CN101231737B - Method and system for enhancing internet bank trade security - Google Patents
Method and system for enhancing internet bank trade security Download PDFInfo
- Publication number
- CN101231737B CN101231737B CN200810100872.XA CN200810100872A CN101231737B CN 101231737 B CN101231737 B CN 101231737B CN 200810100872 A CN200810100872 A CN 200810100872A CN 101231737 B CN101231737 B CN 101231737B
- Authority
- CN
- China
- Prior art keywords
- user
- input
- unit
- transaction data
- audio frequency
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to the field of communication security, in particular to a system for tightening the security of on-line banking transactions and a method thereof. The system comprises a signal input and output device, a client-side information security device which supports audio processing, a computer terminal connected with an on-line bank server. The method adopted by the invention comprises the following steps: a computer is connected through the information security device; the transaction data input by a user is output in the form of audio through the information security device; an audio acknowledgement message is input to the information security device by means of audio input for voiceprint recognition; after the identity is confirmed to be legal, the client-side information security device encrypts or digitally signs all information input by users, and sends the information to the on-line bank server terminal in the form of cipher text. Certification information, as executing and confirming order, is stored in the form of audio, is unique and can not be repudiated. By adopting the method, the on-line banking transaction security can be tightened.
Description
Technical field
The present invention relates to field of communication security, particularly a kind of by data message being carried out audio frequency processing and Application on Voiceprint Recognition and strengthened the system and method for internet bank trade security in information safety device.
Background technology
Along with the develop rapidly of computer technology, information network has become the important guarantee of social development.Under this trend, online-banking is done honest work and is day by day rooted in the hearts of the people, and has become the network application field of now tool potentiality." Web bank " is to be medium take internet, for client provides e-bank's product of financial service.Web bank is the product of information age, its birth, making originally must be to the client of bank counter transacting business, just can directly enter bank by internet, business such as arbitrarily carrying out account inquiry, transfer accounts, foreign exchange trading, bank transfer, shopping online, account are reported the loss, client really accomplishes home-confined all bankings of settling.Web bank's service system open-minded, concerning bank and client, all will increase work efficiency greatly, allow fund create high benefit, thereby reduce costs of production and operation.
But, to enjoy in Web bank offers convenience in ordinary populace and enterprise, its safety problem also emerges gradually.Because network personal information and enterprise's confidential information are divulged a secret or monitored, bring the example of immeasurable loss not within minority to individual and enterprise.Therefore in the practical application of bank data communication on the net, all may and divulge a secret due to information leakage and have serious consequences and harmful effect at any time, in prior art, increasing Web bank user by selecting guarantees that with intelligent cipher key equipment it is in the processing safety of carrying out in internet bank trade process.
Intelligent cipher key equipment (claiming again information safety device) is a kind of small hardware device with processor and storer, and it adopts double factor authentication pattern, and use is simple, cost is lower.Its built-in single-chip microcomputer or intelligent card chip, can store user's key or digital certificate, utilizes the authentication of the built-in cryptographic algorithms' implementation of intelligent cipher key equipment to user identity.The functions such as that intelligent cipher key equipment has is E-mail enciphered, digital signature, safety certificate, secure network login and access SSL secure network, and have and guarantee that user's private key leaves the feature of hardware never, also have the physically characteristic of attack protection, security is high.
But said process can not guarantee to need the security of digital signature or enciphered data completely, because also there is potential safety hazard in computing machine itself, for example, in the time that computing machine has suffered trojan horse, need the data of digital signature or encryption to be distorted by bottom wooden horse, then be transferred to intelligent cipher key equipment and carry out digital signature or encryption, whether user cannot judge needs the data of digital signature or encryption correct in intelligent cipher key equipment, this has had a strong impact on the security of intelligent cipher key equipment, make intelligent cipher key equipment lose the value of its existence, simultaneously, also will inevitably bring unnecessary loss to user.
