Embodiment
Below in conjunction with the accompanying drawing in the utility model embodiment, the technical scheme in the utility model embodiment is clearly and completely described, obviously, described embodiment is only the utility model part embodiment, rather than whole embodiment.Based on the embodiment in the utility model, those of ordinary skills are not making the every other embodiment obtaining under creative work prerequisite, all belong to the scope of the utility model protection.
In order to address the above problem, the utility model embodiment provides a kind of terminal banking safety certifying method, mobile terminal and system.Below in conjunction with accompanying drawing, the utility model is elaborated.
Embodiment mono-
The utility model embodiment provides a kind of terminal banking safety certifying method, and as shown in Figure 1, the method comprises:
Step 101, obtains the IC-card security information of bank IC card and the SIM card information of mobile phone of inserting mobile phone;
Step 102, verifies IC-card security information;
Step 103, after IC-card security information is proved to be successful, is sent to backstage according to the mobile banking service of selecting by IC-card security information and SIM card information;
Step 104, backstage is verified IC-card security information and SIM card information;
Step 105, after backstage is to IC-card security information and SIM card Information Authentication success, backstage transmission and the corresponding security information of mobile banking service and business information are to terminal;
Step 106, completes mobile banking service according to the corresponding security information of mobile banking service and business information.
After the bank IC card that inserts mobile phone is verified, IC-card security information and SIM card information are sent to backstage, after backstage is to IC-card security information and SIM card Information Authentication success, backstage sends and the corresponding security information of mobile banking service and business information, with the mobile banking service that gone to bank at cellular network, like this, by increasing bank IC card and the checking to bank IC card, increase the fail safe of mobile phone Internet-based banking services, than prior art, by the utility model embodiment, the fail safe of Internet-based banking services is better.
Above-mentioned bank IC card is the IC-card mating with this mobile phone.
After bank IC card is inserted into mobile phone, select in the following way mobile banking service: first, select mobile banking service by predetermined way; Afterwards, be silent status by other function setting outside the basic telephone signal receiving function of mobile phone and basic network communication function.
Particularly, in the time that bank IC card inserts mobile phone, whether mobile phone page prompts enters safe mobile phone Bank application, and the predetermined way of confirmation can be long by dial key, treat that the mobile phone page occurs that Mobile banking's application welcome page represents to enter Bank application, user can select mobile banking service.Preferably, for safety, safe mobile phone Bank application can only can use this kind of mode to enter, and in other application of application start period mobile phone, except basic telephone signal receiving function and basic network communication function reservation operation, other functions are applied all in silent status.If there is incoming call prompting, and select to receive calls, safe mobile phone Bank application will automatically be closed and exit, and after end of conversation, user need login again.
Above-mentioned IC-card security information is verified and comprised: the key information of IC-card security information and mobile phone storage is verified; Mate with key information if the result is IC-card security information, represent IC-card security information to be proved to be successful.
Backstage is verified and is comprised IC-card security information and SIM card information: judge whether IC-card security information and SIM card information are binding relationship; If so, represent IC-card security information and SIM card Information Authentication success.
After IC-card security information and SIM card Information Authentication success, what backstage sent at least comprises with the corresponding security information of mobile banking service: the effective time of random cipher and described random cipher.If random cipher does not correctly use within effective time, this random cipher lost efficacy.
Authentication to bank IC card and SIM card of checking by above-mentioned mobile phone to bank IC card, backstage and have the random cipher of effective time, can further improve the fail safe of mobile banking service.
Embodiment bis-
The utility model embodiment also provides a kind of mobile terminal, is preferably used for realizing the above embodiments one.As shown in Figure 2, this terminal comprises communications portion 1 and mobile banking's application apparatus 2.
As shown in Figure 3, this mobile banking's application apparatus 2 comprises: IC-card socket groove 21 (not shown), IC-card card reader 22, SIM card card reader 23, IC-card security information proofing chip 24, data source 25, data sink 26 and microcontroller 27, wherein, microcontroller is connected with IC-card card reader, SIM card card reader, IC-card security information proofing chip, data source, data sink respectively
IC-card socket groove 21, is arranged at mobile terminal side, for inserting bank IC card;
IC-card card reader 22, for obtaining the IC-card security information of the bank IC card that inserts mobile phone;
SIM card card reader 23, for obtaining the SIM card information of mobile phone;
IC-card security information proofing chip 24, for verifying IC-card security information;
Data source 25, for after IC-card security information is proved to be successful, is sent to backstage according to the mobile banking service of selecting by IC-card security information and SIM card information;
Data sink 26, for receive backstage send with the corresponding security information of mobile banking service and business information so that user is according to completing mobile banking service with the corresponding security information of mobile banking service and business information.
Can be found out by above description, after the bank IC card of insertion mobile phone being verified by IC-card security information proofing chip, IC-card security information and SIM card information are sent to backstage by data source, after backstage is to IC-card security information and SIM card Information Authentication success, data sink receives backstage and sends and the corresponding security information of mobile banking service and business information, with the mobile banking service that gone to bank at cellular network, like this, by increasing bank IC card and the checking to bank IC card, increase the fail safe of mobile phone Internet-based banking services, than prior art, by the utility model embodiment, the fail safe of Internet-based banking services is better.
As shown in Figure 4, above-mentioned mobile banking application apparatus also comprises:
Mobile banking service selector 28, is connected with microcontroller, for selecting mobile banking service by predetermined way;
Silent status arranges circuit 29, is connected, for being silent status by other function setting outside the basic telephone signal receiving function of mobile phone and basic network communication function with microcontroller.
Particularly, IC-card security information proofing chip 24 specifically for: the key information of IC-card security information and mobile phone storage is verified; Mate with key information if the result is IC-card security information, represent IC-card security information to be proved to be successful.
What data sink received at least comprises with the corresponding security information of mobile banking service: the effective time of random cipher and random cipher.
Below provide an example.
Fig. 5 is according to the outside drawing of the mobile terminal of the utility model embodiment, and as shown in Figure 5, this mobile terminal 51 comprises:
By responding to, touch screen, IC-card socket 511 form this mobile terminal, basic cell phone apparatus module, and this product support contact reads extraneous chip card 512; Touch screen is the input of major transaction information and the output device of transaction results, and product support mobile banking demand can realize the functions such as cell phone network is checked account, transferred accounts, remittance.
IC-card socket is placed in limit, mobile phone left side, and card read head is embedded on interior of mobile phone circuit board, for reading bank's card image.The application of embedded in mobile phone Mobile banking, this applies outside independent and intelligent mobile phone system, is preserved and is controlled by special chip, without the safety problem of worrying smart mobile phone wooden horse and so on, completes physics and the isolation of dual safety in logic.
Equipment is specified special key 513, for example multiplexing dial key, in the time of bank's intellective IC card interventional instrument, whether page prompts enters safe mobile phone Bank application, confirmation mode is pressed dial key for long, treats that the mobile phone page occurs that Mobile banking's application welcome page represents to enter Bank application.Safe mobile phone Bank application only can use this kind of mode to enter, and in other application of application start period mobile phone, except basic telephone signal receiving function and basic network communication function reservation operation, other functions are applied all in silent status.If there is incoming call prompting, and select to receive calls, safe mobile phone Bank application will automatically be closed and exit, and after end of conversation, user need login again.Can further improve like this fail safe of mobile banking service.
Fig. 6 a, 6b are the internal logic structure schematic diagrames according to the mobile terminal of the utility model embodiment, as shown in Fig. 6 a, 6b:
This mobile terminal is double circuit board, and positive (shown in Fig. 6 a) is B plate, and reverse side (shown in Fig. 6 b) is A plate.Wherein, B plate comprises touch screen display module 201, touch screen controller 202, A plate comprises that between SIM card draw-in groove 203, communication module 204, bank IC card draw-in groove 205, main control module 206, memory module 207, security module 208, supply module 209, two plates, using winding displacement to connect communicates by letter.
This mobile terminal is take basic mobile terminal as main body, increase the safe mobile phone Bank application function being independent of outside cell phone intelligent system, its module connects take main control module 206 as core, provide energy by supply module 209 for device, main control module 206 is controlled SIM card draw-in groove 203 and is obtained SIM card information, and realize mobile communication by communication module 204, connect memory module 207 and obtain intelligent system information and customer data.Main control module 206 is connected with touch screen controller 202 with B plate winding displacement by A plate winding displacement, by touch screen controller control touch screen display module 201 display system information, touch screen controller 202 also comprises that touch screen button feeds back to main control module 206 and processes user profile to accept user's basic operation.Main control module 206 is by connecting security module 208 Real-time Obtaining bank IC card groove 205 states, the information of whether inserting to obtain card, in the time meeting Mobile banking's application start condition, main control module is by the Mobile banking's application starting in security module 208, and intelligent mobile phone system and the related application thereof of mourning in silence in memory module 207, in order to guarantee the safe operation of Mobile banking's application.
Below describe above-mentioned module in detail.
Touch screen display module 201, is mainly used in the input of Transaction Information and the output device of transaction results, and user shows by touch screen, carries out phone operation or Net silver operation.
Touch screen controller 202, is mainly used in carrying out touch screen management and guarantees input message safety, and is responsible for processing special key startup safety network bank application function, completes the random switching of cell-phone function and mobile internet bank function.
SIM card draw-in groove 203, uses SIM card information for reading communication, realizes mobile communication function together with remote communication module, should support existing all mobile network's format analysis.
Communication module 204 for realizing mobile network communication, can complete mobile communication business together with SIM card.
