WO2009094949A1 - Procédé et système fiables de téléservices - Google Patents

Procédé et système fiables de téléservices Download PDF

Info

Publication number
WO2009094949A1
WO2009094949A1 PCT/CN2009/070305 CN2009070305W WO2009094949A1 WO 2009094949 A1 WO2009094949 A1 WO 2009094949A1 CN 2009070305 W CN2009070305 W CN 2009070305W WO 2009094949 A1 WO2009094949 A1 WO 2009094949A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
information
user
remote service
terminal
Prior art date
Application number
PCT/CN2009/070305
Other languages
English (en)
Chinese (zh)
Inventor
Hui Li
Chengsheng Xiao
Meng LV
Original Assignee
Xiao, Wei
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiao, Wei filed Critical Xiao, Wei
Publication of WO2009094949A1 publication Critical patent/WO2009094949A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the invention belongs to the field of communication technologies, and relates to a remote service method and system for performing mobile digital signature authentication on a service content requested by a user, which can be used for reliable transmission of information in a remote service system.
  • Background technique
  • Remote Service Such online services, including wireless network remote services and telephony teleservices, can improve the efficiency of the bank's services, reduce service costs, and facilitate users, allowing users to connect with banks through modern communication networks without having to go to the bank. And whenever and wherever you want, you can get the services you need by going online or dialing the relevant phone number.
  • security technical measures such as identity authentication, digital signature and encryption are required to ensure that there will be no risk and difficult to resolve disputes between the service provider and the serviced party. For example, online banking, online banking, telephone banking, telephone banking, mobile banking, remote payment, remote payment, e-commerce and other sensitive remote services may cause disputes between the service provider and the serviced party.
  • the remote service system mainly consists of two types: online remote service and telephone remote service. among them:
  • the online remote service security authentication system mainly uses digital certificates in PC or USBKEY for signature, authentication and encryption. Because of its low security, PC can't stop the attack of general hackers. Although USBKEY is safer than PC, it can only ensure that the certificate is not stolen and can't stop the hacker from forging files to defraud its signature, so it is difficult to prevent high level. Attacks by hackers and hackers. In order to make up for this security defect, users need to remember a lot of precautions and even install related software, which not only brings inconvenience to users, but also limits the user's use space, so that the advantages of online remote services cannot be fully reflected.
  • Another authentication method for the online remote service system is that when the user accesses the remote service system, the system generates a one-time password and sends it to the mobile short message. The user is registered on the phone. The user enters the password on the remote service system service request terminal interface. This method only solves the authentication problem of the user login system, and cannot solve the integrity problem of the subsequent service information, nor can it resist the attack of the Trojan and other viruses on the business information.
  • the Chinese Patent Application No. 99816175.6 discloses a method for a mobile station to digitally sign a spreadsheet in a secure manner.
  • the method generates a payment information form by a payment institution and transmits it to a user mobile station. Since the payment information form is generated by the paying party rather than the user, there is a possibility of tampering in the transmission process, and the method disclosed in Patent No. 99816175.6 does not solve the problem, and the application of the method is greatly limited.
  • Telephony remote services mostly use electronic voice prompts or manual voice services to guide the user through the next button selection operation to achieve the purpose of the service.
  • This system has the following disadvantages:
  • the object of the present invention is to avoid the defects of the above existing remote service system, and to propose a trusted remote service method and system thereof to ensure security and simplicity in remote service transactions.
  • the method of the present invention for a trusted remote service includes the following process: a.
  • the user submits a required request to the remote service center via the first communication link through the service request terminal.
  • the remote service center generates service information by the service request submitted by the service requesting terminal, and sends the service information to the user mobile terminal via the second communication link;
  • the user verifies that the information displayed by the user mobile terminal is correct, performs input confirmation, and digitally signs the service information with the first signature key stored in the user mobile terminal, and the signature value forms a service confirmation together with the requested service information.
  • the message is returned to the remote service center via the second communication link;
  • the remote service center After receiving the service confirmation message, the remote service center verifies the digital signature in the service confirmation information with the first verification key corresponding to the first signature key, completes the service processing, and passes the processing result through the second The communication link is transmitted to the user's mobile terminal.
  • the remote service center may further digitally sign the processing result using the second signature key, and then transmit the processing result together with the signature value of the processing result to the user mobile terminal;
  • the user mobile terminal displays the processing result to the user after verifying the digital signature with the second verification key corresponding to the second signature key.
  • step d the remote service center can simultaneously transmit the service processing result to the user mobile terminal and the service request terminal, and the service request terminal simultaneously saves the processing result information and the digital signature as a voucher for the business completion;
  • the service requesting terminal verifies the digital signature with the second verification key corresponding to the second signature key, displays the processing result information, and simultaneously saves the processing result and the digital signature as a service completion. Voucher.
  • steps a., b, c, and d can respectively add/decrypt service information by the remote service center, the user mobile terminal, and the service request terminal, and the service request terminal can perform service information submitted and received by the service request terminal. Signature or certification.
  • the first communication link may be, but not limited to, the Internet, a public fixed telephone network, and a public mobile telephone network; and the second communication link is a mobile communication network.
  • the trusted remote service system of the present invention includes:
  • a service requesting terminal configured to transmit a service message to a remote service center, such as a smart terminal, and provide a function of adding/decrypting, signing, or authenticating when needed;
  • a remote service center configured to receive user service requests, generate user information, and generate business information, Complete information encryption, decryption, digital signature, verification, and perform specific business operations, and transmit to the user's mobile terminal;
  • a user mobile terminal configured to perform information transmission with a remote service center, complete information encryption, decryption, digital signature, and signature verification;
  • the remote service center is connected to the service request terminal through the first communication link, and is connected to the user mobile terminal through the second communication link.
  • the above trusted remote service system wherein the service requesting terminal adopts a networked terminal or a fixed telephone or a mobile terminal or a special merchant intelligent terminal, and the special merchant intelligent terminal is provided with a security module for completing information encryption, decryption, digital signature and verification.
  • the above trusted remote service system wherein the remote service center includes:
  • the first security function module completes the functions of encrypting, decrypting, digital signature verification and digital signature generation of information, and also storing relevant keys for performing digital signature and verification using an asymmetric cryptographic algorithm, such as: first and second keys
  • the first verification key, the second signature key, and the encryption and decryption keys required for information encryption may also be stored.
  • Each user mobile terminal has a different first key pair. Therefore, the first function key of the plurality of user mobile terminals is stored in the security function module.
  • An information sending and receiving module configured to send information to the user mobile terminal through the second communication link, and receive information from the user mobile terminal
  • a service processing mechanism configured to receive a service request from the first communication link, generate service information, perform information scheduling between the security function module and the information sending and receiving module, and complete service processing;
  • the service processing mechanism, the security function module, and the information sending and receiving module are bidirectionally connected through a network.
  • Each of the modules is a logical function module, which can be deployed in different locations in physical space, or can be managed by different operators.
  • the above trusted remote service system wherein the first security function module in the remote service center stores a first verification key, a second signature key, an encryption and decryption key required for information encryption, and related signatures and verifications.
  • the key, the first security function module verifies the digital signature generated by the first signature key in the service confirmation information by using the first verification key.
  • the above trusted remote service system wherein the remote service center can also use the second signature key pair
  • the business result is digitally signed to constitute business result information, and if necessary, the first security function module encrypts and decrypts the information transmitted by the second communication link.
  • the above trusted remote service system wherein the user mobile terminal includes:
  • a message receiving and sending module configured to send and receive information with the remote service center through the second communication link
  • the input display module is configured to display information to the user and receive input information of the user; and the second security function module is configured to perform encryption, decryption, digital signature and signature verification functions.
  • a related key for performing digital signature and verification using an asymmetric cryptographic algorithm is stored, such as: a first signature key in the first and second key pairs, a second verification key, and may also be stored for information encryption.
  • the associated key can be written to or deleted from the security function module by methods known to those skilled in the art.
  • the above trusted remote service system wherein the second security function module stores a first signature key, a second verification key, and an encryption and decryption key required for encryption of the second communication link transmission information.
  • the second security function module displays the service information from the input display module to the user when receiving the service information, and after obtaining the user input by the input display module,
  • the first signature key digitally signs the service information to form service confirmation information. If the received service information is encrypted information, the second security function module decrypts the service information before displaying it to the user.
  • the second security function module is an encryption, decryption, digital signature and verification program running in the mobile phone memory, or a mobile phone SIM card for the GSM network and a mobile phone UIM card for the CDMA network.
  • the above trusted communication service system wherein the first communication link can be, but is not limited to, the Internet, a public fixed telephone network, and a public mobile telephone network; and the second communication link is a mobile communication network.
  • the above trusted remote service system wherein the information transmitting and receiving module uses a gateway communication program to connect with the short message system of the mobile operator, and completes the function of transmitting information to the user mobile terminal and receiving information from the user mobile terminal.
  • the above trusted remote service system wherein the service request terminal uses a networked terminal or a fixed telephone terminal or a mobile telephone terminal.
  • the service requesting terminal is a PC terminal of the Internet
  • the remote service center accesses through the Web server, and the information submitted by the service requesting terminal forms a formatted service information;
  • the service requesting terminal is When the fixed telephone terminal or the mobile telephone terminal is used, the remote service center accesses through the call center, and the user informs the call center customer service personnel of the service request content by voice, and the customer service personnel enters the service request into the access service subsystem to form service information.
  • the information includes the user mobile terminal number or/and other identification codes; when the service requesting terminal is a dedicated intelligent terminal, the remote service center accesses through the dedicated access device and forms the information submitted by the service requesting terminal into a formatted service information.
  • FIG. 1 is a schematic diagram of a trusted remote service system of the present invention
  • 2A is a flow chart of a trusted remote service of the present invention
  • FIG. 2B is a flow chart showing the refinement of the processes S105 to S106 of the trusted remote service shown in FIG. 2A;
  • FIG. 3 is a schematic diagram of a trusted remote service system utilizing the Internet of the present invention.
  • FIG. 4 is a schematic diagram of a trusted remote service system utilizing a telephone network in accordance with the present invention. detailed description
  • the trusted remote service system of the present invention is mainly composed of a service requesting terminal 1, a remote service center 2, and a user mobile terminal 3.
  • the service requesting terminal 1 passes the first communication link.
  • the remote service center is connected, and the remote service center is connected to the user mobile terminal through the second communication link.
  • the first communication link is the Internet or a fixed telephone network or a mobile telephone network
  • the second communication link is a mobile communication network with a short message service.
  • the service requesting terminal 1 is configured to transmit a service message to a remote service center, and if it is a smart terminal, provide a function of adding/decrypting, signing, or authenticating;
  • the remote service center 2 is configured to receive a user service request, and generate a user request.
  • the service information, the completion information encryption, the decryption, the digital signature and the signature verification, complete the service processing, and send the information to the user mobile terminal through the second communication link;
  • the user mobile terminal 3 is configured to perform information transmission and completion with the remote service center. Encryption, decryption, digital signature, and signature verification.
  • the trusted remote service flow of the present invention is as follows:
  • the user submits a required service request to the remote service center 2 on the service requesting terminal 1 (step S100), and the service requesting terminal 1 is a networked terminal, or a fixed telephone terminal, or a mobile phone terminal, or a special merchant intelligent terminal, the special offer
  • the merchant intelligent terminal is provided with a security module for completing information encryption, decryption, digital signature, and verification;
  • the remote service center 2 generates service information by the service request terminal 1 and sends the service information to the mobile terminal of the user through the second communication link (step S101); if necessary, the remote service center 2 encrypts the requested service information;
  • the user mobile terminal 3 performs decryption, and then displays the service information to the user. After the user verifies and confirms, the service information is digitally signed with the first signature key, and the digital signature is combined with the required service.
  • the information together constitutes a service confirmation message (step S102); if necessary, the user mobile terminal 3 encrypts the service confirmation message; then returns the service confirmation message to the remote service center 2 through the second communication link (step S103);
  • the remote service center 2 first decrypts it, and then the remote service center 2 verifies the digital signature in the service confirmation information with the first verification key, and then completes the service processing (step S104);
  • the remote service center 2 returns the service processing result to the user mobile terminal through the second communication link. 3; if necessary, the remote service center 2 digitally signs the service processing result with the second signature key, and returns the digitally signed service processing result to the user mobile terminal 3 through the second communication link; if necessary, the remote service The center 2 may encrypt the message returned to the user mobile terminal 3 through the second communication link (step S105); the remote service center 2 may also transmit the service processing result to the service mobile terminal 3 while also transmitting to the service request terminal 1 Displaying, the service request finally saves the result information and the digital signature at the same time as the voucher for the completion of the service; if the result information includes the digital signature, the service requesting terminal 1 verifies the number with the second verification key corresponding to the second signature key. After the signature, the processing result information is displayed, and the processing result and the digital signature are simultaneously saved as the voucher for the business completion; the service request terminal 1 can also add/decrypt the business information, and can perform the business information submitted and received. Signature or certification;
  • the user mobile terminal 3 first decrypts it; if the digital signature of the result is received, the user mobile terminal 3 verifies the digital signature with the second verification key; the user mobile terminal 3 will correlate the result The information is displayed to the user and saved (step S106).
  • Fig. 2B is a flow chart for refining the flow S105 to S106 of the trusted remote service shown in Fig. 2A.
  • the remote service center 2 judges whether the message returned to the user mobile terminal 3 through the second communication link needs to be signed using the second signature key (step S1051); when it is judged as "yes"
  • the remote service center 2 digitally signs the service processing result with the second signature key, and if necessary, the remote service center 2 can encrypt the message returned to the user mobile terminal 3 through the second communication link (steps) S1052).
  • step S1052 is completed or the remote service center 2 judges that it is not necessary to use the second signature key for signature, the process goes to step S1053.
  • the remote service center 2 transmits the service processing result to the user mobile terminal 3, and if the received message is encrypted, the user mobile terminal 3 decrypts the message (step S1053); the user mobile terminal 3 determines the processing result transmitted from the remote service center 2. Is the signature signed with the second signature key (S1061), when the determination is YES, the user mobile terminal 3 verifies the digital signature with the second verification key (S1062), when performing step S109 and passing the verification, or When the user mobile terminal 3 judges that the message transmitted from the remote service center 2 has not been signed using the second signature key, the process proceeds to step S1063, and the result is displayed to the user and stored (S1063).
  • FIG. 3 is a schematic diagram of a trusted remote service system utilizing the Internet of the present invention.
  • the present invention provides an example of a trusted remote service system utilizing the Internet for a first communication link.
  • the service requesting terminal 1 uses a PC connected to the Internet through the Internet.
  • the network is connected to the remote service center 2 as a first communication link.
  • the remote service center 2 includes a first security function module 21, an information transmission and reception module 22, a service processing mechanism 23, and a Web service subsystem.
  • the service processing mechanism 23 is one or more service programs, and is responsible for implementing the scheduling of the service information and the processing of the service function, including calling the first security function module 21 to digitally sign, verify the signature, encrypt and decrypt the service information, and send and receive the information through the information.
  • the module 22 delivers the service information to the user mobile terminal 3, and is also responsible for performing service processing based on the service confirmation information transmitted to the user mobile terminal 3.
  • the plurality of service programs of the business processing organization 23 can communicate with each other through a network and/or other communication mechanisms, and can also be deployed to run on physical devices located at different locations, and these devices may also be managed by different operators.
  • the first security function module 21 can be composed of more than one sub-module of the same function and can be allocated in different devices, and mainly performs encryption, decryption, digital signature verification and digital signature generation functions on related service information, and also saves and
  • the first verification key corresponding to the first signature key for verifying the signature of the user mobile terminal, and the second signature key corresponding to the second verification key for generating the remote service center signature may also be saved for information.
  • the encryption/decryption key and other necessary signature verification keys are used for encrypted transmission of information.
  • the first security function module 21 and the service processing structure 23 can implement function calls by connecting through various communication mechanisms.
  • the information sending and receiving module 22 is a gateway communication program, which is respectively connected with the short message system connection of the mobile operator and the service processing mechanism 23 through a communication mechanism, and is responsible for transmitting information to the user mobile terminal through the second communication network, and receiving the user from the user. Mobile terminal information.
  • the web server receives the service request of the service requesting terminal, and generates a service information by the user request.
  • the web server, the service processing mechanism, the security function subsystem, and the information sending and receiving module are all bidirectionally connected.
  • the mobile terminal 3 which is a mobile phone and/or a PDA supporting cellular mobile communication and short message receiving and sending and STK functions, includes a message sending and receiving module 31, that is, a short message processing program in the mobile phone, an input display module 32, and a second security function module 33. .
  • the message transmitting and receiving module 31 is configured to remotely receive information transmitted by the service center 2 and transmit the information to the remote service center 2.
  • the input display module 32 displays information to the user and receives information entered by the user.
  • the second security function module 33 is an encryption, decryption, digital signature and verification program running in the memory of the mobile phone. Or it is an encryption, decryption, digital signature and verification program running in the SIM card/UIM card of the mobile phone, or a security hardware module added to the mobile phone to perform encryption, decryption, digital signature and verification functions, and the security function module is simultaneously stored.
  • the first signature key, the second verification key may also store an encryption/decryption key for information and other necessary signatures, verification keys, for encrypted transmission of information and signature and verification of each internal service.
  • the workflow for conducting business using the online remote service system is as follows:
  • the user requests the service request terminal 1 of the network remote service system to submit the service request content, the user mobile terminal number or/and other identification code in the page through the Web service subsystem.
  • the service processing unit 23 Forming the formatted service information on the web page to the service processing unit 23, the service processing unit 23 transmits the service information to the information transmission and reception module 22, and the information transmission module sends the service information to the second communication link to User mobile terminal 3. If encryption is required, the service processing unit 23 invokes the service information and the user mobile terminal number as entry parameters to invoke the first security function module 21 to encrypt the service information before transmitting.
  • the message sending and receiving module 31 in the user mobile terminal 3 receives the service information, for example, the encrypted service information is first handed over to the second security function module 33, and decrypted by the security function module, and the obtained service information is input to the display module. Displayed on the 32 to the user. If the message sending and receiving module 31 receives the unencrypted service information, it is directly sent to the input display module 32 for display. After the user verifies the information, the input confirmation is performed.
  • the second security function module 33 first calculates a digital signature for the service information using the first signature key to obtain a signature value of the service information, and the service information and the signature value together constitute user service confirmation information; if encryption is required, the second security function module 33 After the service confirmation message is encrypted, the encrypted user service confirmation information is sent back to the remote service center 2 through the message sending and receiving module 31. If no encryption is required, the service confirmation information is directly transmitted to the message sending and receiving module 31, and the message sending and receiving module 31 sends the service confirmation information back to the remote service center 2.
  • the information receiving and sending module 22 in the remote service center 2 receives the encrypted user service confirmation message or the unencrypted service confirmation message and delivers it to the service processing unit 23. If the received message is an encrypted service confirmation message, the service processing unit 23 invokes the first The security function module 21 decrypts the service confirmation information, and then the service processing unit 23 invokes the first security function module 21 to verify the digital signature in the service confirmation information using the first verification key. 5) If the verification result is correct, the business processing unit 23 completes the business operation, and rejects the business operation if the verification result is incorrect.
  • the service processing unit 23 invokes the first security function module 21, the first security function module 21 signs the service processing result with the second signature key, and the signature value and the business processing result constitute the result information, and the result is The information is returned to the business processing organization 23 of the remote service center.
  • the service processing unit 23 invokes the first security function module 21 to encrypt the result information.
  • the service processing unit 23 then transfers the encrypted result information to the user mobile terminal 3 via the information transmission and delivery module 22. If no encryption is required, the service processing unit 23 directly transmits the result information to the information transmission and reception module 22, and the information transmission module transmits the result information to the user mobile terminal 3.
  • the message sending and receiving module 31 in the user mobile terminal 3 passes the received encrypted or unencrypted result information to the second security function module 33, and if it is the encrypted result information, the second security function module 33 decrypts it. If the result information contains the signature of the remote service center, the signature is verified using the second verification key. After the verification is completed, the business result information is displayed to the user by the input display module 32, and the result information is saved as a voucher for the result of the business completion.
  • the service requesting terminal 1 is a voice telephone terminal, or a fixed telephone terminal, or a mobile telephone terminal, or an internet telephone terminal, and is connected to the remote service center as a first communication link through the public telephone network.
  • the remote service center 2 includes a first security function module 21, an information transmission and reception module 22, a service processing unit 23, and a call center system.
  • the service processing mechanism 23 is one or more service programs, and is responsible for implementing the scheduling of the service information and the processing of the service function, including calling the first security function module 21 to digitally sign, verify the signature, encrypt and decrypt the service information, and send and receive the information through the information.
  • the module 22 delivers the service information to the user mobile terminal 3, and is also responsible for performing service processing based on the service confirmation information transmitted to the user mobile terminal 3.
  • the plurality of service programs of the service processing mechanism 23 can communicate with each other through a network and/or other communication mechanisms, and can also be deployed to run on physical devices located at different locations, and these devices may also be managed by different operators.
  • the first security function module 21 can be composed of one or more sub-modules of the same function and can be allocated in different devices, and mainly performs functions of encrypting, decrypting, digital signature verification and digital signature of related service information, and also saves and The first verification key corresponding to the first signature key for verifying the signature of the user mobile terminal, and the second signature key corresponding to the second verification key for generating the remote service center signature may also be saved for information.
  • the encryption/decryption key and other necessary signatures and verification keys are used for encrypted transmission of information.
  • the first security function module 21 and the service processing mechanism 23 can implement function calls through various communication mechanism connections.
  • the information sending and receiving module 22 is a gateway communication program, which is connected to the short message system of the mobile operator, and is connected to the service processing unit 23 through a communication mechanism, and is responsible for transmitting information to the user mobile terminal through the second communication network, and receiving the user from the user.
  • Mobile terminal information is a gateway communication program, which is connected to the short message system of the mobile operator, and is connected to the service processing unit 23 through a communication mechanism, and is responsible for transmitting information to the user mobile terminal through the second communication network, and receiving the user from the user.
  • Mobile terminal information is a gateway communication program, which is connected to the short message system of the mobile operator, and is connected to the service processing unit 23 through a communication mechanism, and is responsible for transmitting information to the user mobile terminal through the second communication network, and receiving the user from the user. Mobile terminal information.
  • the call center system receives the voice service request from the service request terminal 1 by the customer service personnel, and records the service information into the system to form a formatted service information.
  • the call center system, the service processing mechanism, the security function module, and the information sending and receiving module are all bidirectionally connected.
  • the mobile terminal 3 and the mobile phone and/or PDA supporting the cellular mobile communication and short message receiving and receiving functions include a message sending and receiving module 31, that is, a short message processing program in the mobile phone, an input display module 32, and a second security function module 33.
  • the message transmitting and receiving module 31 is for remotely receiving information transmitted by the service center 2 and transmitting the information to the remote service center 2.
  • the input display module 32 displays the information to the user and receives input information from the user.
  • the second security function module 33 is an encryption, decryption, digital signature and verification program running in the memory of the mobile phone, or an encryption, decryption, digital signature and verification program running in the SIM card/UIM card of the mobile phone, or added to the mobile phone.
  • a security hardware module that performs encryption, decryption, digital signature, and verification functions.
  • the security function module stores a first signature key, a second verification key, and an encryption/decryption key for information and other Necessary signature, verification key, used for encrypted transmission of information and signature and verification of each service.
  • the user requests the service request terminal 1 of the telephone remote service system to connect to the call center of the remote service center through the fixed telephone network or the mobile telephone network as the first communication network, and informs the customer service personnel of the service content by voice, including the user's movement. Terminal number or / and other identification codes. Customer service personnel enter business related information.
  • the call center system of the remote service center forms the formatted service information and delivers the service information to the service processing unit 23 of the remote service center.
  • the service processing unit 23 transmits the service information to the information transmission and reception module 22, and the information transmission module sends the service information. It is transmitted to the user mobile terminal 3 through the second communication link. If encryption is required, the service processing unit 23 invokes the service information and the user mobile terminal number as entry parameters to invoke the first security function module 21 to encrypt the service information before transmitting.
  • the message sending and receiving module 31 of the user mobile terminal 3 receives the service information, and if it is the encrypted service information, it is first handed over to the second security function module 33, and the security function module decrypts.
  • the obtained business information is displayed to the user on the input display module 32. If the message sending and receiving module 31 receives the unencrypted service information, it is directly presented to the input display module 32 for display. After the user verifies that the information is correct, it confirms.
  • the second security function module 33 first calculates a digital signature for the service information using the first signature key to obtain a signature value of the service information, and the service information and the signature value together constitute user service confirmation information; if encryption is required, the second security function module 33 After the service confirmation message is encrypted, the encrypted user service confirmation information is sent back to the remote service center 2 through the message sending and receiving module 31. If no encryption is required, the service confirmation information is directly transmitted to the message transmission and reception module 31, and the message transmission and reception module sends the service confirmation information back to the remote service center 2.
  • the information receiving and sending module 22 in the remote service center 2 receives the encrypted user service confirmation message or the unencrypted service confirmation message and delivers it to the service processing organization. If the received message is an encrypted service confirmation message, the service processing unit 23 invokes the first security. The function module 21 decrypts the service confirmation information, and then the service processing unit 23 invokes the security function module 21 to verify the digital signature in the service confirmation information using the first verification key.
  • the business processing organization 23 completes the business operation, and rejects the business operation if the verification result is wrong. If necessary, the service processing unit 23 invokes the first security function module 21, and the security function module 21 digitally signs with the second signature key, and the signature value and the business processing result constitute result information, and then returns the result information to the remote service center. Business processing organization 23.
  • the service processing unit 23 invokes the first security function module 21 to encrypt the result information.
  • the service processing unit 23 then transfers the encrypted result information to the user mobile terminal 3 via the information transmitting and receiving module 22. If no encryption is required, the service processing unit 23 directly sends the result letter The information is transmitted to the information transmission and reception module 22, and the result information is transmitted to the user mobile terminal 3 by the information transmission module.
  • the message sending and receiving module 31 in the user mobile terminal 3 passes the received encrypted or unencrypted result information to the second security function module 33, and if it is the encrypted result information, the second security function module 33 decrypts it. If the result information contains the signature of the remote service center, the signature is verified using the second verification key.
  • the business result information is then displayed to the user by the input display module 32, and the result information is saved as a voucher for the result of the business completion.
  • the service requesting terminal may be a special merchant intelligent terminal having a security function module, a display and an input and output module, and the remote service center is connected by the dedicated access device to receive the service request information, and the remote service center sends the service processing result to the user mobile terminal.
  • the information is also sent to the service requesting terminal at the same time, and the action flow after the service requesting terminal receives the information is the same as that of the user mobile terminal 3.
  • the comparison with the embodiment of Fig. 3 is identical except for the above, and the embodiment is suitable for the user to shop at the mall. It is obvious that anyone skilled in the art can make various embodiments after understanding the technical idea of the present invention, and these methods are all within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

L'invention concerne un procédé et un système fiables de téléservices. Ce système comprend un terminal de demande de services (1), un centre de téléservices (2) et un terminal mobile utilisateur (3). Selon l'invention, l'utilisateur situé au niveau du terminal de demande de services (1) soumet une demande de services requis au centre de téléservices (2) par l'intermédiaire d'une première liaison de communication (4); le centre de téléservices (2) génère des informations concernant lesdits services, selon la demande de services soumise par l'utilisateur, et transmet cette demande, pour authentification, par l'intermédiaire d'une seconde liaison de communication (5), au terminal mobile utilisateur (3), et une fois les informations de services confirmées, la signature est exécutée par le terminal mobile utilisateur (3), puis la demande est renvoyée au centre de téléservices (2) par l'intermédiaire de la seconde liaison de communication (5); le centre de téléservices (2) effectue les services après authentification de la signature numérique des informations de service confirmées, et génère des informations de résultat par exécution d'une signature numérique sur le résultat de traitement de service, et transmet lesdites informations de résultat au terminal mobile utilisateur (3) par l'intermédiaire de la seconde liaison de communication (5); l'utilisateur authentifie et sauvegarde les informations de résultat reçues. L'invention est sûre et fiable, simple et pratique à utiliser, et elle est conçue, en particulier, pour une application dans de le domaine du commerce électronique et des services financiers bancaires.
PCT/CN2009/070305 2008-01-24 2009-01-23 Procédé et système fiables de téléservices WO2009094949A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2008100173984A CN101242271B (zh) 2008-01-24 2008-01-24 可信的远程服务方法及其系统
CN200810017398.4 2008-01-24

Publications (1)

Publication Number Publication Date
WO2009094949A1 true WO2009094949A1 (fr) 2009-08-06

Family

ID=39933500

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/070305 WO2009094949A1 (fr) 2008-01-24 2009-01-23 Procédé et système fiables de téléservices

Country Status (2)

Country Link
CN (1) CN101242271B (fr)
WO (1) WO2009094949A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111355801A (zh) * 2020-03-03 2020-06-30 袁爱民 一种远程人工智能通信业务办理系统及其控制方法

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242271B (zh) * 2008-01-24 2010-12-29 陕西海基业高科技实业有限公司 可信的远程服务方法及其系统
CN102239714B (zh) * 2008-12-12 2016-06-01 阿尔卡特朗讯 基于应用层的移动金融业务的安全通信方法及其装置
CN102790674B (zh) * 2011-05-20 2016-03-16 阿里巴巴集团控股有限公司 身份验证方法、设备和系统
CN102780561A (zh) * 2011-11-30 2012-11-14 北京数字认证股份有限公司 一种使用移动终端实现用户知情数字签名的方法和系统
CN103368736B (zh) * 2012-04-06 2016-04-20 汉王科技股份有限公司 业务信息加密、解密方法及装置
US9141968B2 (en) 2012-04-19 2015-09-22 Beijing Budingfangzhou Technology Co., Ltd. System and method for redeeming an electronic promotion code at a point of sale
WO2013155727A1 (fr) * 2012-04-19 2013-10-24 Beijing Budingfangzhou Technology Co., Ltd. Système et procédé de remboursement d'un code de promotion électronique à un point de vente
CN104349313B (zh) * 2013-07-23 2018-12-07 阿里巴巴集团控股有限公司 业务授权方法、设备及系统
CN103648090A (zh) * 2013-12-12 2014-03-19 北京利云技术开发公司 一种实现智能移动终端安全可信的方法和系统
CN104980266B (zh) * 2014-04-03 2017-12-22 北京中创智信科技有限公司 数据通信方法和系统
CN105681610A (zh) * 2016-01-29 2016-06-15 平安科技(深圳)有限公司 一种客服电话交互方法、系统及移动终端
CN106686001A (zh) * 2017-02-27 2017-05-17 深圳兆日科技股份有限公司 业务安全处理方法和装置
CN107274183B (zh) * 2017-03-21 2020-05-22 中国银联股份有限公司 交易验证方法及系统
CN110601847B (zh) * 2019-09-05 2021-03-05 北京海益同展信息科技有限公司 事故的处理方法、装置及系统
CN111491064B (zh) * 2020-04-01 2022-04-08 杭州蚂蚁聚慧网络技术有限公司 一种语音服务身份认证方法及系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002069291A2 (fr) * 2001-02-23 2002-09-06 Esignx Corporation Systemes et procedes de transaction electronique
CN1684406A (zh) * 2004-06-25 2005-10-19 中国银行股份有限公司 提供直通式银行金融服务的方法和系统
CN1708018A (zh) * 2004-06-04 2005-12-14 华为技术有限公司 一种无线局域网移动终端接入的方法
US20070136599A1 (en) * 2005-09-09 2007-06-14 Canon Kabushiki Kaisha Information processing apparatus and control method thereof
CN101242271A (zh) * 2008-01-24 2008-08-13 陕西海基业高科技实业有限公司 可信的远程服务方法及其系统
CN201181942Y (zh) * 2008-01-24 2009-01-14 陕西海基业高科技实业有限公司 用于远程服务业务的数字签名认证系统

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100586065C (zh) * 2006-04-24 2010-01-27 北京易恒信认证科技有限公司 Cpk可信认证系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002069291A2 (fr) * 2001-02-23 2002-09-06 Esignx Corporation Systemes et procedes de transaction electronique
CN1708018A (zh) * 2004-06-04 2005-12-14 华为技术有限公司 一种无线局域网移动终端接入的方法
CN1684406A (zh) * 2004-06-25 2005-10-19 中国银行股份有限公司 提供直通式银行金融服务的方法和系统
US20070136599A1 (en) * 2005-09-09 2007-06-14 Canon Kabushiki Kaisha Information processing apparatus and control method thereof
CN101242271A (zh) * 2008-01-24 2008-08-13 陕西海基业高科技实业有限公司 可信的远程服务方法及其系统
CN201181942Y (zh) * 2008-01-24 2009-01-14 陕西海基业高科技实业有限公司 用于远程服务业务的数字签名认证系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111355801A (zh) * 2020-03-03 2020-06-30 袁爱民 一种远程人工智能通信业务办理系统及其控制方法
CN111355801B (zh) * 2020-03-03 2022-07-22 袁爱民 一种远程人工智能通信业务办理系统及其控制方法

Also Published As

Publication number Publication date
CN101242271A (zh) 2008-08-13
CN101242271B (zh) 2010-12-29

Similar Documents

Publication Publication Date Title
WO2009094949A1 (fr) Procédé et système fiables de téléservices
CN106664208B (zh) 使用安全传输协议建立信任的系统和方法
US9813236B2 (en) Multi-factor authentication using a smartcard
CN101222333B (zh) 一种数据交易处理方法及设备
CN106875173B (zh) 一种认证交易的方法
CN101414909B (zh) 网络应用用户身份验证系统、方法和移动通信终端
WO2015161699A1 (fr) Procédé et système d'interaction de données sécurisés
CN103020825B (zh) 一种基于软体客户端的安全支付认证方法
JP2018088292A (ja) モバイル機器による安全なトランザクションプロセスのためのシステム及び方法
TW201741922A (zh) 一種基於生物特徵的安全認證方法及裝置
CN102202300A (zh) 一种基于双通道的动态密码认证系统及方法
CN102195932A (zh) 一种基于两个隔离设备实现网络身份认证的方法和系统
WO2015161690A1 (fr) Procédé et système d'interaction de données sécurisées
KR20100038990A (ko) 네트워크 인증 시스템의 보안 인증 방법 및 그 장치
CN201181942Y (zh) 用于远程服务业务的数字签名认证系统
JP2015537399A (ja) モバイル決済のためのアプリケーションシステム及びモバイル決済手段を提供する及び用いるための方法
CN101951321A (zh) 一种实现身份认证的装置、系统及方法
US12008568B1 (en) Systems and methods for an authorized identification system
WO2015135392A1 (fr) Procédé et système de paiement sécurisé o2o
WO2015007198A1 (fr) Système de paiement sécurisé par internet et procédé de paiement sécurisé
RU2625949C2 (ru) Способ и система, использующие кибер-идентификатор для обеспечения защищенных транзакций
TW201421393A (zh) 行動裝置互動式二維條碼交易資訊傳輸及驗證之系統及其方法
TWI772908B (zh) 以線上快速認證之硬體載具認證並簽章之系統及方法
TWI607402B (zh) 網路轉帳方法及系統
TWI753102B (zh) 實名認證服務系統及實名認證服務方法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09706357

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09706357

Country of ref document: EP

Kind code of ref document: A1