When readers see this topic, they may have such questions: digital certificates and digital signatures are the security protectors of online banking transactions, so why do they need protection themselves? Yes! They also need protection, just as a soldier's gun is a weapon to kill the enemy and defend themselves, but the gun itself also needs protection. Next, I will talk about this problem from two aspects. Digital Certificate and Two-factor Authentication Most banks now recommend that online banking customers use personal certificates (ICBC calls them "U shields"). The private key of this digital certificate placed in USB Key will not come out of the interface when it is used, and the data input and output on the interface are encrypted ciphertext, so hackers can't intercept useful information or steal the private key to forge it, which effectively protects the security of online banking transactions. However, if the mobile phone certificate is lost, it will cause the danger of being fraudulently used. Therefore, the bank will also remind users that customers who have lost their mobile phone documents should report the loss to the bank in time and reissue new documents. The key of the new certificate needs to be changed again, and the old certificate is invalid, thus avoiding the danger of being fraudulently used after the certificate is lost. However, it will take some time from the time when the certificate is lost or stolen to the time when the customer finds it lost, reports the loss to the bank, and then goes to the bank to make a waste certificate and reissue a new certificate to the customer. If the criminal commits the crime as soon as he gets the certificate, it is too late for you to avoid the loss. what can I do? In order to avoid this situation, it is necessary to take some protective measures for certificates. On the one hand, customers need to take good care of their digital certificates, not to lose or steal them, but also to develop good habits. After the online banking transaction is completed, you should immediately unplug your mobile phone certificate to avoid being fraudulently used by others; On the other hand, technical protection measures should be taken, such as setting up a two-factor authentication mechanism. What is a two-factor authentication mechanism? Simply put, it is to use two different methods and ways (that is, factors) for identity authentication. In terms of security theory, the factors of identity authentication can be divided into three categories: the first category is the "known content" of the authentication object, such as password and ID number. This needs to be remembered by users. The second factor is the "own goods" of the authentication object, such as digital certificates, bank cards, identity cards, letters from authoritative organizations, etc. In offline transactions, the items owned by the authenticated object need to be carried with you, while in online transactions, bank cards, ID cards and letters from authoritative organizations cannot be used. Only digital certificates can be considered as objects owned by authenticated objects through special PKI technology. The third factor is the "characteristics" of the authentication object, such as face, fingerprint, pupil, voice and so on. This is the only feature of the authentication object itself, which is generally used for on-site authentication, and now it can also be used for online authentication through special equipment. Individually, any one of these three factors is problematic. "Personal belongings" may be stolen; "What you know" can be guessed and shared, and complex content may be forgotten; "Features" are the simplest and most powerful, and biological features are carried with you. The replication rate is extremely low, which is extremely difficult to forge, but it is expensive and is generally used for top-level security requirements. Combining any two of the above three authentication factors to form double authentication is a two-factor authentication mechanism. Obviously, two-factor authentication mechanism is more secure than single-factor authentication mechanism. Now, let's go back to the protection of certificates. If the customer sets a password for the certificate when receiving the certificate, the customer should answer the password first when using the certificate in online transactions, and those who cannot answer the password correctly cannot use the certificate. Then, even if the certificate is lost or stolen, the criminals can't complete the online banking transaction when they get the certificate, which is equivalent to adding a protective lock to the certificate. Theoretically, two-factor authentication mechanism is used here: digital certificate (owned by the object) and password (known by the object). Digital signature and "what you see is what you sign" In the article "Use and keep your digital certificate correctly", we introduced the security and reliability of USB Key digital certificate. Under the current technical conditions, no one can crack the security protection and password mechanism of USB Key digital certificate. A concrete example is that among the millions of U shield users of ICBC, there has not been a case of online banking being stolen so far. But there is no absolute thing in the world. Even if we regard the digital certificate of USB Key and the digital signature made with the private key stored in USB Key as absolutely reliable, hackers may still achieve the purpose of online banking fraud by other means. It's a bit like the story of maginot line in World War II. The French army made the positive maginot line impregnable, but the cunning German army bypassed maginot line and entered France from the side through a third country. In order to ensure the data of online banking transactions (such as counterparty account number, transfer amount, etc.). ) will not be tampered with, and customers should digitally sign these data with their own private keys. After signing, if the hacker makes any tampering, the bank can immediately find out and refuse to complete the transaction. Using USB Key digital certificate is safer, the signing process is completed in the chip of USB Key, and the private key does not leave the interface to avoid being intercepted by hackers. This digital signature mechanism should be said to be extremely secure, and a solid cryptographic system is as unbreakable as maginot line. However, there is still the possibility that hackers implant Trojans in customers' computers. When an application sends online banking data from a PC to a USB Key for digital signature, Trojan intercepts the data on the internal bus. At this point, they are not encrypted, but exist in plain code. Then Trojan tampered with the data (such as transferring the account that should have been assigned to Zhang San to the hacker's account, or changing the transfer amount, etc.). ), and then send it to USB Key for digital signature. At this time, the bank did not know that the data had been tampered with. After receiving the transaction data digitally signed by the customer, it checks that it is correct, and then transfers the money according to the tampered payment instruction. The customer doesn't know that the data has been tampered with, because the bank's reply to the customer's successful transaction will be changed back by Trojan Horse according to the correct number and displayed on the customer's screen. When customers see the correct confirmation information, they will not doubt and think that everything is normal. I didn't know that the transaction was stolen, and the money in the account was cleverly stolen. Well, the hacker bypassed the "maginot line" and achieved the purpose of online banking theft from the side. To deal with this trick, security experts also have a unique skill, which is the so-called "what you see is what you sign" security strategy. The specific method is: add a small LCD screen on the USB Key, and let it display the transaction data to be signed before the digital signature of the customer. Only when the customer sees the correct data will the customer perform the signature operation. If the Trojan falsifies the data, the customer will immediately find out and refuse to sign, the transaction will fail and the account will not be lost. Then someone may ask, what if Troy enters the USB flash drive to tamper with the data? As we said in the last article, the design of USB Key only allows applications to make API calls outside its interface, input parameters, data and commands, start digital signature operation and password operation inside USB Key, and get the returned results. No program is allowed to enter the USB Key interface for operation. This blocked the way for hackers/trojans to steal columns.