Application on Voiceprint Recognition (Voiceprint Recognition, VPR), also referred to as Speaker Identification (Speaker Recognition), everyone existing relative stability of audio frequency acoustic feature, there is again variability, be not absolute, unalterable, this variation can be from physiology, pathology, psychology, simulation, camouflage, also relevant with environmental interference.However,, because everyone vocal organs are not quite similar, therefore in the ordinary course of things, people still can distinguish different people's sound or judge whether is same people's sound.Different from speech recognition, the feature of Application on Voiceprint Recognition must be " personalization " feature, and the feature of Speaker Identification must be " common feature " to speaker.With other biological recognition technology, such as fingerprint recognition, the identification of palm shape, iris recognition etc. compared, Application on Voiceprint Recognition does not have can lose and forget, do not need memory, the advantage such as easy to use, people depend on password and password more and more now, along with its defect of frequent application of different occasions is obvious all the more.In Application on Voiceprint Recognition process, each pronunciation is all controlled by the prompting text producing at random, can effectively prevent from copying and plagiarizing, can say, sound groove recognition technology in e has obvious advantage compared with other biological recognition technology, can escort for growing electronic business transaction, ecommerce, international trade, and easy to operate, succinct, be easily vast computer user and accept.
The feature of the multiplex acoustics aspect of Voiceprint Recognition System, the feature that characterizes a personal touch should be multifaceted, comprising: (1) acoustic feature (as frequency spectrum, cepstrum, resonance peak, fundamental tone, reflection coefficient etc.) relevant with the anatomical structure of the mankind's pronunciation mechanism, nasal sound, band deep breathing sound, hoarse sound, laugh etc.; (2) be subject to semanteme that socioeconomic status, education level, birthplace etc. affect, rhetoric, pronunciation, speech custom etc.; (3) personal touch or be subject to the features such as the rhythm that father and mother affect, rhythm, speed, intonation, volume.From utilizing the angle that mathematical method can modeling, the current operable feature of the automatic model of cognition of vocal print comprises: (1) acoustic feature (cepstrum); (2) lexical characteristics (the word n-gram that speaker is relevant, phoneme n-gram); (3) prosodic features (fundamental tone and the energy " posture " that utilize n-gram to describe); (4) languages, dialect and accent information; (5) channel information (using which kind of passage) etc.According to different mission requirements, Application on Voiceprint Recognition also faces the problem that a feature selecting or feature are selected.For example, to " channel " information, in criminal investigation application, hope need not, that is to say and wish to weaken the impact of channel on Speaker Identification, because we wish with what channel system, it can recognize regardless of speaker; And on bank transaction, hope channel information, wishes that channel has considerable influence to Speaker Identification, thereby can reject the impact that recording, imitation etc. bring.In a word, feature, should be able to distinguish different speakers effectively preferably, but can in the time that same speaker's voice change, keep relative stablizing; Be difficult for being imitated or can solving preferably the imitation problem by other people by other people; There is good noiseproof feature.Certainly, these problems also can go to solve by model method.For pattern-recognition, there are following several large class methods: (1) template matching method: utilize dynamic time bending (DTW) to aim at training and testing characteristic sequence, be mainly used in the application (being generally text-dependent task) of fixed phrases; (2) arest neighbors method: retain all eigenvectors when training, when identification, each vector is found to K nearest in trained vector, identify accordingly, the amount of model storage and similar calculating is all very large conventionally; (3) neural net method: have a variety of forms, as Multilayer Perception, radial basis function (RBF) etc., can explicit training to distinguish speaker and its background speaker, its training burden is very large, and the replicability of model is bad; (4) hidden Markov model (HMM) method: conventionally use the HMM of single state, or gauss hybrid models (GMM), be popular method, effect is relatively good; (5) VQ clustering method (as LBG): effect is relatively good, algorithm complex is not high yet, and HMM method cooperates and more can receive better effect; (6) polynomial expression classifier methods: have higher precision, but model storage and calculated amount are all larger; Can the key issue that Application on Voiceprint Recognition need to solve also has a lot, such as short speech problem, carry out model training with very short voice, and identifies with the very short time, and this is mainly that the sound application that is difficult for obtaining is required; Sound imitates (or playing a record) problem, effectively distinguish and imitate sound (recording) and real sound; In the words of speaking more people situation, target speaker's effectively detects; Eliminate or weaken the impact that sound variation (different language, content, mode, health, time, age etc.) is brought; Eliminate the impact that channel difference and background noise bring, now need to use some other technology and assisted, as the technology such as denoising, self-adaptation.
In existing internet bank trade process, tend to occur that Net silver user denies transactions history, or Web bank fails according to the situation of the transaction data execution valid function of user's input, thereby cause the failure of transaction, or faulty operation, once there is this situation, both sides are difficult to settle disputes at short notice, find out party responsible, bring regular hour loss and material damage therefore will inevitably to user or Web bank.
