WO2016101824A1 - Internet-based security information interaction method - Google Patents

Internet-based security information interaction method Download PDF

Info

Publication number
WO2016101824A1
WO2016101824A1 PCT/CN2015/097569 CN2015097569W WO2016101824A1 WO 2016101824 A1 WO2016101824 A1 WO 2016101824A1 CN 2015097569 W CN2015097569 W CN 2015097569W WO 2016101824 A1 WO2016101824 A1 WO 2016101824A1
Authority
WO
WIPO (PCT)
Prior art keywords
security information
information interaction
internet
security
carrier
Prior art date
Application number
PCT/CN2015/097569
Other languages
French (fr)
Chinese (zh)
Inventor
陈成钱
郭伟
周钰
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2016101824A1 publication Critical patent/WO2016101824A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates to an information interaction method, and more particularly to an Internet-based security information interaction method.
  • online security information that is, information requiring high security, such as financial transactions
  • networks especially mobile networks.
  • the interaction of information is becoming more and more important.
  • the existing Internet-based security information interaction system and method generally require a user to input sensitive information related to security information interaction on a specific user interface via an Internet terminal (for example, an account ID and a password are required when using online banking) or a user's
  • the sensitive information related to the security information interaction is stored in a third-party server (for example, when using an express payment method such as Alipay, the user's account information is stored in a third-party back-end server) to complete the subsequent security information interaction process.
  • the present invention proposes an Internet-based security information interaction method with high security and convenient use.
  • An Internet-based security information interaction method includes the following steps:
  • the security information interaction service party issues and sets security information to the user according to the user application.
  • (A2) the user performs a security information interaction process via the Internet terminal and the security information interaction device and the security information carrier when the security information interaction is required, wherein the security information interaction is performed. Users do not need to enter sensitive information during the process.
  • the association relationship between the security information interaction device and the security information carrier is stored in a data processing server of the security information interaction service party.
  • the step (A1) further comprises: writing an identifier of the security information interaction device and a first transmission key into the security information interaction device, and The identifier of the security information carrier and the second transport key and the third transport key are written in the security information carrier.
  • the security information interaction device and the security information carrier pass a mapping between an identifier of the security information interaction device and an identifier of the security information carrier Relationship is associated.
  • the step (A2) further comprises: when the security information interaction is expected to be performed, the user performs the pre-operation in the following manner: activating the security information on the first internet terminal a carrier for establishing a secure channel between the security information carrier and the data processing server, and subsequently encrypting the identifier of the security information carrier based on the second transport key
  • the secure channel is transmitted to the data processing server.
  • the step (A2) further comprises: when the actual security information interaction is required, the user activates the security information interaction device on the second Internet terminal, and receives Upon receipt of the device identifier acquisition instruction from the data processing server, the security information interaction device transmits its identifier to the data processing server in an encrypted manner based on the first transmission key.
  • the step (A2) further comprises: after receiving the identifier of the security information interaction device, the data processing server searches for security associated with it based on the identifier Information carrier identifier, and if the search is successful, via a secure channel
  • the security information carrier indicated by the found security information carrier identifier transmits a sensitive information acquisition instruction.
  • the step (A2) further comprises: after receiving the sensitive information acquisition instruction, the security information carrier is encrypted in an encrypted manner based on the third transmission key
  • the sensitive information associated with the security information interaction is transmitted to the data processing server via a secure channel.
  • the step (A2) further comprises: the data processing server completing the subsequent actual security information interaction process based on the received sensitive information related to the security information interaction.
  • An Internet-based security information interaction method includes the following steps:
  • the security information interaction service party issues and sets a security information interaction device and a security information carrier to the user according to the user application and associates the security information interaction device with the security information carrier, wherein the user and the security The sensitive information related to the sexual information interaction and its association with the security information carrier are stored in the data processing server of the security information interaction service party;
  • (A2) the user performs a security information interaction process via the Internet terminal and the security information interaction device and the security information carrier when the security information interaction is required, wherein the security information interaction is performed. Users do not need to enter sensitive information during the process.
  • the Internet-based security information interaction method disclosed in the present invention with high security and convenient use has the following advantages: (1) since the user does not need to input sensitive information during the security information interaction process, the user can effectively avoid being The possibility of intercepting or being maliciously obtained, thereby significantly improving security; (2) avoiding the risk of sensitive information being leaked due to poor supervision because it does not need to store sensitive information on a third-party back-end server; (3) The security information interaction device and the security information carrier are used separately, so that the security and the convenience of use are remarkably improved.
  • FIG. 1 is a flow chart of an Internet-based security information interaction method in accordance with an embodiment of the present invention.
  • the first embodiment of the Internet-based security information interaction method disclosed by the present invention includes the following steps: (A1) A security information interaction service party (for example, a bank) issues and sets security according to a user application. a sexual information interaction device and a security information carrier and associating the security information interaction device with the security information carrier, wherein the security information carrier carries sensitive information of the user's interaction with the security information (eg user (A2) the user completes the security information interaction process via the Internet terminal and by means of the holistic information interaction device and the security information carrier when the security information interaction is required, wherein During the security information interaction process, the user does not need to input sensitive information.
  • a security information interaction service party for example, a bank
  • the association relationship between the security information interaction device and the security information carrier is stored in the security information interaction.
  • the step (A1) further includes: identifier of the security information interaction device and the first transmission key Writing into the security information interaction device, and writing the identifier of the security information carrier and the second transmission key and the third transmission key into the security information carrier.
  • the security information interaction device and the security information carrier pass the identifier of the security information interaction device and The mapping relationship between the identifiers of the security information carriers is associated.
  • the step (A2) further comprises: when the security information interaction is expected to be performed, the user performs the pre-operation in the following manner Enabling the security information carrier on a first internet terminal (eg a smart phone) such that the security information carrier establishes a secure channel with the data processing server and is subsequently based on the second transmission
  • the key transmits the identifier of the security information carrier to the data processing server via the secure channel in an encrypted manner.
  • the step (A2) further includes: when the actual security information interaction is required, the user is in the second Internet terminal. Activating (eg, inserting or opening) the security information interaction device (eg, a laptop) and receiving a device identifier acquisition instruction from the data processing server (eg, upon receiving a payment request initiated by the merchant) After the data processing server issues a device identifier acquisition command to the user using the portable computer of the purchase item thereof, the security information interaction device transmits its identifier to the identifier based on the first transmission key in an encrypted manner to The data processing server.
  • the security information interaction device eg, a laptop
  • the step (A2) further includes: after receiving the identifier of the security information interaction device, the The data processing server searches for a security information carrier identifier associated therewith based on the identifier, and if the lookup is successful, transmits a sensitive information acquisition instruction to the security information carrier indicated by the found security information carrier identifier via the secure channel .
  • the step (A2) further includes: after receiving the sensitive information acquisition instruction, the security information carrier
  • the sensitive information related to the security information interaction is transmitted to the data processing server via a secure channel in an encrypted manner based on the third transport key.
  • the step (A2) further comprises: the data processing server is based on the received sensitivity related to the security information interaction.
  • the information completes the subsequent actual security information interaction process.
  • the actual security information interaction process can be repeatedly performed (ie, Different actual security information interaction processes can be performed multiple times).
  • the security information interaction device is a USB key, or a MicroSD, or an eSE, or a SIM card, or application software.
  • the security information carrier is an eSE, or a smart SD card.
  • a security information carrier can be associated with multiple security information interaction devices.
  • the security information carrier can be set to automatically deactivate after activating, if a predetermined time threshold is exceeded (ie closed).
  • the user can remove the security information interaction device and the security information via the security information interaction service party or the specific user interface.
  • the security information carrier carries sensitive information that does not include a user's interaction with security information, and the user's The sensitive information related to the security information interaction and its association with the security information carrier are stored directly in the data processing server.
  • the data processing server after receiving the identifier of the security information interaction device, the data processing server searches for the identifier based on the identifier.
  • the security information carrier identifier and if the lookup is successful, directly extracts the sensitive information stored therein that is associated with the security information carrier indicated by the found security information carrier identifier.
  • the security information carrier is in the form of application software and runs in a Trusted Execution Environment (TEE) based operating system. .
  • TEE Trusted Execution Environment
  • the Internet-based security information interaction method disclosed in the present invention has the following advantages: (1) Since the user does not need to input sensitive information during the security information interaction process, the interception or malicious acquisition can be effectively avoided. The possibility of significantly improving security; (2) avoiding the risk of sensitive information being leaked due to poor supervision due to the fact that sensitive information is not stored on a third-party back-end server; (3) due to security information interaction device Separate use from the security information carrier, which significantly improves security and ease of use.

Abstract

Proposed is an Internet-based security information interaction method. The method comprises: according to a user application, a security information interaction serving party granting a security information interaction device and a security information carrier to a user and setting same, and associating the security information interaction device with the security information carrier, wherein the security information carrier carries sensitive information about the user associated with security information interaction; and when the user needs to conduct security information interaction, completing a security information interaction process via an Internet terminal and by virtue of the security information interaction device and the security information carrier, wherein in the process of performing security information interaction, the user does not need to input the sensitive information. The Internet-based security information interaction method disclosed in the present invention has high security and is convenient to use.

Description

基于互联网的安全性信息交互方法Internet-based security information interaction method 技术领域Technical field
本发明涉及信息交互方法,更具体地,涉及基于互联网的安全性信息交互方法。The present invention relates to an information interaction method, and more particularly to an Internet-based security information interaction method.
背景技术Background technique
目前,随着网络应用的日益广泛以及不同领域的业务种类的日益丰富,通过网络(特别是移动网络)进行联机方式的安全性信息(即对安全性要求较高的信息,例如与金融交易相关的信息)的交互变得越来越重要。At present, with the increasing use of network applications and the increasing variety of services in different fields, online security information (that is, information requiring high security, such as financial transactions), is carried out through networks (especially mobile networks). The interaction of information) is becoming more and more important.
现有的基于互联网的安全性信息交互系统及方法通常需要用户经由互联网终端在特定用户界面上输入与安全性信息交互相关的敏感信息(例如使用网银时需要输入账户ID及密码)或者将用户的与安全性信息交互相关的敏感信息存储在第三方的服务器中(例如使用诸如支付宝的快捷支付方式时,用户的账户信息存储在第三方的后台服务器中)以完成后续的安全性信息交互过程。The existing Internet-based security information interaction system and method generally require a user to input sensitive information related to security information interaction on a specific user interface via an Internet terminal (for example, an account ID and a password are required when using online banking) or a user's The sensitive information related to the security information interaction is stored in a third-party server (for example, when using an express payment method such as Alipay, the user's account information is stored in a third-party back-end server) to complete the subsequent security information interaction process.
然而,现有的技术方案存在如下问题:(1)用户输入的与安全性信息交互相关的敏感信息可能会被截取或者通过钓鱼网站而被恶意获取,从而存在较大的潜在安全隐患;(2)存在由于第三方的后台服务器的监管不善而导致的用户敏感信息泄露的风险。However, the existing technical solutions have the following problems: (1) sensitive information related to the interaction of security information input by the user may be intercepted or maliciously obtained through the phishing website, thereby presenting a large potential security risk; (2) There is a risk of user sensitive information being leaked due to poor supervision of the third party's backend server.
因此,存在如下需求:提供具有高的安全性并且使用便捷的基于互联网的安全性信息交互方法。Therefore, there is a need to provide an Internet-based security information interaction method with high security and ease of use.
发明内容Summary of the invention
为了解决上述现有技术方案中所存在的问题,本发明提出了具有高的安全性并且使用便捷的基于互联网的安全性信息交互方法。In order to solve the problems in the above prior art solutions, the present invention proposes an Internet-based security information interaction method with high security and convenient use.
本发明的目的是通过以下技术方案实现的:The object of the invention is achieved by the following technical solutions:
一种基于互联网的安全性信息交互方法,所述基于互联网的安全性信息交互方法包括下列步骤:An Internet-based security information interaction method, the Internet-based security information interaction method includes the following steps:
(A1)安全性信息交互服务方根据用户申请向用户发放并设置安全性信息 交互设备和安全性信息载体并且将该安全性信息交互设备和该安全性信息载体相关联,其中,所述安全性信息载体携载用户的与安全性信息交互相关的敏感信息;(A1) The security information interaction service party issues and sets security information to the user according to the user application. An interaction device and a security information carrier and associating the security information interaction device with the security information carrier, wherein the security information carrier carries sensitive information of the user's interaction with the security information;
(A2)所述用户在需要进行安全性信息交互时经由互联网终端并借助所述全性信息交互设备和所述安全性信息载体完成安全性信息交互过程,其中,在进行所述安全性信息交互过程期间,用户无需输入敏感信息。(A2) the user performs a security information interaction process via the Internet terminal and the security information interaction device and the security information carrier when the security information interaction is required, wherein the security information interaction is performed. Users do not need to enter sensitive information during the process.
在上面所公开的方案中,优选地,所述安全性信息交互设备和所述安全性信息载体之间的关联关系被存储在安全性信息交互服务方的数据处理服务器中。In the solution disclosed above, preferably, the association relationship between the security information interaction device and the security information carrier is stored in a data processing server of the security information interaction service party.
在上面所公开的方案中,优选地,所述步骤(A1)进一步包括:将所述安全性信息交互设备的标识符以及第一传输密钥写入所述安全性信息交互设备中,以及将所述安全性信息载体的标识符以及第二传输密钥和第三传输密钥写入所述安全性信息载体中。In the solution disclosed above, preferably, the step (A1) further comprises: writing an identifier of the security information interaction device and a first transmission key into the security information interaction device, and The identifier of the security information carrier and the second transport key and the third transport key are written in the security information carrier.
在上面所公开的方案中,优选地,所述安全性信息交互设备和所述安全性信息载体通过所述安全性信息交互设备的标识符和所述安全性信息载体的标识符之间的映射关系而被关联。In the solution disclosed above, preferably, the security information interaction device and the security information carrier pass a mapping between an identifier of the security information interaction device and an identifier of the security information carrier Relationship is associated.
在上面所公开的方案中,优选地,所述步骤(A2)进一步包括:在预期将进行安全性信息交互时,用户以如下方式执行预操作:在第一互联网终端上激活所述安全性信息载体,以使所述安全性信息载体建立与所述数据处理服务器之间的安全通道,并且随之基于所述第二传输密钥以加密的方式将所述安全性信息载体的标识符经由所述安全通道传送至所述数据处理服务器。In the solution disclosed above, preferably, the step (A2) further comprises: when the security information interaction is expected to be performed, the user performs the pre-operation in the following manner: activating the security information on the first internet terminal a carrier for establishing a secure channel between the security information carrier and the data processing server, and subsequently encrypting the identifier of the security information carrier based on the second transport key The secure channel is transmitted to the data processing server.
在上面所公开的方案中,优选地,所述步骤(A2)进一步包括:在需要进行实际的安全性信息交互时,用户在第二互联网终端上激活所述安全性信息交互设备,并且在接收到来自所述数据处理服务器的设备标识符获取指令后,所述安全性信息交互设备基于所述第一传输密钥以加密的方式将其标识符传送至所述数据处理服务器。In the solution disclosed above, preferably, the step (A2) further comprises: when the actual security information interaction is required, the user activates the security information interaction device on the second Internet terminal, and receives Upon receipt of the device identifier acquisition instruction from the data processing server, the security information interaction device transmits its identifier to the data processing server in an encrypted manner based on the first transmission key.
在上面所公开的方案中,优选地,所述步骤(A2)进一步包括:在接收到所述安全性信息交互设备的标识符后,所述数据处理服务器基于该标识符查找与其相关联的安全性信息载体标识符,并且如果查找成功,则经由安全通道向 查找出的安全性信息载体标识符所指示的安全性信息载体发送敏感信息获取指令。In the solution disclosed above, preferably, the step (A2) further comprises: after receiving the identifier of the security information interaction device, the data processing server searches for security associated with it based on the identifier Information carrier identifier, and if the search is successful, via a secure channel The security information carrier indicated by the found security information carrier identifier transmits a sensitive information acquisition instruction.
在上面所公开的方案中,优选地,所述步骤(A2)进一步包括:在接收到所述敏感信息获取指令后,所述安全性信息载体基于所述第三传输密钥以加密的方式将所述与安全性信息交互相关的敏感信息经由安全通道传送至所述数据处理服务器。In the solution disclosed above, preferably, the step (A2) further comprises: after receiving the sensitive information acquisition instruction, the security information carrier is encrypted in an encrypted manner based on the third transmission key The sensitive information associated with the security information interaction is transmitted to the data processing server via a secure channel.
在上面所公开的方案中,优选地,所述步骤(A2)进一步包括:所述数据处理服务器基于接收到的与安全性信息交互相关的敏感信息完成后续的实际安全性信息交互过程。In the solution disclosed above, preferably, the step (A2) further comprises: the data processing server completing the subsequent actual security information interaction process based on the received sensitive information related to the security information interaction.
本发明的目的还可以通过以下技术方案实现:The object of the present invention can also be achieved by the following technical solutions:
一种基于互联网的安全性信息交互方法,所述基于互联网的安全性信息交互方法包括下列步骤:An Internet-based security information interaction method, the Internet-based security information interaction method includes the following steps:
(A1)安全性信息交互服务方根据用户申请向用户发放并设置安全性信息交互设备和安全性信息载体并且将该安全性信息交互设备和该安全性信息载体相关联,其中,用户的与安全性信息交互相关的敏感信息以及其与安全性信息载体的关联关系被存储在所述安全性信息交互服务方的数据处理服务器中;(A1) The security information interaction service party issues and sets a security information interaction device and a security information carrier to the user according to the user application and associates the security information interaction device with the security information carrier, wherein the user and the security The sensitive information related to the sexual information interaction and its association with the security information carrier are stored in the data processing server of the security information interaction service party;
(A2)所述用户在需要进行安全性信息交互时经由互联网终端并借助所述全性信息交互设备和所述安全性信息载体完成安全性信息交互过程,其中,在进行所述安全性信息交互过程期间,用户无需输入敏感信息。(A2) the user performs a security information interaction process via the Internet terminal and the security information interaction device and the security information carrier when the security information interaction is required, wherein the security information interaction is performed. Users do not need to enter sensitive information during the process.
本发明所公开的具有高的安全性并且使用便捷的基于互联网的安全性信息交互方法具有如下优点:(1)由于在进行安全性信息交互过程中用户无需输入敏感信息,故能够有效地避免被截取或者被恶意获取的可能,从而显著地提高了安全性;(2)由于无需在第三方的后台服务器上存储敏感信息,故能够避免敏感信息由于监管不善而被泄露的风险;(3)由于安全性信息交互设备和安全性信息载体被分离使用,故显著地提高了安全性和使用便捷性。The Internet-based security information interaction method disclosed in the present invention with high security and convenient use has the following advantages: (1) since the user does not need to input sensitive information during the security information interaction process, the user can effectively avoid being The possibility of intercepting or being maliciously obtained, thereby significantly improving security; (2) avoiding the risk of sensitive information being leaked due to poor supervision because it does not need to store sensitive information on a third-party back-end server; (3) The security information interaction device and the security information carrier are used separately, so that the security and the convenience of use are remarkably improved.
附图说明DRAWINGS
结合附图,本发明的技术特征以及优点将会被本领域技术人员更好地理解,其中: The technical features and advantages of the present invention will be better understood by those skilled in the art, in which:
图1是根据本发明的实施例的基于互联网的安全性信息交互方法的流程图。1 is a flow chart of an Internet-based security information interaction method in accordance with an embodiment of the present invention.
具体实施方式detailed description
图1是根据本发明的实施例的基于互联网的安全性信息交互方法的流程图。如图1所示,本发明所公开的基于互联网的安全性信息交互方法的第一实施例包括下列步骤:(A1)安全性信息交互服务方(例如银行)根据用户申请向用户发放并设置安全性信息交互设备和安全性信息载体并且将该安全性信息交互设备和该安全性信息载体相关联,其中,所述安全性信息载体携载用户的与安全性信息交互相关的敏感信息(例如用户的银行卡账户信息);(A2)所述用户在需要进行安全性信息交互时经由互联网终端并借助所述全性信息交互设备和所述安全性信息载体完成安全性信息交互过程,其中,在进行所述安全性信息交互过程期间,用户无需输入敏感信息。1 is a flow chart of an Internet-based security information interaction method in accordance with an embodiment of the present invention. As shown in FIG. 1, the first embodiment of the Internet-based security information interaction method disclosed by the present invention includes the following steps: (A1) A security information interaction service party (for example, a bank) issues and sets security according to a user application. a sexual information interaction device and a security information carrier and associating the security information interaction device with the security information carrier, wherein the security information carrier carries sensitive information of the user's interaction with the security information (eg user (A2) the user completes the security information interaction process via the Internet terminal and by means of the holistic information interaction device and the security information carrier when the security information interaction is required, wherein During the security information interaction process, the user does not need to input sensitive information.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述安全性信息交互设备和所述安全性信息载体之间的关联关系被存储在安全性信息交互服务方的数据处理服务器中。Preferably, in the first embodiment of the Internet-based security information interaction method disclosed by the present invention, the association relationship between the security information interaction device and the security information carrier is stored in the security information interaction. The server's data processing server.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述步骤(A1)进一步包括:将所述安全性信息交互设备的标识符以及第一传输密钥写入所述安全性信息交互设备中,以及将所述安全性信息载体的标识符以及第二传输密钥和第三传输密钥写入所述安全性信息载体中。Preferably, in the first embodiment of the Internet-based security information interaction method disclosed in the present invention, the step (A1) further includes: identifier of the security information interaction device and the first transmission key Writing into the security information interaction device, and writing the identifier of the security information carrier and the second transmission key and the third transmission key into the security information carrier.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述安全性信息交互设备和所述安全性信息载体通过所述安全性信息交互设备的标识符和所述安全性信息载体的标识符之间的映射关系而被关联。Preferably, in the first embodiment of the Internet-based security information interaction method disclosed by the present invention, the security information interaction device and the security information carrier pass the identifier of the security information interaction device and The mapping relationship between the identifiers of the security information carriers is associated.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述步骤(A2)进一步包括:在预期将进行安全性信息交互时,用户以如下方式执行预操作:在第一互联网终端(例如智能手机)上激活所述安全性信息载体,以使所述安全性信息载体建立与所述数据处理服务器之间的安全通道,并且随之基于所述第二传输密钥以加密的方式将所述安全性信息载体的标识符经由所述安全通道传送至所述数据处理服务器。 Preferably, in the first embodiment of the Internet-based security information interaction method disclosed in the present invention, the step (A2) further comprises: when the security information interaction is expected to be performed, the user performs the pre-operation in the following manner Enabling the security information carrier on a first internet terminal (eg a smart phone) such that the security information carrier establishes a secure channel with the data processing server and is subsequently based on the second transmission The key transmits the identifier of the security information carrier to the data processing server via the secure channel in an encrypted manner.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述步骤(A2)进一步包括:在需要进行实际的安全性信息交互时,用户在第二互联网终端(例如便携式电脑)上激活(例如插入或打开)所述安全性信息交互设备,并且在接收到来自所述数据处理服务器的设备标识符获取指令(例如,在接收到来自商户发起的支付请求后,所述数据处理服务器向用户利用其选购商品的便携式电脑发出设备标识符获取指令)后,所述安全性信息交互设备基于所述第一传输密钥以加密的方式将其标识符传送至所述数据处理服务器。Preferably, in the first embodiment of the Internet-based security information interaction method disclosed in the present invention, the step (A2) further includes: when the actual security information interaction is required, the user is in the second Internet terminal. Activating (eg, inserting or opening) the security information interaction device (eg, a laptop) and receiving a device identifier acquisition instruction from the data processing server (eg, upon receiving a payment request initiated by the merchant) After the data processing server issues a device identifier acquisition command to the user using the portable computer of the purchase item thereof, the security information interaction device transmits its identifier to the identifier based on the first transmission key in an encrypted manner to The data processing server.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述步骤(A2)进一步包括:在接收到所述安全性信息交互设备的标识符后,所述数据处理服务器基于该标识符查找与其相关联的安全性信息载体标识符,并且如果查找成功,则经由安全通道向查找出的安全性信息载体标识符所指示的安全性信息载体发送敏感信息获取指令。Preferably, in the first embodiment of the Internet-based security information interaction method, the step (A2) further includes: after receiving the identifier of the security information interaction device, the The data processing server searches for a security information carrier identifier associated therewith based on the identifier, and if the lookup is successful, transmits a sensitive information acquisition instruction to the security information carrier indicated by the found security information carrier identifier via the secure channel .
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述步骤(A2)进一步包括:在接收到所述敏感信息获取指令后,所述安全性信息载体基于所述第三传输密钥以加密的方式将所述与安全性信息交互相关的敏感信息经由安全通道传送至所述数据处理服务器。Preferably, in the first embodiment of the Internet-based security information interaction method, the step (A2) further includes: after receiving the sensitive information acquisition instruction, the security information carrier The sensitive information related to the security information interaction is transmitted to the data processing server via a secure channel in an encrypted manner based on the third transport key.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述步骤(A2)进一步包括:所述数据处理服务器基于接收到的与安全性信息交互相关的敏感信息完成后续的实际安全性信息交互过程。Preferably, in the first embodiment of the Internet-based security information interaction method disclosed in the present invention, the step (A2) further comprises: the data processing server is based on the received sensitivity related to the security information interaction. The information completes the subsequent actual security information interaction process.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,在所述安全性信息载体保持激活的情况下,能够重复地执行实际的安全性信息交互过程(即可以多次执行不同的实际安全性信息交互过程)。Preferably, in the first embodiment of the Internet-based security information interaction method disclosed in the present invention, in the case where the security information carrier remains activated, the actual security information interaction process can be repeatedly performed (ie, Different actual security information interaction processes can be performed multiple times).
示例性地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述安全性信息交互设备是USB key、或MicroSD、或eSE、或SIM卡、或应用软件。Illustratively, in the first embodiment of the Internet-based security information interaction method disclosed by the present invention, the security information interaction device is a USB key, or a MicroSD, or an eSE, or a SIM card, or application software.
示例性地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述安全性信息载体是eSE、或智能SD卡。Illustratively, in a first embodiment of the Internet-based security information interaction method disclosed by the present invention, the security information carrier is an eSE, or a smart SD card.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施 例中,一个安全性信息载体能够与多个安全性信息交互设备相关联。Preferably, the first implementation of the Internet-based security information interaction method disclosed in the present invention In an example, a security information carrier can be associated with multiple security information interaction devices.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,所述安全性信息载体能够被设置为在激活之后,如果超出预先确定的时间阈值,则自动去激活(即关闭)。Preferably, in a first embodiment of the Internet-based security information interaction method disclosed in the present invention, the security information carrier can be set to automatically deactivate after activating, if a predetermined time threshold is exceeded (ie closed).
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第一实施例中,用户能够经由所述安全性信息交互服务方或者特定的用户接口去除安全性信息交互设备和安全性信息载体之间的关联关系。Preferably, in the first embodiment of the Internet-based security information interaction method disclosed by the present invention, the user can remove the security information interaction device and the security information via the security information interaction service party or the specific user interface. The relationship between the carriers.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第二实施例中,所述安全性信息载体携载不包含用户的与安全性信息交互相关的敏感信息,并且用户的与安全性信息交互相关的敏感信息以及其与安全性信息载体的关联关系被直接存储在所述数据处理服务器中。Preferably, in a second embodiment of the Internet-based security information interaction method disclosed by the present invention, the security information carrier carries sensitive information that does not include a user's interaction with security information, and the user's The sensitive information related to the security information interaction and its association with the security information carrier are stored directly in the data processing server.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第二实施例中,在接收到安全性信息交互设备的标识符后,所述数据处理服务器基于该标识符查找与其相关联的安全性信息载体标识符,并且如果查找成功,则直接提取存储于其中的与查找出的安全性信息载体标识符所指示的安全性信息载体相关联的敏感信息。Preferably, in a second embodiment of the Internet-based security information interaction method disclosed by the present invention, after receiving the identifier of the security information interaction device, the data processing server searches for the identifier based on the identifier. The security information carrier identifier, and if the lookup is successful, directly extracts the sensitive information stored therein that is associated with the security information carrier indicated by the found security information carrier identifier.
优选地,在本发明所公开的基于互联网的安全性信息交互方法的第二实施例中,所述安全性信息载体是应用软件的形式并且运行在基于可信执行环境(TEE)的操作系统中。Preferably, in a second embodiment of the Internet-based security information interaction method disclosed by the present invention, the security information carrier is in the form of application software and runs in a Trusted Execution Environment (TEE) based operating system. .
本领域技术人员应理解,本发明所公开的基于互联网的安全性信息交互方法的第二实施例的其他方面与前面所述的第一实施例相同,在此不再赘述。It should be understood by those skilled in the art that other aspects of the second embodiment of the Internet-based security information interaction method disclosed in the present invention are the same as the first embodiment described above, and details are not described herein again.
由上可见,本发明所公开的基于互联网的安全性信息交互方法具有下列优点:(1)由于在进行安全性信息交互过程中用户无需输入敏感信息,故能够有效地避免被截取或者被恶意获取的可能,从而显著地提高了安全性;(2)由于无需在第三方的后台服务器上存储敏感信息,故能够避免敏感信息由于监管不善而被泄露的风险;(3)由于安全性信息交互设备和安全性信息载体被分离使用,故显著地提高了安全性和使用便捷性。It can be seen that the Internet-based security information interaction method disclosed in the present invention has the following advantages: (1) Since the user does not need to input sensitive information during the security information interaction process, the interception or malicious acquisition can be effectively avoided. The possibility of significantly improving security; (2) avoiding the risk of sensitive information being leaked due to poor supervision due to the fact that sensitive information is not stored on a third-party back-end server; (3) due to security information interaction device Separate use from the security information carrier, which significantly improves security and ease of use.
尽管本发明是通过上述的优选实施方式进行描述的,但是其实现形式并不局限于上述的实施方式。应该认识到:在不脱离本发明主旨和范围的情况下, 本领域技术人员可以对本发明做出不同的变化和修改。 Although the invention has been described in terms of the preferred embodiments described above, the implementation forms are not limited to the embodiments described above. It should be recognized that, without departing from the spirit and scope of the invention, Various changes and modifications can be made to the invention by those skilled in the art.

Claims (10)

  1. 一种基于互联网的安全性信息交互方法,所述基于互联网的安全性信息交互方法包括下列步骤:An Internet-based security information interaction method, the Internet-based security information interaction method includes the following steps:
    (A1)安全性信息交互服务方根据用户申请向用户发放并设置安全性信息交互设备和安全性信息载体并且将该安全性信息交互设备和该安全性信息载体相关联,其中,所述安全性信息载体携载用户的与安全性信息交互相关的敏感信息;(A1) The security information interaction service party issues and sets a security information interaction device and a security information carrier to the user according to the user application and associates the security information interaction device with the security information carrier, wherein the security The information carrier carries sensitive information related to the user's interaction with the security information;
    (A2)所述用户在需要进行安全性信息交互时经由互联网终端并借助所述全性信息交互设备和所述安全性信息载体完成安全性信息交互过程,其中,在进行所述安全性信息交互过程期间,用户无需输入敏感信息。(A2) the user performs a security information interaction process via the Internet terminal and the security information interaction device and the security information carrier when the security information interaction is required, wherein the security information interaction is performed. Users do not need to enter sensitive information during the process.
  2. 根据权利要求1所述的基于互联网的安全性信息交互方法,其特征在于,所述安全性信息交互设备和所述安全性信息载体之间的关联关系被存储在安全性信息交互服务方的数据处理服务器中。The Internet-based security information interaction method according to claim 1, wherein the association relationship between the security information interaction device and the security information carrier is stored in data of the security information interaction service party. Processing server.
  3. 根据权利要求2所述的基于互联网的安全性信息交互方法,其特征在于,所述步骤(A1)进一步包括:将所述安全性信息交互设备的标识符以及第一传输密钥写入所述安全性信息交互设备中,以及将所述安全性信息载体的标识符以及第二传输密钥和第三传输密钥写入所述安全性信息载体中。The Internet-based security information interaction method according to claim 2, wherein the step (A1) further comprises: writing an identifier of the security information interaction device and a first transmission key into the In the security information interaction device, the identifier of the security information carrier and the second transport key and the third transport key are written into the security information carrier.
  4. 根据权利要求3所述的基于互联网的安全性信息交互方法,其特征在于,所述安全性信息交互设备和所述安全性信息载体通过所述安全性信息交互设备的标识符和所述安全性信息载体的标识符之间的映射关系而被关联。The Internet-based security information interaction method according to claim 3, wherein the security information interaction device and the security information carrier pass the identifier of the security information interaction device and the security The mapping relationship between the identifiers of the information carriers is associated.
  5. 根据权利要求4所述的基于互联网的安全性信息交互方法,其特征在于,所述步骤(A2)进一步包括:在预期将进行安全性信息交互时,用户以如下方式执行预操作:在第一互联网终端上激活所述安全性信息载体,以使所述安全性信息载体建立与所述数据处理服务器之间的安全通道,并且随之基于所述第二传输密钥以加密的方式将所述安全性信息载体的标识符经由所述安全通道传送至所述数据处理服务器。The Internet-based security information interaction method according to claim 4, wherein the step (A2) further comprises: when the security information interaction is expected to be performed, the user performs the pre-operation in the following manner: at the first The security information carrier is activated on the internet terminal to establish a secure channel between the security information carrier and the data processing server, and then to encrypt the manner based on the second transmission key An identifier of the security information carrier is transmitted to the data processing server via the secure channel.
  6. 根据权利要求5所述的基于互联网的安全性信息交互方法,其特征在于,所述步骤(A2)进一步包括:在需要进行实际的安全性信息交互时,用户 在第二互联网终端上激活所述安全性信息交互设备,并且在接收到来自所述数据处理服务器的设备标识符获取指令后,所述安全性信息交互设备基于所述第一传输密钥以加密的方式将其标识符传送至所述数据处理服务器。The Internet-based security information interaction method according to claim 5, wherein the step (A2) further comprises: when the actual security information interaction is required, the user Activating the security information interaction device on the second internet terminal, and after receiving the device identifier acquisition instruction from the data processing server, the security information interaction device encrypts based on the first transmission key The way to transfer its identifier to the data processing server.
  7. 根据权利要求6所述的基于互联网的安全性信息交互方法,其特征在于,所述步骤(A2)进一步包括:在接收到所述安全性信息交互设备的标识符后,所述数据处理服务器基于该标识符查找与其相关联的安全性信息载体标识符,并且如果查找成功,则经由安全通道向查找出的安全性信息载体标识符所指示的安全性信息载体发送敏感信息获取指令。The Internet-based security information interaction method according to claim 6, wherein the step (A2) further comprises: after receiving the identifier of the security information interaction device, the data processing server is based on The identifier looks up the security information carrier identifier associated therewith and, if the lookup is successful, sends a sensitive information acquisition command via the secure channel to the security information carrier indicated by the found security information carrier identifier.
  8. 根据权利要求7所述的基于互联网的安全性信息交互方法,其特征在于,所述步骤(A2)进一步包括:在接收到所述敏感信息获取指令后,所述安全性信息载体基于所述第三传输密钥以加密的方式将所述与安全性信息交互相关的敏感信息经由安全通道传送至所述数据处理服务器。The Internet-based security information interaction method according to claim 7, wherein the step (A2) further comprises: after receiving the sensitive information acquisition instruction, the security information carrier is based on the The three transport keys transmit the sensitive information related to the security information interaction to the data processing server via a secure channel in an encrypted manner.
  9. 根据权利要求8所述的基于互联网的安全性信息交互方法,其特征在于,所述步骤(A2)进一步包括:所述数据处理服务器基于接收到的与安全性信息交互相关的敏感信息完成后续的实际安全性信息交互过程。The Internet-based security information interaction method according to claim 8, wherein the step (A2) further comprises: the data processing server completing the subsequent based on the received sensitive information related to the security information interaction. The actual security information interaction process.
  10. 一种基于互联网的安全性信息交互方法,所述基于互联网的安全性信息交互方法包括下列步骤:An Internet-based security information interaction method, the Internet-based security information interaction method includes the following steps:
    (A1)安全性信息交互服务方根据用户申请向用户发放并设置安全性信息交互设备和安全性信息载体并且将该安全性信息交互设备和该安全性信息载体相关联,其中,用户的与安全性信息交互相关的敏感信息以及其与安全性信息载体的关联关系被存储在所述安全性信息交互服务方的数据处理服务器中;(A1) The security information interaction service party issues and sets a security information interaction device and a security information carrier to the user according to the user application and associates the security information interaction device with the security information carrier, wherein the user and the security The sensitive information related to the sexual information interaction and its association with the security information carrier are stored in the data processing server of the security information interaction service party;
    (A2)所述用户在需要进行安全性信息交互时经由互联网终端并借助所述全性信息交互设备和所述安全性信息载体完成安全性信息交互过程,其中,在进行所述安全性信息交互过程期间,用户无需输入敏感信息。 (A2) the user performs a security information interaction process via the Internet terminal and the security information interaction device and the security information carrier when the security information interaction is required, wherein the security information interaction is performed. Users do not need to enter sensitive information during the process.
PCT/CN2015/097569 2014-12-23 2015-12-16 Internet-based security information interaction method WO2016101824A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410806106.0 2014-12-23
CN201410806106.0A CN105592032B (en) 2014-12-23 2014-12-23 Safety information interaction method Internet-based

Publications (1)

Publication Number Publication Date
WO2016101824A1 true WO2016101824A1 (en) 2016-06-30

Family

ID=55931250

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/097569 WO2016101824A1 (en) 2014-12-23 2015-12-16 Internet-based security information interaction method

Country Status (2)

Country Link
CN (1) CN105592032B (en)
WO (1) WO2016101824A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107067258A (en) * 2017-03-14 2017-08-18 平安科技(深圳)有限公司 Financial transaction management system and method
CN108694333B (en) * 2017-04-07 2021-11-19 华为技术有限公司 User information processing method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626257A (en) * 2008-07-09 2010-01-13 索尼株式会社 Communication apparatus
CN101894429A (en) * 2010-06-30 2010-11-24 张国祥 Full service implementing method
CN103106591A (en) * 2013-01-22 2013-05-15 北京理工大学 Smartphone short-range shopping method and system based on near field communication (NFC) function
CN103825734A (en) * 2012-11-16 2014-05-28 深圳市腾讯计算机系统有限公司 Sensitive operation verification method, terminal equipment, server and verification system
CN103927651A (en) * 2014-04-23 2014-07-16 百度在线网络技术(北京)有限公司 Trading method, system and server

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4125227B2 (en) * 2003-12-25 2008-07-30 キヤノン株式会社 Authentication system and authentication method
DE102008007367B4 (en) * 2008-02-01 2010-09-30 Novosec Aktiengesellschaft Method and device for secure mobile electronic signature
CN101916388B (en) * 2010-07-27 2013-06-05 武汉天喻信息产业股份有限公司 Smart SD card and method for using same for mobile payment
CN102752265B (en) * 2011-04-19 2017-04-19 中国银联股份有限公司 Security information interaction system and method based on Internet
CN102333072B (en) * 2011-06-09 2014-04-02 张欢 Network banking trusted transaction system and method based on intelligent terminal
CN104184892A (en) * 2014-08-12 2014-12-03 桂林微网半导体有限责任公司 Mobile terminal intelligent card based data transmission method and mobile terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626257A (en) * 2008-07-09 2010-01-13 索尼株式会社 Communication apparatus
CN101894429A (en) * 2010-06-30 2010-11-24 张国祥 Full service implementing method
CN103825734A (en) * 2012-11-16 2014-05-28 深圳市腾讯计算机系统有限公司 Sensitive operation verification method, terminal equipment, server and verification system
CN103106591A (en) * 2013-01-22 2013-05-15 北京理工大学 Smartphone short-range shopping method and system based on near field communication (NFC) function
CN103927651A (en) * 2014-04-23 2014-07-16 百度在线网络技术(北京)有限公司 Trading method, system and server

Also Published As

Publication number Publication date
CN105592032A (en) 2016-05-18
CN105592032B (en) 2018-11-27

Similar Documents

Publication Publication Date Title
US11909884B2 (en) Secure distributed information system for public device authentication
US11580518B2 (en) Disabling mobile payments for lost electronic devices
US9918226B2 (en) Spoofing protection for secure-element identifiers
CN106716343B (en) Transaction verification by enhanced authentication
KR102179152B1 (en) Client authentication using social relationship data
US20160104154A1 (en) Securing host card emulation credentials
US10819520B2 (en) Identity proofing offering for customers and non-customers
US11501312B2 (en) Tap card to securely generate card data to copy to clipboard
WO2014101078A1 (en) Payment method, payment gateway and payment client
US9313185B1 (en) Systems and methods for authenticating devices
US20180262471A1 (en) Identity verification and authentication method and system
CN104636917A (en) Mobile payment system and method with secure payment function
US10108937B2 (en) Method of registering a membership for an electronic payment, system for same, and apparatus and terminal thereof
WO2016101824A1 (en) Internet-based security information interaction method
US11234235B2 (en) Resource distribution hub generation on a mobile device
KR101625065B1 (en) User authentification method in mobile terminal
TWI728212B (en) Authentication method based on ciphertext
TW201619880A (en) Network authentication method using card device
CN111259363B (en) Service access information processing method, system, device, equipment and storage medium
WO2017076277A1 (en) Communication card e-bank key and functioning method thereof
JP6005889B1 (en) System and method for enabling secure transactions with mobile devices
CN115796865A (en) Transaction authentication method, device, equipment and readable medium
GB2579700A (en) Identity proofing Offering for customers and non-customers
KR20160079423A (en) System for managing financial task, portable terminal and method for managing password

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15871892

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 06/11/2017)

122 Ep: pct application non-entry in european phase

Ref document number: 15871892

Country of ref document: EP

Kind code of ref document: A1