CN102938116A - Full-link protection and management method for ensuring safety of transaction - Google Patents
Full-link protection and management method for ensuring safety of transaction Download PDFInfo
- Publication number
- CN102938116A CN102938116A CN2012104117284A CN201210411728A CN102938116A CN 102938116 A CN102938116 A CN 102938116A CN 2012104117284 A CN2012104117284 A CN 2012104117284A CN 201210411728 A CN201210411728 A CN 201210411728A CN 102938116 A CN102938116 A CN 102938116A
- Authority
- CN
- China
- Prior art keywords
- transaction
- safety
- authentication
- link protection
- technology
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a full-link protection and management method for ensuring the safety of a transaction. The full-link protection and management method provided by the invention comprises the following steps of: dividing a transaction process into three steps of a fore-transaction process, a transacting process and a post-transaction process from the beginning of the transaction to the end of the transaction; and specifically using a dynamic password technology, a position service method and a graphic two-dimensional code technology to ensure the safety of the network transaction and solve the corresponding network transaction security problem aiming at the different security problems of the three steps. With the adoption of the full-link protection and management method provided by the invention, the security problems that a user order is maliciously modified, an account is stolen and is easy to being phished, and a transaction risk loss is independently borne by a user in any one of the fore-transaction process, the transacting process and the post-transaction process of the transaction process can be effectively solved; the security of the network transaction is improved; and the full-link protection and management method has stronger practical values and practical significances.
Description
Technical field
The present invention relates to a kind of full link protection business method of Transaction Safety, belong to wired internet and wireless interconnected online Research on transaction security in electronic field.
Background technology
At present, along with maturation and the relevant device improvement and popularization day by day of wired internet and wireless interconnected network technology, the trade mode that people are traditional changes just gradually, and a large number of users utilizes PC or mobile terminal to be done shopping, pay.Facilitate for the user in Internet technology and conclude the business quickly in new model, also brought in, network trading process stolen such as the customer transaction account in network trading user's order to be maliciously tampered, to steal account and phishing attack, transaction risk loss and much problems and the drawback of safety of network trade aspect such as independently born by user oneself.At present, existing correlation technique adopts traditional user name to add the authentication mode of static password, the account information of this mode is very easy to be stolen, corresponding user's sequence information also is easy to be tampered, simultaneously, authentication mode based on user name and static password has easily by the risk of phishing attack, in addition, current existing correlation technique just provides solution for some nodes in above-mentioned network trading link, the safety problem of the links before can not systematically having solved the transaction in above-mentioned process of exchange, in transaction, after transaction.
Summary of the invention
The objective of the invention is to provide for the safety problem of links in the network trading link a kind of full link protection business method of Transaction Safety, each safety problem before method system of the present invention has solved the transaction in the process of exchange effectively, in transaction, after transaction.
Three phases before the present invention will conclude the business and start, to end, process of exchange is divided into to transaction, in process of exchange, after transaction, take targetedly different technological means to ensure safety of network trade and solve corresponding safety of network trade problem for the different safety problems of above-mentioned three phases.
Safety problem before network trading is mainly manifested in user account and is stolen.For solving the existing variety of issue of static password, the present invention adopts dynamic password (claiming again OTP:Once-Time Password) technology, the mode by re-authentication prevent traditional static password by password guess, the means such as dictionary attack cause the safety problems such as user's property loss, loss of data after stealing user account.Due to every 60 seconds (effective time, frequency can arrange) random renewals once of dynamic password, its advantage is that a password is only used once in verification process, change while authenticating next time and use another password, make the lawless person be difficult to the identity of counterfeit validated user, the user does not need memory cipher yet and uses very simple.
The present invention also can carry out the authentication before network trading as password by the biological information recognition technology, and described biological information recognition technology comprises fingerprint recognition, the identification of palm geometry, iris recognition, retina identification, face recognition, signature identification, voice recognition, DNA identification etc.
The dynamic password technology that the present invention adopts comprises authentication service module, dynamic password generation module and relevant third party's application interface.The authentication service module provides seed distribution, authentication service, dynamic password generation module (being the OTP client) comprises to be learned algorithm according to associated cryptographic and generates dynamic password, time calibration (OTP that refers to time-based mechanism here) function, third party's application interface comprise with third party's user application bound, solution ties up the Standard Interface service.
Safety problem in network trading is mainly manifested in Transaction Information and is gone fishing or be tampered.It is location-based service (the LBS:Location Based Service) method adopted that the present invention solves the safety problem of being gone fishing; Described position service method is to determine this safety of whether concluding the business by the positional information of authentication more for the first time and the positional information that authenticates for the second time on the basis of re-authentication.
The client of described position service method and third party's application scenarios and re-authentication is closely related.Application scenarios provides the positional information of authentication for the first time when authenticating for the first time, and mobile application provides authentication information for the second time while authenticating for the second time, and two positional informations compare to determine whether transaction exists risk.
The present invention utilizes the figure planar bar code technology to solve the problem that Transaction Information is maliciously tampered, the said figure planar bar code technology of the present invention is to utilize the Quick Response Code algorithm to generate the figure Quick Response Code using sequence information as index item, carrying out effective sex ratio pair in transaction confirmation for the second time, determine whether transaction exists risk, thereby be reached for the purpose that the user provides the transaction risk early warning.
The figure planar bar code technology of solution transaction security of the present invention comprises that figure two-dimensional code generation module, decoder module, comparison module form.Three modules of figure two bit code technology all are integrated in third party's application system, generation module generates the figure Quick Response Code using Transaction Information as parameter according to relevant Quick Response Code algorithm, decoder module offers comparison module by existing figure Quick Response Code decoding reduction and compares.Generally, decoder module also is integrated in mobile client simultaneously, in order to carry out manpower comparing pair.
Support method after network trading of the present invention is also for the user, to reduce the loss for the trade loss that has solved before the customer transaction and the security risk in transaction also exists afterwards; For example utilize accept insurance user's trade loss of insurance mechanism.
The present invention is a kind of Internet-based user's of brand-new, system the business method of network trading, user's order before it has solved the transaction in the process of exchange effectively, in transaction, after transaction is maliciously tampered, account is stolen and easily be subject to phishing attack, transaction risk is lost by safety problems such as user oneself independently bear, greatly improve the security of network trading, there is stronger practical value and realistic meaning.
The accompanying drawing explanation
Fig. 1 is the workflow diagram of re-authentication of the full link protection business method of a kind of Transaction Safety of the present invention;
Fig. 2 is the workflow diagram of position service method of the full link protection business method of a kind of Transaction Safety of the present invention;
Fig. 3 is the workflow diagram of figure planar bar code technology of the full link protection business method of a kind of Transaction Safety of the present invention.
Embodiment
Below in conjunction with drawings and Examples, describe the present invention.The workflow of re-authentication of the present invention is as shown in Figure 1:
The first step, after the static system of accounts based on static password has authenticated, start the dynamic password generation module and generate dynamic password (OTP);
Second step, carry out dynamic password authentication in third party's application;
The 3rd step, authentication service module verification dynamic password; Complete re-authentication.
The workflow of position service method of the present invention is as shown in Figure 2:
The first step, the third party applies when own static system of accounts has authenticated provides third party's application scenarios corresponding geographic position;
Second step, the use dynamic password provides the corresponding positional information of client of re-authentication while for third party's application, carrying out re-authentication;
The 3rd step, compare two positional informations, and whether the prompting transaction exists risk.
The workflow of figure planar bar code technology of the present invention is as shown in Figure 3:
The first step, when transaction generates, the figure two-dimensional code generation module generates the figure Quick Response Code using Transaction Information and necessary related data as index item;
Second step, carry out the related system of trade confirmation for the second time and obtain the figure Quick Response Code that top step generates, and be transferred to third party's application when the secondary trade confirmation;
The 3rd step, the Quick Response Code transmitted when the figure Quick Response Code that decoder module produces when transaction is generated and secondary trade confirmation is decoded;
The 4th step, compare to decoded Quick Response Code data, and whether prompting exists transaction risk.
Protection business method before the transaction of Transaction Safety of the present invention, in transaction all is based on re-authentication and carries out; Re-authentication starts from mobile terminal.In the antitheft number service, mobile terminal includes the OTP generation module, and can carry out communication and authentication by mobile network and third party's application; The location-based service of the anti-fishing of customer transaction has the function of positional information while collecting re-authentication in the application of mobile terminal, and the positional information when authenticating for the first time compares to judge whether to exist the authentication risk; The figure Quick Response Code service with man-in-the-middle attack of distorting of anti-order possesses the function that generates the figure Quick Response Code using sequence information and other key message as index, obtain this Quick Response Code during re-authentication, after original Quick Response Code and the decoding of the Quick Response Code of re-authentication, compare to determine whether to exist transaction risk.
Generally, the first authentication of third party's application has been held at PC, and authentication is for the second time used the software systems that are arranged on mobile terminal to be undertaken by the mobile network.Mobile terminal comprises the equipment such as smart mobile phone, Pad, iPad.The authentication service of re-authentication is arranged on PC Server or minicomputer, meets the non-functional requirement such as concurrent, pressure, safety certification.Third party's application is disposed in accordance with the business demand of this application.
The above; be only the specific embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in scope disclosed by the invention; the variation that can expect easily or replacement, all should be encompassed in the protection domain of the claims in the present invention.
Claims (7)
1. the full link protection business method of a Transaction Safety, is characterized in that, comprises the following steps:
(1) will conclude the business and start, to three phases before finishing that process of exchange is divided into to transaction, in process of exchange, after transaction, for the different safety problems of above-mentioned three phases, take targetedly different technological means to ensure safety of network trade and solve corresponding safety of network trade problem;
(2) being mainly manifested in user account for the safety problem before network trading is stolen; Adopt the mode of dynamic password technology by re-authentication prevent traditional static password by password guess, the means such as dictionary attack steal user account;
(3) being mainly manifested in Transaction Information for the safety problem in network trading is gone fishing or is tampered; Adopt position service method to solve the safety problem of being gone fishing, described position service method is to determine this safety of whether concluding the business by the positional information of authentication more for the first time and the positional information that authenticates for the second time on the basis of re-authentication;
(4) adopt the figure planar bar code technology to solve the problem that Transaction Information is maliciously tampered, described figure planar bar code technology is to utilize the Quick Response Code algorithm to generate the figure Quick Response Code using sequence information as index item, carrying out effective sex ratio pair in transaction confirmation for the second time, determine whether transaction exists risk, thereby be reached for the purpose that the user provides the transaction risk early warning;
(5) support method after network trading is for having solved before the customer transaction and the trade loss also existed after the security risk in transaction adopts accept insurance user's trade loss of insurance mechanism.
2. the full link protection business method of a kind of Transaction Safety according to claim 1; it is characterized in that; the dynamic password technology of the described employing of step (2) comprises authentication service module, dynamic password generation module and relevant third party's application interface; the authentication service module provides seed distribution, authentication service; the dynamic password generation module comprises according to cryptographic algorithm and generates dynamic password, time calibration function, third party's application interface comprise with third party's user application bound, solution ties up the Standard Interface service.
3. the full link protection business method of a kind of Transaction Safety according to claim 1; it is characterized in that; the client of the described position service method of step (3) and third party's application scenarios and re-authentication is closely related; application scenarios provides the positional information of authentication for the first time when authenticating for the first time; mobile application provides authentication information for the second time while authenticating for the second time, and two positional informations compare to determine whether transaction exists risk.
4. the full link protection business method of a kind of Transaction Safety according to claim 1; it is characterized in that; the described figure planar bar code technology of step (4) comprises that figure two-dimensional code generation module, decoder module, comparison module form; three modules of figure two bit code technology all are integrated in third party's application system; generation module generates the figure Quick Response Code using Transaction Information as parameter according to relevant Quick Response Code algorithm, decoder module offers comparison module by existing figure Quick Response Code decoding reduction and compares.
5. the full link protection business method of a kind of Transaction Safety according to claim 4, is characterized in that, described decoder module is integrated in mobile client in order to carry out manpower comparing pair simultaneously.
6. the full link protection business method of a kind of Transaction Safety according to claim 1, is characterized in that, step (2) also can be carried out the authentication before network trading as password by the biological information recognition technology.
7. the full link protection business method of a kind of Transaction Safety according to claim 6; it is characterized in that, described biological information recognition technology is one of fingerprint recognition, the identification of palm geometry, iris recognition, retina identification, face recognition, signature identification, voice recognition, DNA identification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210411728.4A CN102938116B (en) | 2012-10-25 | 2012-10-25 | A kind of full link protection business method of Transaction Safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210411728.4A CN102938116B (en) | 2012-10-25 | 2012-10-25 | A kind of full link protection business method of Transaction Safety |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102938116A true CN102938116A (en) | 2013-02-20 |
| CN102938116B CN102938116B (en) | 2016-03-23 |
Family
ID=47697010
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210411728.4A Active CN102938116B (en) | 2012-10-25 | 2012-10-25 | A kind of full link protection business method of Transaction Safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102938116B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103942685A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive system |
| CN103942684A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive system |
| CN104580199A (en) * | 2014-12-31 | 2015-04-29 | 上海动联信息技术股份有限公司 | Dynamic password authentication system and method based on WeChat |
| CN107679846A (en) * | 2017-09-29 | 2018-02-09 | 南京中高知识产权股份有限公司 | Businessman's secure payment platform and its method of work |
| CN112968912A (en) * | 2021-04-01 | 2021-06-15 | 上海帆立信息科技有限公司 | Multi-mode safety verification code technology for long-link Internet service |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060041516A1 (en) * | 2003-02-05 | 2006-02-23 | Accenture Global Services Gmbh | Dynamic auditing of electronic elections |
| CN101620705A (en) * | 2009-08-07 | 2010-01-06 | 中国建设银行股份有限公司 | Safety certificate method and system for Internet banking |
| CN102448061A (en) * | 2011-11-18 | 2012-05-09 | 王黎明 | Method and system for preventing phishing attack on basis of mobile terminal |
-
2012
- 2012-10-25 CN CN201210411728.4A patent/CN102938116B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060041516A1 (en) * | 2003-02-05 | 2006-02-23 | Accenture Global Services Gmbh | Dynamic auditing of electronic elections |
| CN101620705A (en) * | 2009-08-07 | 2010-01-06 | 中国建设银行股份有限公司 | Safety certificate method and system for Internet banking |
| CN102448061A (en) * | 2011-11-18 | 2012-05-09 | 王黎明 | Method and system for preventing phishing attack on basis of mobile terminal |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103942685A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive system |
| CN103942684A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive system |
| CN104580199A (en) * | 2014-12-31 | 2015-04-29 | 上海动联信息技术股份有限公司 | Dynamic password authentication system and method based on WeChat |
| CN104580199B (en) * | 2014-12-31 | 2018-12-28 | 上海动联信息技术股份有限公司 | A kind of dynamic password authentication system and authentication method based on wechat |
| CN107679846A (en) * | 2017-09-29 | 2018-02-09 | 南京中高知识产权股份有限公司 | Businessman's secure payment platform and its method of work |
| CN112968912A (en) * | 2021-04-01 | 2021-06-15 | 上海帆立信息科技有限公司 | Multi-mode safety verification code technology for long-link Internet service |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102938116B (en) | 2016-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101051908B (en) | Dynamic cipher certifying system and method | |
| CN101414909B (en) | System, method and mobile communication terminal for verifying network application user identification | |
| CN101340437B (en) | Time source regulating method and system | |
| US20110103586A1 (en) | System, Method and Device To Authenticate Relationships By Electronic Means | |
| CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| CN101577917A (en) | Safe dynamic password authentication method based on mobile phone | |
| CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
| CN103001773A (en) | Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC) | |
| CN101166091A (en) | A dynamic password authentication method and service end system | |
| CN109474437B (en) | Method for applying digital certificate based on biological identification information | |
| CN103152732B (en) | Cloud password system and operation method thereof | |
| CN106850201A (en) | Intelligent terminal multiple-factor authentication method, intelligent terminal, certificate server and system | |
| CN105243542B (en) | Dynamic electronic certificate authentication method | |
| CN110290134A (en) | A kind of identity identifying method, device, storage medium and processor | |
| CN102938116B (en) | A kind of full link protection business method of Transaction Safety | |
| CN101741565A (en) | Method and system for transmitting IC (integrated circuit)-card application data | |
| CN101561956A (en) | Method and system for information interaction | |
| CN101141252A (en) | Network cipher authentication method | |
| CN101216915A (en) | A secured mobile payment method | |
| KR101202245B1 (en) | System and Method For Transferring Money Using OTP Generated From Account Number | |
| CN104077690A (en) | One-time password generation method and device, authentication method and authentication system | |
| WO2015055120A1 (en) | Device for secure information exchange | |
| CN105741116A (en) | Fast payment method, apparatus and system | |
| CN102170437A (en) | System and method for realizing Phishing identification based on challenge password token | |
| US20170344992A1 (en) | Payment verification method, apparatus and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 100142 East 9A, Hui Hui building, No. 158 West Fourth Ring Road, Beijing, Haidian District Patentee after: Beijing Yuanjian Technologies Co.,Ltd. Address before: 100195, No. 1, building 65, apricot Road, Haidian District, Beijing Patentee before: Shidai Yibao (Beijing) Technology Co., Ltd. |