CN102147662A - Input terminal with keyboard and encryption module - Google Patents
Input terminal with keyboard and encryption module Download PDFInfo
- Publication number
- CN102147662A CN102147662A CN2011100610916A CN201110061091A CN102147662A CN 102147662 A CN102147662 A CN 102147662A CN 2011100610916 A CN2011100610916 A CN 2011100610916A CN 201110061091 A CN201110061091 A CN 201110061091A CN 102147662 A CN102147662 A CN 102147662A
- Authority
- CN
- China
- Prior art keywords
- entry terminal
- key
- card
- user
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides an input terminal with a keyboard and an encryption module. The invention is characterized in that the input terminal is connected with a host of a computer and is used for network payment transaction; the input terminal is provided with the keyboard and is at least used for inputting passwords of a main bank account or passwords of an IC (integrated circuit) card account; the input terminal is provided with the encryption module and is at least used for encrypting the main account of a bank card or the account of an IC card and a user password; the input terminal is provided with a card reading module; and the card reading module is at least used for reading account information of a magnetic strip card or information of a contact-type IC card or information of a non-contact type IC card. The input terminal is coordinated with a related system platform and transmits encrypted information of a user account and the user password, so as to prevent the user account and the user password from being illegally stolen when the user executes online financial transactions on the host of the computer.
Description
Technical field
The present invention relates to the entry terminal with keyboard and encrypting module, entry terminal is connected in host computer, is applied to the financial payment field.
Background technology
http://www.bestchao.com/archives/133.html
March 16, river people's anti-virus center monitors arrives, stealing " Net silver robber " virus of the user of Internet bank substantial contribution in the past changes to a new form and stages a comeback, " Net silver burglar " virus of up-to-date intercepting and capturing has far won malicious king " Net silver robber " in the past technically, not only can steal the user's of the Internet bank account number cipher, even can break through the defence line of the U of bank shield, carry out the network account transfer.
Expert introduction, " Net silver burglar " up-to-date variant virus is spy's program of stealing user network Bank Account Number and password specially, all window titles that this virus can be opened the backstage of infected computing machine spy out user, in case find the window of specified title, just can be by coupling to each element of the page, provide the emulation page that is complementary with the Internet bank that opens to the user, utilize technology such as mouse hook, message intercept that number of the account and encrypted message that the user is input to the false Internet bank page are intercepted and captured then.
What allow anti-virus expert worry is that " Net silver burglar " singly do not steal the Net silver account number cipher, can also break through the security protection of the U of bank shield, carries out network account transfer operation.The anti-virus expert introduction, the virus of generally stealing the Internet bank, online game account number cipher will send to the hacker in the backstage secret with it after intercepting user's account number cipher information, thereby reaches the purpose of stealing Internet bank's number of the account and password.But along with the raising of the security protection of bank mechanism with the sense of security of users, many Internet banks all need to connect the gateway of appointment or the digital certificate that reads on the subscriber computer could use, so only obtain account and password also can't transfer fund.The up-to-date variant virus of " Net silver burglar " fully takes into account this point just, the technology of will stealing is upgraded once again, after being truncated to user's account number cipher, virus connects hacker's specified server website " http://c.9908*.com/b2cs/ " on infected computing machine, automatically webpage is jumped to the operated Internet bank's account transfer page of user, this moment, the hacker was again according to the account number cipher trial of intercepting and capturing 500 to 1000 yuan of amount of money that do not wait of account transfer to hacker's appointment.Because virus is the bank transfer single-page of opening in this machine of user computer, and user's digital certificate also often all is kept in the computer, virus just can break through the protection of digital certificate very easily like this, in case the operation successful implementation, the user's of the serious threat Internet bank fund security.
The anti-virus expert reminds the user, and the user carries out Internet bank when operation, must guarantee that the antivirus software virus base date has been upgraded to latest edition, guarantees that initiatively defence and monitoring in real time are in opening.In addition, the Net silver user should directly import its domain name when the logging in network website of bank, and the link that provides by other websites does not enter (as search engine etc.), and these links may import the user false website of bank.
Present card reader has only simple card-reading function usually, and the function of data not being carried out the encrypting and decrypting computing is not supported manual input account can be applied to simple Card Reader environment and banking system inside yet; In the time of need carrying out the encrypting and decrypting computing to data, use the financial POS terminal to come to use the cost height as entry terminal.Card reader and financial POS all are not suitable for the utility appliance to online transaction as numerous card users.
Two kinds of situations are arranged when using e-Bank payment at present:
First kind, directly in webpage, import bank card account number and user cipher.Malicious hackers may be obtained user's account and encrypted message by trojan horse, fishing website etc., and is dangerous.
Second kind, the U shield of use issued by banks, U shield binding bank card account, input user's payment cipher during payment.Malicious hackers can be passed through trojan horse program, monitors the information that issues from bank payment system, includes user's account in the information; The button input of monitoring users obtains user cipher.Though user account information of revealing and password are not easy to replace the U shield to realize U shield payment function, bank card be can directly duplicate and malice consumption and enchashment carried out, perhaps use first kind of mode to realize the malice payment, neither safe enough.
The present invention reads accounts information and input password on entry terminal, accounts information and user cipher spread out of after encrypting by security module.Even malicious hackers has been stolen interactive information, can not crack accounts information and user password information after the encryption easily, quite safe when the user does payment transaction on common network.
Summary of the invention
The object of the present invention is to provide the entry terminal of band keyboard and encrypting module, the safety problem that user account information and encrypted message may be revealed when concluding the business to solve network payment.
In order to realize purpose of the present invention, the invention provides the entry terminal of band keyboard and encrypting module.It is characterized in that: described entry terminal is connected in host computer by USB interface or RS232 interface or Ethernet interface, and entry terminal and host computer, system platform cooperating are applied to the network payment transaction; Described entry terminal is provided with keyboard, is used to input the password of bank's main account password or IC-card account at least; Described entry terminal is provided with encrypting module, is used at least bank card main account or IC-card account and user cipher are encrypted.
Entry terminal could use after need downloading key; When downloading key, entry terminal is connected in encryption equipment by the key download host and downloads key; When security module was the SAM card, the SAM cartoon was crossed card sender and is connected in encryption equipment download key to the SAM card, and security control is by the encryption equipment guarantee; When the user used, entry terminal was connected in the user computer main frame.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described entry terminal is provided with card reading module, and described card reading module is used to read magnetic stripe card account and/or Contact Type Ic Card information and/or non-contact IC card information at least; Described IC-card comprises storage card, logic encryption card and smart card.Entry terminal is provided with card reading module, simplifies the input process of user account, guarantees the accuracy of user account.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described keyboard is used to import bank's main account or IC-card account, can not conclude the business when not disposing card reading module or card reading module fault on entry terminal.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described entry terminal is provided with LED light, and described LED light is used to point out user's entry terminal to prepare to receive input at least and input is accepted.LED light is used to point out the user to input that user card punching is finished, pointed out in the input of password, password, swiping the card is accepted etc.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described encrypting module is provided with fingerprint module, and described fingerprint module is used to gather user's fingerprint image data at least; Processor goes out fingerprint characteristic data from the user fingerprint image extracting data of fingerprint module collection; The fingerprint characteristic data that extracts is encrypted output by encrypting module.Use fingerprint module, further improved security, accuracy, the convenience of system.On the fingerprint characteristic enciphered data sent compare with the fingerprint characteristic data that the user is kept at platform by system platform deciphering back, system platform this user identity of having thought empirical tests is carried out follow-up required business when comparing successfully.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described fingerprint module is provided with the fingerprint processing unit, and described fingerprint processing unit is used for fingerprint characteristic data from the user fingerprint image extracting data of gathering at least.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described entry terminal is provided with tears machine self-destruction unit open, described when tearing machine self-destruction unit open and being used for entry terminal at least and being opened entry terminal destroy the key that is write down.Tear the security of machine self-destruction unit assurance key open; Key can only use, can not read.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described encrypting module be SAM card or ESAM chip or special encryption chip or with the encryption key and the algorithm of relational processor.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described entry terminal and system platform, host computer cooperating are realized trading function.Host computer is connected in system platform by the InterNet network.Host computer is used to set up the communication of entry terminal and system platform, transaction results information and the prompting that reception issues from system platform at least.System platform achieve a butt joint at least the checking of receiving enciphered message and transaction request processing and issue transaction results and arrive host computer.
The user carries out on host computer and pays the fees, supplement with money, when purchases etc. are professional, can show the beneficiary code in the request payment webpage that under beneficiary, pushes away, the transaction identification sign indicating number, need information such as payment, the user carries out this information copy behind the corresponding hurdle of the payment interface of the related host computer of the present invention the operation of payment flow, payment finishes and the transaction voucher in the transaction voucher hurdle of payment interface on the related host computer of the present invention number to be inserted the transaction voucher hurdle of beneficiary request payment webpage, click " paying successfully " button in the beneficiary request payment webpage, beneficiary passes through the beneficiary code to system platform of the present invention, the transaction identification sign indicating number, transaction voucher number waits the whether success of this payment transaction of inquiry, and the corresponding business flow process is carried out by beneficiary in the success back.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described encrypting module comprises key and algorithm at least; Described key comprises authenticate key, working key and transmission security key at least; Described authenticate key comprises at least downloads external authentication key, download internal authentication key, work external authentication key and work internal authentication key; Described working key comprises encryption key and message authentication code key at least; Described algorithm comprises symmetric key algorithm and/or asymmetric key algorithm at least.The cipher key associated of the key of entry terminal and system platform encryption equipment.
Downloading authenticate key comprises download external authentication key and downloads the internal authentication key; The download authenticate key is used for the mutual authentication to entry terminal and encryption equipment before the entry terminal download key at least; Download the authenticate key authentication and just allow to download key by the back entry terminal; Download the legitimacy that the external authentication key is used for entry terminal checking encryption equipment, entry terminal produces random number during use, encryption equipment is sent into entry terminal after this random number is used download external authentication secret key encryption, and whether correctly effectively entry terminal uses downloads this enciphered data of external authentication key authentication; Download the legitimacy that the internal authentication key is used for encryption equipment checking entry terminal, encryption equipment produces random number during use, by entry terminal this random number is used to be sent to encryption equipment after downloading internal authentication secret key encryption, encryption equipment uses whether download this enciphered data of internal authentication key authentication effectively correct.
The work authenticate key comprises work external authentication key and work internal authentication key; The work authenticate key is used for the power on mutual authentication of start back entry terminal and system platform of entry terminal; Work authenticate key authentication just allows to accept the input of bank card main account, IC-card account, user cipher, user fingerprints characteristic by the back entry terminal and these input data is carried out to encrypt and/or operations such as increase message authentication code; Work external authentication key is used for the legitimacy of entry terminal verification system platform, entry terminal produces random number during use, system platform is sent into entry terminal after to this random number use work external authentication secret key encryption, and whether this enciphered data of entry terminal use work external authentication key authentication is effectively correct; Work internal authentication key is used for the legitimacy of system platform checking entry terminal, system platform produces random number during use, be sent to system platform by entry terminal after to this random number use work internal authentication secret key encryption, whether this enciphered data of system platform use work internal authentication key authentication is effectively correct.
For preventing attack, entry terminal is done just done the internal authentication operation after external authentication is operated earlier the entry terminal authenticate key; Entry terminal is to the errors number of outside authenticate key counting, and errors number arrives entry terminal when limiting number of times and destroys the key that write down, no longer accepts authentication processing.
Working key comprises encryption key and message authentication code key; Encryption key is used for user's bank card main account, IC-card account, user cipher, user fingerprints characteristic are encrypted, and the message authentication code key is used for the communication data packets that sends to system platform is increased the message authentication code that message authentication code and verification system platform issue communication data packets.
When transmission security key was used for download, renewal working key, encryption equipment used this transmission security key that the working key of required renewal is encrypted the back and transmits, and entry terminal uses the key use transmission security key deciphering back of reception, avoids occurring on the line the key plain data.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, the communication data packets of described entry terminal and system platform comprises message authentication code; The take over party has only and has verified and just carry out corresponding the processing behind this message authentication code.The packet that host computer is initiated transaction request to system platform is sent into entry terminal, sends to system platform after by entry terminal this packet being increased message authentication code.When system platform issued packet, host computer was sent this packet into entry terminal checking message authentication code, and message authentication code is proved to be successful the back entry terminal and host computer is just carried out corresponding operation.
According to a kind of preferred implementation of the entry terminal of above-mentioned band keyboard and encrypting module, described operation of bank card main account or IC-card account or user cipher or user fingerprints characteristic being encrypted by encrypting module only just allows to carry out behind entry terminal and the mutual certification work authenticate key of system platform; Described operation of bank card main account or IC-card account or user cipher or user fingerprints characteristic being encrypted by encrypting module is only carried out and is only carried out once after entry terminal obtains the random number that system platform issues and obtains bank card main account or IC-card account or user cipher or user fingerprints characteristic.Each calculating all has the dynamic random number to participate in, and has guaranteed that the key of system is not easy to be broken.Must use the mode of encryption to user's bank card main account or IC-card account or user cipher.
Obtain the random number of system platform and user the input data order in no particular order, satisfy getting final product simultaneously.When business is carried out when needing user input data, host computer issues accepts bank card main account or IC-card account, or the order of user cipher or the input of user fingerprints data is to entry terminal, entry terminal is to system platform request random number, and waits for that input and the waiting system platform of accepting user data issue random number.When the user imported data earlier, entry terminal waiting system platform passed random number down; When system platform passed random number down earlier, entry terminal was waited for the input of user data; When two conditions all satisfied, entry terminal was encrypted bank card main account or IC-card account or user cipher or user fingerprints data, and the data behind the encrypting are sent to host computer.Host computer is in encryption Account Data and the Crypted password data of having obtained user's input or after encrypting finger print data, account, the user fingerprints characteristic after the encryption or the user cipher data after the encryption etc. that host computer will comprise after beneficiary code, transaction identification code, payment, the encryption are formed the Payment Request packet, and this Payment Request packet is issued to entry terminal increase message authentication code; Entry terminal sends to system platform with this Payment Request packet after this packet is increased message authentication code, the request payment; Re-use account and user cipher or fingerprint characteristic data that related random number and encryption key decrypt the user behind the message authentication code of system platform checking request data package, finish follow-up business.
The dynamic random number that each cryptographic calculation all has system platform to issue participates in, and has guaranteed that the key of system is not easy to be broken, and system platform can decrypt desired data again from the enciphered data that entry terminal send.
The beneficial effect that the present invention adopts above-mentioned technical solution to reach is:
Use the entry terminal of this band keyboard and encrypting module, accounts information and user cipher are all imported on entry terminal, encrypt back output, enciphered message is stolen immediately in the InterNet Network Transmission and also is not easy to decrypt True Data, and user account and password are illegally stolen when preventing that the user from carrying out online financial transaction on host computer.As seen the present invention has the advantage that improves network transaction safety.
Description of drawings
Fig. 1 is a structural representation of the present invention; Entry terminal 1 comprise processor 2, encrypting module 3, keyboard 4, with the connecting line 13 of host computer;
Syndeton synoptic diagram when Fig. 2 downloads key for the present invention; Comprise encryption equipment 15, key download host 16, entry terminal 1; Wherein entry terminal 1 comprise processor 2, encrypting module 3, keyboard 4, with the connecting line 13 of encryption equipment;
Structural representation when Fig. 3 is provided with card reading module and entry terminal use for the present invention; The InterNet network 12 that comprises entry terminal 1, system platform 10, host computer 11, beneficiary 18, system platform 10 and host computer 11 communications; Wherein entry terminal 1 comprise processor 2, encrypting module 3, keyboard 4, card reading module 5, entry terminal 6, LED light 7, with the connecting line 13 of host computer;
When Fig. 4 uses by the present invention the payment interface synoptic diagram of company's host computer; Payment interface 20 comprises<the beneficiary code〉hurdle 21,<the transaction identification sign indicating number〉hurdle 22,<payment〉hurdle 23, " reading number of the account " button 24, " reading password " button 25, " payment " button 26,<transaction voucher number〉hurdle 27.
When Fig. 5 uses by the present invention the beneficiary of company's host computer need the payment interface synoptic diagram; Beneficiary needs payment interface 30 to comprise<the beneficiary code〉hurdle 31,<the transaction identification sign indicating number〉hurdle 32,<payment〉hurdle 33,<transaction voucher number〉hurdle 34, " paying successfully " button 35.
Embodiment
Below in conjunction with the drawings and specific embodiments the present invention is described in further details.
For simplifying process description, entry terminal is that entry terminal sends to system platform by the process simplification that host computer forwards information to system platform in the enforcement use-case; Photos and sending messages is that system platform sends to entry terminal by the process simplification that host computer is forwarded to entry terminal to host computer again under the system platform.
According to first embodiment of the invention, with reference to Fig. 2, encryption equipment is downloaded key to entry terminal.
1: key download host 16 initiates to download the external authentication request to entry terminal 1, and the encrypting module 3 of entry terminal 1 produces random number A; Entry terminal 1 initiates to download the external authentication request to encryption equipment 15, comprises the random number A that entry terminal 1 produces in the solicited message.
2: encryption equipment 15 uses download external authentication key that random number A is encrypted; And send entry terminal 1 to do the download external authentication data encrypted A.
3: whether entry terminal 1 is effectively correct by the enciphered data A that encrypting module 3 checkings receive, and replys encryption equipment 15; The download external authentication is finished.
4: encryption equipment 15 issues to entry terminal 1 and downloads the internal authentication request, comprises the random number B that encryption equipment 15 produces in the solicited message.
5: entry terminal 1 uses download internal authentication key that random number B is encrypted by encrypting module 3, and data encrypted B is replied encryption equipment 15.
6: whether the data B that encryption equipment 15 uses download internal authentication key authentication entry terminal 1 to upload is effectively correct; The download internal authentication is finished.
7: encryption equipment 15 sends the request of downloading a group key to entry terminal 1, and the key data of download uses transmission security key to encrypt.
8: entry terminal 1 is handled the key download request that receives by encrypting module 3, and encrypting module 3 uses after using transmission security key to decrypt needed key; Entry terminal 1 is replied key to encryption equipment and is downloaded the result.
9: in above 7,8 steps of circulation, finish up to required key download.
According to second embodiment of the invention, with reference to Fig. 3, the mutual certification work authenticate key of system platform and entry terminal.
1: entry terminal 1 is initiated work external authentication request to system platform 10, comprises the random number A that entry terminal 1 produces in the solicited message.
2: system platform 10 uses work external authentication key that random number A is encrypted; And send entry terminal 1 external authentication of working with data encrypted A.
3: whether entry terminal 1 is effectively correct by the enciphered data A that encrypting module 3 checkings receive, and answering system platform 10; The work external authentication is finished.
4: system platform 10 issues the request of work internal authentication to entry terminal 1, comprises the random number B that system platform 10 produces in the solicited message.
5: entry terminal 1 uses work internal authentication key that random number B is encrypted by encrypting module 3, and with data encrypted B answering system platform 10.
6: whether the data B that system platform 10 uses work internal authentication key authentication entry terminal 1 to upload is legal; And reply entry terminal 1; The work internal authentication is finished.
According to third embodiment of the invention, with reference to accompanying drawing 3,4,5, the present invention realizes the network payment business.
1: select required business or the like operation in the webpage of user's beneficiary 18 on host computer 11, up to showing that beneficiary needs payment interface, as Fig. 5.
2: the user payment interface 20<the beneficiary code hurdle 21,<the transaction identification sign indicating number hurdle 22,<payment insert respectively in the hurdle 23 with beneficiary need in the payment interface 30<the beneficiary code hurdle 31,<the transaction identification sign indicating number hurdle 32,<payment data that hurdle 33 is corresponding.
3: the user clicks " reading the account " button 24, and the order that host computer 11 will read account number is issued to entry terminal 1.
4: entry terminal 1 judges whether to do the authentication of work authenticate key, if the authentication of the authenticate key of not working then by finish the work the earlier authentication of authenticate key of the step of second embodiment.
5: entry terminal 1 is opened LED light, and the prompting user imports the account; Entry terminal 1 is to system platform 10 request account encrypted random number C.
6: system platform 10 is replied encrypted random number C to entry terminal 1.
7: entry terminal 1 reads the account number of the manual input of user or reads account number on the card by card reading module 5 by keyboard 4.
8: entry terminal uses encryption key and random number C that the account number of user's input is encrypted; Enciphered data is uploaded to host computer 11.
9: the user clicks " reading password " button 25, and the order that host computer 11 will read user cipher is issued to entry terminal 1.
10: entry terminal 1 is opened LED light, and the prompting user inputs password; Entry terminal 1 is to system platform request user cipher encrypted random number D.
11: system platform 10 reply code encrypted random number D are to entry terminal 1.
12: entry terminal 1 reads user cipher or reads the user fingerprints data by fingerprint module 6 by keyboard 4.
13: entry terminal uses encryption key and random number D that the password or the fingerprint characteristic data of user's input are encrypted; Enciphered data is uploaded to host computer 11.
14: the user clicks " payment " button 26, and host computer 11 is Payment Request data A with the enciphered data of beneficiary code, transaction identification sign indicating number, payment, user account number, the information package such as enciphered data of user cipher; And will pass to entry terminal 1 under these Payment Request data A.
15: entry terminal 1 uses the message authentication code key that Payment Request data A is increased message authentication code; The Payment Request packet B of band authentication of message sign indicating number is sent to system platform 10;
16: whether system platform 10 uses the message authentication code key authentication Payment Request packet B message authentication code of this entry terminal correspondence effectively correct; System platform 10 uses random number C to decrypt user account number with the corresponding encryption key of this entry terminal, and system platform 10 uses random number D to decrypt user cipher or user fingerprints characteristic with the corresponding encryption key of this entry terminal; Whether the password or the fingerprint characteristic data of system platform 10 checking this account correspondences be effectively correct; System platform is withholdd from this user account, and produces transaction voucher number, generates the transaction record that comprises beneficiary code, transaction identification sign indicating number, payment, transaction voucher number, user's card number etc.; System platform 10 will be paid successful result and be issued to host computer 11, comprise transaction voucher number in the object information.
17: host computer 11 payment interface 20<transaction voucher number show this voucher number in the hurdle 27.
18: the user copy payment interface 20<transaction voucher number in the hurdle 27 voucher number to beneficiary need payment interface 30<transaction voucher number hurdle 34, click " paying successfully " button 35.
19: whether beneficiary 18 this transaction of inquiry on the system platform 10 pays success, carries out corresponding subsequent and concludes the business.
As known by the technical knowledge, the present invention can realize by other the embodiment that does not break away from its spirit or essential feature.Therefore, above-mentioned disclosed embodiment with regard to each side, all just illustrates, and is not only.All within the scope of the present invention or the change in being equal to scope of the present invention all be included in the invention.
Claims (10)
1. be with the entry terminal of keyboard and encrypting module, it is characterized in that:
Described entry terminal is connected in host computer by USB interface or RS232 interface or Ethernet interface, and entry terminal and host computer, system platform cooperating are applied to the network payment transaction;
Described entry terminal is provided with keyboard, is used to input the password of bank's main account password or IC-card account at least;
Described entry terminal is provided with encrypting module, is used at least bank card main account or IC-card account and user cipher are encrypted.
2. according to the entry terminal of described band keyboard of claim 1 and encrypting module, it is characterized in that: described entry terminal is provided with card reading module, and described card reading module is used to read magnetic stripe card account and/or Contact Type Ic Card information and/or non-contact IC card information at least; Described IC-card comprises storage card, logic encryption card and smart card.
3. according to the entry terminal of described band keyboard of claim 1 and encrypting module, it is characterized in that: described entry terminal is provided with LED light, and described LED light is used to point out user's entry terminal to prepare to receive input at least and input is accepted.
4. according to the entry terminal of described band keyboard of claim 1 and encrypting module, it is characterized in that: described encrypting module is provided with fingerprint module, and described fingerprint module is used to gather user's fingerprint image data at least.
5. according to the described fingerprint module of claim 4, it is characterized in that: described fingerprint module is provided with the fingerprint processing unit, and described fingerprint processing unit is used for fingerprint characteristic data from the user fingerprint image extracting data of gathering at least.
6. according to the entry terminal of described band keyboard of claim 1 and encrypting module, it is characterized in that: described entry terminal is provided with tears machine self-destruction unit open, described when tearing machine self-destruction unit open and being used for entry terminal at least and being opened entry terminal destroy the key that is write down.
7. according to the entry terminal of described band keyboard of claim 1 and encrypting module, it is characterized in that: described encrypting module be SAM card or ESAM chip or special encryption chip or with the encryption key and the algorithm of relational processor.
8. according to the entry terminal of described band keyboard of claim 1 and encrypting module, it is characterized in that: described encrypting module comprises key and algorithm at least; Described key comprises authenticate key, working key and transmission security key at least; Described authenticate key comprises at least downloads external authentication key, download internal authentication key, work external authentication key and work internal authentication key; Described working key comprises encryption key and message authentication code key at least; Described algorithm comprises symmetric key algorithm and/or asymmetric key algorithm at least.
9. according to the entry terminal of described band keyboard of claim 1 and encrypting module, it is characterized in that: the communication data packets of described entry terminal and system platform comprises message authentication code.