Summary of the invention
In view of the deficiencies in the prior art, the invention provides a kind of information safety device that utilizes the transaction data of user's input is carried out to audio playback, realizing user side data security for the final mode of confirming of validated user sends, to solve in prior art because the transaction data that needs are encrypted or sign may be tampered the problem that causes safety of information safety device to reduce before transmission, the present invention also utilizes Application on Voiceprint Recognition function that information safety device has to identify the legitimacy of user person's identity.
A system that strengthens internet bank trade security, comprising: client-side information safety feature, terminal and Web bank's server of signal input-output unit, the processing of support audio frequency; Described audio frequency input-output unit, client-side information safety feature, terminal is connected with Web bank server;
Described signal input-output unit comprises: for user input the audio frequency input block of audio-frequency information, the mode play by audio frequency is exported the transaction data audio output unit of user's input;
The client-side information safety feature of described support audio frequency processing comprises: signal input unit, Application on Voiceprint Recognition unit, acoustic control operation unit, the first storage unit, converting unit, signal output unit, ciphering unit, data transfer unit; Described signal input unit, Application on Voiceprint Recognition unit, acoustic control operation unit, the first storage unit, ciphering unit, data transmission unit are connected; Described data transfer unit again with the first storage unit, converting unit, signal output unit are connected;
Described Web bank server is made up of data receiver unit, the second storage unit, decryption unit, transaction performance element.
The client-side information safety feature of described support audio frequency processing also comprises:
Signal input unit, comprising: single button, numerical key, microphone; Input transaction data and authentication information for user; Wherein authentication information is: PIN code information, User Defined password, audio user information.
Signal output unit, comprising: earphone, loudspeaker; For export the transaction data of described user's input by the mode of audio frequency.
In described client-side information safety feature:
Described information input unit, for receiving the audio frequency confirmation of user's input;
Described the first storage unit, the transaction data for the sound signal, user of audio frequency confirmation, validated user of storing user's input that described signal input unit receives by computer input, the audio-frequency information of user's input and carry out related data and the cipher key agreement algorithm of cipher key agreement process with described Web bank server end;
Described converting unit, for converting described user to sound signal by the transaction data of computer input;
Described signal output unit, for exporting the sound signal after converting unit conversion;
Described Application on Voiceprint Recognition unit, the audio frequency confirmation of inputting for the user that signal input unit is received is identified, and judges that whether user identity is legal;
Described acoustic control operation unit, for resolving the sound signal of user's input, judges the operational order that described sound signal is corresponding, and carries out corresponding operation according to described operational order;
Described ciphering unit, for carrying out digital signature or encryption to described user by the transaction data of computer input, the audio frequency confirmation of user's input;
Described data transfer unit, for sending the transaction data of user's input to described information safety device by computing machine, and the transaction data after digital signature or encryption and audio frequency confirmation are sent to Web bank's server by computing machine.
Described operational order comprises: confirm, cancel, end task, return.
In described Web bank server:
Described data receiver unit, transaction data and the audio user confirmation after encryption or the digital signature that send by computing machine for receiving described client-side information safety feature;
Described the second storage unit, for storing user account information, user's audio frequency confirmation, customer transaction data, for carrying out related data and the cipher key agreement algorithm of cipher key agreement process with described client-side information safety feature.
Described decryption unit, for being decrypted the transaction data after described encryption or digital signature;
Described transaction performance element, carries out final transaction operation for the data content after deciphering.
A method that strengthens internet bank trade security, specifically comprises the following steps:
Steps A: information safety device and computing machine connect, described computing machine receive the data of described user input and by described data transmission to described information safety device;
Step B: described information safety device receives after the next transaction data of described computing machine transmission, described transaction data is carried out to digital-to-analog conversion, and the mode of playing by audio frequency is exported described transaction data;
Step C: described information safety device is waited for the described user's confirmation of reception, after confirming that transaction data is errorless, the mode of inputting by audio frequency sends the order of carrying out described transaction to described information safety device;
Step D: described information safety device receives the audio frequency confirmation of described user's input, by Application on Voiceprint Recognition, described user is carried out to authentication and parsing, after authentication success, carries out corresponding operating.
Described step D also comprises:
D1: digital signature or encrypting and transmitting are carried out to the audio-frequency information of described transaction data and described user input in described information safety device inside;
D2: described Web bank server end receives transaction data and the audio user confirmation through digital signature or after encrypting that described information safety device sends, and described data and audio frequency confirmation are decrypted and are stored;
D3: described Web bank server is concluded the business described in the information and executing in described transaction data.
