CN1571453A - Method for implementing network trade safety certification - Google Patents
Method for implementing network trade safety certification Download PDFInfo
- Publication number
- CN1571453A CN1571453A CN 03141685 CN03141685A CN1571453A CN 1571453 A CN1571453 A CN 1571453A CN 03141685 CN03141685 CN 03141685 CN 03141685 A CN03141685 A CN 03141685A CN 1571453 A CN1571453 A CN 1571453A
- Authority
- CN
- China
- Prior art keywords
- user
- network
- dynamic password
- certificate server
- handwritten signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides a method to realize the network business safety certification. The method is mainly that when the user end is doing the network business, the first business request is sent to a certification server; and a random dynamic secret code is generated through a user data base and a certification record of the certification server. The dynamic secret code is sent back to the user end by a communication module-set. Then, the dynamic secret code and the signature inputted by the user are sent to the certification server to do the second request, after it is checked them, business commend is sent to the network bank business system. Thus, the security of the network business is improved by the duplex certification of the signature handwriting and the dynamic secret code.
Description
Technical field
The present invention relates to a kind of implementation method of safety of network trade authentication, relate in particular to the computer of an a kind of mobile phone that makes a tool handwriting input or a tool board and cooperate user's end of general mobile phone, can see through the dynamic password that a certificate server is sent, and the signature that cooperates a user, after the double verification that obtains this certificate server, can obtain the method for Secure Transaction on the increase network.
Background technology
Because network world is flourish, the network equipment miscellaneous constantly is developed, and be used in widely in its life and the operational environment by all trades and professions, this development trend, the speed and the efficient of the information circulation of not only quickening, the also facility of in life and work, having brought greatly for people.
In recent years, along with the installation quantity of wireless zone network card day by day increases, many information have begun to see through the radio area network technology, and on network, circulate, and along with the high speed expansion of internet, applications and the improvement of e-commerce environment, people are to the Internet bank, network payment, produced active demand, the electronic service of bank is universal day by day, develop into telephone bank's service by early stage ATM service, Mobile banking's service and Internet banking, yet, because many wireless networks are fully without any safeguard procedures, the chance of these wireless networks of hacker attacks, also increase severely, promptly may suffer near hacker attacks, illegally usurp frequency range with day, Free Internet Access, even the intrusion enterprise web site, steal the enterprise-essential confidential data, implant virus or revise webpage, therefore, how safety is provided, reliably, in time, safe network trading service accurately is the technical problem that must solve.
The method of the common employing of domestic network transaction system at present, be at a transmission control agreement (TransmissionControl Protocol, hereinafter to be referred as TCP) realize a safe coding technology (Secure SocketLayer on the framework, hereinafter to be referred as SSL), because the unit of transfer in this TCP framework is section (segment), therefore can in data, add check code, so that the work that receiving terminal is checked.And this SSL the most common a kind of data encryption technology that is target, also be widely used on the safety of network trade, tackled by other people in order to the data of avoiding on network, transmitting, its realization technology ties up to user side this SSL data security agency is installed, with the form of webpage Correspondent service (Web Proxy), provide the ability of data encryption for browser.This SSL data security agency and web browser system are installed on same the computer.Will be when the far-end web page server to be set up safety and is connected when this web browser, it will send request to this SSL data security agency, and is responsible for and this far-end web page server connects by this SSL data security agency; When this SSL data security agency be responsible for being connected with this far-end web page server set up after, the data transmission between this web browser and the far-end web page server then is that this SSL data security of process is acted on behalf of forwarding and finished.
But, see through this SSL data security agency's digital certificates verification mode, its disadvantage is poor stability, its safety defect comes from its two cover passwords, because this two covers password all is conventional static password, so easily guess, easily crack, easily steal, and there is bigger potential safety hazard, based on these reality, how to provide a kind of network trading safer method, promptly become the important topic that the dealer needs to be resolved hurrily.
Summary of the invention
Because there is bigger potential safety hazard in this SSL data security of aforementioned conventional agency's digital certificates verification mode, be many shortcomings such as other people are tackled easily.So the inventor is practical experience and the research experience through for many years, development and Design goes out the implementation method of a kind of safety of network trade authentication of the present invention finally, and the phase is by this implementation method, to increase the fail safe of user on network trading.
Purpose of the present invention, be when user's end carries out network trading, can send transaction request for the first time to certificate server earlier, produce a random dynamic puzzle through this certificate server, and after sending it back this user's end, the signature that this dynamic password is imported together with a user again, send transaction request for the second time to this certificate server, and through this certificate server confirm this dynamic password and user sign errorless after, promptly send the transaction order to the network bank trading system, so, see through the double verification of this handwriting signature and dynamic password, can increase the fail safe of this network trading; Wherein this user's end can have the computer of board and cooperate general mobile phone for a mobile phone or with hand-write input function, by this, can carry out transaction such as an Internet bank, internet insurance, the online securities and network buying, simultaneously, this certificate server system adopts the specific authentication server to authenticate, and can ensure the integrality and the system resource of user's application system.
Existing, for more clearly expressing technological means of the present invention and operation, conjunction with figs. is lifted a preferred embodiment now, is described in detail as follows:
Description of drawings
Fig. 1 is the configuration diagram of the embodiment of the invention;
Fig. 2 is that the user of the embodiment of the invention holds the operating process schematic diagram;
Fig. 3 is the certificate server end operating process schematic diagram of the embodiment of the invention.
Embodiment
The present invention is a kind of implementation method of safety of network trade authentication, see also shown in Figure 1, this method mainly is to make a user hold 10 when carrying out network trading, send transaction request for the first time to a certificate server 11 earlier, and a user's database and an authentication record on this certificate server 11, after producing a random dynamic puzzle, by a communications module 12 this dynamic password is sent it back this user and hold 10, then, hold 10 signatures that this dynamic password is imported together with a user by this user again, send transaction request for the second time to this certificate server 11, and through this certificate server 11 confirm these dynamic passwords and user sign errorless after, promptly send the transaction order, use the fail safe that increases network trading to a network bank trading system 13.
In a most preferred embodiment of the present invention, this user holds 10 can have the computer of board and cooperate general mobile phone for a mobile phone or with hand-write input function, and this certificate server 11 adopts a specific authentication server 11 to authenticate, can handle user's access request authentication, ensure the integrality and the system resource of user's application system, and have this user's database and authentication record, use the so-called random dynamic puzzle authentication infrastructure of formation the present invention, and user's handwritten signature person's handwriting is verified.
In this embodiment, the realization of this handwritten signature, be to make the user in this network bank trading system 13, stay its handwritten signature person's handwriting in advance, and may be defined as the dot matrix that an X takes advantage of a Y size, and be kept in this certificate server 11, when the user when carrying out network trading, be to see through network to send its handwritten signature person's handwriting to this certificate server 11, carry out the comparison of a similarity with the handwritten signature person's handwriting that is pre-stored in this network bank trading system 13, wherein to its X of each adjacent point sampling of the handwritten signature person's handwriting received, the Building Y scale value, in order to calculate its slope, compare with the handwritten signature person's handwriting that prestores, if the handwritten signature person's handwriting of input has the slope of arbitrary stroke and the corresponding stroke slope that prestores, when error surpasses certain limit, i.e. decidable dissmilarity; Simultaneously, can calculate the length of each stroke, when any one error in length surpasses certain limit, also decidable dissmilarity; If the slope and the length of each stroke and the slope and the stroke of the handwritten signature person's handwriting that prestores, error all in setting range the time, can think that it is similar.
By the above, can know and learn that this user holds 10 when carrying out network trading, is according to the following step, handles, and sees also shown in Figure 2:
(201) at first, send the transaction request first time (if this user holds 10 to be mobile phones of tool handwriting input to this certificate server 11 earlier, then transaction request will comprise the number of this mobile phone automatically first time this, if this user holds 10 to be computers of tool board, then this computer network transaction platform can require to provide the number of this general mobile phone, in order to accept a dynamic password), and wait for and user's database and authentication record on this certificate server 11 produce this random dynamic puzzle;
(202) judge whether the dynamic password of receiving that this certificate server 11 is sent it back via this communications module 12? if then enter step (204) when receiving this dynamic password, otherwise promptly enter step (203);
(203) transmission of this dynamic password is waited in continuation;
(204) receive handwritten signature that a user imported (if this user holds 10 to be mobile phones of tool handwriting input, it then is the hand-written screen input signature that sees through on it, if this user holds 10 to be computers of tool board, then be the handwriting pad input signature that sees through on it) and this dynamic password;
(205) this dynamic password is sent transaction request for the second time to this certificate server 11 in the lump together with this handwritten signature;
(206) judge through this certificate server 11, do you and confirm whether this dynamic password and this handwritten signature correct? if the two all correctly then enters step (208) this dynamic password and this handwritten signature, if this dynamic password and this handwritten signature have any one incorrect or neither correctly in the two, promptly enter step (207);
(207) receive by this communications module 12 and one of send it back the requests transaction failure information, and return step (206);
(208) see through this certificate server 11 and send the transaction order, begin transaction to this network bank trading system 13.
From the above, when this certificate server 11 receives this user when holding 10 to carry out the network trading request, be according to the following step, handle, see also shown in Figure 3:
(301) at first, receive the user and hold 10 transaction request first time that send;
(302) do you judge whether this transaction request complete first time? whether meaning promptly has phone number, if not then enter step (303), if having then enter step (305);
(303) require the user to hold 10 phone number is provided;
(304), otherwise continue to wait for that the user holds 10 phone number is provided if receive that the user holds 10 to provide phone number then to enter step (305);
(305) seeing through this user's database and authentication record produces a random dynamic puzzle (user can be according to demand, this dynamic password is set as one day to be changed once, changed once or changed in several hours one inferior in 12 hours), and this dynamic password is sent to this communications module 12;
(306) after communications module 12 receives the dynamic password of certificate server 11 transmission, promptly be sent to the user and hold 10 through network;
(307) then, judge whether to receive that the user holds 10 handwritten signatures that send and the transaction request second time of dynamic password? if receive then to enter step (309), then do not enter step (308) if receive;
(308) continue to wait for this handwritten signature and dynamic password, till receiving;
(309) judge that this handwritten signature and user pre-deposit the checking of the handwritten signature person's handwriting similarity in the network bank trading system 13, and this dynamic password and the previous dynamic password that sends carried out verification, if the result is all correct in checking, then enter step (311), if one of them checking result is incorrect or neither correct, promptly enter step (310);
(310) send out a request failure information through this communications module 12 and hold 10 to the user;
(311) send the transaction order to this network bank trading system 13, begin transaction.
Therefore, how to provide network trading safer method, really can see through the double verification of this network trading handwritten signature of the present invention and dynamic password, to increase the fail safe of this network trading for a kind of.
The above only is of the present invention one best specific embodiment, and feature of the present invention is when reality is implemented, be not limited thereto, press, all any present technique field persons that is familiar with, in field of the present invention, can think easily and variation or modification, all should be encompassed in the following claim scope of advocating.
Claims (6)
1, the implementation method of a kind of safety of network trade authentication, on this method just user end when carrying out network trading,, handle according to the following step:
At first, send transaction request for the first time to a certificate server, user's database and an authentication record on this certificate server, produce a random dynamic puzzle after, by a communications module this dynamic password is sent it back this user and holds;
Then, hold the signature that this dynamic password is imported together with a user by this user again, send transaction request for the second time to this certificate server, through this certificate server confirm this dynamic password and user sign errorless after, promptly send the transaction order to a network bank trading system, so, can increase the fail safe of network trading.
2, the implementation method of safety of network trade authentication as claimed in claim 1, it is characterized in that, this user's end can be a mobile phone or with hand-write input function to have the computer of board and cooperates general mobile phone, and this certificate server is to adopt a specific authentication server to authenticate, can handle user's access request authentication, ensure the integrality and the system resource of user's application system, and have this user's database and authentication record, constituting this random dynamic puzzle authentication infrastructure, and user's handwritten signature person's handwriting is verified.
3, the implementation method of safety of network trade authentication as claimed in claim 2, it is characterized in that, the realization of this handwritten signature, be to make the user in this network bank trading system, stay its handwritten signature person's handwriting in advance, and may be defined as the dot matrix that an X takes advantage of a Y size, and be kept in this certificate server, when the user when carrying out network trading, be to see through network to send its handwritten signature person's handwriting to this certificate server, with be pre-stored in the intrasystem handwritten signature person's handwriting of this network bank trading and carry out the comparison of a similarity, and to its X of each adjacent point sampling of the handwritten signature person's handwriting received, the Building Y scale value, in order to calculate its slope, compare with the handwritten signature person's handwriting that prestores.
