CN102143482B - Method and system for authenticating mobile banking client information, and mobile terminal - Google Patents

Method and system for authenticating mobile banking client information, and mobile terminal Download PDF

Info

Publication number
CN102143482B
CN102143482B CN2011100924383A CN201110092438A CN102143482B CN 102143482 B CN102143482 B CN 102143482B CN 2011100924383 A CN2011100924383 A CN 2011100924383A CN 201110092438 A CN201110092438 A CN 201110092438A CN 102143482 B CN102143482 B CN 102143482B
Authority
CN
China
Prior art keywords
mobile
phone
information
client
server
Prior art date
Application number
CN2011100924383A
Other languages
Chinese (zh)
Other versions
CN102143482A (en
Inventor
张艳
周大文
王怡
朱道彬
张建平
姜鹏
曾凯
Original Assignee
中国工商银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国工商银行股份有限公司 filed Critical 中国工商银行股份有限公司
Priority to CN2011100924383A priority Critical patent/CN102143482B/en
Publication of CN102143482A publication Critical patent/CN102143482A/en
Application granted granted Critical
Publication of CN102143482B publication Critical patent/CN102143482B/en

Links

Abstract

The embodiment of the invention provides a method and a system for authenticating mobile banking client information, and a mobile terminal. The method comprises a mobile banking customer information binding step and a mobile banking login information authenticating step, wherein the mobile banking customer information binding step comprises the following sub-steps of: establishing a binding relationship between mobile phone subscriber identity module (SIM) card information and mobile banking registered customer information, and establishing a binding relationship between mobile phone hardware information and the mobile banking registered customer information; and the mobile banking login information authenticating step comprises the following sub-steps of: acquiring the SIM card information and the hardware information of a login mobile phone, and judging whether the SIM card information and the hardware information of the login mobile phone are matched with the mobile phone SIM card information and the hardware information in the corresponding binding relationship, if so, passing the login information authentication, otherwise, failing to pass the login information authentication. The problem of security of mobile banking system information at the client is solved.

Description

A kind of mobile banking client information authentication method

Technical field

The present invention, about Mobile banking's information security technology,, about realize the authenticating user identification of safety and the technology of Data Encryption Transmission in Mobile banking, is particularly a kind of mobile banking client information authentication method, system and mobile terminal specifically.

Background technology

Cell phone bank system has experienced several developing stage such as short message mobile phone bank, WAP Mobile banking (WAP:Wireless Application Protocol, WAP (wireless application protocol)), client mobile phone bank.Due to the client mobile phone bank customer experience that can offer the best, so client mobile phone bank will become the technology main flow.

In prior art under the B/S framework, the client working interface of Mobile banking realizes by mobile phone browser, and main the affair logic is realized at server end (Server).The user need not install any special software, the browser software that uses operating system to carry just can be accessed internet, applications, this just makes the optional security means of Mobile banking limited, and bank can only adopt traditional B/S technical standards such as safe transmission layer protocol (TLS), user name cryptographic check to realize system safety.In prior art under the C/S framework, the client mobile phone banking system of Mobile banking's client, the common complete of Mobile banking's server end.Client mobile phone bank has broken through the technical limitations of B/S framework, and the security control means are more versatile and flexible, and bank can require to do the personalized design exploitation according to inherently safe.Also, just because of the flexibility of Mobile banking's client exploitation, make the security control intensity of Mobile banking mainly by bank self, be determined., if bank still adopts merely TLS, user name cryptographic check as unique security control means, at secure context, have drawback: simple usemame/password authentication system ratio is easier to be cracked or go fishing; Can only guarantee the fail safe of data in the public network transmission channel by tls protocol, can not guarantee that client is inner, and the data security in bank's internal network (for example user's critical data may be intercepted and captured by the interior employee of bank at bank's internal network).The function that present mobile phone client software development platform provides is very abundant, the API operating handset hardware capability that the third party application developer can provide by platform, or obtain mobile phone hardware information, take full advantage of the peculiar technology of these mobile phones, be applied to the Mobile banking security fields, can improve Mobile banking's security control intensity, reach the safety requirements of carrying out banking.

Summary of the invention

The embodiment of the present invention provides a kind of mobile banking client information authentication method, system and mobile terminal, to solve the problem of client mobile phone banking system Information Security.

One of purpose of the present invention is, a kind of mobile banking client information authentication method is provided, and the method comprises: Mobile banking's customer information binding step and Mobile banking's log-on message verification step; Wherein, Mobile banking's customer information binding step comprises: the binding relationship of setting up SIM cards of mobile phones information and the registered client of Mobile banking information; Set up the binding relationship of mobile phone hardware information and the registered client of Mobile banking information; Mobile banking's log-on message verification step comprises: the SIM card information and the hardware information that obtain the login mobile phone; Judge the SIM card information of described login mobile phone and hardware information whether with corresponding binding relationship in SIM cards of mobile phones information and hardware information be complementary, if: log-on message is verified, if not: log-on message authentication failed.

Mobile banking's customer information binding step also comprises: the binding relationship of setting up mobile phone special exercise trace information and the registered client of Mobile banking information; Mobile banking's log-on message verification step also comprises: the motion track information of obtaining the login mobile phone; The motion track information of judgement login mobile phone whether with corresponding binding relationship in mobile phone special exercise trace information be complementary, if: log-on message is verified, if not: log-on message authentication failed.

Mobile banking's customer information binding step also comprises: the binding relationship of setting up handset touch panel specific touch trace information and the registered client of Mobile banking information; Mobile banking's log-on message verification step also comprises: the touch track information of obtaining the login handset touch panel; The touch track information of judgement login handset touch panel whether with corresponding binding relationship in handset touch panel specific touch trace information be complementary, if: log-on message is verified, if not: log-on message authentication failed.