In described step D, described information safety device receives described audio user confirmation, by Application on Voiceprint Recognition, described user is carried out to authentication, specifically comprise: described information safety device is by comparing the vocal print Template Information receiving after the audio frequency confirmation of described user input with the validated user of its storage inside, judge whether both mate, if so, think that described user identity is legal, otherwise, think that described user identity is illegal.
In described step D, described information safety device is resolved specifically and is comprised the audio frequency confirmation of described user's input: the pre-service to sound signal, feature extraction, pattern match, described pre-service comprises pre-filtering, sampling and quantification, windowing, end-point detection, pre-emphasis.
After described step B, also can carry out following operation:
Step C ': described information safety device waits for that receiving the mode that described user inputs by audio frequency sends following operational order to described information safety device: cancel, end task, return, upwards page turning or page turning downwards, re-reading operation.
Beneficial effect of the present invention is: utilize device and method provided by the invention, utilize information safety device to carry out before internet bank trade user, the mode of the transaction data of user's input being play with audio frequency by information safety device is exported, user confirm errorless after, mode with audio frequency input is inputted audio frequency confirmation in information safety device, information safety device carries out Application on Voiceprint Recognition to the audio-frequency information of user's input again, confirm that whether its identity is legal, only errorless at transaction data, and in the legal situation of user identity, user side information safety device could be encrypted or combine digital signature operation all information of user's input, and the form with ciphertext is sent bank server end to the Web by it,
Web bank's server end is receiving after the transaction data and audio user confirmation of client-side information safety feature transmission, audio user confirmation is effectively stored, and carry out final operation according to the transaction data of user's input, owing to should depositing the audio frequency confirmation of having recorded user by row server end on the net, once in process of exchange in the future, occur that user denies the situation of transactions history, or Web bank fails to carry out valid function according to the transaction data of user's input, all can in the customer data base of bank server end, inquire historical audio frequency confirmation from network easily, because this confirmation is with audio form storage, and for carrying out the transaction data order of really accepting one's fate, there is uniqueness and non repudiation, can effectively determine the party responsible of the invalid execution that causes concluding the business.
Accompanying drawing explanation
Fig. 1 is the system construction drawing that the embodiment of the present invention 1 improves safety of information safety device;
Fig. 2 is the method flow diagram that the embodiment of the present invention 2 improves safety of information safety device;
Fig. 3 is the method flow diagram that the embodiment of the present invention 3 improves safety of information safety device.
Embodiment
Below in conjunction with the drawings and specific embodiments, the invention will be further described, but the present invention is not limited to the following examples.In the specific embodiment of the invention, information safety device is USB Key, and this is a kind of information safety device of USB interface.
Embodiment 1
As shown in Figure 1, a kind of system that strengthens internet bank trade security comprises:
Earphone 100, microphone 200, USB Key300, computing machine 400, Web bank's server 500, wherein USB Key300 comprises: usb interface unit 301, the first storage unit 302, converting unit 303, earphone interface unit 304, microphone unit 305, Application on Voiceprint Recognition unit 306, acoustic control operation unit 307, ciphering unit 308; Web bank's server 500 comprises: data receiver unit 501, the second storage unit 502, decryption unit 503, transaction performance element 504.
In the present embodiment, user inputs transaction data by computing machine 400, USB Key300 receives the transaction data of user's input by usb interface unit 301, and be stored in the first storage unit 302, converting unit 303 converts the transaction data of user's input to sound signal, and by earphone interface unit 304, the sound signal of changing output through converting unit 303 is sent in earphone 100, user is according to the information receiving from earphone, input audio-frequency information by microphone 200, microphone interface unit 305 receives after the audio-frequency information that microphone 200 sends, this audio-frequency information is sent to Application on Voiceprint Recognition unit 306, Application on Voiceprint Recognition unit 306 is differentiated the audio-frequency information of user's input, to judge the legitimacy of user identity, if Application on Voiceprint Recognition unit 306 differentiates that user identity is legal, this audio frequency confirmation is sent in acoustic control operation unit 307, resolve the audio-frequency information of user's input acoustic control operation unit 307, judge the corresponding operational order of audio-frequency information of user's input, and carry out corresponding operation according to this operational order, and operating result is stored in the first storage unit 302.
In the present embodiment, the audio-frequency information of user's input is for confirming operation command.
The first storage unit 302 is sent to the audio user confirmation receiving and user in ciphering unit 308 and is encrypted by the transaction data of computer input; Ciphering unit 308 sends to main frame by the data after encrypting by usb interface unit 301, finally by computer network, the transaction data existing with ciphertext form and audio-frequency information is sent to Web bank's server 500.
