WO2014173197A1 - Method for implementing secure transaction of touch terminal - Google Patents

Method for implementing secure transaction of touch terminal Download PDF

Info

Publication number
WO2014173197A1
WO2014173197A1 PCT/CN2014/072100 CN2014072100W WO2014173197A1 WO 2014173197 A1 WO2014173197 A1 WO 2014173197A1 CN 2014072100 W CN2014072100 W CN 2014072100W WO 2014173197 A1 WO2014173197 A1 WO 2014173197A1
Authority
WO
WIPO (PCT)
Prior art keywords
input method
transaction
touch terminal
program
bound
Prior art date
Application number
PCT/CN2014/072100
Other languages
French (fr)
Chinese (zh)
Inventor
王斌
Original Assignee
福建联迪商用设备有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 福建联迪商用设备有限公司 filed Critical 福建联迪商用设备有限公司
Publication of WO2014173197A1 publication Critical patent/WO2014173197A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes

Definitions

  • the present invention relates to the field of secure transactions, and more particularly to a method of implementing secure transactions for touch terminals using, for example, mobile phones, personal digital assistants, portable computers, financial transactions, and the like.
  • the present invention provides a secure and reliable method for securely handling touch terminals.
  • the present invention adopts the following technical solutions:
  • a method for implementing a secure transaction of a touch terminal is:
  • the input method is installed on the touch terminal before the transaction, and the installed input method is bound to the transaction program; when the touch terminal performs the transaction, the bound input method is called, and if the call is successful, the transaction is performed, otherwise the transaction is rejected.
  • the transaction method provided by the present invention further includes setting a successful input method to the current input method and prohibiting the switching input method when the transaction is performed.
  • the touch terminal described in the present invention uses a digital signature to install an input method, and the steps are as follows:
  • the transaction method provided by the present invention further includes when the transaction program ends or is switched from the transaction program to the ordinary course In the sequence, the bound input method switches to the normal input method; when the transaction program is started or switched from the normal program to the transaction program, the normal input method switches to the bound input method.
  • the touch terminal in the present invention is one of a mobile phone, a personal digital assistant, a portable computer, a financial transaction terminal, or a combination thereof.
  • the present invention adopts the above technical solution, by installing and installing an input method in a touch terminal, the installed input method is bound to a transaction program, and an input method bound to the transaction program is used in the transaction process, and switching to the common input method is prohibited. It can avoid unsafe input method to steal user sensitive information, reduce the possibility of data being stolen when inputting sensitive data, strengthen the security of transactions, and make the transaction process more secure and reliable. DRAWINGS
  • 1 is a flow chart showing the installation method of the touch terminal of the present invention
  • FIG. 3 is a diagram showing an input method state switching in a secure transaction of the touch terminal of the present invention.
  • an input method is required to be installed on a touch terminal, such as a mobile terminal, a personal digital assistant, a portable computer, a financial transaction, or the like, before the transaction, the input method of the installation. Bind to the trading program;
  • the touch terminal described in this embodiment uses a digital signature to install the input method.
  • the steps are as follows:
  • the bound input method is invoked, and if the call is successful, the called binding input method is set. For the current input method, and prohibit switching the input method, then you can enter the bank card number and password and other sensitive data on the touch terminal for secure transactions; if the input method of calling the binding is unsuccessful, the bound input method is damaged. Or there are potential insecurities to reject the transaction.
  • the bound input method switches to the normal input method without affecting the user's usage habits.
  • the invention is bound to the transaction program by the input method installed in the touch terminal, and the input method of the installation is bound to the transaction program, and the binding input method is used in the transaction program and the switch to the ordinary input method is prohibited, thereby avoiding the insecure input method stealing.
  • User sensitive information reduces the possibility of data being stolen when inputting sensitive data, enhances security during transactions, and makes the transaction process more secure and reliable.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Physics & Mathematics (AREA)
  • Economics (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Input From Keyboards Or The Like (AREA)
  • Telephone Function (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The present invention provides a method for secure transaction of a touch terminal. According to the method, an input method is installed in the touch terminal, the installed input method is bound on a transaction program, and the bound input method is used in the transaction program and is prohibited from being switched to a common input method, so as to avoid that sensitive information of a user is stolen by an insecure input method, lower the possibility that data is stolen without being noticed when sensitive data is input, enhance the security during the transaction, and enable a transaction process to be more secure and reliable.

Description

一种实现触摸终端安全交易的方法  Method for realizing secure transaction of touch terminal
技术领域 Technical field
本发明涉及安全交易领域, 更具体地涉及一种利用诸如移动电话、个人数字 助理、 便携式计算机、 金融交易等实现触摸终端安全交易的方法。  The present invention relates to the field of secure transactions, and more particularly to a method of implementing secure transactions for touch terminals using, for example, mobile phones, personal digital assistants, portable computers, financial transactions, and the like.
背景技术 Background technique
随着触摸型终端设备大面积的推广, 使得金融交易在终端上面也变得更为 普遍和便捷。但由于一部分使用者缺乏安全意识,在交易过程中不懂得自我保护 使得许多交易敏感数据(比如银行卡号和密码等)容易被不法分子获取, 造成一 定的经济损失。输入法是触摸型终端与使用者交互的重要渠道,一般情况下触摸 型终端的使用者都是通过输入法向终端输入一些敏感数据(比如银行卡的卡号和 密码)。 因此不安全的输入法程序可能第一时间将用户的信息泄露到不法分子手 里。 目前输入法的种类繁多, 一般情况下使用者很难区分输入法是否安全, 这就 使得一些敏感数据在 "不知不觉" 中被不合分子窃取将敏感数据泄露出去。  With the widespread promotion of touch-type terminal devices, financial transactions have become more common and convenient on terminals. However, due to the lack of security awareness of some users, they do not know how to protect themselves during the transaction process. Many transaction sensitive data (such as bank card numbers and passwords) are easily acquired by criminals, causing certain economic losses. The input method is an important channel for the touch-type terminal to interact with the user. In general, the user of the touch-type terminal inputs some sensitive data (such as the card number and password of the bank card) to the terminal through the input method. Therefore, an unsafe input method may leak the user's information to the criminals for the first time. At present, there are many types of input methods. Under normal circumstances, it is difficult for users to distinguish whether the input method is safe. This makes some sensitive data leak out of sensitive data in the "unconsciously".
发明内容 Summary of the invention
有鉴于此, 本发明提供一种安全、 可靠的触摸终端安全交易方法。  In view of this, the present invention provides a secure and reliable method for securely handling touch terminals.
为实现上述目的, 本发明采用如下技术方案:  To achieve the above object, the present invention adopts the following technical solutions:
一种实现触摸终端安全交易的方法, 所述交易方法为:  A method for implementing a secure transaction of a touch terminal, the transaction method is:
交易前在触摸终端上安装输入法, 所述安装的输入法绑定在交易程序上; 当触摸终端进行交易时调用绑定的输入法,若调用成功则进行交易, 否则拒 绝交易。  The input method is installed on the touch terminal before the transaction, and the installed input method is bound to the transaction program; when the touch terminal performs the transaction, the bound input method is called, and if the call is successful, the transaction is performed, otherwise the transaction is rejected.
本发明提供的交易方法还包括在进行交易时,将调用成功的输入法设定为当 前输入法, 并禁止切换输入法。  The transaction method provided by the present invention further includes setting a successful input method to the current input method and prohibiting the switching input method when the transaction is performed.
本发明中所述的触摸终端采用数字签名的方式安装输入法, 步骤如下: The touch terminal described in the present invention uses a digital signature to install an input method, and the steps are as follows:
S 1 : 用私钥对输入法安装包加密; S 1 : encrypting the input method installation package with a private key;
S2 : 触摸终端上保留解密输入法安装包的公钥;  S2: retaining the public key of the decryption input method installation package on the touch terminal;
S3: 安装输入法时, 使用触摸终端上的公钥解密输入法安装包, 解密成功 则标记该输入法为与交易程序绑定的输入法;否则标记为普通输入法或拒绝安装。  S3: When installing the input method, use the public key on the touch terminal to decrypt the input method installation package. If the decryption is successful, the input method is marked as the input method bound to the transaction program; otherwise, it is marked as normal input method or refuses to install.
本发明提供的交易方法还包括,当交易程序结束或由交易程序切换到普通程 序时, 绑定的输入法切换到普通输入法; 当交易程序启动或由普通程序切换到交 易程序时, 普通输入法切换到绑定的输入法。 The transaction method provided by the present invention further includes when the transaction program ends or is switched from the transaction program to the ordinary course In the sequence, the bound input method switches to the normal input method; when the transaction program is started or switched from the normal program to the transaction program, the normal input method switches to the bound input method.
本发明中触摸终端为移动电话、个人数字助理、便携式计算机、 金融交易终 端中的一种或其组合。  The touch terminal in the present invention is one of a mobile phone, a personal digital assistant, a portable computer, a financial transaction terminal, or a combination thereof.
本发明采用以上技术方案,通过在触摸终端是安装安装输入法,所述安装的 输入法绑定在交易程序上,在交易过程中使用与交易程序绑定的输入法并禁止切 换到普通输入法, 可避免不安全输入法窃取用户敏感信息, 降低了在输入敏感数 据时数据被悄悄窃取的可能, 加强了交易时的安全, 使交易过程更加安全可靠。 附图说明  The present invention adopts the above technical solution, by installing and installing an input method in a touch terminal, the installed input method is bound to a transaction program, and an input method bound to the transaction program is used in the transaction process, and switching to the common input method is prohibited. It can avoid unsafe input method to steal user sensitive information, reduce the possibility of data being stolen when inputting sensitive data, strengthen the security of transactions, and make the transaction process more secure and reliable. DRAWINGS
下面结合附图和具体实施方式对本发明作进一步详细的说明:  The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments:
图 1是本发明触摸终端输入法安装流程图;  1 is a flow chart showing the installation method of the touch terminal of the present invention;
图 2是本发明触摸终端安全交易流程图;  2 is a flow chart of the secure transaction of the touch terminal of the present invention;
图 3是本发明触摸终端安全交易中输入法状态切换图。  3 is a diagram showing an input method state switching in a secure transaction of the touch terminal of the present invention.
具体实 式 Specific form
本实施例提供的一种触摸终端安全交易方法中,在进行交易前需要在触摸终 端, 比如移动电话、 个人数字助理、 便携式计算机、 金融交易等触摸终端上安装 输入法, 所述安装的输入法绑定在交易程序上;  In the touch terminal secure transaction method provided by this embodiment, an input method is required to be installed on a touch terminal, such as a mobile terminal, a personal digital assistant, a portable computer, a financial transaction, or the like, before the transaction, the input method of the installation. Bind to the trading program;
如图 1所示, 为了确保安装在触摸终端输入法的安全性,本实施例中所述的 触摸终端采用数字签名的方式安装输入法, 步骤如下:  As shown in FIG. 1, in order to ensure the security of the input method of the touch terminal, the touch terminal described in this embodiment uses a digital signature to install the input method. The steps are as follows:
S 1 : 用私钥对输入法安装包加密;  S 1 : encrypting the input method installation package with a private key;
S2 : 触摸终端上保留解密输入法安装包的公钥;  S2: retaining the public key of the decryption input method installation package on the touch terminal;
S3: 安装输入法时, 使用触摸终端上的公钥解密输入法安装包, 解密成功 则标记该输入法为与交易程序绑定的输入法;否则标记为普通输入法或拒绝安装。  S3: When installing the input method, use the public key on the touch terminal to decrypt the input method installation package. If the decryption is successful, the input method is marked as the input method bound to the transaction program; otherwise, it is marked as normal input method or refuses to install.
如图 2所示, 本发明一种触摸终端安全交易的方法提供的实施例中, 在启 动触摸终端交易程序时, 调用绑定的输入法, 若调用成功则把调用的绑定输入法 设定为当前输入法, 并禁止切换输入法,之后即可在触摸终端上输入银行卡号和 密码等其他敏感数据进行安全交易; 若调用绑定的输入法不成功, 则说明绑定的 输入法受到损坏或存在潜在的不安全因素拒绝交易。  As shown in FIG. 2, in an embodiment provided by the method for securely trading a touch terminal, when the touch terminal transaction program is started, the bound input method is invoked, and if the call is successful, the called binding input method is set. For the current input method, and prohibit switching the input method, then you can enter the bank card number and password and other sensitive data on the touch terminal for secure transactions; if the input method of calling the binding is unsuccessful, the bound input method is damaged. Or there are potential insecurities to reject the transaction.
如图 3所示,在进行触摸终端安全交易或由普通程序切换到交易程序时,普 通输入法切换到与交易程序绑定的输入法, 并禁止输入法的切换,用户在合法输 入法状态下进行交易, 增加交易过程中的可靠性。 As shown in Figure 3, when performing a touch terminal security transaction or switching from a normal program to a transaction program, The input method is switched to the input method bound to the transaction program, and the switching of the input method is prohibited, and the user performs the transaction under the legal input method state, thereby increasing the reliability in the transaction process.
当交易结束或由交易程序切换到普通程序时, 绑定的输入法切换到普通输入 法, 不影响用户的使用习惯。  When the transaction ends or is switched from the trading program to the normal program, the bound input method switches to the normal input method without affecting the user's usage habits.
本发明通过在触摸终端是安装有输入法,所示安装的输入法绑定在交易程序 上,在交易程序中使用绑定的输入法并禁止切换到普通输入法, 可避免不安全输 入法窃取用户敏感信息, 降低了在输入敏感数据时数据被悄悄窃取的可能,加强 了交易时的安全, 使交易过程更加安全可靠。  The invention is bound to the transaction program by the input method installed in the touch terminal, and the input method of the installation is bound to the transaction program, and the binding input method is used in the transaction program and the switch to the ordinary input method is prohibited, thereby avoiding the insecure input method stealing. User sensitive information reduces the possibility of data being stolen when inputting sensitive data, enhances security during transactions, and makes the transaction process more secure and reliable.

Claims

权利要求书 Claim
1. 一种实现触摸终端安全交易的方法, 其特征在于: 所述交易方法为: 交易前在触摸终端上安装输入法, 所述安装的输入法绑定在交易程序上; 当触摸终端进行交易时调用绑定的输入法,若调用成功则进行交易, 否则拒绝交 易。  A method for implementing a secure transaction of a touch terminal, characterized in that: the transaction method is: installing an input method on a touch terminal before the transaction, the installed input method is bound to the transaction program; when the touch terminal performs the transaction The bound input method is called, and if the call is successful, the transaction is performed, otherwise the transaction is rejected.
2. 根据权利要求 1所述的一种实现触摸终端安全交易的方法, 其特征在于: 所 述的交易方法还包括在进行交易时,将调用成功的输入法设定为当前输入法, 并 禁止切换输入法。  2. The method for implementing a secure transaction of a touch terminal according to claim 1, wherein: the transaction method further comprises: setting a successful input method to a current input method when the transaction is performed, and prohibiting Switch the input method.
3. 根据权利要求 1所述的一种实现触摸终端安全交易的方法, 其特征在于: 所述的触摸终端采用数字签名的方式安装输入法, 步骤如下:  3. The method for implementing a secure transaction of a touch terminal according to claim 1, wherein: the touch terminal installs an input method by using a digital signature, and the steps are as follows:
S1 : 用私钥对输入法安装包加密;  S1: Encrypt the input method installation package with the private key;
S2: 触摸终端上保留解密输入法安装包的公钥;  S2: retaining the public key of the decryption input method installation package on the touch terminal;
S3: 安装输入法时, 使用触摸终端上的公钥解密输入法安装包, 解密成功则标 记该输入法为与交易程序绑定的输入法; 否则标记为普通输入法或拒绝安装。  S3: When installing the input method, use the public key on the touch terminal to decrypt the input method installation package. If the decryption succeeds, mark the input method as the input method bound to the transaction program; otherwise, mark it as normal input method or refuse to install.
4. 根据权利要求 1所述的一种实现触摸终端安全交易的方法, 其特征在于: 所 述的方法还包括, 当交易程序结束或由交易程序切换到普通程序时, 绑定的输入 法切换到普通输入法; 当交易程序启动或由普通程序切换到交易程序时,普通输 入法切换到绑定的输入法。  4. The method for implementing a secure transaction of a touch terminal according to claim 1, wherein: the method further comprises: when the transaction program ends or is switched from a transaction program to a normal program, the bound input method is switched. To the normal input method; when the transaction program is started or switched from the normal program to the transaction program, the normal input method switches to the bound input method.
5. 根据权利要求 1或 4所述的一种实现触摸终端安全交易的方法,其特征在于: 所述的触摸终端为移动电话、个人数字助理、便携式计算机、 金融交易终端中的 一种或其组合。  The method for implementing secure transaction of a touch terminal according to claim 1 or 4, wherein: the touch terminal is one of a mobile phone, a personal digital assistant, a portable computer, a financial transaction terminal or combination.
PCT/CN2014/072100 2013-04-26 2014-02-14 Method for implementing secure transaction of touch terminal WO2014173197A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310151008.3A CN103236012B (en) 2013-04-26 2013-04-26 Method for realizing safe transaction of touch terminal
CN201310151008.3 2013-04-26

Publications (1)

Publication Number Publication Date
WO2014173197A1 true WO2014173197A1 (en) 2014-10-30

Family

ID=48884051

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/072100 WO2014173197A1 (en) 2013-04-26 2014-02-14 Method for implementing secure transaction of touch terminal

Country Status (2)

Country Link
CN (1) CN103236012B (en)
WO (1) WO2014173197A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103236012B (en) * 2013-04-26 2017-05-17 福建联迪商用设备有限公司 Method for realizing safe transaction of touch terminal
CN103853993B (en) * 2014-03-26 2017-12-29 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN107589987B (en) * 2017-08-18 2020-11-13 广州酷狗计算机科技有限公司 Software control method, device and computer readable storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008027222A (en) * 2006-07-21 2008-02-07 Nomura Research Institute Ltd Authentication system, authentication method, and authentication program
CN101316411A (en) * 2008-05-20 2008-12-03 深圳华为通信技术有限公司 Method for inputting communication information, method for transmitting communication information, and communication terminal
CN103021080A (en) * 2012-12-24 2013-04-03 广州市易票联支付技术有限公司 Anti-peep input method and intelligent terminal
CN103020540A (en) * 2012-11-29 2013-04-03 北京掌上汇通科技发展有限公司 Processing method and system for sensitive data, mobile terminal and server equipment
CN103236012A (en) * 2013-04-26 2013-08-07 福建联迪商用设备有限公司 Method for realizing safe transaction of touch terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008027222A (en) * 2006-07-21 2008-02-07 Nomura Research Institute Ltd Authentication system, authentication method, and authentication program
CN101316411A (en) * 2008-05-20 2008-12-03 深圳华为通信技术有限公司 Method for inputting communication information, method for transmitting communication information, and communication terminal
CN103020540A (en) * 2012-11-29 2013-04-03 北京掌上汇通科技发展有限公司 Processing method and system for sensitive data, mobile terminal and server equipment
CN103021080A (en) * 2012-12-24 2013-04-03 广州市易票联支付技术有限公司 Anti-peep input method and intelligent terminal
CN103236012A (en) * 2013-04-26 2013-08-07 福建联迪商用设备有限公司 Method for realizing safe transaction of touch terminal

Also Published As

Publication number Publication date
CN103236012B (en) 2017-05-17
CN103236012A (en) 2013-08-07

Similar Documents

Publication Publication Date Title
US8700908B2 (en) System and method for managing secure information within a hybrid portable computing device
CN202004846U (en) Cellphone shield capable of protecting mobile payment security
CN101511083B (en) Authentication method and terminal for telecom smart card
CN104463013A (en) Mobile terminal and data encryption method thereof
CN105205374A (en) Application program encrypting method and user terminal
US20170169213A1 (en) Electronic device and method for running applications in different security environments
WO2019047148A1 (en) Password verification method, terminal, and computer readable storage medium
CN104091133A (en) Method for protecting security of terminal, terminal and system
CN103488918A (en) Application encrypting method and device for intelligent terminal
CN103034417A (en) Unlocking method for touch screen and terminal equipment
CN107491732A (en) A kind of identity authentication method and terminal
BR112018013306B1 (en) METHOD AND SYSTEM OF BANK CARD PASSWORD PROTECTION
CN113704826A (en) Privacy protection-based business risk detection method, device and equipment
CN101483871A (en) Touch screen terminal, authentication method and system thereof
Frisby et al. Security Analysis of Smartphone Point-of-Sale Systems.
Akram et al. Trusted platform module for smart cards
CN102521169B (en) Confidential USB (universal serial bus) memory disk with display screen and security control method of confidential USB memory disk
WO2014173197A1 (en) Method for implementing secure transaction of touch terminal
US20240127250A1 (en) Resource transfer methods, apparatuses, and devices
CN103902205B (en) A kind of information processing method and electronic equipment
CN108520186A (en) Record screen method, mobile terminal and computer readable storage medium
WO2016180234A1 (en) Method and apparatus for building secure environment
CN101383833A (en) Apparatus and method for enhancing PIN code input security of intelligent cipher key apparatus
WO2017000343A1 (en) Fingerprint unlocking method and terminal
CN108270741B (en) Mobile terminal authentication method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14788684

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205N DATED 15/01/2016)

122 Ep: pct application non-entry in european phase

Ref document number: 14788684

Country of ref document: EP

Kind code of ref document: A1