CN1514392A - System and method for safely treating third side secret information - Google Patents
System and method for safely treating third side secret information Download PDFInfo
- Publication number
- CN1514392A CN1514392A CNA031346715A CN03134671A CN1514392A CN 1514392 A CN1514392 A CN 1514392A CN A031346715 A CNA031346715 A CN A031346715A CN 03134671 A CN03134671 A CN 03134671A CN 1514392 A CN1514392 A CN 1514392A
- Authority
- CN
- China
- Prior art keywords
- party
- control module
- processing
- information
- confidential information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 14
- 230000002123 temporal effect Effects 0.000 claims description 7
- 230000004913 activation Effects 0.000 claims description 4
- 238000004886 process control Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000013011 mating Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000006386 neutralization reaction Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
In the present invention, the processing control module provided by the third party is inserted and used on system of party concerned, the module controls input of secret information and to generate simultaneously information of time and random number as well as to integrate them with secret information for enciphering matching process is carried out after enciphered information is obtained by the third party system through system of party concerned and the processing control module is managed in the third party system.
Description
Technical field
The invention belongs to information security field, belong to the safety input of information, encrypt and transmit and handle.
Background technology
At present, when between two systems alternatively process information the time, all be to be to trust mutually between two systems of supposition.
Such as two systems are arranged: Party A and Party B; If relate to Party B's information, and these information are to obtain after the system handles by the Party A.Like this, the Party A system usually is an information of having known the Party B simultaneously.Common situation does not have any problem like this; But when relate to be Party B's confidential information the time, will bring a lot of question of liability.At this time, suppose that usually the Party A is well-meant, or believable, can protect the safety of Party B's information.But when Party B's confidential information leakage problem occurring, the Party A obviously can't avoid possible responsibility: such as Party A internal staff crime or maloperation and responsibility of causing etc. in Party A's self system.Because the Party A is the real information that can access the Party B.
This situation exists in the use of reality in a large number, and is especially more in financial transaction system.Bank card holder's password PIN is a confidential information, such as the interconnection and interflow between the bank, and being connected of banking system and system of Unionpay; According to present processing, the receiving bank of bank card and the system of Unionpay all can obtain the confidential information of credit card issuer: holder's password.Like this, if the password leakage problem is arranged, in fact receiving bank and Unionpay can not break away from own responsibility from technical finesse.
The present invention proposes for the question of liability that solves above-mentioned the two sides concerned and safety problem just.
Summary of the invention
The invention discloses a kind of system and method for safe handling third party confidential information.
Party concerned who wherein relates to and third party are definition like this.Referring to Fig. 1.
For example the processing with the consumer sale of bank card is illustrated.
The user of issuing bank uses its bank card of holding in the system of receiving bank, need input holder password.Password is a most important confidential information in the bank transaction; And encrypted message leaves in the database of system of issuing bank.
In use, need be password in the input of the system of receiving bank, and in conjunction with card number, the system handles by receiving bank and be delivered to issuing bank together.In this process, security how to guarantee holder's password is exactly an extremely important problem, and the link that relates to comprises input element and transmits and handle.
This is wherein:
The party concerned systemBeing exactly the system of receiving bank in the bank card business dealing, is the system that the user directly uses;
The third party systemBeing exactly the system of issuing bank in the bank card business dealing, is the affiliated systems of confidential information such as holder's password,
The userBeing exactly the bank card possessor in the transaction, is third-party directly affiliated user.
The system of a kind of safe handling third party confidential information of the present invention is characterized in that, described system comprises:
● be used in the processing and control module of party concerned system: be used to control the input of third party's confidential information; Produce random number, temporal information, sequence number information; The calculation check sign indicating number also uses the embedded PKI of module to encrypt; Output to party concerned's system.
● be used in the matching treatment module of third party system: be used for third-party system, carry out the processing of alignment processing control module.
● be used in the administration module of the processing and control module of third party system: be used for third-party system; Produce, dispose, activate and the renewal processing and control module.
Described in the party concerned system, can use how tame third-party processing and control module simultaneously.
The administration module of described processing and control module in the third party system is kept the processing and control module of a plurality of activation simultaneously, and along with the time regularly and/or is aperiodically upgraded processing and control module.
The method of a kind of safe handling third party confidential information of the present invention is characterized in that, performing step comprises 3 following aspects:
● in party concerned's system, embed and use third-party processing and control module.
● in the third party system, carry out the processing of matching treatment control module.
● in the third party system, processing and control module is managed.
The described third party's processing and control module that embeds and use in the party concerned system, the step of its further processing comprises:
● the input of controller confidential information.
● control generation time information;
● control produces sequence number information;
● control produces random number information;
● above-mentioned information combination is got up the calculation check sign indicating number;
● to described information combination and check code thereof, use the embedded PKI of processing and control module to encrypt;
● to described enciphered message, add the code of processing and control module in front;
● the described later information of block code that added is outputed in the party concerned system.
Described in the third party system, carry out the processing of matching treatment control module, its further step comprises:
● receive by the later confidential information of the encryption of party concerned's systems communicate etc.;
● be stored in the database, the data recording within the regular hour compares, and judges whether it is the transaction of repetition;
● according to the code of processing and control module, use the corresponding private key of in the third party system, storing to be decrypted;
● according to decryption information and check code wherein, judge the legitimacy of information combination;
● according to the temporal information in the decryption information, judge the validity of information;
● the confidential information that affirmation obtains;
● the joining day sign, and the information before the record deciphering is in database.
Described third party system manages processing and control module, and its further step comprises:
● produce and finish the processing and control module of described function;
● produce PKI, private key is right; And PKI is configured in the processing and control module, and private key is stored in the third-party system;
● dispose the code of described processing and control module, and be stored in together in the third-party system simultaneously with corresponding private key;
● the effective simultaneously and a plurality of processing and control module of activation; Surpass certain time limit, perhaps along with time calcellation/renewal processing and control module;
Realized the function of third party's processing and control module, can in the party concerned system, realize safety input, encryption and transmission third party's confidential information.
The matching treatment control module is carried out corresponding processing in third-party system, and binding time, is stored in the recording status in the third party system, judges non-repeatability, legitimacy and the validity of input information, confirms the confidential information of input.Wherein the time of the validity of time is judged yardstick, with remain on database in the time scale of not decryption information in the regular hour be consistent.
In the third party system, third party's processing module is managed; Comprise: produce, dispose, cancel, upgrade or the like.
Finish top processing, can realize principle of the present invention and method: finish safe handling third party's confidential information.
In party concerned's system, can embed a family or a how tame third-party processing and control module simultaneously.
Third-party processing and control module provides in the mode of component software usually, like this, embeds this assembly module and get final product in party concerned's software systems are handled; Processing and control module also can be a hardware unit that possesses described processing and control module function.
Description of drawings
Fig. 1 system module configuration diagram of the present invention;
The configuration diagram of Fig. 2 third party's processing and control module;
Fig. 3 third party's internal system treatment scheme diagrammatic sketch;
The administration module treatment scheme diagrammatic sketch of Fig. 4 third party system.
Embodiment
With reference to figure 1.In party concerned's system, embed and use third-party processing and control module, in input third party confidential information, control user's input, and produce out of Memory, make up, encrypt, add processing such as code by it; Then output in party concerned's the system processing of mating to the third party system by party concerned's systems communicate.
In an embodiment, the party concerned system is the interface of user interaction process with the computer system.Third-party processing and control module provides with the form of component software.
Enforcement of the present invention relates to 4 following aspects and implements:
● the processing of party concerned system;
● the realization of third-party processing and control module;
● the processing of matching treatment control module in the third party system;
● the third party system is to the management of processing and control module.Go explanation respectively from these 4 aspects:
● the processing of party concerned system
The processing of party concerned system is fairly simple, promptly calls the processing and control module that the third party system provides.
In the time of needs input third party confidential information, call this module; By the input of this module controls information, the generation of control time information, sequence number information, random number information; And make up them, and produce and the adding check code, encrypt; Output to then in party concerned's the system.The party concerned system passes to the third party system with the information that obtains.
● the realization of third-party processing and control module
Referring to Fig. 2.
A) use the mode of soft keyboard to control input
When input third party confidential information, call third-party processing and control module control and eject the soft keyboard prompting, import by soft keyboard.
Soft keyboard refers to the figure that is presented at computer screen upper keyboard shape by software control, selects with cursor that wherein numeral and character are imported.It ejects in use, uses and finishes to disappear later on.
On the interface of prompting input, there is the third party system significantly to indicate to show the responsibility of law, as trade mark, sign etc.
By soft keyboard is in order to avoid confidential information to be intercepted and captured in the monitoring of keyboard mouth input; Also avoided simultaneously of the control of party concerned system to input.Because soft keyboard is provided by third party's module controls.
The inputting interface of soft keyboard can be selected to change randomly.
B) processing and control module self produces out of Memory, and combination and calculation check sign indicating number
By third party's processing and control module generation time information;
Produce sequence number information by third party's processing and control module;
Produce random number information by third party's processing and control module;
Confidential information, temporal information, sequence number information, random number information are made up, and the calculation check sign indicating number.
C) processing and control module uses public-key and encrypts and export
Processing and control module uses embedded PKI that aforesaid combined information and check code thereof are encrypted;
In described enciphered message, add the code of processing and control module self;
The information of described adding code is outputed in party concerned's the system.
● the processing of matching treatment control module in the third party system
Referring to Fig. 3.The step of third party's system handles is as follows:
1) the third party system receives the own processing and control module of the process of coming by party concerned's systems communicate and encrypts later confidential information;
2), judge the non-repeatability of information according to the record in third party's system database;
3) according to the code of processing and control module, use corresponding private key to be decrypted, the information combination before obtaining encrypting comprises: confidential information, temporal information, sequence number information, random number information, check code or the like.
4), judge whether information combination is legal according to check code;
5), judge real-time, the validity of information according to temporal information;
6) confidential information of affirmation input, and transmission is further processed;
7) add time tag, the information before the record deciphering is in database.This database keeps the data recording in the certain hour, so that prevent the information input of repeatability.
● the third party system is to the management of processing and control module
The third party system relates to following processing to the management of processing and control module:
1) produces processing and control module;
2) generation is public, private key is right;
3) configuration process control module.PKI is assembled in the processing and control module, corresponding private key is stored in the third party system;
4) allocation of codes and be assemblied in processing and control module neutralization and be stored in the third party system;
5) the same time, a plurality of processing and control module activate effectively;
6) along with time calcellation/renewal processing and control module.
Embed the party concerned system of third party's processing and control module, need, guaranteed correctly to realize the processing capacity of setting and do not had other security breaches through third-party test and appraisal and authentication.
To sum up, in party concerned's system, embed third-party processing and control module, input, combination, encryption by its control third party confidential information, and then the systems communicate by the party concerned is in third-party system, be decrypted and corresponding other processing, can realize that input safely, encryption and the transmission of third party's confidential information handled.Correspondingly, in third-party system, the processing and control module of oneself is managed.
Claims (7)
1. the system of a safe handling third party confidential information is characterized in that, described system comprises:
A) be used in the processing and control module of party concerned system: be used to control the input of third party's confidential information; Produce random number, temporal information, sequence number information etc.; The calculation check sign indicating number also uses the embedded PKI of module to encrypt; Output to party concerned's system.
B) be used in the matching treatment module of third party system: be used for third-party system, carry out the processing of alignment processing control module.
C) be used in the administration module of the processing and control module of third party system: be used for third-party system, produce, configuration, activate and upgrade processing and control module.
2. the system of a kind of safe handling third party confidential information according to claim 1 is characterized in that, described party concerned system can use how tame third-party processing and control module simultaneously.
3. the system of a kind of safe handling third party confidential information according to claim 1, it is characterized in that, in the administration module of the processing and control module of third party system, keep the processing and control module of a plurality of activation simultaneously, and along with the time regularly and/or is aperiodically upgraded processing and control module.
4. the method for a safe handling third party confidential information is characterized in that, its realization comprises the step of 3 aspects, and is as follows:
● in party concerned's system, embed and use third party's processing and control module, by the input of its controller confidential information, combination, encryption etc.
● in the third party system, carry out the processing of matching treatment control module.
● the management that the third party system carries out processing and control module.
5. the method for safe handling third party confidential information according to claim 4, use the step of third party's processing and control module further to comprise:
● the input of controller confidential information.
● control generation time information;
● control produces sequence number information;
● control produces random number information;
● the confidential information that described information is comprised input combines, the calculation check sign indicating number;
● to described information combination and check code thereof, use the embedded PKI of processing and control module to encrypt;
● to described enciphered message, add the code of processing and control module in front;
● the described information of block code that adds is outputed to party concerned's system.
6. the method for safe handling third party confidential information according to claim 4, in the third party system, the step of matching treatment control module further comprises:
● receive the later information of encryption of coming by party concerned's systems communicate;
● compare with the data recording that is stored in the database within the regular hour, judge whether it is the transaction of repetition;
● according to the code of processing and control module, use the corresponding private key of in the third party system, storing that enciphered message is decrypted;
● according to decryption information and check code wherein, the legitimacy of judgment data combination;
● according to the temporal information in the decryption information, judge the information validity of input time;
● the confidential information that affirmation obtains is further processed;
● the joining day sign, the information before the record deciphering is in database.
