CN201717874U - Online banking background identity authentication device and system employing same - Google Patents
Online banking background identity authentication device and system employing same Download PDFInfo
- Publication number
- CN201717874U CN201717874U CN2010201096598U CN201020109659U CN201717874U CN 201717874 U CN201717874 U CN 201717874U CN 2010201096598 U CN2010201096598 U CN 2010201096598U CN 201020109659 U CN201020109659 U CN 201020109659U CN 201717874 U CN201717874 U CN 201717874U
- Authority
- CN
- China
- Prior art keywords
- password
- user
- check code
- client
- interference
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
The embodiment of the utility model provides an online banking background identity authentication device and a system employing the same. The device comprises a central processing unit for controlling a display device, a switch button, a digital button, a password mode selection button, a storage unit, an interference generator, a check code generator and a battery, wherein the switch button receives the touch of the user and executes the starting operation; the display device provides the user with the multi-element password enter request to remind the user to enter the multi-element password and provides the user with the password mode selection information to remind the user to enter the password mode; the storage unit stores the user key and the cryptographic algorithm; the interference generator generates the interference factor; the check code generator generates the check code of the multi-element password according to the interference factor, the user key and the cryptographic algorithm and compares the check code with the entered multi-element password; the comparison result is displayed on the display device; and the battery supplies the working power. The device and the system are applicable to the identity authentication on the background of the online banking and other financial trading systems.
Description
Technical field
The utility model is differentiated and the transaction authentication technology about identity, particularly differentiates and the transaction authentication technology about the identity of financial transaction systems such as Web bank, and be a kind of on-line bank background identity identification Apparatus and system concretely.
Background technology
In the prior art, have following several at the scheme that identity is differentiated and Trading Authorization authenticates: (one) static password: the user uses to set up often and puts weak password, as birthday, phone number etc.; Be stolen easily and monitor, as stealing by wooden horse and Network Sniffing etc.(2) scratch card and dynamic password card: realize one-time pad, but can't guarantee the safety of transaction data, the risk that exists transaction data to be distorted.(3) time type dynamic token: time-based disposal password generator, can guarantee one-time pad, at stealing and smelling the danger of probing certain security improvement is arranged, but can not eradicate risk fully.Simultaneously, still can not take precautions against data is distorted.(4) USBKEY and soft certificate: utilize the PKI system, data are carried out digital signature and encryption, guarantee complete, the non-repudiation, confidentiality of data etc.; But this kind mode implementation cost is higher, needs the backstage to dispose CA, RA, test and sign assembly etc.; The user need carry out bookkeepings such as the application, renewal, recovery of certificate, uses complicated.Simultaneously, soft certificate is replicated easily and steals; USBKEY equipment need be installed driving and the associated user holds assembly to use, and has compatible, ease of use issues, and can only be applicable to terminal at present, can't use at channels such as mobile phone, phone, TVs.Simultaneously, still there is the risk of altered data in this kind mode and by Long-distance Control, causes the risk of malicious exploitation user certificate owing between upper layer application and the bottom encrypted signature all too many levels are arranged.
Above-mentioned various certificate scheme, otherwise fail safe is not high, and existence is stolen and smells the danger of probing, and can not protect transaction data etc.; Ease for use is not high, and the backstage is disposed and the user uses complexity, can't be extensive use of at various channels.
The utility model content
The utility model embodiment provides a kind of on-line bank background identity identification Apparatus and system, in order to the identity discriminating of financial transaction systems such as solution Web bank and the problem of transaction authentication.
One of the purpose of this utility model is, a kind of on-line bank background identity identification device is provided, and this device comprises: central processing unit, display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery; Wherein, central processing unit is connected with display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery respectively; Switch key receives that the user carries out touch by, carry out boot action; Display is to many key elements of user prompt password and personal authentication code PIN input request, and the user inputs many key elements password and PIN by digital keys; Display is selected information to the user prompt cipher mode, and the user is by cipher mode options button input cipher mode; Memory stores user key and cryptographic algorithm; Disturb maker to generate interference factor; The check code maker obtains corresponding cryptographic algorithm according to the cipher mode of user's input, and generate the check code of many key elements password according to interference factor, the user key that prestores and corresponding cryptographic algorithm, and many key elements password of check code and input compared, generate comparison result; Display shows comparison result; Central processing unit control display, switch key, digital keys, cipher mode options button, memory, interference maker and check code maker; Battery provides work energy.
