CN105308623B - Network online service provides device and method - Google Patents

Network online service provides device and method Download PDF

Info

Publication number
CN105308623B
CN105308623B CN201480032949.8A CN201480032949A CN105308623B CN 105308623 B CN105308623 B CN 105308623B CN 201480032949 A CN201480032949 A CN 201480032949A CN 105308623 B CN105308623 B CN 105308623B
Authority
CN
China
Prior art keywords
online service
network
network online
interface
host machine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201480032949.8A
Other languages
Chinese (zh)
Other versions
CN105308623A (en
Inventor
曾凯
王怡
周大文
刘华军
安思宇
陈梦霄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Publication of CN105308623A publication Critical patent/CN105308623A/en
Application granted granted Critical
Publication of CN105308623B publication Critical patent/CN105308623B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • H04L69/085Protocols for interworking; Protocol conversion specially adapted for interworking of IP-based networks with other networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Abstract

The present invention provides a kind of network online services to provide device and method, wherein, the device is independently of host machine, it is connected by interface with host machine, it include: network online service access modules, it is built-in with browser, for accessing network line server, obtains the network online service interface of hypertext markup language HTML code format;Remote desktop service controller, it is connected with the network online service access modules, for by network online service interface acquired in the network online service access modules, it is depicted as the network online service interface of the picture format shown on host machine, and the network online service interface of the picture format is supplied to the host machine and is shown.The present invention solves technical problem larger using security risk present in network online service on fixed PC in the prior art, has reached reduction security risk, has improved the technical effect of the safety of data.

