Verification algorithm Ver: utilize biological information and system's PKI of storage in advance that signature is verified.
For the signature (α β), utilizes ID, t, verification algorithm is as follows:
Step 1: calculate P
ID=H (ID||t)
Step 2: calculate h=H (m|| α).
Step 3: checking β
e=(α P
ID)
hWhether mod (n) sets up.If set up, this signature is accepted in output 1 expression, otherwise exports 0, this signature of expression refusal.
The present invention can increase Security of the system on the basis of not changing the original system framework. The enhancing of security is in particular in that one action of biological information is multiplex and attainable, effective , the application of the identity base cryptographic technique of approved safe. The solution of the present invention has following spy Point: (1) not only relies on password to the protection of smart card, and utilizes living things feature recognition; (2) biological information is as user's identity information, utilize attainable, effective, can The identity base cryptographic technique of card safety realizes network authentication; (3) the endorsement file after transaction is finished When network authentication, once finish; (4) because the present invention utilizes biological characteristic as user's body Part, utilize identity base cryptographic technique to carry out network authentication and digital signature, so can save logical The normal expensive expense that realizes the PKIX that public key algorithm relies on.
Obviously, the present invention described here can have many variations, and this variation can not be recognized For departing from the spirit and scope of the present invention. Therefore, all it will be apparent to those skilled in the art Change, all be included within the covering scope of these claims.
Claims (13)
1. an electronic bank identification method comprises and utilizes system's private key that biological information is the secret signature of first functional value of input, generation private key for user; Utilize private key for user to treat and sign the second functional value signature of message for input; Utilize biological information and system's PKI of storage in advance that signature is verified.
2. electronic bank identification method as claimed in claim 1 is characterized in that described first function and/or second function are hash functions.
3. electronic bank identification method as claimed in claim 1 is characterized in that the be combined as input of described first function with biological information and temporal information.
4. electronic bank identification method as claimed in claim 1, it is characterized in that utilizing private key for user to treat signing message to comprise the generation random number for the step of second functional value signature of input, utilize the random number process private key for user, and utilize the private key for user signature after handling; Described method comprises utilizes this random number of system's public-key process to produce first parameter; The step of described signature verification is carried out based on described first parameter.
5. electronic bank identification method as claimed in claim 4 is characterized in that described second function is to wait to sign the input that is combined as of message and described first parameter.
6. electronic bank identification method as claimed in claim 1 is characterized in that described system PKI and system's private key are multiplicative inverses.
7. as claim 3 or 5 described electronic bank identification methods, it is characterized in that described combination forms by connected mode.
8. electronic bank identification method as claimed in claim 1 is characterized in that comprising depositing the described signature that utilizes private key for user to treat and obtain in the step of label message for second functional value signature of input in background server, as transaction endorsement file.
9. e-bank's Verification System comprises smart card, the machine for punching the card with terminal that smart card is read and write, the server that links to each other with machine for punching the card by network;
Machine for punching the card receives biological information by terminal, and utilizing system's private key is secret signature of first functional value of input to biological information, produces private key for user, and deposits private key for user in smart card;
Smart card utilizes private key for user to treat and signs the second functional value signature of message for input, and the message after will signing sends to server by machine for punching the card;
The biological information that server by utilizing is stored in advance and system's PKI are verified signature.
10. e-bank as claimed in claim 9 Verification System, it is characterized in that smart card comprises random number generator, be used to produce random number, smart card utilizes the random number process private key for user, and utilizing the private key for user after handling to sign, smart card utilizes this random number of system's public-key process to produce first parameter; The checking that server is signed based on described first parameter.
11. e-bank as claimed in claim 9 Verification System, it is characterized in that described machine for punching the card comprises mates smart card personal identity number and input biological characteristic respectively, starts the device of smart card under the situation of both couplings.
12. a smart card that is used for e-bank's Verification System, described e-bank Verification System comprises smart card, the machine for punching the card with terminal that smart card is read and write, the server that links to each other with machine for punching the card by network;
Described smart cards for storage has private key for user, and it is that the secret signature of importing of first functional value produces to biological information that described private key for user utilizes system's private key by machine for punching the card;
Smart card utilizes private key for user to treat and signs the second functional value signature of message for input, and the message after will signing sends to server by machine for punching the card, so that the biological information that server by utilizing is stored in advance and system's PKI are verified signature.
13. smart card as claimed in claim 12, it is characterized in that comprising random number generator, be used to produce random number, smart card utilizes the random number process private key for user, and utilizing the private key for user after handling to sign, smart card utilizes this random number of system's public-key process to produce first parameter; The checking that server is signed based on described first parameter.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200610061487XA CN100511292C (en) | 2006-07-03 | 2006-07-03 | Electronic bank identification method, system and intelligent card adopting the method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200610061487XA CN100511292C (en) | 2006-07-03 | 2006-07-03 | Electronic bank identification method, system and intelligent card adopting the method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101101686A true CN101101686A (en) | 2008-01-09 |
| CN100511292C CN100511292C (en) | 2009-07-08 |
Family
ID=39035951
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200610061487XA Expired - Fee Related CN100511292C (en) | 2006-07-03 | 2006-07-03 | Electronic bank identification method, system and intelligent card adopting the method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100511292C (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103268437A (en) * | 2013-05-10 | 2013-08-28 | 飞天诚信科技股份有限公司 | Method for improving safety of signed data |
| CN106022037A (en) * | 2016-05-11 | 2016-10-12 | 湖南财政经济学院 | Financial terminal authentication method and device |
| WO2017032263A1 (en) * | 2015-08-27 | 2017-03-02 | 阿里巴巴集团控股有限公司 | Identity authentication method and apparatus |
| CN107133755A (en) * | 2009-10-08 | 2017-09-05 | 崔云虎 | Utilize bio-identification card and CSD tracking containers and the system of logistics |
| CN107947934A (en) * | 2017-11-08 | 2018-04-20 | 中国银行股份有限公司 | The fingerprint recognition Verification System and method of mobile terminal based on banking system |
| CN113472521A (en) * | 2020-03-30 | 2021-10-01 | 山东浪潮质量链科技有限公司 | Block chain-based real-name digital identity management method, signature device and verification device |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2321741B (en) * | 1997-02-03 | 2000-10-04 | Certicom Corp | Data card verification system |
| AUPQ702900A0 (en) * | 2000-04-20 | 2000-05-18 | Grosvenor Leisure Incorporated | Secure biometric loop |
| CN1319010C (en) * | 2003-03-26 | 2007-05-30 | 祥群科技股份有限公司 | Card type biological in\dentification device and method |
-
2006
- 2006-07-03 CN CNB200610061487XA patent/CN100511292C/en not_active Expired - Fee Related
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107133755A (en) * | 2009-10-08 | 2017-09-05 | 崔云虎 | Utilize bio-identification card and CSD tracking containers and the system of logistics |
| CN107133755B (en) * | 2009-10-08 | 2021-07-23 | 崔云虎 | System for tracking containers and logistics using biometric identification cards and CSDs |
| CN103268437A (en) * | 2013-05-10 | 2013-08-28 | 飞天诚信科技股份有限公司 | Method for improving safety of signed data |
| CN103268437B (en) * | 2013-05-10 | 2016-02-24 | 飞天诚信科技股份有限公司 | A kind of method improving signed data security |
| WO2017032263A1 (en) * | 2015-08-27 | 2017-03-02 | 阿里巴巴集团控股有限公司 | Identity authentication method and apparatus |
| US11294993B2 (en) | 2015-08-27 | 2022-04-05 | Advanced New Technologies Co., Ltd. | Identity authentication using biometrics |
| CN106022037A (en) * | 2016-05-11 | 2016-10-12 | 湖南财政经济学院 | Financial terminal authentication method and device |
| CN107947934A (en) * | 2017-11-08 | 2018-04-20 | 中国银行股份有限公司 | The fingerprint recognition Verification System and method of mobile terminal based on banking system |
| CN107947934B (en) * | 2017-11-08 | 2021-07-30 | 中国银行股份有限公司 | Fingerprint identification and authentication system and method of mobile terminal based on bank system |
| CN113472521A (en) * | 2020-03-30 | 2021-10-01 | 山东浪潮质量链科技有限公司 | Block chain-based real-name digital identity management method, signature device and verification device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100511292C (en) | 2009-07-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101465019B (en) | Method and system for implementing network authentication | |
| CA2196356C (en) | Transaction verification protocol for smart cards | |
| CN101651675B (en) | By the method and system that authentication code is verified client | |
| CN111492390A (en) | Cash equivalent device for digital currency | |
| CN101770619A (en) | Multiple-factor authentication method for online payment and authentication system | |
| CN100511292C (en) | Electronic bank identification method, system and intelligent card adopting the method | |
| US20070118736A1 (en) | Customization of a bank card for other applications | |
| CN102118251A (en) | Security authentication method for internet banking remote payment based on multi-interface intelligent safety card | |
| CN111656732A (en) | Device for storing a digital key for signing transactions on a blockchain | |
| CN104376465A (en) | Safe mobile payment method | |
| US20200235920A1 (en) | Method and device for generating hd wallet name card and method and device for generating hd wallet trusted address | |
| CN112036847A (en) | Anti-counterfeiting verification method and system for offline payment of digital currency | |
| CN101582761B (en) | Identity authentication method adopting password firewall | |
| US20190108521A1 (en) | Unpredictable number generation | |
| CN104320261B (en) | Identity authentication method, financial smart card and terminal are realized on financial smart card | |
| US20050156029A1 (en) | Off-line PIN verification using identity-based signatures | |
| CN102136057A (en) | 2.4G/13.56M safety radio frequency card reader and authentication method thereof | |
| JP2007298985A (en) | Method for implementing pki application of bank card on computer | |
| CN106936800A (en) | The method and apparatus for monitoring the number of downloads of application | |
| CN201947283U (en) | Security certificate device of Internet banking remote payment based on multi-interface safety smart card | |
| CN111914308A (en) | Method for mobile data signature by using CA certificate in intelligent card | |
| Golovashych | The technology of identification and authentication of financial transactions. from smart cards to NFC-terminals | |
| Munjal et al. | Secure and cost effective transaction model for financial services | |
| CN101697204B (en) | Electronic signature | |
| CN105228088A (en) | The self refresh public-key cryptographic keys switching method of mobile payment near-field communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090708 Termination date: 20200703 |