+

CN102547681A - Intelligent key device and identity authentication method - Google Patents

Intelligent key device and identity authentication method Download PDF

Info

Publication number
CN102547681A
CN102547681A CN2011100293494A CN201110029349A CN102547681A CN 102547681 A CN102547681 A CN 102547681A CN 2011100293494 A CN2011100293494 A CN 2011100293494A CN 201110029349 A CN201110029349 A CN 201110029349A CN 102547681 A CN102547681 A CN 102547681A
Authority
CN
China
Prior art keywords
interface
intelligent key
key apparatus
short
communication module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011100293494A
Other languages
Chinese (zh)
Other versions
CN102547681B (en
Inventor
洪填义
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nationz Technologies Inc
Original Assignee
Nationz Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nationz Technologies Inc filed Critical Nationz Technologies Inc
Priority to CN201110029349.4A priority Critical patent/CN102547681B/en
Publication of CN102547681A publication Critical patent/CN102547681A/en
Application granted granted Critical
Publication of CN102547681B publication Critical patent/CN102547681B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提供一种智能密钥装置,包括短距离通信模块、第一SIM卡接口、第二SIM卡接口、CPU、安全组件、储存器。CPU分别与短距离通信模块、第一SIM卡接口、第二SIM卡接口、安全组件、储存器相连。该密钥装置与带上网功能的移动终端相配合完成网银交易的身份认证。或者该智能密钥装置与移动终端、无线通信装置、网络终端和服务器配合完成网银交易的身份认证。利用本发明技术方案进行身份认证时,还可通过移动终端实时地向操作者显示操作细节及操作详情,增强了身份认证过程中操作者的参与性以及安全性。

Figure 201110029349

The invention provides an intelligent key device, which includes a short-distance communication module, a first SIM card interface, a second SIM card interface, a CPU, a security component, and a memory. The CPU is respectively connected with the short-distance communication module, the first SIM card interface, the second SIM card interface, the security component and the storage. The key device cooperates with the mobile terminal with Internet access function to complete the identity authentication of online banking transactions. Or the smart key device cooperates with the mobile terminal, the wireless communication device, the network terminal and the server to complete the identity authentication of the online banking transaction. When using the technical scheme of the invention for identity authentication, the mobile terminal can also display the operation details and operation details to the operator in real time, which enhances the operator's participation and safety in the identity authentication process.

Figure 201110029349

Description

一种智能密钥装置和身份认证方法An intelligent key device and identity authentication method

技术领域 technical field

本发明涉及通讯领域,尤其涉及一种新型智能密钥装置以及利用该智能密钥装置进行身份认证的认证方法。 The invention relates to the communication field, in particular to a novel intelligent key device and an authentication method for identity authentication using the intelligent key device.

背景技术 Background technique

在目前的日常生活中,随着网上银行的发展及安全意识的普及,KEY(智能密钥)作为一种操作员身份认证的数字证书存储介质,正广泛使用在银行系统网上银行的用户身份认证、企业财务人员网上报税、网上企业电子付税等多领域的身份确认。 In the current daily life, with the development of online banking and the popularization of security awareness, KEY (smart key), as a digital certificate storage medium for operator identity authentication, is widely used in user identity authentication of online banking in the banking system. , corporate financial personnel online tax declaration, online corporate electronic tax payment and other multi-field identity confirmation.

伴随着通讯业的发展,移动终端逐渐成为人们必备的随身物品之一。这样网银用户在日常生活中必须同时携带USB 智能密钥以及移动终端,才能完成网上银行交易。这就增加了网银用户进行操作时的复杂性以及成本。并且,目前市面上的USB 身份认证装置必须与电脑配合才能完成网银交易,由于开放式互联网存在诸多不安全因素,使用者通过互联网进行网上交易时,就降低了金融应用的安全性,而且现有的网银交易无法直观地向用户展示交易的流程与细节,使用者缺乏参与性与可操作性,逐渐无法满足人们的要求。 Along with the development of the communication industry, mobile terminals have gradually become one of the necessary personal belongings for people. In this way, online banking users must carry USB smart keys and mobile terminals in daily life to complete online banking transactions. This increases the complexity and cost of the online banking user's operations. Moreover, the USB identity authentication devices currently on the market must cooperate with computers to complete online banking transactions. Due to many insecure factors in the open Internet, when users conduct online transactions through the Internet, the security of financial applications is reduced. Online banking transactions cannot intuitively display the transaction process and details to users, and users lack participation and operability, which gradually fails to meet people's requirements.

发明内容 Contents of the invention

本发明的目的在于提供一种使用便捷、操作安全系数高的智能密钥装置、以及利用该装置进行认证的方法。 The object of the present invention is to provide an intelligent key device with convenient use and high operation safety factor, and a method for authentication using the device.

作为本发明技术方案的一方面,提供一种智能密钥装置,包括短距离通信模块、第一SIM卡接口、第二SIM卡接口、CPU、安全组件、储存器, As an aspect of the technical solution of the present invention, a smart key device is provided, including a short-distance communication module, a first SIM card interface, a second SIM card interface, a CPU, a security component, and a storage device,

所述CPU分别与所述短距离通信模块、所述第一SIM卡接口、所述第二SIM卡接口、所述安全组件、和所述储存器相连; The CPU is respectively connected to the short-distance communication module, the first SIM card interface, the second SIM card interface, the security component, and the storage;

所述第一SIM卡接口与所述智能密钥装置外部的移动终端进行通信;所述第二SIM卡接口与所述移动终端内的SIM卡进行通信;所述短距离通信模块实现本智能密钥装置的短距离无线通信;所述安全组件对智能密钥装置使用者的操作信息进行数字签名和\或加密。 The first SIM card interface communicates with the mobile terminal outside the smart key device; the second SIM card interface communicates with the SIM card in the mobile terminal; the short-distance communication module implements the smart key device. The short-distance wireless communication of the key device; the security component digitally signs and/or encrypts the operation information of the user of the smart key device.

进一步地,所述短距离通信模块还具有通信距离控制功能,用于控制所述短距离通信模块进行无线通信的距离。 Further, the short-distance communication module also has a communication distance control function, which is used to control the wireless communication distance of the short-distance communication module.

进一步地,所述短距离通信模块为2.4GHz RFID、蓝牙、红外、Zigbee、WIFI通信模块中的一种或多种。 Further, the short-distance communication module is one or more of 2.4GHz RFID, Bluetooth, infrared, Zigbee, and WIFI communication modules.

进一步地,所述操作信息包括转账账号、转账金额、转账时间。 Further, the operation information includes transfer account number, transfer amount, and transfer time.

进一步地,所述智能密钥装置上设置有至少一个容纳腔,所述SIM卡装配入所述容纳腔。 Further, the smart key device is provided with at least one accommodating cavity, and the SIM card is assembled into the accommodating cavity.

作为本发明技术方案的另一方面,还提供一种身份认证方法,上述智能密钥装置装配入移动终端,按照以下步骤进行身份认证: As another aspect of the technical solution of the present invention, an identity authentication method is also provided. The above-mentioned smart key device is assembled into a mobile terminal, and the identity authentication is performed according to the following steps:

步骤一,所述智能密钥装置通过第二SIM卡接口和/或短距离通信模块与外部服务器之间建立通信; Step 1, the smart key device establishes communication with an external server through the second SIM card interface and/or the short-distance communication module;

步骤二,所述智能密钥装置读取其内部储存器内保存的合法的使用者身份信息,对经由所述移动终端输入的使用者身份信息进行使用者身份认证; Step 2, the smart key device reads legal user identity information stored in its internal storage, and performs user identity authentication on the user identity information input via the mobile terminal;

步骤三,所述智能密钥装置的第一SIM卡接口接收所述移动终端发送来的操作信息,并将接收到的所述操作信息通过所述第一SIM卡接口返回至所述移动终端确认; Step 3: The first SIM card interface of the smart key device receives the operation information sent by the mobile terminal, and returns the received operation information to the mobile terminal through the first SIM card interface for confirmation ;

步骤四,所述智能密钥装置等待接收所述移动终端返回确认信息; Step 4, the smart key device waits to receive confirmation information returned by the mobile terminal;

步骤五,所述智能密钥装置接收到所述移动终端返回的确认信息后,由安全组件对所述操作信息进行数字签名和加密,并通过所述第二SIM卡接口和/或所述短距离通信模块发送至所述服务器进行操作认证。 Step 5, after the smart key device receives the confirmation information returned by the mobile terminal, the security component digitally signs and encrypts the operation information, and sends The distance communication module sends it to the server for operation authentication.

进一步地,在所述步骤一中,所述智能密钥装置内部的所述第二SIM卡接口通过所述移动终端内的SIM卡与所述服务器建立通信。 Further, in the first step, the second SIM card interface inside the smart key device establishes communication with the server through the SIM card in the mobile terminal.

进一步地,在所述步骤一中,所述智能密钥装置内部的所述短距离通信模块,通过无线通信装置和网络终端与所述服务器建立通信; Further, in the first step, the short-distance communication module inside the smart key device establishes communication with the server through a wireless communication device and a network terminal;

所述无线通信装置包括第一接口、第二接口、信号转换模块,所述信号转换模块分别与所述第一接口和所述第二接口相连; The wireless communication device includes a first interface, a second interface, and a signal conversion module, and the signal conversion module is respectively connected to the first interface and the second interface;

所述第一接口与所述网络终端相连,所述第二接口接收所述智能密钥装置发送来的加密后的操作信息,经所述信号转换模块和所述第一接口发送至所述网络终端,由所述网络终端发送至所述服务器进行操作认证。 The first interface is connected to the network terminal, the second interface receives the encrypted operation information sent by the smart key device, and sends it to the network through the signal conversion module and the first interface terminal, sent by the network terminal to the server for operation authentication.

进一步地,所述第一接口为USB接口、SD接口、MMC接口中的一种或多种;和/或,所述第一接口为2.4GHz RFID、蓝牙、红外、Zigbee、WIFI接口中的一种或多种; Further, the first interface is one or more of USB interface, SD interface, MMC interface; and/or, the first interface is one of 2.4GHz RFID, bluetooth, infrared, Zigbee, WIFI interface one or more kinds;

所述第二接口为2.4GHz RFID、蓝牙、红外、Zigbee、WIFI接口中的一种或多种。 The second interface is one or more of 2.4GHz RFID, Bluetooth, infrared, Zigbee, and WIFI interfaces.

进一步地,所述步骤二中,所述使用者身份信息为PIN码。 Further, in the second step, the user identity information is a PIN code.

进一步地,所述移动终端接收所述智能密钥装置返回的所述操作信息,通过STK菜单或者具有界面显示功能的软件向操作者显示,由操作者进行确认。 Further, the mobile terminal receives the operation information returned by the smart key device, displays it to the operator through the STK menu or software with interface display function, and the operator confirms it.

本发明的有益效果是:提供了一种以无线通信方式对网上交易进行身份认证的智能密钥装置及认证方法,这样,不仅在移动终端具备上网功能时可完成网上交易的身份认证,在移动终端不具备上网功能或上网功能受限时,同样可利用本发明的智能密钥装置完成网上交易的身份认证。此外,利用本发明技术方案进行身份认证时,还可通过移动终端实时地向操作者显示操作细节及操作详情,增强了身份认证过程中操作者的参与性以及安全性。 The beneficial effects of the present invention are: provide an intelligent key device and authentication method for online transaction identity authentication in a wireless communication mode, so that not only the identity authentication of online transactions can be completed when the mobile terminal has the Internet access function, but also in the mobile terminal When the terminal does not have the Internet access function or the Internet access function is limited, the smart key device of the present invention can also be used to complete the identity authentication of online transactions. In addition, when using the technical scheme of the present invention for identity authentication, the mobile terminal can also display the operation details and operation details to the operator in real time, which enhances the operator's participation and safety in the identity authentication process.

附图说明 Description of drawings

图1为本发明智能密钥装置的外形结构示意图; Fig. 1 is a schematic diagram of the appearance and structure of the smart key device of the present invention;

图2为本发明智能密钥装置的构成示意图; Fig. 2 is a schematic diagram of the composition of the smart key device of the present invention;

图3为本发明中的无线通信装置的构成示意图; 3 is a schematic diagram of the composition of the wireless communication device in the present invention;

图4为本发明身份认证方法的第一种流程示意图; Fig. 4 is a schematic flow chart of the first kind of identity authentication method of the present invention;

图5为本发明身份认证方法的第二种流程示意图。 Fig. 5 is a schematic flow chart of the second identity authentication method of the present invention.

具体实施方式 Detailed ways

以下结合附图对本发明的原理和特征进行描述,所举实例只用于解释本发明,并非用于限定本发明的范围。 The principles and features of the present invention are described below in conjunction with the accompanying drawings, and the examples given are only used to explain the present invention, and are not intended to limit the scope of the present invention.

作为本发明技术方案的一方面,提供了一种智能密钥装置12,其外形结构图如图1所示,智能密钥装置12上设置有一容纳腔20,微型SIM卡30嵌入容纳腔20内,与智能密钥装置12共同装配入移动终端(例如手机)内,与移动终端相配合完成身份认证。其中,智能密钥装置12的外形及大小可与标准SIM卡(例如ID-1卡)的外形和大小相同;容纳腔20的外形与尺寸应与待装配的微型SIM卡30的形状及尺寸相匹配,可参考Micro SIM卡等相关产品的要求来设计。 As one aspect of the technical solution of the present invention, a smart key device 12 is provided, the outline structure diagram of which is shown in FIG. , together with the smart key device 12, is assembled into a mobile terminal (such as a mobile phone), and cooperates with the mobile terminal to complete identity authentication. Wherein, the shape and size of the smart key device 12 can be the same as the shape and size of a standard SIM card (such as an ID-1 card); Matching can be designed with reference to the requirements of Micro SIM cards and other related products.

下面对本发明的智能密钥装置12进行详细介绍,如图2所示,智能密钥装置11包括第一SIM卡接口100、第二SIM卡接口200、CPU300、安全组件400、储存器500、短距离通信模块。CPU300分别与第一SIM卡接口100、第二SIM卡接口200、安全组件400、储存器500、短距离通信模块相连。第二SIM卡接口200与智能密钥装置12外部的移动终端内的SIM卡相连,第二SIM卡接口200通过移动终端内的SIM卡与外部服务器进行通信。短距离通信模块,用于实现智能密钥装置与服务器之间的通信。当智能密钥装置12装配入移动终端时,第一SIM卡接口100接收移动终端发送的使用者身份信息和操作信息:第一SIM卡接口100将接收的使用者身份信息发送至CPU300进行使用者身份认证;第一SIM卡接口100将操作信息发送至移动终端确认后,再将操作信息发送至安全组件400进行数字签名和加密,发送至服务器进行操作认证。其中,安全组件400,用于根据CPU300的控制,对操作信息进行数字签名和加密,并将加密后的操作信息经由CPU300发送至第二SIM卡接口200和/或短距离通信模块。储存器500,用于保存合法的使用者身份信息,配合CPU300进行使用者身份认证。第二SIM卡接口200与第一SIM卡接口100之间的数据还通过CPU300透传。本发明的智能密钥装置12不仅可在移动终端具备上网功能时完成网上交易的身份认证,也可在移动终端不具备上网功能或上网功能受限时完成网上交易的身份认证。从使用者身份认证、操作确认、操作认证三方面对进行网上交易的操作者的身份进行认证,并最终完成网上交易的相关操作动作。 The smart key device 12 of the present invention is introduced in detail below. As shown in FIG. distance communication module. The CPU 300 is respectively connected to the first SIM card interface 100 , the second SIM card interface 200 , the security component 400 , the storage 500 and the short-distance communication module. The second SIM card interface 200 is connected to the SIM card in the mobile terminal outside the smart key device 12, and the second SIM card interface 200 communicates with the external server through the SIM card in the mobile terminal. The short-distance communication module is used to realize the communication between the smart key device and the server. When the smart key device 12 is assembled into the mobile terminal, the first SIM card interface 100 receives the user identity information and operation information sent by the mobile terminal: the first SIM card interface 100 sends the received user identity information to the CPU 300 for user Identity authentication: the first SIM card interface 100 sends the operation information to the mobile terminal for confirmation, then sends the operation information to the security component 400 for digital signature and encryption, and then sends the operation information to the server for operation authentication. Wherein, the security component 400 is configured to digitally sign and encrypt the operation information according to the control of the CPU 300 , and send the encrypted operation information to the second SIM card interface 200 and/or the short-distance communication module via the CPU 300 . The storage 500 is used for storing legal user identity information, and cooperates with the CPU 300 to perform user identity authentication. Data between the second SIM card interface 200 and the first SIM card interface 100 is transparently transmitted through the CPU 300 . The smart key device 12 of the present invention can not only complete the identity authentication of online transactions when the mobile terminal has the Internet access function, but also complete the identity authentication of online transactions when the mobile terminal does not have the Internet access function or the Internet access function is limited. From the three aspects of user identity authentication, operation confirmation, and operation authentication, the identity of the operator who conducts online transactions is authenticated, and the relevant operation actions of online transactions are finally completed.

进一步地,短距离通信模块600为2.4GHz RFID、蓝牙、红外、Zigbee、WIFI通信模块中的一种或多种。 Further, the short-range communication module 600 is one or more of 2.4GHz RFID, Bluetooth, infrared, Zigbee, and WIFI communication modules.

进一步,短距离通信模块600还具有通信距离控制功能,用于控制短距离通信模块600进行无线通信的距离。为了提高本发明带短距离通信功能智能密钥装置12进行网上交易的安全性,通过限定智能密钥装置12的通信距离,来保障网上交易的安全性。 Further, the short-distance communication module 600 also has a communication distance control function, which is used to control the distance of the short-distance communication module 600 for wireless communication. In order to improve the security of online transactions performed by the smart key device 12 with short-distance communication function of the present invention, the communication distance of the smart key device 12 is limited to ensure the security of online transactions.

作为本发明技术方案的另一方面,还提供一种身份认证方法,上述智能密钥装置装配入移动终端,按照以下步骤进行身份认证, As another aspect of the technical solution of the present invention, an identity authentication method is also provided, the above-mentioned smart key device is assembled into a mobile terminal, and the identity authentication is performed according to the following steps,

步骤一,智能密钥装置与外部服务器之间建立通信; Step 1, establishing communication between the smart key device and the external server;

步骤二,智能密钥装置读取其内部保存的合法的使用者身份信息,对经由移动终端输入的使用者身份信息进行使用者身份认证; Step 2, the smart key device reads the legal user identity information stored inside it, and performs user identity authentication on the user identity information input via the mobile terminal;

步骤三,智能密钥装置接收移动终端发送来的操作信息,并将接收到的操作信息返回至移动终端确认; Step 3, the smart key device receives the operation information sent by the mobile terminal, and returns the received operation information to the mobile terminal for confirmation;

步骤四,智能密钥装置等待接收移动终端返回确认信息; Step 4, the smart key device waits for the mobile terminal to return confirmation information;

步骤五,智能密钥装置接收到移动终端返回的确认信息后,对操作信息进行数字签名和加密,发送至服务器进行操作认证。 Step 5: After receiving the confirmation information returned by the mobile terminal, the smart key device digitally signs and encrypts the operation information, and sends it to the server for operation authentication.

上述身份认证方法的步骤一,智能密钥装置与外部服务器之间建立通信可采用以下两种方式实现: Step 1 of the above identity authentication method, the establishment of communication between the smart key device and the external server can be implemented in the following two ways:

第一种实现方式为:智能密钥装置内部的第二SIM卡接口通过移动终端内的SIM卡与服务器之间建立通信。采用本方式建立通信,并进而进行网上交易的身份认证时,移动终端必须具备上网功能。 The first implementation manner is: the second SIM card interface inside the smart key device establishes communication with the server through the SIM card in the mobile terminal. When adopting this method to establish communication and further conduct identity authentication for online transactions, the mobile terminal must have the function of surfing the Internet.

第二种实现方式为:智能密钥装置内部的短距离通信模块,通过无线通信装置和网络终端与服务器建立通信。当移动终端不具备上网功能或者因网络受限不能进行网上操作时,智能密钥装置12装配入移动终端,无线通信装置800与网络终端900相连,无线通信装置800通过网络终端900与服务器进行通信,无线通信装置800还与智能密钥装置12进行无线通信。从而实现智能密钥装置12与服务器之间的数据传递。 The second implementation method is: the short-distance communication module inside the smart key device establishes communication with the server through the wireless communication device and the network terminal. When the mobile terminal does not have the Internet access function or cannot perform online operations due to network restrictions, the smart key device 12 is assembled into the mobile terminal, the wireless communication device 800 is connected to the network terminal 900, and the wireless communication device 800 communicates with the server through the network terminal 900 , the wireless communication device 800 also performs wireless communication with the smart key device 12 . Thus, data transfer between the smart key device 12 and the server is realized.

如图3所示,无线通信装置800包括第一接口801、第二接口803、信号转换模块802,信号转换模块802分别与第一接口801和第二接口803相连。第一接口801与网络终端900相连,第二接口803接收智能密钥装置12发送来的加密后的操作信息,经信号转换模块802和第一接口801发送至网络终端900,由网络终端900发送至服务器进行操作认证。 As shown in FIG. 3 , the wireless communication device 800 includes a first interface 801 , a second interface 803 , and a signal conversion module 802 , and the signal conversion module 802 is connected to the first interface 801 and the second interface 803 respectively. The first interface 801 is connected to the network terminal 900, the second interface 803 receives the encrypted operation information sent by the smart key device 12, sends it to the network terminal 900 through the signal conversion module 802 and the first interface 801, and is sent by the network terminal 900 to the server for operation authentication.

使用者通过移动终端输入用户身份信息(例如用户的账号、账号密码等)后,智能密钥装置12则等待接收外部再次经由移动终端输入的使用者身份信息,并由智能密钥装置12完成对使用者身份的认证后,再将移动终端接收的外部输入的操作信息发送至智能密钥装置12,为了防止某些恶意侵犯用户利益的病毒篡改操作信息,智能密钥装置12在接收到操作信息之后,还将该操作信息反馈回移动终端进行确认。只有在接收到移动终端输入的确认信息之后,智能密钥装置12才将用操作信息进行数字签名和加密,并以无线通信的方式发送至无线通信装置800。 After the user enters the user identity information (such as the user's account number, account password, etc.) After the authentication of the user's identity, the externally input operation information received by the mobile terminal is sent to the smart key device 12. Afterwards, the operation information is fed back to the mobile terminal for confirmation. Only after receiving the confirmation information input by the mobile terminal, the smart key device 12 will digitally sign and encrypt the operation information, and send it to the wireless communication device 800 by wireless communication.

无线通信装置800的第二接口803接收上述加密后操作信息,经由信号转换模块802进行协议转换后,通过第一接口801以有线通信方式或者无线通信方式发送至网络终端900,进而由网络终端900将加密后操作信息发送至服务器,由服务器完成操作认证,并进而完成操作信息相应的操作动作。 The second interface 803 of the wireless communication device 800 receives the above-mentioned encrypted operation information, and after the protocol conversion is performed by the signal conversion module 802, it is sent to the network terminal 900 through the first interface 801 by means of wired communication or wireless communication, and then the network terminal 900 The encrypted operation information is sent to the server, and the server completes the operation authentication, and then completes the operation actions corresponding to the operation information.

无线通信装置800的第一接口801为可实现连接式通信的USB接口、SD接口、MMC接口中的一种或多种;和/或,无线通信装置800的第一接口801为可实现非连接式通信的2.4GHz RFID、蓝牙、红外、Zigbee、WIFI接口中的一种或多种。无线通信装置800的第二接口803可为2.4GHz RFID、蓝牙、红外、Zigbee、WIFI接口中的一种或多种。 The first interface 801 of the wireless communication device 800 is one or more of a USB interface, an SD interface, and an MMC interface capable of connecting communication; and/or, the first interface 801 of the wireless communication device 800 is a non-connectable One or more of 2.4GHz RFID, Bluetooth, infrared, Zigbee, and WIFI interfaces for communication. The second interface 803 of the wireless communication device 800 may be one or more of 2.4GHz RFID, Bluetooth, infrared, Zigbee, and WIFI interfaces.

进一步地,使用者身份信息可为PIN码,即移动终端接收外部输入的PIN码,通过验证PIN码完成使用者身份认证。操作信息包括转账账号、转账金额、转账时间,即服务器通过对操作信息的上述几方面进行验证实现对操作者的操作认证。 Further, the user identity information may be a PIN code, that is, the mobile terminal receives an externally input PIN code, and completes user identity authentication by verifying the PIN code. The operation information includes the transfer account number, transfer amount, and transfer time, that is, the server authenticates the operator by verifying the above aspects of the operation information.

下面以网上购物支付为例,对利用本发明智能密钥装置进行身份认证的过程进行简单介绍。主要包括以下两种身份认证方法, Taking online shopping payment as an example, the process of using the smart key device of the present invention for identity authentication is briefly introduced below. It mainly includes the following two identity authentication methods,

如图4所示,在移动终端具备上网功能时,本发明的智能密钥装置12进行身份认证的过程如下: As shown in Figure 4, when the mobile terminal has the function of surfing the Internet, the process of the smart key device 12 of the present invention performing identity authentication is as follows:

首先,操作者通过移动终端输入自己的用户身份信息,例如用户的账号、账号密码等,然后等待利用本发明技术方案进行身份认证,进而完成转账支付操作。 Firstly, the operator enters his user identity information through the mobile terminal, such as the user's account number, account password, etc., and then waits for identity authentication using the technical solution of the present invention, and then completes the transfer payment operation.

其次,操作者通过移动终端输入PIN码,并经由第一SIM卡接口100发送至CPU300,CPU300调用储存器500内保存的合法PIN码,对输入的PIN码进行比对,若PIN码认证合格,则向移动终端返回认证合格的信息,由移动终端向操作者显示。若PIN码认证不合格,则终止本次转账操作。 Secondly, the operator enters the PIN code through the mobile terminal, and sends it to the CPU 300 via the first SIM card interface 100, and the CPU 300 invokes the legal PIN code stored in the memory 500, and compares the input PIN code. If the PIN code is authenticated, Then return the authentication qualified information to the mobile terminal, and the mobile terminal will display it to the operator. If the PIN code authentication fails, the transfer operation will be terminated.

接着,操作者接收到PIN码认证合格的信息后,则再通过移动终端输入操作信息(如转账账号、转账金额、转账时间);智能密钥装置12接收到上述操作信息后,为了防止涉及到操作者利益的信息被恶意篡改,智能密钥装置12将接收到的操作信息返回移动终端进行显示确认。移动终端接收到智能密钥装置返回的操作信息后,可通过STK菜单或者其它具有界面显示功能的软件向操作者显示,等待操作者进行确认。 Then, after the operator receives the information that the PIN code is certified as qualified, he then enters the operation information (such as the account number of the transfer, the amount of the transfer, the time of the transfer) through the mobile terminal; after the smart key device 12 receives the above operation information, in order to prevent the If the information of the operator's interests is maliciously tampered with, the smart key device 12 returns the received operation information to the mobile terminal for display and confirmation. After receiving the operation information returned by the smart key device, the mobile terminal can display it to the operator through the STK menu or other software with interface display function, waiting for the operator to confirm.

最后,智能密钥装置12在接收到移动终端返回的确认信息后,其内部的安全运算模块则根据CPU300发送的控制信号,对操作信息进行数字签名和数据加密;再将加密后的操作信息通过CPU300和第二SIM卡接口200发送至移动终端内的SIM卡,进而通过移动网络将加密后的操作信息发送至相关运营商后台服务器;由后台服务器对加密后的用户身份信息进行解密,并对其合法性进行认证,若操作认证合格,则后台服务器根据发送来的操作信息完成相关购买支付操作动作(例如自操作者指定的银行进行网上划账、确认订单完成等操作动作),至此完成本次网上交易。若操作认证不合格,则终止本次转账操作。 Finally, after the smart key device 12 receives the confirmation information returned by the mobile terminal, its internal security calculation module performs digital signature and data encryption on the operation information according to the control signal sent by the CPU300; The CPU 300 and the second SIM card interface 200 are sent to the SIM card in the mobile terminal, and then the encrypted operation information is sent to the background server of the relevant operator through the mobile network; the encrypted user identity information is decrypted by the background server, and the Its legality is verified. If the operation is certified as qualified, the background server will complete the relevant purchase and payment operation actions (such as online transfer from the bank designated by the operator, confirmation of order completion, etc.) according to the operation information sent. online transaction. If the operation authentication fails, the transfer operation will be terminated.

如图5所示,在移动终端无法实现上网功能时,本发明的智能密钥装置进行身份认证的过程如下: As shown in Figure 5, when the mobile terminal cannot realize the function of surfing the Internet, the process of identity authentication by the smart key device of the present invention is as follows:

本实现方式中,移动终端根据STK菜单或者其它具有界面显示功能的软件的提示启动智能密钥装置12的无线通信功能,即通过短距离通信模块600与无线通信装置800建立无线通信通道,从而利用无线通信装置800和网络终端900(例如电脑)与服务器进行通信,完成网上转账交易。在建立通信通道后,本认证方法中的具体工作过程与智能密钥装置12进行第一种身份认证的过程相同。本方法中,由于移动终端内的智能密钥装置12无法直接通过网络与服务器进行通信,故通过设置无线通信装置800以及网络终端900的方法实现智能密钥装置12与服务器间的通信。其中,无线通信装置800可以接触式连接或者无线连接两种方式与网络终端900(例如电脑)相连并通信。通过无线通信装置800与智能密钥装置12间的无线通信方式实现操作认证信息的传递,并最终按照智能密钥装置12第一种进行身份认证的方法,完成网上转账交易,此处不再赘述。 In this implementation mode, the mobile terminal activates the wireless communication function of the smart key device 12 according to the prompt of the STK menu or other software with an interface display function, that is, establishes a wireless communication channel with the wireless communication device 800 through the short-distance communication module 600, thereby using The wireless communication device 800 and the network terminal 900 (such as a computer) communicate with the server to complete the online transfer transaction. After the communication channel is established, the specific working process of this authentication method is the same as that of the first type of identity authentication performed by the smart key device 12 . In this method, since the smart key device 12 in the mobile terminal cannot directly communicate with the server through the network, the communication between the smart key device 12 and the server is realized by setting the wireless communication device 800 and the network terminal 900 . Wherein, the wireless communication device 800 can be connected and communicate with the network terminal 900 (such as a computer) in two ways of contact connection or wireless connection. Through the wireless communication mode between the wireless communication device 800 and the smart key device 12, the transmission of operation authentication information is realized, and finally the online transfer transaction is completed according to the first method of identity authentication of the smart key device 12, which will not be repeated here. .

以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。 The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the protection of the present invention. within range.

Claims (11)

1. an intelligent key apparatus is characterized in that, comprises short-range communication module, the first SIM interface, the second SIM interface, CPU, security component, holder,
Said CPU links to each other with said holder with said short-range communication module, the said first SIM interface, the said second SIM interface, said security component respectively;
The outside portable terminal of said first SIM interface and said intelligent key apparatus communicates; SIM in said second SIM interface and the said portable terminal communicates; Said short-range communication module realizes the short-distance wireless communication of this intelligent key apparatus; Said security component to intelligent key apparatus user's operation information carry out digital signature with or encryption.
2. according to the described intelligent key apparatus of claim 1, it is characterized in that said short-range communication module also has the communication distance controlled function, be used to control the distance that said short-range communication module is carried out radio communication.
3. according to the described intelligent key apparatus of claim 1, it is characterized in that said short-range communication module is one or more in 2.4GHz RFID, bluetooth, infrared, Zigbee, the WIFI communication module.
4. according to the described intelligent key apparatus of claim 1, it is characterized in that said operation information comprises the number of the account of transferring accounts, the amount of money of transferring accounts, transfer accounts the time.
5. according to the described intelligent key apparatus of claim 1, it is characterized in that,
Said intelligent key apparatus is provided with at least one container cavity, and said SIM is fitted into said container cavity.
6. an identity identifying method is characterized in that,
The arbitrary described intelligent key apparatus of claim 1 to 5 is fitted into portable terminal, carries out authentication according to following steps:
Step 1, said intelligent key apparatus is communicated by letter through setting up between the second SIM interface and/or short-range communication module and the external server;
Step 2, said intelligent key apparatus read legal user's identity information of preserving in its interior magazine, and the user's identity information via said portable terminal input is carried out user's authentication;
Step 3, the first SIM interface of said intelligent key apparatus receives the operation information that said portable terminal sends, and the said operation information that will receive is back to said portable terminal affirmation through the said first SIM interface;
Step 4, said intelligent key apparatus wait for that receiving said portable terminal returns confirmation;
Step 5; After said intelligent key apparatus receives the affirmation information that said portable terminal returns; By security component said operation information is carried out digital signature and encryption, and be sent to said server through said second SIM interface and/or said short-range communication module and carry out authenticating operation.
7. according to the described identity identifying method of claim 6, it is characterized in that,
In said step 1, the inner said second SIM interface of said intelligent key apparatus is set up with said server through the SIM in the said portable terminal and is communicated by letter.
8. according to the described identity identifying method of claim 6, it is characterized in that,
In said step 1, the said short-range communication module that said intelligent key apparatus is inner is communicated by letter with said server foundation with the network terminal through radio communication device;
Said radio communication device comprises first interface, second interface, signal conversion module, and said signal conversion module links to each other with said second interface with said first interface respectively;
Said first interface links to each other with the said network terminal; Said second interface receives the operation information after the encryption that said intelligent key apparatus sends; Be sent to the said network terminal through said signal conversion module and said first interface, be sent to said server by the said network terminal and carry out authenticating operation.
9. according to the described identity identifying method of claim 8, it is characterized in that said first interface is one or more in USB interface, SD interface, the MMC interface; And/or said first interface is one or more in 2.4GHz RFID, bluetooth, infrared, Zigbee, the WIFI interface;
Said second interface is one or more in 2.4GHz RFID, bluetooth, infrared, Zigbee, the WIFI interface.
10. according to the described identity identifying method of claim 6, it is characterized in that in the said step 2, said user's identity information is a PIN code.
11. according to claim 6,7,8 or 9 described identity identifying methods, it is characterized in that,
Said portable terminal receives the said operation information that said intelligent key apparatus returns, and the software that perhaps has the interface display function through the STK menu shows to the operator, is confirmed by the operator.
CN201110029349.4A 2010-12-31 2011-01-27 Intelligent key device and identity authentication method Expired - Fee Related CN102547681B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110029349.4A CN102547681B (en) 2010-12-31 2011-01-27 Intelligent key device and identity authentication method

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201010618764 2010-12-31
CN201010618764.9 2010-12-31
CN201110029349.4A CN102547681B (en) 2010-12-31 2011-01-27 Intelligent key device and identity authentication method

Publications (2)

Publication Number Publication Date
CN102547681A true CN102547681A (en) 2012-07-04
CN102547681B CN102547681B (en) 2015-03-25

Family

ID=46353389

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110029349.4A Expired - Fee Related CN102547681B (en) 2010-12-31 2011-01-27 Intelligent key device and identity authentication method

Country Status (1)

Country Link
CN (1) CN102547681B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368743A (en) * 2013-07-08 2013-10-23 深圳市文鼎创数据科技有限公司 Multifunctional intelligent card and identity authentication method and operation method of multifunctional intelligent card
CN103580870A (en) * 2013-11-07 2014-02-12 李宾 Mobile phone identity authentication terminal
CN104102870A (en) * 2013-04-12 2014-10-15 北京旋极信息技术股份有限公司 Electronic signature authentication extension equipment and information processing method
WO2015032029A1 (en) * 2013-09-03 2015-03-12 Wong Kamfu System and method for online shopping communication authentication of local goods picking-up
CN106651366A (en) * 2015-11-03 2017-05-10 国民技术股份有限公司 Mobile terminal and transaction confirmation method and device thereof, and smart card
CN111400737A (en) * 2020-03-17 2020-07-10 中孚信息股份有限公司 Multi-application physical isolation encrypted SIM card implementation device, method and terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101159074A (en) * 2007-11-16 2008-04-09 北京飞天诚信科技有限公司 A system and method for self-service top-up
CN101394615A (en) * 2007-09-20 2009-03-25 中国银联股份有限公司 A mobile payment terminal and payment method based on PKI technology
US20100020975A1 (en) * 2008-07-24 2010-01-28 Electronic Data Systems Corporation System and method for electronic data security

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101394615A (en) * 2007-09-20 2009-03-25 中国银联股份有限公司 A mobile payment terminal and payment method based on PKI technology
CN101159074A (en) * 2007-11-16 2008-04-09 北京飞天诚信科技有限公司 A system and method for self-service top-up
US20100020975A1 (en) * 2008-07-24 2010-01-28 Electronic Data Systems Corporation System and method for electronic data security

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104102870A (en) * 2013-04-12 2014-10-15 北京旋极信息技术股份有限公司 Electronic signature authentication extension equipment and information processing method
CN104102870B (en) * 2013-04-12 2017-08-01 北京旋极信息技术股份有限公司 Electron underwriting authentication expansion equipment and information processing method
CN103368743A (en) * 2013-07-08 2013-10-23 深圳市文鼎创数据科技有限公司 Multifunctional intelligent card and identity authentication method and operation method of multifunctional intelligent card
WO2015032029A1 (en) * 2013-09-03 2015-03-12 Wong Kamfu System and method for online shopping communication authentication of local goods picking-up
CN103580870A (en) * 2013-11-07 2014-02-12 李宾 Mobile phone identity authentication terminal
CN106651366A (en) * 2015-11-03 2017-05-10 国民技术股份有限公司 Mobile terminal and transaction confirmation method and device thereof, and smart card
CN111400737A (en) * 2020-03-17 2020-07-10 中孚信息股份有限公司 Multi-application physical isolation encrypted SIM card implementation device, method and terminal

Also Published As

Publication number Publication date
CN102547681B (en) 2015-03-25

Similar Documents

Publication Publication Date Title
CN102737308B (en) The method and system of a kind of mobile terminal and inquiry smart card information thereof
CN104903925B (en) System and method for safely loading, storing and being transmitted in the magnetic stripe data in the device to be worked together with mobile Wallet System
CN103873231B (en) Certificate server, mobile terminal and the method for using it to granting radio frequency card key
CN102737311B (en) Internet bank security authentication method and system
US10032162B2 (en) Multi-purpose data storage key
US20090144456A1 (en) Interface Device for Securely Extending Computer Functionality
CN104504563B (en) A kind of mobile message safety means and its method of work
CN103562972A (en) Handheld self-provisioning PIN PED communicator
CN107615320A (en) A kind of system of selection of transaction application and terminal
WO2013071711A1 (en) Method for processing payment business and terminal
CN102521744A (en) Network payment method and apparatus thereof
JP6032626B2 (en) Authentication method using NFC authentication card
CN102547681B (en) Intelligent key device and identity authentication method
CN101558413B (en) Method for executing an application program by means of a portable data carrier
CN102542697B (en) Based on the POS terminal of electronic equipment with network access functions
TWI626607B (en) Smart card with dynamic token OTP function and working method thereof
Ali et al. Secure mobile communication in m-payment system using NFC technology
CN102930643B (en) Integrated circuit (IC) card with loading debit-credit service data interface and loading method for IC card
CN102789660B (en) Method and the device thereof of financial wireless transactions is realized by mobile communication terminal
CN112712355A (en) Bluetooth type digital currency hardware wallet and implementation method thereof
KR101529040B1 (en) Authentication device and method using the NFC authentication card
KR102172855B1 (en) Method for Providing Server Type One Time Code for Medium Separation by using User’s Handheld type Medium
CN103971234A (en) Mobile payment assembly and system and method for applying the mobile payment assembly
CN204463212U (en) Transaction authentication card and remote transaction authentication system thereof
CN104202167B (en) The system and method for authentication is realized based on external authentication module and personal identification number

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150325

CF01 Termination of patent right due to non-payment of annual fee
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载