Description

Network online service provides device and method
Technical field
The present invention relates to the technical field of data processing, in particular to a kind of network online service provides device and method.
Background technique
With the development of communication technologies, the technologies such as e-commerce, E-Government occur in succession, and traditional needs are face-to-face The transaction of progress realizes online services in 24 hours of network, by public telephone network, internet, 3G network etc. for service Provider and user create great convenience.
However, network online service is also faced with very big security threat while providing convenient, it is particularly susceptible to The attack of application layer, to limit the possibility that user uses network online service on any PC.
Currently, the attack pattern of application layer mainly include the following types:
1) phishing attacks, that is, attacker passes through the fake site designed in advance, realizes weakness using client secure Feature inveigles client to log in, and client is caused to be taken in and reveal information or cause damages.Single cipher type (including static password And dynamic password) authentication mode it is poor for the protective capacities of such attack;
2) extension horse is attacked, that is, attacker is embedded in malicious code in the webpage for the website for having obtained control and (usually may be used Realized with being quoted by IFrame, Script), when the user accessed the web page, the malicious code of insertion utilizes browser sheet The loophole of the loophole of body, third party ActiveX loophole or other plug-in units (such as: Flash, PDF plug-in unit etc.), does not know in user It is downloaded in the case where feelings and executes malice wooden horse;
3) go beyond one's commission attack, due to control of the server-side to access be not it is very stringent, attacker can pass through rogue program Hypertext transfer protocol (HTTP-Hypertext Transfer Protocol, HTTP) message content is distorted, access is not awarded The sensitive information of power, which perhaps illegally executes this kind of attack of write operation, can cause large-scale information leakage or information loss.
Because that access comes generally from server is hypertext markup language (Hyper Text Mark-up Language, HTML) format web page contents, the loophole as existing for PC itself, these contents are highly susceptible to application layer Attack, only by the preventive means of network layer, such as: only pass through firewall, Secure Socket Layer (Secure Sockets Layer, SSL), intruding detection system (Intrusion Detection Systems, IDS) etc. carries out security protection is much Inadequate.Therefore, user can first carry out a series of environmental preparation work, example when providing online service using traditional network Such as: installation system patch, setting trust website, setting IE option, installation control, addition root certificate, and user is exactly to pass through The preamble preparation and subsequent updating operation of this complexity are under attack to avoid.Exactly because however, needing to carry out The protected working of face complexity causes user that can only use network online service on fixed PC.If the safety of client itself Consciousness is insufficient, or because of the complicated inevitable weakness of application program, on fixed PC still using network online service There is a certain security risk for meeting, and especially in arbitrary PC scene, uncertain factor increases, and safety is more difficult to protect Card.There is great security risks in such a way that PC carries out network online service at present.
Summary of the invention
The embodiment of the invention provides a kind of network online services to provide device, to reach reduction security risk, improves number According to safety purpose, which is connected independently of host machine, by interface with host machine, comprising:
Network online service access modules, are built-in with browser, for accessing network line server, obtain hypertext mark Remember the network online service interface of language HTML code format;
Remote desktop service controller is connected with the network online service access modules, for the network is online Network online service interface acquired in service access module, the network for being depicted as the picture format shown on host machine exist Line service interface, and the network online service interface of the picture format is supplied to the host machine and is shown.
In one embodiment, above-mentioned network online service provides device further include:
Network online service processing module, the user for receiving host machine transmission exist in the network of the picture format The transaction data inputted in line service interface, and signature packet is constructed according to the transaction data;
Signature verification module is connected with the network online service processing module, for according to the signature packet pair The transaction data is signed, and by the transaction data after signature submit to the network line server carry out signature test Card.
In one embodiment, above-mentioned network online service provides device further include: display screen, for showing the signature During authentication module signs to the transaction data according to the signature packet, the transaction for needing user to confirm is believed Breath.
In one embodiment, above-mentioned network online service provides device further include: acknowledgement key, for user to described aobvious Show that the Transaction Information of screen display is confirmed.
In one embodiment, the host machine includes: TV or computer.
In one embodiment, in the case where the host machine is TV, the interface is high-definition multimedia Interface HDMI interface;
Alternatively, the interface is general-purpose serial bus USB interface in the case where the host machine is computer.
The embodiment of the invention also provides a kind of network online service providing methods, to reach reduction security risk, improve The purpose of the safety of data, wherein this method comprises:
Network line server is accessed, the network online service interface of hypertext markup language HTML code format is obtained;
By the network online service interface of acquired HTML code format, it is depicted as the picture shown on host machine The network online service interface of format, and by the network online service interface of the picture format be supplied to the host machine into Row display.
In one embodiment, by the network online service interface of the picture format be supplied to the host machine into After row display, the method also includes:
Receive the number of deals that the user that host machine is sent inputs in the network online service interface of the picture format According to, and signature packet is constructed according to the transaction data;
It is signed according to the signature packet to the transaction data, and the transaction data after signature is submitted into net Network line server carries out signature verification.
In one embodiment, in network online service circle of the user in the picture format for receiving host machine transmission The transaction data inputted in face, and according to the transaction data construct signature packet before, the method also includes;
Receive the verification information inputted in the network online service interface for the picture format that user shows on host machine;
The verification information is sent to the network line server by the network in the host machine and carries out body Part verifying.