4, the implementation method of safety of network trade authentication as claimed in claim 3 is characterized in that, this user's end is according to the following step when carrying out network trading, handles:
At first, send transaction request for the first time to this certificate server earlier, and wait for user's database and authentication record on this certificate server, produce this random dynamic puzzle;
Judge whether to receive this certificate server via the dynamic password that this communications module sent it back,, then receive handwritten signature and this dynamic password that a user is imported, otherwise promptly continue to wait for the transmission of this dynamic password if when receiving this dynamic password;
This dynamic password is sent transaction request for the second time to this certificate server in the lump together with this handwritten signature;
Judge through this certificate server, and confirm whether this dynamic password and this handwritten signature be correct, if the two is all correct for this dynamic password and this handwritten signature, then send the transaction order to this network bank trading system and begin transaction through this certificate server, if this dynamic password and this handwritten signature have any one incorrect or neither correctly in the two, promptly receive a requests transaction failure information that sends it back by this communications module.
5, the implementation method of safety of network trade authentication as claimed in claim 3 is characterized in that, this certificate server receives this user and holds when carrying out the network trading request, is according to the following step, handles:
At first, receive the transaction request first time that the user holds transmission;
Judge whether this transaction request complete first time, whether phone number is promptly arranged, if then not requiring the user to hold provides phone number, produce a random dynamic puzzle if having then through this user's database and authentication record, and this dynamic password is sent to this communications module;
After communications module receives the dynamic password of certificate server transmission, promptly see through network and be sent to user's end;
Then, judge whether to receive that the user holds the handwritten signature of transmission and the transaction request second time of dynamic password, judge that then this handwritten signature and user pre-deposit the checking of the intrasystem handwritten signature person's handwriting of network bank trading similarity if receive, and this dynamic password and the previous dynamic password that sends carried out verification, if do not receive and then continue to wait for this handwritten signature and dynamic password, till receiving;
If the result is all correct in checking, then send the transaction order to this network bank trading system, begin transaction, if one of them checking result is incorrect or neither correct, promptly sends out a request failure information and hold to the user through this communications module.
6, the implementation method of safety of network trade authentication as claimed in claim 5 is under it is special that this dynamic password can change according to user's requirements set.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03141685 CN1571453A (en) | 2003-07-18 | 2003-07-18 | Method for implementing network trade safety certification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03141685 CN1571453A (en) | 2003-07-18 | 2003-07-18 | Method for implementing network trade safety certification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1571453A true CN1571453A (en) | 2005-01-26 |
Family
ID=34471014
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03141685 Pending CN1571453A (en) | 2003-07-18 | 2003-07-18 | Method for implementing network trade safety certification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1571453A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007121631A1 (en) * | 2006-04-24 | 2007-11-01 | Beijing E-Hengxin Authentication Science & Technology Co. Ltd. | System and method of electronic bank safety certification based on cpk |
| CN101488859A (en) * | 2009-02-27 | 2009-07-22 | 上海凌锐信息技术有限公司 | Network security authentication system based on handwriting recognition and implementing method thereof |
| WO2010028517A1 (en) * | 2008-09-09 | 2010-03-18 | 无敌科技(西安)有限公司 | System and method for generating/ identifying cipher code via artificial neural network |
| CN1697379B (en) * | 2005-06-22 | 2011-04-20 | 王李琰 | Method for authenticating user's ID in safety communication service of public network based on cryptotechnique of identification |
| CN103944889A (en) * | 2014-04-04 | 2014-07-23 | 联动优势科技有限公司 | Method for online identity authentication of network user and authentication server |
| CN105100093A (en) * | 2015-07-15 | 2015-11-25 | 联动优势科技有限公司 | Identity authentication method and identity authentication server |
| WO2015196581A1 (en) * | 2014-06-25 | 2015-12-30 | 中兴通讯股份有限公司 | Signature method and apparatus, virtual teller machine user terminal device and teller terminal device |
| CN107346418A (en) * | 2017-06-13 | 2017-11-14 | 卢宏洲 | A kind of answer recognition methods of real-time synchronization and efficient identification |
| CN107426155A (en) * | 2017-04-17 | 2017-12-01 | 浙江德塔森特数据技术有限公司 | A kind of method for unlocking of integrated cabinet |