In Web bank's server 500, data receiver unit 501 receive user side send data after be stored in the second storage unit 502, and by decryption unit 503, it is decrypted, finally carry out final transaction by transaction performance element 504 according to the transaction data of user's input and operate.
In the present embodiment, Application on Voiceprint Recognition unit 306 comprises Application on Voiceprint Recognition chip, and this chip is mainly used in extraction and the pattern match of audio signal sample, audio signal characteristic amount.The task of audio signal sample is the audio-frequency information that collects continous-stable; The task of feature extraction is to extract and select user's vocal print to have acoustics or the language feature of the characteristic that separability is strong, stability is high.Extracting after characteristic quantity, the described variable quantity by biological information is converted to biological characteristic vector, this is mainly the sound amplitude/frequency/phase waveform image arriving by calculating continuous acquisition, obtains relative amplitude/frequency/phase difference and realizes.In the time that Application on Voiceprint Recognition unit 306 judges that the matching value of user's vocal print signal and the vocal print template signal of validated user acquires a certain degree, judge that this user's identity is legal, the audio frequency confirmation of this user's input is effective.
In the present embodiment, converting unit 303 is a D/A (digital-to-analog) conversion chip, for the transaction data of digital quantity being converted to the sound signal of analog quantity.
In the present embodiment, the first storage unit 302 is except for storing customer transaction data, outside user speech confirmation, also for storing related data and the cipher key agreement algorithm of carrying out cipher key agreement process with Web bank server 500; The second storage unit 502, for storing user account information, user's audio frequency confirmation, customer transaction data, for carrying out related data and the cipher key agreement algorithm of cipher key agreement process with USBKey300;
Embodiment 2
Referring to Fig. 2, a kind of method that strengthens internet bank trade security comprises:
Step 201, USB Key and computing machine connect;
The transaction data that step 202, user carry out wish by computing machine is input in USB Key;
Step 203, USB Key receive after the next data of client computer transmission, it is carried out to analog to digital conversion, and the mode of playing by audio frequency are exported;
In the present embodiment, the transaction data of user's input comprises: address name, Bank Account Number, trade date, transaction classification and dealing money;
Whether the transaction data of the formal output of playing take audio frequency in step 204, user's determining step 203 as the data of wish operation, if so, performs step 206, otherwise, execution step 205;
The transaction data of the formal output of playing with audio frequency in step 205, user's determining step 203 is not the data of wish operation, sound signal " cancels and operating " to form with audio frequency input to USB Key input, USB Key carries out the cancellation operational order of user with the form input of audio frequency input, cancels this operation;
The transaction data of the formal output of playing with audio frequency in step 206, user's determining step 203 is the data of wish operation, inputs " confirmation " sound signal with the form of audio frequency input to USB Key;
Step 207, USB Key receive after " confirmation " sound signal of user's input, and its inside judges that by the mode of Application on Voiceprint Recognition whether user identity is legal, performs step 209 if legal, otherwise execution step 208;
Step 208, USB Key inside judge that by the mode of Application on Voiceprint Recognition user identity is illegal, and USB Key point out error message by main frame to user;
Step 209, USB Key inside judge that by the mode of Application on Voiceprint Recognition user identity is legal, carry out key agreement by computing machine and Web bank's server end, and the audio frequency confirmation of the transaction data to user input and user's input with the session key generating is encrypted, and send the data after encrypting to the Web bank server end by computing machine;
Step 210: Web bank's server end receives after the data of user side USB Key transmission, utilizes session key that the data after encrypting are decrypted and are stored;
Step 211: Web bank's server end is carried out follow-up transaction operation according to the data content after deciphering.
Embodiment 3
Referring to Fig. 3, a kind of method that strengthens internet bank trade security comprises:
In the present embodiment, the transaction data of user's input comprises: address name, Bank Account Number, trade date, transaction classification and dealing money;
In step 305, user's determining step 303 and step 304, whether the transaction data of the formal output that USB Key plays with audio frequency is the data of wish operation, if so, performs step 307, otherwise, execution step 306;
The transaction data of the formal output of playing with audio frequency in step 306, user's determining step 303 or step 304 is not the data of wish operation, user inputs " returning to operation " sound signal with the form of audio frequency input to USB Key, what USB Key execution user inputted with the form of audio frequency input returns to operational order, turns back to step 302;
The transaction data of the formal output of playing with audio frequency in step 307, user's determining step 303 and step 304 is the data of wish operation, and user inputs " confirmation " sound signal with the form of audio frequency input to USB Key;
A kind ofly be described in detail for the system and method that strengthens internet bank trade security provided by the present invention above, applied specific case herein principle of the present invention and embodiment are set forth, the explanation of above embodiment is just for helping to understand method of the present invention and core concept thereof; , for one of ordinary skill in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention meanwhile.
