CN111476574A - Novel security IC card and authentication system and method - Google Patents
Novel security IC card and authentication system and method Download PDFInfo
- Publication number
- CN111476574A CN111476574A CN202010289998.7A CN202010289998A CN111476574A CN 111476574 A CN111476574 A CN 111476574A CN 202010289998 A CN202010289998 A CN 202010289998A CN 111476574 A CN111476574 A CN 111476574A
- Authority
- CN
- China
- Prior art keywords
- card
- authentication
- financial
- application
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 230000006870 function Effects 0.000 claims abstract description 29
- 238000004891 communication Methods 0.000 claims abstract description 16
- 230000008569 process Effects 0.000 claims description 26
- 238000013461 design Methods 0.000 claims description 23
- 238000007726 management method Methods 0.000 claims description 21
- 238000012795 verification Methods 0.000 claims description 20
- 230000004044 response Effects 0.000 claims description 15
- 238000012544 monitoring process Methods 0.000 claims description 14
- 238000012545 processing Methods 0.000 claims description 12
- 238000012546 transfer Methods 0.000 claims description 12
- 238000012550 audit Methods 0.000 claims description 9
- 230000000977 initiatory effect Effects 0.000 claims description 5
- 230000007246 mechanism Effects 0.000 claims description 5
- 230000002093 peripheral effect Effects 0.000 claims description 4
- 230000002159 abnormal effect Effects 0.000 claims description 3
- 230000010365 information processing Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 claims description 3
- 238000007619 statistical method Methods 0.000 claims description 3
- 230000002457 bidirectional effect Effects 0.000 claims description 2
- 238000013500 data storage Methods 0.000 claims description 2
- 230000008901 benefit Effects 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 7
- 239000000047 product Substances 0.000 description 7
- 238000011161 development Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005728 strengthening Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 244000144985 peep Species 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to the field of financial security, in particular to a novel security IC card, an authentication system and an authentication method. By integrating user safety information application in the financial IC card and internally arranging a client PKI digital certificate and a secret key, the financial IC card can be in safety communication with a mobile phone end computer end and perform certificate authentication and data safety communication, thereby completing user identity authentication and transaction authentication; in the existing financial IC card, a U-key Application (APP) is loaded, and a user interacts with the financial IC card through a mobile banking APP (by utilizing the NFC function of a mobile phone) or a computer-side identity authentication control (by utilizing a card reader) during transaction to complete the functions of customer identity authentication, transaction authentication and the like.
Description
Technical Field
The invention relates to the field of financial security, in particular to a novel security IC card, an authentication system and an authentication method.
Background
With the rapid development of the internet, electronic transactions are more and more popular. Applications of electronic transactions include: electronic banking (internet banking, ATM applications, POS applications, telephone banking, cell phone banking, card payments), online securities, third party payments, electronic malls, etc. Various electronic channel applications have commonalities to security requirements and have requirements for user authentication and transaction authentication; there is a need for logging, a need for access authorization, a need for risk monitoring and prevention. In order to better support the business development and integration of various electronic channels, financial institutions usually establish a set of uniform authentication platform suitable for all electronic channels to uniformly process user authentication, transaction authentication, risk monitoring and prevention, uniform logs and the like. The unified identity authentication platform mainly supports the following user identity authentication modes: static passwords, dynamic tokens, certificates, biological identification, geographic information, short message authentication and other authentication modes, and supports the expansion of other authentication modes.
1. Unified identity authentication platform functional features
① as authentication infrastructure, providing authentication service for various electronic channels, such as Internet banking, mobile banking, ATM, POS, telephone banking, card payment, etc.;
② the authentication tools of the user can be tokens of different manufacturers, USBKEY, scratch cards, mobile phone short messages, static passwords, software tokens, mobile phone tokens and the like, and can be continuously expanded along with the development of authentication technology;
③ an authentication tool can support multiple channel applications, such as mobile banking, internet banking, card payment, ATM, POS and OA applications;
④ the authentication service can be identity authentication, transaction authentication;
⑤, the flexible structure and the expansion mode of the platform can well meet the needs of performance upgrading and disaster recovery;
⑥ unified authentication-based log management, archiving and analysis and security assurance;
⑦ separation of application and authentication and use of existing authentication infrastructure to ensure security;
⑧ providing unified management of security authentication, authorization, transaction authentication and logging for electronic channel applications;
2. mobile payment security solution and product
The first scheme is as follows: mobile terminal digital certificate security solution
A mobile terminal digital certificate security solution (commonly called a mobile banking soft certificate) enables a mobile phone of a client to be changed into a UKey. When large amount of account transfer operation is carried out, the mobile phone soft certificate is selected in the safety verification mode, the short message verification code and the certificate PIN code (if any) are input, the transaction is completed after the verification is passed through by the bank background authentication platform and the account password is input.
Scheme II: mobile phone audio shield safety solution
The audio U shield is used as a hardware carrier of a digital certificate for identifying identity in a network environment and a mobile phone environment, and is also a device with the highest security level at the client side of the current online bank and the current mobile phone bank. Besides being suitable for a computer, the mobile phone can be connected for use, the daily accumulated transaction amount reaches 500 ten thousand yuan, and the double safety of computer and mobile phone payment is comprehensively guaranteed. Before transaction, the system verifies the digital certificate in the U shield, remittance operation can be continued only after the certificate is verified to be passed, then a password input box is popped up, a confirmation button is clicked after the password is input, the password is correctly input, a U shield signature page is popped up after verification is successful, at the moment, transaction information is displayed on an audio U shield display screen, and a user presses an OK key of the audio U shield after verifying that the transaction information is correct, so that successful transaction of signature is completed.
The third scheme is as follows: security chip + mobile phone shield security solution
As long as the mobile phone with the chip such as kylin 960, 970 and the like is mounted, the mobile phone is provided with a mobile phone shield, for example: huazhi is P9, P10, Mate9, Mate10, etc. The mobile payment of one-stop type without a real object shield medium at a mobile phone end is thoroughly realized. An independent security area for preventing tampering and attack is opened up in the security chip of the mobile phone, and the mobile digital certificate of the client is stored in the independent security area. Although invisible, the 'core' is used to ensure the safety of the transaction. Compared with the U-key with physical media, the method has more outstanding convenience advantages in the aspects of certificate acquisition, transaction security verification and the like. Therefore, the mobile phone shield can enhance the account security authentication level while greatly improving the transaction experience of the client, and meet the large-amount fund transaction requirement of the mobile terminal of the client.
3. Problems and disadvantages to exist
At the security level, mobile digital certificates are very secure, as it is all but one that is not lost; the mobile phone dynamic password, the mobile port token and the like are also very safe, but are easy to peep; the biological identification has the highest safety level, but the biological identification is not comprehensively popularized yet.
Based on the characteristics of the mainstream safety payment product and scheme, the following characteristics can be seen: the main problems and the defects of the existing electronic bank payment safety product and the solution are specifically embodied as follows:
the safety is not very different: both a mobile phone audio shield and a security chip mobile phone shield belong to a physical medium U-key solution, and the overall security depends on external hardware equipment.
The cost advantage is not obvious: the U shield and the mobile phone audio shield need to be purchased separately by a customer at a bank with a high cost, and the special security chip mobile phone shield improves the use threshold of mobile phone users.
Poor convenience and experience: the personal safety information carrier of the client is in the hardware U-key, and the user must carry the equipment separately during transaction, so the use is still inconvenient.
The universality is poor: the U shield is mainly used in the online bank identity authentication and transaction scene; the audio shield is mainly used in a mobile phone payment authentication link, and the product lacks universality in supporting scene application.
Disclosure of Invention
The purpose of the invention is as follows: the specific objective is to provide a new security IC card, system and method with better effect, and see a plurality of substantial technical effects of the specific implementation part.
In order to achieve the purpose, the invention adopts the following technical scheme:
a novel security IC card is characterized in that a user security information application is integrated in a financial IC card, a client PKI digital certificate and a secret key are arranged in the financial IC card, and the financial IC card can be in secure communication with a mobile phone end computer end and perform certificate authentication and data secure communication, so that user identity authentication and transaction authentication are completed;
in the existing financial IC card, a U-key Application (APP) is loaded, and a user interacts with the financial IC card through a mobile banking APP (by utilizing the NFC function of a mobile phone) or a computer-side identity authentication control (by utilizing a card reader) during transaction to complete the functions of customer identity authentication, transaction authentication and the like.
The invention further adopts the technical scheme that an NFC module for data interaction, a security chip, an UKey application module for identity authentication and the like are integrated on the card type body structure; the safety chip comprises a UKey information storage area for storing user identity authentication information, a UKey application algorithm area for identity information encryption and decryption processing and a UKey application execution area for identity information processing.
The invention further has the technical scheme that a new security application (UKey application) is created on the basis of the original financial application and industry application of the financial IC card, and a client personal PKI digital certificate, a key, a PIN password and the like set by a user issued by a bank are stored. The safety application and the debit and credit financial application are stored in one IC card, all the applications are realized in an Applet mode, the applications are independent and do not interfere with each other, the self-defined application flow and safety mechanism are respectively followed in the applications, and the financial IC card has multiple functions in one card in the real sense.
The invention has the further technical scheme that the IC card comprises a radio frequency interface part, a digital circuit part and a memory part.
The invention further adopts the technical scheme that the safety chip of the IC card comprises a financial IC card module which cannot be accessed bidirectionally and an UKey application module, wherein the financial IC card module comprises a financial IC data storage area, a financial IC card execution area and a financial application algorithm area; the financial IC card execution area can call a financial application algorithm area; the UKey application module comprises a UKey application algorithm area, a UKey application execution area and a UKey information storage area; the UKey application execution region can call a UKey application algorithm region, the UKey application execution region is used for verifying digital identity information, and the UKey information storage region can be used for sending a card and writing the digital identity information.
The method for the integrated UKey application of the IC card is characterized in that after the start, the card authentication is to initiate an APDU instruction authentication request and financial IC card bidirectional authentication, and the financial IC card can return an authentication result;
after the card is authenticated, the card enters UKey application Applet registration, an APDU instruction application registration request is initiated, a security chip of the financial IC card registers the Applet and authorizes the Applet, and then a registration result is returned;
after registering the UKey application Applet, entering the UKey application write-in card, initiating an APDU instruction application creation request, creating the Applet by a safety chip of the financial IC card, and returning a creation result;
after the secure chip creates an Applet, a UKey information storage area, an algorithm area and an execution area are established, and a UKey algorithm is injected; and (6) ending.
The invention further adopts the technical scheme that the method also comprises the following design:
the application extension function:
designing the functions of the authentication background:
and (3) functional design of an access layer module:
①, communication access, receiving the transaction request initiated by the acceptance channel, the message format is as follows:
②, analyzing and decrypting the message, and converting the message protocol and data;
③, checking the strategy, calling the interface of the strategy management module to obtain the strategy information to be executed, wherein the strategy information comprises IP strategy, time strategy, etc. if the strategy check is not passed, the response message of the specific error information is returned;
④ checking the access control, checking whether the message initiating object is registered in the identity authentication system and opens the service, if not, ending the process, and returning a specific error information response message to the acceptance channel;
⑤ transaction forwarding, wherein the transaction forwarding is processed by the signing binding processing module;
designing the functions of the security service module:
① checking whether the IC card medium contract is bound, acquiring medium contract binding information, if the record does not exist, ending the process,
returning a specific error information response message to the acceptance channel;
② checking the status of the certificate, obtaining the status and validity of the certificate, if the status of the certificate is abnormal, ending the process, and returning a specific error information response message to the acceptance channel;
③, identity authentication, calling a basic service scheduling module signature verification interface to check the signature, if the signature is not successful, ending the process, and returning a specific error information response message to the acceptance channel;
④ log processing, calling the audit monitoring module to store identity information and compare with the related log information;
⑤ returning information encrypted signature, after signature verification, returning;
background management module function design:
the audit monitoring module is an auxiliary module for facilitating statistical analysis and real-time monitoring; the module can show the contents of IC card authentication request times, media equipment used for authentication, authentication results and the like in real time;
the transaction strategy module mainly embodies the business rules of identity authentication, and the business rules are managed as strategies; the abstract policy types include: channel access strategy, medium strategy, authentication strategy, password strategy and other strategies;
the card management module is used for establishing binding relationship maintenance of a customer and an electronic channel opening bank card authentication mode; through the basic data, whether the client signs a contract or not is judged when the client identity is authenticated;
the log auditing module is mainly used for collecting and analyzing the identity authentication transaction information of the client afterwards.
The identity authentication system based on the financial IC card is characterized in that the whole system is divided into three layers, namely a security medium layer, an acceptance channel layer and an authentication background layer;
the safety medium layer is used as a carrier of user identity safety information, a new safety application is created on the basis of the original financial application and industry application of a financial IC card, a personal PKI digital certificate issued by a bank, a secret key, a PIN password set by a user and the like are stored, and functions of certificate verification, password authentication, transaction signature and the like in a transaction link are provided;
the acceptance channel layer provides service interface calling in two aspects of management and business for the safety medium layer, and simultaneously transfers the identity authentication information, the signature information and the encryption information to an authentication background layer for safety authentication and returns an authentication result to complete the transaction;
the authentication background layer provides uniform identity authentication service for the acceptance channel layer such as mobile phone bank, internet bank and the like, and mainly realizes functions of uniform authentication management, security medium management, signature verification, PIN password verification, uniform monitoring audit and the like.
An identity authentication method based on a financial IC card is characterized by comprising one of the following modes: firstly, the method comprises the following steps: a counter signing process:
the customer goes to a bank outlet to handle the IC card service and submits personal basic data;
the teller performs different handling operations according to the handling service types;
if the client opens an account for the first time and receives the card, the card is required to be immediately manufactured, and the initialization and the application data writing of the card are carried out; writing personalized financial application and industry application data into the IC card;
a teller initiates an instruction through an IC card read-write program, generates a public and private key pair through a built-in security application program of the financial IC card and stores the public and private key pair in the IC card;
the teller initiates an instruction through an IC card read-write program, reads a public key in the IC card, signs a personal PKI digital certificate through an identity authentication system and writes the personal PKI digital certificate into the IC card, and original public key information in the IC card does not need to be reserved; the user inputs the card password, and writes the card password into the IC card by setting the personal PIN (password) of the client;
the teller signs a contract for the customer and opens a bank card authentication mode supported by the customer in an electronic channel;
the client receives the financial IC card and finishes the business transaction;
secondly, the method comprises the following steps: mobile banking authentication process:
a client initiates a bank card authentication request at a mobile phone application end;
selecting a mobile phone application;
selecting a bank card for authentication;
inputting a password, and scanning a code bank card through an NFC function of the mobile phone to verify a PIN;
after the PIN code is verified, the mobile phone application initiates an instruction to call the financial IC card to sign the transaction information of the customer; sending the public key certificate and the signature information to a financial IC card identity authentication system for authentication;
the identity authentication system checks the signing binding relationship of the IC card, and if the IC card is signed, certificate state checking, certificate authentication and signature information signature checking are carried out;
after the identity authentication system verifies the certificate and the signature information, returning an authentication result, and encrypting and signing the returned information;
the client checks the authentication result through the mobile phone application, and the identity authentication is finished;
thirdly, the method comprises the following steps: description of authentication process of internet bank:
a client initiates a bank card authentication request at an online banking client;
selecting an online banking client application;
selecting a bank card for authentication;
inputting a password, reading and writing a bank card through a third-party card reader, and verifying a PIN (personal identification number) code;
after the PIN code is verified, the online banking client initiates an instruction to call the financial IC card to sign the transaction information of the customer;
sending the public key certificate and the signature information to a financial IC card identity authentication system for authentication;
the identity authentication system checks the signing binding relationship of the IC card, and if the IC card is signed, certificate state checking, certificate authentication and signature information signature checking are carried out;
after the identity authentication system verifies the certificate and the signature information, returning an authentication result, and encrypting and signing the returned information;
and the client checks the authentication result through the online banking client application, and the identity authentication is finished.
A new identity authentication method is characterized in that a 'bank card' mode is adopted; when a customer receives a card at a bank counter, a 'bank card' authentication mode is opened, and large-amount account transfer can be realized; the diversified authentication requirements and flexible selection of the client are met;
a universal solution is provided, and payment settlement scenes such as mobile phone banking, internet banking, POS settlement and the like are supported; the operation is more convenient, need not with the help of other peripheral hardware, and a card is in hand, and payment is unblocked, has promoted security, convenience and the practicality that the customer used, brings the brand-new use experience for the customer.
Compared with the prior art, the invention adopting the technical scheme has the following beneficial effects: on the basis of fully borrowing the advantages of mainstream safety payment products and technologies, the invention fully explores the characteristics of small volume, large capacity, high safety, strong reliability, long service life, offline use, non-contact use support and the like of financial IC cards issued by banks, integrates financial application, industry application and safety application into one card, can meet the business scene requirements of one-card multi-application of the financial IC cards, such as payment, transfer, bus subway deduction and the like, can exert the safety and confidentiality of the financial IC cards, and is good for strengthening identity authentication and transaction authentication safety requirements. By integrating user safety information application in the financial IC card and internally arranging a customer personal PKI digital certificate and a secret key, the financial IC card can be in safety communication with a mobile phone end computer end and perform certificate authentication and data safety communication, thereby completing user identity authentication and transaction authentication.
The invention is specially designed for the originality that: the financial IC card changes the traditional safety equipment depending on exclusive use, gives full play to the characteristics of small volume, large capacity, high safety, strong reliability, long service life, off-line use, non-contact use support and the like of the financial IC card, and can complete the services of customer identity authentication, bank card identification, account inquiry, payment, transfer and the like without other equipment means when a customer carries out financial services at a mobile end or a computer end through the customer identity information built in the financial IC card. The security of customer assets is guaranteed with low cost, convenience, high security and excellent user experience, and further the viscosity and loyalty of bank customers are improved. The invention has the following advantages:
the safety and the reliability are guaranteed. The personal security information carrier of the customer is changed into a financial IC card from a hardware U-key, the security effect is the same as that of a hardware U shield, and the transaction security and the account fund security of the customer during the electronic bank transaction are guaranteed; meanwhile, based on a domestic cryptographic algorithm, the security chip algorithm is greatly optimized, and the performance is not inferior to or even superior to that of a hardware U-key serial communication mode;
the authentication method is expanded and diversified. A new identity authentication mode is added in the existing electronic bank client authentication means, such as authentication modes of human faces, mobile phone shields, tokens and the like: a bank card mode; when a customer receives a card at a bank counter, a 'bank card' authentication mode is opened, and large-amount account transfer can be realized; the diversified authentication requirements and flexible selection of the client are met;
is convenient and easy to use. A universal solution is provided, and payment settlement scenes such as mobile phone banking, internet banking, POS settlement and the like are supported; the operation is more convenient, the payment is smooth without other peripheral equipment, one card is in the hand, the safety, convenience and practicability of the use of the client are improved, and brand new use experience is brought to the client;
is economical and practical. When the service is opened, the client does not need to pay any fee; free use, electronic banking procedures have different discounts and benefits (such as transferring money, applying funds, etc.) compared with the counter.
Drawings
To further illustrate the present invention, further description is provided below with reference to the accompanying drawings:
FIG. 1 is a schematic view of an overall system of the present invention;
FIG. 2 is a counter sign-up flow chart;
FIG. 3 is a mobile banking authentication process;
FIG. 4 is a flow of Internet banking authentication;
FIG. 5 is a schematic diagram of a financial IC card according to the present invention;
FIG. 6 is an internal structural diagram of the security chip of the present invention;
FIG. 7 is a UKey application (Applet) design;
FIG. 8 shows the basic principle of the UKey application of IC card integration;
fig. 9 is a schematic flow chart of filling digital identity information into an IC card.
Detailed Description
The present invention will be further illustrated with reference to the accompanying drawings and specific embodiments, which are to be understood as merely illustrative of the invention and not as limiting the scope of the invention.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
The patent provides a plurality of parallel schemes, and different expressions belong to an improved scheme based on a basic scheme or a parallel scheme. Each solution has its own unique features.
The basic principle of the invention is that by utilizing the characteristics of smaller volume, good safety and confidentiality, high reliability and common carrying of a customer of a financial IC card issued by a bank, a U-key Application (APP) is loaded in the existing financial IC card, and the user interacts with the financial IC card through a mobile phone bank APP (by utilizing the NFC function of a mobile phone) or a computer-side identity authentication control (by utilizing a card reader) during transaction to complete the functions of customer identity authentication, transaction authentication and the like. As the supplement and practice of the security authentication means of electronic banks, on one hand, the traditional USBKey depending on proprietary equipment is abandoned, on the other hand, the security advantage of one-card multi-application of the financial IC card is fully exerted, and the purpose of strengthening the security of identity authentication and use in the transaction link of customers is realized.
And constructing an identity authentication system based on the financial IC card based on the overall design model diagram. The whole system is divided into three layers of a safety medium, an acceptance channel and an authentication background.
The safety medium layer is used as a carrier of user identity safety information, a new safety application is created on the basis of the original financial application and industry application of a financial IC card, a personal PKI digital certificate issued by a bank, a secret key, a PIN password set by a user and the like are stored, and functions of certificate verification, password authentication, transaction signature and the like in a transaction link are provided.
The acceptance channel layer provides service interface calling in two aspects of management and business for the safety medium layer, and simultaneously transfers the identity authentication information, the signature information and the encryption information to the authentication background layer for safety authentication, and returns an authentication result to complete the transaction.
The authentication background layer provides uniform identity authentication service for the acceptance channel layer such as mobile phone bank, internet bank and the like, and mainly realizes functions of uniform authentication management, security medium management, signature verification, PIN password verification, uniform monitoring audit and the like.
3. System implementation
3.1 flow design
3.1.1 counter sign-up flow chart
Description of the design of the subscription process:
① customer goes to bank network to handle IC card service and submits personal basic data;
② the teller processes different accepting operations according to the transaction type;
③ if it is the first time of customer to open an account and receive card, the card is required to be made immediately, the initialization and application data writing of the card are carried out;
④ the teller initiates the instruction through the IC card read-write program, and generates the public and private key pair through the built-in security application program of the financial IC card and stores the public and private key pair in the IC card;
⑤ the teller initiates the instruction through the IC card read-write program, reads the public key in the IC card, and issues the individual PKI digital certificate through the identity authentication system, and writes into the IC card, the original public key information in the IC card does not need to be reserved;
⑥ user inputs card password, and writes into IC card by setting personal PIN (password);
⑦ the teller signs the contract for opening the customer to support the bank card authentication mode in the electronic channel;
⑧ the customer gets the financial IC card and the transaction is finished.
3.1.2 authentication flow diagram
Mobile banking authentication process:
① the customer initiates a bank card authentication request at the cell phone application.
Selecting a mobile phone application;
selecting a bank card for authentication;
and inputting a password, and scanning a code bank card through the NFC function of the mobile phone to verify the PIN code.
② after the PIN code is verified, the mobile phone application initiates an instruction to call the financial IC card to sign the customer transaction information, and sends the public key certificate and the signature information to the financial IC card identity authentication system for authentication.
③ the ID authentication system checks the contract binding relationship of IC card, if signed, checks the certificate status, authenticates the certificate and checks the signature information;
④ after the authentication system verifies the certificate and signature information, it returns the authentication result and encrypts and signs the returned information;
⑤ the client checks the authentication result through the mobile phone application, and the authentication is finished.
Online bank authentication process
⑥ A client initiates a bank card authentication request at the client end of the Internet bank.
Selecting an online banking client application;
selecting a bank card for authentication;
and inputting a password, reading and writing the bank card through a third-party card reader, and verifying the PIN code.
⑦ after the PIN code is verified, the client end of the internet bank initiates an instruction to call the financial IC card to sign the transaction information of the client.
And sending the public key certificate and the signature information to a financial IC card identity authentication system for authentication.
⑧ the ID authentication system checks the contract binding relationship of IC card, if signed, checks the certificate status, authenticates the certificate and checks the signature information;
⑨ after the authentication system verifies the certificate and signature information, it returns the authentication result and encrypts and signs the returned information;
⑩ the client checks the authentication result through the internet bank client application, and the identity authentication is finished.
3.2 functional Module design
3.2.1IC card structural design
Following standards and specifications
√ISO/IEC 7816-1/2/3/4
V. China financial Integrated Circuit (IC) card specification version 3.0
Financial industry development Specification
Safety regulation of financial industry
Financial IC card related specification
Application in IC card of the invention
On the basis of the original financial application and industry application of the financial IC card, a new security application (UKey application) is created, and a client personal PKI digital certificate issued by a bank, a key, a PIN password set by a user and the like are stored. The safety application and the debit and credit financial application are stored in one IC card, all the applications are realized in an Applet mode, the applications are independent and do not interfere with each other, the self-defined application flow and safety mechanism are respectively followed in the applications, and the financial IC card has multiple functions in one card in the real sense.
3.2.2IC card integrated UKey application design
UKey application (Applet) design
The UKey application Applet is responsible for receiving and processing an externally initiated APDU instruction, when a terminal sends a command to a card, a process () method of the UKey application Applet is called by a card system running environment JCRE, when the method is executed, the command is judged according to the related bytes of a command header stored in an incoming object, and when the command has input data, a receiving method defined in an APDU class is called to receive the command data, so that complete command data is obtained; if the Applet returns data to the terminal, the Applet fills the APDU communication buffer area array again and calls the sending method defined by the APDU class again, and the card system operating environment JCRE sends the output data to the terminal.
The data structure design of UKey application Applet is as follows:
| TAG | TAG name | TAG domain | TAG value |
| UK11 | Personal public key certificate | Secure application area | |
| UK12 | Personal private key | Secure application area | |
| UK13 | PIN password | Secure application area |
3.2.3 acceptance channel client application extension function design
3.2.4 authentication background functional design
Access layer module functional design
And (5) communication access. Receiving a transaction request initiated by an acceptance channel, wherein the message format is as follows:
and analyzing and decrypting the message. And decrypting the message and converting the message protocol and the data.
And (6) checking the strategy. And calling a policy management module interface to acquire policy information to be executed. The policy information includes an IP policy, a time policy, and the like. And if the strategy check is not passed, returning a specific error information response message.
And (5) access control checking. And checking whether the message initiating object is registered in the identity authentication system and opens the service, if not, ending the flow, and returning a specific error information response message to the acceptance channel.
And (6) forwarding the transaction. The transaction is forwarded to the subscription binding processing module for processing.
Security service module functional design
It is checked whether the IC card medium contract is bound. And acquiring the medium signing binding information, if the record does not exist, ending the process, and returning a specific error information response message to the acceptance channel.
The certificate status is checked. And acquiring the certificate state and validity, if the certificate state is abnormal, ending the process, and returning a specific error information response message to the acceptance channel.
And (5) identity authentication. And calling a signature verification interface of the basic service scheduling module, checking the signature, finishing the process if the signature is not successfully checked, and returning a specific error information response message to the acceptance channel.
And (6) log processing. And calling an audit monitoring module to store identity information and compare the identity information with related log information.
And returning the information encryption signature, finishing signature verification and returning.
Background management module function design
The auditing monitoring module is an auxiliary module for facilitating statistical analysis and real-time monitoring. The module should be able to present the number of IC card authentication requests, the media devices used for authentication, the authentication results, and the like in real time.
The transaction strategy module mainly embodies the service rule of identity authentication, and the service rule is used as a strategy for management. The abstract policy types include: channel access policy, media policy, authentication policy, password policy, and other policies, and the like.
The card management module is used for establishing binding relationship maintenance of a customer and an electronic channel for opening a bank card authentication mode. The basic data is used for judging whether the client signs a contract or not during the identity authentication of the client.
The log auditing module is mainly used for collecting and analyzing the identity authentication transaction information of the client afterwards.
The invention fully explores the characteristics of small volume, large capacity, high safety, strong reliability, long service life, offline use, non-contact use support and the like of financial IC cards issued by banks on the basis of fully borrowing the advantages of mainstream safety payment products and technologies, integrates financial application, industry application and safety application into one card, can meet the business scene requirements of one-card multi-application of the financial IC cards, such as payment, transfer, bus subway deduction and the like, can exert the safety and confidentiality of the financial IC cards, and is suitable for the requirements of strong identity authentication and transaction authentication safety. By integrating user safety information application in the financial IC card and internally arranging a client PKI digital certificate and a secret key, the financial IC card can be in safety communication with a mobile phone end computer end and perform certificate authentication and data safety communication, thereby completing user identity authentication and transaction authentication.
The personal safety information carrier of the client is changed into a financial IC card by hardware U-key, and an NFC module for data interaction, a safety chip, an UKey application module for identity authentication and the like are integrated on the card type body structure; the method is characterized in that: the safety chip comprises a UKey information storage area for storing user identity authentication information, a UKey application algorithm area for identity information encryption and decryption processing and a UKey application execution area for identity information processing.
In the existing electronic bank customer authentication means, a new identity authentication mode is added: a "bank card" mode; when a customer receives a card at a bank counter, a 'bank card' authentication mode is opened, and large-amount account transfer can be realized; the diversified authentication requirements and flexible selection of the client are met;
a universal solution is provided, and payment settlement scenes such as mobile phone banking, internet banking, POS settlement and the like are supported; the operation is more convenient, need not with the help of other peripheral hardware, and a card is in hand, and payment is unblocked, has promoted security, convenience and the practicality that the customer used, brings the brand-new use experience for the customer.
In general, this patent:
the utility model discloses a customer identity authentication system and method based on financial IC card, aiming at providing a novel internet financial payment safety solution from two aspects of guaranteeing the transaction safety of electronic bank and improving the user experience degree, namely realizing the safety payment by the built-in U-key function of the financial IC card issued by the bank, and further constructing a novel identity authentication mechanism based on the financial IC card.
The financial IC card fully utilizes the revolutionary advantage that a financial IC card issued by a bank is multifunctional, has good safety and confidentiality, can quickly consume in a flash mode and the like, can be safely communicated with a mobile phone end computer end through integrating user safety information application in the financial IC card and internally arranging a client PKI digital certificate and a secret key, and can be used for certificate authentication and data safety communication, so that the user identity authentication and transaction authentication are completed.
The unique originality of this patent design lies in: the financial IC card changes the traditional security equipment depending on special, such as USBKey, mobile phone shields and the like, gives full play to the characteristics of small size, large capacity, high safety, strong reliability, long service life, offline use, non-contact use support and the like of the financial IC card, and can complete the services of customer identity authentication, bank card identification, account inquiry, payment, transfer and the like without other equipment means when the customer carries out financial services at a mobile end or a computer end through the customer identity information built in the financial IC card. The security of customer assets is guaranteed with low cost, convenience, high security and excellent user experience, and further the viscosity and loyalty of bank customers are improved.
The method can also be combined with a block chain technology, and solves the problems that the block chain technology lacks a digital certificate mechanism and does not have a good mobile terminal supporting scheme and the like. The invention can satisfy the key technologies of identity authentication, transaction signature and the like in the national strategy of the block chain in the future.
The brisk development of financial payment business faces various security defects and loopholes, various risk cases present high emergence, and certain influences are caused on the capital security of customers, the electronic payment market stability and even the financial security. The invention provides a brand-new identity authentication mode from the aspects of customer identity authentication, transaction safety, fund safety and user experience, innovations are made on safety payment products by strengthening financial technologies, the safety of customer assets is guaranteed with low cost, convenience, high safety and excellent user experience, and the viscosity and loyalty of bank customers are further improved.
The foregoing shows and describes the general principles, essential features, and advantages of the invention. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are intended to illustrate the principles of the invention, but that various changes and modifications may be made without departing from the spirit and scope of the invention, and the invention is to be limited to the embodiments described above.
Claims (10)
1. A novel security IC card is characterized in that a user security information application is integrated in a financial IC card, a client PKI digital certificate and a secret key are arranged in the financial IC card, and the financial IC card can be in secure communication with a mobile phone end computer end and perform certificate authentication and data secure communication, so that user identity authentication and transaction authentication are completed;
in the existing financial IC card, a U-key Application (APP) is loaded, and a user interacts with the financial IC card through a mobile banking APP (by utilizing the NFC function of a mobile phone) or a computer-side identity authentication control (by utilizing a card reader) during transaction to complete the functions of customer identity authentication, transaction authentication and the like.
2. A novel security IC card according to claim 1, wherein an NFC module for data interaction, a security chip, and an UKey application module for identity authentication, etc. are integrated on the card-type body structure; the safety chip comprises a UKey information storage area for storing user identity authentication information, a UKey application algorithm area for identity information encryption and decryption processing and a UKey application execution area for identity information processing.
3. A new security IC card according to claim 1, characterized in that, on the basis of the original financial and industrial applications of the financial IC card, a new security application (UKey application) is created, storing the client's personal PKI digital certificate issued by the bank, the secret key, and the PIN password set by the user; the safety application and the debit and credit financial application are stored in one IC card, all the applications are realized in an Applet mode, the applications are independent and do not interfere with each other, the self-defined application flow and safety mechanism are respectively followed in the applications, and the financial IC card has multiple functions in one card in the real sense.
4. A novel security IC card as claimed in claim 1, wherein said IC card comprises a radio frequency interface portion, a digital circuit portion and a memory portion.
5. A new type of security IC card as claimed in claim 1, wherein the security chip of the IC card comprises a financial IC card module and an UKey application module which are bidirectionally inaccessible, the financial IC card module comprises a financial IC data storage area, a financial IC card execution area, and a financial application algorithm area; the financial IC card execution area can call a financial application algorithm area; the UKey application module comprises a UKey application algorithm area, a UKey application execution area and a UKey information storage area; the UKey application execution region can call a UKey application algorithm region, the UKey application execution region is used for verifying digital identity information, and the UKey information storage region can be used for sending a card and writing the digital identity information.
The method for the integrated UKey application of the IC card is characterized in that after the start, the card authentication is to initiate an APDU instruction authentication request and financial IC card bidirectional authentication, and the financial IC card can return an authentication result;
after the card is authenticated, the card enters UKey application Applet registration, an APDU instruction application registration request is initiated, a security chip of the financial IC card registers the Applet and authorizes the Applet, and then a registration result is returned;
after registering the UKey application Applet, entering the UKey application write-in card, initiating an APDU instruction application creation request, creating the Applet by a safety chip of the financial IC card, and returning a creation result;
after the secure chip creates an Applet, a UKey information storage area, an algorithm area and an execution area are established, and a UKey algorithm is injected; and (6) ending.
7. The method for applying the integrated UKey of the IC card according to claim 6, further comprising the following design:
7.1 application extension:
7.2 design of the authentication background function:
◆ Access stratum Module functional design
Communication access: receiving a transaction request initiated by an acceptance channel, wherein the message format is as follows:
analyzing and decrypting the message; decrypting the message, and converting a message protocol and data;
and (4) policy checking: calling a policy management module interface to acquire policy information to be executed; the strategy information comprises an IP strategy, a time strategy and the like; if the strategy check fails, returning a specific error information response message;
access control checking: checking whether a message initiating object is registered in the identity authentication system and opens a service, if not, ending the process, and returning a specific error information response message to a receiving channel;
and (3) transaction forwarding: the transaction is forwarded to a signing binding processing module for processing;
◆ Security service Module functional design:
checking whether the IC card medium signing is bound: acquiring medium signing binding information, if the record does not exist, ending the process, and returning a specific error information response message to a receiving channel;
checking the certificate status: acquiring the certificate state and validity, if the certificate state is abnormal, ending the process, and returning a specific error information response message to an acceptance channel;
identity authentication: calling a signature verification interface of a basic service scheduling module, checking the signature, finishing the process if the signature is not successfully checked, and returning a specific error information response message to an acceptance channel;
log processing: calling an audit monitoring module to store identity information and compare the identity information with related log information; returning the information encryption signature, and returning after the signature verification is finished;
◆ background management module function design:
an audit monitoring module: the system is an auxiliary module for facilitating statistical analysis and real-time monitoring; the module can show the contents of IC card authentication request times, media equipment used for authentication, authentication results and the like in real time;
a transaction policy module: the method mainly embodies the business rules of identity authentication, and the business rules are managed as strategies; the abstract policy types include: channel access strategy, medium strategy, authentication strategy, password strategy and other strategies;
a card management module: establishing binding relationship maintenance of a customer and an electronic channel opening 'bank card' authentication mode; through the basic data, whether the client signs a contract or not is judged when the client identity is authenticated;
a log audit module: the method is mainly used for collecting and analyzing the identity authentication transaction information of the client afterwards.
8. The identity authentication system based on the financial IC card is characterized in that the whole system is divided into three layers, namely a security medium layer, an acceptance channel layer and an authentication background layer;
the safety medium layer is used as a carrier of user identity safety information, a new safety application is created on the basis of the original financial application and industry application of a financial IC card, a personal PKI digital certificate issued by a bank, a secret key, a PIN password set by a user and the like are stored, and functions of certificate verification, password authentication, transaction signature and the like in a transaction link are provided;
the acceptance channel layer provides service interface calling in two aspects of management and business for the safety medium layer, and simultaneously transfers the identity authentication information, the signature information and the encryption information to an authentication background layer for safety authentication and returns an authentication result to complete the transaction;
the authentication background layer provides uniform identity authentication service for the acceptance channel layer such as mobile phone bank, internet bank and the like, and mainly realizes functions of uniform authentication management, security medium management, signature verification, PIN password verification, uniform monitoring audit and the like.
9. An identity authentication method based on a financial IC card is characterized by comprising one of the following modes:
firstly, the method comprises the following steps: a counter signing process:
the customer goes to a bank outlet to handle the IC card service and submits personal basic data;
the teller performs different handling operations according to the handling service types;
if the client opens an account for the first time and receives the card, the card is required to be immediately manufactured, and the initialization and the application data writing of the card are carried out; writing personalized financial application and industry application data into the IC card;
a teller initiates an instruction through an IC card read-write program, generates a public and private key pair through a built-in security application program of the financial IC card and stores the public and private key pair in the IC card;
the teller initiates an instruction through an IC card read-write program, reads a public key in the IC card, signs a personal PKI digital certificate through an identity authentication system and writes the personal PKI digital certificate into the IC card, and original public key information in the IC card does not need to be reserved; the user inputs the card password, and writes the card password into the IC card by setting the personal PIN (password) of the client;
the teller signs a contract for the customer and opens a bank card authentication mode supported by the customer in an electronic channel;
the client receives the financial IC card and finishes the business transaction;
secondly, the method comprises the following steps: mobile banking authentication process:
a client initiates a bank card authentication request at a mobile phone application end;
selecting a mobile phone application;
selecting a bank card for authentication;
inputting a password, and scanning a code bank card through an NFC function of the mobile phone to verify a PIN;
after the PIN code is verified, the mobile phone application initiates an instruction to call the financial IC card to sign the transaction information of the customer; sending the public key certificate and the signature information to a financial IC card identity authentication system for authentication;
the identity authentication system checks the signing binding relationship of the IC card, and if the IC card is signed, certificate state checking, certificate authentication and signature information signature checking are carried out;
after the identity authentication system verifies the certificate and the signature information, returning an authentication result, and encrypting and signing the returned information;
the client checks the authentication result through the mobile phone application, and the identity authentication is finished;
thirdly, the method comprises the following steps: description of authentication process of internet bank:
a client initiates a bank card authentication request at an online banking client;
selecting an online banking client application;
selecting a bank card for authentication;
inputting a password, reading and writing a bank card through a third-party card reader, and verifying a PIN (personal identification number) code;
after the PIN code is verified, the online banking client initiates an instruction to call the financial IC card to sign the transaction information of the customer;
sending the public key certificate and the signature information to a financial IC card identity authentication system for authentication;
the identity authentication system checks the signing binding relationship of the IC card, and if the IC card is signed, certificate state checking, certificate authentication and signature information signature checking are carried out;
after the identity authentication system verifies the certificate and the signature information, returning an authentication result, and encrypting and signing the returned information;
and the client checks the authentication result through the online banking client application, and the identity authentication is finished.
10. A new identity authentication method is characterized in that a 'bank card' mode is adopted; when a customer receives a card at a bank counter, a 'bank card' authentication mode is opened, and large-amount account transfer can be realized; the diversified authentication requirements and flexible selection of the client are met;
a universal solution is provided, and payment settlement scenes such as mobile phone banking, internet banking, POS settlement and the like are supported; the operation is more convenient, need not with the help of other peripheral hardware, and a card is in hand, and payment is unblocked, has promoted security, convenience and the practicality that the customer used, brings the brand-new use experience for the customer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010289998.7A CN111476574A (en) | 2020-04-14 | 2020-04-14 | Novel security IC card and authentication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010289998.7A CN111476574A (en) | 2020-04-14 | 2020-04-14 | Novel security IC card and authentication system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111476574A true CN111476574A (en) | 2020-07-31 |
Family
ID=71751944
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010289998.7A Pending CN111476574A (en) | 2020-04-14 | 2020-04-14 | Novel security IC card and authentication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111476574A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112785302A (en) * | 2020-12-30 | 2021-05-11 | 成都质数斯达克科技有限公司 | Message statistical method and device, electronic equipment and readable storage medium |
| CN113360885A (en) * | 2021-06-25 | 2021-09-07 | 深圳市雪球科技有限公司 | Access method and device of security chip |
| CN113850588A (en) * | 2021-09-09 | 2021-12-28 | 中金金融认证中心有限公司 | Method for identity authentication based on chip bank card and related product thereof |
| WO2023033808A1 (en) * | 2021-08-31 | 2023-03-09 | Visa International Service Association | Efficient interaction processing using secret |
| CN115941833A (en) * | 2022-11-21 | 2023-04-07 | 深圳市雪球科技有限公司 | Method, system, equipment and storage medium for activating traffic card optimization |
| CN117252232A (en) * | 2023-11-17 | 2023-12-19 | 金邦达有限公司 | Smart card and card body authentication protection method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090198618A1 (en) * | 2008-01-15 | 2009-08-06 | Yuen Wah Eva Chan | Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce |
| CN102710611A (en) * | 2012-05-11 | 2012-10-03 | 福建联迪商用设备有限公司 | Network security authentication method and system |
| CN103413244A (en) * | 2013-07-29 | 2013-11-27 | 北京握奇数据***有限公司 | Mobile security financial terminal and financial transaction method |
| WO2014121603A1 (en) * | 2013-02-06 | 2014-08-14 | 厦门盛华电子科技有限公司 | Mobile phone subscriber identity card based on multichannel digital authentication of mobile payment |
| CN104123645A (en) * | 2014-07-15 | 2014-10-29 | 北京金科联信数据科技有限公司 | Financial security authentication based mobile Internet intelligent payment terminal and payment system |
-
2020
- 2020-04-14 CN CN202010289998.7A patent/CN111476574A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090198618A1 (en) * | 2008-01-15 | 2009-08-06 | Yuen Wah Eva Chan | Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce |
| CN102710611A (en) * | 2012-05-11 | 2012-10-03 | 福建联迪商用设备有限公司 | Network security authentication method and system |
| WO2014121603A1 (en) * | 2013-02-06 | 2014-08-14 | 厦门盛华电子科技有限公司 | Mobile phone subscriber identity card based on multichannel digital authentication of mobile payment |
| US20160110706A1 (en) * | 2013-02-06 | 2016-04-21 | Xiamen Elite Electric Co., Ltd. | Mobile phone subscriber identity card based on multichannel digital authentication of mobile payment |
| CN103413244A (en) * | 2013-07-29 | 2013-11-27 | 北京握奇数据***有限公司 | Mobile security financial terminal and financial transaction method |
| CN104123645A (en) * | 2014-07-15 | 2014-10-29 | 北京金科联信数据科技有限公司 | Financial security authentication based mobile Internet intelligent payment terminal and payment system |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112785302A (en) * | 2020-12-30 | 2021-05-11 | 成都质数斯达克科技有限公司 | Message statistical method and device, electronic equipment and readable storage medium |
| CN113360885A (en) * | 2021-06-25 | 2021-09-07 | 深圳市雪球科技有限公司 | Access method and device of security chip |
| CN113360885B (en) * | 2021-06-25 | 2024-04-19 | 深圳市雪球科技有限公司 | Access method and device of security chip |
| WO2023033808A1 (en) * | 2021-08-31 | 2023-03-09 | Visa International Service Association | Efficient interaction processing using secret |
| CN113850588A (en) * | 2021-09-09 | 2021-12-28 | 中金金融认证中心有限公司 | Method for identity authentication based on chip bank card and related product thereof |
| CN115941833A (en) * | 2022-11-21 | 2023-04-07 | 深圳市雪球科技有限公司 | Method, system, equipment and storage medium for activating traffic card optimization |
| CN117252232A (en) * | 2023-11-17 | 2023-12-19 | 金邦达有限公司 | Smart card and card body authentication protection method |
| CN117252232B (en) * | 2023-11-17 | 2024-06-11 | 金邦达有限公司 | Smart card and card body authentication protection method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2007261082B2 (en) | Portable consumer device verification system | |
| CN111476574A (en) | Novel security IC card and authentication system and method | |
| CN101095162B (en) | System and method for a secure transaction module | |
| JP5608081B2 (en) | Apparatus and method for conducting secure financial transactions | |
| US7991701B2 (en) | Online payer authentication service | |
| AU2001257280B2 (en) | Online payer authentication service | |
| US20120030121A1 (en) | Secure activation before contactless banking smart card transaction | |
| CN202210326U (en) | Personal payment terminal provided with keyboard | |
| CN107230068B (en) | Method and system for paying digital currency using a visual digital currency chip card | |
| US20020194128A1 (en) | System and method for secure reverse payment | |
| US20020184500A1 (en) | System and method for secure entry and authentication of consumer-centric information | |
| JPH11328295A (en) | System for executing financial transaction by using smart card | |
| KR20010025234A (en) | A certification method of credit of a financing card based on fingerprint and a certification system thereof | |
| AU2001257280A1 (en) | Online payer authentication service | |
| CN110555683A (en) | Virtual currency and legal currency service integration platform | |
| US20020095580A1 (en) | Secure transactions using cryptographic processes | |
| CN106330888B (en) | The method and device of payment safety in a kind of guarantee the Internet line | |
| WO2023241381A1 (en) | Cross-border payment method and apparatus, and device | |
| US20020073315A1 (en) | Placing a cryptogram on the magnetic stripe of a personal transaction card | |
| TW200917140A (en) | A wireless communication transaction system and method using a wireless card reader | |
| TWI464699B (en) | And a payment system and a method for trading with an ID card containing an IC card | |
| KR20020061084A (en) | System and Method of Settlement Using Wireless Telephone | |
| KR101158441B1 (en) | Wireless issue system and security processing method using the same | |
| KR20090073063A (en) | System for non-face banking process using affiliated ic card | |
| KR20090002006A (en) | Method and system for non-face banking process using affiliated ic card and program recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200731 |
|
| WD01 | Invention patent application deemed withdrawn after publication |