| TWI643140B (en) * | 2012-05-04 | 2018-12-01 | 易飛網國際旅行社股份有限公司 | Security authorization method for transaction process and a server system for implementing the same |
-
2003
- 2003-07-18 CN CN 03141685 patent/CN1571453A/en active Pending
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1697379B (en) * | 2005-06-22 | 2011-04-20 | 王李琰 | Method for authenticating user's ID in safety communication service of public network based on cryptotechnique of identification |
| WO2007121631A1 (en) * | 2006-04-24 | 2007-11-01 | Beijing E-Hengxin Authentication Science & Technology Co. Ltd. | System and method of electronic bank safety certification based on cpk |
| WO2010028517A1 (en) * | 2008-09-09 | 2010-03-18 | 无敌科技(西安)有限公司 | System and method for generating/ identifying cipher code via artificial neural network |
| CN101488859A (en) * | 2009-02-27 | 2009-07-22 | 上海凌锐信息技术有限公司 | Network security authentication system based on handwriting recognition and implementing method thereof |
| TWI643140B (en) * | 2012-05-04 | 2018-12-01 | 易飛網國際旅行社股份有限公司 | Security authorization method for transaction process and a server system for implementing the same |
| CN103944889B (en) * | 2014-04-04 | 2017-04-05 | 联动优势科技有限公司 | A kind of method and certificate server of network user's online identity certification |
| CN103944889A (en) * | 2014-04-04 | 2014-07-23 | 联动优势科技有限公司 | Method for online identity authentication of network user and authentication server |
| WO2015196581A1 (en) * | 2014-06-25 | 2015-12-30 | 中兴通讯股份有限公司 | Signature method and apparatus, virtual teller machine user terminal device and teller terminal device |
| CN105281905A (en) * | 2014-06-25 | 2016-01-27 | 中兴通讯股份有限公司 | Signature method and device and user end device and teller end device of virtual teller machine |
| CN105100093B (en) * | 2015-07-15 | 2018-05-18 | 联动优势科技有限公司 | A kind of identity authentication method and server |
| CN105100093A (en) * | 2015-07-15 | 2015-11-25 | 联动优势科技有限公司 | Identity authentication method and identity authentication server |
| CN107426155A (en) * | 2017-04-17 | 2017-12-01 | 浙江德塔森特数据技术有限公司 | A kind of method for unlocking of integrated cabinet |
| CN107346418A (en) * | 2017-06-13 | 2017-11-14 | 卢宏洲 | A kind of answer recognition methods of real-time synchronization and efficient identification |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8938784B2 (en) | Authorization of server operations | |
| EP2479957B1 (en) | System and method for authenticating remote server access | |
| CN105515783B (en) | Identity identifying method, server and certification terminal | |
| CN102291376B (en) | Method and system for realizing mobile terminal-supporting electronic transaction | |
| WO2010101476A1 (en) | Method and computer program for generation and verification of otp between server and mobile device using multiple channels | |
| CN101651541A (en) | System and method for authentication of network user | |
| CN103581184A (en) | Method and system for mobile terminal to get access to intranet server | |
| CN104063650B (en) | A kind of key storage device and using method thereof | |
| CN107241306B (en) | Man-machine identification method, server, client and man-machine identification system | |
| CN102694781A (en) | Internet-based system and method for security information interaction | |
| WO2010098789A1 (en) | Multifactor authentication system and methodology | |
| CN1571453A (en) | Method for implementing network trade safety certification | |
| CN1956375A (en) | Dynamic password identity authentication method and system based on network | |
| JP2011204169A (en) | Authentication system, authentication device, authentication method and authentication program | |
| CN113239397A (en) | Information access method, device, computer equipment and medium | |
| WO2009048191A1 (en) | Security authentication method and system | |
| JP5317795B2 (en) | Authentication system and authentication method | |
| CN116383799A (en) | Business processing method and device based on applet and electronic equipment | |
| KR20050010430A (en) | A method of authenticating users by using one time password and a system thereof | |
| EP2120415A1 (en) | Security system and method for a remote device in a wireless wide area network | |
| KR20080087475A (en) | Method for authenticating website(or server) and program recording medium, server for providing website(or server) authenticating information | |
| JP2003264551A (en) | Method for ensuring security between communication terminal and server | |
| CN102480706A (en) | Short message authentication method | |
| KR101322816B1 (en) | System for non-activex digital signing using portable terminal | |
| CN111753242A (en) | CMS method and system for WeChat public platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| ASS | Succession or assignment of patent right |
Owner name: YINGHUADA(NAN JING) TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: YINGYEDA GROUP(NANJING) ELECTRONIC TECHNOLOGY CO.,LTD Effective date: 20041112 |
|
| C06 | Publication | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| PB01 | Publication | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20041112 Address after: Jiangning economic and Technological Development Zone, Jiangsu, Nanjing Applicant after: Inventec (Nanjing) Technology Co., Ltd. Address before: Nanjing City, Jiangsu province crane Street No. 100 Applicant before: Inventec Group (Nanjing) Electronic Technology Co., Ltd. |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20050126 |