[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN101231737A - Method and system for enhancing internet bank trade security - Google Patents

Method and system for enhancing internet bank trade security Download PDF

Info

Publication number
CN101231737A
CN101231737A CNA200810100872XA CN200810100872A CN101231737A CN 101231737 A CN101231737 A CN 101231737A CN A200810100872X A CNA200810100872X A CN A200810100872XA CN 200810100872 A CN200810100872 A CN 200810100872A CN 101231737 A CN101231737 A CN 101231737A
Authority
CN
China
Prior art keywords
user
unit
input
audio
transaction data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA200810100872XA
Other languages
Chinese (zh)
Other versions
CN101231737B (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Feitian Technologies Co Ltd
Original Assignee
Beijing Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Feitian Technologies Co Ltd filed Critical Beijing Feitian Technologies Co Ltd
Priority to CN200810100872.XA priority Critical patent/CN101231737B/en
Publication of CN101231737A publication Critical patent/CN101231737A/en
Application granted granted Critical
Publication of CN101231737B publication Critical patent/CN101231737B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention relates to the field of communication security, in particular to a system for tightening the security of on-line banking transactions and a method thereof. The system comprises a signal input and output device, a client-side information security device which supports audio processing, a computer terminal connected with an on-line bank server. The method adopted by the invention comprises the following steps: a computer is connected through the information security device; the transaction data input by a user is output in the form of audio through the information security device; an audio acknowledgement message is input to the information security device by means of audio input for voiceprint recognition; after the identity is confirmed to be legal, the client-side information security device encrypts or digitally signs all information input by users, and sends the information to the on-line bank server terminal in the form of cipher text. Certification information, as executing and confirming order, is stored in the form of audio, is unique and can not be repudiated. By adopting the method, the on-line banking transaction security can be tightened.

Description

A kind of system and method that strengthens internet bank trade security
Technical field
The present invention relates to field of communication security, particularly a kind of by in information safety device, data message being carried out the system and method that Audio Processing and Application on Voiceprint Recognition strengthen internet bank trade security.
Background technology
Along with fast development of computer technology, information network has become the important assurance of social development.Under this trend, online-banking is done honest work and is rooted in the hearts of the people day by day, and has become the network application field of now tool potentiality." Web bank " is to be media with the internet, and e-bank's product of financial service is provided for the client.Web bank is the product of information age, its birth, making originally must be to the client of bank counter transacting business, just can directly enter bank by the internet, business such as arbitrarily carrying out account inquiry, transfer accounts, foreign exchange trading, bank transfer, shopping online, account are reported the loss, the client really accomplishes home-confined all bankings of settling.Web bank's service system open-minded concerning bank and client, all will be increased work efficiency greatly, allow fund create high benefit, thereby reduce the production and operation cost.
Yet, to enjoy when Web bank offers convenience in ordinary populace and enterprise, its safety problem also emerges gradually.Because network personal information and enterprise's confidential information are divulged a secret or monitored, brought the example of immeasurable loss not within minority for individual and enterprise.Therefore in the practical application of bank data communication on the net, at any time all may and divulge a secret and have serious consequences and harmful effect owing to information leakage, in the prior art, increasing Web bank user by selecting uses intelligent cipher key equipment to guarantee its processing safety in carrying out the internet bank trade process.
Intelligent cipher key equipment (claiming information safety device again) is a kind of small hardware device that has processor and storer, and it adopts the double factor authentication pattern, and use is simple, cost is lower.Its built-in single-chip microcomputer or intelligent card chip can be stored user's key or digital certificate, utilizes the authentication of the built-in cryptographic algorithm realization of intelligent cipher key equipment to user identity.Functions such as that intelligent cipher key equipment has is E-mail enciphered, digital signature, safety certificate, secure network login and visit SSL secure network, and has the feature that the private key that guarantees the user leaves hardware never, also have the characteristic of attack protection physically, security is high.
Yet said process need can not guarantee the security of digital signature or enciphered data fully, because also there is potential safety hazard in computing machine itself, for example, when computing machine has suffered trojan horse, need digital signature or ciphered data to be distorted by the bottom wooden horse, be transferred to intelligent cipher key equipment then and carry out digital signature or encryption, whether the user can't judge in the intelligent cipher key equipment needs digital signature or ciphered data correct, this has had a strong impact on the security of intelligent cipher key equipment, make intelligent cipher key equipment lose the value of its existence, simultaneously, also will inevitably bring unnecessary loss to the user.
Application on Voiceprint Recognition (Voiceprint Recognition, VPR), be also referred to as Speaker Identification (Speaker Recognition), everyone existing relative stability of audio frequency acoustic feature, variability is arranged again, be not absolute, unalterable, this variation can be from physiology, pathology, psychology, simulation, camouflage, and is also relevant with environmental interference.However, because everyone vocal organs all are not quite similar, therefore in the ordinary course of things, people still can distinguish different people's sound or judge whether is same people's sound.Different with speech recognition, the feature of Application on Voiceprint Recognition must be " personalization " feature, and the feature of Speaker Identification must be " common feature " to the speaker.With the other biological recognition technology, compare such as fingerprint recognition, the identification of palm shape, iris recognition etc., Application on Voiceprint Recognition do not have can lose and forget, need not remember, advantage such as easy to use, people depend on password and password more and more now, along with its defective of frequent application of different occasions is obvious all the more.In the Application on Voiceprint Recognition process, each pronunciation is all controlled by the prompting text that produces at random, can prevent from effectively to duplicate and plagiarize, we can say, the Application on Voiceprint Recognition technology has been compared remarkable advantages with the other biological recognition technology, can be for growing electronic business transaction, ecommerce, international trade escort, and easy to operate, succinct, be easily vast computing machine user and accept.
The Application on Voiceprint Recognition system uses the feature of acoustics aspect more, the feature that characterizes a personal touch should be multifaceted, comprising: (1) acoustic feature (as frequency spectrum, cepstrum, resonance peak, fundamental tone, reflection coefficient or the like) relevant with the anatomical structure of human pronunciation mechanism, nasal sound, band deep breathing sound, hoarse sound, laugh etc.; (2) be subjected to semanteme that socioeconomic status, education level, birthplace etc. influence, rhetoric, pronunciation, speech custom etc.; (3) personal touch or be subjected to features such as the rhythm that father and mother influence, rhythm, speed, intonation, volume.From utilizing the angle that mathematical method can modeling, the present operable feature of the automatic model of cognition of vocal print comprises: (1) acoustic feature (cepstrum); (2) lexical characteristics (the speech n-gram that the speaker is correlated with, phoneme n-gram); (3) prosodic features (fundamental tone and the energy " posture " that utilize n-gram to describe); (4) languages, dialect and accent information; (5) channel information (using which kind of passage) or the like.According to different mission requirements, Application on Voiceprint Recognition also faces the problem that a feature selecting or feature are selected for use.For example, to " channel " information, on criminal investigation is used, hope need not, that is to say and wish of the influence of reduction channel, because we wish with what channel system it can recognize regardless of the speaker Speaker Identification; And on bank transaction, wish to use channel information, wish that promptly channel has considerable influence to Speaker Identification, thereby can reject the influence that recording, imitation etc. bring.In a word, feature should be able to be distinguished different speakers effectively preferably, but can keep relative stablizing when same speaker's voice change; Be difficult for being imitated by other people or can solving imitation problem preferably by other people; Has noiseproof feature preferably.Certainly, these problems also can go to solve by model method.For pattern-recognition, following several big class methods are arranged: (1) template matching method: utilize dynamic time bending (DTW) to aim at the training and testing characteristic sequence, be mainly used in the application (being generally the text inter-related task) of fixed phrases; (2) arest neighbors method: keep all eigenvectors during training, during identification each vector is all found K nearest in the trained vector, discern in view of the above, the model storage is all very big with the amount of similar calculating usually; (3) neural net method: a variety of forms are arranged, as Multilayer Perception, radial basis function (RBF) etc., can explicit training to distinguish speaker and its background speaker, its training burden is very big, but and the generalization of model bad; (4) hidden Markov model (HMM) method: use the HMM of single state usually, or gauss hybrid models (GMM), be popular method, effect is relatively good; (5) VQ clustering method (as LBG): effect is relatively good, and the also not high and HMM method of algorithm complex cooperates more can receive better effect; (6) polynomial expression classifier methods: higher precision is arranged, but model storage and calculated amount are all bigger; Can the key issue that Application on Voiceprint Recognition need solve also has a lot, such as short speech problem, carry out model training with very short voice, and discerns with the very short time, and this mainly is that the sound application that is difficult for obtaining is required; Sound imitation (or playing a record) problem will distinguish imitation sound (recording) and real sound effectively; The target speaker's effectively detects under the words of the speaking more people situation; Eliminate or weaken the influence that sound variation (different language, content, mode, health, time, age etc.) is brought; Eliminate the influence that channel difference and background noise bring, need use some other technology this moment and assist and finish, as technology such as denoising, self-adaptations.
In the existing internet bank trade process, tend to occur the Net silver user and deny transactions history, perhaps Web bank fails to carry out according to the transaction data of user input the situation of valid function, thereby cause the failure of concluding the business, or faulty operation, in case this situation occurs, both sides are difficult to settle disputes at short notice, find out the party responsible, bring regular hour loss and material damage therefore will inevitably for user or Web bank.
Summary of the invention
In view of the deficiencies in the prior art, the invention provides a kind of information safety device that utilizes the transaction data of user's input is carried out audio playback, realize that for the final mode of confirming of validated user the user side data security sends, may be distorted the problem that causes safety of information safety device to reduce to solve in the prior art transaction data of encrypting because of needs or signing before transmission, the Application on Voiceprint Recognition function that the present invention also utilizes information safety device to have is identified the legitimacy of user person's identity.
A kind of system that strengthens internet bank trade security comprises: client-side information safety feature, terminal and Web bank's server of signal input-output unit, support Audio Processing; Described audio frequency input-output unit, client-side information safety feature, terminal is connected with the Web bank server;
Described signal input-output unit comprises: be used for audio frequency input block that the user imports audio-frequency information, export the transaction data audio output unit of user's input by the mode of voice playing;
The client-side information safety feature of described support Audio Processing comprises: signal input unit, Application on Voiceprint Recognition unit, acoustic control operation unit, first storage unit, converting unit, signal output unit, ciphering unit, data transfer unit; Described signal input unit, Application on Voiceprint Recognition unit, acoustic control operation unit, first storage unit, ciphering unit, data transmission unit link to each other; Described data transfer unit is connected with first storage unit, converting unit, signal output unit again;
Described Web bank server is made up of Data Receiving unit, second storage unit, decryption unit, transaction performance element.
The client-side information safety feature of described support Audio Processing also comprises:
Signal input unit comprises: single button, numerical key, microphone; Be used for the user and import transaction data and authentication information; Wherein authentication information is: PIN code information, User Defined password, audio user information.
Signal output unit comprises: earphone, loudspeaker; Be used for exporting the transaction data of described user's input by the mode of audio frequency.
In the described client-side information safety feature:
Described information input unit is used to receive the audio frequency confirmation that the user imports;
Described first storage unit is used for storing the audio-frequency information of transaction data by the computing machine input of the sound signal, user of audio frequency confirmation, the validated user of user's input that described signal input unit receives, user's input and carries out the related data and the cipher key agreement algorithm of cipher key agreement process with described Web bank server end;
Described converting unit is used for converting the transaction data that described user imports by computing machine to sound signal;
Described signal output unit is used to export the sound signal through after the converting unit conversion;
Described Application on Voiceprint Recognition unit, the audio frequency confirmation that the user who is used for that signal input unit is received imports is discerned, and judges whether user identity is legal;
Described acoustic control operation unit is used to resolve the sound signal that the user imports, and judges described sound signal instruction corresponding, and carries out corresponding operation according to described operational order;
Described ciphering unit is used for described user is carried out digital signature or encryption by the transaction data of computing machine input, the audio frequency confirmation of user's input;
Described data transfer unit, be used for sending the transaction data of user's input to described information safety device by computing machine, and will send to Web bank's server by computing machine through transaction data after digital signature or the encryption and audio frequency confirmation.
Described operational order comprises: confirm, cancel, end task, return.
In the described Web bank server:
Described Data Receiving unit is used to receive described client-side information safety feature by the process encryption of computing machine transmission or transaction data and the audio user confirmation after the digital signature;
Described second storage unit, be used for storing user account information, user audio frequency confirmation, customer transaction data, be used for carrying out the related data and the cipher key agreement algorithm of cipher key agreement process with described client-side information safety feature.
Described decryption unit is used for being decrypted through the transaction data after described encryption or the digital signature;
Described transaction performance element, the data content after being used to decipher are carried out final transaction operation.
A kind of method that strengthens internet bank trade security specifically may further comprise the steps:
Steps A: information safety device and computing machine connect, described computing machine receive the data of described user input and with described data transmission to described information safety device;
Step B: described information safety device carries out digital-to-analog conversion to described transaction data, and exports described transaction data by the mode of voice playing after receiving the next transaction data of described computing machine transmission;
Step C: described information safety device is waited for and is received described user's confirmation, after confirming that transaction data is errorless, carries out the order of described transaction to described information safety device transmission by the mode of audio frequency input;
Step D: described information safety device receives the audio frequency confirmation of described user's input, by Application on Voiceprint Recognition described user is carried out authentication and parsing, behind the authentication success, carries out corresponding operating.
Described step D also comprises:
D1: digital signature or encrypting and transmitting are carried out to the audio-frequency information of described transaction data and described user input in described information safety device inside;
D2: described Web bank server end receives the process digital signature of described information safety device transmission or transaction data and the audio user confirmation after the encryption, and described data and audio frequency confirmation are decrypted and store;
D3: described Web bank server is according to the described transaction of the information and executing in the described transaction data.
Among the described step D, described information safety device receives described audio user confirmation, by Application on Voiceprint Recognition described user is carried out authentication, specifically comprise: described information safety device compares with the vocal print Template Information of the validated user of its storage inside after by the audio frequency confirmation that will receive described user input, judge whether both mate, if think that then described user identity is legal, otherwise, think that described user identity is illegal.
Among the described step D, described information safety device is resolved specifically the audio frequency confirmation of described user's input and comprised: to pre-service, feature extraction, the pattern match of sound signal, described pre-service comprises pre-filtering, sampling and quantification, windowing, end-point detection, pre-emphasis.
Also can carry out following operation behind the described step B:
Step C ': described information safety device waits for that the described user of reception sends following operational order by the mode of audio frequency input to described information safety device: cancel, end task, return, make progress page turning or page turning downwards, re-reading operation.
Beneficial effect of the present invention is: utilize device and method provided by the invention, before the user utilizes information safety device to carry out internet bank trade, by information safety device the transaction data of user's input is exported in the mode of voice playing, the user confirm errorless after, mode with the audio frequency input is imported the audio frequency confirmation in information safety device, information safety device carries out Application on Voiceprint Recognition to the audio-frequency information of user's input again, confirm whether its identity is legal, only errorless at transaction data, and under the legal situation of user identity, the user side information safety device could be encrypted or the combine digital signature operation all information of user's input, and sends its form with ciphertext to the Web the bank server end;
Web bank's server end is behind the transaction data and audio user confirmation that receive the transmission of client-side information safety feature, the audio user confirmation is effectively stored, and carry out final operation according to the transaction data of user input, because the server end of should going is on the net deposited the audio frequency confirmation of having recorded the user, in case in process of exchange in the future, the situation that the user denies transactions history appears, perhaps Web bank fails to carry out valid function according to the transaction data of user's input, all can inquire historical audio frequency confirmation in the customer data base of bank server end from network easily, because this confirmation is stored with audio form, and for carrying out the transaction data order of accepting one's fate really, have uniqueness and non repudiation, can determine the party responsible of the invalid execution that causes concluding the business effectively.
Description of drawings
Fig. 1 is the system construction drawing that the embodiment of the invention 1 improves safety of information safety device;
Fig. 2 is the method flow diagram that the embodiment of the invention 2 improves safety of information safety device;
Fig. 3 is the method flow diagram that the embodiment of the invention 3 improves safety of information safety device.
Embodiment
The invention will be further described below in conjunction with the drawings and specific embodiments, but the present invention is not limited to the following examples.In the specific embodiment of the invention, information safety device is USB Key, and this is a kind of information safety device of USB interface.
Embodiment 1
As shown in Figure 1, a kind of system that strengthens internet bank trade security comprises:
Earphone 100, microphone 200, USB Key300, computing machine 400, Web bank's server 500, wherein USB Key300 comprises: usb interface unit 301, first storage unit 302, converting unit 303, earphone interface unit 304, microphone unit 305, Application on Voiceprint Recognition unit 306, acoustic control operation unit 307, ciphering unit 308; Web bank's server 500 comprises: Data Receiving unit 501, second storage unit 502, decryption unit 503, transaction performance element 504.
In the present embodiment, the user is by computing machine 400 input transaction data, USB Key300 receives the transaction data of user's input by usb interface unit 301, and be stored in first storage unit 302, converting unit 303 converts the transaction data of user's input to sound signal, and will be sent in the earphone 100 through the sound signal of converting unit 303 conversion outputs by earphone interface unit 304; The user is according to the information that receives from earphone, by microphone 200 input audio-frequency informations, after microphone interface unit 305 receives the audio-frequency information of microphone 200 transmissions, this audio-frequency information is sent to Application on Voiceprint Recognition unit 306, the audio-frequency information of the 306 pairs of user's inputs in Application on Voiceprint Recognition unit is differentiated, to judge the legitimacy of user identity, if Application on Voiceprint Recognition unit 306 differentiates that user identity is legal, then this audio frequency confirmation is sent in the acoustic control operation unit 307, the audio-frequency information of the 307 pairs of user's inputs in acoustic control operation unit is resolved, judge the pairing operational order of audio-frequency information of user's input, and carry out corresponding operation, and operating result is stored in first storage unit 302 according to this operational order.
In the present embodiment, the audio-frequency information of user's input is for confirming operation command.
First storage unit 302 sends to the audio user confirmation that receives and the user transaction data by the computing machine input carries out encryption in the ciphering unit 308; Ciphering unit 308 will send to main frame by usb interface unit 301 through data encrypted, will send to Web bank's server 500 with transaction data and the audio-frequency information that the ciphertext form exists by computer network at last.
In Web bank's server 500, Data Receiving unit 501 is stored in it in second storage unit 502 after receiving the data that user side sends, and by decryption unit 503 it is decrypted, carry out final transaction operation by transaction performance element 504 according to the transaction data of user's input at last.
In the present embodiment, Application on Voiceprint Recognition unit 306 comprises the Application on Voiceprint Recognition chip, and this chip is mainly used in the extraction and the pattern match of audio signal sample, audio signal characteristic amount.The task of audio signal sample is the audio-frequency information that collects continous-stable; The task of feature extraction is to extract and select user's vocal print is had the acoustics or the language feature of the characteristic that separability is strong, stability is high.After extracting characteristic quantity, described variable quantity with biological information is converted to the biological characteristic vector, this mainly is by calculating sound amplitude/frequency/phase waveform image that continuous acquisition arrives, obtaining relative amplitude/frequency and realize.When the vocal print signal of judging users when Application on Voiceprint Recognition unit 306 acquires a certain degree with the matching value of the vocal print template signal of validated user, judge that this user's identity is legal, promptly the audio frequency confirmation imported of this user is effective.
In the present embodiment, converting unit 303 is a D/A (digital-to-analog) conversion chip, is used for the transaction data of digital quantity is converted to the sound signal of analog quantity.
In the present embodiment, first storage unit 302 is removed and is used to store the customer transaction data, outside the user speech confirmation, also is used for storing the related data and the cipher key agreement algorithm of carrying out cipher key agreement process with Web bank server 500; Second storage unit 502, be used for storing user account information, user audio frequency confirmation, customer transaction data, be used for carrying out the related data and the cipher key agreement algorithm of cipher key agreement process with USBKey300;
Embodiment 2
Referring to Fig. 2, a kind of method that strengthens internet bank trade security comprises:
Step 201, USB Key and computing machine connect;
The transaction data that step 202, user carry out desire by computing machine is input among the USB Key;
Step 203, USB Key carry out analog to digital conversion to it, and export by the mode of voice playing after receiving the next data of client computer transmission;
In the present embodiment, the transaction data of user's input comprises: address name, Bank Account Number, trade date, transaction classification and dealing money;
Whether the transaction data of exporting with the form of voice playing in step 204, the user's determining step 203 is the data of desire operation, if then execution in step 206, otherwise, execution in step 205;
The transaction data of exporting with the form of voice playing in step 205, the user's determining step 203 is not the data of desire operation, sound signal " cancels and operating " to form with the audio frequency input to USB Key input, USB Key carries out the cancellation operational order of user with the form input of audio frequency input, cancels this operation;
The transaction data of exporting with the form of voice playing in step 206, the user's determining step 203 is the data of desire operation, imports " affirmation " sound signal with the form of audio frequency input to USB Key;
After step 207, USB Key received " affirmation " sound signal of user's input, its inside judged by the mode of Application on Voiceprint Recognition whether user identity is legal, if legal then execution in step 209, otherwise execution in step 208;
Step 208, USB Key inside judge that by the mode of Application on Voiceprint Recognition user identity is illegal, USB Key by main frame to the user prompt error message;
Step 209, USB Key inside judge that by the mode of Application on Voiceprint Recognition user identity is legal, carry out key agreement by computing machine and Web bank's server end, and the transaction data of user's input and the audio frequency confirmation of user's input are carried out encryption, and send data encrypted to the Web the bank server end by computing machine with the session key that generates;
Step 210: Web bank's server end utilizes session key that data encrypted is decrypted and stores after receiving the data of user side USB Key transmission;
Step 211: Web bank's server end is carried out follow-up transaction operation according to the data content after deciphering.
Embodiment 3
Referring to Fig. 3, a kind of method that strengthens internet bank trade security comprises:
Step 301, USB Key and computing machine connect;
Step 302, user import transaction data by computing machine in USB Key;
Step 303, USB Key carry out analog to digital conversion to it, and export by the mode of voice playing after receiving the next data of client computer transmission;
In the present embodiment, the transaction data of user's input comprises: address name, Bank Account Number, trade date, transaction classification and dealing money;
After step 304, user receive the transaction data with the form output of voice playing of USB Key in the step 303, to USB Key input " re-reading " sound signal, require USB Key to export transaction data in the step 302 by the mode of voice playing once more with the form of audio frequency input;
In step 305, user's determining step 303 and the step 304, whether USB Key is the data that desire is operated with the transaction data of the form output of voice playing, if then execution in step 307, otherwise, execution in step 306;
The transaction data of exporting with the form of voice playing in step 306, user's determining step 303 or the step 304 is not the data of desire operation, the user imports " return " sound signal with the form of audio frequency input to USB Key, USB Key carries out the return order of user with the form input of audio frequency input, turns back to step 302;
The transaction data of exporting with the form of voice playing in step 307, user's determining step 303 and the step 304 is the data of desire operation, and the user imports " affirmation " sound signal with the form of audio frequency input to USB Key;
More than a kind of system and method that is used to strengthen internet bank trade security provided by the present invention is described in detail, used specific case herein principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims (10)

1. a system that strengthens internet bank trade security is characterized in that, comprising: client-side information safety feature, terminal and Web bank's server of signal input-output unit, support Audio Processing; Described audio frequency input-output unit, client-side information safety feature, terminal is connected with the Web bank server;
Described signal input-output unit comprises: be used for audio frequency input block that the user imports audio-frequency information, export the audio output unit of the transaction data of user's input by the mode of voice playing;
The client-side information safety feature of described support Audio Processing comprises: signal input unit, Application on Voiceprint Recognition unit, acoustic control operation unit, first storage unit, converting unit, signal output unit, ciphering unit, data transfer unit; Described signal input unit, Application on Voiceprint Recognition unit, acoustic control operation unit, first storage unit, ciphering unit, data transmission unit link to each other; Described data transfer unit is connected with first storage unit, converting unit, signal output unit again;
Described Web bank server is made up of Data Receiving unit, second storage unit, decryption unit, transaction performance element.
2. a kind of system that strengthens internet bank trade security according to claim 1 is characterized in that, the client-side information safety feature of described support Audio Processing also comprises:
Signal input unit comprises: single button, numerical key, microphone; Be used for the user and import transaction data and authentication information; Wherein authentication information is: PIN code information, User Defined password, audio user information;
Signal output unit comprises: earphone, loudspeaker; Be used for exporting the transaction data of described user's input by the mode of audio frequency.
3. a kind of system that strengthens internet bank trade security according to claim 1 is characterized in that, in the described client-side information safety feature:
Described information input unit is used to receive the audio frequency confirmation that the user imports;
Described first storage unit is used for storing the audio-frequency information of transaction data by the computing machine input of the sound signal Template Information, user of audio frequency confirmation, the validated user of user's input that described signal input unit receives, user's input and carries out the related data and the cipher key agreement algorithm of cipher key agreement process with described Web bank server end;
Described converting unit is used for converting the transaction data that described user imports by computing machine to sound signal;
Described signal output unit is used to export the sound signal through after the converting unit conversion;
Described Application on Voiceprint Recognition unit, the audio frequency confirmation that the user who is used for that signal input unit is received imports is discerned, and judges whether user identity is legal;
Described acoustic control operation unit is used to resolve the sound signal that the user imports, and judges described sound signal instruction corresponding, and carries out corresponding operation according to described operational order;
Described ciphering unit is used for described user is carried out digital signature or encryption by the transaction data of computing machine input, the audio frequency confirmation of user's input;
Described data transfer unit, be used for sending the transaction data of user's input to described information safety device by computing machine, and will send to Web bank's server by computing machine through transaction data after digital signature or the encryption and audio frequency confirmation.
4. a kind of system that strengthens internet bank trade security according to claim 3 is characterized in that described operational order comprises: confirm, cancel, end task, return.
5. a kind of system that strengthens internet bank trade security according to claim 1 is characterized in that, in the described Web bank server:
Described Data Receiving unit is used to receive described client-side information safety feature by the process encryption of computing machine transmission or transaction data and the audio user confirmation after the digital signature;
Described second storage unit, be used for storing user account information, user audio frequency confirmation, customer transaction data, be used for carrying out the related data and the cipher key agreement algorithm of cipher key agreement process with described client-side information safety feature;
Described decryption unit is used for being decrypted through the transaction data after described encryption or the digital signature;
Described transaction performance element, the data content after being used to decipher are carried out final transaction operation.
6. a method that strengthens internet bank trade security is characterized in that, specifically may further comprise the steps:
Steps A: information safety device and computing machine connect, described computing machine receive the data of described user input and with described data transmission to described information safety device;
Step B: described information safety device carries out digital-to-analog conversion to described transaction data, and exports described transaction data by the mode of voice playing after receiving the next transaction data of described computing machine transmission;
Step C: described information safety device waits for and receives described user's confirmation that after confirming that transaction data is errorless, described user sends the order of carrying out described transaction by the mode of audio frequency input to described information safety device;
Step D: described information safety device receives the audio frequency confirmation of described user's input, by Application on Voiceprint Recognition described user is carried out authentication and parsing, behind the authentication success, carries out corresponding operating.
7. a kind of method that strengthens internet bank trade security according to claim 6 is characterized in that described step D also comprises:
D1: digital signature or encrypting and transmitting are carried out to the audio-frequency information of described transaction data and described user input in described information safety device inside;
D2: described Web bank server end receives the process digital signature of described information safety device transmission or transaction data and the audio user confirmation after the encryption, and described data and audio frequency confirmation are decrypted and store;
D3: described Web bank server is according to the described transaction of the information and executing in the described transaction data.
8. a kind of method that strengthens internet bank trade security according to claim 6, it is characterized in that, among the described step D, described information safety device receives described audio user confirmation, by Application on Voiceprint Recognition described user is carried out authentication, specifically comprise: described information safety device compares with the vocal print Template Information of the validated user of its storage inside after by the audio frequency confirmation that will receive described user input, judge whether both mate, if, think that then described user identity is legal, otherwise, think that described user identity is illegal.
9. a kind of method that strengthens internet bank trade security according to claim 6, it is characterized in that, among the described step D, described information safety device is resolved specifically the audio frequency confirmation of described user's input and comprised: to pre-service, feature extraction, the pattern match of sound signal, described pre-service comprises pre-filtering, sampling and quantification, windowing, end-point detection, pre-emphasis.
10. a kind of method that strengthens internet bank trade security according to claim 6 is characterized in that, also can carry out following operation behind the described step B:
Step C ': described information safety device waits for that the described user of reception sends following operational order by the mode of audio frequency input to described information safety device: cancel, end task, return, make progress page turning or page turning, re-reading downwards.
CN200810100872.XA 2008-02-25 2008-02-25 Method and system for enhancing internet bank trade security Active CN101231737B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200810100872.XA CN101231737B (en) 2008-02-25 2008-02-25 Method and system for enhancing internet bank trade security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200810100872.XA CN101231737B (en) 2008-02-25 2008-02-25 Method and system for enhancing internet bank trade security

Publications (2)

Publication Number Publication Date
CN101231737A true CN101231737A (en) 2008-07-30
CN101231737B CN101231737B (en) 2014-06-04

Family

ID=39898184

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200810100872.XA Active CN101231737B (en) 2008-02-25 2008-02-25 Method and system for enhancing internet bank trade security

Country Status (1)

Country Link
CN (1) CN101231737B (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101907975A (en) * 2010-08-10 2010-12-08 北京握奇数据系统有限公司 USBKey and method for controlling same
CN101997995A (en) * 2009-08-26 2011-03-30 华为技术有限公司 User identity identification method and device as well as call center system
CN102098159A (en) * 2010-07-28 2011-06-15 胡旭光 Secret key device and method for mobile phone
CN102412968A (en) * 2011-10-17 2012-04-11 中金金融认证中心有限公司 System and method for realizing PKI application by audio interface switching USB protocol equipment
CN102457845A (en) * 2010-10-14 2012-05-16 阿里巴巴集团控股有限公司 Wireless service identity authentication method, equipment and system
CN101562525B (en) * 2009-04-30 2012-06-27 飞天诚信科技股份有限公司 Method, device and system for signature
CN101409622B (en) * 2008-11-26 2012-10-31 飞天诚信科技股份有限公司 Digital signing system and method
CN102904718A (en) * 2011-07-25 2013-01-30 付洪军 Audio communication based information security equipment and communication method thereof
CN103218565A (en) * 2012-10-24 2013-07-24 东信和平科技股份有限公司 Novel USB (universal serial bus) key and transaction method adopting same
CN103532916A (en) * 2012-07-05 2014-01-22 百度在线网络技术(北京)有限公司 Method for acquiring information through voice, mobile terminal and voice information system
CN103873154A (en) * 2012-12-13 2014-06-18 恒银金融科技有限公司 Method for data reception of mobile phone audio frequency digital signature apparatus
CN103973326A (en) * 2013-01-24 2014-08-06 国民技术股份有限公司 Sound card
CN104144049A (en) * 2014-03-11 2014-11-12 腾讯科技(深圳)有限公司 Encryption communication method, system and device
CN104168117A (en) * 2014-08-20 2014-11-26 中国农业银行股份有限公司苏州分行 Voice digital signature method
CN104243451A (en) * 2014-08-19 2014-12-24 天地融科技股份有限公司 Information interaction method and system and smart key equipment
CN104394123A (en) * 2014-11-06 2015-03-04 成都卫士通信息产业股份有限公司 A data encryption transmission system and method based on an HTTP
CN104422922A (en) * 2013-08-19 2015-03-18 中兴通讯股份有限公司 Method and device for realizing sound source localization by utilizing mobile terminal
CN104599667A (en) * 2015-01-16 2015-05-06 联想(北京)有限公司 Information processing method and electronic device
CN104660407A (en) * 2013-11-25 2015-05-27 国民技术股份有限公司 Security authentication method and device
CN104660408A (en) * 2013-11-25 2015-05-27 国民技术股份有限公司 Security authentication method and device
CN104734855A (en) * 2015-02-12 2015-06-24 天地融科技股份有限公司 Communication methods and system of intelligent secret key device and intelligent secret key device
CN107066424A (en) * 2015-10-22 2017-08-18 通用电气公司 For the System and method for for the risk for determining operation turbine
CN107368724A (en) * 2017-06-14 2017-11-21 广东数相智能科技有限公司 Anti- cheating network research method, electronic equipment and storage medium based on Application on Voiceprint Recognition
CN107895256A (en) * 2017-11-08 2018-04-10 平安科技(深圳)有限公司 Bank account cancel loss report method for processing business, system, terminal and storage medium
CN110751947A (en) * 2018-11-13 2020-02-04 北京嘀嘀无限科技发展有限公司 Method for prompting user, electronic equipment and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1905445B (en) * 2005-07-27 2012-02-15 国际商业机器公司 System and method of speech identification using mobile speech identification card
CN1815484A (en) * 2006-03-06 2006-08-09 覃文华 Digitalized authentication system and its method
CN100470572C (en) * 2007-01-08 2009-03-18 北京飞天诚信科技有限公司 Method and device for raising safety of data input

Cited By (36)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101409622B (en) * 2008-11-26 2012-10-31 飞天诚信科技股份有限公司 Digital signing system and method
CN101562525B (en) * 2009-04-30 2012-06-27 飞天诚信科技股份有限公司 Method, device and system for signature
CN101997995A (en) * 2009-08-26 2011-03-30 华为技术有限公司 User identity identification method and device as well as call center system
CN102098159A (en) * 2010-07-28 2011-06-15 胡旭光 Secret key device and method for mobile phone
CN101907975A (en) * 2010-08-10 2010-12-08 北京握奇数据系统有限公司 USBKey and method for controlling same
CN102457845A (en) * 2010-10-14 2012-05-16 阿里巴巴集团控股有限公司 Wireless service identity authentication method, equipment and system
CN102904718A (en) * 2011-07-25 2013-01-30 付洪军 Audio communication based information security equipment and communication method thereof
CN102412968A (en) * 2011-10-17 2012-04-11 中金金融认证中心有限公司 System and method for realizing PKI application by audio interface switching USB protocol equipment
CN103532916A (en) * 2012-07-05 2014-01-22 百度在线网络技术(北京)有限公司 Method for acquiring information through voice, mobile terminal and voice information system
CN103532916B (en) * 2012-07-05 2017-04-05 百度在线网络技术(北京)有限公司 Method, mobile terminal and the voice message system of information are obtained by voice
CN103218565A (en) * 2012-10-24 2013-07-24 东信和平科技股份有限公司 Novel USB (universal serial bus) key and transaction method adopting same
CN103873154A (en) * 2012-12-13 2014-06-18 恒银金融科技有限公司 Method for data reception of mobile phone audio frequency digital signature apparatus
CN103973326A (en) * 2013-01-24 2014-08-06 国民技术股份有限公司 Sound card
CN103973326B (en) * 2013-01-24 2016-06-01 国民技术股份有限公司 A kind of audio card
CN104422922A (en) * 2013-08-19 2015-03-18 中兴通讯股份有限公司 Method and device for realizing sound source localization by utilizing mobile terminal
CN104660407A (en) * 2013-11-25 2015-05-27 国民技术股份有限公司 Security authentication method and device
CN104660408A (en) * 2013-11-25 2015-05-27 国民技术股份有限公司 Security authentication method and device
US10412061B2 (en) 2014-03-11 2019-09-10 Tencent Technology (Shenzhen) Company Limited Method and system for encrypted communications
CN104144049B (en) * 2014-03-11 2016-02-17 腾讯科技(深圳)有限公司 A kind of encryption communication method, system and device
CN104144049A (en) * 2014-03-11 2014-11-12 腾讯科技(深圳)有限公司 Encryption communication method, system and device
US10164949B2 (en) 2014-03-11 2018-12-25 Tencent Technology (Shenzhen) Company Limited Method and system for encrypted communications
CN104243451A (en) * 2014-08-19 2014-12-24 天地融科技股份有限公司 Information interaction method and system and smart key equipment
CN104243451B (en) * 2014-08-19 2018-04-13 天地融科技股份有限公司 A kind of information interacting method, system and intelligent cipher key equipment
CN104168117B (en) * 2014-08-20 2018-11-27 中国农业银行股份有限公司苏州分行 A kind of speech digit endorsement method
CN104168117A (en) * 2014-08-20 2014-11-26 中国农业银行股份有限公司苏州分行 Voice digital signature method
CN104394123A (en) * 2014-11-06 2015-03-04 成都卫士通信息产业股份有限公司 A data encryption transmission system and method based on an HTTP
CN104599667A (en) * 2015-01-16 2015-05-06 联想(北京)有限公司 Information processing method and electronic device
CN104599667B (en) * 2015-01-16 2019-03-08 联想(北京)有限公司 Information processing method and electronic equipment
CN104734855A (en) * 2015-02-12 2015-06-24 天地融科技股份有限公司 Communication methods and system of intelligent secret key device and intelligent secret key device
CN107066424A (en) * 2015-10-22 2017-08-18 通用电气公司 For the System and method for for the risk for determining operation turbine
CN107066424B (en) * 2015-10-22 2021-11-30 通用电气公司 System and method for determining risk of operating a turbomachine
CN107368724A (en) * 2017-06-14 2017-11-21 广东数相智能科技有限公司 Anti- cheating network research method, electronic equipment and storage medium based on Application on Voiceprint Recognition
CN107895256A (en) * 2017-11-08 2018-04-10 平安科技(深圳)有限公司 Bank account cancel loss report method for processing business, system, terminal and storage medium
WO2019091000A1 (en) * 2017-11-08 2019-05-16 平安科技(深圳)有限公司 Bank account report/unlock service processing method, system, terminal, and storage medium
CN110751947A (en) * 2018-11-13 2020-02-04 北京嘀嘀无限科技发展有限公司 Method for prompting user, electronic equipment and computer readable storage medium
CN110751947B (en) * 2018-11-13 2021-05-07 北京嘀嘀无限科技发展有限公司 Method for prompting user, electronic equipment and computer readable storage medium

Also Published As

Publication number Publication date
CN101231737B (en) 2014-06-04

Similar Documents

Publication Publication Date Title
CN101231737B (en) Method and system for enhancing internet bank trade security
US9430628B2 (en) Access authorization based on synthetic biometric data and non-biometric data
CN105913850B (en) Text correlation vocal print method of password authentication
CN104217149B (en) Biometric authentication method and equipment based on voice
EP3887982B1 (en) Biometric authentication
US20030200447A1 (en) Identification system
US20130132091A1 (en) Dynamic Pass Phrase Security System (DPSS)
US20130226582A1 (en) Device, system, and method of liveness detection utilizing voice biometrics
KR20190045099A (en) Voice Authentication System and Method
JP2006505021A (en) Robust multi-factor authentication for secure application environments
EP3180727A1 (en) Authentication based on multi-factor cancelable biometric data
CN101685635A (en) Identity authentication system and method
JP2008033144A (en) Portable type personal identification method and electronic commerce method
Chang et al. My voiceprint is my authenticator: A two-layer authentication approach using voiceprint for voice assistants
Zhang et al. Volere: Leakage resilient user authentication based on personal voice challenges
CN112417412A (en) Bank account balance inquiry method, device and system
KR101424962B1 (en) Authentication system and method based by voice
US20130339245A1 (en) Method for Performing Transaction Authorization to an Online System from an Untrusted Computer System
Kuznetsov et al. Methods of countering speech synthesis attacks on voice biometric systems in banking
WO2023172936A1 (en) Systems and apparatus for multifactor authentication using bone conduction and audio signals
CN107454044A (en) A kind of e-book reading protection of usage right method and system
KR20140029990A (en) System and method for authetificate the user using biometrics
CN111613228A (en) Identity and content recognition system based on voiceprint codes
Šandor et al. Resilience of Biometric Authentication of Voice Assistants against Deepfakes
JP5436951B2 (en) User authentication device and user authentication method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C53 Correction of patent for invention or patent application
CB02 Change of applicant information

Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer

Applicant after: Feitian Technologies Co., Ltd.

Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing

Applicant before: Beijing Feitian Chengxin Science & Technology Co., Ltd.

COR Change of bibliographic data

Free format text: CORRECT: APPLICANT; FROM: BEIJING FEITIAN CHENGXIN TECHNOLOGY CO., LTD. TO: FEITIAN TECHNOLOGIES CO., LTD.

C14 Grant of patent or utility model
GR01 Patent grant