Claims (5)
1. a system that strengthens internet bank trade security, is characterized in that, this system comprises signal input-output unit, client-side information safety feature, terminal and Web bank's server, wherein
Computing machine receives the transaction data of user input, and by described transmission of transaction data to information safety device, the described transaction data receiving is carried out digital-to-analog conversion by information safety device, and export described transaction data by signal input-output unit in audio frequency mode; User is after confirming that transaction data is errorless, send confirmation in audio frequency mode to information safety device by signal input-output unit, information safety device is received after the audio frequency confirmation that user inputs, by Application on Voiceprint Recognition, described user is carried out to authentication, and after authentication success by the operation of concluding the business of computing machine and Web bank's server;
Described audio frequency input-output unit, client-side information safety feature, terminal is connected with Web bank server;
Described signal input-output unit comprises: input the audio frequency input block of audio-frequency information for user, and the mode of playing by audio frequency is exported the audio output unit of the transaction data of user's input;
Described client-side information safety feature comprises: signal input unit, Application on Voiceprint Recognition unit, acoustic control operation unit, the first storage unit, converting unit, signal output unit, ciphering unit, data transfer unit; Described signal input unit, Application on Voiceprint Recognition unit, acoustic control operation unit, the first storage unit, ciphering unit, data transmission unit are connected; Described data transfer unit again with the first storage unit, converting unit, signal output unit are connected;
Described Web bank server is made up of data receiver unit, the second storage unit, decryption unit, transaction performance element;
Described signal input unit, for receiving the audio frequency confirmation of user's input;
Described the first storage unit, the transaction data for the sound signal Template Information, user of audio frequency confirmation, validated user of storing user's input that described signal input unit receives by computer input, the audio-frequency information of user's input and carry out related data and the cipher key agreement algorithm of cipher key agreement process with described Web bank server end;
Described converting unit, for converting described user to sound signal by the transaction data of computer input;
Described signal output unit, for exporting the sound signal after converting unit conversion;
Described Application on Voiceprint Recognition unit, the audio frequency confirmation of inputting for the user that signal input unit is received is identified, and judges that whether user identity is legal;
Described acoustic control operation unit, for resolving the sound signal of user's input, judges the operational order that described sound signal is corresponding, and carries out corresponding operation according to described operational order;
Described ciphering unit, for carrying out digital signature or encryption to described user by the transaction data of computer input, the audio frequency confirmation of user's input;
Described data transfer unit, for sending the transaction data of user's input to described information safety device by computing machine, and the transaction data after digital signature or encryption and audio frequency confirmation are sent to Web bank's server by computing machine;
Described operational order comprises: confirm, cancel, end task, return.
2. a kind of system that strengthens internet bank trade security according to claim 1, is characterized in that, in described Web bank server:
Described data receiver unit, transaction data and the audio user confirmation after encryption or the digital signature that send by computing machine for receiving described client-side information safety feature;
Described the second storage unit, for storing user account information, user's audio frequency confirmation, customer transaction data, for carrying out related data and the cipher key agreement algorithm of cipher key agreement process with described client-side information safety feature;
Described decryption unit, for being decrypted the transaction data after described encryption or digital signature;
Described transaction performance element, carries out final transaction operation for the data content after deciphering.
3. a method that strengthens internet bank trade security, is characterized in that, specifically comprises the following steps:
Steps A: information safety device and computing machine connect;
Step B: computing machine receives the transaction data of user's input, and by extremely described information safety device of described transmission of transaction data;
Step C: information safety device receives after the next transaction data of computing machine transmission, described transaction data is carried out to digital-to-analog conversion, and the mode of playing by audio frequency is exported described transaction data;
Step D: user confirms that the mode of inputting by audio frequency sends confirmation to information safety device after confirming that transaction data is errorless;
Step e: information safety device receives after the audio frequency confirmation of described user's input, by Application on Voiceprint Recognition, described user is carried out to authentication, and after authenticated identity is legal, audio frequency confirmation to described user's input is resolved, judge the corresponding operational order of audio frequency confirmation of user's input, and carry out corresponding operation according to this operational order;
Described step e also comprises:
E1: information safety device inside is carried out digital signature or encryption and sends to Web bank's server by computing machine the audio-frequency information of described transaction data and described user input;
E2: Web bank's server receives transaction data and the audio frequency confirmation through digital signature or after encrypting, and described transaction data and audio frequency confirmation are decrypted and are stored;
E3: Web bank's server is according to the information and executing transaction in described transaction data.