10. according to the entry terminal of described band keyboard of claim 1 and encrypting module, it is characterized in that: described operation of bank card main account or IC-card account or user cipher or user fingerprints characteristic being encrypted by encrypting module only just allows to carry out after entry terminal and system platform authenticate mutually; Described operation of bank card main account or IC-card account or user cipher or user fingerprints characteristic being encrypted by encrypting module is only carried out and is only carried out once after entry terminal obtains the random number that system platform issues and obtains bank card main account or IC-card account or user cipher or user fingerprints characteristic.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100610916A CN102147662A (en) | 2011-03-14 | 2011-03-14 | Input terminal with keyboard and encryption module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100610916A CN102147662A (en) | 2011-03-14 | 2011-03-14 | Input terminal with keyboard and encryption module |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102147662A true CN102147662A (en) | 2011-08-10 |
Family
ID=44421964
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100610916A Pending CN102147662A (en) | 2011-03-14 | 2011-03-14 | Input terminal with keyboard and encryption module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102147662A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102419805A (en) * | 2011-11-22 | 2012-04-18 | 中兴通讯股份有限公司 | Terminal equipment and method for encrypting user information |
| CN102542225A (en) * | 2011-12-05 | 2012-07-04 | 天津市通卡公用网络系统有限公司 | Cross-platform smart card online operating system and method |
| CN102663863A (en) * | 2012-03-23 | 2012-09-12 | 广州大学 | Financial POS system capable of resisting channel Trojan attack and anti-attack realization method thereof |
| CN102708632A (en) * | 2012-05-25 | 2012-10-03 | 福建联迪商用设备有限公司 | Method and device for protecting sensitive data in POS (point-of-sale) machine |
| CN104134141A (en) * | 2014-08-11 | 2014-11-05 | 济南曼维信息科技有限公司 | E-wallet system payment method based on time synchronization |
| CN104852928A (en) * | 2015-06-01 | 2015-08-19 | 上海雷腾软件股份有限公司 | Authentication method for fingerprint encryption |
| CN105069380A (en) * | 2015-08-27 | 2015-11-18 | 浪潮集团有限公司 | Portable password module |
| CN105141631A (en) * | 2015-09-21 | 2015-12-09 | 宇龙计算机通信科技(深圳)有限公司 | Terminal, server and account security login method, device and system |
| CN105653965A (en) * | 2016-01-22 | 2016-06-08 | 东信和平科技股份有限公司 | Smart card encryption equipment monitoring device and method |
| CN105825264A (en) * | 2016-04-05 | 2016-08-03 | 深圳芯邦科技股份有限公司 | Fingerprint identification encryption method |
| CN106326790A (en) * | 2015-06-30 | 2017-01-11 | 国民技术股份有限公司 | Account verification device and method |
| CN108509787A (en) * | 2018-03-14 | 2018-09-07 | 深圳市中易通安全芯科技有限公司 | A kind of program authentication method |
| CN108846302A (en) * | 2018-06-26 | 2018-11-20 | 江苏恒宝智能系统技术有限公司 | A kind of cipher-code input method |
| CN113450110A (en) * | 2020-03-26 | 2021-09-28 | 苏州佳世达光电有限公司 | Secure payment system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2454818Y (en) * | 1999-11-08 | 2001-10-17 | 北京科瑞奇技术开发有限公司 | Finger mark, picture anti-fake store-box |
| CN1866276A (en) * | 2006-01-10 | 2006-11-22 | 王耀 | Embedded application method of double-interface IC card chip |
| CN101206779A (en) * | 2006-12-18 | 2008-06-25 | 汉王科技股份有限公司 | Online banking system safety terminal and data safety processing method thereof |
| CN101685512A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Computer, payment system and method thereof for realizing on-line payment |
| CN101799903A (en) * | 2010-02-03 | 2010-08-11 | 福建三元达软件有限公司 | Payment system, terminal and method for realizing tracking control |
-
2011
- 2011-03-14 CN CN2011100610916A patent/CN102147662A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2454818Y (en) * | 1999-11-08 | 2001-10-17 | 北京科瑞奇技术开发有限公司 | Finger mark, picture anti-fake store-box |
| CN1866276A (en) * | 2006-01-10 | 2006-11-22 | 王耀 | Embedded application method of double-interface IC card chip |
| CN101206779A (en) * | 2006-12-18 | 2008-06-25 | 汉王科技股份有限公司 | Online banking system safety terminal and data safety processing method thereof |
| CN101685512A (en) * | 2008-09-28 | 2010-03-31 | 中国银联股份有限公司 | Computer, payment system and method thereof for realizing on-line payment |
| CN101799903A (en) * | 2010-02-03 | 2010-08-11 | 福建三元达软件有限公司 | Payment system, terminal and method for realizing tracking control |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102419805A (en) * | 2011-11-22 | 2012-04-18 | 中兴通讯股份有限公司 | Terminal equipment and method for encrypting user information |
| CN102542225A (en) * | 2011-12-05 | 2012-07-04 | 天津市通卡公用网络系统有限公司 | Cross-platform smart card online operating system and method |
| CN102663863A (en) * | 2012-03-23 | 2012-09-12 | 广州大学 | Financial POS system capable of resisting channel Trojan attack and anti-attack realization method thereof |
| CN102663863B (en) * | 2012-03-23 | 2014-10-29 | 广州大学 | Financial POS system capable of resisting channel Trojan attack and anti-attack realization method thereof |
| CN102708632A (en) * | 2012-05-25 | 2012-10-03 | 福建联迪商用设备有限公司 | Method and device for protecting sensitive data in POS (point-of-sale) machine |
| CN102708632B (en) * | 2012-05-25 | 2014-05-21 | 福建联迪商用设备有限公司 | Method and device for protecting sensitive data in POS (point-of-sale) machine |
| CN104134141A (en) * | 2014-08-11 | 2014-11-05 | 济南曼维信息科技有限公司 | E-wallet system payment method based on time synchronization |
| CN104134141B (en) * | 2014-08-11 | 2017-05-10 | 济南曼维信息科技有限公司 | E-wallet system payment method based on time synchronization |
| CN104852928A (en) * | 2015-06-01 | 2015-08-19 | 上海雷腾软件股份有限公司 | Authentication method for fingerprint encryption |
| CN106326790B (en) * | 2015-06-30 | 2024-03-01 | 国民技术股份有限公司 | Account verification device and method |
| CN106326790A (en) * | 2015-06-30 | 2017-01-11 | 国民技术股份有限公司 | Account verification device and method |
| CN105069380A (en) * | 2015-08-27 | 2015-11-18 | 浪潮集团有限公司 | Portable password module |
| CN105141631A (en) * | 2015-09-21 | 2015-12-09 | 宇龙计算机通信科技(深圳)有限公司 | Terminal, server and account security login method, device and system |
| CN105141631B (en) * | 2015-09-21 | 2019-06-11 | 宇龙计算机通信科技(深圳)有限公司 | The methods, devices and systems that a kind of terminal, server and account safety log in |
| CN105653965A (en) * | 2016-01-22 | 2016-06-08 | 东信和平科技股份有限公司 | Smart card encryption equipment monitoring device and method |
| CN105653965B (en) * | 2016-01-22 | 2018-09-11 | 东信和平科技股份有限公司 | A kind of intelligence card encoder monitoring device and method |
| CN105825264B (en) * | 2016-04-05 | 2018-11-30 | 深圳芯邦科技股份有限公司 | A kind of fingerprint recognition encryption method |
| CN105825264A (en) * | 2016-04-05 | 2016-08-03 | 深圳芯邦科技股份有限公司 | Fingerprint identification encryption method |
| CN108509787A (en) * | 2018-03-14 | 2018-09-07 | 深圳市中易通安全芯科技有限公司 | A kind of program authentication method |
| CN108509787B (en) * | 2018-03-14 | 2022-06-10 | 深圳市中易通安全芯科技有限公司 | Program authentication method |
| CN108846302A (en) * | 2018-06-26 | 2018-11-20 | 江苏恒宝智能系统技术有限公司 | A kind of cipher-code input method |
| CN113450110A (en) * | 2020-03-26 | 2021-09-28 | 苏州佳世达光电有限公司 | Secure payment system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102147662A (en) | Input terminal with keyboard and encryption module | |
| Wang et al. | Mobile payment security, threats, and challenges | |
| RU2645593C2 (en) | Verification of portable consumer devices | |
| CN102880960B (en) | Based on the payment by using short messages method and system of fingerprint recognition mobile phone | |
| CN104573547B (en) | The safety and protection system and its operation realizing method of a kind of information exchange | |
| TWI587225B (en) | Secure payment method, mobile device and secure payment system | |
| CN103729948B (en) | There is the electric paying method of the mobile terminal of NFC and fingerprint function | |
| AU2018214800B2 (en) | Methods and systems for securely storing sensitive data on smart cards | |
| CN102768744B (en) | A kind of remote safe payment method and system | |
| EP2733655A1 (en) | Electronic payment method and device for securely exchanging payment information | |
| CN109039652B (en) | Digital certificate generation and application method | |
| CN101334884B (en) | Improve the method and system of account transfer safety | |
| CN104732388A (en) | Electronic payment method and system | |
| GB2512595A (en) | Integrated contactless mpos implementation | |
| US20110202762A1 (en) | Method and apparatus for carrying out secure electronic communication | |
| CN202854880U (en) | SMS payment system based on fingerprint identification mobile phone | |
| US20130121490A1 (en) | Method and apparatus for trust based data scanning, capture, and transfer | |
| Hudaib | E-payment security analysis in depth | |
| CN101594354A (en) | Improve the method and system of account transfer safety | |
| CN104010306A (en) | Mobile device user identity authentication system and method | |
| CN202120203U (en) | Input terminal provided with keyboard and encryption module | |
| CN102184354A (en) | Method for preventing data from being falsified and hijacked in online payment | |
| US20030221110A1 (en) | Method of disposable command encoding (DCE) for security and anonymity protection in information system operations | |
| CN107491967B (en) | Method and system for inputting password through network payment | |
| Emms et al. | The dangers of verify PIN on contactless cards |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110810 |