WO2016188401A1 - Apparatus, method and system for hiding user identifier data - Google Patents

Apparatus, method and system for hiding user identifier data Download PDF

Info

Publication number
WO2016188401A1
WO2016188401A1 PCT/CN2016/083130 CN2016083130W WO2016188401A1 WO 2016188401 A1 WO2016188401 A1 WO 2016188401A1 CN 2016083130 W CN2016083130 W CN 2016083130W WO 2016188401 A1 WO2016188401 A1 WO 2016188401A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
user
identification
random number
security
Prior art date
Application number
PCT/CN2016/083130
Other languages
French (fr)
Chinese (zh)
Inventor
邵通
Original Assignee
邵通
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 邵通 filed Critical 邵通
Priority to CN201680029857.3A priority Critical patent/CN107615797B/en
Publication of WO2016188401A1 publication Critical patent/WO2016188401A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/033Protecting confidentiality, e.g. by encryption of the user plane, e.g. user's traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • H04W12/037Protecting confidentiality, e.g. by encryption of the control plane, e.g. signalling traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/80Arrangements enabling lawful interception [LI]

Definitions

  • the invention belongs to the field of information security.
  • the present invention relates to an apparatus, method and system for hiding identification data using a one-way function.
  • it relates to an apparatus, method and system for protecting user identification data by using a one-way function to hide user identification data.
  • the website verifies that the username and the corresponding PIN code are correct, and confirms the validity of the user login.
  • the bank's POS payment corresponding to the website login, the user name is equivalent to the bank payment account (PAN), the role of the PIN code is the same; but there are two factors on the surface: the collection account and the transaction amount.
  • the receiving account is actually equivalent to the address of the client computer or the address of a program on the client computer when the user logs in; that is, the address of the POS machine or its unique identifier determines the receiving account in the acquiring system. So in essence, the difference between website login and bank payment is just one more factor: the amount.
  • payment account PIN code
  • current POS current POS (receipt account) and amount.
  • the essence of the payment account and user name is that the server is used to find the corresponding user data item in the user database and the corresponding identity authentication means.
  • identity authentication data matches the identity authentication means and data required by the payment account (user name)
  • the PIN code is: identity authentication data.
  • the identification data matches the authentication data
  • the bank or website performs the corresponding work.
  • other authentication protocols even zero-knowledge authentication protocols, can be used.
  • the essence of the identity authentication protocol is how to form and transmit identity authentication data for the purpose of identity verification. In some banking applications, as long as you provide an accurate bank account without the need to provide a PIN (identity authentication data), you can make appropriate payments, such as fast payment and various consumer cards.
  • APPLE's promoted APPLE_PAY provides a relatively secure solution for protecting PAN by replacing the primary account (PAN, payment account and username) with a token (multiple use) to protect the primary account (PAN).
  • PAN primary account
  • PAN payment account
  • username primary account
  • token multiple use
  • the token can be replaced without replacing the primary account.
  • tokens are also relatively insecure and can be stolen and used. If the protection of the token can be realized, the security of the payment can be greatly enhanced. In fact, for each transaction, the token can actually be seen as a PAN.
  • H represents a hash function or other one-way function for making an encrypted identifier for the data.
  • PAN user name
  • PAN user device hidden input username
  • PAN input payment account
  • the essence of the invention is to use the cryptographic function to generate the identification retrieval data and the identification authentication data according to the user identification data and the random number to form a hidden token. Hide hidden user IDs with hidden tokens.
  • the essence is to use the user identification data (and other data) shared by the security device and the user device as the already assigned key. This makes the system do not require key distribution.
  • PKI technology can also be used to hide user identification data, so that there is no need to assign a key, but it is still necessary to authenticate the public key (PKI is a complex system), otherwise it is vulnerable to "phishing attacks.”
  • a system for hiding user identification data includes: a user device that generates a hidden token that hides user identification data; a device that obtains a hidden token and other data from a user device; The hidden token confirms the identification data; the user device is connected to the using device, and the using device is connected to the security device; the user device calculates the identifier retrieval data by using a one-way function according to the user identification data; the user device uses the cryptographic function according to the random number and the identification data.
  • the identification authentication data is calculated; the identification retrieval data and the identification authentication data form a hidden token, which is transmitted to the security device; the security device retrieves the data according to the identifier of the hidden token, finds the relevant user identification data item, and according to the random number and the hidden token Identify the authentication data and confirm the identification data.
  • the random number in the user device may be time data, or usage count data, or temporarily generated random number, or geographical location information, or identity authentication data, or received random number and combinations thereof.
  • the security device may be a website
  • the usage device may be a terminal such as a computer or a mobile phone
  • the user device may be an application that needs to log in to the website, such as a browser or a mail client.
  • an apparatus for concealing user identification data includes: a one-way function computing device, a random number device, an identification data storage device, a communication device; and a device that hides user identification data is connected to the communication device
  • the other device obtains the user identifier from the identifier data storage device after receiving the request to provide the hidden token command, and uses the one-way function to calculate the identifier search data; obtains the random number from the random number device, and the user device uses the random number and the identifier data.
  • the cryptographic function calculates the identification authentication data; identifies the retrieval data and identifies the authentication data to form a hidden token, and transmits the result to the connected device through the communication device.
  • the random number device may be a device that generates time, or may be a device that stores the number of uses, or may be a true random number generating device, or a geographical location information device, or an identity authentication data device, or a random received by the communication device. Number and combination.
  • the security device may be a website
  • the usage device may be a terminal such as a computer or a mobile phone
  • the user device may be an application that needs to log in to the website, such as a browser or a mail client.
  • a method for hiding user identification data comprising: (Step A) the user device calculates the identification search data using a one-way function according to the user identification data; (Step B) the user device according to the random number And identifying data, using the cryptographic function to calculate the identification authentication data; (step C) identifying the retrieval data and identifying the authentication data to form a hidden token, transmitting to the security device; (step D) the security device retrieving the data according to the identifier of the hidden token, finding The related user identifies the data item, and confirms the identification data according to the identification data of the random number and the hidden token.
  • the data identifying the retrieval data is generated in (Step A), and further includes other data such as identity authentication data.
  • the random number in step B may be time data, or usage time data, or a temporarily generated random number, or Geographic location information, or identity authentication data, or received random numbers and combinations of the above.
  • step C also has the step of using the device to transmit the payment account and the amount to the security device.
  • step D there is a step of the security device converting the user identification data as a primary account (PAN).
  • PAN primary account
  • step B it is also possible (step B) to further generate a symmetric encryption key using the user identification data for encrypting the generated identification authentication data or (and) the identity authentication data.
  • the security device may be a website
  • the usage device may be a terminal such as a computer or a mobile phone
  • the user device may be an application that needs to log in to the website, such as a browser or a mail client.
  • FIG. 1 is a schematic diagram showing a method and system for hiding user identification data in a preferred embodiment 1;
  • FIG. 2 is a schematic diagram showing a method and system for hiding user identification data in the preferred embodiment 2;
  • FIG. 3 is a schematic diagram of an apparatus for hiding user identification data in a preferred embodiment 3;
  • FIG. 4 is a schematic diagram showing a method and system for hiding user identification data in preferred embodiments 4, 5, and 6.
  • F for the payment account (identification data, user name, etc.)
  • T for the payment account F token (alternative data)
  • H for the one-way function
  • S for the collection account
  • M represents the amount
  • PIN represents the personal identification number (identity authentication data)
  • DES represents the symmetric encryption algorithm.
  • the method and system associated with hiding user identification data in this embodiment are as shown in FIG. 1.
  • the system consists of a security device 1, a usage device 3, a network 2, a bank acquirer 5, and a user device 4.
  • User device 4 may also include fingerprint device 41.
  • the security device 1 is connected to the user device 3 via the network 2; the security device 1 is connected to the bank acquiring institution 5 (may also be connected via the network 2); the user device 4 is connected to the user device 3.
  • the usage device 3 comprises: a collection account S; the user device 4 comprises: a token T of the payment account F, a one-way function H; the security device 1 comprises: a user table (F, T, H(T)) and a one-way function H , where F is the payment account (PAN), the token T of the payment account F, and H(T).
  • the steps for establishing the user table and user device token are:
  • the security device enter the payment account F, the security device generates a token T, and transmits the input to the user device 4;
  • the security device 1 establishes user entries of F and T: (F, T, H(T)).
  • the steps for landing payment are:
  • the user device 4 has a random number R and user identification data T, the calculation (H (T), H (T
  • the usage device 3 has a payment account S, obtains the payment amount M, and obtains (H(T), H(T
  • the security device 1 receives (H(T), H(T
  • R) H(T
  • R), it means T1 T;
  • the safety device 1 obtains (M, S, according to (H(T), H(T
  • R), R, M, S), the user table (F, T1, H(T)), and T1 T. F); safety device 1 sending payment data (M, S, F) to the bank acquirer 1;
  • the bank acquirer 5 pays and returns the payment completion information to the security device 1, and then to the use device 3; otherwise, returns the payment error message to the security device 1, and returns to the use device 3 via the network 2.
  • the random number R in step 1 can be generated by the security device 1, transmitted to the use device 3, and then transmitted to the user device 4, which can prevent replay attacks. It is also possible for the user device to generate a time-based (number of times) number, such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the user device 4. R may also contain geographic location information using the device 3.
  • the embodiment is actually the current security improvement method of APPLEPAY.
  • APPLEAY if the device identification data T is stolen using the device 2, the attack can be implemented by forging T. T can be regarded as identification data, but the identification data also needs to be converted to correspond to the real payment identification data (PAN).
  • PAN real payment identification data
  • the user device is used to hide the data input of the payment account identifier or the token, thereby realizing the hiding of the payment account identification data.
  • the payment account identification data can also be regarded as user identification data.
  • the user device in this embodiment may be a contactless IC card, or a contact type IC card, or a mobile phone, or a mobile phone HCE; the communication method may be other connections capable of transmitting information between the user device and the device. Ways such as sound waves, Bluetooth, etc.
  • the PIN code can also be input on the using device for identity authentication.
  • authentication data e.g, two-channel authentication
  • protocols e.g., two-channel authentication
  • the number K can also be an external input from the user device during the interaction, or even a PIN code (identity authentication data).
  • K can be input on the mobile phone and transmitted to the user device; if the hidden token can only be generated from the user device to the use device, but cannot be transmitted back to the mobile phone operating system, the security is safe. More sexual.
  • the embodiment protects the user identification data T, and there is no key distribution process. At the same time, it can achieve the purpose of protection in the process of information exchange. Essentially, the process by which the security device 1 issues the token T is the process of key distribution.
  • the Chinese standard HASH function (SM3) is 256 bits, which is 32 bytes. We can use 64 bits (or 8 bytes) to represent H(T), and another 6 bytes in H(T
  • H(T) The role of H(T) is for the security device 1 to find the data item corresponding to T, so it is called the identifier retrieval data, and H(T
  • the function is to confirm the consistency of the user identification data T in the security device with the T in the user device, so it is called identification authentication data.
  • the identification retrieval data and the identification authentication data constitute a hidden token. If the random number R is generated by the user device, it is apparent that R must be transmitted to the security device for identity authentication; at this time the hidden token also includes the random number R.
  • the random number R may be time data, or usage count data, or temporarily generated random numbers, geographical location information, or received random numbers and combinations thereof.
  • the geographical location information can be used to judge the rationality of the payment according to the user's customary data; further, if the POS also has geographical location information, and is sent to the user device in the form of a challenge number. Then, the security device can determine whether the payment is physically close according to the location information of the using device (POS) and the location information of the user device, determine whether the payment is offline, and whether the device is used for transfer.
  • generating the identification retrieval data and identifying the authentication data are both using a one-way function.
  • a symmetric encryption algorithm DES
  • a symmetric cryptographic algorithm can also be called a cryptographic function, of course, a one-way function. It can also be called a cryptographic function.
  • step of landing payment in embodiment 1 is changed to:
  • the use device 3 has a payment account S, and the payment amount M is obtained and transmitted to the user device 4.
  • the user device 4 has a random number R and a user identification data T, and calculates (H(T), H(T
  • Device 3 transmitted to the security device 1 through the network 2;
  • the safety device 1 receives (H(T), H(T
  • S) H(T
  • S), indicating T1 T;
  • the safety device 1 is based on (H(T), H(T
  • S), R, M, S), user table (F, T1, H(T)) and T1 T, Obtaining (M, S, F); the security device 1 sends payment data (M, S, F) to the bank acquirer 1;
  • the bank acquirer 5 pays and returns the payment completion information to the security device 1, and then to the use device 3; otherwise, returns the payment error message to the security device 1, and returns to the use device 3 via the network 2.
  • symbol in the embodiment indicates that the before and after data are concatenated into one data, that is, a string concatenation.
  • FIG. 2 A second embodiment of the present invention is shown in Fig. 2, which adds an association server 7 for associating identity authentication data with identification data (payment accounts). Transmitting the transaction data with the use device and the security device, the identity authentication data (eg, PIN code) is separately transmitted by the confirmation device and the associated server and the security device, and then the data received by the security device combination constitutes the complete payment data for payment.
  • identity authentication data eg, PIN code
  • a method and system for hiding user identification data is composed of a security device 1, a confirmation device 4, a usage device 3, an association server 7, a network 2, a bank acquirer 6, and a user device 5.
  • the security device 1 is connected to the user device 3 via the network 2; the security device 1 is connected to the association server 7 via the network 2, and the association server 7 is connected to the confirmation device 4 via the network 2; the security device 1 is connected to the bank acquirer 1 (may also Connected via network 2).
  • the user device 5 is connected to the user device 3.
  • the usage device 3 comprises: a payment account S; the user device 5 comprises: a one-way function H, an RSA security public key , a payment account F; the confirmation device 4 comprises: associated data P corresponding to the payment account F; the security device 1 comprises: a single To function H, user table (F, H(F)), fixed number WR, RSA secure private key ; association server 7 includes: user table (H(F
  • the RSA Secure Public Key and the RSA Secure Private Key are a pair of public and private keys.
  • the user device 5 generates a random number K, has a payment account F, and calculates an RSA security public key (F, K);
  • the security device 1 calculates the RSA security private key (RSA security public key (F, K)), obtains F, and establishes a user entry (F, H(F));
  • the security device 1 has a fixed number WR, calculates H(F
  • the user inputs the confirmation device 4 according to the P displayed by the device 3;
  • an entry of the association relationship between the payment account F and the confirmation device 4 is established, and includes two elements (H(F
  • the confirmation device 4 has a P corresponding to the payment account F.
  • the purpose of the association process is to first establish a password association entry (H(F
  • the RSA security public key and the RSA security private key here are a pair of public and private keys, which are only used to establish these entries in this embodiment.
  • the steps to pay are:
  • the user device 5 has a random number R, payment account F, calculation (H (F), H (F
  • the usage device 3 has a payment account S, obtains the payment amount M, and obtains from the user device 5 (H(F), H(F
  • the safety device 1 receives (H(F), H(F
  • R) H(F
  • R), it means F1 F; get (M,S,F);
  • the security device 1 has a fixed number of WR, calculate H (F
  • the confirmation device 4 enters the PIN, and transmits (PIN, P) through the network 2 to the associated server 7;
  • the association server 7 obtains (H(F
  • the security device 1 obtains (M, S, F) matching the PIN according to (H(F
  • the bank acquirer 6 pays and returns the payment completion information to the security device 1, and then to the use device 3; otherwise returns a payment error message to the security device 1, and then the information is returned to the use device 3 via the network 2 or (and ) Confirmation device 4.
  • WR) does not seem to be necessary.
  • the advantage of such processing is that the associated server cannot obtain a "real" F, thus ensuring the security of F in the security device 1, where WR is the number of security devices 1 that are kept secret.
  • the owner of the associated server 7 cannot guess F by modifying F and calculating H(F); more preferably, the security device 1 selects its own unique hash function H. If the confirmation device 4 adopts a more secure cryptosystem such as the H (pin) protection pin method, the association server 7 cannot actually obtain any meaningful data during the processing. This will solve security problems without creating other security issues.
  • the one-way function H of the hidden payment account F and the one-way function H for protecting the account in the associated server can be one. To, can also be inconsistent.
  • the token T can also be used instead of the payment account F to perform the payment process, and of course one more token-to-payment account conversion.
  • the P of the embodiment is data for association, but only the P related to the payment account F in the security device 1 is required to be consistent with the P in the confirmation device 4, that is, P may be a string of data having no other meaning, and is only used for The association of the two parts of data; the confirmation device 4 can hide its own network address transmission (PIN, P) to the security device 1.
  • Embodiment 2 implements a system and method for separately transmitting the hidden payment account F and the dual amount of the amount M and the PIN code to the security device 1, preventing the possibility that the payment account F is intercepted by the criminals, and improving the security of the system.
  • the user device is used to hide the input of the payment account, so that the trouble of inputting the payment account by the manual keyboard is eliminated, and the payment account is also hidden.
  • the payment account here is the user identification data.
  • the login payment process the acquisition and transfer of the amount is removed, which is the login process.
  • the random number R of the user device in the login payment process may be the time of the user device or the data obtained from the using device, or may be the number of challenges generated by the security device 1 by using the device 3, and these technologies may refer to existing dynamics. Passwords guarantee a variety of technologies. The purpose is to make the hidden (H(F), H(F
  • the user device of this embodiment may be a contactless IC card, a contact type IC card, or other connection means capable of transmitting information between the user device and the use device, such as sound waves, Bluetooth, or the like.
  • the security of this embodiment is that the bank card PIN code is entered on the user's own mobile phone (confirmation device) instead of being entered on the use device, and the payment account F is also hidden input. It is apparent that the PIN that the confirmation device 4 transmits to the security device 1 can employ cryptographic techniques. If the verification device 4 executes the RSA security public key (PIN, P), the security device 1 executes the RSA security private key (RSA security public key (PIN, P)), the RSA security private key is not disclosed and is controlled by the security device 1 itself, RSA The secure public key and the RSA secure private key are a pair of public and private keys.
  • the security risk is substantially the same as the loss of the ordinary bank card. It is of course also possible to use a symmetric cryptosystem, which involves a protocol for key distribution. In short, the cryptographic protocol here is to ensure the data security of the transmission process. Of course, it is also possible not to use the identity authentication data such as PIN, but other identity authentication protocols, such as a zero-knowledge identity authentication protocol; then the data transmitted from the confirmation device to the security device is the data that the identity authentication protocol requires to transmit.
  • the associated data P can also be generated by the security device 1 and transmitted to the user device 3 to display the random code P.
  • the confirmation device 4 inputs the random code P in addition to the PIN, so that the transaction data association can also be realized.
  • the advantage is that the security device 1 does not need to store the correspondence between the payment account F and the associated data P.
  • the random code P can also be generated and displayed by the confirmation device 4, input on the use device 3, and transmitted to the security device 1 for association. These display and input steps can also be changed to other near-field data transmission technologies such as two-dimensional code, sound wave, and NFC.
  • the purpose is to have the security device 1 and the validation device 4 have a data P for association.
  • the associated data P is a network address
  • the information can also be included in the address at which the PIN is sent to the secure device 1, so that the PIN can also be encrypted separately without the need to encrypt (PIN, P). Since P is a network address, there is also a step in which the security device 1 transmits the transaction data to the confirmation device 4. This makes it easy for the user to confirm the correctness of the transaction data.
  • data such as M, S, etc. can also be added to the calculation of the identification authentication data for improving security.
  • a third embodiment of the present invention is an embodiment in which the user device 1 is used to implement the hidden output of the payment account F.
  • the apparatus associated with the apparatus for hiding user identification data in this embodiment is as shown in FIG.
  • the device is composed of a one-way function device 11, a random number device 12, a user identification data storage device 13, and a communication device 14.
  • the user identification F is obtained from the user identification data storage device 13
  • the random number R is obtained from the random number device, and is provided to the one-way function device for calculation. (H(F), H(F
  • This embodiment uses the user device 1 to hide the output of the payment account, thereby realizing the hiding of the payment account.
  • the payment account here is the user identification data.
  • the random number R produced by the random number device 12 is such that (H(F), H(F
  • the geographical location information of the user device 1 can also be added, so that it is also necessary to increase the device for obtaining the geographical location on the user device 1.
  • the user device and the confirmation device may be in one physical device, such as a cell phone, watch, PDA, or other device. Logically two devices.
  • the user In the prior art, the user generally declares a username (PAN) and then submits corresponding identity authentication data. For the server, the user first searches for the corresponding data item information in the customer database by using the user name (PAN), and then uses the received identity authentication data and the identity authentication data in the data item to perform identity authentication.
  • PAN user name
  • the user name (PAN) held by the server and the user name (PAN) held by the client itself can be used as a secret.
  • the user name (PAN) can be regarded as the key with the traditional technology authentication on both sides of the same, that is, there are many traditional authentication servers and customers to master the same user name (PAN) authentication technology.
  • this hidden user name (PAN) technology is not limited to any particular website. As long as the website name is entered into the calculation of the one-way function, the hidden input of the user name (PAN) of multiple websites can be realized, provided that the authenticated website has a user name (PAN) consistent with the customer.
  • R) identifies authentication data and may also incorporate other data such as an amount and the like.
  • the method and system associated with hiding user identification data in this embodiment are as shown in FIG. 4 .
  • the system consists of a security device 1, a device 3 and a network 2.
  • the user device 31 is used in the use device 3.
  • the security device 1 and the user device 3 are connected via a network 2.
  • the user device 31 includes: F, a PIN, and a one-way function H; the security device 1 includes a user table (F, H(F), PIN) and a one-way function H. Where F is the primary account (PAN).
  • the user table establishment procedure of the security device 1 is:
  • the security device 1 establishes a user entry: (F, H(F), PIN).
  • the steps to log in are:
  • the user device 31 has a random number R, get F and PIN, calculate (H (F), H (F
  • the security device 1 receives (H(F), H(F
  • PIN1) H(F
  • the random number R in step 1 can be generated by the security device 1, transmitted to the use device 3, and then transmitted to the user device 31, thus preventing replay attacks. It is also possible for the user device to generate a time-based number, such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the user device 31. The random number R may also contain geographic location information using the device 3.
  • the user name and password are input on the device, and the hiding of the user name identification data is realized by the calculation of the one-way function.
  • H(F) is for the security device 1 to find the data item corresponding to F, so it is called the identifier retrieval data
  • PIN) is to confirm the user identification data in the security device.
  • F which is consistent with F in the user device, is called identification authentication data, and he also authenticates the correctness of the PIN.
  • the identification retrieval data and the identification authentication data constitute a hidden token. If the random number R is generated by the user device, it is apparent that R must be transmitted to the security device for identity authentication; at this time the hidden token also includes the random number R.
  • both the security device and the user device may have the same TONKEN and PAN, and both can be used to generate the identification retrieval data and the identification authentication data. That is to say, the data shared by the security device and the user device can be regarded as an identifier to realize a hidden statement of the logo.
  • the essence of this embodiment is the current website registration login process.
  • the website has an attack on a phishing website. Since the device is used to log in to the security device, if there is no key to share the public and secret data, the username and password can only be transmitted to the security device in plaintext. In this way, when the device is mistakenly entered into the phishing website, its username and password are transmitted to the phishing website.
  • One way to deal with phishing websites now is that the user devices are distributed to the using devices by secure devices, so that they can be considered to have key negotiation and then encrypt the interactive data.
  • the second is to sign the login interface of the security device, and use the user device to perform signature authentication to prevent phishing websites.
  • the first solution is essentially the distribution of user devices on every website. Then the security guarantee of the distribution process is a big problem.
  • the essence of the second solution is the correctness of the authentication signature, and it is a set of PKI. It is impossible to distinguish the legality from the website without signature. At the same time, PKI signatures are operated in many markets, and mutual authentication is also a difficult task.
  • the fourth embodiment it is shown that as long as everyone follows the same standard data format and uses the same one-way function, unified login can be achieved.
  • the device used can be a computer used by the user, and the browser can be viewed as a user device.
  • This is the method, device and system of the browser's anti-phishing website. Because when we enter the phishing website, the phishing website can get (H(F), H(F
  • PIN1) H(F
  • the security device may be a website
  • the usage device may be a terminal such as a computer or a mobile phone
  • the user device may be an application that needs to log in to the website, such as a browser or a mail client.
  • the method and system associated with hiding user identification data in this embodiment are as shown in FIG. 4 .
  • the system consists of a security device 1, a device 3 and a network 2.
  • the user device 31 is used in the use device 3.
  • the security device 1 and the user device 3 are connected via a network 2.
  • User device 31 includes: F, PIN, one-way function H, and symmetric cryptographic algorithm DES.
  • the security device 1 includes: a user table (F, H0(F), H(PIN
  • H0(F) represents the first half of H(F) (such as the first 128 bits of SM3)
  • H1(F) represents the last half of H(F) (such as the last 128 bits of SM3).
  • the user table establishment procedure of the security device 1 is:
  • the security device 1 establishes a user entry: (F, H0(F), H(PIN
  • the steps to log in are:
  • the user device 31 has a random number R, obtains F and PIN, and calculates (H0(F), DES H1(F) (F ⁇ R ⁇ PIN), R), and transmits it to the security device 1 through the use device;
  • the security device 1 receives (H0(F), DES H1(F) (F ⁇ R ⁇ PIN), R), according to H0(F), finds the user table to get (F1, H0(F), H(PIN1)
  • SZ) H(PIN
  • the random number R in step 1 can be generated by the security device 1, transmitted to the use device 3, and then transmitted to the user device 31, thus preventing replay attacks. It is also possible for the user device to generate a time-based number, such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the user device 31. The random number R may also contain geographic location information using the device 3.
  • the first half of H(F) is used to identify the data
  • the second half is the key of DES. Obviously it is impossible to get the second half from the first half. But when there is F, it is easy to get these two parts.
  • the core of using a symmetric encryption algorithm is how to obtain the key for encryption and decryption.
  • the core of this patent application is that no key distribution work is performed. Therefore, it can only be realized by using the user names F, PIN and R shared by the security device and the user device.
  • the example uses H1(F), the latter half of H(F). In fact, it can also be implemented using a part of H(F
  • the security device protects the PIN and uses salt to prevent attacks; the different security devices have different salt values and are not disclosed to the user device. So you can't use the PIN data to generate the key, then the following website (security device) is used to protect the user PIN with salt.
  • the security device may be a website
  • the usage device may be a terminal such as a computer or a mobile phone
  • the user device may be an application that needs to log in to the website, such as a browser or a mail client.
  • the method and system associated with hiding user identification data in this embodiment are as shown in FIG. 4 .
  • the system consists of a security device 1, a device 3 and a network 2.
  • the user device 31 is used in the use device 3.
  • the security device 1 and the user device 3 are connected via a network 2.
  • User device 31 includes: F, PIN, one-way function H, and symmetric cryptographic algorithm DES.
  • the security device 1 includes: a user table (F, H0 (F
  • H0(F) represents the first half of H(F) (such as the first 128 bits of SM3)
  • H1(F) represents the last half of H(F) (such as the last 128 bits of SM3).
  • the user table establishment procedure of the security device 1 is:
  • the security device 1 establishes a user entry: (F, H0(F
  • the steps to log in are:
  • the user device 31 has a random number R, obtains F and PIN, calculates (H0(F
  • the security device 1 receives (H0(F
  • SZ)); with R, assuming F1 F, then DES H1(F) (DES H1(F) (F
  • SZ) H(PIN1
  • the random number R in step 1 can be generated by the security device 1, transmitted to the use device 3, and then transmitted to the user device 31, thus preventing replay attacks. It is also possible for the user device to generate a time-based number, such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the user device 31. The random number R may also contain geographic location information using the device 3.
  • the first half of H(F) is used to identify the data
  • the second half is the key of DES. Obviously it is impossible to get the second half from the first half. But when there is F, it is easy to get these two parts. In fact, it is also possible to use a part of H(F
  • the identification retrieval data may not be all data generated by a one-way function. It is also possible to use part of it as an identifier to retrieve data. Which part is used as long as the security device is identical to the user device. It can also be seen from the embodiment that the symmetrically encrypted key can also be constructed with the part identifying the result of the data one-way function to ensure that the security device can securely transmit the identity authentication data (such as PIN) when there is a corresponding user name.
  • identity authentication data such as PIN
  • This embodiment also describes an embodiment in which identity authentication data and identification data are used to collectively generate identification search data.
  • Embodiment 4, 5 or 6 is actually a method of preventing a phishing website from preventing the user's username and password from being obtained by means of phishing.
  • the security device may be a website
  • the usage device may be a terminal such as a computer or a mobile phone
  • the user device may be an application that needs to log in to the website, such as a browser or a mail client.
  • the security device can be directly connected to the bank, or can be connected to the bank acquiring institution through a network, and even the security device is a bank acquiring institution or a bank.
  • password technology should be added to ensure the security of information from security devices to bank acquirers.
  • the data transfer between the devices is not described in the description.
  • the encryption technology and key distribution of the two device communication, the symmetric cryptosystem and the public cryptosystem are all well-known technologies. These embodiments can use these techniques to implement encryption of communications. For the convenience of description, it is not specifically described.
  • Embodiment 2 we use the PIN code input on the confirmation device to indicate the input of the authentication data. But in fact, because the confirmation device is mostly a handheld communication device, it has a strong computing power. Therefore, it is possible to adopt stronger identity authentication protocols and data, such as a zero-knowledge identity authentication protocol.
  • the confirmation device transmits the data required for identity authentication through the connection with the security device or the associated server for association with the payment account, and then collectively constitutes payment data or generates payment data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention is to provide an apparatus, method and system for hiding user identifier data, which can be used in the fields such as login to a network server, login to a game, banking payment and anti-phishing networks. When a computer terminal is used, a payment account (user name) can be hidden by using a token hiding technology. The method can be used in network payment, and the problem of user identifier protection in banking, game and other services can be solved simply and securely by combining with a good password protocol. In combination with dual-path identity authentication technology, the method for secure and quick identity authentication and payment can be implemented.