In one embodiment, the verification information includes: username and password.
In one embodiment, it by the network online service interface of acquired HTML code format, is depicted as in host The network online service interface of the picture format shown on machine, including;
According to scheduled coding mode by the network online service interface of HTML code format, the net of picture format is converted to Network online service interface.
In one embodiment, before accessing network line server, the method also includes:
Receive the connection request that the client control in host machine is initiated;
Determine whether the connection request meets condition of contact, if it is satisfied, then accessing the network line server.
In embodiments of the present invention, a kind of device and method that network online service offer is provided is proposed, the device is only Host machine is stood on, network online service access modules, remote desktop service controller are provided with, network online service is visited It asks that module obtains the web interface of html format, is then turned the web interface of html format by remote desktop service controller It is changed to the web interface of picture format and is launched and shown on host machine, because the web interface of picture format is very Difficulty is cracked, therefore can effectively solve in the prior art on fixed PC using security risk present in network online service Larger technical problem has reached reduction security risk, improves the technical effect of the safety of data.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.In the accompanying drawings:
Fig. 1 is that the network online service of the embodiment of the present invention provides the structural block diagram of device;
Fig. 2 is the network online service providing method flow chart of the embodiment of the present invention;
Fig. 3 is that the network online service of the embodiment of the present invention provides the appearance diagram of device;
Fig. 4 is that the network online service of the embodiment of the present invention provides the hardware structural diagram of device;
Fig. 5 is that the network online service of the embodiment of the present invention provides the functional block diagram of device;
Fig. 6 is the method flow using network online service offer device starting network online service of the embodiment of the present invention Figure;
Fig. 7 is the method flow diagram that trading processing is carried out by network online service offer device of the embodiment of the present invention.
Specific embodiment
Inventor considers the leakage for insecurity and PC itself that the main reason for safety problem is web page access occur Hole etc., in this regard, inventor expects if the encryption of verifying or information etc. for information does not execute on PC, it should can drop Lower security risk allows this for example, the safety operation for sign etc. to information can be transplanted in an independent device Device exists independently of host machine, meanwhile, this device is converted into and is not easy after the web page contents of HTML are accessed Then the web page contents for the graphical format decoded and attacked are launched on host machine and are shown, thus can To effectively improve the safety of information.
Provide a kind of network online service in embodiments of the present invention and device be provided, the device independently of host machine, It is connected by interface with host machine, as shown in Figure 1, the device includes:
Network online service access modules 101, are built-in with browser, for accessing network line server, obtain super literary The network online service interface of this markup language HTML code format;
Remote desktop service controller 102 is connected with network online service access modules 101, for taking network online Network online service interface acquired in access modules 101 of being engaged in, is depicted as the network of picture format shown on host machine Online service interface, and the network online service interface of the picture format is supplied to the host machine and is shown.
In the above-described embodiments, a kind of device that network online service offer is provided is proposed, the device is independently of host Machine, is provided with network online service access modules, remote desktop service controller, and network online service access modules obtain The web interface of html format is taken, the web interface of html format is then converted to by picture by remote desktop service controller The web interface of format and being launched is shown on host machine, because the web interface of picture format is difficult to be broken Solution, therefore can effectively solve biggish using security risk present in network online service on fixed PC in the prior art Technical problem has reached reduction security risk, improves the technical effect of the safety of data.
When it is implemented, since it is desired that user authentication information or transaction data etc., therefore, it is also desirable to pass through monitoring users Input on host machine is to guarantee the effective progress traded, in a specific embodiment, above-mentioned apparatus further include: network Online service processing module, for receiving the user of host machine transmission in the network online service interface of the picture format The transaction data of input, and signature packet is constructed according to the transaction data;Signature verification module takes online with the network Processing module of being engaged in is connected, for being signed according to the signature packet to the transaction data, and by the transaction after signature Data submit to the network line server and carry out signature verification.
In view of during signature, some information need user to confirm, if by these information projections to place Shown on master machine it is not only troublesome and dangerous, therefore can network online service provide device on setting one display Screen, during showing that the signature verification module signs to the transaction data by the display screen, needs user true The Transaction Information recognized further provides in the network online service and is also provided with acknowledgement key on device, be used for user couple The Transaction Information of display screen display is confirmed.
In the specific implementation, host machine may include: the machine that TV or computer etc. have display screen and input function Device, it is contemplated that different machines is suitable for different interfaces, and in the case where host machine is TV, interface can choose high definition Clear degree multimedia interface (High Definition Multimedia Interface, HDMI) interface is electricity in host machine In the case where brain, interface can choose universal serial bus (Universal Serial Bus, USB) interface.
Device is provided based on above-mentioned network online service shown in FIG. 1, the embodiment of the invention also provides a kind of using upper It states network online service and the method that device carries out trading processing is provided, as shown in Figure 2, comprising the following steps:
Step 201: access network line server, the network for obtaining hypertext markup language HTML code format take online Business interface;
Step 202: the network online service interface of acquired HTML code format is depicted as showing on host machine The network online service interface of the picture format shown, and the network online service interface of the picture format is supplied to the place Master machine is shown.
After above-mentioned steps 102, the above method further include: receive the user of host machine transmission in the picture format Network online service interface in the transaction data that inputs, and signature packet is constructed according to the transaction data;According to described Signature packet signs to the transaction data, and the transaction data after signature is submitted to network line server and is carried out Signature verification.
In the specific implementation, because it is only the small device for being similar to USB flash disk that above-mentioned network online service, which provides device, The inside built-in browser and some processors, need with when still host machine is needed to be triggered, for example, in the dress It sets through built-in browser, before accessing network line server, the above method further include: receive the client in host machine The connection request for holding control to initiate;Determine whether the connection request meets condition of contact, if it is satisfied, then starting is described built-in Browser;The network line server is accessed by the built-in browser, that is, has client control in host machine The connection request of user can be sent to above-mentioned network online service by this control and provide device, with trigger device by part Access network line server.
Above-mentioned steps 202 may include: the HTML for receiving network line server and being sent to remote desktop service controller The network online service interface of format;According to scheduled coding mode by the network online service interface of the html format, compile Code is the network line server interface of the picture format shown on host machine.Because each frame figure of projection is all logical Particular form coding output is crossed, the position of the element (typing html text frame) in the page and content are not easy to analyze, to increase Add hacker to parse or distort the difficulty of page elements, reduces the risk for attack of going beyond one's commission.
During user logs on to network line server, it is also necessary to test the basic log-on message of user Card, such as: username and password, therefore in network online service of the user in the picture format for receiving host machine transmission The transaction data inputted in device interface, and tissue carried out to the transaction data, before constructing signature packet, further includes: connect Receive the verification information inputted in the network line server interface for the picture format that user shows on host machine;By described The verification information is sent to network line server and carries out authentication by the network in host machine.Exist that is, receiving user The authentication informations such as username and password of network online service login page input, the client control in host machine are supervised It listens and sends operation information to above-mentioned network online service and device is provided, which passes through place for the verification information that user inputs It is sent on the network of master machine to network line server.After network line server is verified, logging in network online service at Function.
The embodiment of the invention also provides a specific embodiment, the present invention will be described, however noticeable It is that the specific embodiment does not constitute improper limitations of the present invention merely to the present invention is better described.
In this example, a kind of network online service device and data processing method, the network online service device are proposed Computer (computer is hereinafter known as host PC) can be accessed by USB interface, shape can be similar to USB flash disk, at this It is provided with display screen and key on device, operating system and browser are provided in device, while high-performance CPU, simultaneously being provided Have a big memory and big storage capacity, all data operations and processing be all by device inside CPU complete.By by operation Environment is isolated with host PC, is reduced the risk by pc client common attack, be ensure that transaction security;
Host PC provides human-computer interaction interface for the carry-on network online service device, host PC specifically include that keyboard, Display and network communicating function, during data processing, network online service device has bypassed host's PC application journey The processing of sequence level has evaded common pc client attack, has pre-installed network online service in network online service device Necessary driving and control program, client realize plug and play, facilitate client in mobile PC scene without voluntarily installing Middle progress network online service, patch installation subsequent for the network online service device either upgrade maintenance, all uses The mode pushed away under server.
That is, the device can construct the software and hardware environment of a relative closure independently of host PC, In the environment, client can be convenient quickly progress network online service, not need to be configured in host PC and preparation, And process of exchange is not easily susceptible to the influence of client common attack.
It is the appearance diagram of the device as shown in Figure 3, comprising: device noumenon, display screen, control key and USB interface, It is packaged with single-chip microcontroller in device noumenon, for display screen for showing signing messages, control key includes to turn over line unit, cancel key, really up and down Recognize key, turns over line unit up and down for checking the signing messages in display screen, cancel key and acknowledgement key for controlling signature, the device is logical USB port is crossed to be connected with host PC, wherein above-mentioned signing messages is mainly used for the province verifying to user, for example, user name, Transaction Information etc. can be shown on this display screen, be confirmed for user.
It is the hardware structural diagram of network online service device as shown in Figure 4, includes: in the device
1) central processing unit and the central processing unit being connect with central processing unit and random access memory (Random Access Memory, RAM) for running built-in (SuSE) Linux OS and its upper level applications (browser etc.);
2) FLASH memory, wherein being preinstalled with the softwares such as operating system, browser, control and client driving;
3) safety chip realizes the signature operation to the certificate of transaction;
4) USB interface realizes the connection with host PC, and powers to device, accesses host PC for device as IP device, It is communicated with host PC by usb expansion agreement;
5) long-range connecting interface, connect with USB interface, establishes the long-range clothes of the present apparatus with the client for being installed on host PC Business connection;
6) graphic output interface is connect with USB interface, will be raw according to the Internetbank interface of the browser access built in the present apparatus At the network online service interface of picture format export to pc client;
7) client inputs receiving interface, connect with USB interface, receives the information that client inputs in client;
8) network online service request transmission interface, connect with USB interface, and the browser built in sending device accesses Internetbank Login and the request messages such as transaction;
9) network online service response receives interface, connect with USB interface, receives the service that network online service returns and answers It answers;
10) upgrade more new interface, connect with USB interface, receive the built-in operation system of the device pushed away under network line server The upgrade information of the softwares such as system, browser, control and client driving, and receive more new version;
11) display, for showing trading signature information;
12) control key, the page turning up and down of control display trading signature information, cancels or confirms trading signature process.
Above-mentioned central processing unit can use high performance Arm Cortex A8 processor, dominant frequency 1G, 1G RAM, Z8D168 series etc. can be used in 512M flash memory, above-mentioned safety chip.
It is the functional block diagram of the present apparatus as shown in Figure 5, comprising: remote desktop service control module 501, network exists Line service module 502, signature verification module 503, interactive module 504, memory module 505, client drive module 506, communication Module 507, online upgrading module 508, wherein network online service module 502 respectively with remote desktop service control module 501, signature verification module 503, memory module 505, communication module 507 connect, signature verification module 503 and interactive module 504 Connection;Client drive module 506, online upgrading module 508 are connect with memory module 505 respectively;Communication module 507 respectively with Remote desktop service control module 501 and online upgrading module 508 connect, these modules are specifically described below:
Remote desktop service control module 501 realizes the communication of the present apparatus and pc client by remote desktop service, According to the interface of the browser access network online service built in device, and it is depicted as the network online service of graphical format Device interface projects and shows on host PC, while receiving input operation of the client on host PC.Wherein, projection is every One frame figure is all to encode to export by particular form, the position of element in the page (such as: html text frame) and content It is not easy to analyze, this mode increases hacker's parsing or distorts the difficulty of page elements, effectively reduces the risk for attack of going beyond one's commission.
Network online service module 502, device-based CPU, RAM run built-in (SuSE) Linux OS and browser, root Network line server is accessed according to guest operation, and carries out data calculating and processing.Because built-in browser execution is in device In the (SuSE) Linux OS of interior customization, the wooden horse of general Windows operating system can not constitute a threat to it, and device Externally without interface is write, hacker is difficult to tamper with browser.Therefore, the closed-loop which is isolated in one with host's PC machine Border provides guarantee for network online service safety.
Signature verification module 503 calls safety chip, using customer's certificate to friendship during network online service Easy information carries out signature authentication.
Interactive module 504 show in signature process by the display screen in device to network online service in device The Transaction Information of signature, while receiving the operation that client is carried out using the control key of the present apparatus.
Memory module 505 stores the softwares such as (SuSE) Linux OS, browser, control and the client driving of customization.
Client drive module 506 fictionalizes a CD-ROM equipment, preset PC in CD-ROM equipment after device accesses PC Client-side program and driving are pacified for client when using the device for the first time on PC to the data communication between realization device and PC Dress.
Communication module 507 is accessed in host PC, realization device and place by usb expansion agreement using device as IP device Communication between main PC, using network layer protocol, so that host PC provides network connection for the application access internet in device, And when the present apparatus is communicated with host PC, bidirectional safe socket layer (Secure Sockets Layer, SSL) safety is established Channel, the device access as IP device, have just bypassed the processing of host's PC application layer, evaded the evil in host's PC machine Meaning program (such as wooden horse etc.) bring risk of attacks, reduces the risk that client attacks by extension horse.
Online upgrading module 508, according to Built In Operating System, browser, control and the visitor pushed away under network line server The upgrade information of the softwares such as family end driving, updates the version of each application.
When network online service device provides network online service to client, data processing is related to host PC, pc client With the data flowing of device between the parties, pc client need to installation and operation, pc client be device and host PC on host PC The agency interacted, the device access host PC as IP device, are communicated with host PC by usb expansion agreement, place Main PC provides network connection for the application access internet in device, and basic human-computer interaction interface is provided for device, wherein Specifically include that graphical interfaces is shown, keyboard inputs etc., concrete function can be realized by the pc client installed in host PC.
As hinge, pc client mainly has the function of following three aspect:
1) agency for serving as device, with PC carry out realize data transmission, pc client by remote desktop service agreement with The network online service device is communicated, and the browser interface run in device is rendered and showed on PC.
2) human-computer interaction interface is served as, graphical interfaces is substantially carried out and shows, monitors the operations such as keyboard, mouse input;
3) the network service of host PC is utilized, provides access network line server (for example, banking system) for device Network connection.
After device accesses PC, a CD-ROM equipment, preset pc client program and driving in CD-ROM equipment are fictionalized (data communication of realization device and PC) uses the device, it is only necessary to install client-side program and driving i.e. for the first time on a PC Can, control and driver as used in access network line server be all it is preset in the device, do not need User installs, and the user experience is improved, and two-way SSL exit passageway is established between the network online service device and PC Data communication is carried out, ensure that the safety of data transmission.
It is process flow when starting network online service using network online service device as shown in Figure 6, including following Step:
Step 601: user starts pc client, and pc client initiates the connection request to the present apparatus;
Step 602: after present apparatus starting, whether checking connection request from pc client, whether legal, dress if requesting It sets and whether has condition of contact, i.e., operating system, browser, remote service built in detection device etc. are whether normal operation.
Step 603: network online service device is after judgement meets condition of contact, remote desktop service control module 501 Start remote desktop service, provides the remote service of window rendering for pc client, network online service module 502 starts built-in Browser waits client to initiate to use the request of online banking service, pc client connection is then notified to finish.
For step 604:PC client after receiving notice, starting-window rendering program passes through remote desktop service access The device.
Step 605: remote desktop service control module 501 draws the browser interface built in device to graphically, And project PC and show in equipment, and start and monitor client's input operation, including: mouse, key etc. operate.