One of purpose of the present invention is, a kind of mobile banking client information authentication method is provided, the method comprises: client terminal device is arranged in mobile phone, make mobile phone obtain server with Mobile banking's server and cell-phone number respectively by WAP gateway and communicate, and make cell-phone number obtain server and Mobile banking's server communicates; Wherein, the binding relationship of the binding relationship of Mobile banking's server stores phone number and the registered client of Mobile banking information and mobile phone IMEI and the registered client of Mobile banking information; Client terminal device obtains the SIM card information of mobile phone, generates the cell-phone number comprise SIM card information and obtains instruction, and cell-phone number is obtained instruction send to WAP gateway; Client terminal device obtains the IMEI of mobile phone, and sends to WAP gateway after the IMEI of mobile phone is encrypted; WAP gateway receives cell-phone number and obtains instruction, and according to the SIM card acquisition of information to corresponding phone number, the cell-phone number that will comprise phone number obtains instruction and is transmitted to cell-phone number and obtains server; WAP gateway receives IMEI, and IMEI is transmitted to Mobile banking's server; Cell-phone number obtains server and receives the cell-phone number comprise described phone number and obtain instruction, extracts phone number and sends to Mobile banking's server; Mobile banking's server receives phone number and the IMEI of mobile phone, judge phone number and IMEI whether with corresponding binding relationship in phone number and IMEI be complementary, if: export log-on message and be verified message, if not: export log-on message authentication failed message.

One of purpose of the present invention is, a kind of mobile banking client information Verification System is provided, and this system comprises: mobile phone and client terminal device, client terminal device are arranged in described mobile phone; This system also comprises: Mobile banking's server; Wherein, Mobile banking's server comprises: the binding relationship memory cell is used for memory mobile phone SIM card information and the binding relationship of the registered client of Mobile banking information and the binding relationship of mobile phone hardware information and the registered client of Mobile banking information; The log-on message receiving element, for the SIM card information and the hardware information that receive described mobile phone; The log-on message authentication unit, be used for judging that whether the SIM card information of described mobile phone and hardware information are complementary with SIM cards of mobile phones information and the hardware information of corresponding binding relationship, if: export log-on message and be verified message, if not: export log-on message authentication failed message; Client terminal device comprises: the SIM card information acquisition unit, for the SIM card information of obtaining described mobile phone; The hardware information acquiring unit, for the hardware information that obtains described mobile phone; The secure communication unit, be used for the SIM card information of output mobile phone and the hardware information of mobile phone.

One of purpose of the present invention is, a kind of mobile banking client information Verification System is provided, and this system comprises: mobile phone and client terminal device, client terminal device are arranged in mobile phone; This system also comprises: WAP gateway, cell-phone number obtain server and Mobile banking's server; Wherein, Mobile banking's server comprises: the binding relationship memory cell is used for memory mobile phone number and the binding relationship of the registered client of Mobile banking information and the binding relationship of mobile phone IMEI and the registered client of Mobile banking information; The log-on message receiving element, be used for receiving phone number and IMEI; The log-on message authentication unit, be used for judging that whether phone number and IMEI are complementary with phone number and the IMEI of corresponding binding relationship, if: export log-on message and be verified message, if not: export log-on message authentication failed message; Client terminal device comprises: obtain the instruction generation unit, be used for obtaining the SIM card information of mobile phone, generate the cell-phone number that comprises SIM card information and obtain instruction; The hardware information acquiring unit, for the IMEI that obtains mobile phone; The secure communication unit, be used for the output cell-phone number and obtain the IMEI of instruction and mobile phone; WAP gateway comprises: the instruction retransmission unit is used for receiving cell-phone number and obtains instruction, and, according to the phone number of SIM card acquisition of information to correspondence, generates and forward the cell-phone number that comprises phone number and obtain instruction; The hardware information retransmission unit, be used for receiving IMEI, and forward IMEI; Cell-phone number obtains server and obtains instruction for receiving the cell-phone number that comprises phone number, extracts phone number and output.

One of purpose of the present invention is, a kind of Mobile banking client mobile terminal is provided, and this mobile terminal comprises: mobile phone body and SIM card; This mobile terminal also comprises: client terminal device, client terminal device are arranged in mobile phone body; Wherein, client terminal device comprises: obtain the instruction generation unit, be used for obtaining the SIM card information of mobile phone, generate the cell-phone number that comprises SIM card information and obtain instruction; The hardware information acquiring unit, for the IMEI that obtains mobile phone; DEU data encryption unit, be encrypted for the IMEI that cell-phone number is obtained instruction and mobile phone; The secure communication unit, the cell-phone number that is used for the output encryption obtains the IMEI of instruction and mobile phone.

The present invention can be widely used in a plurality of scenes of Mobile banking's application, and the present invention combines the mobile phone hardware feature, can increase Mobile banking's security control, is embodied in following aspect:

1) binding mobile phone hardware information:, with user mobile phone hardware information and Mobile banking's log-on message binding, can guarantee that the user only has the mobile phone of use oneself could operate bank account., even the user name password is stolen, steals the people and also can't operate the people's that is stolen bank account, economic loss.

2) user bound SIM card:, by with user mobile phone number and Mobile banking's log-on message binding, can guarantee that the user only has the SIM card of use oneself could operate bank account., even the user name password is stolen, steals the people and also can't operate the people's that is stolen bank account, economic loss.

3) with the user hold mobile phone the time certain gestures as the safety certification means, further strengthened the fail safe of Mobile banking's login.

4) particular track that the user is touched out on handset touch panel, as the safety certification means, has further been strengthened the fail safe of Mobile banking's login.

Description of drawings

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below will the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those skilled in the art, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.

Fig. 1 is embodiment of the present invention mobile banking client information authentication method flow chart;

Fig. 2 is that arranging of embodiment of the present invention mobile phone and SIM card and client terminal device concerns schematic diagram;

Fig. 3 is embodiment of the present invention mobile banking client information Verification System connection diagram;

Fig. 4 is the structured flowchart of the client terminal device of embodiment of the present invention system;

Fig. 5 is the structured flowchart of the WAP gateway of embodiment of the present invention system;

Fig. 6 is the structured flowchart of Mobile banking's server of embodiment of the present invention system;

Fig. 7 is the circuit theory diagrams of embodiment of the present invention mobile phone;

Fig. 8 is the structured flowchart of the client terminal device of embodiment of the present invention mobile phone;

Fig. 9 is the structured flowchart of Mobile banking's server of the embodiment of the present invention and mobile communication;

Figure 10 is embodiment of the present invention mobile banking client information Verification System workflow diagram.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills, not making under the creative work prerequisite the every other embodiment that obtains, belong to the scope of protection of the invention.

Embodiment 1

As shown in Figure 1, the mobile banking client information authentication method of the embodiment of the present invention comprises: Mobile banking's customer information binding step (step S100) and Mobile banking's log-on message verification step (step S200); Wherein, Mobile banking's customer information binding step (step S100) comprising: the binding relationship (step S101) of setting up SIM cards of mobile phones information and the registered client of Mobile banking information; Set up the binding relationship (step S102) of mobile phone hardware information and the registered client of Mobile banking information; Mobile banking log-on message verification step (step S200) comprising: the SIM card information and the hardware information (step S201) that obtain the login mobile phone; Judge the SIM card information of described login mobile phone and hardware information whether with corresponding binding relationship in SIM cards of mobile phones information and hardware information be complementary, if: log-on message is verified, if not: log-on message authentication failed (step S202).

Mobile banking's customer information binding step (step S100) also comprises: the binding relationship (step S103) of setting up mobile phone special exercise trace information and the registered client of Mobile banking information; Step S201 also comprises: the motion track information of obtaining the login mobile phone; Step S202 also comprises: the motion track information that judges described login mobile phone whether with corresponding binding relationship in mobile phone special exercise trace information be complementary, if: log-on message is verified, if not: log-on message authentication failed.

Mobile banking's customer information binding step (step S100) also comprises: the binding relationship (step S104) of setting up handset touch panel specific touch trace information and the registered client of Mobile banking information; Step S201 also comprises: the touch track information of obtaining the login handset touch panel; Step S202 also comprises: the touch track information of judgement login handset touch panel whether with corresponding binding relationship in handset touch panel specific touch trace information be complementary, if: log-on message is verified, if not: log-on message authentication failed.

SIM card information comprises: international mobile subscriber identity IMSI; Described hardware information comprises: International Mobile Equipment Identity code IMEI.

The present embodiment method is that the characteristics that mobile phone terminal equipment self has are combined with existing safe practices such as symmetric key encryption, asymmetric-key encryption, secure transport layers (TLS) agreements, forms a cover Mobile banking efficient public security system.

As shown in Figure 2, Mobile banking's client terminal device 101 and SIM card 102 have been installed on client's mobile phone 100.Client terminal device 101 can be software, can be also chip or storage card.The user is can be when opening Mobile banking self-service or at service network, download and install client terminal device 101, also can be with the interface of the correspondence of client chip access mobile phone 100 or the storage card slot that the client stores card directly inserts mobile phone 100.SIM card 102 is hardware unit, inserts in the SIM card slot of mobile phone 100.

By the API that manufacturer provides, application developers can read the hardware information of cell phone apparatus, includes but not limited to International Mobile Equipment Identity code (International Mobile Equipment Identity, IMEI).IMEI is that global cell phone apparatus manufacturer follows unified naming rule to each cell phone apparatus numbering, can guarantee in global range unique.With mobile phone hardware information and the user of Mobile banking binding, limited subscriber can only use the cell phone apparatus login Mobile banking of binding to operate, and can accomplish " only have and utilize the bank account that this mobile phone can operational correspondence ", thereby strengthen security control.

The user uses Mobile banking, request is sent from mobile phone client software, at first enter the wireless network of mobile operator, operator completes the conversion of wireless network to wired network by base station, and final request is passed through the WAP gateway of operator through Internet network insertion banking system.Mobile operator by SIM card to subscription authentication, computing network flow and expense.Operator can identify user identity, by the international mobile subscriber identity (International Mobile Subscriber Identification Number, IMSI) that is stored in SIM card, finds corresponding cell-phone number.When the request of obtaining of user's cell-phone number arrived operator's WAP gateway, WAP gateway can join user mobile phone number the request header field, and was transferred to operator's cell-phone number and obtains server.Operator's cell-phone number obtains server by resolving the cell-phone number in can being asked, and by standard interfaces such as Web Service, to bank, provides cell-phone number information.Like this, by with the mobile operator cooperation, bank end can cell-phone number corresponding to the current SIM card of automatic acquisition user.The cell-phone number automatic acquisition, one side can reduce cellphone subscriber's operating procedure, does not need manual input username information; On the other hand, the cell-phone number automatic acquisition can be accomplished " talent who only has this cell-phone number SIM card is the bank account of operational correspondence likely ", namely completes SIM card and the registered client's of Mobile banking binding, increases security control.

At present high-end smartphones is all supported touch screen operation, and the user uses finger to do in on-screen options, system can identify the user touch, thump, slide, long by, double-click, three the different actions such as hit.The part mobile phone is supported multi-point touch (employing capacitive touch screen), more can identify amplifications, dwindles, the more action of horn of plenty such as while multi-point touch.Above action is called " gesture " (Gesture) in the mobile phone application technology.The high-end embedded in mobile phone accelerometer of part hardware unit particularly, can the residing angle of perception mobile phone itself, the speed that moves of mobile phone, acceleration, motion track even.The gesture that this class mobile phone can be supported is more diversified, and the user can rock mobile phone up and down, forms different gestures.

Third party's application developers can be identified by hardware programming user's gesture, therefore can increase the gesture input function in Mobile banking's client, for the user, reserves personalization, self-defined gesture.Preserve after self-defined gesture digitlization,, with Mobile banking's log-on message binding, can be used for following (but being not limited to) scene of security fields:

The release of Mobile banking's client software: after Mobile banking's client is not received user's operation within a certain period of time, oneself's locking.During user's release, can input gesture motion, system identification user gesture, compare with reserving gesture, if coincide, and release success.

Be used for Mobile banking's login: login process requires the user to input gesture, is verified just can login successfully afterwards.

