在线客服
演示
后台演示
开发说明
我们专门研究网站加密狗(锁)、网络加密狗(锁)及其相关系统开发。
适用性
适合于所有网站,包括php,asp,.net,jsp等各种类型的网站用于硬件加密认证。
①会员、VIP登陆
②后台管理员登陆
③企业OA系统登陆
④各类缴费系统
⑤Shopex,Ecshop,CS-Cart,WordPress等各种建站系统
⑥贵金属交易平台
⑦代理商数据权限控制
⑧......
等等各种相关运用。
首页 系统介绍 技术优势 成功案例 下载 帮助 价格 付款方式 联系我们
 
达网U盾 网站安全 >

U盾技术问题解决方案

1 对于当前中国网上银行系统,加强网银用户的身份认证管理,防止用户资料的泄露,是减少由于U盾自身缺陷导致的网上银行安全隐患的有效措施。
According to the current Chinese online banking system, strengthening online banking user authentication management, and preventing users from data leaks can be effective measures that largely reduce online banking security risks as a result of the defects of USBKEY. Chinese major commercial banks should strengthen the application of the technologies of two or more factors authentication. Commercial banks can combine the technology of the dynamic password card and other authentication certificates with USBKEY.

2 建立并使用入侵检测系统(IDS),以防范USBKEY出现的缺陷风险。                 
IDS可以对用户使用USBKEY进行网络支付的数据包起到监视作用,但并不延误其传送速度。可以将用于检测和分析的检测引擎分布在网络敏感部位,如内部网络的入口处、担负重要任务或处理重要数据的服务器周围。
Establish and make use of intrusion detection systems (IDS) to prevent the risk of defects occurring by USBKEY. IDS can monitor a packet that is transmitted by a USBKEY user who is intending to pay online, but not delay the speed of data transmission.
From perspective of the technologies for USBKEY

3 依据情况改造现有的USB Key,增加输入键,使其PIN码可以在USB Key上输入,这样就不会被电脑上的木马拦截。
According to the vulnerabilities that existing in the USBKEY, transform the USBKEYS by increasing input keys, so that PIN code can be entered on the USBKEY. Then, information will not be intercepted Trojan on the computer.

4 条件允许情况下,可以把USBKEY和动态密码锁的加密方式结合在一起。
智能卡芯片和读卡器结合在一起的USB Key,带有智能卡芯片的USB Key可以通过内置的智能卡芯片在Key内部硬件实现DES/3DES、RSA加解密运算,并支持Key内生成RSA密钥对,杜绝了密钥在客户端内存中出现的可能性,可以大大提高安全性。
If conditions permitting, we can combine encryption methods of the USBKEY and dynamic encryption password lock together. A version of USBKEY that combines the smart card and reader together can do decrypting operation of Des、3DES and RSA in the internal hardware chip by the built-in smart card. This USBKEY supports the generation of RSA Private-key Pairs. This will reduce and prevent the possibility that the Private-key Pairs stay in the memory of client. And then greatly enhance security.

5 可以针对现有USB Key的键盘输入PIN码的漏洞,可以使用生物技术(例如个人指纹)来替换键盘录入PIN码。
也就是说,交易时候接入USB Key,我们不需要再到键盘录入PIN码来验证身份。我们只需要在USB Key的设备上按一下指纹,就能自动验证个人身份。这种身份验证机制带来的安全性和实用性是一种跨时代的提高。
用户不可能再忘记密码了,只需要验证指纹即可。指纹的验证实在外部设备上进行的,电脑即使被黑客完全控制也无法截取到用户的指纹,从而保证了PIN码的唯一性和安全性。
According to the loopholes of the keyboard method of inputting PIN of USBKEY, you can use bio-technology (such as personal fingerprint) to replace the method of inputting PIN. In other words, when for the access of USBKEY, we do not need to enter pin code by the keyboard for authentication. We only need a press on the USBKEY by a finger for the fingerprints, and then the system can automatically verify our individual IDs. This authentication mechanism will bring us an increased level of security and practicality. The user can never forget the password, and only need to use the fingerprints for verification. Verification of the fingerprint is done on the external device. Even the computer is controlled by a hacker. However, the hacker has no chance to intercept the user's fingerprints. This technology will greatly ensure that the uniqueness and security for PIN.

6 通过管理或者审计防止COS在设计上留有后门。
Depend on scientific management or auditing to prevent COS to leave rear doors in the design.

7 数字证书应该由独立于用户和银行以外的权威的第三方安全认证机构CA发放,不能由银行自己发放。
Digital certificates should be issued by non-users’ and non-bank's third-party security certification authority of CA. They can not be granted by the banks themselves.

8.交易金额从USB Key上录入,以防止数据在传入USB Key之前被篡改。
Amount of the transaction can be designed to input from the USBKEY to prevent the spread of data before it tampering into the USBKEY.

From prospective of consumers:
1.U盾用完马上拔
使用USB KEY网银的用户,在每次完成网银操作后,要尽快拔下。否则不法分子通过网银木马可以远程操作用户的计算机,从而窃取用户网银账户中的资产。
Users should pay attention to pull off the USBKEY immediately after usage.
2.要用正版杀毒软件
进行网银交易的计算机要安装正版杀毒软件,要及时更新杀毒软件,确保病毒库升级到最新版本,同时确保各种主动防御和实时监控处于开启状态。
Ensure your computer to have installed the genuine anti-virus software and have been updated in time before you conduct online banking transactions.
3.不要在公共上网场所使用网银
不要登录一些来源不明的网站,不要打开可疑邮件,不要在网吧、酒吧等公共场所内多人共用的计算机上登录网银账号、使用网上银行,不要登录一些技术不完善的支付平台。
Don't use the USBKEY on the public places. Consumers should not surf on the unknown websites or open suspicious emails when use the USBKEY, and not to log on internet banking account or use USBKEY at internet cafes, bars and other public places where people share the computers. And there also needs us not to log on some imperfect payment platforms.
4.定期更换USBKEY 或支付密码
定期更换密码也能起到保护网银安全的作用。如果条件允许,最好将娱乐和工作分别在两台电脑中进行,确保交易环境无毒。
There also needs us to change payment password or USBKEY PIN regularly.

Conclusions
总而言之,目前的USB Key的主要优点是具有CPU,类似加密锁或加密狗,能够进行RSA等加密算法运算,私钥无法读取,安全技术上有一定优势,因此在网络认证等领域得到广泛的应用。
随着技术发展的日益完善,越来越多的人将会采用USB Key作为日常理财或进行其它网络交易的工具,而作为国内在此领域应用最早、最成熟且最具潜力的网上银行应用,在技术和应用方面都应该先人一步,及时找到 USB Key潜在安全漏洞的补救方法。

In short, the current main advantage of USB Key is that it has a CPU.
It is similar to the encryption lock or dongle, such as capable of RSA and other encryption algorithms computing.
Its private key can not be read; hence it has some advantages on the part of security technology. And it will be widely used in the areas of network authentication.

Its vulnerabilities will gradually be resolved, so that performance tends to be perfect in the future.
With the increasingly improved technology, more and more people will use USB Key as a daily financial transaction or other network tools.


浙ICP备10205343号-6   网站加密狗 加密锁 网页加密狗 OA系统加密 网站安全登陆 验证登陆 加密狗 Sitemap - 达网版权所有