Bank IC card draw-in groove 205; for this terminal and chip card communicates and the critical component of data transaction; can be associated with security module 208; be used for guaranteeing based on communicating by letter normally between bank's intellective IC card and terminal; obtain card certificate data, assisted the safe handling process in transaction and process of exchange.
Main control module 206, for the core of this termination function scheduling, possess software and the hardware configuration composition of operating system, the application program and the smart mobile phone application program that meet all kinds of passwords generation demands can be installed on to memory module 207, and switchable device pattern is to start safety network bank function.For realizing function of the present utility model, equipment bottom is hardware device and intelligent system platform, hardware components should possess the association's of encryption processing capacity and basic communications device required function, and issuing bank possesses absolute control authority to the safety network bank application on intelligent system platform; Possess trading processing application module in application layer, be responsible for application schedules and processing in the whole safety input device based on bank's intellective IC card in process of exchange.
Memory module 207, for the storage of support equipment extension application and provide large capacity storage space in order to place client personal document.
Security module 208, applies and realizes its encrypting and decrypting computing for storage security Net silver, and memory device certificate.This security module 208 is supported the basic cryptographic calculation such as RSA, DES, and can be according to the sensitive information of bank's demand storage area; Have safeguard function simultaneously, in the time running into malicious attack, can initiatively empty data and can not divulge a secret with assurance.In specific implementation process, this module also should meet following hsrdware requirements:
(1) unique sequence number;
(2) chip hardware fail safe obtains the authentication of EAL4 level;
(3) the anti-tamper design of chip, has the measure that prevents that SEMA/DEMA, SPA/DPA, DFA and sequential from attacking;
(4) data security storage, high-low pressure detects, height frequency detecting;
(5) real random number generator: utilize the electromagnetism white noise of chip internal to produce, can not repeat;
(6) hardware encipher coprocessor: internal hardware logical circuit is realized symmetry algorithm 3DES, and encryption/decryption speed is fast.
Supply module 209, provides equipment required electric power, is generally 3.7V3000mA lithium battery.
Embodiment tri-
The utility model embodiment also provides a kind of terminal banking security certification system, and this system preferably includes the mobile terminal in above-described embodiment two.As shown in Figure 7, this system comprises: mobile terminal 71, bank IC card 72, bank backstage 73, Mobile banking's server 74, wherein, the communication between mobile terminal, bank backstage, Mobile banking's server is used session key.
Wherein, as shown in Figure 8, bank backstage 73 comprises:
End message authentication unit 731, verifies for IC-card security information and SIM card information;
Mobile banking service information transmitting unit 732, for after to IC-card security information and SIM card Information Authentication success, sends with the corresponding security information of mobile banking service and business information to terminal.
Mobile banking's server completes mobile banking service according to the corresponding security information of mobile banking service and business information.
By bank backstage to inserting the bank IC card of mobile phone and the checking of SIM card information, and transmission and the corresponding security information of mobile banking service and business information, with the mobile banking service that gone to bank at cellular network, like this, by increasing bank IC card and the checking to bank IC card, increase the fail safe of mobile phone Internet-based banking services, than prior art, by the utility model embodiment, the fail safe of Internet-based banking services is better.
In practical operation, as shown in Figure 9, by chip card that holder holds (, above-mentioned bank IC card) 307, holder's hold is with the mobile terminal 306 of safety network bank application, stable mobile wireless network, receive user profile by mobile network service 305, and by secured communication channel independently 304 and mobile banking's background communication, between mobile network service 305 and secured communication channel 304, belong to and be closed with Network Communication in spider lines, mobile bank system is confirmed user identity by authentication module 303, then enter accounting processing module 302 and carry out Business Processing, in the time that needs use payment function, system also will provide payment authentication module 301 to compare to the accounts information of card user, to guarantee safety.
Figure 10 is that wherein, mobile terminal can be referring to Fig. 6 a, 6b according to the terminal banking security certification system of the utility model embodiment operational flowchart of transferring accounts, and its operating process is as follows:
Step 100, user inserts the card into bank IC card draw-in groove 205, long by Secure Application control button, touch screen controller 202 is crossed information exchange B plate winding displacement and conducts to the main control module 206 of A plate, main control module 206 starts the equipment moving Bank application in security module 208, and touch screen display module 201 points out user to require typing card to log in password;
Step 101, user by logging in password by 201 typings of touch screen display module under mobile banking's applied environment, and security module 208, by calling bank IC card draw-in groove 205, is sent check request to card;
Step 102, card carries out cryptographic check by personal identification number checking command, and by the built-in key of external authentication flow process comparison device security module 208, if success, carrying out internal authentication operation uses the built-in key of card to use 3DES calculating verification msg to send to equipment to verify, if all success, reads card certificate information and terminal certificate information, and produces signature value;
Step 103, communication module 204 is called the interior SIM card information realization of SIM card draw-in groove 203 wireless communication, information is sent to mobile network service, mobile network service is crossed Intranet cable network passage by information exchange and is submitted in secured communication channel, and the information that secured communication channel sends end message by private wire network ruton road again offers bank backstage;
Step 104, the information that the authentication module calibration equipment on bank backstage sends is also confirmed card and whether equipment is bound;
Step 105, if confirmed binding relationship, and after confirming that card and terminal certificate are correct, issue server signature information and server certificate information by uploading information channel, after terminal has been verified, send the session key being formed by 16 byte random numbers that produces of security module 208, and upload to mobile banking's background identity identification module and store, its subsequent communications is used session key to communicate protection, until user exits mobile banking's application;
Step 106, after consulting successfully, user selects the money transfer transactions input amount of money and other business information;
Step 107, security module 208 is obtained accounts information in IC-card by bank IC card draw-in groove 205, and uses the initialization operation of transferring accounts to obtain checking data and use session key to upload to mobile banking backstage by data transmission channel;
Step 108, mobile banking's background authentication checking data, if successfully Account Transaction History is transferred to security module 208 by session key protection, module is carried out the operation of transferring accounts, if transaction verification data upload mobile banking backstage is returned in success;
Step 109, checking data is verified on mobile banking backstage again, is shown in touch screen display module 201 if the successfully prompting of transferring accounts is returned in success;
Step 110, user checks Transaction Information, clicks and confirms, closing the transaction on screen.
Figure 11 is the flow process that realizes ATM enchashment according to the terminal banking security certification system of the utility model embodiment, and as shown in figure 11, this flow process comprises:
Step 110, user inserts the card into 205 bank IC card draw-in grooves, long by Secure Application control button, 202 touch screen controllers are crossed information exchange B plate winding displacement and conduct to the main control module 206 of A plate, main control module 206 starts the equipment moving Bank application in security module 208, and 201 promptings of touch screen display module require typing card to log in password;
Step 111, user by logging in password by 201 typings of touch screen display module under mobile banking's applied environment, security module 208 is called bank IC card draw-in groove 205, and card is sent to check request, completes bank's backstage identifying procedure that Figure 10 describes after verification succeeds;
Step 112, successfully, after login, user selects operation item, selects ATM cryptographic service according to prompting, is sent to bank's backstage accounting processing module, and is confirmed whether to open this function by the request of guarded communication passage ATM cryptographic service;
Step 113, sends message if opened and informs terminal, and terminal shows interim password entry information on touch screen display module 201, and user confirms by touch screen;
Step 114, information is transmitted bank backstage by terminal, after bank's backstage payment authentication module comparison information, sends interim password, shows interim password on touch screen display module 201, and point out interim password maximum effective time;
Step 115, holder is inserted in bank card ATM terminal within effective time, selects enchashment function;
Step 116, holder is according to the interim password of prompting typing;
Step 117, ATM will send payment system on transaction data, and payment authentication module is carried out interim password legitimacy and is checked;
Step 118, after interim password is checked successfully, in the processing of withholing of backstage account system;
Step 119, ATM tells paper money according to the result of withholing, and closes the trade.
Above-mentioned interim password can be random 6 random numbers that generate in backstage, and effective time is set on backstage voluntarily, and guarantees that the random number of adjacent twice generation is inconsistent.
By the utility model embodiment, can solve the problem that uses mobile banking in mobile network environment, can meet SSL escape way and set up demand, meet following mobile bank system safety requirements, and having realized ATM password mobilism, the risk while having reduced ATM enchashment has also further guaranteed the safety of user's fund.
In sum, the utility model embodiment relies on mobile internet, take the key of bank IC card self and certificate as core, realizes SSL network service by the terminal certificate of binding, has solved holder's Verify Your Identity questions under mobile payment scene; By relying on the communication port of stability and safety, can also realize the function of ATM password dynamic-configuration, improve significantly the fail safe of people in the time carrying out the conventional use of bank card, substantially realize card theft protection function.
In the utility model, related application key and certificate are bank and independently control and protect, and fail safe and controllability are higher, therefore, have improved significantly the picket's function to fake equipment and card, can stop to a great extent the generation of fraud.
One of ordinary skill in the art will appreciate that all or part of step realizing in above-described embodiment method can carry out the hardware that instruction is relevant by program and complete, this program can be stored in a computer read/write memory medium, such as ROM/RAM, magnetic disc, CD etc.
Above-described specific embodiment; the purpose of this utility model, technical scheme and beneficial effect are further described; institute is understood that; the foregoing is only specific embodiment of the utility model; and be not used in limit protection range of the present utility model; all within spirit of the present utility model and principle, any modification of making, be equal to replacement, improvement etc., within all should being included in protection range of the present utility model.