CN102546545A - Device and method for guaranteeing transmission safety of important network data of user - Google Patents
Device and method for guaranteeing transmission safety of important network data of user Download PDFInfo
- Publication number
- CN102546545A CN102546545A CN2010105971780A CN201010597178A CN102546545A CN 102546545 A CN102546545 A CN 102546545A CN 2010105971780 A CN2010105971780 A CN 2010105971780A CN 201010597178 A CN201010597178 A CN 201010597178A CN 102546545 A CN102546545 A CN 102546545A
- Authority
- CN
- China
- Prior art keywords
- user
- dynamic password
- network
- data
- transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a device for guaranteeing transmission safety of important network data of a user, which is characterized in that an encrypted universal serial bus (USB) KEY for conducting e-business certification and a physical medium for storing dynamic password data are integrated so as to facilitate usage of the user. The invention further discloses a method for guaranteeing the transmission safety of the important network data, dynamic passwords of mobile communication network transmission are adopted, and a transmission process and an internet environment are isolated. Therefore, the device and the method for guaranteeing the transmission safety of the important network data of the user have high confidentiality and safety.
Description
Technical field
The present invention relates to network safety filed, relate in particular to the individual and network number of the account login safety of e-commerce transaction peace.
Background technology
The fast development of computer hardware technique and network technology; Make internet closely become the back bone network of GII because internet has exploration; Global; The characteristics of sharing; Make diverse network use vigorous growth fast, but
network application is served the fail safe of depending on the network information again with the increment class.This just makes network security become modernized computer network
biggest obstacle.
Ecommerce is used under the fast development of Internet technology and is given birth to, and as a kind of new business model, can realize high efficiency, cheaply business transaction.The secure communication protocols SSL (Secure Socket Layer) that present e-commerce system proposes based on a Netscape company of two kinds of agreements utilization public key technique; Another is that visa international corporation unites several big internationally recognizable company that comprises Netscape, works the Set agreement of releasing (Secure Electronic Transaction).The Set agreement is higher than ssl protocol fail safe, but comparatively complicated, needs special software, expensive, and the fail safe of SSL in fact can be satisfactory, and therefore domestic e-commerce system mainly is based on ssl protocol.No matter be based on ssl protocol or set protocol e-commerce system; All need the preservation of the digital certificate that the user issues CA (Certification Authorutv) authentication center; Traditional method is that digital certificate is kept in user's the IE browser, and this just makes transaction data must pass through the internal memory of computer and since subscriber computer and network environment complexity; Reduced the safe coefficient of this method; In addition, the user can only carry out transaction being equipped with on the computer of digital certificate, inconvenience is arranged when the user uses.What occurred afterwards possesses digital certificate in USBKEY, and transaction data is without computer memory, and the mode of directly in USBKEY, encrypting can overcome the deficiency of conventional method.Make fail safe and convenience all obtain good raising, this method, the application of bank is particularly evident on the net.
The present network application service account login mode overwhelming majority is the mode of user name+static password; The fail safe of this mode is extremely low; In other words; Its application is not the angle from safety; But from the angle that it can be simply come a large amount of user's differences consider for general network application; This mode is enough really; But in the process of long-term internet usage, almost each user has been developed network application number of the account or very important network application number of the account that some " necessary " will have, in case these network numbers of the account are become a lot of loss and inconvenience by illegal login
.All; The fail safe that must strengthen some important network application numbers of the account is arranged, and static password is
be cracked and the possibility of stealing very big.The user uses disposable dynamic password, and password is all inequality when guaranteeing each the login, so just can improve the safe class of number of the account significantly.But dynamic password has another problem of bringing---the management of dynamic password when improving account number safety.Generally; Key and parameter that network application service provider provides a kind of physical medium that is separated with computer to store and manage dynamic password and particular network service generation dynamic password for the user must be inequality; Could realize distinctiveness and confidentiality, each particular network service provides the physical medium of a storage and generation dynamic password like this, in general; Each Internet user has the network number of the account of several outbalances; In order to ensure the fail safe of number of the account, just must hold corresponding several physical medium like this, it is very inconvenient holding several physical mediums that are used for the number of the account login.Be easy to lose wherein some.In other words, this dynamic password management and storage mode, from user's use angle, convenient inadequately.
Summary of the invention
The object of the present invention is to provide a kind of fail safe that can either ensure the user's electronic commercial activity, have and to store the apparatus and method that many groups are used for logining the dynamic password of
network number of the account.
For realizing above-mentioned purpose, the present invention adopts technical scheme:
1. be applied to based on USBKEY in the physical medium of Web bank; Increase memory module and mobile communications network receiver module; Make this physical medium that is referred to as the secure log device can store the digital certificate and the private key of other e-commerce initiatives; And the dynamic password of the network number of the account of user's outbalance; Owing to can realize physical isolation between the variant information of storage; Make separately between them when realizing separately function, to be independent of each other, so just make this physical medium can store several different electronics merchants
word certificate and private key simultaneously, and the dynamic password of heterogeneous networks number of the account.
2. SIM and two mobile phone card slots of UIM are arranged on the mobile communications network receiver module of secure log device.Make this physical medium when inserting the special mobile phone card, can receive and store the dynamic password information of sending through mobile communication network.
3. the internal unit of secure log device also comprises:
Power module is used to provide power supply;
Display module shows the transaction data that specific electron is commercial, the dynamic password of explicit user particular network number of the account;
Fingerprint identification module is opened the secure log device;
Control module is used for the user to the affirmation of e-commerce transaction data before encryption;
Microprocessor connects each module, regulates and control and manages.
4. provide the procedure to apply of safety guarantee to be to the e-commerce initiative that needs digital certificate:
A) user gets in touch with corresponding E-business service merchant, and the registration security logger is obtained the authorization message of this ecommerce.
B) user downloads corresponding certificate of fair according to authorization message, and with digital certificate and private key storage.
5. the dynamic password procedure to apply of user's particular network number of the account is:
1) user logins the network number of the account of oneself;
2) server obtains user's cell-phone number;
3) the server prompts user is with the SIM of this mobile phone or the draw-in groove of UIM card insertion secure log device;
4) server sends to the secure log device through mobile communication network system with dynamic password;
5) this dynamic password of secure log device storage.
For realizing above-mentioned purpose, the present invention adopts like lower device:
User's Net-connected computer; Have a USB interface, be used to login specific e-commerce system and particular network
system
A secure log device; In internal memory, produce key after being used to download the required digital certificate of specific ecommerce, and possess digital certificate and the private key of discerning user identity, behind the connection user Net-connected computer; Be used to read in; Analysis is by the information of the enquiring digital certificate of specific electron business system input and feed back a digital certificate, and the user carries out corresponding electronic commerce data when handling, and confirms user identity or digital signature through the secure log device; And show Transaction Information each time, supply the user to judge the authenticity of transaction data; Another effect of the record device of safety is to receive dynamic password through mobile communications network, and with its storage, shows the corresponding dynamic password when user need login the particular network account number.
Mobile communication network is used for sending the dynamic password data to the secure log device;
Specific e-commerce system is for the user provides specific E-business service;
The particular network application service system is for the user provides corresponding network service.
Description of drawings
Fig. 1 a is a secure log device anterior view sketch map of the present invention
Fig. 1 b is a secure log device norma lateralis sketch map of the present invention
Fig. 2 is the structural principle sketch map of secure log device of the present invention
Fig. 3 obtains the sketch map of dynamic password for the present invention
Fig. 4 obtains the flow chart of dynamic password for the present invention
The flow chart that Fig. 5 confirms the data of e-commerce transaction for user of the present invention
Embodiment
Below in conjunction with accompanying drawing and embodiment the present invention is done further description.
Fig. 1 a, 1b is the sketch map of secure log device of the present invention, and like Fig. 1 a, shown in the 1b, 1 is the fingerprint recognition frame, and 2 is display screen, and 3 for confirming this button.4 is USB interface, and 5 is the mobile phone card plug, and this secure log device is equivalent to mobile phone+one storage card of several USBKEY+.
This secure log device must have unique sequence number when dispatching from the factory, when the user will apply for certain E-business service, carry this secure log device, to the site of accepting of this ecommerce, registers this secure log device, obtains the authorization message of this ecommerce.The user writes the sequence number of secure log device in the user profile when the application digital certificate.When applying for other ecommerce, also use this sequence number, the user stores this digital certificate and corresponding private key information according to specific electron business system downloadable authentication operating process downloading digital certificate.Completion is to the application of particular e-commerce.
Fig. 2 is the structural representation of secure log device of the present invention, and is as shown in Figure 2, is used to store between USBKEY module and the memory module of digital certificate and private key separate; Microprocessor module: connect other each module and coordinate to control them; The computer data receiver module connects subscriber computer and receives the instruction that the user sends through computer through USB interface, and microprocessor can read the data in the memory module according to instruction, and is transferred to display module; Accomplish the demonstration of dynamic password; Also can start the USBKEY module, make the user carry out the authentication of ecommerce, processes such as data encryption through specific instruction.
Fig. 3 is the sketch map that the present invention obtains dynamic password, and is as shown in Figure 3, and the user is through the particular network application number of the account on the individual computers login the Internet.And to server end application dynamic password, server end sends to the dynamic password that generates in the database on the secure log device of user side through mobile communication network.The user acknowledges receipt of the dynamic password data.
Fig. 4 obtains the flow chart of dynamic password for the present invention, and as shown in Figure 4, the network application server end also will further be confirmed the legitimacy of this user identity when receiving the request msg of user applies dynamic password.Obtain the number of the current spendable mobile phone of user then; In database, generate one group of dynamic password simultaneously; After server end obtained effective Mobile Directory Number, the prompting user inserted pairing SIM of this number or UIM card in the draw-in groove of secure log device.Show the dynamic password relevant information receive on the display screen of secure log device, the user judges that truly whether it.If dynamic password information is true, then press acknowledgement key, the dynamic password storage.If the dynamic password information user is judged as vacation; Get in touch through computer and server end, make server end resend dynamic password or take corresponding verification measure, the dynamic password that acknowledges receipt of up to the user is for true; Press acknowledgement key again, dynamic password is stored.
When the user need login the network number of the account of having applied for dynamic password; Open the secure log device with fingerprint recognition; Be inserted into USB interface of computer, the user sends the instruction of obtaining dynamic password through the session software of secure log device on the computer to the secure log device, shows a password on the display screen of secure log device; The user reads this password, and realizes login with it.
When the user need carry out e-commerce transaction, same earlier with fingerprint recognition unlatching secure log device, be inserted into the computer USB interface.Send the instruction of carrying out the respective electronic commercial activity through session software to the secure log device, the secure log device is opened corresponding USBKEY module.Carry out authentication in the ecommerce, and the data encryption operation.
Fig. 5 is the flow chart that the user confirms the data of e-commerce transaction, and is as shown in Figure 5: the e-commerce transaction transfer of data is in the secure log device, and display module shows this transaction data; The user judges the legitimacy of transaction this time, if transaction data is legal, the user presses the affirmation button of control module and confirms transaction this time; If transaction is illegal, then the user does not confirm, transaction stops; Judge legal transaction data through the user, get in the USBKEY module and encrypt.
To carry out e-business certification; The USBKEY that encrypts combines with the physical medium of storage dynamic password data; And dynamic password is directly stored the dynamic login password that so just can use a physical medium storage multiple network to use through mobile communications network.From technical standpoint, simple; Adopt mobile communications network to send dynamic password, transmission course and internet environment are isolated, and safe class is high.So based on the method for secure log device guarantee user critical network data transmission security, can be convenient, comprehensively ensure the safety of user network data.
Claims (8)
1. the device of a network data transmission safety that is used to ensure that the user is important comprises:
User's Net-connected computer has a USB interface, is used to login specific e-commerce system and particular network application system
A secure log device; In internal memory, produce key after being used to download the required digital certificate of specific ecommerce, and preserve the digital certificate and the private key of identification user identity, behind the connection user Net-connected computer; Be used to read in; Analysis is by the information of the enquiring digital certificate of specific electron business system input and feed back a digital certificate, and the user carries out corresponding electronic commerce data when handling, and confirms user identity or digital signature through the secure log device; And show Transaction Information each time, supply the user to judge the authenticity of transaction data; The secure log device number
An effect is to receive dynamic password through mobile communications network, and with its storage, the mode that makes the user pass through dynamic password is logined the particular network number of the account;
A mobile communication network is used for sending the dynamic password data to the secure log device;
Specific e-commerce system is for the user provides specific E-business service;
The particular network application service system is for the user provides corresponding network service.