One of the purpose of this utility model is, a kind of on-line bank background identity identification system is provided, and this system comprises: identification authentication system and transaction terminal; Transaction terminal is connected with the backstage certificate server, is used for by transaction page to many key elements of user prompt password, many key elements password generate pattern and short signature factor information; Identification authentication system comprises: central processing unit, display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery; Wherein, central processing unit is connected with display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery respectively; Switch key receives that the user carries out touch by, carry out boot action; Display is to many key elements of user prompt password and personal authentication code PIN input request, and the user inputs many key elements password and PIN by digital keys; Display is selected information to the user prompt cipher mode, and the user is by cipher mode options button input cipher mode; Memory stores user key and cryptographic algorithm; Disturb maker to generate interference factor; The check code maker obtains corresponding cryptographic algorithm according to the cipher mode of user's input, and generate the check code of many key elements password according to interference factor, the user key that prestores and corresponding cryptographic algorithm, and many key elements password of check code and input compared, generate comparison result; Display shows comparison result; Central processing unit control display, switch key, digital keys, cipher mode options button, memory, interference maker and check code maker; Battery provides work energy.
The beneficial effects of the utility model are, the utility model is by obtaining many key elements password, password generate pattern and short signature information from transaction page, many key elements password, password generate pattern and short signature information are imported by the mode of challenge on the display of the utility model device, the utility model device generates check code by information and self canned data, the coding method of user's input, authenticate with many key elements password of check code, thereby realization is to the authentication of transaction page and background server authenticity thereof to input.This reverse authentication method has improved the fail safe of transaction authentication.The utility model identification authentication system is that off line is used, need not to be connected with mobile phone, phone, computer, and the mode that this kind off line is used, the one, make device applicable to a plurality of electronic channels, use same authentication medium for multiple support channels and provide the foundation.The 2nd, improved the ease for use that authenticates medium, reduce device and used difficulty, need not to install driving and control program.The utility model identification authentication system and system can be used for authentication server end identity, support a password (OTP, One-Time password) and two kinds of mode of operations of short signature (SIGN) simultaneously.The utility model authenticate device provides the PIN code protection, avoids losing the risk that causes because of identification authentication system.Support the modification and the replacement of PIN code.
Description of drawings
In order to be illustrated more clearly in the utility model embodiment or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is embodiment more of the present utility model, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the utility model embodiment identification authentication system structured flowchart;
Fig. 2 is the utility model embodiment identification authentication system schematic appearance;
Fig. 3 is the utility model embodiment identification authentication system internal structure block diagram;
Fig. 4 is the schematic diagram of the utility model embodiment identity authorization system;
Fig. 5 is the utility model embodiment identity authorization system OTP mode of operation flow chart;
Fig. 6 is the utility model embodiment identity authorization system SIGN mode of operation flow chart.
Embodiment
Below in conjunction with the accompanying drawing among the utility model embodiment, the technical scheme among the utility model embodiment is clearly and completely described, obviously, described embodiment only is the utility model part embodiment, rather than whole embodiment.Based on the embodiment in the utility model, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the utility model protection.
As shown in Figure 1, on-line bank background identity identification device of the present utility model comprises: central processing unit 101, display 102, switch key 103, digital keys 104, cipher mode options button 105, memory 106, interference maker 107, check code maker 108 and battery 109; Wherein, central processing unit 101 is connected with display 102, switch key 103, digital keys 104, cipher mode options button 105, memory 106, interference maker 107, check code maker 108 and battery 109 respectively; Switch key 103 receives that users carry out touch by, carry out boot action; Display 102 is to many key elements of user prompt password and personal authentication code PIN input request, and the user is by digital keys 104 input many key elements password and PIN; Display 102 is selected information to the user prompt cipher mode, and the user is by cipher mode options button 105 input cipher mode; Memory 106 storage user key and cryptographic algorithms, disturb maker 107 to generate interference factor, check code maker 108 obtains corresponding cryptographic algorithm according to the cipher mode of user's input, and generate the check code of many key elements password according to interference factor, the user key that prestores and corresponding cryptographic algorithm, and many key elements password of check code and input compared, generate comparison result; Display 102 shows comparison result; Central processing unit 101 control displays 102, switch key 103, digital keys 104, cipher mode options button 105, memory 106, interference maker 107 and check code maker 108, battery 109 provides work energy.
