CN102970288A - Network transaction system with dynamic password generator - Google Patents
Network transaction system with dynamic password generator Download PDFInfo
- Publication number
- CN102970288A CN102970288A CN2012104450450A CN201210445045A CN102970288A CN 102970288 A CN102970288 A CN 102970288A CN 2012104450450 A CN2012104450450 A CN 2012104450450A CN 201210445045 A CN201210445045 A CN 201210445045A CN 102970288 A CN102970288 A CN 102970288A
- Authority
- CN
- China
- Prior art keywords
- server
- network
- encryption device
- internet
- dynamic password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
A network transaction system comprises an encryption device, a computer connected with a network, a gateway server and a backstage transaction server, wherein the encryption device is used for identifying a digital certificate and a private key of a client identity, and comprises a dynamic password generator capable of dynamically generating one-time passwords random; the computer is provided with an interface where the encryption device can be plugged in; the gateway server is connected with the computer through the network and used for encrypting data commands of the backstage transaction server, performing ciphertext transmission on the internet, and decrypting and transmitting the received client data commands to the backstage transaction server; and the backstage transaction server is connected with the gateway server and used for processing transaction requirements proposed by the computer. According to the system, the passwords are dynamic and changed random, therefore the possibilities that other people steal a user's password for illegal transaction are reduced greatly, additionally, password cracking difficulty is increased greatly due to complex encryption and decryption algorithms, and the safety of the network transaction system is improved remarkably.
Description
Technical field
The present invention relates to internet trading system, more specifically, relate to a kind of internet trading system with time dynamic password generator.
Background technology
Along with the fast development of internet, applications, people are more and more in the enterprising industry transaction of doing business of network, such as shopping online, Web bank, online game etc., and network is being deep into the various aspects of people life.Along with the develop rapidly of network trading, people are also more and more higher to the safety requirements in the network trading active procedure, and the safety assurance problem in the network trading process is becoming the problem that network operator and consumer more and more are concerned about.In traditional network trading campaign processes, the user is from the client connection server, server sends identity validation information, the user passes through keyboard input validation information in client, such as the password that is formed by numeral or letter etc., client transfers to server with confirmation, the customer information of storing in the affirmation information and date storehouse of server with client transmissions compares, determining whether that this client has inputted correct personal authentication's information, thereby further whether decision can conclude the business.
But, still there is very large potential safety hazard in the above in such internet trading system of describing, at first, because what use in the authentication is single fixed password, such password is easy to be obtained by others or password custodian leakage consciously or unconsciously etc., although the user can guarantee that the password that uses has certain variability by timely change password, but to coming institute with the user, unlikely often change password, because forget sometimes on the one hand change, often changing on the other hand password also can be so that user oneself be difficult to keep firmly in mind the password of oneself, when accessing to your password, make troubles, even so but the mode of employing Modify password, the effective time of this fixed password is still longer, in case password is learnt by other people or is cracked, and can cause great adverse consequences to transaction, such as the leakage of information, losing of fund, can't finishing etc. of process of exchange; Secondly, in traditional network trading campaign processes, the user is very easy to be stolen from the affirmation information of keyboard input midway, the bogusware that can monitor and steal from the data of keyboard input the user is arranged on the network at present a lot, make us hard to guard against, even the user has recognized this problem, adopt various data encryptions so that snatch password by network impossible, the trojan horse program and the rogue program that are present on the user client computer still can intercept user's input message, thereby obtain user's password.
Therefore, present internet trading system exists cipher safety not enough, gives easily the damnous problem of user, and it is very urgent to research and develop a kind of internet trading system with greater security.
Summary of the invention
Purpose of the present invention is exactly the relatively poor problem of cipher safety that exists in the existing network transaction system above-mentioned in order to solve, the assurance of high security is provided for user's network trading process, guarantee the safe and reliable of the whole network trading process of user, prevent from causing unnecessary loss.
Internet trading system of the present invention comprises: encryption device, and this encryption device is used for digital certificate and the private key of identification client identity; Computer connected to the network has the interface that can insert described encryption device; Gateway server, be connected with described computer by network, described gateway server is used for the data command of backstage trading server is encrypted, and ciphertext transmits on the internet, and will send described backstage trading server to after the client data instruction decryption that receive; The backstage trading server is connected with described gateway server, processes the transaction request that described computer proposes.
Wherein, described encryption device comprises time dynamic password generator, this time dynamic password generator comprises processor unit, clock unit, memory cell and display unit, in described memory cell, store cryptographic seed and unique sequence number, described unique sequence number is corresponding with customer information, described CPU is connected with clock unit, memory cell and display unit respectively, thereby finishes the function of timing, dynamic generating cipher and demonstration institute generating cipher.
Wherein, described encryption device is the encryption device of usb type.
Wherein, described network is the Internet, wide area network or local area network (LAN).
In addition, internet trading system of the present invention also comprises certificate server and client, store the cryptographic seed identical with described time dynamic password generator and unique sequence number in the described certificate server, described client is installed on the described computer to send various trading instructions, carries out the network trading operation.
Further, at internet trading system of the present invention, described time dynamic password generator and certificate server adopt the AES symmetric encipherment algorithm to generate dynamic password and the dynamic password that generates are decrypted.
Because internet trading system of the present invention can generate disposal password by dynamic random, thereby so that the user in use, password is that dynamic random changes, the password that other unwarranted people goes for the user carries out black possibility and reduces widely, and because the present invention has adopted comparatively complicated algorithms for encryption and decryption, so that the difficulty that cracks of password increases greatly, improved significantly the fail safe of internet trading system, for solid foundation has been established in large-scale promotion and the use of internet trading system.
Description of drawings
Fig. 1 is the composition structural representation of internet trading system of the present invention.
Embodiment
Below, describe the composition structural representation of internet trading system of the present invention in detail in connection with Fig. 1.Should be understood that; following detailed description is only carried out for a preferred embodiment; it is intended to make those skilled in the art more to understand spirit of the present invention and purport; be not to any restriction of the present invention; under the guide of spirit of the present invention; those skilled in the art can carry out multiple different variation and change fully, and this mode of texturing also all belongs to protection scope of the present invention.
Internet trading system of the present invention comprises encryption device 1, and this encryption device 1 is used for digital certificate and the private key of identification client identity, and digital certificate and private key generally are installed in the encryption device 1 in the mode of firmware; Computer 2 connected to the network, this computer 2 has the interface that can insert described encryption device 1; Gateway server 3, be connected with described computer 2 by network, described gateway server 3 is used for the data command of backstage trading server is encrypted, and ciphertext transmits on the internet, and will send described backstage trading server to after the client data instruction decryption that receive; Backstage trading server 4 is connected with described gateway server 3, processes the transaction request that described computer 2 proposes.
As shown in Figure 1, encryption device 1 comprises time dynamic password generator 11, this time dynamic password generator 11 comprises processor unit 111, clock unit 112, memory cell 113 and display unit 114, in described memory cell 113, store cryptographic seed and unique sequence number, described unique sequence number is corresponding with customer information, described processor unit 111 is connected with clock unit 112, memory cell 113 and display unit 114 respectively, thereby finishes the function of timing, dynamic generating cipher and demonstration institute generating cipher.When the user proposed dynamic password generation request, time dynamic password generator 11 meetings, according to specific computations mode generating cipher and were presented on the display unit 114 according to the clock information that clock unit 112 provides; For further improve the fail safe of password, the password of disposable generation has certain term of validity, just only use this password effective in this term of validity, above after this time, this password is no longer valid, and the user need to regenerate new password.In general, this term of validity can be about 15-30 minute, and certainly, this term of validity can be adjusted according to user's actual needs, as shortening or increasing.
Wherein, encryption device 1 is the encryption device of usb type; With encryption device 1 be designed to usb type mainly be for the ease of with present calculating on widely used USB style interface coupling, the convenient use is so that the user need not to carry out the conversion of interface.Certainly, in actual use, different requirements according to the user, encryption device 1 also can be the encryption device of other any appropriate interface type, as long as it can be connected to the corresponding interface on the computer, other mode of texturing mini-USB of standard USB interface for example, micro-USB etc.
Wherein, described network is the Internet, wide area network or local area network (LAN).When this internet trading system is realized network trading by the Internet, can carry out network trading with this internet trading system per family so that be connected to any usefulness of the Internet, so that the use of this internet trading system does not have the restriction on the region; Certainly, in some cases, according to actual needs, as for the transaction platform of some bulk supply tariffs, because user's quantity is more effective, also for so that all transactions are more controlled, also can with the circumscription of this network trading in some local area network (LAN)s, further improve the fail safe of network trading.
Further, internet trading system of the present invention also comprises certificate server 5 and client 6, store the cryptographic seed identical with time dynamic password generator 11 and unique sequence number in the certificate server 5, client 6 is installed on the described computer to send various trading instructions, carries out the network trading operation.In general, have in the internet trading system of password generator in this class, certificate server and time dynamic password generator all are used in pairs, the most at first, system can in time dynamic password generator, store one with certificate server in identical cryptographic seed and unique sequence number, this cryptographic seed and unique sequence number can not be revised, in case after setting, have one to one between user profile and this cryptographic seed and the unique sequence number and concern.
In the present invention, in order to improve the fail safe in password generation and the password to decipher process, time dynamic password generator and certificate server all adopt the AES symmetric encipherment algorithm to generate dynamic password and the dynamic password that generates are decrypted.At present, AES (Advanced Encryption Standard) symmetric encipherment algorithm is a kind of method of the acquisition disposal dynamic cipher that is widely used, the detailed process that adopts the AES symmetric encipherment algorithm to be encrypted and to decipher is known in those skilled in the art, here repeats no more.Certainly, in the present invention, for password generation and password to decipher, except using the AES symmetric encipherment algorithm, the cryptographic algorithm of using other type also is fully passable, as long as it can guarantee the safe and reliable of encryption and decryption process.
The below simply introduces the basic principle of this class symmetric encipherment algorithm, the symmetric encipherment algorithm that comprises aes algorithm uses same key when encryption and decryption, what use in the present invention is its pseudo-randomness character, namely can not obtain any information about original text and key from encrypted result.Preferably, use the aes algorithm of 128 bit cipher key lengths and 128 block lengths, disposal password of every generation need to carry out the cryptographic operation of an AES, the Plaintext block of its input is 128 binary digits, content by the current time therewith unique sequence number of password generator form, the described time is adopted the form of time-division date, supply with 0 not enough position, key as another input of cryptographic operation is the seed numeral that is solidificated in 128 true random in each password generator, and the seed numeral of each password generator is different.The output of cryptographic operation is 128 binary digits, and namely 16 bytes by getting wherein 4-16 byte, become the decimal system with each byte conversion, then get unit numbers, can obtain by the requirement of different application the decimal system password of the 4-16 position that can directly show.
The major advantage of internet trading system of the present invention is that password is dynamic change and disposable, the password that password generator generates at random is once namely invalid afterwards in use, so that other people basically can't obtain for password carry out illegal transaction, improved widely the fail safe of this internet trading system.
Claims (5)
1. internet trading system, it comprises: encryption device, this encryption device is used for digital certificate and the private key of identification client identity; Computer connected to the network has the interface that can insert described encryption device; Gateway server, be connected with described computer by network, described gateway server is used for the data command of backstage trading server is encrypted, and ciphertext transmits on the internet, and will send described backstage trading server to after the client data instruction decryption that receive; The backstage trading server is connected with described gateway server, processes the transaction request that described computer proposes;
Wherein, described encryption device comprises time dynamic password generator, this time dynamic password generator comprises processor unit, clock unit, memory cell and display unit, in described memory cell, store cryptographic seed and unique sequence number, described unique sequence number is corresponding with customer information, described CPU is connected with clock unit, memory cell and display unit respectively, thereby finishes the function of timing, dynamic generating cipher and demonstration institute generating cipher.
2. internet trading system according to claim 1, wherein, described encryption device is the encryption device of usb type.
3. internet trading system according to claim 1 and 2, wherein, described network is the Internet, wide area network or local area network (LAN).
4. each described internet trading system according to claim 1-3, it also comprises certificate server and client, store the cryptographic seed identical with described time dynamic password generator and unique sequence number in the described certificate server, described client is installed on the described computer to send various trading instructions, carries out the network trading operation.
5. internet trading system according to claim 4, wherein said time dynamic password generator and certificate server adopt the AES symmetric encipherment algorithm to generate dynamic password and the dynamic password that generates are decrypted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104450450A CN102970288A (en) | 2012-11-09 | 2012-11-09 | Network transaction system with dynamic password generator |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104450450A CN102970288A (en) | 2012-11-09 | 2012-11-09 | Network transaction system with dynamic password generator |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102970288A true CN102970288A (en) | 2013-03-13 |
Family
ID=47800174
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012104450450A Pending CN102970288A (en) | 2012-11-09 | 2012-11-09 | Network transaction system with dynamic password generator |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102970288A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391188A (en) * | 2013-07-17 | 2013-11-13 | 成都卫士通信息产业股份有限公司 | Secret key management method based on symmetric secret key mechanism |
| CN108492413A (en) * | 2018-03-15 | 2018-09-04 | 广东西雅斯智能科技有限公司 | Dynamic cipher generating method, password generator and coded lock |
| CN111460405A (en) * | 2020-03-17 | 2020-07-28 | 福建升腾资讯有限公司 | Method, device, equipment and medium for enabling equipment outside cabinet to enter background setting |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1703002A (en) * | 2005-07-05 | 2005-11-30 | 江苏乐希科技有限公司 | Portable one-time dynamic password generator and security authentication system using the same |
| CN1310464C (en) * | 2002-09-24 | 2007-04-11 | 黎明网络有限公司 | Method for safe data transmission based on public cipher key architecture and apparatus thereof |
-
2012
- 2012-11-09 CN CN2012104450450A patent/CN102970288A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1310464C (en) * | 2002-09-24 | 2007-04-11 | 黎明网络有限公司 | Method for safe data transmission based on public cipher key architecture and apparatus thereof |
| CN1703002A (en) * | 2005-07-05 | 2005-11-30 | 江苏乐希科技有限公司 | Portable one-time dynamic password generator and security authentication system using the same |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103391188A (en) * | 2013-07-17 | 2013-11-13 | 成都卫士通信息产业股份有限公司 | Secret key management method based on symmetric secret key mechanism |
| CN108492413A (en) * | 2018-03-15 | 2018-09-04 | 广东西雅斯智能科技有限公司 | Dynamic cipher generating method, password generator and coded lock |
| CN111460405A (en) * | 2020-03-17 | 2020-07-28 | 福建升腾资讯有限公司 | Method, device, equipment and medium for enabling equipment outside cabinet to enter background setting |
| CN111460405B (en) * | 2020-03-17 | 2023-06-30 | 福建升腾资讯有限公司 | Method, device, equipment and medium for enabling external equipment of cabinet to enter background setting |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109474423A (en) | Data encryption/decryption method, server and storage medium | |
| CN102843422B (en) | Account management system and account management method based on cloud service | |
| CN103701609A (en) | Bidirectional authentication method and system for server and operating terminal | |
| CN101483654A (en) | Method and system for implementing authentication and data safe transmission | |
| CN106327723B (en) | A kind of mPOS transaction systems based on intelligent platform | |
| CN105871546A (en) | Verification method combining static password and dynamic password and terminal equipment | |
| CN108154038A (en) | Data processing method and device | |
| CN102932155A (en) | High-speed storage control SOC chip supporting adoption of hardware encryption algorithm | |
| CN103942896A (en) | System for money withdrawing without card on ATM | |
| CN103560892A (en) | Secret key generation method and secret key generation device | |
| CN104851206A (en) | USBKEY (universal serial bus key)-based online electric charge payment system | |
| CN103516523A (en) | Data encryption system structure based on cloud storage | |
| CN202455386U (en) | Safety system for cloud storage | |
| CN105450419A (en) | Method, device and system | |
| CN200993803Y (en) | Internet banking system safety terminal | |
| CN101212301B (en) | Authentication device and method | |
| CN104333452A (en) | Multi-account encryption method for file data | |
| CN100583174C (en) | Data safety processing method using online banking system safety terminal | |
| CN102970288A (en) | Network transaction system with dynamic password generator | |
| CN107733936A (en) | A kind of encryption method of mobile data | |
| CN101098223A (en) | Method and device for encrypting network user password | |
| CN112685755A (en) | Database encryption and decryption method and device, storage medium and electronic equipment | |
| CN101547098B (en) | Method and system for security certification of public network data transmission | |
| Chen et al. | A secure mobile DRM system based on cloud architecture | |
| CN203982391U (en) | A kind of PCI-E encrypted card with network interface |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130313 |