CN102739398A - Online bank identity authentication method and apparatus thereof - Google Patents
Online bank identity authentication method and apparatus thereof Download PDFInfo
- Publication number
- CN102739398A CN102739398A CN2011100908874A CN201110090887A CN102739398A CN 102739398 A CN102739398 A CN 102739398A CN 2011100908874 A CN2011100908874 A CN 2011100908874A CN 201110090887 A CN201110090887 A CN 201110090887A CN 102739398 A CN102739398 A CN 102739398A
- Authority
- CN
- China
- Prior art keywords
- authorization code
- net silver
- processor
- user
- keyboard
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
An online bank identity authentication method and an apparatus thereof are disclosed. The method comprises the following steps: setting an apparatus, wherein the apparatus comprises a processor, an interface connected with the processor and a keyboard; inputting an authorization code via the keyboard, wherein after the authorization code is verified to be qualified, the processor carries out digital signature processing on external equipment via data provided by the interface and the processed data is returned to the external equipment via the interface. Through inputting the authorization code and an account password on the apparatus which is independent of an online bank client, the authorization code and the account password can be ensured not to be stolen so as to effectively guarantee safety of an identity authentication process.
Description
Technical field
The present invention relates to the Internet bank, relate in particular to the realization of the identity on-line authentication in the Internet bank.
Background technology
Along with the fast development of the Internet and ecommerce, Web bank's (hereinafter to be referred as Net silver) online transaction amount of money constantly enlarges, and network information security problem shows especially day by day, and the consumer more and more pays close attention to the safety problem of Net silver.In order to guarantee the safety of Net silver, need use identity identifying technology when carrying out the Net silver operation.
There are two kinds of widely used authentication hardware products can realize safer Net silver system login at present, i.e. dynamic puzzle-lock and USB Key.
Dynamic password (Dynamic Password) also claim disposal password, and it refers to user's password according to time or the continuous dynamic change of access times, and each password only uses once.Dynamic password adopts a kind of specialized hardware that is referred to as dynamic token, and built-in power, password generate chip and display screen.The password of this product generates the special cryptographic algorithm of chip operation, generates current password and is presented on the display screen according to current time and access times.Certificate server adopts the identical current valid password of algorithm computation.Because each password that uses must be produced by dynamic token, has only validated user just to hold this hardware, as long as cipher authentication passes through, system just can think that this user's identity is reliable.And the each password that uses of user is all inequality, even the hacker has intercepted and captured password one time, the identity that also can't utilize this password to come counterfeit validated user is because login next time must be used the another one dynamic password.
Dynamic puzzle-lock system needs two password key elements, and a key element is static PIN code (identity code), is provided with voluntarily, is taken care of by the user.Another key element is a dynamic password, is dynamically generated by cipher token, and is unpredictable, and synchronous with the access control maintenance of background server, tested by background server.Therefore, correct static PIN code and the dynamic password of the essential input of user could be through authentication.
The certification mode that USB Key adopts conbined public or double key (PKI) to encrypt, USB Key is a kind of hardware device of USB interface.Its built-in single-chip microcomputer or intelligent card chip has certain memory space, can store user's private key and digital certificate, utilizes the built-in public key algorithm of USB Key to realize the authentication to user identity.Because private key for user is kept in the coded lock, uses any way all can't read in theory, therefore guaranteed the fail safe of authentification of user.
USB Key product is put forward by encryption lock manufacturer the earliest; Original USB encryption lock is mainly used in and prevents that software from cracking and duplicating, and protection software is not by piracy, and the purpose of USB Key is different; USB Key is mainly used in network authentication, main digital certificate and the private key for user preserved in the lock.USB Key producer is with USB Key and PKI (Public Key Infrastructure; PKIX) technology combines; Developed the safe middleware that meets the PKI standard, utilized USB Key to preserve digital certificate and private key for user, and provide and meet PKI standard programming interface using the developer; Like PKCS#1l and MSCAPI, so that exploitation is based on the application program of PKI.Because USB Key itself is as crypto key memory, the hardware configuration of himself has determined the user can only pass through manufacturer's DLL visit data, and this digital certificate that has just guaranteed to be kept among the USB Key can't be replicated.
Dynamic puzzle-lock and USB Key are good safety products, but if based on the PKI system, use USB Key builds the key management platform of following the PKI standard more easily, and this also is that USB Key uses one of reason more widely.
In fact USB Key is exactly the signature device of a hardware.Say on the principle that the program on any PC can use USB Key to carry out data signature, also comprise attacker certainly.Therefore, attacker is probably forged network bank business based packet and is signed with USB Key, gains the Net silver trust by cheating and user account is caused attack.In order to address this problem, USB Key needs user authorization code usually, and USB Key signs to data after having checked authorization code.
Fig. 1 has described existing Net silver flow for authenticating ID, and it roughly comprises, step 101: before using identification authentication system 1, the user must be at Net silver client 2 input authorization codes; Step 102: authorization code is expressly passed to identification authentication system 1 by Net silver client 2; When the authorization code of 1 pair of input of identification authentication system verify be judged as mate successfully after, just can carry out later digital signature and handle, just: identification authentication system 1 is with authorization code that receives and comparing of having preserved; If mate successfully; Then can carry out ensuing signature operation, otherwise beam back error message, the detailed process of digital signature then comprises; Step 105: by Net silver client 2 transaction data to be signed is passed to identification authentication system 1, the request digital signature is handled; Step 106: will signing afterwards by identification authentication system 1, data send to Net silver client 2; And step 107: will sign the back data passes to bank backstage 3 by Net silver client 2.
Because the Net silver operation also need be used account password except the above-mentioned authorization code of needs, therefore, the flow process of Net silver authentication also comprises step 103: the user imports account password on the keyboard of Net silver client 2; And step 104: Net silver client 2 sends to identification authentication system 1 with account password; Identification authentication system 1 is encrypted account password earlier; When receiving data to be signed; Ciphertext and data to be signed after identification authentication system 1 can be encrypted account password are combined into data, then the data after the combination are signed, and the data after will signing send to Net silver client 2.
To sum up, existing identity identifying method is because the user is input authorization code and an account password on Net silver client 2; Send to identification authentication system 1 by Net silver client 2 again; Thereby authorization code and/or account password can appear at mode expressly on the keyboard of Net silver client 2 with internal memory in, and Net silver client 2 is as the part in the open network environment, the assailant is easy to it is attacked; Intercept and capture authorization code and/or account password, accomplish the transaction that forges a signature.
Summary of the invention
The technical problem that the present invention will solve is to overcome the deficiency of above-mentioned prior art, and proposes a kind of method and device that can guarantee the Net silver authentication of authentication process safety effectively.
The present invention solves the problems of the technologies described above the technological means that is adopted and comprises; A kind of Net silver identity identifying method is proposed; Comprise: a device is set; This device comprise one can carry out processor that digital signature handles, link to each other with this processor can with miscellaneous equipment in the Net silver communicate by letter an interface that is connected and a keyboard that links to each other with this processor, in this device, store a licencing key;
When network bank business based, need to import an authorization code via this keyboard earlier, after this authorization code empirical tests was qualified, this processor could carry out digital signature to transaction data to be handled, and sent miscellaneous equipment in the Net silver to via the transaction data of this interface after with signature process.
Method of the present invention when initialization, is stored Net silver certificate and user certificate, and by the user this licencing key is set in this device; When network bank business based, miscellaneous equipment is at first signed to request msg with own certificate and is sent this device in the Net silver, has only verified that at this device the Net silver signature for after correctly, just points out the user on this device, to import authorization code.
Method of the present invention, the proof procedure of this authorization code are will be compared via stored authorized password in the authorization code of keyboard input and this device by this processor, and both mate, and it is qualified to be judged as.
Method of the present invention; After this authorization code empirical tests is qualified; When miscellaneous equipment in the Net silver need be when the user obtains security information; The user carries out encryption via this keyboard input security information and through this processor to this security information, then to the data after the encryption separately or combine other transaction data to carry out digital signature to handle, and sends miscellaneous equipment in the Net silver to via the data of this interface after with signature process.
Method of the present invention, this security information refers to account number cipher.
Method of the present invention; After this authorization code empirical tests is qualified; Keep certain term of validity, before the deadline, the data signature operation of being undertaken by this device does not need to verify again authorization code again; After the term of validity finishes, the data signature action need user who is undertaken by this device re-enter authorization code and verify qualified.
The present invention solves the problems of the technologies described above the technological means that is adopted and also comprises, proposes a kind of device of Net silver authentication, comprises a processor, an interface that links to each other with this processor and a keyboard, in this device, stores a licencing key; When miscellaneous equipment in the Net silver needs the user that data are carried out digital signature; Get and import an authorization code via this keyboard earlier; After this authorization code empirical tests is qualified; This processor just carries out digital signature to transaction data to be handled, and sends miscellaneous equipment in the Net silver to via the transaction data of this interface after with signature process.
Device of the present invention, this device comprises the body of a card form, and this processor and keyboard are arranged in this body, and this interface is arranged on this body edges.
Device of the present invention, this interface are to link to each other with this body collapsiblely.
Device of the present invention, this keyboard comprises 10 numeric keys.
Compared with prior art; The method of Net silver authentication of the present invention and device; Through on the device that is independent of the Net silver client, realizing the input of authorization code and account password, can guarantee that authorization code and account password can not be stolen, thereby can guarantee authentication process safety effectively.
Description of drawings
Fig. 1 is the flow process signal of the method for existing Net silver authentication.
Fig. 2 is the flow process signal of the method for Net silver authentication of the present invention.
Fig. 3 is the structural representation of the device of Net silver authentication of the present invention.
Fig. 4 is the electric principle signal of the device of Net silver authentication of the present invention.
Embodiment
In order to further specify principle of the present invention and structure, combine accompanying drawing to a preferred embodiment of the present invention will be described in detail at present.
The flow process of the method for Net silver authentication of the present invention is as shown in Figure 2, and it roughly comprises:
Step 201: when the needs user imports authorization code and starts the authentication process; The input of authorization code is to realize through the keyboard that is embedded on the device 1 of authentication; 1 pair of authorization code of the device of authentication is compared, and matees successfully just to use this identification authentication system 1 to carry out authentication.
Step 202: when the device 1 of authentication needed account number cipher information, the input of account number cipher also is directly to realize through the keyboard on the identification authentication system 1, and was encrypted then.
Step 203: the device 1 of authentication receives data to be signed from Net silver client 2;
Step 204: account number cipher after the device 1 of authentication will be encrypted and data to be signed are formed data and these data are carried out digital signature handle, and data send to Net silver client 2 after the signature process.
Step 205: Net silver client 2 will be signed the back data passes to bank backstage 3.
The method of Net silver authentication of the present invention, user's authorization code has the regular hour term of validity, and in the term of validity, the data signature operation of on the device 1 of Net silver authentication, carrying out does not need to verify again authorization code again.After the term of validity finishes, need the user to re-enter authorization code in the device 1 enterprising line data signature operation of Net silver authentication.
The structure of the device 1 of Net silver authentication of the present invention is as shown in Figure 3, and it comprises the body 11 of a card form and the interface 12 that is arranged on these body 11 edges.Preferably, this interface 12 is to link to each other with this body 11 collapsiblely.This interface 12 can be a USB interface, and time spent and body 11 do not stack, and open during use, and the part that leans out can be inserted in the Net silver client 2.
The electric principle of the device 1 of Net silver authentication of the present invention is as shown in Figure 4, and it comprises the processor 111 and keyboard 112 that is encapsulated in this body 11, and this processor 111 is electrically connected with this interface 12.Also can comprise the memory 113 that is electrically connected with this processor 111 in this body 11, need to prove that this memory 113 is located in this processor 111 in can being.Preferably; This keyboard 112 comprises 10 numeric keys 1121 (referring to Fig. 3); And can adopt capacitance type touch key to reduce the thickness of body 11, the user can be compared through a kind of hash algorithm and the licencing key that leaves the user preset in the memory 113 in by processor 111 through the authorization code of keyboard 112 inputs.
The device 1 of Net silver authentication of the present invention is stored Net silver certificate and user certificate in device 1 during initialization, carry out the preset of licencing key by the user through the keyboard that installs on 1.When network bank business based, Net silver needs the user that transaction data is signed, and Net silver is at first signed to request msg with the certificate of oneself.Device 1 just points out user's input authorization code on device 1 to carry out digital signature to authorize this device 1 after authentication Net silver signature is correct.Device 1 is just signed the user cipher piece of transaction data and/or encryption after checking is authorized effectively, submits to Net silver backstage service routine then.
The device 1 of Net silver authentication of the present invention can be used as a CSP (Cryptographic Service Provide cryptographic service supply) and uses, comprising the realization of various password standards and algorithm.According to the needs of different Net silvers, can customize out different services.
Compared with prior art; The method of Net silver authentication of the present invention and device; Guaranteed that authorization code and account password expressly only appear at device 1 inside that is independent of Net silver client 2, device 1 is as an off-line device, and degree of safety is higher; The assailant can not obtain any useful message of user, the situation that online transaction can not occur forging a signature.
More than be merely preferable possible embodiments of the present invention, and unrestricted protection scope of the present invention, so the equivalent structure that all utilizations specification of the present invention and accompanying drawing content are made changes, all be included in protection scope of the present invention.
Claims (10)
1. the method for a Net silver authentication is characterized in that, comprising:
One device is set; This device comprise one can carry out processor that digital signature handles, link to each other with this processor can with miscellaneous equipment in the Net silver communicate by letter an interface that is connected and a keyboard that links to each other with this processor, in this device, store a licencing key;
When network bank business based, need to import an authorization code via this keyboard earlier, after this authorization code empirical tests was qualified, this processor could carry out digital signature to transaction data to be handled, and sent miscellaneous equipment in the Net silver to via the transaction data of this interface after with signature process.
2. according to the described method of claim 1, it is characterized in that, when initialization, in this device, store Net silver certificate and user certificate, and this licencing key is set by the user; When network bank business based, miscellaneous equipment is at first signed to request msg with own certificate and is sent this device in the Net silver, has only verified that at this device the Net silver signature for after correctly, just points out the user on this device, to import authorization code.
3. according to the described method of claim 2, it is characterized in that the proof procedure of this authorization code is will be compared via stored authorized password in the authorization code of keyboard input and this device by this processor, both mate, and it is qualified to be judged as.
4. according to the described method of claim 1; It is characterized in that; After this authorization code empirical tests was qualified, when miscellaneous equipment in the Net silver need be when the user obtains security information, the user carried out encryption via this keyboard input security information and through this processor to this security information; Send miscellaneous equipment in the Net silver to then separately or combine other transaction data to carry out digital signature to handle, and via the data of this interface after with signature process to the data after the encryption.
5. according to the described method of claim 4, it is characterized in that this security information refers to account number cipher.
6. according to the described method of claim 1; It is characterized in that, after this authorization code empirical tests is qualified, keep certain term of validity; Before the deadline; The data signature operation of being undertaken by this device does not need to verify again authorization code again, after the term of validity finishes, the data signature action need user who is undertaken by this device re-enter authorization code and verify qualified.
7. the device of a Net silver authentication is characterized in that, comprises a processor, an interface that links to each other with this processor and a keyboard, in this device, stores a licencing key; When miscellaneous equipment in the Net silver needs the user that data are carried out digital signature; Get and import an authorization code via this keyboard earlier; After this authorization code empirical tests is qualified; This processor just carries out digital signature to transaction data to be handled, and sends miscellaneous equipment in the Net silver to via the transaction data of this interface after with signature process.
8. according to the described device of claim 7, it is characterized in that this device comprises the body of a card form, this processor and keyboard are arranged in this body, and this interface is arranged on this body edges.
9. according to the described device of claim 8, it is characterized in that this interface is to link to each other with this body collapsiblely.
10. according to the described device of claim 8, it is characterized in that this keyboard comprises 10 numeric keys.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100908874A CN102739398A (en) | 2011-04-12 | 2011-04-12 | Online bank identity authentication method and apparatus thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100908874A CN102739398A (en) | 2011-04-12 | 2011-04-12 | Online bank identity authentication method and apparatus thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102739398A true CN102739398A (en) | 2012-10-17 |
Family
ID=46994243
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100908874A Pending CN102739398A (en) | 2011-04-12 | 2011-04-12 | Online bank identity authentication method and apparatus thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102739398A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103117854A (en) * | 2012-12-10 | 2013-05-22 | 涂国坚 | Safe internet bank implementation method |
| CN105308623A (en) * | 2014-03-17 | 2016-02-03 | 中国工商银行股份有限公司 | Device and method for providing online service |
| CN110086818A (en) * | 2019-05-05 | 2019-08-02 | 绍兴文理学院 | A kind of cloud file security storage system and access control method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101262348A (en) * | 2008-03-19 | 2008-09-10 | 阎琳 | USB digital signature device and its operation method |
| US20080255992A1 (en) * | 2007-04-16 | 2008-10-16 | Chung-Yu Lin | Double recognizing method by means of telephone number and identification code for online credit card transactions over the internet |
| CN101609391A (en) * | 2009-08-05 | 2009-12-23 | 天津深楠信息安全有限公司 | The PIN code secured inputting method of a kind of USB KEY |
| CN101695066A (en) * | 2009-09-28 | 2010-04-14 | 北京深思洛克软件技术股份有限公司 | Security authentication method and information security authentication equipment |
-
2011
- 2011-04-12 CN CN2011100908874A patent/CN102739398A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080255992A1 (en) * | 2007-04-16 | 2008-10-16 | Chung-Yu Lin | Double recognizing method by means of telephone number and identification code for online credit card transactions over the internet |
| CN101262348A (en) * | 2008-03-19 | 2008-09-10 | 阎琳 | USB digital signature device and its operation method |
| CN101609391A (en) * | 2009-08-05 | 2009-12-23 | 天津深楠信息安全有限公司 | The PIN code secured inputting method of a kind of USB KEY |
| CN101695066A (en) * | 2009-09-28 | 2010-04-14 | 北京深思洛克软件技术股份有限公司 | Security authentication method and information security authentication equipment |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103117854A (en) * | 2012-12-10 | 2013-05-22 | 涂国坚 | Safe internet bank implementation method |
| CN105308623A (en) * | 2014-03-17 | 2016-02-03 | 中国工商银行股份有限公司 | Device and method for providing online service |
| CN105308623B (en) * | 2014-03-17 | 2019-05-31 | 中国工商银行股份有限公司 | Network online service provides device and method |
| CN110086818A (en) * | 2019-05-05 | 2019-08-02 | 绍兴文理学院 | A kind of cloud file security storage system and access control method |
| CN110086818B (en) * | 2019-05-05 | 2020-05-19 | 绍兴文理学院 | Cloud file secure storage system and access control method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20180144114A1 (en) | Securing Blockchain Transactions Against Cyberattacks | |
| US9887989B2 (en) | Protecting passwords and biometrics against back-end security breaches | |
| US8112787B2 (en) | System and method for securing a credential via user and server verification | |
| CN100566254C (en) | Improve the method and system of safety of intelligent key equipment | |
| JP3595109B2 (en) | Authentication device, terminal device, authentication method in those devices, and storage medium | |
| AU2004288540B2 (en) | Portable security transaction protocol | |
| US10523441B2 (en) | Authentication of access request of a device and protecting confidential information | |
| CN100459488C (en) | Portable one-time dynamic password generator and security authentication system using the same | |
| US20030135740A1 (en) | Biometric-based system and method for enabling authentication of electronic messages sent over a network | |
| CN110677376B (en) | Authentication method, related device and system and computer readable storage medium | |
| CN109040067A (en) | A kind of user authentication device and authentication method based on the unclonable technology PUF of physics | |
| US20090293111A1 (en) | Third party system for biometric authentication | |
| CN101479987A (en) | Biometric credential verification framework | |
| WO2007094165A1 (en) | Id system and program, and id method | |
| TWM623435U (en) | System for verifying client identity and transaction services using multiple security levels | |
| CN115618399A (en) | Identity authentication method and device based on block chain, electronic equipment and readable medium | |
| TWI526871B (en) | Server, user device, and user device and server interaction method | |
| CN116112242B (en) | Unified safety authentication method and system for power regulation and control system | |
| KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
| CN102739398A (en) | Online bank identity authentication method and apparatus thereof | |
| KR101868564B1 (en) | Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same | |
| Kiljan et al. | What you enter is what you sign: Input integrity in an online banking environment | |
| WO2023022584A1 (en) | System and method for decentralising digital identification | |
| WO2011152084A1 (en) | Efficient mutual authentication method, program, and device | |
| CN114830092A (en) | System and method for protecting against malicious program code injection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20121017 |