2. according to the said device that ensures the network data security that the user is important of claim 1; It is characterized in that; Said secure log device is little
machine; Comprise casing and the internal unit that is packaged in the casing, this internal unit comprises:
Power module is used to provide power supply;
Memory module, storage dynamic password information encrypted message;
Display module shows the transaction data that specific electron is commercial, the dynamic password of explicit user particular network number of the account;
The computer data receiver module receives subscriber computer machine input information through USB interface;
The mobile communication network receiver module is used to receive the dynamic password data that mobile communications network sends;
Fingerprint identification module is opened the Password Management machine;
The USBKEY module is used to download the required digital certificate of specific ecommerce, in internal memory, produces key, and preserves the digital certificate and the private key of identification user identity, and this specific electronic commerce data is encrypted, and ensures the safety of ecommerce;
Control module is used for the user to the affirmation of e-commerce transaction data before encryption and the affirmation of dynamic password authenticity;
Microprocessor connects above-mentioned each module, regulates and control and manages.
3. according to the device of the important network data security of the said guarantee of claim 2 user, it is characterized in that said mobile communication network receiver module further comprises:
SIM and UIM card plug are used to insert the SIM or the UIM card of user mobile phone.
4. according to the said device that ensures the network data security that the user is important of claim 2; It is characterized in that said secure log device
One button is positioned on the casing and links to each other with control module, and the user confirms this e-commerce transaction data true or false through this button; Confirm the authenticity of dynamic password.
5. the method for a network data transmission safety that is used to ensure that the user is important to the safety guarantee procedure to apply of e-commerce initiative is:
A) user gets in touch with corresponding E-business service merchant, and the registration security logger is obtained the authorization message of this ecommerce;
B) user downloads corresponding certificate of fair according to authorization message, and is stored in the USBKEY module.
6. the method for a network data transmission safety that is used to ensure that the user is important, the step that the user confirms the data of e-commerce transaction is:
1) e-commerce transaction transfer of data is in the secure log device;
2) display module shows this transaction data;
3) user judges the legitimacy of transaction this time;
4) if transaction data is legal, the user presses the affirmation button of control module and confirms transaction this time, if transaction is illegal, then the user does not confirm, transaction stops;
5) judge legal transaction data through the user, get in the USBKEY module and encrypt.
7. the method for a network data transmission safety that is used to ensure that the user is important, the dynamic password procedure to apply of user's particular network number of the account is:
A1) user logins the network number of the account of oneself;
A2) user is to server application dynamic password;
A3) server is further verified user's legitimacy;
A4) server obtains user's cell-phone number;
A5) the server prompts user is with the SIM of this mobile phone or the draw-in groove of UIM card insertion secure log device;
A6) server end generates one group of dynamic password from database;
A7) server sends to the secure log device through mobile communication network system with dynamic password;
A8) user receives the dynamic password data through button affirmation secure log device;
A8) this dynamic password of secure log device storage;
A9) user confirms that dynamic password stores, in draw-in groove, takes out SIM or UIM card;
A10) user sends the paid-in confirmation of dynamic password to server end;
A11) server end is revised the database mark, should organize dynamic password and user binding.
8. according to claim 1, the apparatus and method of the network data security that 2,4,5,6 said guarantee users are important, it is characterized in that: above-mentioned ecommerce comprises Web bank, electronic payment platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105971780A CN102546545A (en) | 2010-12-21 | 2010-12-21 | Device and method for guaranteeing transmission safety of important network data of user |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105971780A CN102546545A (en) | 2010-12-21 | 2010-12-21 | Device and method for guaranteeing transmission safety of important network data of user |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102546545A true CN102546545A (en) | 2012-07-04 |
Family
ID=46352517
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105971780A Pending CN102546545A (en) | 2010-12-21 | 2010-12-21 | Device and method for guaranteeing transmission safety of important network data of user |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102546545A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103514540A (en) * | 2013-10-15 | 2014-01-15 | 大唐微电子技术有限公司 | USBKEY business realization method and system |
| CN103716794A (en) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | Two-way safety verification method and system based on portable device |
| CN103873242A (en) * | 2012-12-12 | 2014-06-18 | 国民技术股份有限公司 | Intelligent secret key device |
| CN111490980A (en) * | 2020-03-30 | 2020-08-04 | 贵阳块数据城市建设有限公司 | Industrial internet data transmission encryption method |
| CN113779539A (en) * | 2021-09-09 | 2021-12-10 | 格尔软件股份有限公司 | Linux platform login authentication method |
-
2010
- 2010-12-21 CN CN2010105971780A patent/CN102546545A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103873242A (en) * | 2012-12-12 | 2014-06-18 | 国民技术股份有限公司 | Intelligent secret key device |
| WO2014090064A1 (en) * | 2012-12-12 | 2014-06-19 | 国民技术股份有限公司 | Smart cipher key device |
| CN103514540A (en) * | 2013-10-15 | 2014-01-15 | 大唐微电子技术有限公司 | USBKEY business realization method and system |
| CN103514540B (en) * | 2013-10-15 | 2017-03-01 | 大唐微电子技术有限公司 | A kind of excellent shield service implementation method and system |
| CN103716794A (en) * | 2013-12-25 | 2014-04-09 | 北京握奇数据系统有限公司 | Two-way safety verification method and system based on portable device |
| CN111490980A (en) * | 2020-03-30 | 2020-08-04 | 贵阳块数据城市建设有限公司 | Industrial internet data transmission encryption method |
| CN111490980B (en) * | 2020-03-30 | 2022-03-08 | 贵阳块数据城市建设有限公司 | Industrial internet data transmission encryption method |
| CN113779539A (en) * | 2021-09-09 | 2021-12-10 | 格尔软件股份有限公司 | Linux platform login authentication method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101222333B (en) | Data transaction processing method and apparatus | |
| RU2665869C2 (en) | Systems and methods for linking devices to user accounts | |
| CN105050081B (en) | Method, device and system for connecting network access device to wireless network access point | |
| US8601260B2 (en) | Creation of user digital certificate for portable consumer payment device | |
| CN103501191B (en) | A kind of mobile payment device based on NFC technology and method thereof | |
| CN102473212B (en) | Generate the method for soft token | |
| US8737964B2 (en) | Facilitating and authenticating transactions | |
| WO2016107320A1 (en) | Website security information loading method, and browser device | |
| CN101527633B (en) | Method for intelligent key devices to obtain digital certificates | |
| CN110337797A (en) | Method for executing two-factor authentication | |
| US20040030887A1 (en) | System and method for providing secure communications between clients and service providers | |
| WO2006093148A1 (en) | Data communication system, alternate system server, computer program, and data communication method | |
| CN112953970B (en) | Identity authentication method and identity authentication system | |
| JP2018038068A (en) | Method for confirming identification information of user of communication terminal and related system | |
| CN102694782A (en) | Internet-based device and method for security information interaction | |
| CN102694781A (en) | Internet-based system and method for security information interaction | |
| CN103237305A (en) | Password protection method for smart card on mobile terminals | |
| CN101631305A (en) | Encryption method and system | |
| WO2012034339A1 (en) | Method and mobile terminal for realizing network payment | |
| CN101944216A (en) | Two-factor online transaction safety authentication method and system | |
| CN102546545A (en) | Device and method for guaranteeing transmission safety of important network data of user | |
| CN109274500A (en) | A kind of key downloading method, client, encryption device and terminal device | |
| TW201101215A (en) | Two-factor authentication method and system for securing online transactions | |
| CN102752265A (en) | Security information interaction system and method based on Internet | |
| Feifei | Research on security of mobile payment model based on trusted third party |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Xi Hailong Document name: Notification of Publication of the Application for Invention |
|
| DD01 | Delivery of document by public notice |
Addressee: Xi Hailong Document name: Notification of before Expiration of Request of Examination as to Substance |
|
| DD01 | Delivery of document by public notice |
Addressee: Xi Hailong Document name: Notification that Application Deemed to be Withdrawn |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120704 |