CN101222333A - Data transaction processing method and apparatus - Google Patents

Data transaction processing method and apparatus Download PDF

Info

Publication number
CN101222333A
CN101222333A CNA200710303993XA CN200710303993A CN101222333A CN 101222333 A CN101222333 A CN 101222333A CN A200710303993X A CNA200710303993X A CN A200710303993XA CN 200710303993 A CN200710303993 A CN 200710303993A CN 101222333 A CN101222333 A CN 101222333A
Authority
CN
China
Prior art keywords
data
module
feedback data
client
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA200710303993XA
Other languages
Chinese (zh)
Other versions
CN101222333B (en
Inventor
龙德帆
高翔
芦蓉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Co ltd
Original Assignee
Beijing WatchData System Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing WatchData System Co Ltd filed Critical Beijing WatchData System Co Ltd
Priority to CN200710303993XA priority Critical patent/CN101222333B/en
Publication of CN101222333A publication Critical patent/CN101222333A/en
Application granted granted Critical
Publication of CN101222333B publication Critical patent/CN101222333B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a data transaction processing method and a device thereof, including that after a service end receives a transaction request submitted by a client end through the internet, the service end sends data including identification data and transaction feed-back data, which need to be identified and fed back to a movable terminal by the client end; after the movable terminal receives data needing to be identified and fed back, the identification data are verified according to identity key in the movable terminal user identity recognition module card, which is offered in advance, after the verification is passed, the feed-back data is acquired after processing according to transaction feed-back data content; after a user identity recognition module card operating system makes a signature on the feed-back data, the feed-back data is fed back to the service end by the client end; the signature of the feed-back data is verified according to a signature key in the service end, which is offered by the movable terminal user in advance, after the verification is passed, the feed-back data is processed based on the feed-back data content. By utilizing the invention, the identity certification and the transaction certification problems in the network transaction are resolved, and the safety of the client end in the network environment is ensured.

Description

A kind of data transaction processing method and equipment
Technical field
The present invention relates to the data security field, particularly a kind of data transaction processing method, device, SIM (Subscriber Identity Module, user identification module) card and system.
Background technology
Along with the diverse network transaction as forms such as the Internet bank, online shopping malls is flourish, the fail safe of transaction becomes more and more important problem.In any network trading environment, safety problem mainly is present in server, network and client.The fail safe of server is responsible for by the service provider, can guarantee by physics control, safety management and means such as the network security software and equipment; Safety of data transmission can solve by the data encrypting and deciphering technology based on cryptography method on the network, as SSL (Secure SocketLayer, the SSL) agreement of extensive employing; Client user under the network environment obtains service by network, owing to can't carry out safety inspection and control to the computer of client, therefore, the authentication of client " netter " just becomes the important means that guarantees client secure.
In the prior art, user's identity is carried out that the legitimacy authentication technology mainly contains password authentication mode, dynamic password mode and based on digital certificate verification mode of PKI (Public-Key Infrastructure, Public Key Infrastructure) system etc. by client.
The password authentication mode is the simplest identity identifying method, as long as can correctly enter password, just think that the user is exactly this user, yet its deficiency is: because password is static data, and in proof procedure, need transmit in the client computer internal memory He in the network, the trojan horse program or the audiomonitor in the network that are easy to be resided in the internal memory are intercepted and captured, so the password authentication mode is a kind of identification authentication mode that is absolutely unsafe.
The dynamic password technology allows user's password constantly change according to time and access times.It adopts a kind of specialized hardware that is referred to as dynamic token, only the current password input client computer that shows on the dynamic token can need be realized the affirmation of identity when the user uses.The dynamic password technology adopts the method for one-time pad, has guaranteed the fail safe of user identity effectively.But its deficiency is: just the problem that validated user can't be logined may take place synchronously if the time of client and server end or number of times can not keep good, this makes that user's use is very inconvenient.And need by keyboard input a lot of irregular password when the user logins at every turn, will operate again, use very inconvenient in case input by mistake.
In the digital certificate verification mode based on the PKI system, USB Key is a kind of USB (UniversalSerial Bus, USB) hardware device of interface can be stored user's key or digital certificate, utilizes the authentication of the built-in cryptographic algorithm realization of USB Key to user identity.All key computings are realized that by USBKey user key does not occur not propagating at calculator memory yet, has only the holder of USB Key to operate key or digital certificate in network, fail safe has had guarantee.Because USB Key is safe and reliable, easy to use; add the data protection mechanism that the PKI system is perfect; use the authentication mode of USB Key storage digital certificate to become main certification mode at present, each Web bank all recommends the user to use the authenticated client mode of USB Key as client.But its deficiency is: even at present the existing institute of the cost of USBKey descends, but still want dozens of yuan, and the client could use after also needing additionally to carry USB Key, so the also inconvenience that seems.
Summary of the invention
The invention provides a kind of data transaction processing method, device, SIM card and system, in order to solve in the network trading process problem that has potential safety hazard at authenticating user identification and transaction data aspect mutual.
The invention provides a kind of data transaction processing method, comprise the steps:
Service end receives the transaction request that the client in the internet is submitted to;
Service end sends to described portable terminal by client needs checking feedback data, described data to comprise certificate data, transaction feedback data;
Portable terminal receives the described checking feedback data that needs;
After checking is passed through to described certificate data according to the identity key in the portable terminal SIM card, handle the back according to described transaction feedback data content and obtain feedback data, described identity key is provided in advance by service end;
SIM card operating system to described feedback data sign the back by client feedback to service end;
According to the signature key in the service end signature verification of described feedback data is handled by the feedback data content by the back, described signature key is provided in advance by mobile phone users.
The present invention also provides a kind of data trade to handle device, comprising: memory module, interface module, forwarding module, authentication module, signature blocks, wherein:
Memory module is used to store the identity key that is provided in advance by service end;
Interface module is used for the client interaction data with the internet;
Forwarding module after being used for identifying the need checkings feedback data that comprises certificate data, transaction feedback data from the mutual data of described interface module, is forwarded to authentication module;
Authentication module is used for described certificate data being verified according to the described identity key in the described memory module when receiving by described forwarding module when needing the checking feedback data, triggers signature blocks in checking by the back;
Signature blocks is used for handling the back according to described transaction feedback data content and obtaining feedback data, and described feedback data is signed after described forwarding module feeds back to the client in the internet after being triggered by described authentication module.
The present invention also provides a kind of user identification module card, comprising: memory module, authentication module, signature blocks, wherein:
Memory module is used to store the identity key that is provided in advance by service end;
Authentication module is used for described certificate data being verified according to the described identity key in the described memory module when receiving when needing the checking feedback data, triggers signature blocks in checking by the back;
Signature blocks is used for handling the back according to described transaction feedback data content and obtaining feedback data after being triggered by described authentication module, and feeds back after described feedback data signed.
The present invention provides a kind of data trade to handle system again, comprising: the client in service end, the internet, memory module, interface module, forwarding module, authentication module, signature blocks, wherein:
Service end, be used for receiving the transaction request data that the client of internet submits to after, sending by client needs the checking feedback data, the described checking feedback data that needs comprise certificate data, transaction feedback data; And after receiving feedback data by client, according to signature key the signature verification of described feedback data is handled by the feedback data content by the back, described signature key is provided in advance by mobile phone users;
Client is used for carrying out data interaction with service end, interface module;
Interface module is used for the client interaction data with the internet;
Forwarding module after being used for identifying the need checkings feedback data that comprises certificate data, transaction feedback data from the mutual data of described interface module, is forwarded to authentication module;
Memory module is used to store the identity key that is provided in advance by service end;
Authentication module is used for described certificate data being verified according to the described identity key in the described memory module when receiving by described forwarding module when needing the checking feedback data, triggers signature blocks in checking by the back;
Signature blocks is used for handling the back according to described transaction feedback data content and obtaining feedback data, and described feedback data is signed after described forwarding module feeds back to the client in the internet after being triggered by described authentication module.
Beneficial effect of the present invention is as follows:
In the present invention, owing to utilized operations such as encryption that the key that is stored in the portable terminal SIM card or digital certificate carry out authentication and transaction data and signature, make and on SIM card, to finish, overcome the hidden danger that trojan horse program in internal memory or the audiomonitor in the network are intercepted and captured for the authentication of user key; Simultaneously, management for authority also is finishing alternately by SIM card operating system and user, the user can own setting code, and remember into a lot of irregular password needn't be in the dynamic password technology, so mutual with the question and answer mode between interpersonal, therefore can not occur yet can't be synchronous problem; Portable terminal utilization popularize day by day background under, need not to carry the problem that extra equipment just can solve authentication and transaction authentication in the network trading very easily especially, guaranteed the safety of client in the network environment.
Description of drawings
Fig. 1 is the schematic diagram of data transaction processing method implementing procedure described in the embodiment of the invention;
Fig. 2 provides the implementing procedure schematic diagram of identity key for service end described in the embodiment of the invention;
Fig. 3 is the processing implementing procedure schematic diagram of the feedback data of transaction described in the embodiment of the invention;
Fig. 4 is that data trade described in the embodiment of the invention is handled the apparatus structure schematic diagram;
Fig. 5 is the schematic diagram of user identification module card structure described in the embodiment of the invention;
Fig. 6 is a data transacting system structural representation described in the embodiment of the invention;
Fig. 7 is that data trade described in the embodiment of the invention one is handled the implementing procedure schematic diagram.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the present invention is described.
Fig. 1 is a data transaction processing method implementing procedure schematic diagram, as shown in the figure, can comprise the steps:
Step 101, service end receive the transaction request that client is submitted in the internet;
Step 102, service end send to described portable terminal by client and need the checking feedback data, comprise certificate data, transaction feedback data in the data;
Step 103, portable terminal receive the described checking feedback data that needs;
Step 104, after checking is passed through to described certificate data according to the identity key in the portable terminal SIM card, handle the back according to described transaction feedback data content and obtain feedback data, described identity key is provided in advance by service end;
Step 105, SIM card operating system to described feedback data sign the back by client feedback to service end;
Step 106, according to the signature key in the service end signature verification of described feedback data is handled by the feedback data content by the back, described signature key is provided in advance by mobile phone users.
Below above-mentioned implementation step is specifically described.
In the step 102, can be when the user carries out network trading, the client computer of user's networking passes through bluetooth, USB, infrared grade and communication of mobile terminal, import into and comprise certificate data, the data of transaction feedback data, portable terminal can import corresponding data into SIM card, concrete, can call Write Key function is stored in identity key SIM card with document form EEPROM (Electrically-Erasable Programmable Read-Only Memory by SIM card operating system, the electrically erasable ROM) on, and setting is to the operating right of this document.Setting when reading authority, then the operating right password of display screen prompting user input reference SIM card that also need be by portable terminal in step 104; After the user passes through by the operating right password authentification of the input equipment input of portable terminal, could from SIM card, read identity key, just can utilize identity key that described certificate data is verified then.Fig. 2 provides the implementing procedure schematic diagram of identity key for service end, and as shown in the figure, service end provides the enforcement of identity key to comprise the steps:
Step 201, user provide user profile, and user profile can comprise personal information and IMSI (International Mobile Subscriber Identity, international mobile subscriber identification code) card number etc.;
Step 202, network trading service provider service specified end main frame are preserved user profile and with generating identity key, as user's key or digital certificate etc.;
Step 203, judge that the service end main frame is connected whether success with portable terminal,,, enter step 207 if connect unsuccessfully if successful connection enters step 204;
Step 204, service end host-initiated download, identity key is stored into the SIM card of portable terminal, key or the digital certificate form with file is stored on the EEPROM of SIM card by calling Write Key function by SIM card operating system, and sets authority the reading and writing and the modification of this document;
Whether step 205, judgement store successful, if store successfully, enter step 206, if storage is unsuccessful, enter step 207;
Step 206, service end main frame are provided with download and successfully identify in database, show to download success message, withdraw from downloading;
Step 207, service end main frame show failed download message, stop to download.
As seen, in step 104, identity key can be in the main frame place application as the network trading service provider appointment of service end, and identity key can be to be provided in advance according to generations such as userspersonal information and/or IMSI card numbers by service end.Identity key can be key or digital certificate etc., this key or digital certificate can be downloaded to the SIM card of customer mobile terminal from main frame by bluetooth, USB, mode such as infrared after the acquisition.
In the operating system of SIM card handling functions such as encryption, deciphering, digital signature can be set, and according to key and digital certificate in certain security system management SIM card.Therefore in step 104, after receiving the data that portable terminal imports into, the operating system of SIM card satisfies when reading the authority of key or digital certificate being checked through, call the corresponding operation function in the SIM card operating system, read operations such as signature that the key that is stored in the card or digital certificate carry out associated transaction data, encryption and decryption, again operation result is turned back to computer by portable terminal, carry out the checking and the processing of data by computer, thereby realize the authentication and the encrypted transaction data of network trading.
In the need checking feedback data that sends to portable terminal, not only comprised certificate data, can also comprise the transaction feedback data, the transaction feedback data is concrete transaction content, be after needing portable terminal to determine, the content feed of carrying transaction results returned service end handles according to its content.In the enforcement, this part data both can send simultaneously with identity key, can send separately after the identity key checking is passed through again.When sending separately, the user can open network trading service provider's serve end program by the client computer of networking, select the particular content of network trading, network trading routine call RPC (Remote ProcedureCall, remote procedure call protocol) program starts the application transfer transaction feedback data of portable terminal by bluetooth, USB, infrared etc.; Portable terminal is communicated by letter with SIM card then, related data can be sent in the SIM card.Fig. 3 be the transaction feedback data processing implementing procedure schematic diagram, as shown in the figure, for the transaction feedback data processing can comprise the steps:
The operating right password of step 301, input reference SIM card.
Can pass through mobile terminal screen display reminding information, require the operating right password of key in user's input reference SIM card or digital certificate,, then refuse key or digital certificate in the reading SIM card if inconsistent; If it is consistent, SIM card is set key or the digital certificate file is a readable state, call ReadBinary and read function, read the key or the digital certificate that are stored in EEPROM in the card with the binary file form, and call the encryption function Data Encrypt that card operation system provides, to the identity key data of importing into being carried out encryption, prepare result is returned to portable terminal in SIM card inside.
Identity key after step 302, portable terminal will be encrypted returns to client computer.
Step 303, client judge whether identity key is correct, are then to change step 304 over to, otherwise finish to carry out.
Client computer and network trading service provider's service end main-machine communication, whether the identifying user identity key is correct, if consistent, enters step 304, if inconsistent, then refusal transaction and stop the data processor of portable terminal.
Step 304, the client feedback data of will concluding the business is imported portable terminal into.
Step 305, portable terminal are signed to feedback data.
The concrete transaction feedback data that client computer will be encrypted is imported in the portable terminal, import data into SIM card by portable terminal, SIM card operating system is called Read Binary function and is read key or digital certificate and handle the back and generate feedback data, and the signature function Digital Signatures that calls card operation system and provide signs to feedback data.
Step 306, the feedback data after will signing return to client computer through portable terminal.
Step 307, client computer and network trading service provider's service end main frame is concluded the business.
Client computer and network trading service provider's service end main-machine communication, the checking user's signature, if it is consistent, it is destroyed to illustrate that transaction data does not have, transaction data is handled and accordingly result is saved in the database, if inconsistent, then refusal transaction and stop the data processor of portable terminal.
The present invention also provides a kind of data trade to handle device, describes below in conjunction with the embodiment of accompanying drawing to this device.
Fig. 4 handles the apparatus structure schematic diagram for data trade, and as shown in the figure, data trade is handled in the device and comprised: memory module 401, interface module 402, forwarding module 403, authentication module 404, signature blocks 405, wherein:
Memory module 401 is used to store the identity key that is provided in advance by service end;
Interface module 402 is used for the client interaction data with the internet;
Forwarding module 403 after being used for identifying the need checkings feedback data that comprises certificate data, transaction feedback data from interface module 402 mutual data, is forwarded to authentication module 404;
Authentication module 404 is used for certificate data being verified according to the identity key in the memory module 401 when receiving by forwarding module 403 when needing the checking feedback data, triggers signature blocks 405 in checking by the back;
Signature blocks 405 is used for handling the back according to transaction feedback data content and obtaining feedback data, and feedback data is signed after forwarding module 403 feeds back to the client in the internet after being verified module 404 triggerings.
Concrete, interface module 402 is used for the client interaction data with the internet, the one end links to each other with forwarding module 403, the other end links to each other with client, be used between forwarding module 403 and client, concluding the business operational order and Transaction Information exchange, set up data transmission channel, carry out exchanges data etc., it can comprise any interface mode that can satisfy the communication performance requirement, as modes such as USB (USB) interface, blue tooth interface, infrared interfaces;
Memory module 401 is used to store the identity key that is provided in advance by service end, concrete, memory module 401 connectivity verification modules 404, form storage key or digital certificate with file, operating system in the SIM card provides relevant handling functions such as encryption and decryption, and according to operations such as the reading and writing of certain security system managing keys and digital certificate and modifications, to guarantee the safety of user key and digital certificate.
Can comprise in the memory module 401: the storage medium that is used for store data; Memory cell is used for described identity key is stored in described storage medium with document form, and sets the operating right to this document.The memory module unit can call Write Key function identity key is stored on the EEPROM as storage medium with document form in the enforcement, and sets the operating right to this document.
Authentication module 404 and signature blocks 405 are used for after receiving the transaction operational order information that client sends, judge the access code that the user provides validity, communicate by letter, result returned client etc. with memory module 401.Concrete, when receiving by forwarding module 403 when needing the checking feedback data, authentication module 404 is verified certificate data according to the identity key in the memory module 401, triggers signature blocks 405 in checking by the back; Signature blocks 405 is handled the back according to transaction feedback data content and is obtained feedback data, and feedback data is signed after forwarding module feeds back to the client in the internet after being verified module 404 triggerings.
Further, can also comprise in the device:
Display screen 407 is used for the display message to the user;
Input equipment 408 is used for being conveyed into data for the user;
Authentication module 406 is used to point out user's input operation web-privilege password Web; After the described operating right password authentification of user's input is passed through, just allow authentication module 404 from memory module 401, to read identity key.
The present invention also provides a kind of SIM card, describes below in conjunction with the embodiment of accompanying drawing to SIM card.
Fig. 5 is a user identification module card structure schematic diagram, as shown in the figure, comprises on the SIM card: memory module 401, authentication module 404, signature blocks 405, wherein:
Memory module 401 is used to store the identity key that is provided in advance by service end;
Authentication module 404 is used for certificate data being verified according to the identity key in the memory module 401 when receiving when needing the checking feedback data, triggers signature blocks 405 in checking by the back;
Signature blocks 405 is used for handling the back according to transaction feedback data content and obtaining feedback data after being verified module 404 and triggering, and feeds back after feedback data signed.
Can comprise in the memory module 401:
Storage medium is used for store data;
Memory cell is used for described identity key is stored in described storage medium with document form, and sets the operating right to this document.
Can also comprise authentication module 406 in the user identification module card, be used to point out user's input operation web-privilege password Web; After the described operating right password authentification of user's input is passed through, allow described authentication module 404 from memory module 401, to read identity key.
Based on same principle, the present invention also provides a kind of data trade to handle system, Fig. 6 is the data transacting system structural representation, as shown in the figure, can comprise in the data trade processing system: the client 602 in service end 601, the internet, memory module 401, interface module 402, forwarding module 403, authentication module 404, signature blocks 405, wherein:
Service end 601, be used for receiving the transaction request data that the client 602 of internet submits to after, sending by client 602 needs the checking feedback data, the described checking feedback data that needs comprise certificate data, transaction feedback data; And after receiving feedback data by client 602, according to signature key the signature verification of described feedback data is handled by the feedback data content by the back, described signature key is provided in advance by mobile phone users;
Client 602 is used for carrying out data interaction with service end 601, interface module 402;
Interface module 402 is used for client 602 interaction datas with the internet;
Forwarding module 403 after being used for identifying the need checkings feedback data that comprises certificate data, transaction feedback data from described interface module 402 mutual data, is forwarded to authentication module 404;
Memory module 401 is used to store the identity key that is provided in advance by service end;
Authentication module 404 is used for described certificate data being verified according to the described identity key in the described memory module 401 when receiving by described forwarding module 403 when needing the checking feedback data, triggers signature blocks 405 in checking by the back;
Signature blocks 405 is used for handling the back according to described transaction feedback data content and obtaining feedback data, and described feedback data is signed after described forwarding module feeds back to the client in the internet after being triggered by described authentication module.
Can further include in the system:
Display screen 407 is used for the display message to the user;
Input equipment 408 is used for being conveyed into data for the user;
Authentication module 406 is used to point out user's input operation web-privilege password Web; After the described operating right password authentification of user's input is passed through, just allow authentication module 404 from memory module 401, to read identity key.
Come concrete enforcement of the present invention is described with example below.
Embodiment one
Fig. 7 is that data trade is handled the implementing procedure schematic diagram among the embodiment one, and in the present embodiment, client sends the network trading order to portable terminal, and safe computing is carried out in request, and as shown in the figure, concrete transaction authentication can may further comprise the steps:
Transaction content is determined in step 701, user's login.
User's logging on client program enters network trading service provider's network trading interface, selects the particular content of network trading, the input transaction related information.
Step 702, client program calls RPC program start the mobile terminal data handling procedure.
Client program calls RPC program is connected with portable terminal and starts the portable terminal handling procedure by interface module, imports certificate data into.
Step 703, judge whether visit SIM card password is correct, is then to change step 704 over to, otherwise changes step 710 over to.
The data processor display reminding information of portable terminal is in mobile terminal screen, and require the password of key in user's input reference SIM card or digital certificate, authentication password, if it is consistent, enter step 704, if inconsistent, execution in step 710 is returned error message and is given client, process ends;
Step 704, the correlation function that calls card operation system are handled certificate data.
Portable terminal is communicated by letter with SIM card, SIM card reads key or digital certificate, the correlation function that calls card operation system carries out encryption to certificate data, and result turns back to portable terminal by SIM card, and portable terminal returns to client-side program by interface module with it.
Step 705, judge whether the authentication result is correct, is then to change step 706 over to, otherwise change step 710 over to.
Client-side program and network trading service provider's main-machine communication, if identifying user identity consistent, enters step 706, if inconsistent, then refusal transaction and stop the data processor of portable terminal, execution in step 710 process ends.
Step 706, client-side program send concrete transaction feedback data in portable terminal.
Step 707, handle the back according to transaction feedback data content and obtain feedback data and sign.
Portable terminal is sent data into SIM card, key that SIM card reads or digital certificate, the signature function of calling SIM card operating system turns back to portable terminal with result then to the transaction data processing of signing, and by interface module it is returned to client-side program by portable terminal.
Whether step 708, certifying signature be correct, is then to change step 709 over to, otherwise changes step 710 over to.
Client-side program and network trading service provider's main-machine communication, the checking user's signature, if it is consistent, it is destroyed to illustrate that transaction data does not have, 709 pairs of transaction data of execution in step are handled and accordingly result are saved in the database, and if process ends is inconsistent, then refuse the data processor of transaction and termination portable terminal, execution in step 710 process ends.
Step 709, execution transaction are withdrawed from behind the saving result.
Step 710, prompting make mistakes and withdraw from.
Embodiment two
Under the network trading environment, suppose that the client user wants by Web bank from oneself bank account 500 yuans of account No.s that transfer into power supply administration's appointment are finished paying of the of that month electricity charge.Then can realize by following operating procedure:
At first, the user is in client logging in to online banks service, and after finishing traditional authentication such as password authentication, the user sends 500 yuan the application of transferring accounts.
Then, client is uploaded Web bank's server with user's application, and Web bank's server generates the critical data of this online transaction according to the application that the user sends, and, require the user that these critical datas are carried out digital signature and confirm these critical data loopback clients.
Once more, client is carried out the safe computing order of digital signature to user's portable terminal transmission to these critical datas, the user is according to the portable terminal operation prompt information, key or digital certificate that utilization is stored in SIM card call the digital signature computing that correlation function carries out critical data in SIM card, and operation result is fed back to client.
At last, client is uploaded to Web bank's server with the digital signature data that obtains, and Web bank's server is finished the money transfer transactions of user's appointment after the legitimacy of having verified user's digital signature data of being returned by client.
Embodiment two is the examples that are applied to Internet-based banking services, this example combines concrete Internet-based banking services and describes, adopt the authentication method of portable terminal SIM card, utilization is stored in the key in the SIM card and the functions such as encryption and decryption of digital certificate and SIM card operating system, by legal user the network trading data is carried out operations such as authentication and data encryption in portable terminal SIM card inside.By this example as seen, the fail safe of transaction is guaranteed.
Embodiment three
Enhancing along with the mobile terminal network function, portable terminal has become a kind of network terminal that can substitute PC, in this example, suppose that the user wants to browse online shopping mall, order the goods and finish on-line payment by portable terminal, payment information is encrypted, is signed by the portable terminal SIM card.Then can realize by following operating procedure:
At first, the online shopping mall that the user moves in the portable terminal uses, by GPRS (General PacketRadio Service, GPRS) network entry online shopping mall, set up TCP (Transmission Control Protocol, transmission control protocol) with mall server and connect, this TCP is connected the information of transmitting commodity between online shopping mall and the portable terminal and browses for mobile phone users, the commodity that the user selects desire to buy put it in the shopping cart.
Secondly, after commodity selection finished, portable terminal was with the shopping list in the shopping cart and send to cyber mall server this machine IMSI number; After cyber mall server receives shopping list, write down this shopping list and generate corresponding order (comprise order number, the shopping amount of money, this online shopping mall's number, shopper's portable terminal IMSI number etc.), and order returned to portable terminal, confirm for the user.
Once more, portable terminal shows the details of order, and the client confirms the process of paying.Payment process can be realized by following steps: portable terminal is set up by GPRS and is connected with the TCP of bank and applies for session key, bank is after the request of receiving, generate one at random session key and utilize this portable terminal at the PKI of the certificate of bank registration to session key, ciphertext is beamed back portable terminal; After portable terminal receives ciphertext, send it to SIM card, call the decryption function of card operation system, use user's private key decrypting ciphertext, recover session key, and be kept in the SIM card by SIM card; Portable terminal prompting input payment cipher (password that payment cipher distributes when being account No. and portable terminal binding), the client imports payment cipher and confirms; SIM card is utilized session password encryption user's payment information (comprising order and payment cipher), and calls the signature function of card operation system, utilizes the private key for user in the SIM card that data encrypted is signed.Subsequently, by being connected with the TCP that bank sets up before, portable terminal will be paid request (payment information and the signature that comprise encryption) and send to bank.
After bank receives payment request, at first authenticate client's signature, if signature correctly then utilize session key deciphering payment information, is checked payment cipher.If signature or payment cipher mistake are then returned error message to portable terminal.If signature and payment cipher are all correct, whether the inquiry client's of bank account has enough payments, if the remaining sum abundance, bank forwards the account of the order amount of money from the client on the account of online shopping mall to, write down this transaction, and return portable terminal and online shopping mall's payment successful information.
At last, cyber mall server is after receiving the payment successful information, and modifications order status is successful payment, and relevant matters such as arrangement delivery etc.
Present embodiment is the example that is applied to online shopping mall's business, combining concrete online shopping mall's business in the example describes, adopt the authentication method of portable terminal SIM card, utilization is stored in the key in the SIM card and the correlation function of digital certificate and SIM card operating system, by legal user to give authentication and data encrypting and deciphering to the network trading data.By this example as seen, the fail safe of network trading is guaranteed equally.
By the foregoing description as can be known, because utilization of the present invention is stored in operations such as encryption that key in the portable terminal SIM card or digital certificate carry out authentication and transaction data and signature; Or when the user directly passes through the mobile terminal accessing online trading server, utilize the portable terminal SIM card to carry out the encryption of authentication and data, signature.Thereby solved the problem of authentication and transaction authentication in the network trading, guaranteed the safety of client in the network environment.
The terminal use of China Mobile has broken through 400,000,000 at present, and the enhancing of the raising of mobile terminal performance, the reduction of price and SIM card function is for solid foundation has been established in the extensive use of portable terminal.Therefore not only can utilize the part memory space of SIM card to preserve information such as user's certificate and key very easily, can also utilize the cryptographic calculations function of SIM card chip to realize computings such as digital signature and encryption and decryption, realize subscriber authentication and data encryption and signature function by the portable terminal SIM card, therefore the present invention can utilize the advantage of the huge portable terminal of quantity, solve the problem of authentication and transaction authentication in the network trading very easily, guaranteed the safety of client in the network environment.Further, can also utilize the screen of portable terminal and keyboard to offer that the user is abundanter, convenient, the operation interface of hommization, make the present invention that good prospects for application be arranged.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.

Claims (10)

1. a data transaction processing method is characterized in that, comprises the steps:
Service end receives the transaction request that the client in the internet is submitted to;
Service end sends to described portable terminal by client needs checking feedback data, described data to comprise certificate data, transaction feedback data;
Portable terminal receives the described checking feedback data that needs;
After checking is passed through to described certificate data according to the identity key in the mobile phone users identification module card, handle the back according to described transaction feedback data content and obtain feedback data, described identity key is provided in advance by service end;
The user identification module card operation system to described feedback data sign the back by client feedback to service end;
According to the signature key in the service end signature verification of described feedback data is handled by the feedback data content by the back, described signature key is provided in advance by mobile phone users.
2. the method for claim 1 is characterized in that, described identity key be by service end according to userspersonal information and/or international mobile subscriber identification code card number generate provide in advance after, and be kept in the user identification module card.
3. method as claimed in claim 1 or 2 is characterized in that, preserves described identity key and specifically comprises in the user identification module card:
The user identification module card operation system is stored in described identity key on the electrically erasable ROM of user identification module card with document form, and sets the operating right to this document.
4. method as claimed in claim 3 is characterized in that, describedly according to the identity key in the mobile phone users identification module card described certificate data is verified, specifically comprises:
Point out the operating right password of user's input reference user identification module card by the display screen of portable terminal;
After the user passes through by the described operating right password authentification of the input equipment input of portable terminal, from the user identification module card, read identity key;
Utilize described identity key that described certificate data is verified.
5. a data trade is handled device, it is characterized in that, comprising: memory module, interface module, forwarding module, authentication module, signature blocks, wherein:
Memory module is used to store the identity key that is provided in advance by service end;
Interface module is used for the client interaction data with the internet;
Forwarding module after being used for identifying the need checkings feedback data that comprises certificate data, transaction feedback data from the mutual data of described interface module, is forwarded to authentication module;
Authentication module is used for described certificate data being verified according to the described identity key in the described memory module when receiving by described forwarding module when needing the checking feedback data, triggers signature blocks in checking by the back;
Signature blocks is used for handling the back according to described transaction feedback data content and obtaining feedback data, and described feedback data is signed after described forwarding module feeds back to the client in the internet after being triggered by described authentication module.
6. device as claimed in claim 5 is characterized in that, further comprises:
Display screen is used for the display message to the user;
Input equipment is used for being conveyed into data for the user;
Authentication module is used to point out user's input operation web-privilege password Web; After the described operating right password authentification of user's input is passed through, allow described authentication module from memory module, to read identity key.
7. a user identification module card is characterized in that, comprising: memory module, authentication module, signature blocks, wherein:
Memory module is used to store the identity key that is provided in advance by service end;
Authentication module is used for described certificate data being verified according to the described identity key in the described memory module when receiving when needing the checking feedback data, triggers signature blocks in checking by the back;
Signature blocks is used for handling the back according to described transaction feedback data content and obtaining feedback data after being triggered by described authentication module, and feeds back after described feedback data signed.
8. user identification module card as claimed in claim 7 is characterized in that memory module comprises:
Storage medium is used for store data;
Memory cell is used for described identity key is stored in described storage medium with document form, and sets the operating right to this document.
9. user identification module card as claimed in claim 7 is characterized in that, also comprises authentication module, is used to point out user's input operation web-privilege password Web; After the described operating right password authentification of user's input is passed through, allow described authentication module from memory module, to read identity key.
10. a data trade is handled system, it is characterized in that, comprising: the client in service end, the internet, memory module, interface module, forwarding module, authentication module, signature blocks, wherein:
Service end, be used for receiving the transaction request data that the client of internet submits to after, sending by client needs the checking feedback data, the described checking feedback data that needs comprise certificate data, transaction feedback data; And after receiving feedback data by client, according to signature key the signature verification of described feedback data is handled by the feedback data content by the back, described signature key is provided in advance by mobile phone users;
Client is used for carrying out data interaction with service end, interface module;
Interface module is used for the client interaction data with the internet;
Forwarding module after being used for identifying the need checkings feedback data that comprises certificate data, transaction feedback data from the mutual data of described interface module, is forwarded to authentication module;
Memory module is used to store the identity key that is provided in advance by service end;
Authentication module is used for described certificate data being verified according to the described identity key in the described memory module when receiving by described forwarding module when needing the checking feedback data, triggers signature blocks in checking by the back;
Signature blocks is used for handling the back according to described transaction feedback data content and obtaining feedback data, and described feedback data is signed after described forwarding module feeds back to the client in the internet after being triggered by described authentication module.
CN200710303993XA 2007-12-24 2007-12-24 Data transaction processing method and apparatus Expired - Fee Related CN101222333B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200710303993XA CN101222333B (en) 2007-12-24 2007-12-24 Data transaction processing method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200710303993XA CN101222333B (en) 2007-12-24 2007-12-24 Data transaction processing method and apparatus

Publications (2)

Publication Number Publication Date
CN101222333A true CN101222333A (en) 2008-07-16
CN101222333B CN101222333B (en) 2010-11-10

Family

ID=39631930

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200710303993XA Expired - Fee Related CN101222333B (en) 2007-12-24 2007-12-24 Data transaction processing method and apparatus

Country Status (1)

Country Link
CN (1) CN101222333B (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010124565A1 (en) * 2009-04-30 2010-11-04 北京飞天诚信科技有限公司 Method, device and system for signature
CN102202300A (en) * 2011-06-14 2011-09-28 上海众人网络安全技术有限公司 System and method for dynamic password authentication based on dual channels
CN102298683A (en) * 2010-06-22 2011-12-28 国民技术股份有限公司 Authentication device, system and method for short-distance radio-frequency communication authentication
CN101504731B (en) * 2009-03-20 2011-12-28 龙冬阳 Movable recognition system based on NFC
CN102307188A (en) * 2011-08-17 2012-01-04 东信和平智能卡股份有限公司 Subscriber identity module (SIM)-based universal serial bus (USB) key encryption/decryption system and encryption/decryption method
CN102316428A (en) * 2011-09-30 2012-01-11 福源立信(北京)科技有限公司 Method for communication between mobile application client and intelligent card and device
CN102387255A (en) * 2011-10-25 2012-03-21 福源立信(北京)科技有限公司 Method and device for utilizing intelligent card to process third-party expanded service data
CN101605325B (en) * 2009-06-29 2012-06-06 钱袋网(北京)信息技术有限公司 Method for identity authentication, mobile terminal, server, and identity authentication system
CN102521744A (en) * 2011-12-26 2012-06-27 中兴通讯股份有限公司 Network payment method and apparatus thereof
CN102595391A (en) * 2011-01-18 2012-07-18 中兴通讯股份有限公司 Method, system and device capable of achieving safe triggering
CN102754132A (en) * 2009-08-20 2012-10-24 Rwe股份公司 Method and device for identifying an electric vehicle in relation to a billing system
CN102811224A (en) * 2012-08-02 2012-12-05 天津赢达信科技有限公司 Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection
CN103095694A (en) * 2013-01-09 2013-05-08 深圳市文鼎创数据科技有限公司 Control method and device for digital certificate
CN103475488A (en) * 2013-09-25 2013-12-25 江苏众瀛联合数据科技有限公司 Method and system for identifying identity
CN104268756A (en) * 2014-09-18 2015-01-07 深圳市中兴移动通信有限公司 Mobile payment method and system
CN104836776A (en) * 2014-02-10 2015-08-12 阿里巴巴集团控股有限公司 Data interaction method and device
CN105025480A (en) * 2014-04-29 2015-11-04 中国电信股份有限公司 User card digital signature verification method and system
CN105072136A (en) * 2015-09-06 2015-11-18 李宏仲 Method and system for security authentication between devices based on virtual drive
CN106411520A (en) * 2015-07-29 2017-02-15 腾讯科技(深圳)有限公司 Method, device and system for processing virtual resource data
CN106991564A (en) * 2017-04-05 2017-07-28 恒宝股份有限公司 A kind of Internet of Things Payment Card and its Transaction Information confirmation method
CN107548056A (en) * 2017-08-31 2018-01-05 北京博思汇众科技股份有限公司 A kind of roaming data treating method and apparatus
CN108765160A (en) * 2018-07-24 2018-11-06 孔德键 The network trading method and internet trading system of compound judgement
CN109560932A (en) * 2017-09-25 2019-04-02 北京云海商通科技有限公司 The recognition methods of identity data, apparatus and system
CN111125667A (en) * 2019-12-09 2020-05-08 北京握奇智能科技有限公司 Roaming key calling method, device and system
CN114650140A (en) * 2020-12-21 2022-06-21 国民科技(深圳)有限公司 Mobile terminal, server, and method of executing electronic signature

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105405012A (en) * 2014-09-11 2016-03-16 苏州海博智能系统有限公司 Smart IC card and payment processing method

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9331990B2 (en) * 2003-12-22 2016-05-03 Assa Abloy Ab Trusted and unsupervised digital certificate generation using a security token
CN100542088C (en) * 2005-08-11 2009-09-16 北京握奇数据系统有限公司 A kind of physical certifying method and a kind of electronic installation
CN1805339B (en) * 2005-12-31 2010-05-12 北京握奇数据系统有限公司 Digital signature supporting personal trusted device and its method for implementing signature

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101504731B (en) * 2009-03-20 2011-12-28 龙冬阳 Movable recognition system based on NFC
WO2010124565A1 (en) * 2009-04-30 2010-11-04 北京飞天诚信科技有限公司 Method, device and system for signature
CN101605325B (en) * 2009-06-29 2012-06-06 钱袋网(北京)信息技术有限公司 Method for identity authentication, mobile terminal, server, and identity authentication system
US10131243B2 (en) 2009-08-20 2018-11-20 Innogy Se Method and device for identifying an electric vehicle by receiving a current contract key in an electric vehicle
CN102754132A (en) * 2009-08-20 2012-10-24 Rwe股份公司 Method and device for identifying an electric vehicle in relation to a billing system
CN102298683A (en) * 2010-06-22 2011-12-28 国民技术股份有限公司 Authentication device, system and method for short-distance radio-frequency communication authentication
CN102595391A (en) * 2011-01-18 2012-07-18 中兴通讯股份有限公司 Method, system and device capable of achieving safe triggering
CN102202300A (en) * 2011-06-14 2011-09-28 上海众人网络安全技术有限公司 System and method for dynamic password authentication based on dual channels
CN102202300B (en) * 2011-06-14 2016-01-20 上海众人网络安全技术有限公司 A kind of based on twin-channel dynamic cipher authentication system and method
CN102307188A (en) * 2011-08-17 2012-01-04 东信和平智能卡股份有限公司 Subscriber identity module (SIM)-based universal serial bus (USB) key encryption/decryption system and encryption/decryption method
CN102316428A (en) * 2011-09-30 2012-01-11 福源立信(北京)科技有限公司 Method for communication between mobile application client and intelligent card and device
CN102316428B (en) * 2011-09-30 2015-04-15 北京中清怡和科技有限公司 Method for communication between mobile application client and intelligent card and device
CN102387255A (en) * 2011-10-25 2012-03-21 福源立信(北京)科技有限公司 Method and device for utilizing intelligent card to process third-party expanded service data
CN102387255B (en) * 2011-10-25 2014-07-23 北京中清怡和科技有限公司 Method and device for utilizing intelligent card to process third-party expanded service data
CN102521744A (en) * 2011-12-26 2012-06-27 中兴通讯股份有限公司 Network payment method and apparatus thereof
CN102521744B (en) * 2011-12-26 2017-11-03 中兴通讯股份有限公司 Method of network payment and device
CN102811224A (en) * 2012-08-02 2012-12-05 天津赢达信科技有限公司 Method, device and system for implementation of SSL (secure socket layer)/TLS (transport layer security) connection
CN103095694A (en) * 2013-01-09 2013-05-08 深圳市文鼎创数据科技有限公司 Control method and device for digital certificate
CN103475488A (en) * 2013-09-25 2013-12-25 江苏众瀛联合数据科技有限公司 Method and system for identifying identity
CN104836776A (en) * 2014-02-10 2015-08-12 阿里巴巴集团控股有限公司 Data interaction method and device
CN105025480A (en) * 2014-04-29 2015-11-04 中国电信股份有限公司 User card digital signature verification method and system
CN105025480B (en) * 2014-04-29 2019-04-05 中国电信股份有限公司 The method and system of subscriber card digital signature authentication
CN104268756B (en) * 2014-09-18 2019-03-05 努比亚技术有限公司 Method of mobile payment and system
CN104268756A (en) * 2014-09-18 2015-01-07 深圳市中兴移动通信有限公司 Mobile payment method and system
CN106411520A (en) * 2015-07-29 2017-02-15 腾讯科技(深圳)有限公司 Method, device and system for processing virtual resource data
CN105072136A (en) * 2015-09-06 2015-11-18 李宏仲 Method and system for security authentication between devices based on virtual drive
CN105072136B (en) * 2015-09-06 2018-02-09 李宏仲 A kind of equipment room safety certifying method and system based on virtual drive
CN106991564A (en) * 2017-04-05 2017-07-28 恒宝股份有限公司 A kind of Internet of Things Payment Card and its Transaction Information confirmation method
CN107548056B (en) * 2017-08-31 2021-01-01 北京博思汇众科技股份有限公司 Roaming data processing method and device
CN107548056A (en) * 2017-08-31 2018-01-05 北京博思汇众科技股份有限公司 A kind of roaming data treating method and apparatus
CN109560932A (en) * 2017-09-25 2019-04-02 北京云海商通科技有限公司 The recognition methods of identity data, apparatus and system
CN108765160A (en) * 2018-07-24 2018-11-06 孔德键 The network trading method and internet trading system of compound judgement
CN111125667A (en) * 2019-12-09 2020-05-08 北京握奇智能科技有限公司 Roaming key calling method, device and system
CN114650140A (en) * 2020-12-21 2022-06-21 国民科技(深圳)有限公司 Mobile terminal, server, and method of executing electronic signature

Also Published As

Publication number Publication date
CN101222333B (en) 2010-11-10

Similar Documents

Publication Publication Date Title
CN101222333B (en) Data transaction processing method and apparatus
EP2859488B1 (en) Enterprise triggered 2chk association
CN101414909B (en) System, method and mobile communication terminal for verifying network application user identification
EP2859489B1 (en) Enhanced 2chk authentication security with query transactions
US20160307194A1 (en) System and method for point of sale payment data credentials management using out-of-band authentication
US20200342439A1 (en) Method, client device and pos terminal for offline transaction
US20110103586A1 (en) System, Method and Device To Authenticate Relationships By Electronic Means
US20020178122A1 (en) System and method for confirming electronic transactions
US20100332832A1 (en) Two-factor authentication method and system for securing online transactions
CA2914956C (en) System and method for encryption
US20210209582A1 (en) Virtual smart card for banking and payments
CN102202300A (en) System and method for dynamic password authentication based on dual channels
KR20140125449A (en) Transaction processing system and method
CN101770619A (en) Multiple-factor authentication method for online payment and authentication system
JP2013514556A (en) Method and system for securely processing transactions
CN112953970A (en) Identity authentication method and identity authentication system
CN101448001A (en) System for realizing WAP mobile banking transaction security control and method thereof
CN102694781A (en) Internet-based system and method for security information interaction
CN101916476A (en) Mobile data transmission method based on combination of SD (Secure Digital) encrypted card and short-distance wireless communication technology
JP2015537399A (en) Application system for mobile payment and method for providing and using mobile payment means
CN102694782A (en) Internet-based device and method for security information interaction
CN101944216A (en) Two-factor online transaction safety authentication method and system
EP1142194A1 (en) Method and system for implementing a digital signature
US10867326B2 (en) Reputation system and method
CN104835038A (en) Networking payment device and networking payment method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee after: BEIJING WATCHDATA Co.,Ltd.

Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden

Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd.

CP01 Change in the name or title of a patent holder
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20101110