The flow for authenticating ID of this embodiment is based on the flow for authenticating ID of dynamic token, can realize comprising disposable, many key elements password of a plurality of interference key elements such as time or incident, is used for user identity and differentiates and transaction authentication; Simultaneously, the identity identifying method of present embodiment provides the short signature function, can guarantee that transaction data can not distort non-repudiation.
The protection range of first level of many key elements of this embodiment password is based on current interference factor (comprising the current time, counter etc.) and produces a dynamic password; The protection range of second level of many key elements password is the consideration of being held as a hostage and distorting for the key message that further prevents to conclude the business; on basis based on current interference factor; add the transaction key message, in the lump as the generation factor of dynamic password (perhaps being identifying code).The application scenarios of the identity identifying method of present embodiment is not limited to the Internet, also comprises multiple electronic channels such as mobile phone, phone, ATM.
The identification authentication system of this embodiment has two kinds of mode of operations, and a kind of is a password (OTP, One-Time password) mode of operation, and another is short signature (SIGN) mode of operation.The OTP mode of operation according to certain algorithm, as digest algorithm or symmetric encipherment algorithm etc., produces disposal dynamic cipher mainly according to interference factor and client's key, reaches the purpose of identity discriminating and transaction authentication by this disposal password.The SIGN mode of operation is mainly according to client's input element (as dealing money and transaction account number), interference factor, client's key, according to certain algorithm, as digest algorithm or symmetric encipherment algorithm etc., produce relevant one-time transaction password with transaction data, by this password, what guarantee transaction data can not distort the non-repudiation of transaction.
The utility model is by obtaining many key elements password, password generate pattern and short signature information from transaction page, many key elements password, password generate pattern and short signature information are imported by the mode of challenge on the display of the utility model device, the utility model device generates check code by information and self canned data, the coding method of user's input, authenticate with many key elements password of check code, thereby realization is to the authentication of transaction page and background server authenticity thereof to input.This reverse authentication method has improved the fail safe of transaction authentication.
Embodiment
Log on as example with Web bank, introduce the handling process of OTP mode of operation.The identity authorization system of the utility model embodiment comprises: identification authentication system and internet bank trade terminal; Transaction terminal is connected with the on-line bank background certificate server, be used for OTP password that the backstage certificate server is produced by transaction page to user prompt.
As shown in Figure 2, the on-line bank background identity identification device of present embodiment comprises: display screen, enter key and shell.Enter key can be divided into function key and numeric keypad again.Display screen is used for the command information of display reminding input OTP password and PIN code, functions such as echo client's input; Numeric keypad is mainly used in information such as input OTP password, PIN code, transaction data; Function key has on ﹠ off switch, is used for starting and shutoff device; The PIN key is used to enter the PIN code update routine; The OTP key is used to enter the OTP mode of operation, according to current interference factor, client's key and OTP cryptographic algorithm, produces the OTP check code of disposal dynamic cipher; The SIGN key is used to enter the SIGN mode of operation, and produces the SIGN check code of short signature password according to client's input element, current interference factor, client's key and SIGN cryptographic algorithm.Shell is used for fixing and protects inner body and circuit, and has attractive in appearance and function that be easy to carry, use.The identification authentication system size of present embodiment is easy to carry about with one as bank card, can carry out appearance customization flexibly according to demand simultaneously.
As shown in Figure 3, the internal structure of the on-line bank background identity identification device of present embodiment comprises: central processing unit is used for carrying out computing according to various conditions and request; Display unit, input unit, memory cell, interference factor unit and power subsystem.Wherein, display unit comprises display screen and display driver chip etc., is used to show information, client's input and the encrypted message etc. of identification authentication system; Input unit comprises keyboard and input control logic, is used for the client and inputs OTP password or SIGN password, identification authentication system PIN code, transaction challenge, function selecting etc.; Memory cell is used to store client's key, and client's key difference of each identification authentication system can use the hardware random generator to produce, and memory cell is also preserved other information such as cryptographic algorithm; The interference factor unit is used to provide time or incident interference factor, if time factor then provides clock crystal oscillator, if the incident factor then provides event counter; As a kind of special case, identification authentication system can omit the interference factor unit, repeats for taking precautions against password, prevent multi-sending attack, can in the transaction element that requires the client to import, increase disposable information such as stochastic variable or timestamp, thereby guarantee the randomness of client password, realize one-time pad; Power subsystem is used to provide the assembly of identification authentication system electric energy, for example the double cell power supply of battery, replaceable reserve battery, rechargeable battery etc.Identification authentication system can adopt the touch switch physical protections such as self-destruction of realizing uncapping.
Identification authentication system has two kinds of mode of operations, and a kind of is the OTP mode of operation, and another is the SIGN mode of operation.The OTP mode of operation is mainly according to interference factor and client's key, according to certain algorithm,, produce the check code of disposal dynamic cipher as digest algorithm or symmetric encipherment algorithm etc., by the comparison of this disposal password and check code, reach the purpose of backstage identity discriminating and transaction authentication.
As shown in Figure 4, be the on-line bank background identity identification system of present embodiment, this system comprises: identification authentication system 201 and ATM terminal 202; ATM terminal 202 is connected with the backstage certificate server, is used for by transaction page to many key elements of user prompt password, many key elements password generate pattern and short signature factor information; Identification authentication system 201 comprises: central processing unit, display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery; Wherein, central processing unit is connected with display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery respectively; Switch key receives that the user carries out touch by, carry out boot action; Display is to many key elements of user prompt password and personal authentication code PIN input request, and the user inputs many key elements password and PIN by digital keys; Display is selected information to the user prompt cipher mode, and the user is by cipher mode options button input cipher mode; Memory stores user key and cryptographic algorithm, disturb maker to generate interference factor, the check code maker obtains corresponding cryptographic algorithm according to the cipher mode of user's input, and the check code that generates many key elements password according to interference factor, the user key that prestores and the corresponding cryptographic algorithm of input, and many key elements password of check code and input compared, display shows comparison result; Central processing unit control display, switch key, digital keys, cipher mode options button, memory, interference maker and check code maker, battery provides work energy.
As shown in Figure 5, the OTP mode of operation may further comprise the steps: the user carries identification authentication system and concludes the business on the banking terminal on the net.Wherein,
Step S201, client access Web bank login page, input login ID;
Step S202, the OTP password that page prompts is inputed on identification authentication system;
Step S203, client press the on ﹠ off switch of identification authentication system, open identification authentication system, promptly input this OTP password by input unit, and send instruction startup identification authentication system to processing unit;
Step S204, the display unit prompting client of identification authentication system imports PIN code;
Step S205, the client imports PIN code by input unit, processing unit obtains correct PIN code from memory cell, and relatively with the PIN code of client input, as correctly then display unit function selecting prompting is provided, as mistake then processing unit carry out the PIN code error accumulation and be recorded in memory cell, when not surpassing maximum errors number, display unit prompting client re-enters PIN code, when reaching maximum PIN code errors number, the processing unit refusal is compared PIN code once more and is calculated password, and identification authentication system is in locking state, can only carry out PIN code and reset, could continue to use identification authentication system;
Step S206, PIN code is correct, display unit prompting customer selecting OTP or SIGN function;
Step S207, client press the OTP key;
Step S208, input unit indication processing unit obtains client's key and OTP algorithm from memory cell, and according to current interference factor, the client's key that obtains and OTP algorithm, obtain the check code of disposable OTP password, check code can be that 6 bit digital are formed, as required can self-defined length and password span;
Step S209 compares the OTP check code that obtains and the OTP password of input, if consistent, then offers the customer authentication success by display unit, otherwise authentication failed.
The client closes identification authentication system by the identification authentication system on ﹠ off switch, this moment, the input unit instruction process unit was in closed condition with identification authentication system, do not close identification authentication system by hand as the client, identification authentication system is showing that OTP cryptographic check result can close after 15 seconds automatically, this time can be self-defined as required, and this overtime self-closing is initiatively initiated by processing unit.
The SIGN mode of operation is mainly according to client's input element, and interference factor, client's key are according to certain algorithm, produce the check code of relevant one-time transaction password with transaction data, by this check code, the legitimacy of verification SIGN password, thereby the authenticity of judgement background server.
As shown in Figure 6, the SIGN mode of operation may further comprise the steps:
Step S301, client enter the transaction typing page, typing transaction element;
Step S302, after system carries out the legitimacy verification of data and transaction, the echo trade confirmation page, and point out the client to use the dynamic identity authentication device to carry out the short signature authentication, and show SIGN password and transaction element (as: produce and change number of the account, dealing money and/or the character string etc. of concluding the business over to).The transaction character string can be that the user is in the backstage reserved information, such as: user's the pet name is Lily, after then system carries out the legitimacy verification of data and transaction, the echo trade confirmation page, and the prompting client uses the dynamic identity authentication device to carry out the short signature authentication, and demonstration SIGN password and user's pet name input request, this moment, the user needed to import respectively SIGN password and the Lily that shows on identification authentication system.
Step S303, client press the on ﹠ off switch of identification authentication system and open identification authentication system, input this SIGN password, and instruction process unit are in running order;
Step S304, processing unit instruction display unit prompting input PIN code;
Step S305, the client imports correct PIN code, and input unit passes to processing unit with the PIN of client's input, and processing unit obtains client's PIN code from memory cell, and compares with the PIN code of client's input;
Step S306 is if PIN code unanimity then direction display unit prompting client carries out OTP or SIGN function selecting;
Step S307, the client enters transaction short signature function by the SIGN key; The input unit instruction process unit is in the short signature function;
Step S308, the content that transaction page prompting short signature function need be imported;
Step S309, the content that the client points out according to transaction page, the input transaction number of the account and the amount of money and/or transaction character string on identification authentication system (as, user's pet name Lily), can be a plurality of field typings of branch, perhaps above-mentioned information is spliced into the disposable typing of a signature string.This typing length can be supported 256 bytes, perhaps carries out self-defined according to demand.If input error can use back spacer to remove wrong input, if remove delegation or all inputs, can pin back spacer 2 seconds, will empty certain delegation or all client's inputs afterwards, this operation can be carried out self-defined to input unit according to demand.The input unit Transaction Information of client's input the most at last passes to processing unit.The short signature content can be used the number of the account and the amount of money, and also some local digital of choosing from foregoing at random of backstage also maybe can be pointed out the transaction verification sign indicating number is carried out short signature; For this transaction, number of the account is produced in transaction in preferential recommendation and the amount of money is signed;
Step S310, the client presses the SIGN key again after the identification authentication system input is finished, and the input unit instruction process unit is carried out short signature.At first from memory cell, obtain client's key and SIGN cryptographic algorithm, obtain the current interference factor synchronous from the interference factor maker with background system, according to current interference factor, client's key, calculate the check code that generates the short signature password according to the SIGN cryptographic algorithm;
Step S311 compares the short signature password of input and the check code of generation, if consistent, then offers the customer authentication success by display unit, otherwise authentication failed.
For supporting that the client uses this authenticate device, need be in service quadrate part administration dynamic password management system, be used for life cycle managements such as client's key produces, stores, uses, cancels, freezes, thaws, dynamic password verification, error accumulation function are provided, the interference factor synchronizing function is provided, functions such as inquiry, statistics, monitoring are provided.
Identification authentication system is during to OTP and SIGN cryptographic check, if correctly then note, current interference factor can not re-use later; If mistake is then carried out error accumulation, can carry out password mistake day accumulative total or historical accumulative total.
In the SIGN mode of operation, interference factor participates in computing, can make the short signature password of same transaction element all different at every turn, avoids trading password to retransmit risk.
OTP mode of operation and SIGN mode of operation all can be used for identity to be differentiated and transaction authentication, is not limited to above-mentioned scene.For example, OTP mode of operation and SIGN mode of operation can be used for authentication server end identity, when client's login system, dynamic password management system backstage at first uses OTP or SIGN mode of operation to calculate a password, and show or pass to the client that the client can obtain current password equally by the authenticate device of oneself, if password is with the server unanimity, illustrating that server is real, is not the swindle of fishing website or phone.When using the SIGN mode of operation, also can be not at transaction data, and be to use certain information of appointing, as current transaction verification sign indicating number, the information that perhaps is reserved in server end is carried out short signature.Preferential identity of recommending to use the OTP mode of operation to carry out client or server differentiates, uses the SIGN mode of operation short signature of concluding the business.
Identification authentication system has the PIN code protection, during use, must import correct PIN code and just can carry out subsequent operation.
Do not have PIN code when identification authentication system dispatches from the factory, when using for the first time after the client takes, force the client that PIN code must be set.For example, when the client uses for the first time, press the on ﹠ off switch opening device, device prompting client is provided with PIN code, and the client is provided with 6 PIN code by numeric keypad, and re-enters once, this device verification unanimity, and then PIN code is provided with success.
Identification authentication system supports PIN code to revise, and the client presses the device on ﹠ off switch and starts, and the input PIN code enters the function selecting menu, the client enters the PIN code modify feature by the PIN key, and the client uses numeric keypad that 6 new PIN code are set, and re-enters once, device verification unanimity, then PIN code is revised successfully.
Identification authentication system supports PIN code to reset, and when the client forgets PIN code, needs to handle to the cabinet face, and device provides the PIN code function of reset that uses the challenge response mode.At the cabinet face, the client opens by this device on ﹠ off switch, by 2 seconds PIN keys, this moment, device obtained PIN replacement challenging value according to current interference factor and specific PIN replacement algorithm, as 6 bit digital, the client informs the teller with these 6 challenges, and the teller is typing in system, background system is challenged according to this, the current interference factor of client, client's cipher key calculation PIN resets and replys, and replys also 6 bit digital, returns teller terminal, the teller is by the print pin envelope, perhaps orally inform the client, the client imports this PIN replacement answer back code on authenticate device, after the device verification is correct, device is reset to no PIN code state, perhaps reset to certain default value.
Interference factor in the identification authentication system can adopt clock crystal oscillator or event counter, preferentially recommends clock crystal oscillator, and above-mentioned interference factor may be subjected to environment and artificial factor, causes inconsistent with server end record.Inaccurate as the clock crystal oscillator that causes too high or too low for temperature, event mode OTP artificially on probation and not with the backstage verification, cause this device and server end to count inconsistent.When above-mentioned situation occurring, need carry out Synchronous Processing to the device interference factor.
The client can arrive the cabinet face and carry out synchronously, the client uses this device to produce two OTP passwords continuously, and inform that the teller submits the backstage to, mate in certain mobility scale of interference factor according to two passwords that the client submits on the backstage, clock crystal oscillator tentative calculation OTP password in positive and negative 24 hours then for example, if event count tentative calculation OTP password in positive and negative 50 scopes then, as long as can mate client's two passwords of input continuously, get final product the current counting of positioner interference factor, adjust the server end record, finishing device is synchronous.Above-mentioned match window can carry out self-defined according to demand.
The identification authentication system size is easy to carry about with one as bank card, can carry out appearance customization flexibly according to demand simultaneously.The work of device is in low power consumpting state, and its electric weight effectively assurance device used more than 3 years, when electric weight exhausts or arrive the term of validity, and the replaceable new device of client, new equipment adopts new client's key.
Various electronic channels can utilize this device to carry out identity and differentiate and transaction authentication, if cooperate the static password of former channel to use together, can realize double factor authentication, guarantee client trading safety.
The utility model is by the implementation of transaction short signature, and the element of will concluding the business participates in the password generative process, makes this password can only be used for this transaction, if distort transaction or do other transaction with this password, server end all can't be verified and pass through; Guarantee can not distorting of transaction data by short signature, also played the effect of transaction non-repudiation simultaneously, the fail safe that has improved transaction authentication.The utility model identification authentication system is that off line is used, need not to be connected with mobile phone, phone, computer, and the mode that this kind off line is used, the one, make device applicable to a plurality of electronic channels, use same authentication medium for multiple support channels and provide the foundation.The 2nd, improved the ease for use that authenticates medium, reduce device and used difficulty, need not to install driving and control program.The utility model identification authentication system and system can be used for authentication server end identity, support two kinds of mode of operations of OTP and SIGN simultaneously.The utility model authenticate device provides the PIN code protection, avoids losing the risk that causes because of identification authentication system.Support the modification and the replacement of PIN code.
Used specific embodiment in the utility model principle of the present utility model and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present utility model and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present utility model, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as restriction of the present utility model.
Claims (4)
1. an on-line bank background identity identification device is characterized in that, described device comprises: central processing unit, display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery; Wherein,
Described central processing unit is connected with described display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery respectively.
2. on-line bank background identity identification device according to claim 1 is characterized in that, described interference units comprises:
Clock is used for the generation time data;
Event counter is used to generate the event count data.
3. an on-line bank background identity identification system is characterized in that, described system comprises: identification authentication system and transaction terminal;
Described transaction terminal is connected with the backstage certificate server;
Described identification authentication system comprises: central processing unit, display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery; Wherein, described central processing unit is connected with described display, switch key, digital keys, cipher mode options button, memory, interference maker, check code maker and battery respectively.
4. on-line bank background identity identification according to claim 3 system is characterized in that described interference units comprises:
Clock is used for the generation time data;
Event counter is used to generate the event count data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010201096598U CN201717874U (en) | 2010-02-05 | 2010-02-05 | Online banking background identity authentication device and system employing same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010201096598U CN201717874U (en) | 2010-02-05 | 2010-02-05 | Online banking background identity authentication device and system employing same |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201717874U true CN201717874U (en) | 2011-01-19 |
Family
ID=43463882
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010201096598U Expired - Lifetime CN201717874U (en) | 2010-02-05 | 2010-02-05 | Online banking background identity authentication device and system employing same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201717874U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109634512A (en) * | 2012-06-11 | 2019-04-16 | 三星电子株式会社 | Mobile device and its settlement method |
| CN111369343A (en) * | 2020-03-06 | 2020-07-03 | 中国银行股份有限公司 | Bank account processing method and device |
-
2010
- 2010-02-05 CN CN2010201096598U patent/CN201717874U/en not_active Expired - Lifetime
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109634512A (en) * | 2012-06-11 | 2019-04-16 | 三星电子株式会社 | Mobile device and its settlement method |
| CN111369343A (en) * | 2020-03-06 | 2020-07-03 | 中国银行股份有限公司 | Bank account processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101789864B (en) | On-line bank background identity identification method, device and system | |
| CN107888382B (en) | A kind of methods, devices and systems of the digital identity verifying based on block chain | |
| CN101800645B (en) | Identity authentication method, device and system | |
| CN201717873U (en) | Identity authentication device and system | |
| CN102214336B (en) | Payment management on mobile devices | |
| CN104135369A (en) | Time and event based one time password | |
| CN102222390A (en) | Multifunctional intelligent key device and working method thereof | |
| CN101577697B (en) | Authentication method and authentication system for enforced bidirectional dynamic password | |
| CN108629206A (en) | A kind of safe encryption method, encryption equipment and terminal device | |
| US8984599B2 (en) | Real time password generation apparatus and method | |
| CA2404227A1 (en) | Method and system for encryption and authentication | |
| CN201717874U (en) | Online banking background identity authentication device and system employing same | |
| CN101425118A (en) | Dynamic password generating method | |
| KR100835260B1 (en) | Internet-banking controll method | |
| CN201332401Y (en) | Compulsory two-way dynamic password authentication system and user password generator | |
| CN101739623A (en) | Trusted payment computer system | |
| CN105989477A (en) | Data interaction method | |
| BR102014012603B1 (en) | METHOD FOR AUTHENTICATION USING EFFECTIVE AND ANONYMOUS CREDENTIALS | |
| CN201378346Y (en) | Credible payment computer device | |
| CN114363030A (en) | Financial security metering device, system, method, storage medium and electronic equipment | |
| CN105991530A (en) | Data interaction system | |
| CN105991527A (en) | Data interaction system | |
| CN105989475A (en) | Data interaction method | |
| CN115018497A (en) | Mobile terminal digital currency wallet based on secure element and trusted execution environment | |
| CN105991531A (en) | Data interaction system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term |
Granted publication date: 20110119 |
|
| CX01 | Expiry of patent term |