WO2015139172A1 - Dispositif et procédé pour fournir un service en ligne - Google Patents

Dispositif et procédé pour fournir un service en ligne Download PDF

Info

Publication number
WO2015139172A1
WO2015139172A1 PCT/CN2014/073521 CN2014073521W WO2015139172A1 WO 2015139172 A1 WO2015139172 A1 WO 2015139172A1 CN 2014073521 W CN2014073521 W CN 2014073521W WO 2015139172 A1 WO2015139172 A1 WO 2015139172A1
Authority
WO
WIPO (PCT)
Prior art keywords
online service
network online
interface
host machine
network
Prior art date
Application number
PCT/CN2014/073521
Other languages
English (en)
Chinese (zh)
Inventor
曾凯
王怡
周大文
刘华军
安思宇
陈梦霄
Original Assignee
中国工商银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国工商银行股份有限公司 filed Critical 中国工商银行股份有限公司
Priority to CN201480032949.8A priority Critical patent/CN105308623B/zh
Priority to PCT/CN2014/073521 priority patent/WO2015139172A1/fr
Publication of WO2015139172A1 publication Critical patent/WO2015139172A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • H04L69/085Protocols for interworking; Protocol conversion specially adapted for interworking of IP-based networks with other networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • Network online service providing device and method
  • the present invention relates to the technical field of data processing, and in particular, to a network online service providing apparatus and method. Background technique
  • online online services are also facing a large security threat while providing convenience, especially vulnerable to application layer attacks, which limits the possibility of users using online online services on any PC.
  • the application layer attacks mainly include the following:
  • Phishing attacks that is, the attacker uses a pre-designed fake website to exploit the weak security awareness of the customer to trick the customer into logging in, causing the customer to be liable to disclose information or cause losses.
  • Authentication methods for a single cipher class are less able to protect against such attacks;
  • HTML Hypertext Markup Language
  • SSL Secure Sockets Layer
  • IDS Intrusion Detection Systems
  • the embodiment of the present invention provides a network online service providing device, which aims to reduce the security risk and improve the security of the data.
  • the device is connected to the host machine through the interface independently of the host machine, and includes:
  • the online online service access module has a built-in browser for accessing the online server of the network, and obtains a web online service interface in the HTML code format of the hypertext markup language;
  • a remote desktop service controller connected to the network online service access module, configured to map the network online service interface obtained by the network online service access module into a network online service interface of a picture format displayed on the host machine, And providing a web online service interface of the picture format to the host machine for display.
  • the network online service providing apparatus further includes:
  • a network online service processing module configured to receive transaction data input by a host machine in a network online service interface of the picture format, and construct a signature data packet according to the transaction data;
  • the signature authentication module is connected to the network online service processing module, configured to sign the transaction data according to the signature data packet, and submit the signed transaction data to the network online server for signature verification.
  • the network online service providing apparatus further includes: a display screen, configured to display transaction information that the signature authentication module needs to confirm by the user in the process of signing the transaction data according to the signature data packet.
  • the network online service providing apparatus further includes: a confirmation button, configured for the user to confirm the transaction information displayed on the display screen.
  • the host machine comprises: a television or a computer.
  • the interface is a high definition multimedia interface HDMI interface
  • the interface is a universal serial bus USB interface.
  • the embodiment of the present invention further provides a network online service providing method, so as to achieve the purpose of reducing security risks and improving data security, wherein the method includes:
  • Accessing a web online server obtaining a web online service interface in a hypertext markup language HTML code format; drawing a web online service interface of the obtained HTML code format into a web online service interface of a picture format displayed on a host machine, and The web online service interface of the picture format is provided to the host machine for display.
  • the method further includes:
  • the transaction data is signed according to the signature data packet, and the signed transaction data is submitted to a network online server for signature verification.
  • the method before receiving the transaction data input by the host machine in the network online service interface of the picture format, and constructing the signature data packet according to the transaction data, the method further includes:
  • the verification information includes: a username and a password.
  • the network online service interface of the obtained HTML code format is drawn into a network online service interface of a picture format displayed on the host machine, including:
  • the web online service interface in HTML code format is converted into a web-based online service interface in the image format according to a predetermined encoding method.
  • the method before accessing the network online server, the method further includes:
  • an apparatus and method for providing online service of a network are provided.
  • the device is independent of a host machine, and is provided with a network online service access module, a remote desktop service controller, and a network online service access module to obtain HTML.
  • Formatted web interface and then convert the HTML format web interface to the image format web interface through the remote desktop service controller and display it on the host machine for display, because the web interface of the image format is difficult to be cracked, so it can be effective
  • FIG. 1 is a structural block diagram of a network online service providing apparatus according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a method for providing a network online service according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of the appearance of a network online service providing apparatus according to an embodiment of the present invention.
  • FIG. 4 is a schematic diagram showing the hardware structure of a network online service providing apparatus according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of functional modules of a network online service providing apparatus according to an embodiment of the present invention.
  • FIG. 6 is a flow chart of a method for starting a network online service using a network online service providing apparatus according to an embodiment of the present invention
  • FIG. 7 is a flowchart of a method for performing transaction processing by a network online service providing apparatus according to an embodiment of the present invention. detailed description
  • the inventor thought that if the verification of information or the encryption of information is not performed on the PC, it should be possible to reduce security.
  • Risk for example, a secure operation of signing information, etc. can be ported to a separate device, allowing the device to exist independently of the host machine, and at the same time, the device converts the HTML content of the web page into a difficult
  • the content of the webpage in a graphical format that is deciphered and attacked is then displayed on the host machine for display, thereby effectively improving the security of the information.
  • a network online service providing apparatus is provided.
  • the apparatus is connected to a host machine through an interface independently of a host machine.
  • the apparatus includes:
  • the network online service access module 101 has a built-in browser for accessing a network online server, and obtains a web online service interface in a hypertext markup language HTML code format;
  • the remote desktop service controller 102 is connected to the network online service access module 101, and is configured to map the network online service interface acquired by the network online service access module 101 into a network format displayed on the host machine.
  • the online service interface is provided, and the network online service interface of the picture format is provided to the host machine for display.
  • a device for providing online service of the network is provided, the device is independent of the host machine, and the network online service access module and the remote desktop service controller are set, and the network online service access module obtains the webpage in HTML format. Interface, and then convert the HTML format web interface to the image format web interface through the remote desktop service controller and display it on the host machine for display, because the web interface of the image format is difficult to be solved, so the existing existing solution can effectively solve the existing In the technology, the technical problem of using the online online service on the fixed PC has a large security risk, and the technical effect of reducing the security risk and improving the security of the data is achieved.
  • the device further includes: a module, configured to receive transaction data input by a host machine in a network online service interface of the picture format, and construct a signature data packet according to the transaction data; a signature authentication module, connected to the network online service processing module And configured to sign the transaction data according to the signature data packet, and submit the signed transaction data to the network online server for signature verification.
  • a display screen can be set on the network online service providing device through the display screen.
  • the transaction information that the user confirms is required.
  • the network online service providing device may further be provided with a confirmation button for the user to display on the display screen. The transaction information is confirmed.
  • the host machine may include: a machine with a display screen and an input function such as a television or a computer, considering that different machines are suitable for different interfaces, in the case where the host machine is a television, the interface can select high definition.
  • the High Definition Multimedia Interface (HDMI) interface allows the interface to select the Universal Serial Bus (USB) interface when the host machine is a computer.
  • HDMI High Definition Multimedia Interface
  • USB Universal Serial Bus
  • the embodiment of the present invention further provides a method for performing transaction processing using the above-mentioned network online service providing apparatus. As shown in FIG. 2, the method includes the following steps:
  • Step 201 Access a network online server to obtain a web online service interface in a hypertext markup language HTML code format
  • Step 202 The obtained online service interface of the HTML code format is drawn into a network online service interface of a picture format displayed on the host machine, and the network online service interface of the picture format is provided to the host machine. display.
  • the method further includes: receiving, by the host machine, transaction data input by a user in a network online service interface of the picture format, and constructing a signature data packet according to the transaction data; according to the signature data packet The transaction data is signed, and the signed transaction data is submitted to a network online server for signature verification.
  • the method further includes: receiving a connection request initiated by the client control in the host machine; determining whether the connection request satisfies a connection condition, and if yes, initiating the built-in browsing Accessing the network online server through the built-in browser, that is, having a client control in the host machine, through which the user's connection request can be sent to the network online service providing device to trigger the device to access the network Online server.
  • the foregoing step 202 may include: receiving an HTML online network service interface sent by the network online server to the remote desktop service controller; encoding the HTML online service interface in the HTML format as displayed on the host machine according to a predetermined encoding manner. Image format web server interface. Because each frame of the projected image is encoded and output in a special way, the position and content of the elements in the page (into the HTML text box) are not easy to analyze, thereby increasing the difficulty for the hacker to parse or tamper with the page elements, and reducing the unauthorized attack. risk.
  • the basic login information of the user needs to be verified, for example: a username and a password, so the transaction sent by the user sent by the host machine in the online server interface of the picture format is input.
  • Data, and organizing the transaction data, before constructing the signature data packet further comprising: receiving verification information input in a network online server interface of a picture format displayed by the user on the host machine; by using a network in the host machine The verification information is sent to a network online server for authentication.
  • the client control in the host machine monitors and transmits the operation information to the network online service providing device, and the device passes the verification information input by the user.
  • the host machine's network is sent to the network online server. After the online server verification is passed, the online service is successfully registered.
  • the network online service device can access a computer through a USB interface (hereinafter referred to as a host PC), and the shape can be similar to a USB disk.
  • the device is provided with a display screen and a button, and the device is provided with an operating system and a browser, and provides high performance.
  • CPU, large memory and large storage capacity, all data processing and processing is done by the CPU inside the device.
  • the host PC provides a human-computer interaction interface for the portable network online service device.
  • the host PC mainly includes: a keyboard, a display, and a network communication function.
  • the network online service device bypasses the processing at the host PC application level. It avoids common PC client attacks.
  • the network online service device pre-installs the drivers and control programs necessary for the online online service. The customer does not need to install it himself, and realizes plug-and-play, which is convenient for customers to carry out in the mobile PC scenario.
  • the network online service uses the server pushdown method for the subsequent patch installation or upgrade maintenance of the online service device.
  • the device can build a relatively closed software and hardware environment independent of the host PC, in which the customer can conveniently and quickly perform online online services without setting up and preparing for the host PC, and trading The process is not susceptible to common attacks from clients.
  • FIG. 3 is a schematic diagram of the appearance of the device, including: a device body, a display screen, a control button, and a USB interface.
  • the device body is packaged with a single-chip microcomputer, and the display screen is used for displaying signature information
  • the control button includes a scroll button.
  • Cancel button, confirm button, up and down scroll button is used to view the signature information in the display
  • cancel button and confirm button are used to control the signature
  • the device is connected to the host PC through the USB port, wherein the above signature information is mainly used for The user's province verification, for example, the user name, transaction information, etc. will be displayed on this display for the user to confirm.
  • FIG. 4 is a schematic diagram of a hardware structure of a network online service device, where the device includes:
  • the central processing unit and the central processing unit and random access memory (RAM) connected to the central processing unit are used to run the built-in Linux operating system and its upper application (browser, etc.);
  • FLASH memory which is pre-installed with software such as operating system, browser, control and client driver;
  • the security chip realizes the signature operation of the certificate of the transaction
  • USB interface realize the connection with the host PC, and supply power to the device, connect the device as an IP device to the host PC, and communicate with the host PC through the USB extension protocol;
  • a remote connection interface connected to the USB interface, establishing a remote service connection between the device and a client installed on the host PC;
  • a graphic output interface connected to the USB interface, and outputting a network online service interface of the image format generated by the online banking interface accessed by the built-in browser of the device to the PC client;
  • the client inputs the receiving interface, connects with the USB interface, and receives the information input by the client on the client; 8)
  • the network online service request sending interface is connected with the USB interface, and the built-in browser of the sending device accesses the request message of the online banking login and transaction;
  • the network online service answer accept interface connect with the USB interface, and receive the service response returned by the network online service;
  • Upgrade the update interface connect with the USB interface, receive the upgrade information of the built-in operating system, browser, control and client driver of the device pushed down by the online server, and receive the updated version;
  • Control button control to display the page up and down of the transaction signature information, cancel or confirm the transaction signature process.
  • the above-mentioned CPU can use the high-performance Arm Cortex A8 processor, clocked at 1G, 1G RAM, 512M flash memory.
  • the above security chip can use Z8D168 series.
  • FIG. 5 is a schematic diagram of a function module of the device, including: a remote desktop service control module 501, a network online service module 502, a signature authentication module 503, an interaction module 504, a storage module 505, a client driver module 506, and a communication module 507.
  • the online upgrade module 508 is connected to the remote desktop service control module 501, the signature authentication module 503, the storage module 505, and the communication module 507, and the signature authentication module 503 and the interaction module 504 are connected; the client driver module 506.
  • the online upgrade module 508 is respectively connected to the storage module 505.
  • the communication module 507 is respectively connected to the remote desktop service control module 501 and the online upgrade module 508.
  • the remote desktop service control module 501 realizes communication between the device and the PC client through the remote desktop service, accesses the interface of the online service of the network according to the built-in browser of the device, and draws it into a graphical online network server interface, and projects the image to the host.
  • the display is performed on the PC, and the input operation of the client on the host PC is received.
  • Each frame of the projected image is encoded and output in a special way.
  • the position and content of the elements in the page (for example, the HTML text box) are not easy to analyze. This method increases the difficulty for the hacker to parse or tamper with the page elements, and is effective. Reduce the risk of unauthorized attacks.
  • the network online service module 502 the device-based CPU and RAM run a built-in Linux operating system and a browser, accesses a network online server according to a customer operation, and performs data calculation and processing. Because the built-in browser runs on the customized Linux operating system in the device, the Trojan horse of the general Windows operating system cannot pose a threat to it, and the device has no external write interface, and it is difficult for the hacker to tamper with the browser. Therefore, the browser runs in a closed environment that is isolated from the host PC, providing a guarantee for network online service security.
  • the interaction module 504 displays the signed transaction information through the display screen in the device during the process of signing the network online service by the device, and simultaneously receives the operation performed by the client using the control button of the device.
  • the storage module 505 stores software such as a customized Linux operating system, a browser, a control, and a client driver.
  • the client driver module 506 virtualizes an optical drive device after the device is connected to the PC, and the PC client program and driver are preset in the optical drive device to implement data communication between the device and the PC, so that the client can use the device for the first time on the PC. Installed when the device is installed.
  • the communication module 507 accesses the device as an IP device to the host PC through the USB extension protocol, implements communication between the device and the host PC, and uses the network layer protocol to enable the host PC to provide a network connection for the application in the device to access the Internet, and When the device communicates with the host PC, a secure Sockets Layer (SSL) secure channel is established.
  • SSL Secure Sockets Layer
  • the online upgrade module 508 updates the version of each application according to the upgrade information of the built-in operating system, browser, control, and client driver pushed down by the online server.
  • the data processing involves data flow between the host PC, the PC client and the device.
  • the PC client needs to be installed and run on the host PC, and the PC client is the device and the host PC.
  • An interactive agent the device is connected to the host PC as an IP device, and communicates with the host PC through a USB extension protocol, and the host PC provides a network connection for the application in the device to access the Internet, and provides a basic human-computer interaction interface for the device, wherein Including: graphical interface display, keyboard input, etc., the specific functions can be implemented by the PC client installed in the host PC.
  • the PC client mainly has the following three functions:
  • a network online server eg, a banking system
  • an optical drive device is virtualized, and the PC client program and driver are preset in the optical drive device (data communication between the device and the PC is realized), and the device is used for the first time on a PC, and only the client program needs to be installed.
  • the driver can be, because the controls and drivers used to access the online server of the network are preset in the device, because This does not require the user to install, which improves the user experience.
  • a two-way SSL secure channel is established between the online service device and the PC for data communication, which ensures the security of data transmission.
  • the processing flow when the network online service is started by using the online online service device includes the following steps:
  • Step 601 The user starts the PC client, and the PC client initiates a connection request to the device.
  • Step 602 After the device is started, check whether the connection request is from the PC client, whether the request is legal, and whether the device has a connection condition, that is, whether the operating system, the browser, the remote service, and the like built in the detection device operate normally.
  • Step 603 After the network online service device determines that the connection condition is met, the remote desktop service control module 501 starts the remote desktop service, provides a window rendering remote service for the PC client, and the network online service module 502 starts the built-in browser, waiting for the client to initiate use. The request for the online banking service, and then notify the PC client that the connection is completed.
  • Step 604 After receiving the notification, the PC client starts a window rendering program to access the device through the remote desktop service.
  • Step 605 The remote desktop service control module 501 draws the built-in browser interface graphically, and projects it onto the PC display device, and starts monitoring user input operations, including: mouse, button, and the like.
  • Step 606 The client inputs a Uniform Resource Locator (URL) address of the network online service in the browser address field of the GUI operation interface of the PC client, and the client listens for the customer input during the input process of the client.
  • URL Uniform Resource Locator
  • Step 607 After the client completes the input, the network online service module 502 of the device invokes the browser control built in the device, checks the legality of the client input URL through the whitelist mechanism, timely discovers the phishing website, and sends an alarm signal to the user, thereby reducing The risk of phishing attacks.
  • Step 608 The browser built in the device invokes a network service provided by the host PC operating system by the PC client to initiate a login request to the bank website, and the communication module 507 encrypts the data transmitted between the device and the bank. To ensure the security of the data.
  • Step 609 The bank server returns the login page data to the PC client program through the network layer, and the client forwards the landing page data to the device.
  • Step 610 The built-in browser parses the data, displays the login page, and notifies the PC client program, graphically projects the browser window to the PC display device for display, and presents the login page of the online service to the user.
  • Step 611 The user inputs authentication information such as a username and a password on the online service login page of the network, and the PC client monitors and transmits the operation to the device.
  • Step 612 The built-in browser of the device sends the data input by the user to the network online server through the PC network.
  • Step 613 After the network online server passes the verification, the online service of the login network is successful.
  • Step 701 The device projects the online banking page (equivalent to an HTML online web server interface) to the PC client in a graphic format.
  • the terminal displays the device, the customer conducts a transaction (such as a transfer), and the online bank requires the user to digitally sign the transaction data using a certificate to ensure integrity and non-repudiation.
  • Step 702 The user inputs the transaction data through the PC client human-computer interaction interface, and the client monitors the client operation, transmits it to the network service module 502 of the device, and requests the device to sign the data.
  • Step 703 The network online service module 502 calls the online banking control of the built-in browser of the device to organize the transaction data and construct a signature data packet.
  • Step 704 Sign the data by driving the access signature authentication module 503.
  • Step 705 The interaction module 504 displays the key transaction information that needs to be confirmed by the user in the signing process on the display screen of the device, and the user performs verification and presses a key to confirm.
  • Step 706 The network online service module 502 submits the signature data to the bank server through the PC client for verification, and if the verification is successful, the transaction is executed.
  • the communication between the network online service device and the host PC may be performed by using a USB transmission, a Bluetooth transmission, or a WIFI transmission.
  • a USB transmission When transmitting through Bluetooth or WIFI, the USB only provides the power supply function.
  • the above interface adopts the USB interface only for better description of the present invention, and other interfaces may be used.
  • an HDMI interface may be added, and a high-definition television with networking function is connected through HDMI, and the display function of the television is utilized. , build a temporary computer system to further expand the way to access online services online.
  • the portable online service device that can be carried and is easy to use, access to the computer through the USB interface, similar to the USB key, with display and button device, built-in operating system and browser, and high performance CPU, large memory, large-capacity storage capacity, and independent computing processing capabilities, thus effectively improving the security and ease of use of online online services in any PC scenario.
  • the data operation and processing of this device are completed by the CPU inside the device, and the computing environment is isolated from the host PC, which reduces the commonness of PC clients.
  • the risk of attack especially for the use of online online service protection in mobile PC scenarios, is more obvious.
  • the integrated security chip in the device provides interactive digital signature function, which provides the effect of "what you see is what you sign".
  • the security of the user network online service, the driver and control programs necessary for the online online service are pre-installed in the device, and the customer does not need to install it by itself, thereby realizing the purpose of plug and play, and facilitating the online service of the customer in the mobile PC scenario. .
  • a storage medium is also provided, the software being stored, including but not limited to: an optical disk, a floppy disk, a hard disk, a rewritable memory, and the like.
  • a device for providing network online service provision is provided, which is independent of the host machine, and is provided with a network online service access module and a remote desktop.
  • the service controller, the network online service access module obtains the web interface in HTML format, and then converts the web interface of the HTML format into a webpage interface of the image format through the remote desktop service controller and delivers it to the host machine for display, because the image format
  • the web interface is difficult to be solved, so it can effectively solve the technical problems of using the online online service on the fixed PC in the prior art, and achieve the technical effect of reducing the security risk and improving the security of the data.
  • modules or steps of the embodiments of the present invention can be implemented by a general computing device, which can be concentrated on a single computing device or distributed in multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from The steps shown or described are performed sequentially, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps thereof are fabricated into a single integrated circuit module. Thus, embodiments of the invention are not limited to any particular combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente invention concerne un dispositif et un procédé pour fournir un service en ligne. Le dispositif est indépendant d'une machine hôte, est connecté à la machine hôte par l'intermédiaire d'une interface, et comprend : un module d'accès à un service en ligne ayant un navigateur incorporé pour accéder à un serveur en ligne et obtenir une interface de service en ligne dans un format de code de langage de balisage hypertexte (HTML) ; un dispositif de commande de service de bureau à distance connecté au module d'accès à un service en ligne pour restituer l'interface de service en ligne obtenue par le module d'accès à un service en ligne en une interface de service en ligne dans un format d'image affiché sur la machine hôte, et fournir l'interface de service en ligne dans le format d'image pour la machine hôte pour un affichage. La présente invention résout le problème technique dans l'état de la technique de risque élevé pour la sécurité lors de l'utilisation d'un service en ligne sur un ordinateur personnel (PC) fixe, ainsi réduisant le risque pour la sécurité et améliorant la sécurité des données.
PCT/CN2014/073521 2014-03-17 2014-03-17 Dispositif et procédé pour fournir un service en ligne WO2015139172A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201480032949.8A CN105308623B (zh) 2014-03-17 2014-03-17 网络在线服务提供装置及方法
PCT/CN2014/073521 WO2015139172A1 (fr) 2014-03-17 2014-03-17 Dispositif et procédé pour fournir un service en ligne

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2014/073521 WO2015139172A1 (fr) 2014-03-17 2014-03-17 Dispositif et procédé pour fournir un service en ligne

Publications (1)

Publication Number Publication Date
WO2015139172A1 true WO2015139172A1 (fr) 2015-09-24

Family

ID=54143608

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/073521 WO2015139172A1 (fr) 2014-03-17 2014-03-17 Dispositif et procédé pour fournir un service en ligne

Country Status (2)

Country Link
CN (1) CN105308623B (fr)
WO (1) WO2015139172A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050262438A1 (en) * 2004-05-21 2005-11-24 John Armstrong Methods and apparatus for recording web information
US20080130940A1 (en) * 2006-11-30 2008-06-05 Whitelaw James E Method and system for obscuring and securing financial data in an online banking application
CN102394888A (zh) * 2011-11-11 2012-03-28 汉口银行股份有限公司 一种网上银行预留信息的安全登录方法
CN102739679A (zh) * 2012-06-29 2012-10-17 东南大学 一种基于url分类的钓鱼网站检测方法
US20130054459A1 (en) * 2011-08-26 2013-02-28 Ebay, Inc. Secure payment instruction system
CN103095662A (zh) * 2011-11-04 2013-05-08 阿里巴巴集团控股有限公司 一种网上交易安全认证方法及网上交易安全认证系统

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SE523290C2 (sv) * 2001-10-19 2004-04-06 Smarttrust Systems Oy Metod och anordning i ett kommunikationsnätverk
CN100550733C (zh) * 2005-03-23 2009-10-14 蔡冠群 个人电子身份认证器及其安全认证方法
ES2296518B1 (es) * 2006-05-11 2009-03-01 Inelcan, S.L. "dispositivo firmador externo para pc, con capacidad de comunicacion inalambrica".
CN101739622A (zh) * 2008-11-06 2010-06-16 同方股份有限公司 一种可信支付计算机系统
CN101546546B (zh) * 2009-05-14 2011-07-06 北京千家悦网络科技有限公司 一种网络数据转换装置及其数据转换控制方法
CN102739398A (zh) * 2011-04-12 2012-10-17 深圳市证通电子股份有限公司 网银身份认证的方法及装置

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050262438A1 (en) * 2004-05-21 2005-11-24 John Armstrong Methods and apparatus for recording web information
US20080130940A1 (en) * 2006-11-30 2008-06-05 Whitelaw James E Method and system for obscuring and securing financial data in an online banking application
US20130054459A1 (en) * 2011-08-26 2013-02-28 Ebay, Inc. Secure payment instruction system
CN103095662A (zh) * 2011-11-04 2013-05-08 阿里巴巴集团控股有限公司 一种网上交易安全认证方法及网上交易安全认证系统
CN102394888A (zh) * 2011-11-11 2012-03-28 汉口银行股份有限公司 一种网上银行预留信息的安全登录方法
CN102739679A (zh) * 2012-06-29 2012-10-17 东南大学 一种基于url分类的钓鱼网站检测方法

Also Published As

Publication number Publication date
CN105308623A (zh) 2016-02-03
CN105308623B (zh) 2019-05-31

Similar Documents

Publication Publication Date Title
WO2022206349A1 (fr) Procédé de vérification d'informations, appareil associé, dispositif, et support de stockage
CN108475312B (zh) 用于装置安全外壳的单点登录方法
EP2919435B1 (fr) Terminal de communication et procédé et programme d'ouverture de session sécurisée
EP3138257B1 (fr) Authentification et autorisation de système d'entreprise via une passerelle
US9276926B2 (en) Secure and automated credential information transfer mechanism
JP6656157B2 (ja) ネットワーク接続自動化
JP5809362B2 (ja) 仮想トラステッドランタイムbiosとの通信
JP2020126602A5 (fr)
US20100043065A1 (en) Single sign-on for web applications
WO2015102872A1 (fr) Infrastructure d'applications fractionnées
US9973490B2 (en) Single login authentication for users with multiple IPV4/IPV6 addresses
CA2689847A1 (fr) Verification et authentification de transaction sur reseau
JP2017513107A (ja) セッション共有によるセッションの自動ログインおよびログアウト
US20130104220A1 (en) System and method for implementing a secure USB application device
WO2015192582A1 (fr) Procédé et appareil d'authentification de connexion à un bureau virtuel
US10291599B2 (en) Systems, methods and apparatus for keystroke encryption
CN110781465B (zh) 基于可信计算的bmc远程身份验证方法及系统
US11803398B2 (en) Computing device and associated methods providing browser launching of virtual sessions in an application
US8589683B2 (en) Authentication of a secure virtual network computing (VNC) connection
EP4351086A1 (fr) Procédé de contrôle d'accès, système de contrôle d'accès et dispositif associé
JP5799399B1 (ja) 仮想通信システム
KR101619928B1 (ko) 이동단말기의 원격제어시스템
US11474840B1 (en) Computing device and related methods providing virtual session launching from previously cached assets
US20170279656A1 (en) Methods and systems of providing browser cross-page communication using ports
WO2015139172A1 (fr) Dispositif et procédé pour fournir un service en ligne

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480032949.8

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14886434

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14886434

Country of ref document: EP

Kind code of ref document: A1