CN204791026U - Thief -proof secure transmission system of getting of sensitive information - Google Patents
Thief -proof secure transmission system of getting of sensitive information Download PDFInfo
- Publication number
- CN204791026U CN204791026U CN201520521827.7U CN201520521827U CN204791026U CN 204791026 U CN204791026 U CN 204791026U CN 201520521827 U CN201520521827 U CN 201520521827U CN 204791026 U CN204791026 U CN 204791026U
- Authority
- CN
- China
- Prior art keywords
- sensitive information
- server
- character
- keypad character
- mark
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The utility model discloses a thief -proof secure transmission system of getting of sensitive information, including customer end and server, the customer end includes: soft keyboard, first communication module and encryption chip, server include memory, second communication module and processing chip. The utility model discloses earlier through the regular spread keypad character that sorts at random, prevent that the vaulting horse from stealing sensitive information through the input point of record screen, the rethread converts sensitive information to sign information, through SOTP algorithm encryption transmission, has effectively taken precautions against risks such as keyboard hook, data monitor, data intercepting, compare in prior art, the utility model discloses has more excellent technological effect.
Description
Technical field
The utility model belongs to and relates to information security field, particularly relates to a kind of transmission method and system of sensitive information.
Background technology
In recent years, along with the fast development of internet, online stock trading, insure already on the net " flying into common people house ".But, in burning hot behind, financial industry website but meets with " phishing " again and again.Large-scale financial institution, third party's on-line payment website become the main object of phishing, hacker these websites counterfeit or forge shopping website deceive users and log in and transaction, steal user account password, thus cause user's economic loss.
Digerait represents with regard to Web bank's safety problem, and the sensitive information such as user account and password is stolen in having its source in of banking network crime.The keeping of Net silver account and password, depends on security risk consciousness and the behavior of user.
Security by utilizing soft keyboard to increase account or password in prior art.Soft keyboard is clicked or touch-screen input character by mouse by software simulation keyboard, is the password in order to prevent wooden horse record input through keyboard, on the website of some banks, generally require that the place of input account number and password is easily seen.But the security of existing software dish is high not enough, still there is data decryptor, data cutout equivalent risk.
Utility model content
For solving the problems of the technologies described above, the utility model provides the safe transmission method and system that a kind of sensitive information peep-proof steals, and effectively can prevent sensitive information from peeping and steal, realize the safe transmission of sensitive information.
The technical solution of the utility model realizes as follows:
A secure transmission system for sensitive information Anti-theft, comprises client and server, soft keyboard, is shown to user according to randomly ordered regularly arranged keypad character;
First communication module, communicates with server, obtains the keypad character to be transmitted inputted with user identify one to one to described server;
Encryption chip, for encrypting described mark generation first ciphertext;
Described first communication module also comprises for sending described first ciphertext to described server;
Described server comprises:
Storer, described storer stores label table, and described label table stores the mark of stochastic generation and described keypad character, described mark and described keypad character one_to_one corresponding;
Second communication module, communicates with described client, sends described mark to described client, and receives described first ciphertext;
Process chip, for deciphering described first ciphertext, obtains described mark, and identifies corresponding described keypad character by the described label table extraction of inquiry with described, obtains the described keypad character of user's input.
Preferred further, keypad character shows with symbol picture.
Preferred further, keypad character comprises numerical character and alphabetic character.
Preferred further, randomly ordered rule is generated by the first algorithm bonding apparatus ID and temporal information.
Preferred further, be designated described server and produce at random, and when effectively secondary.
Preferred further, store new mark and keypad character one_to_one corresponding when storer also comprises each use, upgrade label table.
The utility model provides a kind of safe transmission method of sensitive information Anti-theft, first by randomly ordered regularly arranged keypad character, prevent wooden horse from stealing sensitive information by the input point recording screen, again by converting sensitive information to identification information, encrypted transmission, effectively taken precautions against keyboard hook, data decryptor, data cutout equivalent risk, compared to prior art, the utility model has more excellent technique effect.
Accompanying drawing explanation
Below in conjunction with the drawings and specific embodiments, the utility model is described in further detail:
Fig. 1 is the secure transmission system composition diagram of a kind of sensitive information Anti-theft of the utility model;
Fig. 2 is the safe transmission method label table part composition diagram of a kind of sensitive information Anti-theft of the utility model;
Drawing reference numeral:
100. clients, 101. soft keyboards, 102. first communication modules, 103. encryption chips;
200. servers, 201. storeies, 202. second communication modules, 203. process chip.
Embodiment
In order to be illustrated more clearly in the utility model embodiment or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only embodiments more of the present utility model, to those skilled in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the secure transmission system composition diagram of a kind of sensitive information Anti-theft of the utility model, as a specific embodiment of the present utility model, as shown in Figure 1, a kind of secure transmission system of sensitive information Anti-theft, comprise client 100 and server 200, client 100 comprises:
Soft keyboard 101, is shown to user according to randomly ordered regularly arranged keypad character;
First communication module 102, communicates with server 200, obtains the keypad character to be transmitted inputted with user identify one to one to described server 200;
Encryption chip 103, for encrypting described mark generation first ciphertext;
Described first communication module 102 also comprises for sending described first ciphertext to described server 200;
Described server 200 comprises:
Storer 201, described storer 201 stores label table, and described label table stores the mark of stochastic generation and described keypad character, described mark and described keypad character one_to_one corresponding;
Second communication module 202, communicates with described client 100, sends described mark to described client 100, and receives described first ciphertext;
Process chip 203, for deciphering described first ciphertext, obtains described mark, and identifies corresponding described keypad character by the described label table extraction of inquiry with described, obtains the described keypad character of user's input.
Concrete, keypad character, with the display of symbol picture, comprises numerical character and alphabetic character.
The utility model client 100 and server 200 generated SOTP algorithm respectively and store before carrying out sensitive information transmission.In the utility model, namely the first algorithm adopts SOTP algorithm, generates randomly ordered rule.Illustrate with the soft keyboard 101 on mobile phone A PP, introduce the randomly ordered rule of SOTP algorithm generated keyboard character in detail, concrete grammar is as follows:
Keypad character comprises numerical character and alphabetic character, and keypad character shows with symbol picture.
For array:
1, get hardware ID, mobile phone IMEI code in the present embodiment, can be got.
2, get current time information T, unit is millisecond.
3, E is calculated
k(H (ID)+E
k(T)).
First by the safe unidirectional hash function H (ID) that hash algorithm computing hardware ID calculates, by cryptographic algorithm encryption times information E
k, then encrypt H (ID) and E (T)
k(T), namely E is obtained
k(H (ID)+E
k(T)), result is converted into the number r1 between 0-9;
4, the several a1 being arranged in r1 position in 0-9 ordered series of numbers (10 numerals in keypad character) are got;
5,0-9 ordered series of numbers removes a1, surplus 9 numbers, and continue the 2nd step, result transfers the several r2 between 0-8 to, and then peek row (9 number) is arranged in the number of r2 position, continues with this.
Can fetch squence: a1a2a3 ...
Citing, suppose that the sequence that above-mentioned steps obtains is digital random sequence: 412357698, then represent, the 4th numeric keypad character puts the 1st, and the 1st numeric keypad character puts the 2nd ..., the 8th numeric keypad character puts the 9th.Thus by the keypad character random alignment of numeral.
For alphanumeric arrangement: same to array, first get the number between 0-25, then get 26 times successively, such as alphabetical random series: 23213145310 .... then represent that the 23rd alphabetic keypad character puts the 1st, 2nd alphabetic keypad character picture puts the 2nd ..., therefore not to repeat here.
Meanwhile, client 100 generates the first ciphertext by SOTP algorithm for encryption identification information, and server 200 is deciphered the first ciphertext by the inverse operation of SOTP algorithm and obtained identification information.SOTP algorithm is open in application number 201410532214.3 patent.
Transmit sensitive information letter ABCD for the soft keyboard 101 on mobile phone A PP below, introduce the course of work that the utility model is concrete, be specially:
1. soft keyboard 101 by SOTP algorithm binding time information and device id (such as mobile phone IMEI code) for dynamic factor generates the randomly ordered rule of randomly ordered generate rule, and according to the position of randomly ordered regularly arranged wherein keypad character, be shown to user.
In the utility model, keypad character is symbol picture, is obtained by server 200, dynamically produces and when time effectively, and each character picture arrangement position when using shown by keypad character is different, effectively prevents sensitive information to be stolen.
2. user inputs sensitive information on soft keyboard 101, by first communication module 102, the keypad character to be transmitted that the sensitive information that user inputs comprises is sent to server 200, obtains the mark corresponding with keypad character.
Concrete, the storer 201 of server 200 stores label table, and wherein label table stores keypad character and identifies one to one with keypad character.
Server 200 response request, sends to client 100 by second communication module 202 by correspondence mark.
It should be noted that, the random number being designated generation when server 200 uses at every turn in the present invention.Server 200 can identify one to one according to the request generation of client 100 and keypad character, upgrade current this label table and storage in storer 201.
Concrete, user needs the sensitive information transmitted to be ABCD tetra-letters, user clicks corresponding character picture by mouse and inputs sensitive information on the soft keyboard 101 of client 100, client 100 obtains keypad character waiting for transmission, and obtains the mark corresponding to these four keypad characters of current ABCD by server 200.
Keypad character is stored in label table by server 200, and produces random mark and keypad character one_to_one corresponding and store, and forms keypad character and identifies label table one to one.Fig. 2 is the safe transmission method label table part composition diagram of a kind of sensitive information Anti-theft of the utility model, wherein keypad character ABCD and mark one_to_one corresponding.
Cell-phone customer terminal 100 obtains the mark of symbol picture on the soft keyboard 101 of this time transaction to background server 200.(conclude the business, the mark on soft keyboard 101 corresponding to symbol picture is all different at every turn, is background server 200 stochastic generation and distributes, therefore before inputting, the mark in background server 200 meeting updating form). next time
User starts to input sensitive information by soft keyboard 101, is namely clicked the character picture of soft keyboard 101 upper keyboard character ABCD by mouse.
The keypad character ABCD that cell-phone customer terminal 100 inputs according to user, get be ABCD respectively corresponding to mark, can obtain with reference to Fig. 2, mark 1111,2222,3333 and 4444, is packaged into identification string information, is namely expressed as 1111222233334444 by mark.
3. encryption chip 103 adopts SOTP algorithm for encryption identification information to generate the first ciphertext and is sent to server 200.Namely identification string 1111222233334444, current time information and mobile phone hardware ID are encrypted, adopt SOTP algorithm to calculate the first ciphertext, and be sent to server 200.
4. server 200 receives the first ciphertext by second communication module 202, and process chip 203 adopts the inverse operation of SOTP algorithm to decipher the first ciphertext, obtains identification string 1111222233334444, resolves and obtains mark 1111, mark 2222, mark 3333, mark 4444.Inquired about by the label table in storer 201 and extract the keypad character corresponding with mark, i.e. ABCD, obtaining the sensitive information of user's input.
The utility model provides a kind of safe transmission method and system of sensitive information Anti-theft, first by randomly ordered regularly arranged keypad character, prevent wooden horse from stealing sensitive information by the input point recording screen, again by converting sensitive information to identification information, transmitted by SOTP algorithm for encryption, effectively taken precautions against keyboard hook, data decryptor, data cutout equivalent risk, compared to prior art, the utility model has more excellent technique effect.
Obviously, those skilled in the art can carry out various change and distortion to the utility model, and does not depart from spirit and scope of the present utility model.Like this, if these amendments of the present utility model belong within the scope of the utility model claim and equivalent technology thereof, then the utility model is also intended to comprise these changes and distortion.
Claims (6)
1. a secure transmission system for sensitive information Anti-theft, comprises client and server, it is characterized in that:
Described client comprises:
Soft keyboard, is shown to user according to randomly ordered regularly arranged keypad character;
First communication module, communicates with server, obtains the keypad character to be transmitted inputted with user identify one to one to described server;
Encryption chip, for encrypting described mark generation first ciphertext;
Described first communication module also comprises for sending described first ciphertext to described server;
Described server comprises:
Storer, described storer stores label table, and described label table stores the mark of stochastic generation and described keypad character, described mark and described keypad character one_to_one corresponding;
Second communication module, communicates with described client, sends described mark to described client, and receives described first ciphertext;
Process chip, for deciphering described first ciphertext, obtains described mark, and identifies corresponding described keypad character by the described label table extraction of inquiry with described, obtains the described keypad character of user's input.
2. the secure transmission system of sensitive information Anti-theft as claimed in claim 1, is characterized in that:
Described keypad character shows with symbol picture.
3. the secure transmission system of sensitive information Anti-theft as claimed in claim 2, is characterized in that:
Described keypad character comprises numerical character and alphabetic character.
4. the secure transmission system of sensitive information Anti-theft as claimed in claim 1, is characterized in that:
Described randomly ordered rule is generated by the first algorithm bonding apparatus ID and temporal information.
5. the secure transmission system of sensitive information Anti-theft as claimed in claim 1, is characterized in that:
Describedly be designated described server and produce at random, and when time effectively.
6. the secure transmission system of sensitive information Anti-theft as claimed in claim 5, is characterized in that:
Described storer stores new described mark and described keypad character one_to_one corresponding when also comprising each use, upgrades described label table.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201520521827.7U CN204791026U (en) | 2015-07-17 | 2015-07-17 | Thief -proof secure transmission system of getting of sensitive information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201520521827.7U CN204791026U (en) | 2015-07-17 | 2015-07-17 | Thief -proof secure transmission system of getting of sensitive information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN204791026U true CN204791026U (en) | 2015-11-18 |
Family
ID=54531030
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201520521827.7U Active CN204791026U (en) | 2015-07-17 | 2015-07-17 | Thief -proof secure transmission system of getting of sensitive information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN204791026U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656471A (en) * | 2016-12-22 | 2017-05-10 | 武汉信安珞珈科技有限公司 | Method and system for protecting user sensitive information |
-
2015
- 2015-07-17 CN CN201520521827.7U patent/CN204791026U/en active Active
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656471A (en) * | 2016-12-22 | 2017-05-10 | 武汉信安珞珈科技有限公司 | Method and system for protecting user sensitive information |
| CN106656471B (en) * | 2016-12-22 | 2019-05-14 | 武汉信安珞珈科技有限公司 | A kind of guard method and system of user sensitive information |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11743041B2 (en) | Technologies for private key recovery in distributed ledger systems | |
| US11516201B2 (en) | Encryption and decryption techniques using shuffle function | |
| CN104992119B (en) | A kind of safe transmission method and system of sensitive information Anti-theft | |
| JP5591232B2 (en) | Information transmission using virtual input layout | |
| CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
| CN105556891B (en) | Method, system and the storage medium of session token are sent by passive client | |
| CN101241572B (en) | A kind of method of operating of electric signing tools and electric signing tools | |
| US20160127134A1 (en) | User authentication system and method | |
| CN104541475A (en) | Abstracted and randomized one-time passwords for transactional authentication | |
| US20150256542A1 (en) | User authentication | |
| CN103414727A (en) | Encryption protection system for input password input box and using method thereof | |
| CN101808077A (en) | Information security input processing system and method and smart card | |
| CN115276978A (en) | Data processing method and related device | |
| CN104901951A (en) | Mobile terminal based cipher data processing and interaction method in Web application | |
| CN112307503B (en) | Signature management method and device and electronic equipment | |
| CN101931530B (en) | Generation method, authentication method and device for dynamic password and network system | |
| CN204791026U (en) | Thief -proof secure transmission system of getting of sensitive information | |
| US11133926B2 (en) | Attribute-based key management system | |
| Prasadreddy et al. | A threat free architecture for privacy assurance in cloud computing | |
| CN112001714A (en) | Digital currency implementation method based on block chain technology | |
| CN101159547A (en) | Dynamic secret method of text information input, output and transmission | |
| EP3400695A1 (en) | System, method and apparatus for data transmission | |
| CN111416711A (en) | Transaction message processing method and device | |
| CN114742017B (en) | Method, device, equipment and storage medium for generating product anti-counterfeiting code | |
| CN114170014A (en) | Processing method and device for blockchain transaction, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |