CN107454111A - Safety certificate equipment and its method of work - Google Patents
Safety certificate equipment and its method of work Download PDFInfo
- Publication number
- CN107454111A CN107454111A CN201710905870.7A CN201710905870A CN107454111A CN 107454111 A CN107454111 A CN 107454111A CN 201710905870 A CN201710905870 A CN 201710905870A CN 107454111 A CN107454111 A CN 107454111A
- Authority
- CN
- China
- Prior art keywords
- authentication
- terminal
- server
- safety certificate
- certificate equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The present invention relates to a kind of safety certificate equipment and its method of work, it realizes being mutually authenticated between distinct device in verification process, based on three kinds of communication protocols, that is, has used different passages to be authenticated, be effectively prevented safety problem existing for same passage;It is proposed to carry out dummy authentication using random number simultaneously, effectively hacker can be disturbed, improve the security of certification, during re-authentication, user only needs to select authentication mode, improves the convenience of operation.
Description
Technical field
The present invention relates to a kind of safety means, more particularly to a kind of safety certificate equipment applied to mobile terminal.
Background technology
With the development of internet, using internet as emerging transaction such as the Web bank of support, ecommerce, online funds
Platform is favored by increasing user.But because the opening of internet also causes the peace of these emerging transaction platforms
Full property receives much concern always.In order to ensure its security, industry is proposed USB-KEY, dynamic password card(OTP), SMS
A variety of safety products such as certification.But existing safety product is in identical environment with terminal, and work as safety product and end
End in connected state, during by assault, then can cause serious economic loss.Moreover, such as USB-KEY, dynamic password card
(OTP)Also need to carry with Deng safety product, and manually enter dynamic authentication codes, it is cumbersome.
Therefore, in order to further improve the security of trading environment, it is necessary to enter from safety means, trading environment etc.
Hand, to solve existing safety problem.
The content of the invention
The technical problem to be solved in the present invention is:Overcome in the prior art transaction safety product it is vulnerable to hacking and
Carry inconvenient technical problem, there is provided a kind of network security certification equipment and its method of work.
The technical solution adopted for the present invention to solve the technical problems is:
A kind of safety certificate equipment is present embodiments provided, the safety certificate equipment is applied to include first terminal, certification clothes
Be engaged in device, bank server, re-authentication server, second terminal system in, wherein the safety certificate equipment be in second
In terminal;Before transaction, the safety certificate equipment is suitable to establish incidence relation with first terminal;When needing transaction, first
Terminal is suitable to complete once certification by certificate server, and sends transaction request to bank server by certificate server;
Then, the re-authentication server carries out re-authentication by the safety certificate equipment to transaction request, and recognizes secondary
Demonstrate,prove after passing through, then operation is traded by the bank server.
Further, before transaction, the safety certificate equipment is suitable to establish incidence relation with first terminal, i.e.,
The safety certificate equipment is suitable to be associated by near-field communication with first terminal, and sets the association term of validity, receives
The random number for dummy authentication that first terminal is sent;Then, the safety certificate equipment disconnects with first terminal so that
Both are in different network environments.
Further, the transaction request is that certificate server generates according to the Transaction Information of first terminal, the first terminal
For the authenticated service device terminal that once certification passes through.
Further, when needing transaction, the re-authentication server is by the safety certificate equipment to transaction request
Re-authentication is carried out, i.e.,
Judge whether in the term of validity, when in the term of validity, safety certificate equipment receives and comes from re-authentication server
Re-authentication request, wherein, the re-authentication request for re-authentication server according to intercept and capture certificate server be sent to bank
The transaction request generation of server.
Further, the first terminal is communicated with certificate server based on first network;And
The safety certificate equipment is communicated with re-authentication server using the second network, and wherein second network is bank
The designated lane that server externally interacts.
Further, when needing transaction, the safety certificate equipment is suitable to select authentication mode according to user's request, and certainly
Data of the dynamic generation for certification, and itself and authentication mode, random number are sent to re-authentication server;
The re-authentication server is suitable to secondary to safety certificate equipment progress according to the data and authentication mode for being used for certification
Certification, and to random number without operation;Wherein
Data and random number for certification are separate.
Further, in re-authentication by rear, then operation is traded by the bank server, i.e.,
When re-authentication by after, the transaction request is forwarded to bank server and is traded by the re-authentication server
Operation.
Further, the safety certificate equipment is suitable to be associated by near-field communication with first terminal, and as first eventually
End and safety certificate equipment are established binary channels using near-field communication and are mutually authenticated, wherein, incidence relation is only stored in second
In terminal.
Further, the second terminal is the mobile terminal different from first terminal;And the user can select to
Few two kinds of authentication modes are used for re-authentication.
Another aspect, the present embodiment additionally provide a kind of method of work of safety certificate equipment.
Wherein, the safety certificate equipment is applied to include first terminal, certificate server, bank server, secondary recognized
Demonstrate,prove server, second terminal system in, and the safety certificate equipment is in second terminal;
The method of work of the safety certificate equipment includes:
Before transaction, the safety certificate equipment is suitable to establish incidence relation with first terminal;
When needing transaction, first terminal is suitable to by certificate server completion once certification, and by certificate server to silver
Row server sends transaction request;Then, the re-authentication server is entered by the safety certificate equipment to transaction request
Row re-authentication, and in re-authentication by rear, then operation is traded by the bank server.
The invention has the advantages that safety certificate equipment provided by the invention and its method of work, in verification process,
Being mutually authenticated between distinct device is realized based on three kinds of communication protocols, that is, has used different passages to be authenticated, effectively
Prevent safety problem existing for same passage;It is proposed to carry out dummy authentication using random number simultaneously, effectively hacker can be entered
Row interference, improve the security of certification.
Brief description of the drawings
The present invention is further described with reference to the accompanying drawings and examples.
Fig. 1 is the theory diagram of the preferred embodiments of the present invention.
Embodiment
In conjunction with the accompanying drawings, the present invention is further explained in detail.These accompanying drawings are simplified schematic diagram, only with
Illustration illustrates the basic structure of the present invention, therefore it only shows the composition relevant with the present invention.
Embodiment 1
As shown in figure 1, the theory diagram of the preferred embodiments of the present invention.
In daily life, people are for the needs for working, living, entertaining, it will usually possess multiple terminals, and in order to fill
The existing mobile terminal of utilization divided, the invention provides applied to the safety certificate equipment in second terminal.The safety certification
Equipment application in including first terminal, certificate server, bank server, re-authentication server, second terminal system in.
Before transaction, safety certificate equipment is associated with first terminal by near-field communication, and sets the term of validity, and is connect
The random number for dummy authentication that first terminal is sent is received, then safety certificate equipment disconnects with first terminal at once, makes
Both are obtained to be in different network environments;Now, although the random number sent, in follow-up verification process, user
Random number can not be selected to be authenticated as needed, but still send random number so that attacked in first terminal
When, attack can be interfered, improve security.Wherein, it is described to be associated as first terminal and safety certificate equipment profit
Binary channels is established with near-field communication to be mutually authenticated.
When needing transaction, judge whether in the term of validity, when in the term of validity, safety certificate equipment, which receives, to be come
Asked from the re-authentication of re-authentication server, wherein, re-authentication request is recognized for re-authentication server according to intercepting and capturing
Card server is sent to the transaction request generation of bank server;The transaction request is transaction of the certificate server according to first terminal
Information generates, and the first terminal is the authenticated service device terminal that once certification passes through;If before the deadline, do not need weight
New association, the term of validity, which is user, to be configured according to being actually needed.Moreover, the incidence relation established only is stored in second terminal
In, first terminal is effectively prevented the information that hacker obtains safety certificate equipment by first terminal, ensured without preserving
The independence of interchannel.
Safety certificate equipment receives the re-authentication request from re-authentication server, wherein, re-authentication request
The transaction request for being sent to bank server according to intercepting and capturing certificate server for re-authentication server generates;The transaction request is to recognize
Demonstrate,prove server to be generated according to the Transaction Information of first terminal, the first terminal is the authenticated service device end that once certification passes through
End.Wherein, once certification is one of authentication modes such as static password, safety certificate, random number signature.
Wherein, safety certificate equipment is communicated with re-authentication server using the second network, wherein second network
The designated lane externally interacted for bank server, and it is different from first network;So that two terminals are in different nets
In network environment, the isolation of network is realized, improves security.
Safety certificate equipment selects authentication mode according to user's request, and is automatically generated for the data of certification, and should
Data are sent to re-authentication server with authentication mode, the random number for dummy authentication, and re-authentication server is according to certification
Data and authentication mode carry out re-authentication to safety certificate equipment, to random number without operation, wherein, the number for certification
According to unrelated with random number;Authentication mode is selected by user, can prevent hacker from obtaining authentication mode by other approach and causing to attack
Hit.Wherein, safety certificate equipment supports the authentication modes such as static password, dynamic password, safety certificate, random number signature, user
A variety of authentication modes can be selected.Moreover, in this process, user only needs to select authentication mode, for certification information by
Safety certificate equipment automatically generates, and improves the convenience of operation.
When re-authentication by after, the transaction request is forwarded to bank server and is traded by re-authentication server
Operation.Wherein, second terminal is the mobile terminal different from first terminal.
Embodiment 2
On the basis of embodiment 1, the present embodiment 2 provides a kind of method of work of safety certificate equipment.
The safety certificate equipment is applied to include first terminal, certificate server, bank server, re-authentication service
Device, second terminal system in, and the safety certificate equipment is in second terminal;
The method of work of the safety certificate equipment includes:
Before transaction, the safety certificate equipment is suitable to establish incidence relation with first terminal;
When needing transaction, first terminal is suitable to by certificate server completion once certification, and by certificate server to silver
Row server sends transaction request;Then, the re-authentication server is entered by the safety certificate equipment to transaction request
Row re-authentication, and in re-authentication by rear, then operation is traded by the bank server.
Wherein, the operation principle of the safety certificate equipment described in the present embodiment, method of work and the course of work and implementation
Safety certificate equipment is identical in example 1, and here is omitted.
The invention has the advantages that safety certificate equipment provided by the invention and its method of work, in verification process,
Being mutually authenticated between distinct device is realized based on three kinds of communication protocols, that is, has used different passages to be authenticated, effectively
Prevent safety problem existing for same passage;It is proposed to carry out dummy authentication using random number simultaneously, effectively hacker can be entered
Row interference, the security of certification is improved, during re-authentication, user only needs to select authentication mode, improves operation
Convenience.
It is complete by above-mentioned description, relevant staff using the above-mentioned desirable embodiment according to the present invention as enlightenment
Various changes and amendments can be carried out without departing from the scope of the technological thought of the present invention' entirely.The technology of this invention
Property scope is not limited to the content on specification, it is necessary to determines its technical scope according to right.
Claims (10)
1. a kind of safety certificate equipment, it is characterised in that the safety certificate equipment is applied to include first terminal, authentication service
Device, bank server, re-authentication server, second terminal system in, wherein
The safety certificate equipment is in second terminal;
Before transaction, the safety certificate equipment is suitable to establish incidence relation with first terminal;
When needing transaction, first terminal is suitable to by certificate server completion once certification, and by certificate server to silver
Row server sends transaction request;Then, the re-authentication server is entered by the safety certificate equipment to transaction request
Row re-authentication, and in re-authentication by rear, then operation is traded by the bank server.
2. safety certificate equipment according to claim 1, it is characterised in that
Before transaction, the safety certificate equipment is suitable to establish incidence relation with first terminal, i.e.,
The safety certificate equipment is suitable to be associated by near-field communication with first terminal, and sets the association term of validity, receives
The random number for dummy authentication that first terminal is sent;Then, the safety certificate equipment disconnects with first terminal so that
Both are in different network environments.
3. safety certificate equipment according to claim 2, it is characterised in that
The transaction request is that certificate server generates according to the Transaction Information of first terminal, and the first terminal is authenticated service
The device terminal that once certification passes through.
4. safety certificate equipment according to claim 3, it is characterised in that
When needing transaction, the re-authentication server is recognized by the way that the safety certificate equipment is secondary to transaction request progress
Card, i.e.,
Judge whether in the term of validity, when in the term of validity, safety certificate equipment receives and comes from re-authentication server
Re-authentication request, wherein, the re-authentication request for re-authentication server according to intercept and capture certificate server be sent to bank
The transaction request generation of server.
5. safety certificate equipment according to claim 4, it is characterised in that
The first terminal is communicated with certificate server based on first network;And
The safety certificate equipment is communicated with re-authentication server using the second network, and wherein second network is bank
The designated lane that server externally interacts.
6. safety certificate equipment according to claim 5, it is characterised in that
When needing transaction, the safety certificate equipment is suitable to select authentication mode according to user's request, and is automatically generated for
The data of certification, and itself and authentication mode, random number are sent to re-authentication server;
The re-authentication server is suitable to secondary to safety certificate equipment progress according to the data and authentication mode for being used for certification
Certification, and to random number without operation;Wherein
Data and random number for certification are separate.
7. safety certificate equipment according to claim 6, it is characterised in that
In re-authentication by rear, then operation is traded by the bank server, i.e.,
When re-authentication by after, the transaction request is forwarded to bank server and is traded by the re-authentication server
Operation.
8. safety certificate equipment according to claim 7, it is characterised in that
The safety certificate equipment is suitable to be associated by near-field communication with first terminal, as first terminal and safety certification
Equipment utilization near-field communication is established binary channels and is mutually authenticated, wherein, incidence relation is only stored in second terminal.
9. safety certificate equipment as claimed in claim 1, it is characterised in that
The second terminal is the mobile terminal different from first terminal;And
The user can select at least two authentication modes to be used for re-authentication.
A kind of 10. method of work of safety certificate equipment, it is characterised in that
The safety certificate equipment be applied to include first terminal, certificate server, bank server, re-authentication server,
In the system of second terminal, and the safety certificate equipment is in second terminal;
The method of work of the safety certificate equipment includes:
Before transaction, the safety certificate equipment is suitable to establish incidence relation with first terminal;
When needing transaction, first terminal is suitable to by certificate server completion once certification, and by certificate server to silver
Row server sends transaction request;Then, the re-authentication server is entered by the safety certificate equipment to transaction request
Row re-authentication, and in re-authentication by rear, then operation is traded by the bank server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710905870.7A CN107454111A (en) | 2017-09-29 | 2017-09-29 | Safety certificate equipment and its method of work |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710905870.7A CN107454111A (en) | 2017-09-29 | 2017-09-29 | Safety certificate equipment and its method of work |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107454111A true CN107454111A (en) | 2017-12-08 |
Family
ID=60498473
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710905870.7A Pending CN107454111A (en) | 2017-09-29 | 2017-09-29 | Safety certificate equipment and its method of work |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107454111A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108648286A (en) * | 2018-04-26 | 2018-10-12 | 常州信息职业技术学院 | A kind of parking charge system and its working method |
| CN110830238A (en) * | 2020-01-07 | 2020-02-21 | 易兆微电子(杭州)有限公司 | Method for generating true random number in NFC equipment and NFC communication system |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101114901A (en) * | 2006-07-26 | 2008-01-30 | 联想(北京)有限公司 | Safety authentication system, apparatus and method for non-contact type wireless data transmission |
| CN101388773A (en) * | 2007-09-12 | 2009-03-18 | 中国移动通信集团公司 | Identity management platform, service server, uniform login system and method |
| US20100107228A1 (en) * | 2008-09-02 | 2010-04-29 | Paul Lin | Ip address secure multi-channel authentication for online transactions |
| WO2010102545A1 (en) * | 2009-03-09 | 2010-09-16 | 华为技术有限公司 | Method, device and system for authentication |
| CN102202300A (en) * | 2011-06-14 | 2011-09-28 | 上海众人网络安全技术有限公司 | System and method for dynamic password authentication based on dual channels |
| CN102368338A (en) * | 2011-04-09 | 2012-03-07 | 冯林 | Method and system for verifying trader identity on ATM (Automatic Teller Machine) |
| CN102571803A (en) * | 2012-01-19 | 2012-07-11 | 时代亿宝(北京)科技有限公司 | Method and system for protecting account, preventing order from being tampered and preventing fishing attack based on graphical two-dimensional code |
| CN104168329A (en) * | 2014-08-28 | 2014-11-26 | 尚春明 | User secondary authentication method, device and system in cloud computing and Internet |
| CN105357186A (en) * | 2015-10-10 | 2016-02-24 | 苏州通付盾信息技术有限公司 | Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism |
| CN105373919A (en) * | 2015-10-27 | 2016-03-02 | 熊文俊 | Safety certification device and method for user identity based on far and near field data interaction |
| CN105993132A (en) * | 2013-07-15 | 2016-10-05 | 谷歌技术控股有限责任公司 | Low-power near-field communication authentication |
-
2017
- 2017-09-29 CN CN201710905870.7A patent/CN107454111A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101114901A (en) * | 2006-07-26 | 2008-01-30 | 联想(北京)有限公司 | Safety authentication system, apparatus and method for non-contact type wireless data transmission |
| CN101388773A (en) * | 2007-09-12 | 2009-03-18 | 中国移动通信集团公司 | Identity management platform, service server, uniform login system and method |
| US20100107228A1 (en) * | 2008-09-02 | 2010-04-29 | Paul Lin | Ip address secure multi-channel authentication for online transactions |
| WO2010102545A1 (en) * | 2009-03-09 | 2010-09-16 | 华为技术有限公司 | Method, device and system for authentication |
| CN102368338A (en) * | 2011-04-09 | 2012-03-07 | 冯林 | Method and system for verifying trader identity on ATM (Automatic Teller Machine) |
| CN102202300A (en) * | 2011-06-14 | 2011-09-28 | 上海众人网络安全技术有限公司 | System and method for dynamic password authentication based on dual channels |
| CN102571803A (en) * | 2012-01-19 | 2012-07-11 | 时代亿宝(北京)科技有限公司 | Method and system for protecting account, preventing order from being tampered and preventing fishing attack based on graphical two-dimensional code |
| CN105993132A (en) * | 2013-07-15 | 2016-10-05 | 谷歌技术控股有限责任公司 | Low-power near-field communication authentication |
| CN104168329A (en) * | 2014-08-28 | 2014-11-26 | 尚春明 | User secondary authentication method, device and system in cloud computing and Internet |
| CN105357186A (en) * | 2015-10-10 | 2016-02-24 | 苏州通付盾信息技术有限公司 | Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism |
| CN105373919A (en) * | 2015-10-27 | 2016-03-02 | 熊文俊 | Safety certification device and method for user identity based on far and near field data interaction |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108648286A (en) * | 2018-04-26 | 2018-10-12 | 常州信息职业技术学院 | A kind of parking charge system and its working method |
| CN110830238A (en) * | 2020-01-07 | 2020-02-21 | 易兆微电子(杭州)有限公司 | Method for generating true random number in NFC equipment and NFC communication system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10785215B2 (en) | Method for secure user and transaction authentication and risk management | |
| EP2529301B1 (en) | A new method for secure user and transaction authentication and risk management | |
| CN104767731B (en) | A kind of Restful move transactions system identity certification means of defence | |
| JP6370407B2 (en) | O2O secure settlement method and O2O secure settlement system | |
| US20120066749A1 (en) | Method and computer program for generation and verification of otp between server and mobile device using multiple channels | |
| CN107689944A (en) | Identity identifying method, device and system | |
| CN102761533B (en) | User identification method and system for network transaction | |
| US20160381011A1 (en) | Network security method and network security system | |
| CN102201137A (en) | Network security terminal, and interaction system and method based on terminal | |
| CN105357186A (en) | Secondary authentication method based on out-of-band authentication and enhanced OTP (One-time Password) mechanism | |
| CN108243176A (en) | Data transmission method and device | |
| CN106452763B (en) | One kind using cipher key method by remote dummy USB device | |
| US20140330689A1 (en) | System and Method for Verifying Online Banking Account Identity Using Real-Time Communication and Digital Certificate | |
| CN106790279A (en) | A kind of mutual authentication method and communication system | |
| TWI786039B (en) | Offline payment method, terminal equipment, backstage payment device and offline payment system | |
| CN107454111A (en) | Safety certificate equipment and its method of work | |
| CN202206419U (en) | Network security terminal and interactive system based on terminal | |
| CN107659935A (en) | A kind of authentication method, certificate server, network management system and Verification System | |
| CN108259486A (en) | End-to-end key exchange method based on certificate | |
| CN105515773B (en) | Portable device, user equipment and data interactive method | |
| CN107615797A (en) | A kind of device, method and system of hiding subscriber identity data | |
| CN107483504A (en) | Secure transaction authentication method and system | |
| CN104980276B (en) | Identity identifying method for safety information interaction | |
| TWI661707B (en) | Safety information interaction method, terminal and computer program product | |
| CN117336092A (en) | Client login method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20171208 |