CN103679455A - Secure network transaction method - Google Patents
Secure network transaction method Download PDFInfo
- Publication number
- CN103679455A CN103679455A CN201310667235.1A CN201310667235A CN103679455A CN 103679455 A CN103679455 A CN 103679455A CN 201310667235 A CN201310667235 A CN 201310667235A CN 103679455 A CN103679455 A CN 103679455A
- Authority
- CN
- China
- Prior art keywords
- user
- banking terminal
- transaction
- mobile phone
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3223—Realising banking transactions through M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Finance (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to a secure network transaction method. The secure network transaction method comprises the following steps that S1, a user logs into a transaction interface of a client host computer and executes account transfer operation; S2, an operation mode is selected for a bank terminal randomly; S3, the bank terminal generates a numeric string randomly and conducts operation, and a result is stored in the bank terminal; S4, the bank terminal sends the numeric string and the serial number of the operation mode to a mobile phone of the user; S5, the user extracts the category of the operation mode from a received message and conducts operation on the numeric string; S6, the user sends an operation result to the bank terminal through the mobile phone in a short message mode; S7, the bank terminal checks information fed back by the user, a transaction is completed if the information is accurate, and the transaction is canceled if the information is inaccurate. A network and the mobile phone are simultaneously used for conducting the transaction, so that the secure network transaction method is safer and rapider to implement.
Description
Technical field
The present invention relates to the communications field, be specifically related to a kind of method for secure network transaction.
Background technology
Along with network vigorous growth, Internet-based banking services also utilize the computing machine of fast development and computer network and mechanics of communication to be penetrated into the internet of global every nook and cranny, and up to the present, domestic most of banks have all released the Internet-based banking services of oneself.In the evolution of bank, the safety problem of online transaction also becomes the focus that people pay close attention on the net.
At present, the safety practice that most of banks take is to provide USB Key or dynamic password authentication mode to user.Wherein, in USB Key, depositing the unique identity digital certificate of representative of consumer and private key for user.In total solution at this based on PKI system, user's private key is to produce in the USB of high degree of safety Key, and it is outside to export to all the life USB Key.In Bank application, the digital signature of transaction data is all completed in USB Key inside on the net, and be subject to the PIN code protection of USB Key.
And the authentication mode that adopts dynamic password be exactly when each user logins except inputting conventional static password, also to input again a dynamic password that at every turn all can change.The acquisition pattern of this dynamic password has a variety of, as scratch card formula, two-dimensional matrix cassette and e-token formula.Scratch card and two-dimensional matrix card are all to provide with papery card form, but they all exist inherent defect, scratch card has strict access times restriction, generally can only use 30 times, although and two-dimensional matrix card can unlimited use but be easy to be replicated, compare scratch card and two-dimensional matrix cassette does not possess ageing with dynamic password.
Yet user, when transaction operation, must use USB Key or dynamic password, complex operation.Due to USB Key or dynamic password, may lose or be stolen by other people, this has had a strong impact on the security of online transaction.
Summary of the invention
The object of the invention is to overcome shortcoming of the prior art with not enough, provide a kind of network and mobile phone of simultaneously using to carry out method for secure transactions.
The present invention adopts following technical scheme to realize: a kind of method for secure network transaction, comprises the steps:
Step S1: at client host login transaction interface, and carry out the operation of transferring accounts;
Step S2: banking terminal is selected a kind of operational pattern at random;
Step S3: banking terminal produces set of number string at random; And carry out computing by the operational mode described in step S2, result is stored in banking terminal;
Step S4: banking terminal sends this numeric string and operational pattern is numbered to the mobile phone of user and banking terminal binding;
Step S5: user mobile phone receives after the information of banking terminal, and information is sent to computing module identical with banking terminal in mobile phone; This computing module extracts operational pattern classification from reception information, and this numeric string is carried out to computing;
Step S6: user mobile phone is sent to banking terminal by operation result with short message mode;
Step S7: banking terminal is tested to the information of user feedback; This checking information comprises the phone number of feedback and the operation result of feedback; If it is identical with banking terminal operation result with the phone number of banking terminal binding and the operation result of feedback that the phone number of feedback is user, complete transaction; If not, Cancel Transaction.
With respect to prior art, method for secure network transaction of the present invention, has been used client host by network channel and banking terminal communication, has also used the mutual channel of SMS and banking terminal simultaneously.Make online transaction safer, also avoided use USB Key or dynamic password, operate easier simultaneously.Simultaneously by using identical computing module to carry out computing on banking terminal and user mobile phone, higher to the security of the transmission of data.
As a further improvement on the present invention, in described step S4, banking terminal, when sending numeric string, sends user's obligate information; In described step S5, user, when receiving numeric string and obligate information, first compares to obligate information; When obligate information is correct, continue operation; When obligate information mistake, cancel this time transaction.By using obligate information, can judge whether the identifying code that mobile phone receives is from banking terminal, increase security.
As a further improvement on the present invention, in described step S5, user adds below after the second password that user sets numeric string; In step S7, after completeer operation result, continue the second password of user to verify, if password is correct, complete transaction; If password mistake, Cancels Transaction.By using the second password, in the time of can preventing that mobile phone from being stolen by him, user's mobile phone is concluded the business.
As a further improvement on the present invention, the banking terminal in described step S2 comprises 1000 kinds of operational patterns, and corresponding pattern is numbered 000~999; In step S4, this three-figure pattern numbering is placed on before numeric string, sends to user mobile phone.
As a further improvement on the present invention, operational pattern has different arrangement modes, the user that each arrangement mode is corresponding in described 1000; And the arrangement mode corresponding with banking terminal at user's mobile phone is the same.By different arrangement modes, corresponding different users, can improve transaction security.
In order to understand more clearly the present invention, below with reference to accompanying drawing explanation, set forth the specific embodiment of the present invention.
Accompanying drawing explanation
Fig. 1 is process flow diagram of the present invention.
Embodiment
Refer to Fig. 1, it is the process flow diagram of method for secure network transaction of the present invention.The method of this safe network trading comprises the steps:
S1: user uses client host login transaction interface;
S2: input Bank Account Number and password;
S3: the operation of transferring accounts;
S4: banking terminal is selected a kind of operational pattern at random;
S5: banking terminal produces one group of random number word string;
S6: banking terminal carries out computing by this numeric string with the operational pattern of step S4, and operation result is stored in banking terminal;
S7: operational pattern numbering is placed on before random number word string;
S8: numeric string and user with pattern numbering are sent to user mobile phone at the obligate information of banking terminal;
S9: obligate information is judged;
S10; When obligate information is correct information, perform step S11; If wrong information, cancels this transaction;
S11: the numeric string with pattern numbering is sent to operation module identical with banking terminal in mobile phone;
S12: the computing module of mobile phone extracts the classification of operational pattern from numeric string;
S13: use the operational pattern of step S12 to carry out computing to numeric string;
S14: mobile phone feeds back to banking terminal by the second password of the result after computing and user in the mode of note;
S15: banking terminal judges the information receiving;
S16: whether the phone number of feedback is the phone number of user and banking terminal binding; If so, carry out next step; If not, Cancel Transaction;
S17: whether the operation result of feedback is identical with the operation result of banking terminal; If so, carry out next step, if not, Cancel Transaction;
S18: whether the second password of feedback is correct; If so, complete transaction; If not, Cancel Transaction.
Particularly, in above-mentioned steps, the operational pattern of banking terminal is identical with the operational pattern of mobile phone; And this banking terminal comprises 1000 kinds of operational patterns; The front three of the numeric string that banking terminal produces by this operational pattern is operational pattern sequence number, and its sequence number is 000~999.Meanwhile, each user's 1000 operational modes have unique arrangement mode; The same with the arrangement mode of banking terminal at user's mobile phone, the corresponding user of each arrangement mode.
With respect to prior art, method for secure network transaction of the present invention, has been used client host by network channel and banking terminal communication, has also used the mutual channel of SMS and banking terminal simultaneously.Make online transaction safer, also avoided use USB Key or dynamic password, operate easier simultaneously.Simultaneously by using identical computing module to carry out computing on banking terminal and user mobile phone, higher to the security of the transmission of data.
Further, by using obligate information, can judge whether the identifying code that mobile phone receives is from banking terminal, increase security.And by using the second password, in the time of can preventing that mobile phone from being stolen by him, user's mobile phone is concluded the business.
Meanwhile, operational pattern has different arrangement modes, the user that each arrangement mode is corresponding in described 1000; And the arrangement mode corresponding with banking terminal at user's mobile phone is the same.By different arrangement modes, can distinguish different users, process of exchange is safer.
The present invention is not limited to above-mentioned embodiment, if various changes of the present invention or distortion are not departed to the spirit and scope of the present invention, within if these changes and distortion belong to claim of the present invention and equivalent technologies scope, the present invention is also intended to comprise these changes and distortion.
Claims (5)
1. a method for secure network transaction, comprises the steps:
Step S1: at client host login transaction interface, and carry out the operation of transferring accounts;
Step S2: banking terminal is selected a kind of operational pattern at random;
Step S3: banking terminal produces set of number string at random; And carry out computing by the operational mode described in step S2, result is stored in banking terminal;
Step S4: banking terminal sends this numeric string and operational pattern is numbered to the mobile phone of user and banking terminal binding;
Step S5: user mobile phone receives after the information of banking terminal, and information is sent to computing module identical with banking terminal in mobile phone; This computing module extracts operational pattern classification from reception information, and this numeric string is carried out to computing;
Step S6: user mobile phone is sent to banking terminal by operation result with short message mode;
Step S7: banking terminal is tested to the information of user feedback; The information of checking comprises the phone number of feedback and the operation result of feedback; If it is identical with banking terminal operation result with the phone number of banking terminal binding and the operation result of feedback that the phone number of feedback is user, complete transaction; If not, Cancel Transaction.
2. method for secure network transaction according to claim 1, is characterized in that: in described step S4, banking terminal, when sending numeric string, sends user's obligate information; In described step S5, user, when receiving numeric string and obligate information, first compares to obligate information; When obligate information is correct, continue operation; When obligate information mistake, cancel this time transaction.
3. method for secure network transaction according to claim 1, is characterized in that: in described step S5, user adds numeric string the second password that user sets below; In step S7, after completeer operation result, continue the second password of user to verify, if password is correct, complete transaction; If password mistake, Cancels Transaction.
4. method for secure network transaction according to claim 1, is characterized in that: the banking terminal in described step S2 comprises 1000 kinds of operational patterns, and corresponding pattern is numbered 000~999; In step S4, this three-figure pattern numbering is placed on before numeric string, sends to user mobile phone.
5. method for secure network transaction according to claim 4, is characterized in that: in described 1000, operational pattern has different arrangement modes, the corresponding user of each arrangement mode; And the mobile phone user is the same with the arrangement mode of the corresponding operational pattern of banking terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310667235.1A CN103679455A (en) | 2013-12-10 | 2013-12-10 | Secure network transaction method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310667235.1A CN103679455A (en) | 2013-12-10 | 2013-12-10 | Secure network transaction method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103679455A true CN103679455A (en) | 2014-03-26 |
Family
ID=50316928
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310667235.1A Pending CN103679455A (en) | 2013-12-10 | 2013-12-10 | Secure network transaction method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103679455A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107734498A (en) * | 2017-10-30 | 2018-02-23 | 中国联合网络通信集团有限公司 | Data migration method and device of the SIM card to eSIM cards |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588383A (en) * | 2004-08-25 | 2005-03-02 | 周星 | Cellphone short message confirming system for bank transfer |
| CN101174322A (en) * | 2007-12-05 | 2008-05-07 | 拉卡啦(北京)电子支付技术服务有限公司 | Condition code paying method, paying platform and paying system |
| CN101496344A (en) * | 2006-07-20 | 2009-07-29 | 黄金富 | Method and system having self-setting authentication formula for webs bank payment and identification confirmation |
| US20130185210A1 (en) * | 2011-10-21 | 2013-07-18 | The Board of Trustees of the Leland Stanford, Junior, University | Method and System for Making Digital Payments |
-
2013
- 2013-12-10 CN CN201310667235.1A patent/CN103679455A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588383A (en) * | 2004-08-25 | 2005-03-02 | 周星 | Cellphone short message confirming system for bank transfer |
| CN101496344A (en) * | 2006-07-20 | 2009-07-29 | 黄金富 | Method and system having self-setting authentication formula for webs bank payment and identification confirmation |
| CN101174322A (en) * | 2007-12-05 | 2008-05-07 | 拉卡啦(北京)电子支付技术服务有限公司 | Condition code paying method, paying platform and paying system |
| US20130185210A1 (en) * | 2011-10-21 | 2013-07-18 | The Board of Trustees of the Leland Stanford, Junior, University | Method and System for Making Digital Payments |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107734498A (en) * | 2017-10-30 | 2018-02-23 | 中国联合网络通信集团有限公司 | Data migration method and device of the SIM card to eSIM cards |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Yavuz et al. | Towards secure e-voting using ethereum blockchain | |
| US9992194B2 (en) | System and method of notifying mobile devices to complete transactions | |
| US20160071096A1 (en) | Method and System for Securing Cryptocurrency Wallet | |
| US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
| CN104883293B (en) | Method for message interaction and relevant apparatus and communication system | |
| CN103971239A (en) | Verification method and device | |
| CN101895513A (en) | Log-in authentication system for service website and implementation method | |
| US10438197B2 (en) | Public ledger authentication system | |
| CN104967553B (en) | Method for message interaction and relevant apparatus and communication system | |
| CN101299254A (en) | Payment system and payment method thereof | |
| CN101957958A (en) | Method and mobile phone terminal for realizing network payment | |
| CN102684880A (en) | Method and system for authenticating USB (universal serial bus) challenge-response token | |
| CN107230052B (en) | Method and system for paying digital currency using digital currency chip card | |
| CN103401686B (en) | A kind of user's OTP WEB Authentication System and application process thereof | |
| CN105264817B (en) | Multi-factor authentication technology | |
| CN105119933B (en) | A kind of processing method carrying out on-line transaction using multi-mobile-terminal | |
| CN102819799A (en) | Multi-channel safety authenticating system and authenticating method based on U-Key | |
| Al-Chalabi et al. | A wearable and ubiquitous NFC wallet | |
| CN103281186B (en) | A kind of dynamic token based on Android system, transaction system and method | |
| CN102546168A (en) | Communication device for identity authentication | |
| CN103854177A (en) | Safe E-bank implementation method | |
| CN108122108A (en) | Mobile device authentication system and mobile equipment authentication method | |
| CN103679460A (en) | Secure network transaction method | |
| CN103679455A (en) | Secure network transaction method | |
| CN103679454A (en) | Secure network transaction method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140326 |
|
| RJ01 | Rejection of invention patent application after publication |