4. a kind of method that strengthens internet bank trade security according to claim 3, it is characterized in that, in step e, information safety device receives after audio user confirmation, by Application on Voiceprint Recognition, described user is carried out to authentication, specifically comprise: described information safety device is by comparing the vocal print Template Information receiving after the audio frequency confirmation of described user input with the validated user of its storage inside, judge whether both mate, if, think that described user identity is legal, otherwise, think that described user identity is illegal.
5. a kind of method that strengthens internet bank trade security according to claim 3, it is characterized in that, in step e, information safety device is resolved specifically and is comprised the audio frequency confirmation of described user's input: the pre-service to sound signal, feature extraction, pattern match, described pre-service comprises pre-filtering, sampling and quantification, windowing, end-point detection, pre-emphasis.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810100872.XA CN101231737B (en) | 2008-02-25 | 2008-02-25 | Method and system for enhancing internet bank trade security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810100872.XA CN101231737B (en) | 2008-02-25 | 2008-02-25 | Method and system for enhancing internet bank trade security |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101231737A CN101231737A (en) | 2008-07-30 |
| CN101231737B true CN101231737B (en) | 2014-06-04 |
Family
ID=39898184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810100872.XA Active CN101231737B (en) | 2008-02-25 | 2008-02-25 | Method and system for enhancing internet bank trade security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101231737B (en) |
Families Citing this family (25)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101409622B (en) * | 2008-11-26 | 2012-10-31 | 飞天诚信科技股份有限公司 | Digital signing system and method |
| CN101562525B (en) * | 2009-04-30 | 2012-06-27 | 飞天诚信科技股份有限公司 | Method, device and system for signature |
| CN101997995A (en) * | 2009-08-26 | 2011-03-30 | 华为技术有限公司 | User identity identification method and device as well as call center system |
| CN102098159A (en) * | 2010-07-28 | 2011-06-15 | 胡旭光 | Secret key device and method for mobile phone |
| CN101907975A (en) * | 2010-08-10 | 2010-12-08 | 北京握奇数据系统有限公司 | USBKey and method for controlling same |
| CN105873050A (en) * | 2010-10-14 | 2016-08-17 | 阿里巴巴集团控股有限公司 | Wireless service identity authentication, server and system |
| CN102904718A (en) * | 2011-07-25 | 2013-01-30 | 付洪军 | Audio communication based information security equipment and communication method thereof |
| CN102412968A (en) * | 2011-10-17 | 2012-04-11 | 中金金融认证中心有限公司 | System and method for realizing public key infrastructure (PKI) application by audio interface switching over universal serial bus (USB) protocol equipment |
| CN103532916B (en) * | 2012-07-05 | 2017-04-05 | 百度在线网络技术(北京)有限公司 | Method, mobile terminal and the voice message system of information are obtained by voice |
| CN103218565A (en) * | 2012-10-24 | 2013-07-24 | 东信和平科技股份有限公司 | Novel USB (universal serial bus) key and transaction method adopting same |
| CN103873154B (en) * | 2012-12-13 | 2016-05-25 | 恒银金融科技股份有限公司 | A kind of mobile phone receives the method for data with digital audio signature device |
| CN103973326B (en) * | 2013-01-24 | 2016-06-01 | 国民技术股份有限公司 | A kind of audio card |
| CN104422922A (en) * | 2013-08-19 | 2015-03-18 | 中兴通讯股份有限公司 | Method and device for realizing sound source localization by utilizing mobile terminal |
| CN104660408A (en) * | 2013-11-25 | 2015-05-27 | 国民技术股份有限公司 | Security authentication method and device |
| CN104660407A (en) * | 2013-11-25 | 2015-05-27 | 国民技术股份有限公司 | Security authentication method and device |
| CN104144049B (en) | 2014-03-11 | 2016-02-17 | 腾讯科技(深圳)有限公司 | A kind of encryption communication method, system and device |
| CN104243451B (en) * | 2014-08-19 | 2018-04-13 | 天地融科技股份有限公司 | A kind of information interacting method, system and intelligent cipher key equipment |
| CN104168117B (en) * | 2014-08-20 | 2018-11-27 | 中国农业银行股份有限公司苏州分行 | A kind of speech digit endorsement method |
| CN104394123A (en) * | 2014-11-06 | 2015-03-04 | 成都卫士通信息产业股份有限公司 | A data encryption transmission system and method based on an HTTP |
| CN104599667B (en) * | 2015-01-16 | 2019-03-08 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN104734855A (en) * | 2015-02-12 | 2015-06-24 | 天地融科技股份有限公司 | Communication methods and system of intelligent secret key device and intelligent secret key device |
| US10495545B2 (en) * | 2015-10-22 | 2019-12-03 | General Electric Company | Systems and methods for determining risk of operating a turbomachine |
| CN107368724A (en) * | 2017-06-14 | 2017-11-21 | 广东数相智能科技有限公司 | Anti- cheating network research method, electronic equipment and storage medium based on Application on Voiceprint Recognition |
| CN107895256A (en) * | 2017-11-08 | 2018-04-10 | 平安科技(深圳)有限公司 | Bank account cancel loss report method for processing business, system, terminal and storage medium |
| CN110751947B (en) * | 2018-11-13 | 2021-05-07 | 北京嘀嘀无限科技发展有限公司 | Method for prompting user, electronic equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1815484A (en) * | 2006-03-06 | 2006-08-09 | 覃文华 | Digitalized authentication system and its method |
| CN1905445A (en) * | 2005-07-27 | 2007-01-31 | 国际商业机器公司 | System and method of speech identification using mobile speech identification card |
| CN101000647A (en) * | 2007-01-08 | 2007-07-18 | 北京飞天诚信科技有限公司 | Method and device for raising safety of data input |
-
2008
- 2008-02-25 CN CN200810100872.XA patent/CN101231737B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1905445A (en) * | 2005-07-27 | 2007-01-31 | 国际商业机器公司 | System and method of speech identification using mobile speech identification card |
| CN1815484A (en) * | 2006-03-06 | 2006-08-09 | 覃文华 | Digitalized authentication system and its method |
| CN101000647A (en) * | 2007-01-08 | 2007-07-18 | 北京飞天诚信科技有限公司 | Method and device for raising safety of data input |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101231737A (en) | 2008-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101231737B (en) | Method and system for enhancing internet bank trade security | |
| US20200349955A1 (en) | System and method for speaker recognition on mobile devices | |
| US9430628B2 (en) | Access authorization based on synthetic biometric data and non-biometric data | |
| US9799338B2 (en) | Voice print identification portal | |
| CN105913850B (en) | Text correlation vocal print method of password authentication | |
| US8812319B2 (en) | Dynamic pass phrase security system (DPSS) | |
| Liu et al. | An MFCC‐based text‐independent speaker identification system for access control | |
| US8139723B2 (en) | Voice authentication system and method using a removable voice ID card | |
| US20030200447A1 (en) | Identification system | |
| JP7361118B2 (en) | audible authentication | |
| CN101685635A (en) | Identity authentication system and method | |
| Saquib et al. | A survey on automatic speaker recognition systems | |
| Saquib et al. | Voiceprint recognition systems for remote authentication-a survey | |
| Anand et al. | Echovib: Exploring voice authentication via unique non-linear vibrations of short replayed speech | |
| KR101424962B1 (en) | Authentication system and method based by voice | |
| Chang et al. | My voiceprint is my authenticator: A two-layer authentication approach using voiceprint for voice assistants | |
| US20130339245A1 (en) | Method for Performing Transaction Authorization to an Online System from an Untrusted Computer System | |
| Zhang et al. | Volere: Leakage resilient user authentication based on personal voice challenges | |
| Saleema et al. | Voice biometrics: the promising future of authentication in the internet of things | |
| Nasersharif et al. | Evolutionary fusion of classifiers trained on linear prediction based features for replay attack detection | |
| Kuznetsov et al. | Methods of countering speech synthesis attacks on voice biometric systems in banking | |
| Nagakrishnan et al. | Generic speech based person authentication system with genuine and spoofed utterances: different feature sets and models | |
| CN107454044A (en) | A kind of e-book reading protection of usage right method and system | |
| Gupta et al. | Text dependent voice based biometric authentication system using spectrum analysis and image acquisition | |
| Turner | Security and privacy in speaker recognition systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Applicant after: Feitian Technologies Co., Ltd. Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing Applicant before: Beijing Feitian Chengxin Science & Technology Co., Ltd. |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: BEIJING FEITIAN CHENGXIN TECHNOLOGY CO., LTD. TO: FEITIAN TECHNOLOGIES CO., LTD. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |