CN201946038U - Security certificate device of internet-banking remote payment based on dual-interface safety smart card - Google Patents
Security certificate device of internet-banking remote payment based on dual-interface safety smart card Download PDFInfo
- Publication number
- CN201946038U CN201946038U CN2011200210919U CN201120021091U CN201946038U CN 201946038 U CN201946038 U CN 201946038U CN 2011200210919 U CN2011200210919 U CN 2011200210919U CN 201120021091 U CN201120021091 U CN 201120021091U CN 201946038 U CN201946038 U CN 201946038U
- Authority
- CN
- China
- Prior art keywords
- interface
- bank
- card
- security
- smart card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The utility model relates to a security certificate device of internet-banking remote payment based on a dual-interface safety smart card, which comprises a certificate server and an internet-banking server connected with the certificate server, wherein the internet-banking server is connected with the dual-interface safety smart card through a non-contact transmission channel of security certificate information. The non-contact transmission channel of the security certificate information comprises a computer connected with the internet-banking server, a non-contact smart-card reader-writer connected with the computer and the dual-interface safety smart card which is connected with the non-contact smart-card reader-writer in a non-contact mode. A smart-card reader module with a non-contact interface is installed on the computer. When the dual-interface safety smart card serves as a dual-interface smart bank card, the dual-interface safety smart card is directly used for taking the place of a traditional universal serial bus (USB) key, accordingly the USB key distribution cost is lowered, and users can use the internet-banking more conveniently.
Description
The technical field is as follows:
the utility model relates to a safety certification device of online bank remote payment based on two interface security smart cards.
Background art:
since its birth, bank cards have always existed and developed in the form of magnetic stripe cards. While the magnetic stripe card brings convenience to people, the magnetic stripe card is very easy to copy, and brings high fund risk to the bank card set woven belt. In order to prevent the fraud risk of the magnetic stripe card, the bank card organization introduced the strategy of migrating the bank card from the magnetic stripe card to the smart chip card (i.e. EMV migration). Migration has been implemented in many countries and regions. At present, China also enters a transition stage of upgrading a magnetic stripe card to an intelligent chip bank card, and both domestic technical conditions and card using environments are provided. The mode that the intelligent chip bank card directly adopts the double-interface security intelligent card in the upgrading process is undoubtedly a one-step selection. The system can realize various transactions including PBOC2.0 and EMV through a contact interface, and ensure the safety; and moreover, functions such as safe micropayment transaction and the like can be realized through a non-contact interface. Therefore, the user can easily realize one card for multiple purposes.
The Internet bank is also called on-line bank and Internet bank, which means that the bank provides traditional service items such as opening an account, selling an account, inquiring, reconciling, in-line transfer, cross-line transfer, credit, online stock certificates, investment and financing and the like to a customer through the Internet by using the Internet technology, so that the customer can safely and conveniently manage the current and regular deposit, checks, credit cards, personal investment and the like without going out.
Since online transactions are not face-to-face, users can make requests at any time and any place, and the traditional identification method usually authenticates the identity of the user by a user name and a login password. However, if the password of the user is transmitted over the network in a plaintext manner during login, the password is easily intercepted by an attacker, and further the identity of the user can be counterfeited, so that the identity authentication mechanism can be broken.
At present, the online bank personal authentication media (security tools) mainly include: passwords, file digital certificates, dynamic password cards, dynamic cell phone passwords, mobile password tokens, mobile digital certificates, and the like. The mobile digital certificate is actually a kind of usb key. Different banks in China are called differently, such as the Ministry of industry called U shield and the Ministry of agriculture called K Bao. The USBKey stores personal digital certificates of users. The personal identity authentication through the USBKey is the relatively most safe mode in the existing online bank personal authentication method.
One of the problems of using the USBKey authentication method is that in addition to the requirement of applying for a bank card before the banking business is launched, the user needs to be additionally provided with a corresponding USBKey. With the increasing popularity of online banking, users who select the usb key to protect the security of the online banking have reached a considerable number. If use the bank card of two interface security smart cards, and combine the utility model discloses in the method that proposes, then can directly use two interface smart bank cards to replace USBKey. Therefore, the method can save a considerable cost for distributing the USBKey and has good social and economic benefits. Meanwhile, when the user uses the internet bank, the user does not need to additionally use the USBKey because the user only needs to have the double-interface security smart card (appearing in a bank card mode), so that the user can use the internet bank more conveniently.
The invention content is as follows:
an object of the utility model is to overcome exist not enough among the prior art and provide one kind and realize the security authentication device based on the long-range payment of online bank of two interface security smart cards based on public key certificate under the support of two interface security smart cards, two interface security smart cards are one kind and accord with international internal relevant standard and standard two interface smart card class products, can be used for as two interface intelligent bank cards and provide the security authentication support.
The purpose of the utility model is realized like this: including certificate server, the bank server that is connected with certificate server, its characterized in that: the bank online bank server is connected with the double-interface security intelligent card through a non-contact transmission channel of the security authentication information.
The non-contact type transmission channel of the security authentication information comprises a computer connected with the bank internet bank server, a non-contact type intelligent card reader-writer connected with the computer, and a double-interface security intelligent card connected with the non-contact type intelligent card reader-writer in a non-contact manner, wherein an intelligent card reader-writer module suitable for a non-contact interface of the double-interface security intelligent card is installed on the computer.
The non-contact type transmission channel of the security authentication information comprises a wireless communication line connected with a bank internet bank server, a mobile phone terminal with a short-distance wireless communication module, a double-interface security smart card connected with the mobile phone terminal, and the short-distance wireless communication module in a non-contact type smart card reader-writer mode is arranged in the mobile phone terminal.
The double-interface security smart card is a smart card product which meets Chinese financial Integrated Circuit (IC) card specification (V2.0), non-contact payment IC card payment specification and international standard ISO10536 series standard, supports ISO/IEC 14443-A and ISO/IEC 7816 protocols, supports the cryptographic algorithms approved by the State password administration including SM1, SSF33, RSA and summary algorithms, and can be used as a double-interface smart bank card.
The utility model discloses have following positive effect: the double-interface security smart card is applied to security authentication of remote payment in an online bank (hereinafter referred to as online bank), and the security authentication of the remote payment in the online bank can be realized by using the double-interface security smart card. Through the establishment of a non-contact transmission channel between a computer or a mobile phone terminal with a short-distance wireless communication module and the dual-interface security smart card, the security function of the dual-interface security smart card is utilized to carry out operations such as identity authentication, data encryption and the like, thereby realizing the remote payment of the internet bank. On the basis, after the double-interface safety intelligent card is used as a double-interface intelligent bank card, the traditional USBKey can be directly replaced by the double-interface safety intelligent card, so that the cost for distributing the USBKey can be saved, and the double-interface safety intelligent card has good social and economic benefits. Meanwhile, when the user uses the internet bank, the user only needs to possess the double-interface security smart card (appearing in a bank card mode), and does not need to additionally use the USBKey, so that the user (particularly the user of the mobile phone terminal with the short-distance wireless communication module) can use the internet bank more conveniently.
Description of the drawings:
fig. 1 is a basic schematic diagram of the present invention.
Fig. 2 is a schematic diagram of the establishment of a non-contact transmission channel between a computer and a dual-interface security smart card according to the present invention.
Fig. 3 is the utility model discloses a schematic diagram is established to non-contact transmission channel between cell-phone terminal and two interface security smart cards.
Fig. 4 is a schematic diagram of the certificate distribution process of the present invention.
Fig. 5 is a schematic diagram of the security authentication protocol of the present invention.
The specific implementation mode is as follows:
as shown in fig. 1, the utility model discloses a certificate server, the bank online bank server that is connected with certificate server, bank online bank server are connected with double-interface security smart card through the non-contact transmission channel of safety certification information. The authentication device includes the establishment of a contactless transmission channel of secure authentication information, in which a secure authentication protocol is implemented. The double-interface security smart card is a smart card product which meets standards such as Chinese financial Integrated Circuit (IC) card specification (V2.0), non-contact payment IC card payment specification and international standard ISO10536 series, supports ISO/IEC 14443-A and ISO/IEC 7816 protocols, supports cryptographic algorithms approved by the State code administration (including SM1, SSF33, RSA and the like) and abstract algorithms (such as SHA-1 and the like) and can be used as a double-interface smart bank card.
The establishment of the non-contact transmission channel of the security authentication information is specifically divided into two structural forms:
as shown in fig. 2, the first form: and establishing a non-contact transmission channel between the computer and the double-interface security smart card. The non-contact type transmission channel of the security authentication information comprises a computer connected with the bank internet bank server, a non-contact type intelligent card reader-writer connected with the computer, and a double-interface security intelligent card connected with the non-contact type intelligent card reader-writer in a non-contact manner, wherein an intelligent card reader-writer module suitable for a non-contact interface of the double-interface security intelligent card is installed on the computer. The computer is required to be provided with a smart card reader-writer module which is suitable for a non-contact interface of the double-interface security smart card, so that a non-contact type transmission channel can be established between the computer and the double-interface security smart card. The general form is that an external non-contact intelligent card reader-writer is added on a computer, and a matching program (such as a drive program) of the corresponding reader-writer is installed in the computer.
In a second form, as shown in fig. 3, a contactless transmission channel is established between a mobile phone terminal having a short-range wireless communication module and a dual-interface secure smart card. The non-contact type transmission channel of the security authentication information comprises a wireless communication line connected with a bank internet bank server, a mobile phone terminal with a short-distance wireless communication module, a double-interface security smart card connected with the mobile phone terminal, and the short-distance wireless communication module in a non-contact type smart card reader-writer mode is arranged in the mobile phone terminal. In the mode, the short-distance wireless communication module in the mobile phone terminal is set to be in a non-contact intelligent card reader-writer mode, so that a non-contact transmission channel is established with the double-interface security intelligent card.
2. And (4) a security authentication protocol: the utility model discloses well safety certification agreement indicates the agreement and the standard that follow when the user uses the net bank in-process, carries out both sides identity safety certification between computer or cell-phone terminal and the bank net bank server. The secure authentication protocol is based on the use of public key certificates. The public key certificate and private key of the user and the corresponding encryption and decryption algorithm and digest algorithm are all in the double-interface security smart card, so in the security authentication process, the related data needing to be sent and received between the computer or mobile phone terminal and the bank internet bank server are transmitted to the double-interface security smart card for processing (such as digital signature, encryption and decryption and the like) and returning the result on the basis of the establishment of the non-contact transmission channel.
The security authentication part includes the steps of:
1) distribution of public key certificates (as shown in fig. 4):
A. the certificate server generates respective public key certificates for the bank online bank server and the terminal user;
B. the certificate server writes a public key certificate of the bank online banking server into the double-interface security smart card in an off-line manner;
C. the certificate server informs the bank internet bank server of the public key certificate of the user;
2) and (4) safety authentication: the identity authentication of both parties (i.e. the terminal user and the bank) is realized between the computer or the mobile phone terminal and the bank internet bank server through a public key certificate (as shown in fig. 5). The messages sent by the secure authentication protocol are as follows:
C->S:PEs(Nc)
S->C:PEc(Ns,TIMEcs,TYPEcs,AMOUNTcs,EXTcs,SIGs(Nc))
C->S:PEs(Ns,SIGc(TIMEcs,TYPEcs,AMOUNTcs,EXTcs))
wherein,Crepresents a sender of a computer or a mobile phone terminal,Srepresenting a bank online bank server receiver; PEc is expressed byCIs expressed by SIGcCThe private key signature of (2); PEs is expressed bySPublic key encryption of (1), SIGs stands forSThe private key signature of (2);Ncindicating the verification factor generated by the sender,Nsrepresenting a verification factor generated by the recipient;TIMEcswhich represents the time of operation of the transaction,TYPEcswhich indicates the kind of operation of the transaction,AMOUNTcswhich represents the amount of the operation money,EXTcsindicating a reserved extension;
the security authentication protocol performs the following steps:
firstly, after the transaction is started, the terminal sender sends a request for encrypting and authenticating by using a server receiver certificate public key to a server receiver, and the request content comprises a terminal generated verification factorNc;
Secondly, the bank internet bank server searches the corresponding certificate of the user according to the information of the user using the internet bank currently, and generates a verification factor after verifying the legality of the certificate to the certificate serverNsUsing its own private key pairNcTransaction operation time with current transaction after signatureTIMEcsCategory of transaction operationTYPEcsAmount of operationAMOUNTcsReserving an extension partEXTcsEncrypting the information by using the encryption public key of the receiver, and then transmitting the information to the terminal;
thirdly, the terminal decrypts the ciphertext information sent by the bank online banking server (firstly using the private key of the terminal, and then using the pre-stored public key visa server of the bank online banking server for signature), and checksNcAfter the consistency is obtained;
fourthly, after the verification is passed, the terminal pairTIMEcs,TYPEcs,AMOUNTcs,EXTcsAfter the information is signed by the private key of the user, the information is signed by the private key of the userNsThe public key of the bank online bank server is encrypted and then transmitted to the online bank server;
fifthly, the online bank server receives the informationNsWith the originalNsA comparison is made. If the identity is the same, the identity security authentication of the two parties is passed, and the transaction is successful. Simultaneously connecting the terminal pairsTIMEcs,TYPEcs,AMOUNTcs, EXTcsStoring and recording the private key signature result of the transaction information; if not, the transaction fails.
Claims (4)
1. The utility model provides a safety certification device of online bank remote payment based on two interface security smart cards, includes certificate server, the bank online bank server that is connected with certificate server, its characterized in that: the bank online bank server is connected with the double-interface security intelligent card through a non-contact transmission channel of the security authentication information.
2. The security authentication device for internet banking remote payment based on the dual-interface security smart card as claimed in claim 1, wherein: the non-contact type transmission channel of the security authentication information comprises a computer connected with the bank internet bank server, a non-contact type intelligent card reader-writer connected with the computer, and a double-interface security intelligent card connected with the non-contact type intelligent card reader-writer in a non-contact manner, wherein an intelligent card reader-writer module suitable for a non-contact interface of the double-interface security intelligent card is installed on the computer.
3. The security authentication device for internet banking remote payment based on the dual-interface security smart card as claimed in claim 1, wherein: the non-contact type transmission channel of the security authentication information comprises a wireless communication line connected with a bank internet bank server, a mobile phone terminal with a short-distance wireless communication module, a double-interface security smart card connected with the mobile phone terminal, and the short-distance wireless communication module in a non-contact type smart card reader-writer mode is arranged in the mobile phone terminal.
4. The security authentication device for internet banking remote payment based on the dual-interface security smart card as claimed in claim 1, wherein: the double-interface security smart card is a smart card product which meets Chinese financial Integrated Circuit (IC) card specification (V2.0), non-contact payment IC card payment specification and international standard ISO10536 series standard, supports ISO/IEC 14443-A and ISO/IEC 7816 protocols, supports the cryptographic algorithms approved by the State password administration including SM1, SSF33, RSA and summary algorithms, and can be used as a double-interface smart bank card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011200210919U CN201946038U (en) | 2011-01-24 | 2011-01-24 | Security certificate device of internet-banking remote payment based on dual-interface safety smart card |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011200210919U CN201946038U (en) | 2011-01-24 | 2011-01-24 | Security certificate device of internet-banking remote payment based on dual-interface safety smart card |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201946038U true CN201946038U (en) | 2011-08-24 |
Family
ID=44473375
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011200210919U Expired - Lifetime CN201946038U (en) | 2011-01-24 | 2011-01-24 | Security certificate device of internet-banking remote payment based on dual-interface safety smart card |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201946038U (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778713A (en) * | 2012-10-24 | 2014-05-07 | 航天信息股份有限公司 | Financial ic card system |
| CN103871163A (en) * | 2012-12-13 | 2014-06-18 | 航天信息股份有限公司 | Composited financial transaction method and system |
| CN105025153A (en) * | 2014-04-17 | 2015-11-04 | 北京数码视讯科技股份有限公司 | Method, device and system for displaying result of non-contact operation, and external equipment |
| TWI556179B (en) * | 2014-08-18 | 2016-11-01 | 黃音凱 | Dual mode card reader and card-reading method thereof |
-
2011
- 2011-01-24 CN CN2011200210919U patent/CN201946038U/en not_active Expired - Lifetime
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103778713A (en) * | 2012-10-24 | 2014-05-07 | 航天信息股份有限公司 | Financial ic card system |
| CN103871163A (en) * | 2012-12-13 | 2014-06-18 | 航天信息股份有限公司 | Composited financial transaction method and system |
| CN105025153A (en) * | 2014-04-17 | 2015-11-04 | 北京数码视讯科技股份有限公司 | Method, device and system for displaying result of non-contact operation, and external equipment |
| CN105025153B (en) * | 2014-04-17 | 2018-12-25 | 北京数码视讯科技股份有限公司 | The display methods of Touchless manipulation result, apparatus and system, external equipment |
| TWI556179B (en) * | 2014-08-18 | 2016-11-01 | 黃音凱 | Dual mode card reader and card-reading method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102118251B (en) | Security authentication method for internet banking remote payment based on multi-interface intelligent safety card | |
| US20200286088A1 (en) | Method, device, and system for securing payment data for transmission over open communication networks | |
| CN102737311B (en) | Internet bank security authentication method and system | |
| US9904919B2 (en) | Verification of portable consumer devices | |
| US8602293B2 (en) | Integration of verification tokens with portable computing devices | |
| US20160117673A1 (en) | System and method for secured transactions using mobile devices | |
| US20130179351A1 (en) | System and method for an authenticating and encrypting card reader | |
| CN202210326U (en) | Personal payment terminal with keyboard | |
| US20150142666A1 (en) | Authentication service | |
| US20150324800A1 (en) | System and Method of Processing PIN-Based Payment Transactions via Mobile Devices | |
| US20130226812A1 (en) | Cloud proxy secured mobile payments | |
| JP7594999B2 (en) | System and method for cryptographic authentication of contactless cards - Patents.com | |
| EP3454274A1 (en) | Verification of portable consumer devices | |
| TW200941369A (en) | Payment system and method performing trade by identification card including IC card | |
| US20150142669A1 (en) | Virtual payment chipcard service | |
| CN104951937A (en) | Authentication method and authentication system among mobile devices | |
| US20150142667A1 (en) | Payment authorization system | |
| CN103268547A (en) | NFC Mobile Payment System with Fingerprint Authentication Mechanism | |
| WO2015180578A1 (en) | Secure payment method for visual financial card | |
| CN102013001A (en) | Card reader with authentication function and authentication method thereof | |
| JP2019525645A (en) | Cryptographic authentication and tokenized transactions | |
| CN104182875A (en) | Payment method and payment system | |
| KR101499906B1 (en) | Smart card having OTP generation function and OTP authentication server | |
| CN201946038U (en) | Security certificate device of internet-banking remote payment based on dual-interface safety smart card | |
| CN102118394A (en) | Safety authentication method for remote payment through internet banking based on dual-interface safety intelligent card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: ZHENGZHOU XINDAJIEAN INFORMATION TECHNOLOGY CO., L Free format text: FORMER NAME: ZHENGZHOU XINDA JIEAN INFORMATION TECHNOLOGY CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 450001 No. 11 Lianhua street, hi tech Development Zone, Henan, Zhengzhou Patentee after: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. Address before: 450001 No. 11 Lianhua street, hi tech Development Zone, Henan, Zhengzhou Patentee before: Zhengzhou Xinda Jie An Information Technology Co., Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP02 | Change in the address of a patent holder |
Address after: 450001 Henan city of Zhengzhou Province, West Zheng Dong new things are integrated services northbound Zhengzhou national trunk highway logistics building 14 floors of A towers Patentee after: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. Address before: 450001 No. 11 Lianhua street, hi tech Development Zone, Henan, Zhengzhou Patentee before: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. |
|
| C56 | Change in the name or address of the patentee | ||
| CP02 | Change in the address of a patent holder |
Address after: 450046 Henan city of Zhengzhou Province, East West northbound Zheng Dong new district are integrated services Zhengzhou national trunk highway logistics building 14 floors of A towers Patentee after: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. Address before: 450001 Henan city of Zhengzhou Province, West Zheng Dong new things are integrated services northbound Zhengzhou national trunk highway logistics building 14 floors of A towers Patentee before: Zhengzhou Xinda Jie'an Information Technology Co., Ltd. |
|
| CX01 | Expiry of patent term |
Granted publication date: 20110824 |
|
| CX01 | Expiry of patent term |