7. the method for safe handling third party confidential information according to claim 4, the step that control module is handled in third party's system management further comprises:
● produce the processing and control module of finishing described function;
● produce PKI, private key is right; And PKI is embedded processing and control module, and private key is stored in the third party system;
● configuration process control module code, code is stored with corresponding private key in the third party system simultaneously;
● the effective simultaneously and a plurality of processing and control module of activation; Surpass certain time limit, perhaps calcellation/renewal processing and control module in time;
● processing and control module is delivered in party concerned's the system and uses.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA031346715A CN1514392A (en) | 2003-06-28 | 2003-09-25 | System and method for safely treating third side secret information |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN03149492.7 | 2003-06-28 | ||
| CN03149492 | 2003-06-28 | ||
| CNA031346715A CN1514392A (en) | 2003-06-28 | 2003-09-25 | System and method for safely treating third side secret information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1514392A true CN1514392A (en) | 2004-07-21 |
Family
ID=34276282
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA031346715A Pending CN1514392A (en) | 2003-06-28 | 2003-09-25 | System and method for safely treating third side secret information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1514392A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101416469B (en) * | 2006-04-28 | 2014-07-09 | 高通股份有限公司 | Uninterrupted transmission during a change in ciphering configuration |
-
2003
- 2003-09-25 CN CNA031346715A patent/CN1514392A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101416469B (en) * | 2006-04-28 | 2014-07-09 | 高通股份有限公司 | Uninterrupted transmission during a change in ciphering configuration |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100346249C (en) | Method for generating digital certificate and applying the generated digital certificate | |
| CN1256633C (en) | A system and method for authenticating electronic documents | |
| CN1991799A (en) | Safety memory device and data management method | |
| CN1864364A (en) | Security token | |
| CN100337478C (en) | A private key acquiring method for use in set-top box | |
| CN1879072A (en) | System and method providing disconnected authentication | |
| CN1758594A (en) | Biometric authenticating apparatus and terminal | |
| CN1409836A (en) | Computer system for application by accreditation access | |
| CN1281608A (en) | Cryptographic key generation using biometric data | |
| CN1633632A (en) | Method and arrangement for protecting software | |
| CN1898624A (en) | Preserving privacy while using authorization certificates | |
| CN1574740A (en) | Personal authentication device and method thereof | |
| CN1694555A (en) | Dynamic cipher system and method based on mobile communication terminal | |
| CN1889419A (en) | Method and apparatus for realizing encrypting | |
| CN101420302A (en) | Safe identification method and device | |
| CN101241572A (en) | Electronic signing tool operation method and electronic signing tool | |
| CN1323114A (en) | Discriminating system, discriminating method, discriminating equipment and its discriminating method | |
| CN1838141A (en) | Technology for improving security of accessing computer application system by mobile phone | |
| CN1910531A (en) | Method and system used for key control of data resource, related network and computer program product | |
| CN101034986A (en) | Method and system for securely using the intelligent secrete key device | |
| CN1808975A (en) | System and method of preventing network account from stolen | |
| CN1252626C (en) | Content sender machine, content receiver machine, authorizing method and system | |
| CN1771691A (en) | Method, system and computer program for the secured management of network devices | |
| CN105511821B (en) | A kind of printing based on intelligent code key and imprinting control system and implementation method | |
| CN1599313A (en) | Password dynamic enciphering inputmethod of public emipering mode |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING TOPTREND TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: SHAO JUNLI Effective date: 20040716 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20040716 Address after: No. 56, Zhichun Road, Beijing, Haidian District, China Aviation Science and technology building, 6 floors East Applicant after: Xigu Xueren Science and Technology Co., Ltd., Beijing Address before: No. 58, building No. 1208, Tiantongyuan East, Changping District, Beijing Applicant before: Shao Junli |
|
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Xigu Xueren Science and Technology Co., Ltd., Beijing Document name: Notification before expiration of term |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C57 | Notification of unclear or unknown address | ||
| DD01 | Delivery of document by public notice |
Addressee: Xigu Xueren Science and Technology Co., Ltd., Beijing Document name: the First Notification of an Office Action |
|
| DD01 | Delivery of document by public notice |
Addressee: Xigu Xueren Science and Technology Co., Ltd., Beijing Document name: Notification that Application Deemed to be Withdrawn |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20040721 |