Step 606: client inputs network online service in the browser address bar of the pattern manipulation interface of pc client The address uniform resource locator (Uniform Resource Locator, URL), client input during, client Monitor client's input.
Step 607: clear built in 502 calling device of network online service module of the device after client completes input It lookes at device control, checks that client inputs the legitimacy of network address by white list mechanism, find that fishing website simultaneously issues the user in time Alarm signal, to reduce the risk of phishing attacks.
Step 608: the browser built in the device is taken by the network that pc client calls host PC operating system to provide Business initiates logging request to website of bank, and communication module 507 adds the data transmitted between the device and bank end Close processing, to guarantee the safety of data.
Step 609: bank server returns to login page data to pc client program by network layer, and client will step on Land page data is transmitted to the device.
Step 610: the browser resolves data built in the device show login page, and notify pc client program, will Browser window projects PC to graphically and shows that equipment is shown, the log in page of network online service is presented to user Face.
Step 611: user inputs the authentication informations such as user name, password, pc client in network online service login page It monitors and operation is transmitted to device.
Step 612: the browser built in device, which passes through the data that user inputs, to be sent on PC network to network online service Device.
Step 613: network line server is after being verified, logging in network online service success.
It is a specific embodiment of the trading processing process based on this device as shown in Figure 7, mainly comprises the steps that
Step 701: device is by Web bank's page (the network line server interface for being equivalent to html format) with figure Format projects pc client and shows equipment, and client is traded (such as transferring accounts), and Web bank requires user to use certificate pair Transaction data is digitally signed, to guarantee integrality and non repudiation.
Step 702: user inputs transaction data by pc client human-computer interaction interface, and client monitors guest operation, The network online service module 502 for transmitting it to device signs to data to device request.
Step 703: the Internetbank control of the browser built in 502 calling device of network online service module to transaction data into Row tissue constructs signature packet.
Step 704: by driving access signature authentication module 503, signing to data.
Step 705: interactive module 504 shows the crucial Transaction Information for needing user to confirm in signature process in device On display screen, user is asked verify simultaneously key confirmation.
Step 706: signed data is submitted to bank server by pc client and carried out by network online service module 502 Sign test, if sign test success, executes transaction.
In the specific implementation, USB transmission, Bluetooth transmission can be used in the communication of above-mentioned network online service device and host PC Or the transmission modes such as WIFI transmission, when being transmitted by modes such as bluetooth or WIFI, USB only provides function of supplying power.
It is worth noting that, above-mentioned interface uses USB interface merely to better illustrating the present invention, it can also be used Its interface, such as HDMI interface can also be increased, it is connect by HDMI with the high definition television with network savvy, utilizes TV Display function, construct interim computer system, thus reach further expand access network online service mode.
Network online service device by can be carried around provided by this example, easy-to-use, is accessed by USB interface Computer, shape have display screen and a key device similar to USB key, Built In Operating System and browser and high performance CPU, big memory, massive store ability, while there is operation independent processing capacity, to effectively improve user in any PC The safety and ease for use of network online service are carried out under scene.The data operation of this device and processing are all by inside device CPU complete, computing environment is isolated with host PC, reduce the risk by pc client common attack, especially for It is become apparent under mobile PC scene using the meaning that network online service is protected, integrated security chip in device provides interactive mode Digital signature function, provide the effect of " finding is signed ", ensure that the safety of user network online service, in device Driving and control program necessary to network online service are pre-installed, client realizes plug and play without voluntarily installing Purpose facilitates client to carry out network online service in mobile PC scene.
In another embodiment, a kind of software is additionally provided, the software is for executing above-described embodiment and preferred reality Apply technical solution described in mode.
In another embodiment, a kind of storage medium is additionally provided, above-mentioned software is stored in the storage medium, it should Storage medium includes but is not limited to: CD, floppy disk, hard disk, scratch pad memory etc..
It can be seen from the above description that the embodiment of the present invention realizes following technical effect: proposing a kind of progress The device that network online service provides, the device are provided with network online service access modules, remote independently of host machine Journey desktop services controller, network online service access modules obtain the web interface of html format, then pass through remote desktop The web interface of html format is converted to the web interface of picture format and is launched on host machine by service controller It is shown, because the web interface of picture format is difficult to be cracked, can effectively be solved in the prior art in fixed PC On the technical problem larger using security risk present in network online service, reached reduction security risk, improved data Safety technical effect.
Obviously, those skilled in the art should be understood that each module of the above-mentioned embodiment of the present invention or each step can be with It is realized with general computing device, they can be concentrated on a single computing device, or be distributed in multiple computing devices On composed network, optionally, they can be realized with the program code that computing device can perform, it is thus possible to by it Store and be performed by computing device in the storage device, and in some cases, can be held with the sequence for being different from herein The shown or described step of row, perhaps they are fabricated to each integrated circuit modules or will be multiple in them Module or step are fabricated to single integrated circuit module to realize.In this way, the embodiment of the present invention be not limited to it is any specific hard Part and software combine.
The foregoing is only a preferred embodiment of the present invention, is not intended to restrict the invention, for the skill of this field For art personnel, the embodiment of the present invention can have various modifications and variations.All within the spirits and principles of the present invention, made Any modification, equivalent substitution, improvement and etc. should all be included in the protection scope of the present invention.

Claims (9)

1. a kind of network online service provides device, which is characterized in that independently of host machine, pass through interface and host machine phase Even, comprising:
Network online service access modules, are built-in with browser, for accessing network line server, obtain hypertext markup language Say the network online service interface of HTML code format;
Remote desktop service controller is connected with the network online service access modules, is used for the network online service Network online service interface acquired in access modules, the network for being depicted as the picture format shown on host machine take online Business interface, and the network online service interface of the picture format is supplied to the host machine and is shown;
Wherein, the network online service provides device, further includes:
Network online service processing module, the user for receiving host machine transmission take online in the network of the picture format The transaction data inputted in business interface, and signature packet is constructed according to the transaction data;
Signature verification module is connected with the network online service processing module, is used for according to the signature packet to described Transaction data is signed, and the transaction data after signature is submitted to the network line server and carries out signature verification;
Display screen, for showing what the signature verification module signed to the transaction data according to the signature packet In the process, the Transaction Information for needing user to confirm.
2. network online service as described in claim 1 provides device, which is characterized in that further include: acknowledgement key is used for user The Transaction Information of the display screen display is confirmed.
3. network online service as described in claim 1 provides device, which is characterized in that the host machine includes: TV Or computer.
4. network online service as claimed in claim 3 provides device, it is characterised in that:
In the case where the host machine is TV, the interface is high-definition multimedia interface HDMI interface;
Alternatively, the interface is general-purpose serial bus USB interface in the case where the host machine is computer.
5. a kind of network online service providing method characterized by comprising
Network line server is accessed, the network online service interface of hypertext markup language HTML code format is obtained;
By the network online service interface of acquired HTML code format, it is depicted as the picture format shown on host machine Network online service interface, and the network online service interface of the picture format is supplied to the host machine and is shown Show;
Wherein, after the network online service interface of the picture format to be supplied to the host machine and is shown, institute State method further include:
The transaction data that the user that host machine is sent inputs in the network online service interface of the picture format is received, and Signature packet is constructed according to the transaction data;
It is signed according to the signature packet to the transaction data, and the transaction data after signature is submitted into network and is existed Line server carries out signature verification.
6. method as claimed in claim 5, which is characterized in that receiving the user of host machine transmission in the picture format Network online service interface in the transaction data that inputs, it is described and before constructing signature packet according to the transaction data Method further includes;
Receive the verification information inputted in the network online service interface for the picture format that user shows on host machine;
The verification information network line server progress identity is sent to by the network in the host machine to test Card.
7. method as claimed in claim 6, which is characterized in that the verification information includes: username and password.
8. method as claimed in claim 5, which is characterized in that by network online service circle of acquired HTML code format Face is depicted as the network online service interface of the picture format shown on host machine, including;
According to scheduled coding mode by the network online service interface of HTML code format, the network for being converted to picture format exists Line service interface.
9. the method as described in any one of claim 5 to 8, which is characterized in that before accessing network line server, institute State method further include:
Receive the connection request that the client control in host machine is initiated;
Determine whether the connection request meets condition of contact, if it is satisfied, then accessing the network line server.
CN201480032949.8A 2014-03-17 2014-03-17 Network online service provides device and method Active CN105308623B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/073521 WO2015139172A1 (en) 2014-03-17 2014-03-17 Device and method for providing online service

Publications (2)

Publication Number Publication Date
CN105308623A CN105308623A (en) 2016-02-03
CN105308623B true CN105308623B (en) 2019-05-31

Family

ID=54143608

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201480032949.8A Active CN105308623B (en) 2014-03-17 2014-03-17 Network online service provides device and method

Country Status (2)

Country Link
CN (1) CN105308623B (en)
WO (1) WO2015139172A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003034772A1 (en) * 2001-10-19 2003-04-24 Smarttrust Systems Oy Method and arrangement in a communications network
CN1671102A (en) * 2005-03-23 2005-09-21 蔡冠群 Personal electronic identification device and safety identification method thereof
CN101444039A (en) * 2006-05-11 2009-05-27 伊内尔肯有限公司 External signature device for a PC, with wireless communication capacity
CN101546546A (en) * 2009-05-14 2009-09-30 北京千家悦网络科技有限公司 Network data converter and method for controlling data conversion
CN101739622A (en) * 2008-11-06 2010-06-16 同方股份有限公司 Trusted payment computer system
CN102739398A (en) * 2011-04-12 2012-10-17 深圳市证通电子股份有限公司 Online bank identity authentication method and apparatus thereof

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7506253B2 (en) * 2004-05-21 2009-03-17 Electronics For Imaging, Inc. Methods and apparatus for recording web information
US8041127B2 (en) * 2006-11-30 2011-10-18 Intuit Inc. Method and system for obscuring and securing financial data in an online banking application
US9508072B2 (en) * 2011-08-26 2016-11-29 Paypal, Inc. Secure payment instruction system
CN103095662B (en) * 2011-11-04 2016-08-03 阿里巴巴集团控股有限公司 A kind of online transaction safety certifying method and online transaction security certification system
CN102394888A (en) * 2011-11-11 2012-03-28 汉口银行股份有限公司 Safety login method of online banking reservation information
CN102739679A (en) * 2012-06-29 2012-10-17 东南大学 URL(Uniform Resource Locator) classification-based phishing website detection method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003034772A1 (en) * 2001-10-19 2003-04-24 Smarttrust Systems Oy Method and arrangement in a communications network
CN1671102A (en) * 2005-03-23 2005-09-21 蔡冠群 Personal electronic identification device and safety identification method thereof
CN101444039A (en) * 2006-05-11 2009-05-27 伊内尔肯有限公司 External signature device for a PC, with wireless communication capacity
CN101739622A (en) * 2008-11-06 2010-06-16 同方股份有限公司 Trusted payment computer system
CN101546546A (en) * 2009-05-14 2009-09-30 北京千家悦网络科技有限公司 Network data converter and method for controlling data conversion
CN102739398A (en) * 2011-04-12 2012-10-17 深圳市证通电子股份有限公司 Online bank identity authentication method and apparatus thereof

Also Published As

Publication number Publication date
WO2015139172A1 (en) 2015-09-24
CN105308623A (en) 2016-02-03

Similar Documents

Publication Publication Date Title
US9525684B1 (en) Device-specific tokens for authentication
US9641513B2 (en) Methods and systems for controlling mobile terminal access to a third-party server
EP3162103B1 (en) Enterprise authentication via third party authentication support
CN103944890B (en) Virtual interaction system based on customer end/server mode and method
EP2355447B1 (en) Secure and automated credential information transfer mechanism
CN109768965B (en) Login method, equipment and storage medium of server
US20100199086A1 (en) Network transaction verification and authentication
CN107743702B (en) Single sign-on for hosting mobile devices
CN106850503B (en) Login-free identity authentication method and device
WO2016074947A1 (en) Method of identifying and counteracting internet attacks
JP2007513406A (en) System and method for preventing identity theft using a secure computing device
WO2006131897A1 (en) A system and method for using a secure storage device to provide login credentials to a remotre service over a network
US9003540B1 (en) Mitigating forgery for active content
US20130104220A1 (en) System and method for implementing a secure USB application device
CN106161475B (en) Method and device for realizing user authentication
CN101635714A (en) Method and system for improving network application safety
CN102447720A (en) Method for remotely controlling personal computer (PC) by mobile phone
CN110401641A (en) User authen method, device, electronic equipment
CN113746811A (en) Login method, device, equipment and readable storage medium
EP4295227A1 (en) Computing device and associated methods providing browser launching of virtual sessions in an application
CN110781465B (en) BMC remote identity verification method and system based on trusted computing
JP5799399B1 (en) Virtual communication system
CN111726328B (en) Method, system and related device for remotely accessing a first device
CN105959278B (en) A kind of method, apparatus and system for calling VPN
CN112202813B (en) Network access method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant