CN202026332U - Information authentication system of client end for mobile telephone banking and mobile terminal - Google Patents

Information authentication system of client end for mobile telephone banking and mobile terminal Download PDF

Info

Publication number
CN202026332U
CN202026332U CN201120107720XU CN201120107720U CN202026332U CN 202026332 U CN202026332 U CN 202026332U CN 201120107720X U CN201120107720X U CN 201120107720XU CN 201120107720 U CN201120107720 U CN 201120107720U CN 202026332 U CN202026332 U CN 202026332U
Authority
CN
China
Prior art keywords
information
mobile phone
client
mobile
touch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CN201120107720XU
Other languages
Chinese (zh)
Inventor
张艳
周大文
王怡
朱道彬
张建平
姜鹏
曾凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN201120107720XU priority Critical patent/CN202026332U/en
Application granted granted Critical
Publication of CN202026332U publication Critical patent/CN202026332U/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Abstract

The embodiment of the utility model provides an information authentication system of a client end for mobile telephone banking and a mobile terminal. The mobile terminal comprises a mobile telephone body, a subscriber identity module (SIM) card and a client end chip, wherein the client end chip is arranged in the mobile telephone body; the client end chip comprises an SIM card information reading device, a hardware information reading device and a communication device, wherein the SIM card information reading device is used for reading the SIM card information of a mobile telephone; the hardware information reading device is used for reading the international mobile equipment identity (IMEI) of the mobile telephone; and the communication device is respectively connected with the SIM card information reading device and the hardware information reading device and is used for outputting the read mobile telephone number to obtain a command and the IMEI of the mobile telephone. The information authentication system of the client end for the mobile telephone banking and the mobile terminal are used for solving the problem of information safety of a mobile telephone banking system of the client end.

Description

A kind of Mobile banking client-side information Verification System and portable terminal
Technical field
The utility model about realize the technology of safe authenticating user identification and data encryption transmission in Mobile banking, is a kind of Mobile banking client-side information Verification System and portable terminal particularly about Mobile banking's information security technology specifically.
Background technology
Cell phone bank system has experienced several developing stage such as note Mobile banking, WAP Mobile banking, client mobile phone bank.The customer experience because client mobile phone bank can offer the best, so client mobile phone bank will become the technology main flow.
In the prior art under the B/S framework, the client working interface of Mobile banking realizes that by mobile phone browser main affairs logic realizes at server end (Server).The user need not install any special software, the browser software that uses operating system to carry just can access internet be used, this makes that just the optional security means of Mobile banking is limited, and bank can only adopt traditional B/S technical standard such as safe transmission layer protocol (TLS), user name cryptographic check to realize system safety.In the prior art under the C/S framework, Mobile banking's client, the complete client mobile phone banking system of the common formation of Mobile banking's server end.Client mobile phone bank has broken through the technical limitations of B/S framework, and the security control means are more versatile and flexible, and bank can require to do the personalized design exploitation according to inherently safe.Also, make the security control intensity of Mobile banking mainly determine by bank self just because of the flexibility of Mobile banking's client exploitation.If bank still adopts TLS, user name cryptographic check as unique security control means merely, then have drawback at secure context: simple user name/cipher authentication system is easy crack or fishing relatively; The fail safe of data in the public network transmission channel can only be guaranteed by tls protocol, client inside can not be guaranteed, and the data security in bank's internal network (for example user's critical data may be intercepted and captured by the interior employee of bank at bank's internal network).The function that present mobile phone client software development platform provides is very abundant, the API operating handset hardware capability that the third party application developer can provide by platform, or obtain mobile phone hardware information, make full use of the peculiar technology of these mobile phones, be applied to the Mobile banking security fields, can improve Mobile banking's security control intensity, reach the safety requirements of carrying out banking.
The utility model content
The utility model embodiment provides a kind of Mobile banking client-side information Verification System and portable terminal, to solve the problem of client mobile phone banking system Information Security.
One of the purpose of this utility model is, a kind of Mobile banking client-side information Verification System is provided, and this system comprises: mobile phone, WAP gateway, cell-phone number obtain server and Mobile banking's server; Mobile phone connects WAP gateway by wireless network; WAP gateway obtains server by the Internet connection cell-phone number; WAP gateway and cell-phone number obtain server respectively by Internet connection Mobile banking server; Mobile banking's server comprises: binding relationship memory, memory mobile phone number and the registered client of Mobile banking information binding relationship data and mobile phone IMEI and the registered client of Mobile banking information binding relationship data; The log-on message receiving system, the phone number and the IMEI of reception mobile phone; The authorization information output device is connected with the log-on message receiving system with the binding relationship memory respectively, phone number in phone number that output receives and IMEI and the corresponding binding relationship and the matching result information of IMEI; Be provided with the client chip in the mobile phone, the client chip comprises: the SIM card information read device, read the SIM card information of mobile phone; The hardware information reading device reads the IMEI of mobile phone; Communicator is connected with the hardware information reading device with the SIM card information read device respectively, the SIM card information of the mobile phone that output is read and the IMEI of mobile phone; WAP gateway receives the SIM card information of mobile phone and the IMEI of mobile phone, and according to the phone number of SIM card information extraction correspondence, transmits the cell-phone number that comprises phone number and obtain instruction, and transmit IMEI; Cell-phone number obtains server and receives the cell-phone number comprise phone number and obtain instruction, extracts phone number and output.
The binding relationship memory is memory mobile phone special exercise trace information and the registered client of Mobile banking information binding relationship data also; The log-on message receiving system also receives the motion track information of mobile phone; The matching result information of the mobile phone special exercise trace information in the motion track information that the authorization information output device is also exported mobile phone and the corresponding binding relationship; The client chip also comprises: the movement locus reading device, read the motion track information of mobile phone; Communicator is connected with the movement locus deriving means, the motion track information of output mobile phone.
The binding relationship memory is the binding relationship data of memory mobile phone touch-screen specific touch trace information and the registered client of Mobile banking information also; The log-on message receiving system also receives the touch-screen touch track information of mobile phone; The matching result information of the handset touch panel specific touch trace information in the touch-screen touch track information that the authorization information output device is also exported mobile phone and the corresponding binding relationship; The client chip also comprises: the touch track reading device, read the touch-screen touch track information of mobile phone; Communicator is connected with the touch track deriving means, the touch-screen touch track information of output mobile phone.
One of the purpose of this utility model is, a kind of Mobile banking client portable terminal is provided, and this portable terminal comprises: mobile phone body, SIM card and client chip, and the client chip is arranged in the mobile phone body; Wherein, the client chip comprises: the SIM card information read device, read the SIM card information of mobile phone; The hardware information reading device reads the IMEI of mobile phone; Communicator is connected with the hardware information reading device with the SIM card information read device respectively, and the cell-phone number that output is read obtains the IMEI of instruction and mobile phone.
Mobile phone body comprises: acceleration transducer; The client chip also comprises: the movement locus reading device is used to read the motion track information of mobile phone body; Communicator is connected with the movement locus reading device, the motion track information that output is read.
Mobile phone body comprises: touch-screen; The client chip also comprises: the touch track reading device, read the touch-screen touch track information of mobile phone; Communicator is connected with the touch track reading device, the touch-screen touch track information that output is encrypted.
The utility model can be widely used in a plurality of scenes that Mobile banking uses, the utility model combines the mobile phone hardware feature, can increase Mobile banking's security control, be embodied in following aspect: 1) binding mobile phone hardware information:, can guarantee that the user has only the mobile phone of use oneself could operate bank account with user mobile phone hardware information and Mobile banking's log-on message binding.Even the user name password is stolen, steal the bank account that the people also can't operate the people that is stolen, cause economic loss.2) user bound SIM card:, can guarantee that the user has only the SIM card of use oneself could operate bank account by with user mobile phone number and Mobile banking's log-on message binding.Even the user name password is stolen, steal the bank account that the people also can't operate the people that is stolen, cause economic loss.3) with the user hold mobile phone the time certain gestures as the safety certification means, further strengthened the fail safe of Mobile banking's login.4) particular track that the user is touched out on handset touch panel has further been strengthened the fail safe of Mobile banking's login as the safety certification means.
Description of drawings
In order to be illustrated more clearly in the utility model embodiment or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is embodiment more of the present utility model, for those skilled in the art, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 concerns schematic diagram for the utility model embodiment mobile phone and being provided with of SIM card and client chip;
Fig. 2 is the utility model embodiment Mobile banking client-side information Verification System connection diagram;
Fig. 3 is the structured flowchart of the client chip of the utility model embodiment system;
Fig. 4 is the structured flowchart of Mobile banking's server of the utility model embodiment system;
Fig. 5 is the circuit theory diagrams of the utility model embodiment mobile phone;
Fig. 6 is the theory diagram of the client chip of the utility model embodiment mobile phone;
Fig. 7 is the theory diagram of Mobile banking's server of the utility model embodiment and mobile communication;
Fig. 8 is the utility model embodiment Mobile banking client-side information Verification System workflow diagram.
Embodiment
Below in conjunction with the accompanying drawing among the utility model embodiment, the technical scheme among the utility model embodiment is clearly and completely described, obviously, described embodiment only is the utility model part embodiment, rather than whole embodiment.Based on the embodiment in the utility model, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the utility model protection.
The present embodiment method is that the characteristics that the mobile phone terminal equipment self has are combined with existing safe practices such as symmetric key encryption, asymmetric-key encryption, secure transport layers (TLS) agreements, forms a cover Mobile banking efficient public security system.
As shown in Figure 1, Mobile banking's client chip 101 and SIM card 102 have been installed on client's mobile phone 100.Client chip 101 can be chip or storage card.The client chip is inserted the interface of correspondence of mobile phone 100 or the storage card slot that the client stores card directly inserts mobile phone 100.SIM card 102 is a hardware unit, inserts in the SIM card slot of mobile phone 100.
By the API that manufacturer provides, application developers can read the hardware information of cell phone apparatus, include but not limited to the International Mobile Equipment Identity sign indicating number (International Mobile Equipment Identity, IMEI).IMEI is that global cell phone apparatus manufacturer follows unified naming rule to each cell phone apparatus numbering, can guarantee in the global range unique.With mobile phone hardware information and Mobile banking's user binding, limited subscriber can only use the cell phone apparatus login Mobile banking of binding to operate, and can accomplish " have only and utilize this mobile phone can operate corresponding bank account ", thereby strengthen security control.
The user uses Mobile banking, request is sent from the cell-phone customer terminal chip, at first enter the wireless network of mobile operator, operator finishes the conversion of wireless network to wired network by the base station, and final request is passed through the WAP gateway of operator through Internet network insertion banking system.Mobile operator by SIM card to subscription authentication, computing network flow and expense.Operator can discern user identity, and (International Mobile Subscriber Identification Number IMSI) finds corresponding cell-phone number by being stored in international mobile subscriber identity in the SIM card.When the request of obtaining of user's cell-phone number arrived operator's WAP gateway, WAP gateway can join user mobile phone number the request header field, and was transferred to operator's cell-phone number and obtains server.Operator's cell-phone number obtains server by resolving the cell-phone number in can obtaining asking, and provides cell-phone number information by standard interfaces such as Web Service to bank.Like this, by with the mobile operator cooperation, bank end can obtain the cell-phone number of the current SIM card correspondence of user automatically.Cell-phone number obtains automatically, can reduce cellphone subscriber's operating procedure on the one hand, does not need manual input username information; On the other hand, cell-phone number obtains automatically can accomplish " talent who only has this cell-phone number SIM card might operate corresponding bank account ", promptly finishes SIM card and the registered client's of Mobile banking binding, increases security control.
At present high-end smartphones is all supported touch screen operation, and the user uses finger to do in on-screen options, system can discern the user touch, thump, slide, long by, double-click, three different actions such as hit.The part mobile phone is supported multi-point touch (employing capacitive touch screen), more can discern amplifications, dwindles, the more action of horn of plenty such as while multi-point touch.More than action is called " gesture " (Gesture) in the mobile phone application technology.The high-end embedded in mobile phone accelerometer of part hardware unit particularly can the residing angle of perception mobile phone itself, the mobile phone speed, acceleration even the motion track that move.The gesture that this class mobile phone can be supported is variation more, and the user can rock mobile phone up and down, forms different gestures.
Third party's application developers can be discerned user's gesture by hardware programming, therefore can increase the gesture input function in Mobile banking's client, reserves personalization, self-defined gesture for the user.Preserve after the self-defined gesture digitlization,, can be used for following (but being not limited to) scene of security fields with Mobile banking's log-on message binding:
The release of Mobile banking's client chip: after Mobile banking's client is not received user's operation within a certain period of time, oneself's locking.During user's release, can import gesture motion, system identification user gesture is compared with reserving gesture, if coincide, and then release success.
Be used for Mobile banking's login: login process requires the user to import gesture, could login successfully after checking is passed through.
Composing factor as key: gesture can be used as one of generation factor of key, strengthens the fail safe of key itself.
As shown in Figure 2, Mobile banking's client-side information Verification System of the utility model embodiment comprises: client's mobile phone 100, mobile operator WAP gateway 200, mobile operator cell-phone number obtain server 300, Mobile banking's server 400, customer information of bank system 500.Client's mobile phone 100 connects the operator base station by operator's wireless cellular network; The operator base station connects mobile operator WAP gateway 200 by the inner cable network of operator; Mobile operator WAP gateway 200 obtains server 300 by Internet connection mobile operator cell-phone number; Mobile operator WAP gateway 200, mobile operator cell-phone number obtain server 300 and connect Mobile banking's server 400 by Internet, and bank is deployed with fire compartment wall between Mobile banking's server 400 and Internet; Mobile banking's server 400 is connected with customer information of bank system 500 by bank's internal network.
As shown in Figure 3, be provided with client chip 101 in the mobile phone 100, client chip 101 comprises: SIM card information read device 1011, read the SIM card information of mobile phone; Hardware information reading device 1012 reads the IMEI of mobile phone; Communicator 1013 is connected with hardware information reading device 1012 with SIM card information read device 1011 respectively, and the cell-phone number that output is read obtains the IMEI of instruction and mobile phone.
Mobile phone body comprises: acceleration transducer; The client chip also comprises: movement locus reading device 1014 is used to read the motion track information of mobile phone body; Communicator 1013 is connected with movement locus reading device 1014, the motion track information that output is read.
Mobile phone body comprises: touch-screen; The client chip also comprises: touch track reading device 1015, read the touch-screen touch track information of mobile phone; Communicator 1013 is connected with touch track reading device 1015, the touch-screen touch track information that output is encrypted.
WAP gateway 200 is used to receive cell-phone number and obtains instruction, and gets access to corresponding phone number according to SIM card information, generates and transmits the cell-phone number that comprises described phone number and obtain instruction; And receive Hardware I MEI, and forwarding hardware information IMEI; Cell-phone number obtains server 300 and is used to receive the cell-phone number that comprises phone number and obtains instruction, extracts phone number and output.
As shown in Figure 4, Mobile banking's server 400 comprises: binding relationship memory 401, memory mobile phone number and the registered client of Mobile banking information binding relationship data and mobile phone IMEI and the registered client of Mobile banking information binding relationship data; Log-on message receiving system 402, the phone number and the IMEI of reception mobile phone; Authorization information output device 403 is connected with log-on message receiving system 402 with binding relationship memory 401 respectively, phone number in phone number that output receives and IMEI and the corresponding binding relationship and the matching result information of IMEI.
Binding relationship memory 401 also is used for the binding relationship of memory mobile phone special exercise trace information and the registered client of Mobile banking information; Log-on message receiving system 402 also is used to receive the motion track information of described mobile phone; Whether the motion track information that authorization information output device 403 also is used for judging described mobile phone is complementary with the mobile phone special exercise trace information of corresponding binding relationship, if: then export the log-on message checking by message, if not: then export log-on message authentication failed message.
Binding relationship memory 401 also is used for the binding relationship of memory mobile phone touch-screen specific touch trace information and the registered client of Mobile banking information; Log-on message receiving system 402 also is used to receive the touch-screen touch track information of described mobile phone; Authorization information output device 403 is used for also judging that whether described touch-screen touch track information be complementary with the handset touch panel specific touch trace information of corresponding binding relationship, if: then export the log-on message checking by message, if not: then export log-on message authentication failed message.
As shown in Figure 5, client's mobile phone is meant the employed mobile phone of the user of Mobile banking, further in the mobile phone user's SIM card 102 and the client of Mobile banking chip 101 has been installed.Mobile banking's client chip 101 is meant Mobile banking's client hardware of bank's exploitation, is installed on the user mobile phone, and the user uses Mobile banking's function by this hardware of operation.Client's mobile phone comprises: radio frequency unit, baseband circuit, central processing unit, keyboard, touch-screen, FLASH, RAM, acceleration transducer and SIM card 102 and client chip 101.Utilize acceleration transducer to gather the movement locus of mobile phone (or claiming gesture information), the trace information that utilizes touch-screen collection client on handset touch panel, to touch.
In Fig. 2, mobile operator WAP gateway 200 is meant the WAP gateway equipment that mobile operator has.WAP gateway connects mobile operator internal network and Internet the Internet, is responsible for user's request is sent to the Internet.Use the user under the general scene of Mobile banking's service, operator's WAP gateway 200 is sent to Mobile banking's server 400 with user's service request; Obtain in bank under the scene of subscriber phone number, be that client's mobile phone 100 initiation cell-phone numbers obtain when asking, operator's WAP gateway 200 is at first discerned user identity, subscriber phone number is joined client requests message header field, again request is sent to the mobile operator cell-phone number and obtains server 300.
The mobile operator cell-phone number obtains server 300 and is meant mobile operator for providing cell-phone number to obtain service to third party developers such as banks, the server apparatus that is deployed in the Internet that provides.When client's mobile phone 100 initiation cell-phone numbers obtain request, from the request message that mobile operator WAP gateway 200 sends, parse cell-phone number, cell-phone number through digital signature, data encryption, is sent to Mobile banking's server 400.
Mobile banking's server 400 is meant that bank's end provides the system or the server of mobile banking service service.Its deploy Mobile banking's server-side device of bank exploitation, accept request, and finish Business Processing from Mobile banking's client chip.
Customer information of bank system 500 is meant that bank preserves the system of the registered client of Mobile banking information.Including but not limited to the user's registration information of Mobile banking, and with information such as the mobile phone IMEI information of its binding, cell-phone number.
The user uses client's mobile phone 100 as terminal equipment by native system, access network, and the access bank end system uses Mobile banking's function.The user uses the Mobile banking's client chip that is installed in client's mobile phone 100, Mobile banking's client chip is initiated service request to Mobile banking's server 400, request at first enters the wireless cellular network of mobile operator, the base station equipment that is moved operator's construction receives, ask then to insert the inner cable network of mobile operator through the base station, final by operator's WAP gateway 200 access Internet, arrive Mobile banking's server 400 that banking system is deployed in Internet, Mobile banking's server 400 receives user's service request, finish Business Processing, return result.Described service request is used the login of Mobile banking, request such as inquire about, transfer accounts including but not limited to the client, does not obtain request but do not contain cell-phone number.Further, when the user starts the Mobile banking's client chip that is installed in client's mobile phone 100, when using login feature, Mobile banking's client chip at first obtains server 300 initiation cell-phone numbers to operator's cell-phone number and obtains request, when request arrives operator's WAP gateway 200, WAP gateway is added on user mobile phone number in the request header field, again request message is transmitted operator's cell-phone number and obtained server 300, operator's cell-phone number obtains server 300 and parses cell-phone number, and phone number is sent to Mobile banking's server 400; After bank obtains user's phone number, with user in the customer information of bank system 500 register phone number compare right, in order to identifying user identity.After being proved to be successful, Mobile banking's server 400 returns the link of login page, and link is sent to client's mobile phone 100 through operator's WAP gateway 200.
As shown in Figure 6, Mobile banking's client chip 101 further comprises: cell-phone number obtains request module 111, hardware information acquisition module 112, transformation of data module 113, data encrypting and deciphering module 114, gesture processing module 115, safety communication module 116.Hardware information acquisition module 112 is connected with transformation of data module 113; Transformation of data module 113, gesture processing module 115 are connected with data encrypting and deciphering module 114 respectively; Data encrypting and deciphering module 114, cell-phone number obtain request module 111 and are connected with safety communication module 116 respectively.
Cell-phone number obtains request module 111, is responsible for initiating cell-phone number to mobile operator and obtains request.Start Mobile banking's client chip 101 the user, when using login feature, at first mutual by this module with mobile operator, obtain server 300 initiation cell-phone numbers to the mobile operator cell-phone number and obtain request, the request of obtaining provides user mobile phone number to bank according to cell-phone number in operator.
Hardware information acquisition module 112 is responsible for obtaining the hardware information of subscriber equipment from user mobile phone, include but not limited to the IMEI information of mobile phone.
Transformation of data module 113 is responsible for the IMEI information of user mobile phone is carried out certain deformation, obscured processing, and purpose is difficulty, the increase internet transmission safety of data that increases the decompiling of client chip.
Data encrypting and deciphering module 114, the key message of being responsible for submitting to when client login is encrypted, and purpose is an increase internet transmission safety of data.Need ciphered data to comprise but be not limited to: to the information after the IMEI information distortion of user mobile phone, user's gesture information, user login code and trading password.Described encryption can be a symmetric cryptography, and as a kind of execution mode, its ciphering process can be: a built-in initial key A in the client chip, key is preserved a at server end simultaneously.Before the encryption, server generates disposable random number B.A and B are combined formation one time key C.Client uses ciphering key to being out of shape the back data, uses symmetric key algorithm (as 3DES) to carry out symmetric key encryption.Decrypting process: similar with ciphering process, use and calculate ciphering key with quadrat method, use ciphering key and same algorithm deciphering.
Gesture processing module 115, the gesture motion of responsible process user.Gesture reserved function and gesture identification function are provided.The gesture reserved function refers to the self-defined gesture of user's typing, is converted to digitalized data and preserves.The gesture identification function can have two kinds of optional modes: (1) local identification, and reserve gesture information and be kept in the gesture processing module 115, whether the identification user judges with reserved data and coincide in the gesture motion of each function input; (2) server end identification, reserving gesture motion is kept in the customer information of bank system 5, gesture processing module 115 identification users are in the gesture motion of each function input, after the gesture motion digitlization, by encrypting, through safety communication module 116 information is sent to Mobile banking's server 400 and verifies.The gesture identification function can require the user to carry out gesture input and identification checking in starting the defeated scene that need carry out authentication such as close of Mobile banking's client chip, login authentication or transaction.
Safety communication module 116 is responsible for the network communication between Mobile banking's client chip and the Mobile banking's server.Because by the internet transmission data, communications protocol adopts safe transmission layer protocol (TLS), guarantees not exist in the Internet plaintext transmission between client and the server.Described safety communication module is responsible for initiating security request from client.
As shown in Figure 7, Mobile banking's server end 400 further comprises: Mobile banking's binding module 411, data encrypting and deciphering module 412, key management module 413, authenticating user identification module 414, Mobile banking's client management of software ic module 415, safety communication module 416.Key management module 413, authenticating user identification module 414, safety communication module 416 connect respectively at data encrypting and deciphering module 412; Mobile banking's client management of software ic module 415 is connected with safety communication module 416.
Mobile banking's binding module 411, information such as responsible reception user's mobile phone IMEI and cell-phone number, and be kept in the customer information of bank system, with Mobile banking's user's registration information binding.When the user opened Mobile banking in bank outlets, by using this module, obligate information was with the log-on message binding of user mobile phone bank.Obligate information is including but not limited to mobile phone IMEI, cell-phone number.User profile is kept in the customer information of bank system 500.
Data encrypting and deciphering module 412,114 supporting with the data encrypting and deciphering module of client, function is consistent.
Key management module 413 is responsible for the contents such as estranged, distribution, management of key.The related key of this method includes but not limited to: the initial key of symmetric cryptographic key, the one time key factor, the unsymmetrical key (public/private keys to) that uses when mutual with operator or digital certificate, be used for the digital certificate of client-side program binary signature.
Authenticating user identification module 414, whether the user login information that send on the responsible checking client is correct.The checking content includes but not limited to: whether user mobile phone number/login password mates, whether identifying code is imported correctly, whether mobile phone IMEI mates with log-on message, whether user's gesture is correct.
Mobile banking's client management of software ic module 415 is responsible for safeguarding the information of all client releases, and compatible control of client release and edition upgrading management function are provided.
Safety communication module 416 cooperates with the safety communication module of client.By disposing the server certificate that the third-party institution issues, shake hands with client, set up the TLS secure transmission tunnel, guaranteeing does not have plaintext transmission in the Internet.
As shown in Figure 8, the job step of Mobile banking's client-side information Verification System of present embodiment comprises:
Step 801: the user starts Mobile banking's client chip, uses login feature;
Step 802: cell-phone number obtains request module 111 and initiates cell-phone number to mobile operator and obtain request;
Step 803: when cell-phone number obtained request process mobile operator WAP gateway 200, WAP gateway 200 identification user identity with the user mobile phone number of correspondence, were added into the request header field; And the cell-phone number request of obtaining is forwarded to the mobile operator cell-phone number and obtains server 300;
Step 804: the mobile operator cell-phone number obtains server 300 receive request after, from request header, resolve cell-phone number;
Step 805: operator's cell-phone number obtains server 300 with cell-phone number process digital signature, data encryption, sends to Mobile banking's server 400;
Step 806: after Mobile banking's server 400 receives above-mentioned information, test and sign and deciphering, obtain cell-phone number, with the Mobile banking's log-on message comparison in the customer information of bank system 500, after checking is passed through,, return the link of login page by operator's WAP gateway 200;
Step 807: Mobile banking's client chip shows link;
Step 808: the client shows the login page that is returned by Mobile banking's server by clicking described link;
Step 809: hardware information acquisition module 112 reads the IMEI information of user mobile phone;
Step 810: transformation of data module 113, the IMEI information of user mobile phone is done the displacement deformation process;
Step 811: data encrypting and deciphering module 114, use symmetric key algorithm (as 3DES) to as described in information after the distortion, and login password, the identifying code of user's input after encrypting in the lump, by operator's WAP gateway 200, are submitted Mobile banking's server 400 to;
Step 812: the data encrypting and deciphering module 412 of Mobile banking's server 400, adopt symmetric key algorithm to be decrypted to the enciphered message that receives;
Step 813: authenticating user identification module 414, be responsible for whether checking user mobile phone number/login password mates, whether identifying code is imported correctly, whether mobile phone IMEI information mates with log-on message.
Step 814: as verify errorlessly, then check and pass through.
Step 815: Mobile banking's client chip, login authentication or transaction are defeated close etc. need carry out in the scene of authentication the input gesture motion starting can to require the user further.In the present embodiment, be example with utilization in the scene of carrying out login authentication in Mobile banking's client.The user is according to prompting input gesture work (as rocking mobile phone), and gesture processing module 115 is discerned user's gestures, and compares with user's gesture of reserving;
Step 816: judge whether user's gesture coincide with the reservation gesture;
Step 817: if judgement does not match, can require the user to re-enter, surpass regulation number of retries login failure;
Step 818: pass through if Mobile banking's client chip is judged verification, login successfully.
Present embodiment can be widely used in a plurality of scenes that Mobile banking uses, the utility model combines the mobile phone hardware feature, can increase Mobile banking's security control, be embodied in following aspect: 1) binding mobile phone hardware information:, can guarantee that the user has only the mobile phone of use oneself could operate bank account with user mobile phone hardware information and Mobile banking's log-on message binding.Even the user name password is stolen, steal the bank account that the people also can't operate the people that is stolen, cause economic loss.2) user bound SIM card:, can guarantee that the user has only the SIM card of use oneself could operate bank account by with user mobile phone number and Mobile banking's log-on message binding.Even the user name password is stolen, steal the bank account that the people also can't operate the people that is stolen, cause economic loss.3) with the user hold mobile phone the time certain gestures as the safety certification means, further strengthened the fail safe of Mobile banking's login.4) particular track that the user is touched out on handset touch panel has further been strengthened the fail safe of Mobile banking's login as the safety certification means.
Used specific embodiment in the utility model principle of the present utility model and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present utility model and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present utility model, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as restriction of the present utility model.

Claims (6)

1. Mobile banking's client-side information Verification System, it is characterized in that described system comprises: mobile phone, WAP gateway, cell-phone number obtain server and Mobile banking's server;
Described mobile phone connects described WAP gateway by wireless network; Described WAP gateway obtains server by the described cell-phone number of Internet connection; Described WAP gateway and cell-phone number obtain server respectively by the described Mobile banking of Internet connection server;
Described Mobile banking server comprises: binding relationship memory, memory mobile phone number and the registered client of Mobile banking information binding relationship data and mobile phone IMEI and the registered client of Mobile banking information binding relationship data; The log-on message receiving system receives the phone number and the IMEI of described mobile phone; The authorization information output device is connected with the log-on message receiving system with described binding relationship memory respectively, phone number in phone number that output receives and IMEI and the corresponding binding relationship and the matching result information of IMEI;
Be provided with the client chip in the described mobile phone, described client chip comprises: the SIM card information read device, read the SIM card information of described mobile phone; The hardware information reading device reads the IMEI of described mobile phone; Communicator is connected with the hardware information reading device with described SIM card information read device respectively, the SIM card information of the mobile phone that output is read and the IMEI of mobile phone;
Described WAP gateway receives the SIM card information of mobile phone and the IMEI of mobile phone, and according to the phone number of SIM card information extraction correspondence, transmits the cell-phone number that comprises described phone number and obtain instruction, and transmit described IMEI;
Described cell-phone number obtains the described cell-phone number that comprises described phone number of server reception and obtains instruction, extracts described phone number and output.
2. Mobile banking according to claim 1 client-side information Verification System is characterized in that,
Described binding relationship memory is memory mobile phone special exercise trace information and the registered client of Mobile banking information binding relationship data also; Described log-on message receiving system also receives the motion track information of described mobile phone;
The matching result information of the mobile phone special exercise trace information in the motion track information that described authorization information output device is also exported described mobile phone and the corresponding binding relationship;
Described client chip also comprises: the movement locus reading device, read the motion track information of described mobile phone; Described communicator is connected with described movement locus deriving means, exports the motion track information of described mobile phone.
3. Mobile banking according to claim 1 client-side information Verification System is characterized in that,
Described binding relationship memory is the binding relationship data of memory mobile phone touch-screen specific touch trace information and the registered client of Mobile banking information also; Described log-on message receiving system also receives the touch-screen touch track information of described mobile phone;
The matching result information of the handset touch panel specific touch trace information in the touch-screen touch track information that described authorization information output device is also exported described mobile phone and the corresponding binding relationship;
Described client chip also comprises: the touch track reading device, read the touch-screen touch track information of described mobile phone; Described communicator is connected with described touch track deriving means, exports the touch-screen touch track information of described mobile phone.
4. Mobile banking's client portable terminal, described portable terminal comprises: mobile phone body and SIM card; It is characterized in that described portable terminal also comprises: the client chip, described client chip is arranged in the described mobile phone body; Wherein,
Described client chip comprises:
The SIM card information read device reads the SIM card information of described mobile phone;
The hardware information reading device reads the IMEI of described mobile phone;
Communicator is connected with the hardware information reading device with described SIM card information read device respectively, and the cell-phone number that output is read obtains the IMEI of instruction and mobile phone.
5. Mobile banking according to claim 4 client portable terminal is characterized in that described mobile phone body comprises: acceleration transducer; Described client chip also comprises:
The movement locus reading device is used to read the motion track information of described mobile phone body;
Described communicator is connected with described movement locus reading device, the motion track information that output is read.
6. Mobile banking according to claim 4 client portable terminal is characterized in that described mobile phone body comprises: touch-screen; Described client chip also comprises:
The touch track reading device reads the touch-screen touch track information of described mobile phone;
Described communicator is connected with described touch track reading device, the touch-screen touch track information that output is encrypted.
CN201120107720XU 2011-04-13 2011-04-13 Information authentication system of client end for mobile telephone banking and mobile terminal Expired - Lifetime CN202026332U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201120107720XU CN202026332U (en) 2011-04-13 2011-04-13 Information authentication system of client end for mobile telephone banking and mobile terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201120107720XU CN202026332U (en) 2011-04-13 2011-04-13 Information authentication system of client end for mobile telephone banking and mobile terminal

Publications (1)

Publication Number Publication Date
CN202026332U true CN202026332U (en) 2011-11-02

Family

ID=44851265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201120107720XU Expired - Lifetime CN202026332U (en) 2011-04-13 2011-04-13 Information authentication system of client end for mobile telephone banking and mobile terminal

Country Status (1)

Country Link
CN (1) CN202026332U (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103167444A (en) * 2011-12-19 2013-06-19 中国电信股份有限公司 Method, system, client and server of acquiring user cell phone number from website
CN103428699A (en) * 2013-07-16 2013-12-04 李锦风 Registration binding and identity authentication method based on mobile phone hardware feature information
CN104506491A (en) * 2014-11-28 2015-04-08 小米科技有限责任公司 Personal data account management method and device
CN104618356A (en) * 2015-01-20 2015-05-13 广东欧珀移动通信有限公司 Identity verification method and device
CN112634501A (en) * 2021-01-04 2021-04-09 深圳市法本信息技术股份有限公司 Visitor authorization method for property management

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103167444A (en) * 2011-12-19 2013-06-19 中国电信股份有限公司 Method, system, client and server of acquiring user cell phone number from website
CN103167444B (en) * 2011-12-19 2015-09-30 中国电信股份有限公司 Website obtains the method for subscriber phone number, system, client and server
CN103428699A (en) * 2013-07-16 2013-12-04 李锦风 Registration binding and identity authentication method based on mobile phone hardware feature information
CN104506491A (en) * 2014-11-28 2015-04-08 小米科技有限责任公司 Personal data account management method and device
CN104506491B (en) * 2014-11-28 2018-11-23 小米科技有限责任公司 Personal data accounts management method and device
CN104618356A (en) * 2015-01-20 2015-05-13 广东欧珀移动通信有限公司 Identity verification method and device
CN104618356B (en) * 2015-01-20 2018-02-16 广东欧珀移动通信有限公司 Auth method and device
CN112634501A (en) * 2021-01-04 2021-04-09 深圳市法本信息技术股份有限公司 Visitor authorization method for property management

Similar Documents

Publication Publication Date Title
CN102143482B (en) Method and system for authenticating mobile banking client information, and mobile terminal
US7697920B1 (en) System and method for providing authentication and authorization utilizing a personal wireless communication device
CN101414909B (en) System, method and mobile communication terminal for verifying network application user identification
CN109328348B (en) Service authentication method, system and related equipment
CN111615105B (en) Information providing and acquiring method, device and terminal
RU2411670C2 (en) Method to create and verify authenticity of electronic signature
US20040097217A1 (en) System and method for providing authentication and authorization utilizing a personal wireless communication device
US9344896B2 (en) Method and system for delivering a command to a mobile device
US9680841B2 (en) Network authentication method for secure user identity verification using user positioning information
CN112953970B (en) Identity authentication method and identity authentication system
JP2009540458A (en) Authentication method and authentication system
KR20070048815A (en) System and method for the one-time password authentication by using a smart card and/or a mobile phone including a smart-card chip
CN103297231A (en) Identity authentication method and system
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
CN202026332U (en) Information authentication system of client end for mobile telephone banking and mobile terminal
CN103886661A (en) Entrance guard management method and system
CN101668288A (en) Identity authenticating method, identity authenticating system and terminal
CN102111271A (en) Network security authentication method and device as well as authentication method of hand-held electronic device
CN106790080A (en) Secure communication of network method and apparatus between operation system and electronic certificate system
CN101944216A (en) Two-factor online transaction safety authentication method and system
CN110278083A (en) ID authentication request treating method and apparatus, equipment replacement method and apparatus
CN103138935B (en) A kind of identity authorization system based on telecom operators
KR101792220B1 (en) Method, mobile terminal, device and program for providing user authentication service of combining biometric authentication
CN103312678A (en) Client security login method, device and system
JP2017535893A (en) Payment verification method, apparatus and system

Legal Events

Date Code Title Description
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20111102