Composing factor as key: gesture can be used as one of generation factor of key, strengthens the fail safe of key itself.

Embodiment 2

As shown in Figure 3, the mobile banking client information Verification System of the embodiment of the present invention comprises: client's mobile phone 100, mobile operator WAP gateway 200, mobile operator cell-phone number obtain server 300, Mobile banking's server 400, customer information of bank system 500.Client's mobile phone 100 connects the operator base station by operator's wireless cellular network; The operator base station connects mobile operator WAP gateway 200 by the inner cable network of operator; Mobile operator WAP gateway 200 connects the mobile operator cell-phone number by the Internet and obtains server 300; Mobile operator WAP gateway 200, mobile operator cell-phone number obtain server 300 and connect Mobile banking's server 400 by Internet, and bank is deployed with fire compartment wall between Mobile banking's server 400 and Internet; Mobile banking's server 400 is connected connection by bank's internal network with the customer information of bank system.

As shown in Figure 4, be provided with client terminal device 101 in mobile phone 100, client terminal device 101 comprises: SIM card information acquisition unit 1011 is used for obtaining the SIM card information of described mobile phone; Hardware information acquiring unit 1012 is used for obtaining the hardware information of described mobile phone; DEU data encryption unit 1013 is used for SIM card information and the hardware information that obtains is encrypted; Secure communication unit 1014 is used for the SIM card information of the mobile phone after output is encrypted and the hardware information of mobile phone.

As shown in Figure 5, WAP gateway 200 comprises: instruction retransmission unit 201 is used for receiving cell-phone number and obtains instruction, and, according to the phone number of SIM card acquisition of information to correspondence, generates and forward the cell-phone number that comprises described phone number and obtain instruction; Hardware information retransmission unit 202 is used for receiving Hardware I MEI, and forwarding hardware information IMEI; Cell-phone number obtains server 300 and obtains instruction for receiving the cell-phone number that comprises described phone number, extracts phone number and output.

As shown in Figure 6, Mobile banking's server 400 comprises: binding relationship memory cell 401 is used for memory mobile phone SIM card information and the binding relationship of the registered client of Mobile banking information and the binding relationship of mobile phone hardware information and the registered client of Mobile banking information; Log-on message receiving element 402 is used for receiving SIM card information and the hardware information of described mobile phone; Log-on message authentication unit 403 is used for judging that whether the SIM card information of described mobile phone and hardware information be complementary with SIM cards of mobile phones information and the hardware information of corresponding binding relationship, if: export log-on message and be verified message, if not: export log-on message authentication failed message;

Binding relationship memory cell 401 also is used for the binding relationship of memory mobile phone special exercise trace information and the registered client of Mobile banking information; Log-on message receiving element 402 also is used for receiving the motion track information of described mobile phone; Whether the motion track information that log-on message authentication unit 403 also is used for judging described mobile phone is complementary with the mobile phone special exercise trace information of corresponding binding relationship, if: export log-on message and be verified message, if not: export log-on message authentication failed message.Client terminal device 101 also comprises: the movement locus acquiring unit, for the motion track information of obtaining described mobile phone; Secure communication unit 1014 also is used for exporting the motion track information of described mobile phone.

Binding relationship memory cell 401 also is used for the binding relationship of memory mobile phone touch-screen specific touch trace information and the registered client of Mobile banking information; Log-on message receiving element 402 also is used for receiving the touch-screen touch track information of described mobile phone; Log-on message authentication unit 403 also is used for judging that whether described touch-screen touch track information be complementary with the handset touch panel specific touch trace information of corresponding binding relationship, if: export log-on message and be verified message, if not: export log-on message authentication failed message; Client terminal device 101 also comprises: the touch track acquiring unit, for the touch-screen touch track information of obtaining described mobile phone; Secure communication unit 1014 also is used for exporting described touch-screen touch track information.

As shown in Figure 7, client's mobile phone refers to the mobile phone that the user of Mobile banking uses, and further in mobile phone, user's SIM card 102 and Mobile banking's client modules 101 has been installed.Mobile banking's client modules 101 refers to Mobile banking's client application of bank's exploitation, is arranged on user mobile phone, and the user is by this software application Mobile banking function of operation.Client's mobile phone comprises: radio frequency unit, baseband circuit, central processing unit, keyboard, touch-screen, FLASH, RAM, acceleration transducer and SIM card 102 and client modules 101.Utilize the movement locus (or claiming gesture information) of acceleration transducer collection mobile phone, the trace information that utilizes touch-screen collection client to touch on handset touch panel.

In Fig. 3, mobile operator WAP gateway 200 refers to the WAP gateway equipment that mobile operator has.WAP gateway connects mobile operator internal network and Internet the Internet, is responsible for user's request is sent to the Internet.Use the user under the general scene of Mobile banking's service, operator's WAP gateway 200 is sent to Mobile banking's server 400 with user's service request; Obtain in bank under the scene of subscriber phone number, be that client's mobile phone 100 initiation cell-phone numbers obtain while asking, at first operator's WAP gateway 200 identifies user identity, subscriber phone number is joined client requests message header field, then send the request to the mobile operator cell-phone number and obtain server 300.

The mobile operator cell-phone number obtains server 300 and refers to mobile operator for to third party developers such as banks, providing cell-phone number to obtain service, the server apparatus that is deployed in the Internet that provides.When client's mobile phone 100 initiation cell-phone numbers obtain request, parse cell-phone number from the request message that mobile operator WAP gateway 200 sends, cell-phone number, through digital signature, data encryption, is sent to Mobile banking's server 400.

Mobile banking's server 400 refers to that bank's end provides system or the server of mobile banking service service.Its deploy Mobile banking's server-side device of bank exploitation, accept the request from Mobile banking's client software, and finishing service is processed.

Customer information of bank system 500 refers to that bank preserves the system of the registered client of Mobile banking information.Including but not limited to the user's registration information of Mobile banking, and with the information such as the mobile phone IMEI information of its binding, cell-phone number.

The user, by native system, uses client's mobile phone 100 as terminal equipment, access network, and the access bank end system, use Mobile banking's function.the user uses the Mobile banking's client software that is arranged in client's mobile phone 100, Mobile banking's client software is initiated service request to Mobile banking's server 400, at first request enters the wireless cellular network of mobile operator, the base station equipment that is moved operator's construction receives, then ask the inner cable network through base station access mobile operator, final by operator's WAP gateway 200 access Internet, arrive Mobile banking's server 400 that banking system is deployed in Internet, Mobile banking's server 400 receives user's service request, finishing service is processed, return to result.Described service request is used the login of Mobile banking, the request such as inquire about, transfer accounts including but not limited to the client, but do not contain cell-phone number, does not obtain request.Further, when the user starts the Mobile banking's client software that is arranged in client's mobile phone 100, while using login feature, at first Mobile banking's client software obtains server 300 initiation cell-phone numbers to operator's cell-phone number and obtains request, when request arrives operator's WAP gateway 200, WAP gateway is added on user mobile phone number in the request header field, again request message is forwarded operator's cell-phone number and obtain server 300, operator's cell-phone number obtains server 300 and parses cell-phone number, and phone number is sent to Mobile banking's server 400; After bank obtains user's phone number, with user in customer information of bank system 500 register phone number compare right, in order to identifying user identity.After being proved to be successful, Mobile banking's server 400 returns to the link of login page, and link is sent to client's mobile phone 100 through operator's WAP gateway 200.

As shown in Figure 8, Mobile banking's client software 101 further comprises: cell-phone number obtains request module 111, hardware information acquisition module 112, transformation of data module 113, data encrypting and deciphering module 114, gesture processing module 115, safety communication module 116.Hardware information acquisition module 112 is connected connection with the transformation of data module; Transformation of data module 113, gesture processing module 115 are connected with data encrypting and deciphering module 114 respectively; Data encrypting and deciphering module 114, cell-phone number obtain request module 111 and are connected with safety communication module 116 respectively.

Cell-phone number obtains request module 111, is responsible for initiating cell-phone number to mobile operator and obtains request.Start Mobile banking's client software 101 the user, while using login feature, at first mutual with mobile operator by this module, obtain server 300 initiation cell-phone numbers to the mobile operator cell-phone number and obtain request, the request of obtaining provides user mobile phone number to bank according to cell-phone number in operator.

Hardware information acquisition module 112, be responsible for obtaining the hardware information of subscriber equipment from user mobile phone, includes but not limited to the IMEI information of mobile phone.

Transformation of data module 113, be responsible for the IMEI information of user mobile phone is carried out certain distortion, obscured processing, and purpose is the difficulty that increases the client software decompiling, the fail safe that increases the internet transmission data.

Data encrypting and deciphering module 114, the key message of submitting to while being responsible for client is logined is encrypted, and purpose is the fail safe that increases the internet transmission data.The data that need to encrypt include but not limited to: to the information after the IMEI information distortion of user mobile phone, user's gesture information, user login code and trading password.Described encryption can be symmetric cryptography, and as a kind of execution mode, its ciphering process can be: a built-in initial key A in client software, key is preserved a at server end simultaneously.Before encryption, server generates disposable random number B.A and B are combined formation one time key C.Client uses ciphering key to being out of shape rear data, uses symmetric key algorithm (as 3DES) to carry out symmetric key encryption.Decrypting process: similar with ciphering process, use same method to calculate ciphering key, use ciphering key and same algorithm deciphering.

Gesture processing module 115, be responsible for processing user's gesture motion.Gesture reserved function and gesture identification function are provided.The gesture reserved function refers to the self-defined gesture of user's typing, is converted to digitalized data and preserves.The gesture identification function can have two kinds of optional modes: (1) local identification, and reserve gesture information and be kept in gesture processing module 115, the identification user is in the gesture motion of each function input, and whether judgement coincide with reserved data; (2) server end identification, reserving gesture motion is kept in customer information of bank system 5, gesture processing module 115 identification users are in the gesture motion of each function input, after the gesture motion digitlization,, by encrypting, through safety communication module 116, information is sent to Mobile banking's server 400 and verifies.The gesture identification function can require the user start Mobile banking's client software, login authentication or the defeated scene that need to carry out authentication such as close of concluding the business in carry out gesture input and identification checking.

Safety communication module 116, be responsible for the network communication between Mobile banking's client software and Mobile banking's server.Owing to passing through the internet transmission data between client and server, communications protocol adopts safe transmission layer protocol (TLS), guarantees not exist plaintext transmission in the Internet.Described safety communication module is responsible for initiating security request from client.

As shown in Figure 9, Mobile banking's server end 400 further comprises: Mobile banking's binding module 411, data encrypting and deciphering module 412, key management module 413, authenticating user identification module 414, Mobile banking's client software administration module 415, safety communication module 416.Key management module 413, authenticating user identification module 414, safety communication module 416 connect respectively at data encrypting and deciphering module 412; Mobile banking's client software administration module 415 is connected with safety communication module 416.

Mobile banking's binding module 411, the information such as responsible reception user's mobile phone IMEI and cell-phone number, and be kept in the customer information of bank system, with Mobile banking's user's registration information binding.When the user opened Mobile banking in bank outlets, by using this module, obligate information, with the log-on message binding of user mobile phone bank.Obligate information is including but not limited to mobile phone IMEI, cell-phone number.User profile is kept in customer information of bank system 500.

Data encrypting and deciphering module 412, supporting with the data encrypting and deciphering module 114 of client, function is consistent.

Key management module 413, be responsible for the contents such as estranged, distribution, management of key.The related key of this method includes but not limited to: the initial key of symmetric cryptographic key, the one time key factor, the unsymmetrical key (public/private keys to) that uses when mutual with operator or digital certificate, be used for the digital certificate of client-side program binary signature.

Whether correct authenticating user identification module 414, be responsible for the user login information that send on checking client.The checking content includes but not limited to: whether user mobile phone number/login password mates, whether identifying code is inputted correctly, whether mobile phone IMEI mates with log-on message, whether user's gesture is correct.

Mobile banking's client software administration module 415, be responsible for safeguarding the information of all client releases, provides that client release is compatible to be controlled and the edition upgrading management function.

Safety communication module 416, coordinate with the safety communication module of client.The server certificate of issuing by disposing the third-party institution, shake hands with client, sets up the TLS secure transmission tunnel, and guaranteeing does not have plaintext transmission in the Internet.

As shown in figure 10, the concrete steps of the mobile banking client information Verification System of the present embodiment comprise:

Step 801: the user starts Mobile banking's client terminal device, uses login feature;

Step 802: cell-phone number obtains request module 111 and initiates cell-phone number to mobile operator and obtain request;

Step 803: when cell-phone number obtained request process mobile operator WAP gateway 200, WAP gateway 200 identification user identity,, with the user mobile phone number of correspondence, be added into the request header field; And the cell-phone number request of obtaining is forwarded to the mobile operator cell-phone number and obtains server 300;

Step 804: the mobile operator cell-phone number obtains server 300 receive request after, resolve cell-phone number from request header field;

Step 805: operator's cell-phone number obtains server 300 with cell-phone number process digital signature, data encryption, sends to Mobile banking's server 400;

Step 806: after Mobile banking's server 400 receives above-mentioned information, carry out sign test and deciphering, obtain cell-phone number, compare with the Mobile banking's log-on message in customer information of bank system 500, after being verified,, by operator's WAP gateway 200, return to the link of login page;

Step 807: Mobile banking's client terminal device shows link;

Step 808: the client, by clicking described link, shows the login page that is returned by Mobile banking's server;

Step 809: hardware information acquisition module 112 reads the IMEI information of user mobile phone;

Step 810: transformation of data module 113, the IMEI information of user mobile phone is done the displacement deformation process;

Step 811: data encrypting and deciphering module 114, use symmetric key algorithm (as 3DES) to as described in information after distortion, and login password, the identifying code of user's input, after encrypting in the lump,, by operator's WAP gateway 200, submit Mobile banking's server 400 to;

Step 812: the data encrypting and deciphering module 412 of Mobile banking's server 400, adopt symmetric key algorithm to be decrypted to the enciphered message that receives;

Step 813: authenticating user identification module 414, be responsible for whether authentication of users cell-phone number/login password mates, whether identifying code is inputted correctly, whether mobile phone IMEI information mates with log-on message.

Step 814: as verify errorlessly, check and pass through.

Step 815: can require further the user defeatedly close etc. need to carry out the scene of authentication, the input gesture motion starting Mobile banking's client software, login authentication or conclude the business.In the present embodiment, use as example in the scene of carrying out login authentication in Mobile banking's client.The user is according to prompting input gesture work (as rocking mobile phone), and gesture processing module 115 is identified user's gestures, and with user's gesture of reserving, compares;

Step 816: judge whether user's gesture coincide with the reservation gesture;

Step 817:, if judgement does not match, can require the user to re-enter, surpass regulation number of retries login failure;

Step 818:, if Mobile banking's client terminal device judgement verification is passed through, login successfully.

The present embodiment can be widely used in a plurality of scenes of Mobile banking's application, the present invention combines the mobile phone hardware feature, can increase Mobile banking's security control, be embodied in following aspect: 1) binding mobile phone hardware information:, with user mobile phone hardware information and Mobile banking's log-on message binding, can guarantee that the user only has the mobile phone of use oneself could operate bank account., even the user name password is stolen, steals the people and also can't operate the people's that is stolen bank account, economic loss.2) user bound SIM card:, by with user mobile phone number and Mobile banking's log-on message binding, can guarantee that the user only has the SIM card of use oneself could operate bank account., even the user name password is stolen, steals the people and also can't operate the people's that is stolen bank account, economic loss.3) with the user hold mobile phone the time certain gestures as the safety certification means, further strengthened the fail safe of Mobile banking's login.4) particular track that the user is touched out on handset touch panel, as the safety certification means, has further been strengthened the fail safe of Mobile banking's login.

Applied specific embodiment in the present invention principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously,, for one of ordinary skill in the art,, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims (1)

1. mobile banking client information authentication method, it is characterized in that, described method comprises: carry out following steps in obtained the system that server (300), Mobile banking's server (400) and customer information of bank system (500) form by client's mobile phone (100), mobile operator WAP gateway (200), mobile operator cell-phone number;
Step 1: the user starts client's mobile phone (100), uses login feature;
Step 2: client's mobile phone (100) is initiated cell-phone number to mobile operator and is obtained request;
Step 3: when cell-phone number obtained request process mobile operator WAP gateway (200), mobile operator WAP gateway (200) identification user identity,, with the user mobile phone number of correspondence, be added into the request header field; And the cell-phone number request of obtaining is forwarded to the mobile operator cell-phone number and obtains server (300);
Step 4: the mobile operator cell-phone number obtains server (300) receive that cell-phone number obtains request after, resolve cell-phone number from request header field;
Step 5: operator's cell-phone number obtains server (300) with cell-phone number process digital signature, data encryption, sends to Mobile banking's server (400);
Step 6: after Mobile banking's server (400) receives the cell-phone number of signature and encryption, carry out sign test and deciphering, obtain cell-phone number, with the Mobile banking's log-on message comparison in customer information of bank system (500), after being verified,, by operator's WAP gateway (200), return to the link of login page;
Step 7: client's mobile phone (100) shows link;
Step 8: click described link, client's mobile phone (100) shows the login page that is returned by Mobile banking's server;
Step 9: client's mobile phone (100) reads the IMEI information of user mobile phone;
Step 10: client's mobile phone (100) is done the displacement deformation process to the IMEI information of user mobile phone;
Step 11: the information after client's mobile phone (100) uses symmetric key algorithm to described distortion, and login password, the identifying code of user's input, after encrypting in the lump,, by operator's WAP gateway (200), submit Mobile banking's server (400) to;
Step 12: Mobile banking's server (400), adopt symmetric key algorithm to be decrypted to the enciphered message that receives;
Step 13: Mobile banking's server (400), be responsible for the authentication of users cell-phone number and whether login password mates, whether identifying code is inputted correctly, whether mobile phone IMEI information mates with log-on message;
Step 14: Mobile banking's server (400) is as errorless in verifying, checks and passes through;
Step 15: Mobile banking's server (400) requires the user further in startup Mobile banking client software, login authentication or the defeated close needs of concluding the business carry out the scene of authentication, the input gesture motion; Mobile banking's server (400) identification user gesture, and with user's gesture of reserving, compare; Mobile banking's server (400) judges whether user's gesture coincide with the reservation gesture; If judgement does not match, require the user to re-enter, surpass regulation number of retries login failure;
Step 16: client's mobile phone (100), if the judgement verification is passed through, logins successfully.
CN2011100924383A 2011-04-13 2011-04-13 Method and system for authenticating mobile banking client information, and mobile terminal CN102143482B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011100924383A CN102143482B (en) 2011-04-13 2011-04-13 Method and system for authenticating mobile banking client information, and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011100924383A CN102143482B (en) 2011-04-13 2011-04-13 Method and system for authenticating mobile banking client information, and mobile terminal

Publications (2)

Publication Number Publication Date
CN102143482A CN102143482A (en) 2011-08-03
CN102143482B true CN102143482B (en) 2013-11-13

Family

ID=44410648

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011100924383A CN102143482B (en) 2011-04-13 2011-04-13 Method and system for authenticating mobile banking client information, and mobile terminal

Country Status (1)

Country Link
CN (1) CN102143482B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106604264A (en) * 2017-01-04 2017-04-26 北京奇虎科技有限公司 Application installation method and system, server, and mobile terminal

Families Citing this family (47)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103107974B (en) * 2011-11-09 2018-01-09 腾讯科技(深圳)有限公司 A kind of user's registration and login method and mobile terminal
CN103164794A (en) * 2011-12-16 2013-06-19 中国电信股份有限公司 Transaction processing chip card, movable terminals and payment method
SG11201403481YA (en) * 2011-12-21 2014-07-30 Mashinery Pty Ltd Gesture-based device
CN103188668B (en) * 2011-12-27 2017-02-08 方正国际软件(北京)有限公司 Security protection method and security protection system for mobile terminal application
CN103188677A (en) * 2011-12-29 2013-07-03 中国移动通信集团北京有限公司 Client software authentication method and client software authentication device and client software authentication system
CN103428691A (en) * 2012-05-24 2013-12-04 希姆通信息技术(上海)有限公司 Mobile phone bank safety certificating method and system
CN102737308B (en) * 2012-06-08 2015-08-12 中兴通讯股份有限公司 The method and system of a kind of mobile terminal and inquiry smart card information thereof
CN103576847B (en) * 2012-08-09 2016-03-30 腾讯科技(深圳)有限公司 Obtain the method and apparatus of account information
CN103685195A (en) * 2012-09-21 2014-03-26 华为技术有限公司 User verification processing method, user device and server
US9495524B2 (en) 2012-10-01 2016-11-15 Nxp B.V. Secure user authentication using a master secure element
US10147090B2 (en) 2012-10-01 2018-12-04 Nxp B.V. Validating a transaction with a secure input without requiring pin code entry
CN103973644B (en) * 2013-01-30 2015-07-08 腾讯科技(深圳)有限公司 Authentication method, device and system
CN104112086A (en) * 2013-04-16 2014-10-22 英业达科技有限公司 System and method for providing corresponding contact data for electronic device
CN103198405A (en) * 2013-04-24 2013-07-10 徐明亮 Intelligent payment method and system based on camera scanning verification
CN103268436A (en) * 2013-04-24 2013-08-28 徐明亮 Method and system for touch-screen based graphical password authentication in mobile payment
TWI527393B (en) * 2013-04-26 2016-03-21 義隆電子股份有限公司 Authentication device of short-range wireless communication and method thereof
CN103297437B (en) * 2013-06-20 2016-03-16 中国软件与技术服务股份有限公司 A kind of method of mobile intelligent terminal secure access service device
CN103297940A (en) * 2013-07-01 2013-09-11 苏州通付盾信息技术有限公司 Short message encryption communication system and method
CN103428699A (en) * 2013-07-16 2013-12-04 李锦风 Registration binding and identity authentication method based on mobile phone hardware feature information
CN104378203B (en) * 2013-08-15 2018-04-27 腾讯科技(深圳)有限公司 Information authentication method, apparatus and terminal
CN104424317B (en) * 2013-09-06 2018-09-07 中国移动通信集团四川有限公司 A kind of method and system that application is provided to user terminal
CN103491094B (en) * 2013-09-26 2016-10-05 成都三零瑞通移动通信有限公司 A kind of rapid identity authentication method based on C/S model
CN103646328A (en) * 2013-12-06 2014-03-19 上海众人网络安全技术有限公司 Camera-based security payment method
CN103747435B (en) * 2013-12-13 2017-10-17 宇龙计算机通信科技(深圳)有限公司 Update the method and mobile terminal of mobile terminal herd number
CN104754556A (en) * 2013-12-25 2015-07-01 阿里巴巴集团控股有限公司 Method and device for maintaining effectiveness of mobile terminal, method and device for uploading information of mobile terminal as well as system for maintaining effectiveness of mobile terminal
CN103781064A (en) * 2014-01-02 2014-05-07 张鹏 Short message verification system and verification method
CN104066085A (en) * 2014-01-16 2014-09-24 苏州天鸣信息科技有限公司 Safety protection method applied for mobile terminal and system thereof
CN104796385B (en) * 2014-01-20 2019-04-16 腾讯科技(深圳)有限公司 Terminal binding method, apparatus and system
CN103777212A (en) * 2014-01-28 2014-05-07 深圳市华讯方舟科技有限公司 Method for achieving intelligent omnidirectional expert management system
CN104918241B (en) * 2014-03-12 2018-11-23 中国移动通信集团湖北有限公司 A kind of user authen method and system
CN104880976A (en) * 2014-06-30 2015-09-02 广东美的环境电器制造有限公司 Control system and method for household electrical appliance
CN104216799A (en) * 2014-08-18 2014-12-17 山东超越数控电子有限公司 Sensitive information backup and recovery method of cipher machine
CN104268016A (en) * 2014-09-10 2015-01-07 来安县新元机电设备设计有限公司 System starting method, mobile terminal and server
CN105591743A (en) * 2014-10-23 2016-05-18 腾讯科技(深圳)有限公司 Method and device for carrying out identity authentication through equipment operation features of user terminal
CN104506485B (en) * 2014-11-13 2018-07-31 青岛微智慧信息有限公司 Mobile interchange is paid taxes terminal identity Verification System
CN104660613B (en) * 2015-03-16 2019-03-29 联想(北京)有限公司 The authentication method and electronic equipment of subscriber identification module
CN105119880B (en) * 2015-07-08 2019-04-26 Oppo广东移动通信有限公司 A kind of account login method, system, user terminal and server
CN105488890A (en) * 2015-12-05 2016-04-13 黄大成 Connection system for automatic identification and check of personal information
CN105354910A (en) * 2015-12-05 2016-02-24 黄大成 Client-controlled type banking business introduction system
EP3412017B1 (en) * 2016-02-03 2020-08-26 Averon US, Inc. Method and apparatus for facilitating frictionless two-factor authentication
CN106230824A (en) * 2016-07-29 2016-12-14 浙商银行股份有限公司 A kind of mobile device authentic authentication system and method
CN106302544A (en) * 2016-10-18 2017-01-04 深圳市金立通信设备有限公司 A kind of safe verification method and system
CN106454800B (en) * 2016-11-21 2018-07-27 北京小米移动软件有限公司 Auth method, apparatus and system
CA3029871A1 (en) * 2017-02-01 2018-08-09 Tai Chiu CHAN Authentication server, authentication system and method
CN107612915A (en) * 2017-09-21 2018-01-19 杭州安恒信息技术有限公司 The method and apparatus of the anti-password cracking of double secure forms based on checking code conversion
CN108183924A (en) * 2018-03-01 2018-06-19 深圳市买买提信息科技有限公司 A kind of login validation method and terminal device
CN110175828A (en) * 2019-04-10 2019-08-27 阿里巴巴集团控股有限公司 User's verification method and device based on the signing of bank card quick payment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020153424A1 (en) * 2001-04-19 2002-10-24 Chuan Li Method and apparatus of secure credit card transaction
WO2005083600A1 (en) * 2004-02-26 2005-09-09 Hualong Huang A mobile bank system
CN101022584A (en) * 2007-03-13 2007-08-22 董崇军 Method for transmitting cellphone number
CN101482904A (en) * 2008-11-28 2009-07-15 上海凌锐信息技术有限公司 Hand-hold terminal with handwriting recognition identity affirmation function and its implementing method
CN101742499A (en) * 2009-12-31 2010-06-16 优视科技有限公司 Account number protection system for mobile communication equipment terminal and application method thereof

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020153424A1 (en) * 2001-04-19 2002-10-24 Chuan Li Method and apparatus of secure credit card transaction
WO2005083600A1 (en) * 2004-02-26 2005-09-09 Hualong Huang A mobile bank system
CN101022584A (en) * 2007-03-13 2007-08-22 董崇军 Method for transmitting cellphone number
CN101482904A (en) * 2008-11-28 2009-07-15 上海凌锐信息技术有限公司 Hand-hold terminal with handwriting recognition identity affirmation function and its implementing method
CN101742499A (en) * 2009-12-31 2010-06-16 优视科技有限公司 Account number protection system for mobile communication equipment terminal and application method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106604264A (en) * 2017-01-04 2017-04-26 北京奇虎科技有限公司 Application installation method and system, server, and mobile terminal

Also Published As

Publication number Publication date
CN102143482A (en) 2011-08-03

Similar Documents

Publication Publication Date Title
US10735958B2 (en) System and methods for UICC-based secure communication
CN104378145B (en) The matching method and system of bluetooth equipment
US9412283B2 (en) System, design and process for easy to use credentials management for online accounts using out-of-band authentication
US9503894B2 (en) Symbiotic biometric security
EP2854433B1 (en) Method, system and related device for realizing virtual sim card
US8893237B2 (en) Secure and efficient login and transaction authentication using iphones# and other smart mobile communication devices
AU2013272182B2 (en) Enterprise triggered 2CHK association
US10778670B2 (en) Apparatus and method for secure authentication of a communication device
US9444809B2 (en) Secure and efficient authentication using plug-in hardware compatible with desktops, laptops and/or smart mobile communication devices such as iPhones™
US9832183B2 (en) Key management using quasi out of band authentication architecture
CN105024819B (en) A kind of multiple-factor authentication method and system based on mobile terminal
US8650622B2 (en) Methods and arrangements for authorizing and authentication interworking
AU2009323748B2 (en) Secure transaction authentication
US8745699B2 (en) Flexible quasi out of band authentication architecture
EP2314090B1 (en) Portable device association
CN103888265B (en) A kind of application login system and method based on mobile terminal
JP4758517B2 (en) Bootstrapping NFC applications using GBA
US7793102B2 (en) Method for authentication between a portable telecommunication object and a public access terminal
US8752125B2 (en) Authentication method
JP5496652B2 (en) Method for ensuring secure access to a proximity communication module of a mobile terminal
US8606234B2 (en) Methods and apparatus for provisioning devices with secrets
CN102017572B (en) The method logged on for providing single service, equipment and computer program
ES2308996T3 (en) METHOD AND APPLIANCE TO EXECUTE A SECURE TRANSFER OF DATA IN A WIRELESS NETWORK.
US20140058951A1 (en) Mobile electronic device and use thereof for electronic transactions
US8769289B1 (en) Authentication of a user accessing a protected resource using multi-channel protocol

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant