Credible electronic transaction method and transaction system

Abstract

The invention discloses a credible electronic trading method and a trading system thereof, belonging to the technical field of information security. The inventive trading method comprises the following steps: a user logs in a trading server through an information transmission medium; initializing between a credible trading service terminal and a trading server through the information transmission medium, and setting up security connection; the credible trading service terminal displays trading information of the electronic trading in a way capable of being understood by the user, and the trading information is validated through the credible trading service terminal if the user confirms the trading information is right; the credible trading service terminal authorizes the trading server to trade through the information transmission medium. The inventive trading system comprises a personal computer and the credible trading service terminal. Compared with the prior art, the invention solves security problems of network angling, authorization hijack and the like existing in electronic payment and network trading through the credible trading service terminal, and related authentication and encryption protocols.

Description

technical field [0001] The invention relates to a trusted electronic transaction method and a transaction system thereof, belonging to the technical field of information security. Background technique [0002] With the rapid development of the Internet, applications based on the World Wide Web are rapidly popularized, and e-commerce (online games, online banking and online shopping, etc.) has become a part of people's daily work and life. However, the existence of security threats such as phishing, viruses, Trojans, and other spyware for the purpose of economic crimes makes users bear huge security risks while conducting online transactions, such as account / password information theft, identity counterfeiting, authorization hijacking, etc. . These threats make more and more users lose confidence in electronic payment / online transactions, and even give up using such transaction methods. [0003] The security of online transactions mainly involves the following technical issu...

AI Technical Summary

Problems solved by technology

[0004] There are many security threats in the traditional mode of online transactions based on web browsers: for example, keyboard monitoring will obtain user account / password information; browsers will be redirected to tampered web pages, resulting in transaction fraud or account / password loss; downloading and copying files Or the Trojan horse implanted by browsing the compromised website will also carry out authorization hijacking attacks-do not consider stealing the user's account / password information, but monitor the user's transaction process locally, hijack the authorization information only in the transaction authorization stage , to replace authorized information and realize transaction fraud

[0005] Nowadays, most online transactions use the SSL protocol to ensure the safe transmission of transactions, and the SET protocol to ensure the security of the transaction process, but both are difficult to overcome problems such as phishing, account / password theft, and authorization hijacking by native malware.

[0006] Using two-factor authentication technologies such as authentication tokens (such as USB tokens), although the user's account / password security can be protected to a certain extent (but the latest research shows that authentication tokens based on the machine are also insecure), but due to The final transaction authorization is still completed locally, and there are malware introduced by various means in the personal computer, such man-in-the-middle attacks such as authorization hijacking will still occur (such as: before the authorization information is submitted for encrypted transmission, the transaction order authorization information tampering, and then encrypted and sent to the server to achieve transaction fraud)

Images