Description

一种隐藏用户标识数据的装置、方法和***Device, method and system for hiding user identification data 技术领域Technical field
本发明属于信息安全领域。本发明涉及的是一种使用单向函数隐藏标识数据的装置、方法和***。具体地说,涉及一种利用单向函数保护用户标识数据,隐藏用户标识数据的装置、方法和***。The invention belongs to the field of information security. The present invention relates to an apparatus, method and system for hiding identification data using a one-way function. In particular, it relates to an apparatus, method and system for protecting user identification data by using a one-way function to hide user identification data.
背景技术Background technique
普通的网站登录,一般是用户输入用户名。网站验证该用户名及对应的PIN码正确,就确认该用户登录的有效性。而银行的POS支付,对应于网站登录而言,用户名相当于银行付款账号(PAN),PIN码的作用也是一样;但是表面上多了两个因素:收款账户及交易金额。收款账户其实相当于用户登录时,客户计算机地址或客户计算机上某个程序的地址;即POS机的地址或其唯一标识,决定了其在收单***中的收款账户。所以从本质上看,网站登录与银行支付的区别就只是多了一个因素:金额。Ordinary website login, usually the user enters the username. The website verifies that the username and the corresponding PIN code are correct, and confirms the validity of the user login. The bank's POS payment, corresponding to the website login, the user name is equivalent to the bank payment account (PAN), the role of the PIN code is the same; but there are two factors on the surface: the collection account and the transaction amount. The receiving account is actually equivalent to the address of the client computer or the address of a program on the client computer when the user logs in; that is, the address of the POS machine or its unique identifier determines the receiving account in the acquiring system. So in essence, the difference between website login and bank payment is just one more factor: the amount.
网站登录的要素:用户名、PIN码及当前使用的计算机;The elements of the website login: user name, PIN code and the computer currently in use;
支付的要素:付款账户、PIN码、当前使用的POS(收款账户)及金额。Elements of payment: payment account, PIN code, current POS (receipt account) and amount.
付款账户及用户名的本质是,服务器用于查找用户数据库中相应用户数据项及相对应身份认证的手段。当身份认证数据与付款账户(用户名)要求的身份认证手段和数据匹配时,确认可以进行相应的工作。这样,付款账户和用户名的本质就是:标识数据(标识用户);而PIN码就是:身份认证数据。当标识数据与身份认证数据匹配后,银行或网站进行相应的工作。当然还可以使用其他身份认证协议,甚至零知识身份认证协议。身份认证协议的本质就是如何组成和传送身份认证数据,达到身份确认的目的。在某些银行应用中,只要提供准确的银行账户,而不需要提供PIN码(身份认证数据)就可以进行相应的支付,如快捷支付和各种消费卡。The essence of the payment account and user name is that the server is used to find the corresponding user data item in the user database and the corresponding identity authentication means. When the identity authentication data matches the identity authentication means and data required by the payment account (user name), it is confirmed that the corresponding work can be performed. Thus, the essence of the payment account and the username is: identification data (identifying the user); and the PIN code is: identity authentication data. When the identification data matches the authentication data, the bank or website performs the corresponding work. Of course, other authentication protocols, even zero-knowledge authentication protocols, can be used. The essence of the identity authentication protocol is how to form and transmit identity authentication data for the purpose of identity verification. In some banking applications, as long as you provide an accurate bank account without the need to provide a PIN (identity authentication data), you can make appropriate payments, such as fast payment and various consumer cards.
这样,付款账户及用户名(PAN)的保护就变得尤为重要。APPLE公司推广的APPLE_PAY提供一种相对安全的保护PAN的方案,即用令牌(可多次使用)来代替主账号(PAN,付款账户及用户名),实现对主账号(PAN)的保护。当令牌不安全后,可以更换令牌,而不需要更换主账号。但是令牌也是相对不安全因素,也可能被盗窃和使用。如果能实现对令牌的保护,就能更大地提高支付的安全性。实际上对每次交易而言,令牌实际上也可以看成某种PAN。In this way, the protection of payment accounts and user names (PANs) becomes even more important. APPLE's promoted APPLE_PAY provides a relatively secure solution for protecting PAN by replacing the primary account (PAN, payment account and username) with a token (multiple use) to protect the primary account (PAN). When the token is not secure, the token can be replaced without replacing the primary account. But tokens are also relatively insecure and can be stolen and used. If the protection of the token can be realized, the security of the payment can be greatly enhanced. In fact, for each transaction, the token can actually be seen as a PAN.
在本申请文件中,需要用到各种密码技术来说明技术方案。H表示哈希函数或其他单向函数,用于给数据做一个加密标识。In this application, various cryptographic techniques are required to illustrate the technical solution. H represents a hash function or other one-way function for making an encrypted identifier for the data.
发明内容Summary of the invention
大多数用户“潜意识”中,把安全的希望建筑在PIN码或身份认证数据的***露上。并希望当银行卡(或用户名)丢失后,用PIN码来保证安全,并认为PIN码不“容易”泄露。用PIN码保护安全也成为普通大众的“安全习惯”。从安全的角度,为了保护用户的PIN码,最好不在商家或别人的计算机(移动POS)上输入银行卡(或用户名)的真实PIN码,而采用在用户自己的手机上输入PIN码来提高保障安全的体验。In most users' "subconscious", the hope of security is built on the PIN code or identity authentication data. And hope that when the bank card (or username) is lost, the PIN code is used to ensure security, and the PIN code is not considered "easy" to leak. Protecting security with a PIN code has also become a "safe habit" for the general public. From a security perspective, in order to protect the user's PIN code, it is best not to enter the real PIN code of the bank card (or username) on the merchant or someone else's computer (mobile POS), but to enter the PIN code on the user's own mobile phone. Improve the security experience.
事实上,也可以把用户名+PIN统一看成一个用户标识数据,或令牌。In fact, you can also treat the username + PIN as a user identification data, or token.
在支付登陆中,如果还有对用户名(PAN)的保护就更安全。这可以使用用户装置隐藏式输入用户名(PAN)来实现。这样在支付登陆时,就没有直接或明码在POS上输入传统的银行***(付款账户或用户名)。再加上双通道身份认证技术,使得PIN码(身份认证数据)在自 己可控的手机上输入,显然这样更安全。In the payment login, it is safer to protect the user name (PAN). This can be done using a user device hidden input username (PAN). In this way, when the payment is logged in, there is no direct or clear input of the traditional bank card number (payment account or username) at the POS. Coupled with dual-channel authentication technology, the PIN code (identity authentication data) is It is obviously safer to enter on a controllable mobile phone.
利用用户装置隐藏输入付款账户(PAN),利用手机输入PIN码增加了支付的安全性,然后利用手机联网的特性实现银行***“隐藏输入”与PIN码手机输入的双通道传送,达到支付的安全和便捷的统一。Using the user device to hide the input payment account (PAN), using the mobile phone to input the PIN code increases the security of the payment, and then uses the characteristics of the mobile phone network to realize the dual-channel transmission of the bank card number "hidden input" and the PIN code mobile phone input, thereby achieving payment security. And convenient uniformity.
本发明的本质就是用密码函数根据用户标识数据及随机数,生成标识检索数据和标识认证数据,组成隐藏令牌。用隐藏令牌来隐藏真实的用户标识。实质就是利用安全装置与用户装置都共有的用户标识数据(及其他数据),看成已经分配的密钥。使得该***不需要密钥分配。当然也可以使用PKI技术来隐藏用户标识数据,这样也不需要分配密钥,但是还是需要认证公钥(PKI是一个复杂的***),否则容易遭受“钓鱼攻击”。The essence of the invention is to use the cryptographic function to generate the identification retrieval data and the identification authentication data according to the user identification data and the random number to form a hidden token. Hide hidden user IDs with hidden tokens. The essence is to use the user identification data (and other data) shared by the security device and the user device as the already assigned key. This makes the system do not require key distribution. Of course, PKI technology can also be used to hide user identification data, so that there is no need to assign a key, but it is still necessary to authenticate the public key (PKI is a complex system), otherwise it is vulnerable to "phishing attacks."
根据本发明的一个方面,一种隐藏用户标识数据的***,它包括:用户装置,产生隐藏用户标识数据的隐藏令牌;使用装置,从用户装置获得隐藏令牌及其他数据;安全装置,根据隐藏令牌确认标识数据;用户装置与使用装置连接,使用装置与安全装置连接;用户装置根据用户标识数据,使用单向函数计算得到标识检索数据;用户装置根据随机数及标识数据,使用密码函数计算得到标识认证数据;标识检索数据及标识认证数据组成隐藏令牌,传送到安全装置;安全装置根据隐藏令牌的标识检索数据,找到相关用户标识数据项,并根据随机数及隐藏令牌的标识认证数据,确认标识数据。According to one aspect of the present invention, a system for hiding user identification data includes: a user device that generates a hidden token that hides user identification data; a device that obtains a hidden token and other data from a user device; The hidden token confirms the identification data; the user device is connected to the using device, and the using device is connected to the security device; the user device calculates the identifier retrieval data by using a one-way function according to the user identification data; the user device uses the cryptographic function according to the random number and the identification data. The identification authentication data is calculated; the identification retrieval data and the identification authentication data form a hidden token, which is transmitted to the security device; the security device retrieves the data according to the identifier of the hidden token, finds the relevant user identification data item, and according to the random number and the hidden token Identify the authentication data and confirm the identification data.
进一步,用户装置中的随机数可以是时间数据、或使用次数数据、或临时产生的随机数、或地理位置信息,或身份认证数据,或接收到的随机数及以上组合。Further, the random number in the user device may be time data, or usage count data, or temporarily generated random number, or geographical location information, or identity authentication data, or received random number and combinations thereof.
这里安全装置可以是网站,使用装置可以是计算机或者手机等终端,用户装置可以是浏览器、邮件客户端等需要登录网站的应用程序。Here, the security device may be a website, and the usage device may be a terminal such as a computer or a mobile phone, and the user device may be an application that needs to log in to the website, such as a browser or a mail client.
根据本发明的另一个方面,一种隐藏用户标识数据的装置,它包括:单向函数计算装置,随机数装置,标识数据存储装置,通讯装置;当隐藏用户标识数据的装置通过通讯装置连接到其他设备,接收到要求提供隐藏令牌命令后,从标识数据存储装置获得用户标识,使用单向函数计算得到标识检索数据;从随机数装置获得随机数,用户装置根据随机数及标识数据,使用密码函数计算得到标识认证数据;标识检索数据及标识认证数据组成隐藏令牌,并把结果通过通讯装置传送到其连接的设备。According to another aspect of the present invention, an apparatus for concealing user identification data includes: a one-way function computing device, a random number device, an identification data storage device, a communication device; and a device that hides user identification data is connected to the communication device The other device obtains the user identifier from the identifier data storage device after receiving the request to provide the hidden token command, and uses the one-way function to calculate the identifier search data; obtains the random number from the random number device, and the user device uses the random number and the identifier data. The cryptographic function calculates the identification authentication data; identifies the retrieval data and identifies the authentication data to form a hidden token, and transmits the result to the connected device through the communication device.
进一步,上述随机数装置可以是产生时间的装置,也可以是存储使用次数的装置,还可以是真随机数生成装置,或地理位置信息装置,或身份认证数据装置,或通信装置接收到的随机数及以上组合。Further, the random number device may be a device that generates time, or may be a device that stores the number of uses, or may be a true random number generating device, or a geographical location information device, or an identity authentication data device, or a random received by the communication device. Number and combination.
这里安全装置可以是网站,使用装置可以是计算机或者手机等终端,用户装置可以是浏览器、邮件客户端等需要登录网站的应用程序。Here, the security device may be a website, and the usage device may be a terminal such as a computer or a mobile phone, and the user device may be an application that needs to log in to the website, such as a browser or a mail client.
根据本发明的另外一个方面,一种隐藏用户标识数据的方法,它包括:(步骤A)用户装置根据用户标识数据,使用单向函数计算得到标识检索数据;(步骤B)用户装置根据随机数及标识数据,使用密码函数计算得到标识认证数据;(步骤C)标识检索数据及标识认证数据组成隐藏令牌,传送到安全装置;(步骤D)安全装置根据隐藏令牌的标识检索数据,找到相关用户标识数据项,并根据随机数及隐藏令牌的标识认证数据,确认标识数据。According to still another aspect of the present invention, a method for hiding user identification data, comprising: (Step A) the user device calculates the identification search data using a one-way function according to the user identification data; (Step B) the user device according to the random number And identifying data, using the cryptographic function to calculate the identification authentication data; (step C) identifying the retrieval data and identifying the authentication data to form a hidden token, transmitting to the security device; (step D) the security device retrieving the data according to the identifier of the hidden token, finding The related user identifies the data item, and confirms the identification data according to the identification data of the random number and the hidden token.
进一步,(步骤A)中生成标识检索数据的数据,还包括其他数据,如身份认证数据。Further, the data identifying the retrieval data is generated in (Step A), and further includes other data such as identity authentication data.
还可以,步骤B中的随机数可以是时间数据、或使用次数数据、或临时产生的随机数、或 地理位置信息、或身份认证数据、或接收到的随机数及以上组合。It is also possible that the random number in step B may be time data, or usage time data, or a temporarily generated random number, or Geographic location information, or identity authentication data, or received random numbers and combinations of the above.
还可以,步骤C还有使用装置传送收款账户及金额到安全装置的步骤。It is also possible that step C also has the step of using the device to transmit the payment account and the amount to the security device.
还可以,步骤D后,还有安全装置转换用户标识数据为主账号(PAN)的步骤。It is also possible, after step D, there is a step of the security device converting the user identification data as a primary account (PAN).
还可以,(步骤B)还有用用户标识数据生成对称加密密钥的步骤,用于加密生成标识认证数据或(和)身份认证数据。It is also possible (step B) to further generate a symmetric encryption key using the user identification data for encrypting the generated identification authentication data or (and) the identity authentication data.
进一步,还可以是上述所有方法的任意组合。Further, it may be any combination of all the above methods.
这里安全装置可以是网站,使用装置可以是计算机或者手机等终端,用户装置可以是浏览器、邮件客户端等需要登录网站的应用程序。Here, the security device may be a website, and the usage device may be a terminal such as a computer or a mobile phone, and the user device may be an application that needs to log in to the website, such as a browser or a mail client.
附图说明DRAWINGS
下面参照附图描绘本发明,其中The invention is described below with reference to the accompanying drawings in which
图1表示优选实施例1隐藏用户标识数据的方法和***的示意图;1 is a schematic diagram showing a method and system for hiding user identification data in a preferred embodiment 1;
图2表示优选实施例2隐藏用户标识数据的方法和***的示意图;2 is a schematic diagram showing a method and system for hiding user identification data in the preferred embodiment 2;
图3表示优选实施例3隐藏用户标识数据的装置的示意图;3 is a schematic diagram of an apparatus for hiding user identification data in a preferred embodiment 3;
图4表示优选实施例4、5、6隐藏用户标识数据的方法和***的示意图。4 is a schematic diagram showing a method and system for hiding user identification data in preferred embodiments 4, 5, and 6.
具体实施方式detailed description
在本发明的实施例描述中,我们始终使用F代表付款账户(标识数据,用户名等)、T代表付款账户F的令牌(替代数据)、H代表单向函数、S代表收款账户、M代表金额、PIN代表个人识别码(身份认证数据)、DES代表对称加密算法。In the description of the embodiments of the present invention, we always use F for the payment account (identification data, user name, etc.), T for the payment account F token (alternative data), H for the one-way function, S for the collection account, M represents the amount, PIN represents the personal identification number (identity authentication data), and DES represents the symmetric encryption algorithm.
[实施例1][Example 1]
本实施例一种隐藏用户标识数据所关联的方法和***如图1所示。***由安全装置1、使用装置3及网络2、银行收单机构5及用户装置4组成。用户装置4还可以包含指纹装置41。其中安全装置1与使用装置3通过网络2连接;安全装置1与银行收单机构5连接(也可以通过网络2连接);用户装置4与使用装置3连接。The method and system associated with hiding user identification data in this embodiment are as shown in FIG. 1. The system consists of a security device 1, a usage device 3, a network 2, a bank acquirer 5, and a user device 4. User device 4 may also include fingerprint device 41. The security device 1 is connected to the user device 3 via the network 2; the security device 1 is connected to the bank acquiring institution 5 (may also be connected via the network 2); the user device 4 is connected to the user device 3.
使用装置3包括:收款账户S;用户装置4包括:付款账户F的令牌T,单向函数H;安全装置1包括:用户表(F,T,H(T))及单向函数H,其中F为付款账户(PAN)、付款账户F的令牌T及H(T)。The usage device 3 comprises: a collection account S; the user device 4 comprises: a token T of the payment account F, a one-way function H; the security device 1 comprises: a user table (F, T, H(T)) and a one-way function H , where F is the payment account (PAN), the token T of the payment account F, and H(T).
用户表及用户装置令牌的建立步骤为:The steps for establishing the user table and user device token are:
1、任意安全计算机终端登录安全装置1;1. Any secure computer terminal login security device 1;
2、输入付款账户F,安全装置产生令牌T,并传送输入到用户装置4;2, enter the payment account F, the security device generates a token T, and transmits the input to the user device 4;
3、安全装置1建立F与T的用户表项:(F,T,H(T))。3. The security device 1 establishes user entries of F and T: (F, T, H(T)).
登陆支付的步骤为:The steps for landing payment are:
1、用户装置4有随机数R及用户标识数据T,计算(H(T),H(T||R),R)为隐藏令牌,传送到使用装置3;1, the user device 4 has a random number R and user identification data T, the calculation (H (T), H (T | | R), R) is a hidden token, transmitted to the use device 3;
2、使用装置3有收款账户S,获得支付金额M,从用户装置4获得(H(T),H(T||R),R);上述交易数据(H(T),H(T||R),R,M,S)通过网络2传送到安全装置1;2. The usage device 3 has a payment account S, obtains the payment amount M, and obtains (H(T), H(T||R), R) from the user device 4; the above transaction data (H(T), H(T) ||R), R, M, S) are transmitted to the security device 1 through the network 2;
3、安全装置1收到(H(T),H(T||R),R,M,S),根据H(T),查找用户表得到(F,T1,H(T));根据R及T1计算H(T1||R);如果H(T1||R)=H(T||R),表明T1=T;3. The security device 1 receives (H(T), H(T||R), R, M, S), and according to H(T), finds the user table to obtain (F, T1, H(T)); R and T1 calculate H(T1||R); if H(T1||R)=H(T||R), it means T1=T;
4、安全装置1根据(H(T),H(T||R),R,M,S)、用户表(F,T1,H(T))及T1=T,得到(M,S,F);安全装置 1发送支付数据(M,S,F)到银行收单机构1;4. The safety device 1 obtains (M, S, according to (H(T), H(T||R), R, M, S), the user table (F, T1, H(T)), and T1=T. F); safety device 1 sending payment data (M, S, F) to the bank acquirer 1;
5、如果正确,银行收单机构5支付并返回支付完成信息到安全装置1,然后到使用装置3;否则返回支付错误信息到安全装置1,通过网络2返回到使用装置3。5. If correct, the bank acquirer 5 pays and returns the payment completion information to the security device 1, and then to the use device 3; otherwise, returns the payment error message to the security device 1, and returns to the use device 3 via the network 2.
步骤1中的随机数R可以由安全装置1产生,传送到使用装置3,然后传送到用户装置4,这样可以防止重放攻击。也可以由用户装置产生一个基于时间(次数)的数,如(随机数+时间)作为R,同样也可以防止重放攻击。还可以是用户装置4的地理位置信息。R也可以包含使用装置3的地理位置信息。The random number R in step 1 can be generated by the security device 1, transmitted to the use device 3, and then transmitted to the user device 4, which can prevent replay attacks. It is also possible for the user device to generate a time-based (number of times) number, such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the user device 4. R may also contain geographic location information using the device 3.
显然,我们可以在指纹装置41通过用户指纹识别认证后,才能进行第2步骤来增加安全性。Obviously, we can perform the second step to increase the security after the fingerprint device 41 is authenticated by the user fingerprint.
该加入指纹识别后,实施例实际就是目前APPLEPAY的安全改进方式。在APPLEPAY中,如果使用装置2偷到用户标识数据T,那么就可以通过伪造T来实现攻击。T可以看成标识数据,只不过该标识数据还需要进行一次转换,对应到真正的支付标识数据(PAN)。After the fingerprint recognition is added, the embodiment is actually the current security improvement method of APPLEPAY. In APPLEAY, if the device identification data T is stolen using the device 2, the attack can be implemented by forging T. T can be regarded as identification data, but the identification data also needs to be converted to correspond to the real payment identification data (PAN).
本实施例使用用户装置隐藏付款账户标识或令牌的数据输入,实现了对付款账户标识数据的隐藏。这里付款账户标识数据也可以看成用户标识数据。在登录支付流程中去掉金额的获得和传送,就是登陆流程。本实施例的用户装置可以是非接触IC卡,也可以使用接触式IC卡,或是手机,或是手机HCE等设备;通讯方式可以是其他能够在用户装置与使用装置之间传送信息的其他连接方式,如声波,蓝牙等。In this embodiment, the user device is used to hide the data input of the payment account identifier or the token, thereby realizing the hiding of the payment account identification data. Here, the payment account identification data can also be regarded as user identification data. In the login payment process, the acquisition and transfer of the amount is removed, which is the login process. The user device in this embodiment may be a contactless IC card, or a contact type IC card, or a mobile phone, or a mobile phone HCE; the communication method may be other connections capable of transmitting information between the user device and the device. Ways such as sound waves, Bluetooth, etc.
显然,在实施了隐藏输入标识数据后,还可以在使用装置上输入PIN码进行身份认证。当然还有其他提交身份认证数据的方法(如,双通道身份认证)和协议。Obviously, after the hidden input identification data is implemented, the PIN code can also be input on the using device for identity authentication. There are of course other ways to submit authentication data (eg, two-channel authentication) and protocols.
还可以在安全装置1与用户装置4存储相同的数K,然后用该数在两个装置同时加入单向函数计算,增加复杂性。该数K也可以是交互过程中从用户装置的外部输入,甚至是PIN码(身份认证数据)。在用户装置是手机等有输入装置的设备上,可以让K在手机输入,传送到用户装置;如果隐藏令牌是只能从用户装置产生到使用装置,而不能传送回手机操作***,这样安全性更高。It is also possible to store the same number K in the security device 1 and the user device 4, and then use this number to simultaneously add a one-way function calculation to both devices, increasing the complexity. The number K can also be an external input from the user device during the interaction, or even a PIN code (identity authentication data). When the user device is a device such as a mobile phone having an input device, K can be input on the mobile phone and transmitted to the user device; if the hidden token can only be generated from the user device to the use device, but cannot be transmitted back to the mobile phone operating system, the security is safe. More sexual.
本实施例保护用户标识数据T的方案,没有密钥分配过程。同时又能达到在信息交换过程中保护的T目的。本质上,安全装置1发放令牌T的过程,就是密钥分配的过程。The embodiment protects the user identification data T, and there is no key distribution process. At the same time, it can achieve the purpose of protection in the process of information exchange. Essentially, the process by which the security device 1 issues the token T is the process of key distribution.
从目前APPLEPAY的角度,由于银行现有POS都是传送16个字节的主账号(PAN),那么它是用16个字节的用户标识数据(令牌)传送到安全装置,转换成主账号,实现对主账号的隐藏。当用户标识数据(令牌)被非法泄漏后,不影响主账号的安全。只要重新申请关联于主账号的用户标识数据(令牌)即可。From the current APPLEPAY point of view, since the bank's existing POS is to transmit a 16-byte primary account (PAN), it is transmitted to the security device with 16 bytes of user identification data (token) and converted into a primary account. To achieve the hiding of the main account. When the user identification data (token) is illegally leaked, the security of the primary account is not affected. Just re-apply the user identification data (token) associated with the primary account.
中国标准的HASH函数(SM3)是256位,就是32字节。我们可以使用其中的64位(或8个字节)表示H(T),另外为H(T||R)中的6个字节及2个字节的R。这样基本上就不改变现有银行***的数据传送格式。The Chinese standard HASH function (SM3) is 256 bits, which is 32 bytes. We can use 64 bits (or 8 bytes) to represent H(T), and another 6 bytes in H(T||R) and 2 bytes of R. This basically does not change the data transfer format of the existing banking system.
由于只有8个字节的用户标识数据(令牌)空间,容易产生不同用户标识数据(令牌)T具有相同的短隐藏用户标识数据,这样在通过短隐藏用户标识数据搜索用户表时,同样的短隐藏用户标识数据下,可能有多个数据项。但是这些数据项显然可以被H(T||R)的6个字节认证所区别,否则作废本次请求,重新交易即可。Since there is only 8 bytes of user identification data (token) space, it is easy to generate different user identification data (tokens) T having the same short hidden user identification data, so that when searching for the user table by short hiding user identification data, the same Under the short hidden user identification data, there may be multiple data items. However, these data items can obviously be distinguished by the 6-byte authentication of H(T||R). Otherwise, the request is invalidated and the transaction can be re-traded.
H(T)的作用就是用于安全装置1查找T对应的数据项,所以称为标识检索数据,而H(T||R) 的作用是确认安全装置中的用户标识数据T,与用户装置中的T的一致性,所以称为标识认证数据。标识检索数据及标识认证数据组成隐藏令牌。如果随机数R由用户装置产生,显然必须传送R到安全装置进行标识认证;这时隐藏令牌还包括随机数R。在APPLEPAY中实际的标识有两个,即安全装置与用户装置可能都拥有同样的TONKEN或PAN,都可以用来生成标识检索数据和标识认证数据。就是说,利用安全装置和用户装置共同拥有的数据,都可以看成标识,实现标识的隐藏声明。The role of H(T) is for the security device 1 to find the data item corresponding to T, so it is called the identifier retrieval data, and H(T||R) The function is to confirm the consistency of the user identification data T in the security device with the T in the user device, so it is called identification authentication data. The identification retrieval data and the identification authentication data constitute a hidden token. If the random number R is generated by the user device, it is apparent that R must be transmitted to the security device for identity authentication; at this time the hidden token also includes the random number R. There are two actual identifiers in APPLEPAY, that is, both the security device and the user device may have the same TONKEN or PAN, which can be used to generate the identification retrieval data and the identification authentication data. That is to say, the data shared by the security device and the user device can be regarded as an identifier to realize a hidden statement of the logo.
随机数R可以是时间数据、或使用次数数据、或临时产生的随机数、地理位置信息,或接收到的随机数及以上组合。特别是地理位置信息,可以用于根据用户的习惯数据,判断支付的合理性;更进一步,如果POS上同样也有地理位置信息,并以挑战数形式,发送到用户装置。那么,安全装置就可以根据使用装置(POS)的位置信息和用户装置的位置信息,判断该支付是否物理位置接近,判断是否是线下支付,是否使用装置是否移机。The random number R may be time data, or usage count data, or temporarily generated random numbers, geographical location information, or received random numbers and combinations thereof. In particular, the geographical location information can be used to judge the rationality of the payment according to the user's customary data; further, if the POS also has geographical location information, and is sent to the user device in the form of a challenge number. Then, the security device can determine whether the payment is physically close according to the location information of the using device (POS) and the location information of the user device, determine whether the payment is offline, and whether the device is used for transfer.
在该实施例中,生成标识检索数据和标识认证数据都是使用单向函数。在标识认证数据的生成中,还可以使用对称加密算法(DES),这样就需要用标识数据通过一定的规则产生加密的密钥,则个对称密码算法也可以称为密码函数,当然单向函数也可以称为密码函数。In this embodiment, generating the identification retrieval data and identifying the authentication data are both using a one-way function. In the generation of the identification authentication data, a symmetric encryption algorithm (DES) can also be used, so that the identification data needs to generate an encrypted key through certain rules, and a symmetric cryptographic algorithm can also be called a cryptographic function, of course, a one-way function. It can also be called a cryptographic function.
更安全地,实施例1的登陆支付的步骤改为:More safely, the step of landing payment in embodiment 1 is changed to:
1、使用装置3有收款账户S,获得支付金额M,传送到用户装置4。1. The use device 3 has a payment account S, and the payment amount M is obtained and transmitted to the user device 4.
2、用户装置4有随机数R及用户标识数据T,计算(H(T),H(T||R||M||S),R,M,S)为隐藏令牌,传送到使用装置3;通过网络2传送到安全装置1;2. The user device 4 has a random number R and a user identification data T, and calculates (H(T), H(T||R||M||S), R, M, S) as hidden tokens, and transmits them to use. Device 3; transmitted to the security device 1 through the network 2;
3、安全装置1收到(H(T),H(T||R||M||S),R,M,S),根据H(T),查找用户表得到(F,T1,H(T));根据R、M、S及T1计算H(T1||R||M||S);如果H(T1||R||M||S)=H(T||R||M||S),表明T1=T;3. The safety device 1 receives (H(T), H(T||R||M||S), R, M, S), and finds the user table according to H(T) (F, T1, H) (T)); calculate H(T1||R||M||S) from R, M, S, and T1; if H(T1||R||M||S)=H(T||R| |M||S), indicating T1=T;
4、安全装置1根据(H(T),H(T||R||M||S),R,M,S)、用户表(F,T1,H(T))及T1=T,得到(M,S,F);安全装置1发送支付数据(M,S,F)到银行收单机构1;4. The safety device 1 is based on (H(T), H(T||R||M||S), R, M, S), user table (F, T1, H(T)) and T1=T, Obtaining (M, S, F); the security device 1 sends payment data (M, S, F) to the bank acquirer 1;
5、如果正确,银行收单机构5支付并返回支付完成信息到安全装置1,然后到使用装置3;否则返回支付错误信息到安全装置1,通过网络2返回到使用装置3。5. If correct, the bank acquirer 5 pays and returns the payment completion information to the security device 1, and then to the use device 3; otherwise, returns the payment error message to the security device 1, and returns to the use device 3 via the network 2.
实施例中的||符号表示前后数据连接成一个数据,即字符串连接。The || symbol in the embodiment indicates that the before and after data are concatenated into one data, that is, a string concatenation.
[实施例2](关联服务器)[Embodiment 2] (association server)
本发明的第2个实施例如附图2所示,该实施例增加一个关联服务器7,用于把身份认证数据与标识数据(付款账户)进行关联。把交易数据用使用装置与安全装置,身份认证数据(如,PIN码)用确认装置与关联服务器及安全装置两个通道分别传送,然后由安全装置组合收到的数据组成完整的支付数据进行支付的实施例。A second embodiment of the present invention is shown in Fig. 2, which adds an association server 7 for associating identity authentication data with identification data (payment accounts). Transmitting the transaction data with the use device and the security device, the identity authentication data (eg, PIN code) is separately transmitted by the confirmation device and the associated server and the security device, and then the data received by the security device combination constitutes the complete payment data for payment. An embodiment.
本实施例一种隐藏用户标识数据的方法和***所关联的方法和***如图2所示。一种隐藏用户标识数据的方法和***由安全装置1、确认装置4、使用装置3、关联服务器7、网络2、银行收单机构6及用户装置5组成。The method and system associated with the method and system for hiding user identification data in this embodiment are as shown in FIG. 2 . A method and system for hiding user identification data is composed of a security device 1, a confirmation device 4, a usage device 3, an association server 7, a network 2, a bank acquirer 6, and a user device 5.
其中安全装置1与使用装置3通过网络2连接;安全装置1与关联服务器7通过网络2连接,关联服务器7与确认装置4通过网络2连接;安全装置1与银行收单机构1连接(也可以通过网络2连接)。用户装置5与使用装置3连接。The security device 1 is connected to the user device 3 via the network 2; the security device 1 is connected to the association server 7 via the network 2, and the association server 7 is connected to the confirmation device 4 via the network 2; the security device 1 is connected to the bank acquirer 1 (may also Connected via network 2). The user device 5 is connected to the user device 3.
使用装置3包括:收款账户S;用户装置5包含:单向函数H,RSA安全公钥,付款账户F;确认装置4包括:与付款账户F对应的关联数据P;安全装置1包括:单向函数H,用户表 (F,H(F)),固定数WR,RSA安全私钥;关联服务器7包括:用户表(H(F||WR),P),其中F为付款账户、P为关联数据。RSA安全公钥与RSA安全私钥是一对公私密钥。The usage device 3 comprises: a payment account S; the user device 5 comprises: a one-way function H, an RSA security public key , a payment account F; the confirmation device 4 comprises: associated data P corresponding to the payment account F; the security device 1 comprises: a single To function H, user table (F, H(F)), fixed number WR, RSA secure private key ; association server 7 includes: user table (H(F||WR), P), where F is the payment account, P To associate data. The RSA Secure Public Key and the RSA Secure Private Key are a pair of public and private keys.
关联流程:Linkage process:
1、用户装置5产生随机数K,有付款账户F,计算RSA安全公钥(F,K);1. The user device 5 generates a random number K, has a payment account F, and calculates an RSA security public key (F, K);
2、使用装置3从用户装置5获得RSA安全公钥(F,K),通过网络2传送到安全装置1;2, using the device 3 to obtain the RSA security public key (F, K) from the user device 5, transmitted to the security device 1 through the network 2;
3、安全装置1计算RSA安全私钥(RSA安全公钥(F,K)),得到F;建立用户表项(F,H(F));3. The security device 1 calculates the RSA security private key (RSA security public key (F, K)), obtains F, and establishes a user entry (F, H(F));
4、安全装置1有固定数WR,计算H(F||WR),并传送到关联服务器7;由于关联服务器7没有H(F||WR)所关联的确认装置4,则产生随机数P,并传送回安全装置1,再传送到使用装置3,这时关联服务器7建立用户表项(H(F||WR),P);4. The security device 1 has a fixed number WR, calculates H(F||WR), and transmits it to the associated server 7; since the associated server 7 does not have the confirmation device 4 associated with H(F||WR), a random number P is generated. And transmitted back to the security device 1, and then transferred to the use device 3, when the associated server 7 establishes a user entry (H (F|| WR), P);
5、用户根据使用装置3显示的P,输入确认装置4;5. The user inputs the confirmation device 4 according to the P displayed by the device 3;
这样在关联服务器7中,建立了一个付款账户F与确认装置4的关联关系的表项,包含两个要素(H(F||WR),P)。确认装置4中有对应付款账户F的P。Thus, in the association server 7, an entry of the association relationship between the payment account F and the confirmation device 4 is established, and includes two elements (H(F||WR), P). The confirmation device 4 has a P corresponding to the payment account F.
关联流程的目的就是,第一在关联服务器上建立付款账户F与确认装置的密码关联表项(H(F||WR),P);第二在安全装置上建立用户表(F,H(F))。任何其他安全的建立这些表项的方法,不是本专利申请所关注的目标。而且这里的RSA安全公钥与RSA安全私钥是一对公私密钥,在本实施例中只是为了建立这些表项。The purpose of the association process is to first establish a password association entry (H(F||WR), P) of the payment account F and the confirmation device on the association server; and secondly establish a user table (F, H (on the security device) F)). Any other secure method of establishing these entries is not the goal of this patent application. Moreover, the RSA security public key and the RSA security private key here are a pair of public and private keys, which are only used to establish these entries in this embodiment.
支付的步骤为:The steps to pay are:
1、用户装置5有随机数R,付款账户F,计算(H(F),H(F||R),R)传送到使用装置3;1, the user device 5 has a random number R, payment account F, calculation (H (F), H (F | | R), R) is transmitted to the use device 3;
2、使用装置3有收款账户S,获得支付金额M,从用户装置5获得(H(F),H(F||R),R);上述交易数据(M,S,(H(F),H(F||R),R))通过网络2传送到安全装置1;2. The usage device 3 has a payment account S, obtains the payment amount M, and obtains from the user device 5 (H(F), H(F||R), R); the above transaction data (M, S, (H (F) ), H (F | | R), R)) transmitted to the security device 1 through the network 2;
3、安全装置1收到(H(F),H(F||R),R,M,S),根据H(F),查找用户表得到(F1,H(F));根据R及F1计算H(F1||R);如果H(F1||R)=H(F||R),表明F1=F;得到(M,S,F);3. The safety device 1 receives (H(F), H(F||R), R, M, S), according to H(F), finds the user table to get (F1, H(F)); according to R and F1 calculates H(F1||R); if H(F1||R)=H(F||R), it means F1=F; get (M,S,F);
4、安全装置1有固定数WR,计算H(F||WR),并传送到关联服务器7;4, the security device 1 has a fixed number of WR, calculate H (F | | WR), and transfer to the associated server 7;
5、确认装置4输入PIN,通过网络2传送(PIN,P)到关联服务器7;5, the confirmation device 4 enters the PIN, and transmits (PIN, P) through the network 2 to the associated server 7;
6、关联服务器7根据用户表(H(F||WR),P)及(PIN,P),得到(H(F||WR),PIN);6. The association server 7 obtains (H(F||WR), PIN) according to the user table (H(F||WR), P) and (PIN, P);
7、传送(H(F||WR),PIN)到安全装置1;7. Transfer (H(F||WR), PIN) to the security device 1;
8、安全装置1根据(H(F||WR),PIN)及(M,S,F),得到与PIN匹配的(M,S,F);安全装置1发送支付数据(PIN,M,S,F)到银行收单机构1;8. The security device 1 obtains (M, S, F) matching the PIN according to (H(F||WR), PIN) and (M, S, F); the security device 1 transmits the payment data (PIN, M, S, F) to the bank acquirer 1;
9、如果正确,银行收单机构6支付并返回支付完成信息到安全装置1,然后到使用装置3;否则返回支付错误信息到安全装置1,然后信息通过网络2返回到使用装置3或(和)确认装置4。9. If correct, the bank acquirer 6 pays and returns the payment completion information to the security device 1, and then to the use device 3; otherwise returns a payment error message to the security device 1, and then the information is returned to the use device 3 via the network 2 or (and ) Confirmation device 4.
从流程上看,H(F||WR)似乎没有必要。实际上,这样处理的好处是关联服务器不能得到“真实”的F,这样就保证了安全装置1中F的安全,这里WR是安全装置1固定保密的数。这样关联服务器7的拥有者,不能通过修改F及计算H(F)的方法来猜测F;更好的是安全装置1选用自己独特的hash函数H。如果确认装置4采用H(pin)保护pin的方法等更安全的密码体制,那么关联服务器7在处理过程中,实际上不能得到任何有意义的数据。这样就可以在解决安全问题的同时不产生其他安全问题。From the process point of view, H (F||WR) does not seem to be necessary. In fact, the advantage of such processing is that the associated server cannot obtain a "real" F, thus ensuring the security of F in the security device 1, where WR is the number of security devices 1 that are kept secret. Thus, the owner of the associated server 7 cannot guess F by modifying F and calculating H(F); more preferably, the security device 1 selects its own unique hash function H. If the confirmation device 4 adopts a more secure cryptosystem such as the H (pin) protection pin method, the association server 7 cannot actually obtain any meaningful data during the processing. This will solve security problems without creating other security issues.
显然,隐藏付款账户F的单向函数H与用于关联服务器中保护账户的单向函数H可以一 致,也可以不一致。如实施例1一样,也可以用令牌T来代替付款账户F,进行支付流程,当然多一个令牌到付款账户的转换。Obviously, the one-way function H of the hidden payment account F and the one-way function H for protecting the account in the associated server can be one. To, can also be inconsistent. As in the first embodiment, the token T can also be used instead of the payment account F to perform the payment process, and of course one more token-to-payment account conversion.
该实施例的P是用于关联的数据,只是要求安全装置1中付款账户F相关的P与确认装置4中的P一致即可,即P可以是一串没有其他意义的数据,只用于两部分数据的关联;确认装置4可以隐藏自己的网络地址发送(PIN,P)到安全装置1。The P of the embodiment is data for association, but only the P related to the payment account F in the security device 1 is required to be consistent with the P in the confirmation device 4, that is, P may be a string of data having no other meaning, and is only used for The association of the two parts of data; the confirmation device 4 can hide its own network address transmission (PIN, P) to the security device 1.
P也可以是确认装置4的网络地址,如QQ号码、微信号码、微博号码、电子邮件地址等。这样利用确认装置4的网络地址,增加判断从这些网络地址合法发送的数据,加强了本实施例的安全性。实施例2实现了隐藏的付款账户F及金额M与PIN码的双通道分别传输到安全装置1的***及方法,防止了付款账户F被不法分子截取的可能性,提高了***的安全性。P may also be the network address of the confirmation device 4, such as a QQ number, a micro signal code, a microblog number, an email address, and the like. Thus, by using the network address of the confirmation device 4, it is judged that the data legally transmitted from these network addresses is judged, and the security of this embodiment is enhanced. Embodiment 2 implements a system and method for separately transmitting the hidden payment account F and the dual amount of the amount M and the PIN code to the security device 1, preventing the possibility that the payment account F is intercepted by the criminals, and improving the security of the system.
本实施例使用用户装置隐藏付款账户的输入,这样即免去手工键盘输入付款账户的麻烦,也实现了对付款账户隐藏。这里付款账户就是用户标识数据。在登录支付流程中去掉金额的获得和传送,就是登陆流程。In this embodiment, the user device is used to hide the input of the payment account, so that the trouble of inputting the payment account by the manual keyboard is eliminated, and the payment account is also hidden. The payment account here is the user identification data. In the login payment process, the acquisition and transfer of the amount is removed, which is the login process.
在登录支付流程中的用户装置的随机数R可以是用户装置的时间或从使用装置得到的数据,也可以是由安全装置1产生通过使用装置3提供的挑战数,这些技术可以参考现有动态口令保障安全的各种技术。目的是为了使每次产生的隐藏(H(F),H(F||R),R)都不一致,这样拥有POS的攻击者无法确定本次操作的用户装置的付款账户(用户标识)。如果R为时间+随机数,在安全装置中增加检查登录付款时间的要素,可以防止了重放(H(F),H(F||R),R)的攻击。本实施例的用户装置可以是非接触IC卡,也可以使用接触式IC卡,还可以是其他能够在用户装置与使用装置之间传送信息的其他连接方式,如声波,蓝牙等。The random number R of the user device in the login payment process may be the time of the user device or the data obtained from the using device, or may be the number of challenges generated by the security device 1 by using the device 3, and these technologies may refer to existing dynamics. Passwords guarantee a variety of technologies. The purpose is to make the hidden (H(F), H(F||R), R) each time inconsistent, so that the attacker with the POS cannot determine the payment account (user ID) of the user device that is operating this time. If R is time + random number, an element that checks the login payment time is added to the security device to prevent playback (H(F), H(F||R), R) attacks. The user device of this embodiment may be a contactless IC card, a contact type IC card, or other connection means capable of transmitting information between the user device and the use device, such as sound waves, Bluetooth, or the like.
本实施例的安全性在于,银行卡PIN码是在用户自己的手机上(确认装置)上输入,而不是在使用装置上输入,付款账户F也是隐藏式输入的。很显然确认装置4传送到安全装置1的PIN可以采用密码技术。如确认装置4执行RSA安全公钥(PIN,P),安全装置1执行RSA安全私钥(RSA安全公钥(PIN,P)),RSA安全私钥不公开且由安全装置1自己掌握,RSA安全公钥与RSA安全私钥是一对公私密钥。由于确认装置4不储存PIN,所以当确认装置4与用户装置5同时丢失时,与丢失普通银行卡安全风险基本一致。当然也可以使用对称密码体制,这样牵扯到密钥分配的协议。总之这里密码协议是保证传输过程的数据安全。当然也可以不使用PIN这种身份认证数据,而是其他身份认证协议,如零知识身份认证协议;那么从确认装置传送到安全装置的数据就是身份认证协议要求传送的数据。The security of this embodiment is that the bank card PIN code is entered on the user's own mobile phone (confirmation device) instead of being entered on the use device, and the payment account F is also hidden input. It is apparent that the PIN that the confirmation device 4 transmits to the security device 1 can employ cryptographic techniques. If the verification device 4 executes the RSA security public key (PIN, P), the security device 1 executes the RSA security private key (RSA security public key (PIN, P)), the RSA security private key is not disclosed and is controlled by the security device 1 itself, RSA The secure public key and the RSA secure private key are a pair of public and private keys. Since the confirmation device 4 does not store the PIN, when the confirmation device 4 and the user device 5 are simultaneously lost, the security risk is substantially the same as the loss of the ordinary bank card. It is of course also possible to use a symmetric cryptosystem, which involves a protocol for key distribution. In short, the cryptographic protocol here is to ensure the data security of the transmission process. Of course, it is also possible not to use the identity authentication data such as PIN, but other identity authentication protocols, such as a zero-knowledge identity authentication protocol; then the data transmitted from the confirmation device to the security device is the data that the identity authentication protocol requires to transmit.
关联数据P还可以采用安全装置1生成随机码P,传送到使用装置3显示随机码P,确认装置4除了输入PIN外还要输入随机码P,这样也可以实现交易数据关联。好处是安全装置1不需要存储付款账户F与关联数据P的对应关系。也可以采用确认装置4生成并显示随机码P,在使用装置3上输入,传送到安全装置1用于关联。这些显示及输入步骤,还可以改用其他技术手段如,二维码,声波,NFC等近场数据传输技术。总之目的就是使安全装置1与确认装置4有一个用于关联的数据P。The associated data P can also be generated by the security device 1 and transmitted to the user device 3 to display the random code P. The confirmation device 4 inputs the random code P in addition to the PIN, so that the transaction data association can also be realized. The advantage is that the security device 1 does not need to store the correspondence between the payment account F and the associated data P. The random code P can also be generated and displayed by the confirmation device 4, input on the use device 3, and transmitted to the security device 1 for association. These display and input steps can also be changed to other near-field data transmission technologies such as two-dimensional code, sound wave, and NFC. In summary, the purpose is to have the security device 1 and the validation device 4 have a data P for association.
关联数据P如果是网络地址,那么该信息也可以包含在发送PIN到安全装置1的地址中,这样也可以单独对PIN加密,而不需要对(PIN,P)加密。由于P是网络地址,所以还可以有安全装置1把交易数据传送到确认装置4的步骤。这样便于用户确认交易数据的正确性。If the associated data P is a network address, the information can also be included in the address at which the PIN is sent to the secure device 1, so that the PIN can also be encrypted separately without the need to encrypt (PIN, P). Since P is a network address, there is also a step in which the security device 1 transmits the transaction data to the confirmation device 4. This makes it easy for the user to confirm the correctness of the transaction data.
类似实施例1,也可以把M,S等数据加入到标识认证数据的计算中,用于提高安全性。 Similar to Embodiment 1, data such as M, S, etc. can also be added to the calculation of the identification authentication data for improving security.
[实施例3][Example 3]
本发明的第3个实施例如附图3所示,就是使用用户装置1实现付款账户F的隐藏输出的实施例。本实施例一种隐藏用户标识数据的装置所关联的装置如图3所示。装置由单向函数装置11、随机数装置12、用户标识数据存储装置13及通讯装置14组成。A third embodiment of the present invention, as shown in Fig. 3, is an embodiment in which the user device 1 is used to implement the hidden output of the payment account F. The apparatus associated with the apparatus for hiding user identification data in this embodiment is as shown in FIG. The device is composed of a one-way function device 11, a random number device 12, a user identification data storage device 13, and a communication device 14.
当用户装置1通过通讯装置14连接到其他设备,接收到要求提供隐藏标识命令后,从用户标识数据存储装置13获得用户标识F,从随机数装置获得随机数R,提供给单向函数装置计算(H(F),H(F||R),R),并把结果通过通讯装置14传送到连接的其他设备;When the user device 1 is connected to other devices through the communication device 14, after receiving the request to provide the hidden identification command, the user identification F is obtained from the user identification data storage device 13, and the random number R is obtained from the random number device, and is provided to the one-way function device for calculation. (H(F), H(F||R), R), and transmit the result to other connected devices via the communication device 14;
本实施例使用用户装置1隐藏付款账户的输出,实现了对付款账户隐藏。这里付款账户就是用户标识数据。随机数装置12生产的随机数R,是为了使每次产生的(H(F),H(F||R),R)都不一致。如果攻击者通过连接用户装置计算(H(F),H(F||R),R)来猜测F,由于R为时间+随机数,以利于可以检查隐藏标识产生的时间,增加安全性,防止了重放(H(F),H(F||R),R)攻击。就是说随机数装置,可以生成固定数(不安全)、时间(简单随机,较安全)、时间+真随机数(最安全)。显然也可以是接收的从用户装置外部传送过来的随机数R,最好是外部随机数R+时间+真随机数。显然,还可以加入用户装置1的地理位置信息,这样在用户装置1上还需要增加获得地理位置的装置。This embodiment uses the user device 1 to hide the output of the payment account, thereby realizing the hiding of the payment account. The payment account here is the user identification data. The random number R produced by the random number device 12 is such that (H(F), H(F||R), R) is generated each time. If the attacker guesses F by connecting the user device to calculate (H(F), H(F||R), R), since R is time + random number, it is convenient to check the time generated by the hidden identifier and increase security. Playback (H(F), H(F||R), R) attacks are prevented. That is to say, a random number device can generate a fixed number (unsafe), time (simple random, safer), time + true random number (most secure). Obviously it can also be a received random number R transmitted from outside the user device, preferably an external random number R + time + true random number. Obviously, the geographical location information of the user device 1 can also be added, so that it is also necessary to increase the device for obtaining the geographical location on the user device 1.
现实中,用户设备与确认设备可能处于一个物理设备中,如手机、手表、PDA或其他设备。逻辑上是两个设备。In reality, the user device and the confirmation device may be in one physical device, such as a cell phone, watch, PDA, or other device. Logically two devices.
在现有技术中,一般是用户申明用户名(PAN),然后提交相应的身份认证数据。对服务器而言,首先是用用户名(PAN)在客户数据库中查找对应数据项信息,然后用接收到的身份认证数据与数据项中的身份认证数据,进行身份认证。但是,事实上服务器掌握的用户名(PAN)及客户掌握的用户名(PAN),本身也是可以作为秘密。这样,可以把用户名(PAN)看成密钥用传统技术认证两边是否一致,即有很多传统的认证服务器和客户掌握同样用户名(PAN)的认证技术。但是这样产生一个问题,就是客户服务器没法知道,如何选择用户名(PAN)对客户的用户名(PAN)进行一致性认证。当然可以采用对所有用户名(PAN),进行匹配认证。这样显然效率太差。所以我们选择,用单向函数加密用户名(PAN),实现确认用户名(PAN)一致性的工作。In the prior art, the user generally declares a username (PAN) and then submits corresponding identity authentication data. For the server, the user first searches for the corresponding data item information in the customer database by using the user name (PAN), and then uses the received identity authentication data and the identity authentication data in the data item to perform identity authentication. However, in fact, the user name (PAN) held by the server and the user name (PAN) held by the client itself can be used as a secret. In this way, the user name (PAN) can be regarded as the key with the traditional technology authentication on both sides of the same, that is, there are many traditional authentication servers and customers to master the same user name (PAN) authentication technology. But this creates a problem, that is, the client server can't know how to choose the username (PAN) to perform the consistency authentication on the customer's username (PAN). Of course, matching authentication can be performed for all user names (PANs). This is obviously too inefficient. So we chose to encrypt the user name (PAN) with a one-way function to achieve the work of confirming the consistency of the user name (PAN).
与传统的动态令牌技术相比,同样可以采用时间、次数及挑战随机数等因素,进行一致性的身份认证。但是本发明没有传统的用于申明用户的用户名,也没有密钥的概念。所以没有任何密钥分配。这样,这种隐藏用户名(PAN)的技术没有限制到任何特定网站。只要加入网站名进入单向函数的计算,就可以实现多个网站的用户名(PAN)的隐藏式输入,条件是认证的网站有与客户一致的用户名(PAN)。Compared with the traditional dynamic token technology, it can also use the time, the number of times and the challenge random number to perform consistent identity authentication. However, the present invention does not have a conventional concept for affirming a user's username and no key. So there is no key distribution. Thus, this hidden user name (PAN) technology is not limited to any particular website. As long as the website name is entered into the calculation of the one-way function, the hidden input of the user name (PAN) of multiple websites can be realized, provided that the authenticated website has a user name (PAN) consistent with the customer.
与实施例1和2类似,H(F||R)标识认证数据还可以加入其它数据,如金额等。Similar to Embodiments 1 and 2, H(F||R) identifies authentication data and may also incorporate other data such as an amount and the like.
[实施例4][Example 4]
本实施例一种隐藏用户标识数据所关联的方法和***如图4所示。***由安全装置1、使用装置3及网络2。使用装置3内有用户装置31。其中安全装置1与使用装置3通过网络2连接。用户装置31包括:F、PIN及单向函数H;安全装置1包括:用户表(F,H(F),PIN)及单向函数H。其中F为主账号(PAN)。 The method and system associated with hiding user identification data in this embodiment are as shown in FIG. 4 . The system consists of a security device 1, a device 3 and a network 2. The user device 31 is used in the use device 3. The security device 1 and the user device 3 are connected via a network 2. The user device 31 includes: F, a PIN, and a one-way function H; the security device 1 includes a user table (F, H(F), PIN) and a one-way function H. Where F is the primary account (PAN).
安全装置1的用户表建立步骤为:The user table establishment procedure of the security device 1 is:
1、任意安全计算机终端登录安全装置1;1. Any secure computer terminal login security device 1;
2、输入用户名F及PIN;2. Enter the username F and PIN;
3、安全装置1建立用户表项:(F,H(F),PIN)。3. The security device 1 establishes a user entry: (F, H(F), PIN).
登陆的步骤为:The steps to log in are:
1、用户装置31有随机数R,得到F及PIN,计算(H(F),H(F||R||PIN),R),通过使用装置传送到安全装置1;1, the user device 31 has a random number R, get F and PIN, calculate (H (F), H (F | | R | | PIN), R), transmitted to the security device 1 by using the device;
2、安全装置1收到(H(F),H(F||R||PIN),R),根据H(F),查找用户表得(F1,H(F),PIN1);根据R、F1及PIN1,计算H(F1||R||PIN1);如果H(F1||R||PIN1)=H(F||R||PIN),表明F1=F及PIN1=PIN。判定为合法用户,允许进行进一步的工作,如登陆。2. The security device 1 receives (H(F), H(F||R||PIN), R), according to H(F), finds the user table (F1, H(F), PIN1); according to R , F1 and PIN1, calculate H(F1||R||PIN1); if H(F1||R||PIN1)=H(F||R||PIN), it means F1=F and PIN1=PIN. Determined to be a legitimate user, allowing further work, such as logging in.
步骤1中的随机数R可以由安全装置1产生,传送到使用装置3,然后传送到用户装置31,这样可以防止重放攻击。也可以由用户装置产生一个基于时间的数,如(随机数+时间)作为R,同样也可以防止重放攻击。还可以是用户装置31的地理位置信息。随机数R也可以包含使用装置3的地理位置信息。The random number R in step 1 can be generated by the security device 1, transmitted to the use device 3, and then transmitted to the user device 31, thus preventing replay attacks. It is also possible for the user device to generate a time-based number, such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the user device 31. The random number R may also contain geographic location information using the device 3.
本实施例在使用装置上输入用户名及密码,通过单向函数的计算,实现了对用户名标识数据的隐藏。In this embodiment, the user name and password are input on the device, and the hiding of the user name identification data is realized by the calculation of the one-way function.
显然,H(F)的作用就是用于安全装置1查找F对应的数据项,所以称为标识检索数据,而H(F||R||PIN)的作用是确认安全装置中的用户标识数据F,与用户装置中的F的一致性,所以称为标识认证数据,他同时也认证了PIN的正确性。标识检索数据及标识认证数据组成隐藏令牌。如果随机数R由用户装置产生,显然必须传送R到安全装置进行标识认证;这时隐藏令牌还包括随机数R。在APPLE_PAY中实际的标识有两个,即安全装置与用户装置可能都拥有同样的TONKEN和PAN,都可以用来生成标识检索数据和标识认证数据。就是说,利用安全装置和用户装置共同拥有的数据,都可以看成标识,实现标识的隐藏声明。Obviously, the role of H(F) is for the security device 1 to find the data item corresponding to F, so it is called the identifier retrieval data, and the role of H(F||R||PIN) is to confirm the user identification data in the security device. F, which is consistent with F in the user device, is called identification authentication data, and he also authenticates the correctness of the PIN. The identification retrieval data and the identification authentication data constitute a hidden token. If the random number R is generated by the user device, it is apparent that R must be transmitted to the security device for identity authentication; at this time the hidden token also includes the random number R. There are two actual identifiers in APPLE_PAY, that is, both the security device and the user device may have the same TONKEN and PAN, and both can be used to generate the identification retrieval data and the identification authentication data. That is to say, the data shared by the security device and the user device can be regarded as an identifier to realize a hidden statement of the logo.
本实施例的本质就是现在的网站注册登陆流程。目前网站登陆存在钓鱼网站的攻击。由于使用装置在登陆安全装置之前,如果没有密钥分配共享公开和秘密数据,那么用户名和密码就只能或相当于只能明文传送到安全装置。这样,当使用装置误入钓鱼网站,那么自己的用户名及密码就传送到钓鱼网站。The essence of this embodiment is the current website registration login process. At present, the website has an attack on a phishing website. Since the device is used to log in to the security device, if there is no key to share the public and secret data, the username and password can only be transmitted to the security device in plaintext. In this way, when the device is mistakenly entered into the phishing website, its username and password are transmitted to the phishing website.
现在对付钓鱼网站的办法,其一是用户装置是由安全装置通过安全途径发放到使用装置,这样可以认为他们之间可以进行密钥协商,然后加密交互数据。其二是对安全装置的登陆界面进行签名,而用用户装置进行签名认证来防止钓鱼网站。One way to deal with phishing websites now is that the user devices are distributed to the using devices by secure devices, so that they can be considered to have key negotiation and then encrypt the interactive data. The second is to sign the login interface of the security device, and use the user device to perform signature authentication to prevent phishing websites.
第一个解决方案,本质是每个网站都要分发用户装置。那么分发过程的安全性保证就是一个很大的问题。第二个解决方案的本质是认证签名的正确性,又是PKI的一套,对于没有签名的网站无法区分合法性。同时PKI签名在市场上多家经营,相互认证也是一个困难的工作。而实施例4,表明只要大家遵守同样的标准数据格式,和使用相同的单向函数,那么就能实现统一的登陆。The first solution is essentially the distribution of user devices on every website. Then the security guarantee of the distribution process is a big problem. The essence of the second solution is the correctness of the authentication signature, and it is a set of PKI. It is impossible to distinguish the legality from the website without signature. At the same time, PKI signatures are operated in many markets, and mutual authentication is also a difficult task. In the fourth embodiment, it is shown that as long as everyone follows the same standard data format and uses the same one-way function, unified login can be achieved.
显然,使用装置可以是用户使用的计算机,而浏览器可以看成用户装置。这就是浏览器的防钓鱼网站的方法、装置和***。因为当我们进入钓鱼网站后,钓鱼网站能够得到(H(F),H(F||R||PIN),R),但是他没有F(钓鱼目标),所以无法确定F;他没有PIN(钓鱼目标), 也无法确定PIN。唯一的攻击方法是,找到F1及PIN1使得(H(F1)=H(F),H(F1||R||PIN1)=H(F||R||PIN)。首先找到这样的碰撞很困难,同时由于单向函数的特点,即使找到这样的碰撞,也不能得到F1=F,PIN1=PIN的结论。Obviously, the device used can be a computer used by the user, and the browser can be viewed as a user device. This is the method, device and system of the browser's anti-phishing website. Because when we enter the phishing website, the phishing website can get (H(F), H(F||R||PIN), R), but he does not have F (fishing target), so I can't determine F; he doesn't have PIN ( Fishing target), It is also impossible to determine the PIN. The only attack method is to find F1 and PIN1 so that (H(F1)=H(F), H(F1||R||PIN1)=H(F||R||PIN). First find such a collision. Difficult, and due to the characteristics of the one-way function, even if such a collision is found, the conclusion that F1=F and PIN1=PIN cannot be obtained.
这里安全装置可以是网站,使用装置可以是计算机或者手机等终端,用户装置可以是浏览器、邮件客户端等需要登录网站的应用程序。Here, the security device may be a website, and the usage device may be a terminal such as a computer or a mobile phone, and the user device may be an application that needs to log in to the website, such as a browser or a mail client.
[实施例5]加盐及对称加密算法[Example 5] Salt addition and symmetric encryption algorithm
本实施例一种隐藏用户标识数据所关联的方法和***如图4所示。***由安全装置1、使用装置3及网络2。使用装置3内有用户装置31。其中安全装置1与使用装置3通过网络2连接。The method and system associated with hiding user identification data in this embodiment are as shown in FIG. 4 . The system consists of a security device 1, a device 3 and a network 2. The user device 31 is used in the use device 3. The security device 1 and the user device 3 are connected via a network 2.
用户装置31包括:F、PIN、单向函数H及对称密码算法DES。安全装置1包括:用户表(F,H0(F),H(PIN||SZ))、单向函数H、盐值SZ及对称密码算法DES;其中F为用户名(PAN),SZ为盐。这里H0(F)表示H(F)的前一半字节(如SM3的前128位),H1(F)表示H(F)的后一半字节(如SM3的后128位)。User device 31 includes: F, PIN, one-way function H, and symmetric cryptographic algorithm DES. The security device 1 includes: a user table (F, H0(F), H(PIN||SZ)), a one-way function H, a salt value SZ, and a symmetric cryptographic algorithm DES; where F is a user name (PAN) and SZ is a salt . Here H0(F) represents the first half of H(F) (such as the first 128 bits of SM3), and H1(F) represents the last half of H(F) (such as the last 128 bits of SM3).
安全装置1的用户表建立步骤为:The user table establishment procedure of the security device 1 is:
1、任意安全计算机终端登录安全装置1;1. Any secure computer terminal login security device 1;
2、输入注册用户名F及PIN,安全装置1有盐值SZ及H;2. Enter the registered user name F and PIN, and the safety device 1 has the salt values SZ and H;
3、安全装置1建立用户表项:(F,H0(F),H(PIN||SZ))。3. The security device 1 establishes a user entry: (F, H0(F), H(PIN||SZ)).
登陆的步骤为:The steps to log in are:
1、用户装置31有随机数R,得到F及PIN,计算(H0(F),DESH1(F)(F⊕R⊕PIN),R),通过使用装置传送到安全装置1;1. The user device 31 has a random number R, obtains F and PIN, and calculates (H0(F), DES H1(F) (F⊕R⊕PIN), R), and transmits it to the security device 1 through the use device;
2、安全装置1收到(H0(F),DESH1(F)(F⊕R⊕PIN),R),根据H0(F),查找用户表得到(F1,H0(F),H(PIN1||SZ));根据R并假设F=F1,PIN1=DESH1(F)(DESH1(F)(F⊕R⊕PIN1))⊕R⊕F,有盐值SZ,计算H(PIN1||SZ);如果H(PIN1||SZ)=H(PIN||SZ),表明F1=F;同时表明PIN1=PIN。则判定为合法用户,允许进行进一步的工作,如登陆。2. The security device 1 receives (H0(F), DES H1(F) (F⊕R⊕PIN), R), according to H0(F), finds the user table to get (F1, H0(F), H(PIN1) ||SZ)); according to R and assume F=F1, PIN1=DES H1(F) (DES H1(F) (F⊕R⊕PIN1))⊕R⊕F, with salt value SZ, calculate H(PIN1| |SZ); if H(PIN1||SZ)=H(PIN||SZ), it means F1=F; also indicates that PIN1=PIN. Then it is determined to be a legitimate user, allowing further work, such as landing.
步骤1中的随机数R可以由安全装置1产生,传送到使用装置3,然后传送到用户装置31,这样可以防止重放攻击。也可以由用户装置产生一个基于时间的数,如(随机数+时间)作为R,同样也可以防止重放攻击。还可以是用户装置31的地理位置信息。随机数R也可以包含使用装置3的地理位置信息。The random number R in step 1 can be generated by the security device 1, transmitted to the use device 3, and then transmitted to the user device 31, thus preventing replay attacks. It is also possible for the user device to generate a time-based number, such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the user device 31. The random number R may also contain geographic location information using the device 3.
这里用H(F)的前半部分为标识检索数据,后半部分为DES的密钥。显然从前半部分不可能得到后半部分。但是在有F的时候,容易得到这两部分。Here, the first half of H(F) is used to identify the data, and the second half is the key of DES. Obviously it is impossible to get the second half from the first half. But when there is F, it is easy to get these two parts.
而实施例4,表明只要大家遵守同样的标准数据格式,和使用相同的单向函数,那么就能实现统一的登陆,并防止钓鱼网站的钓鱼。In the fourth embodiment, it is shown that as long as everyone follows the same standard data format and uses the same one-way function, unified login can be achieved and phishing websites can be prevented from being phishing.
使用对称加密算法的核心是如何得到加密解密的密钥,本专利申请的核心是不进行密钥分配工作。所以,就只能利用安全装置与用户装置共同拥有的用户名F、PIN及R来实现。实施例用的是H1(F),即H(F)的后一半。其实也可以使用H(F||R)的一部分来实现,只要安全装置能够从H 0(F)找到相关的数据项,然后根据数据项能够得到正确的密钥即可。由于安全装置要保护PIN,并使用加盐来防止攻击;而不同安全装置的盐值不同,也不会对用户装置公开。所以不能使用PIN的数据来产生密钥,那么有下列满足网站(安全装置)使用加盐保护用户PIN 码数据的实施例。The core of using a symmetric encryption algorithm is how to obtain the key for encryption and decryption. The core of this patent application is that no key distribution work is performed. Therefore, it can only be realized by using the user names F, PIN and R shared by the security device and the user device. The example uses H1(F), the latter half of H(F). In fact, it can also be implemented using a part of H(F||R), as long as the security device can find the relevant data item from H 0(F) and then get the correct key according to the data item. Because the security device protects the PIN and uses salt to prevent attacks; the different security devices have different salt values and are not disclosed to the user device. So you can't use the PIN data to generate the key, then the following website (security device) is used to protect the user PIN with salt. An embodiment of code data.
这里安全装置可以是网站,使用装置可以是计算机或者手机等终端,用户装置可以是浏览器、邮件客户端等需要登录网站的应用程序。Here, the security device may be a website, and the usage device may be a terminal such as a computer or a mobile phone, and the user device may be an application that needs to log in to the website, such as a browser or a mail client.
[实施例6]检索数据捆绑PIN[Embodiment 6] Retrieving data bundle PIN
本实施例一种隐藏用户标识数据所关联的方法和***如图4所示。***由安全装置1、使用装置3及网络2。使用装置3内有用户装置31。其中安全装置1与使用装置3通过网络2连接。The method and system associated with hiding user identification data in this embodiment are as shown in FIG. 4 . The system consists of a security device 1, a device 3 and a network 2. The user device 31 is used in the use device 3. The security device 1 and the user device 3 are connected via a network 2.
用户装置31包括:F、PIN、单向函数H及对称密码算法DES。安全装置1包括:用户表(F,H0(F||PIN),H(PIN||SZ))、单向函数H及对称密码算法DES;其中F为用户名(PAN),SZ为盐。这里H0(F)表示H(F)的前一半字节(如SM3的前128位),H1(F)表示H(F)的后一半字节(如SM3的后128位)。User device 31 includes: F, PIN, one-way function H, and symmetric cryptographic algorithm DES. The security device 1 includes: a user table (F, H0 (F||PIN), H (PIN||SZ)), a one-way function H, and a symmetric cryptographic algorithm DES; where F is a user name (PAN) and SZ is a salt. Here H0(F) represents the first half of H(F) (such as the first 128 bits of SM3), and H1(F) represents the last half of H(F) (such as the last 128 bits of SM3).
安全装置1的用户表建立步骤为:The user table establishment procedure of the security device 1 is:
1、任意安全计算机终端登录安全装置1;1. Any secure computer terminal login security device 1;
2、输入注册用户名F及PIN,安全装置1有盐值SZ;2. Enter the registered user name F and PIN, and the security device 1 has a salt value SZ;
3、安全装置1建立用户表项:(F,H0(F||PIN),H(PIN||SZ))。3. The security device 1 establishes a user entry: (F, H0(F||PIN), H(PIN||SZ)).
登陆的步骤为:The steps to log in are:
1、用户装置31有随机数R,得到F及PIN,计算(H0(F||PIN),DESH1(F)(F||PIN⊕R),R),通过使用装置传送到安全装置1;1. The user device 31 has a random number R, obtains F and PIN, calculates (H0(F||PIN), DES H1(F) (F||PIN⊕R), R), and transmits it to the security device 1 by using the device. ;
2、安全装置1收到(H0(F||PIN),DESH1(F)(F||PIN⊕R),R),根据H0(F||PIN),查找用户表得到(F1,H0(F||PIN),H(PIN1||SZ));有R,假设F1=F,则DESH1(F)(DESH1(F)(F||PIN⊕R))中可以分离的到PIN,安全装置有盐值SZ,计算H(PIN||SZ);如果H(PIN||SZ)=H(PIN1||SZ),表明F1=F;同时表明PIN1=PIN。则判定为合法用户,允许进行进一步的工作,如登陆。2. The security device 1 receives (H0(F||PIN), DES H1(F) (F||PIN⊕R), R), according to H0(F||PIN), finds the user table to get (F1, H0) (F||PIN), H(PIN1||SZ)); with R, assuming F1=F, then DES H1(F) (DES H1(F) (F||PIN⊕R)) can be separated PIN, the safety device has a salt value SZ, calculate H (PIN||SZ); if H(PIN||SZ)=H(PIN1||SZ), it indicates F1=F; also indicates that PIN1=PIN. Then it is determined to be a legitimate user, allowing further work, such as landing.
步骤1中的随机数R可以由安全装置1产生,传送到使用装置3,然后传送到用户装置31,这样可以防止重放攻击。也可以由用户装置产生一个基于时间的数,如(随机数+时间)作为R,同样也可以防止重放攻击。还可以是用户装置31的地理位置信息。随机数R也可以包含使用装置3的地理位置信息。The random number R in step 1 can be generated by the security device 1, transmitted to the use device 3, and then transmitted to the user device 31, thus preventing replay attacks. It is also possible for the user device to generate a time-based number, such as (random number + time) as R, as well as to prevent replay attacks. It may also be the geographical location information of the user device 31. The random number R may also contain geographic location information using the device 3.
这里用H(F)的前半部分为标识检索数据,后半部分为DES的密钥。显然从前半部分不可能得到后半部分。但是在有F的时候,容易得到这两部分。其实也可以使用H(F||R)的一部分来实现,只要安全装置与用户装置的密钥同步即可。Here, the first half of H(F) is used to identify the data, and the second half is the key of DES. Obviously it is impossible to get the second half from the first half. But when there is F, it is easy to get these two parts. In fact, it is also possible to use a part of H(F||R) as long as the security device synchronizes with the key of the user device.
而实施例4,表明只要大家遵守同样的标准数据格式,和使用相同的单向函数,使用相同的对称加密算法,使用同步的密钥算法,那么就能实现统一的登陆,并防止钓鱼网站的钓鱼。In the fourth embodiment, it is shown that as long as everyone follows the same standard data format and uses the same one-way function, using the same symmetric encryption algorithm and using the synchronous key algorithm, unified login can be achieved and the phishing website can be prevented. fishing.
从本实施例可以看出,标识检索数据可以不是单向函数产生的所有数据。也可以使用其中部分作为标识检索数据。使用哪部分只要安全装置与用户装置一致即可。从本实施例也可以看出,还可以用标识数据单向函数结果的部分构建对称加密的密钥,来保证安全装置在有对应用户名时,能够安全传送身份认证数据(如PIN)。As can be seen from this embodiment, the identification retrieval data may not be all data generated by a one-way function. It is also possible to use part of it as an identifier to retrieve data. Which part is used as long as the security device is identical to the user device. It can also be seen from the embodiment that the symmetrically encrypted key can also be constructed with the part identifying the result of the data one-way function to ensure that the security device can securely transmit the identity authentication data (such as PIN) when there is a corresponding user name.
本实施例还说明了一种使用身份认证数据及标识数据,共同生成标识检索数据的实施例。This embodiment also describes an embodiment in which identity authentication data and identification data are used to collectively generate identification search data.
实施例4、5或6实际上就是防止钓鱼网站,防止通过钓鱼的方法获得用户的用户名及密码的方法。 Embodiment 4, 5 or 6 is actually a method of preventing a phishing website from preventing the user's username and password from being obtained by means of phishing.
这里安全装置可以是网站,使用装置可以是计算机或者手机等终端,用户装置可以是浏览器、邮件客户端等需要登录网站的应用程序。Here, the security device may be a website, and the usage device may be a terminal such as a computer or a mobile phone, and the user device may be an application that needs to log in to the website, such as a browser or a mail client.
上述所有实施例中,安全装置可以与银行直接连接,也可以与银行收单机构通过网络连接,甚至安全装置就是银行收单机构或银行。当然通过网络连接应该增加密码技术保证信息从安全装置到银行收单机构的安全性。在以上的实施例中,装置之间的数据传送,在叙述时有的没有采用加密技术。两个设备通信的加密技术及密钥分配,对称密码体制和公开密码体制这些技术都是公知技术。我们的实施例都可以使用这些技术实现通信的加密。为叙述方便,就不具体一一叙述。In all of the above embodiments, the security device can be directly connected to the bank, or can be connected to the bank acquiring institution through a network, and even the security device is a bank acquiring institution or a bank. Of course, through the network connection, password technology should be added to ensure the security of information from security devices to bank acquirers. In the above embodiments, the data transfer between the devices is not described in the description. The encryption technology and key distribution of the two device communication, the symmetric cryptosystem and the public cryptosystem are all well-known technologies. These embodiments can use these techniques to implement encryption of communications. For the convenience of description, it is not specifically described.
在实施例2中,我们使用在确认装置上输入PIN码来表示输入身份认证数据。但是实际上,由于确认装置大多数情况下是手持通讯设备,有很强的计算能力。所以完全可以采用更强的身份认证协议和数据,如零知识身份认证协议。总之,确认装置通过与安全装置或关联服务器的连接,把身份认证所需的数据传送上去,用于关联付款账户,然后共同构成支付数据,或生成支付数据。In Embodiment 2, we use the PIN code input on the confirmation device to indicate the input of the authentication data. But in fact, because the confirmation device is mostly a handheld communication device, it has a strong computing power. Therefore, it is possible to adopt stronger identity authentication protocols and data, such as a zero-knowledge identity authentication protocol. In summary, the confirmation device transmits the data required for identity authentication through the connection with the security device or the associated server for association with the payment account, and then collectively constitutes payment data or generates payment data.
以上用实施例来说明本发明的方法。但是本发明并不完全限定用于银行应用,显然也可以应用于网络游戏,还有其他需要隐藏用户名或用户标识的应用。尽管在以上的实施例中对本发明进行了描述,但可以理解,以上实施例的描述是说明性的而非限制性的,本领域的熟练技术人员可以理解,在不脱离由权利要求书定义的本发明的精神和范围的前提下,可做出各种变形、改进、修改和替换。 The method of the present invention has been described above by way of examples. However, the present invention is not completely limited to banking applications, and can obviously be applied to online games as well as other applications that need to hide user names or user identifications. Although the invention has been described in the foregoing embodiments, it is understood that the foregoing description of the embodiments Various modifications, improvements, changes and substitutions are possible in the spirit and scope of the invention.

Claims (11)

  1. 一种隐藏用户标识数据的***,它包括:A system for hiding user identification data, which includes:
    用户装置,产生隐藏用户标识数据的隐藏令牌;a user device that generates a hidden token that hides user identification data;
    使用装置,从用户装置获得隐藏令牌及其他数据;Using the device to obtain hidden tokens and other data from the user device;
    安全装置,根据隐藏令牌确认标识数据;a security device that confirms the identification data based on the hidden token;
    用户装置与使用装置连接,使用装置与安全装置连接;The user device is connected to the use device, and the use device is connected to the security device;
    用户装置根据用户标识数据,使用单向函数计算得到标识检索数据;用户装置根据随机数及标识数据,使用密码函数计算得到标识认证数据;标识检索数据及标识认证数据组成隐藏令牌,传送到安全装置;安全装置根据隐藏令牌的标识检索数据,找到相关用户标识数据项,并根据随机数及隐藏令牌的标识认证数据,确认标识数据。The user device calculates the identification search data by using a one-way function according to the user identification data; the user device calculates the identification authentication data by using the cryptographic function according to the random number and the identification data; the identification retrieval data and the identification authentication data constitute a hidden token, and the transmission is performed to the security. The device retrieves data according to the identifier of the hidden token, finds the relevant user identification data item, and confirms the identification data according to the random number and the identification authentication data of the hidden token.
  2. 根据权利要求1的***,特征在于用户装置中的随机数可以是时间数据、或使用次数数据、或临时产生的随机数、或地理位置信息,或身份认证数据,或接收到的随机数及以上组合。The system of claim 1 wherein the random number in the user device can be time data, or usage data, or temporarily generated random numbers, or geographic location information, or identity authentication data, or received random numbers and above combination.
  3. 一种隐藏用户标识数据的装置,它包括:A device for hiding user identification data, comprising:
    单向函数计算装置,随机数装置,标识数据存储装置,通讯装置;One-way function computing device, random number device, identification data storage device, communication device;
    当隐藏用户标识数据的装置通过通讯装置连接到其他设备,接收到要求提供隐藏令牌命令后,从标识数据存储装置获得用户标识,使用单向函数计算得到标识检索数据;从随机数装置获得随机数,用户装置根据随机数及标识数据,使用密码函数计算得到标识认证数据;标识检索数据及标识认证数据组成隐藏令牌,并把结果通过通讯装置传送到其连接的设备。When the device for hiding the user identification data is connected to the other device through the communication device, after receiving the request to provide the hidden token command, obtaining the user identifier from the identification data storage device, using the one-way function to calculate the identification search data; obtaining the random data from the random number device The user device calculates the identification authentication data by using the cryptographic function according to the random number and the identification data; the identification retrieval data and the identification authentication data constitute a hidden token, and the result is transmitted to the connected device through the communication device.
  4. 根据权利要求3的装置,特征在于随机数装置可以是产生时间的装置,也可以是存储使用次数的装置,还可以是真随机数生成装置,或地理位置信息装置,或身份认证数据装置,或通信装置接收到的随机数及以上组合。The apparatus according to claim 3, wherein the random number means is a time generating means, a means for storing the number of uses, a true random number generating means, or a geographical location information means, or an identity authentication data means, or The random number received by the communication device and the above combination.
  5. 一种隐藏用户标识数据的方法,它包括:A method of hiding user identification data, which includes:
    A、用户装置根据用户标识数据,使用单向函数计算得到标识检索数据;A. The user device calculates the identifier retrieval data by using a one-way function according to the user identification data;
    B、用户装置根据随机数及标识数据,使用密码函数计算得到标识认证数据;B. The user device calculates the identification authentication data by using a cryptographic function according to the random number and the identification data;
    C、标识检索数据及标识认证数据组成隐藏令牌,传送到安全装置;C. The identification retrieval data and the identification authentication data constitute a hidden token and transmitted to the security device;
    D、安全装置根据隐藏令牌的标识检索数据,找到相关用户标识数据项,并根据随机数及隐藏令牌的标识认证数据,确认标识数据。D. The security device retrieves data according to the identifier of the hidden token, finds the relevant user identification data item, and confirms the identification data according to the random number and the identification authentication data of the hidden token.
  6. 根据权利要求5的方法,其特征在于步骤A中生成标识检索数据的数据,还包括其他数据,如身份认证数据。The method of claim 5 wherein the step of generating data identifying the retrieved data further comprises other data, such as identity authentication data.
  7. 根据权利要求5的方法,其特征在于步骤B中的随机数可以是时间数据、或使用次数数据、或临时产生的随机数、或地理位置信息、或身份认证数据、或接收到的随机数及以上组合。The method of claim 5 wherein the random number in step B can be time data, or usage data, or temporarily generated random numbers, or geographic location information, or identity authentication data, or received random numbers and The above combination.
  8. 根据权利要求5的方法,其特征在于步骤C还有使用装置传送收款账户及金额到安全装置的步骤。The method of claim 5 wherein step C further comprises the step of using the apparatus to transmit the payment account and the amount to the security device.
  9. 根据权利要求5的方法,其特征在于步骤D后,还有安全装置转换用户标识数据为主账号(PAN)的步骤。The method of claim 5, wherein after step D, there is further a step of the security device converting the user identification data to a primary account (PAN).
  10. 根据权利要求5的方法,其特征在于还有用用户标识数据生成对称加密密钥的步骤,用于加密标识认证数据或(和)身份认证数据。The method of claim 5 further characterized by the step of generating a symmetric encryption key with the user identification data for encrypting the identification authentication data or (and) the identity authentication data.
  11. 根据权利要求5到10的方法,其特征在于是他们的任意组合。 Method according to claims 5 to 10, characterized in that they are any combination.
PCT/CN2016/083130 2015-05-25 2016-05-24 Apparatus, method and system for hiding user identifier data WO2016188401A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201680029857.3A CN107615797B (en) 2015-05-25 2016-05-24 Device, method and system for hiding user identification data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510268747.X 2015-05-25
CN201510268747 2015-05-25

Publications (1)

Publication Number Publication Date
WO2016188401A1 true WO2016188401A1 (en) 2016-12-01

Family

ID=57392518

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/CN2016/083135 WO2016188402A1 (en) 2015-05-25 2016-05-24 Network anti-phishing apparatus, method and system
PCT/CN2016/083130 WO2016188401A1 (en) 2015-05-25 2016-05-24 Apparatus, method and system for hiding user identifier data

Family Applications Before (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/083135 WO2016188402A1 (en) 2015-05-25 2016-05-24 Network anti-phishing apparatus, method and system

Country Status (2)

Country Link
CN (2) CN107615704B (en)
WO (2) WO2016188402A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108805540A (en) * 2018-05-04 2018-11-13 中电玺客信用服务有限公司 A kind of payment processing system, method and digital object mark
TWI786252B (en) * 2018-03-16 2022-12-11 開曼群島商創新先進技術有限公司 Payment method, device and equipment

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112261005B (en) * 2020-09-27 2022-12-06 中孚安全技术有限公司 Method and system for hiding Web secure login password
CN115630400B (en) * 2022-12-21 2023-05-26 中电科网络安全科技股份有限公司 Query method, device, equipment and storage medium for de-identified data

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004084050A1 (en) * 2003-03-21 2004-09-30 Koninklijke Philips Electronics N.V. User identity privacy in authorization certificates
CN102075937A (en) * 2011-01-06 2011-05-25 西安电子科技大学 Method for realizing mobile node identity anonymity during mobile internet protocol (IP) registration
CN102136079A (en) * 2011-03-07 2011-07-27 中兴通讯股份有限公司 Dynamic authentication method between reader and tag card and implementing device thereof
CN103595710A (en) * 2013-10-25 2014-02-19 北京交通大学 Method for generating connection identifiers in integrated identification network
CN103782538A (en) * 2011-11-11 2014-05-07 株式会社东芝 Authenticator

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7751584B2 (en) * 2003-11-14 2010-07-06 Intel Corporation Method to provide transparent information in binary drivers via steganographic techniques
US7434050B2 (en) * 2003-12-11 2008-10-07 International Business Machines Corporation Efficient method for providing secure remote access
EP1913509B1 (en) * 2005-08-05 2011-10-19 Hewlett-Packard Development Company, L.P. System, method and apparatus to obtain a key for encryption/decryption/data recovery from an enterprise cryptography key management system
CN101471770B (en) * 2007-12-24 2011-08-03 毛华 Method for determining inquiry answer type bidirectional identification and business
CN101667255B (en) * 2008-09-04 2011-12-21 华为技术有限公司 Security authentication method, device and system for radio frequency identification
CN102143190B (en) * 2011-05-11 2015-05-20 江汉大学 Safe login method and device
CN102195782A (en) * 2011-06-07 2011-09-21 吉林大学 Two-way identity authentication method with integration of identity and password for mailing system
CN103139136B (en) * 2011-11-22 2016-06-08 阿里巴巴集团控股有限公司 The management process of a kind of password and equipment
US20130226812A1 (en) * 2012-02-24 2013-08-29 Mads Landrok Cloud proxy secured mobile payments
CN102624740B (en) * 2012-03-30 2016-05-11 北京奇虎科技有限公司 A kind of data interactive method and client, server
CN103415011B (en) * 2013-08-05 2015-12-23 浙江工商大学 Vehicular ad hoc network based on intelligent card security authentication method
CN104408623A (en) * 2014-10-11 2015-03-11 福建升腾资讯有限公司 Identity authentication method suitable for product payment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004084050A1 (en) * 2003-03-21 2004-09-30 Koninklijke Philips Electronics N.V. User identity privacy in authorization certificates
CN102075937A (en) * 2011-01-06 2011-05-25 西安电子科技大学 Method for realizing mobile node identity anonymity during mobile internet protocol (IP) registration
CN102136079A (en) * 2011-03-07 2011-07-27 中兴通讯股份有限公司 Dynamic authentication method between reader and tag card and implementing device thereof
CN103782538A (en) * 2011-11-11 2014-05-07 株式会社东芝 Authenticator
CN103595710A (en) * 2013-10-25 2014-02-19 北京交通大学 Method for generating connection identifiers in integrated identification network

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI786252B (en) * 2018-03-16 2022-12-11 開曼群島商創新先進技術有限公司 Payment method, device and equipment
CN108805540A (en) * 2018-05-04 2018-11-13 中电玺客信用服务有限公司 A kind of payment processing system, method and digital object mark
CN108805540B (en) * 2018-05-04 2021-10-29 ***用服务有限公司 Payment processing system, method and digital object identifier

Also Published As

Publication number Publication date
CN107615797A (en) 2018-01-19
CN107615797B (en) 2021-01-26
CN107615704B (en) 2021-06-25
CN107615704A (en) 2018-01-19
WO2016188402A1 (en) 2016-12-01

Similar Documents

Publication Publication Date Title
JP5066827B2 (en) Method and apparatus for authentication service using mobile device
RU2710897C2 (en) Methods for safe generation of cryptograms
US20170249633A1 (en) One-Time Use Password Systems And Methods
US8539569B2 (en) Systems and methods for facilitating user authentication over a network
US9338163B2 (en) Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method
US8924714B2 (en) Authentication with an untrusted root
US9258296B2 (en) System and method for generating a strong multi factor personalized server key from a simple user password
US8214890B2 (en) Login authentication using a trusted device
US20090172402A1 (en) Multi-factor authentication and certification system for electronic transactions
GB2434724A (en) Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters
KR20130107188A (en) Server and method for authentication using sound code
JP2013514556A (en) Method and system for securely processing transactions
US9654466B1 (en) Methods and systems for electronic transactions using dynamic password authentication
WO2019229761A1 (en) Virtual smart card for banking and payments
WO2016188401A1 (en) Apparatus, method and system for hiding user identifier data
US20190333062A1 (en) Secure authentication and transaction system and method
Mishra et al. An anonymous biometric‐based remote user‐authenticated key agreement scheme for multimedia systems
TWI786039B (en) Offline payment method, terminal equipment, backstage payment device and offline payment system
CN101425901A (en) Control method and device for customer identity verification in processing terminals
WO2015110043A1 (en) Dual-channel identity authentication selection device, system and method
CN114565382A (en) Transaction account anonymous payment method and system
CN106415636B (en) Device, method and system for hiding user identification data
Sudhakar et al. Secured mutual authentication between two entities
WO2015110039A1 (en) Method and system for inputting payment account using public data of card
WO2015110037A1 (en) Dual-channel identity authentication method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16799289

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16799289

Country of ref document: EP

Kind code of ref document: A1