CN112036883A - Safety device - Google Patents

Safety device Download PDF

Info

Publication number
CN112036883A
CN112036883A CN202010898996.8A CN202010898996A CN112036883A CN 112036883 A CN112036883 A CN 112036883A CN 202010898996 A CN202010898996 A CN 202010898996A CN 112036883 A CN112036883 A CN 112036883A
Authority
CN
China
Prior art keywords
data
processing result
security
interface
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010898996.8A
Other languages
Chinese (zh)
Inventor
汤瑞智
苏小燕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PAX Computer Technology Shenzhen Co Ltd
Original Assignee
Shenzhen Zhaolong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Zhaolong Technology Co ltd filed Critical Shenzhen Zhaolong Technology Co ltd
Priority to CN202010898996.8A priority Critical patent/CN112036883A/en
Publication of CN112036883A publication Critical patent/CN112036883A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The application belongs to the technical field of electronic payment, and provides a safety device which comprises a safety related interface module, a first processing module, a second processing module, a third processing module and first prompt information, wherein the safety related interface module is used for inputting safety authentication data, first data to be checked and data without checking and outputting a first processing result, a second processing result, a third processing result and the first prompt information; the first application processor module is used for processing the label-free data and generating a third processing result; the safety processor module is respectively connected with the safety related interface module and the first application processor module and used for processing safety certification data and generating a first processing result, processing first data to be signed and generating a second processing result, forwarding the data to be signed to the first application processor module, forwarding a third processing result to the safety related interface module, monitoring the data to be signed and the third processing result and generating first prompt information, checking and signing the data related to payment, processing and monitoring the data unrelated to payment and outputting the prompt information.

Description

Safety device
Technical Field
The application belongs to the technical field of Electronic Payment (Electronic Payment), and particularly relates to a security Device (Secure Device).
Background
With the continuous development of internet technology, the payment form is changing day by day, and various electronic payment methods are coming up endlessly. Various intelligent Point-Of-sale terminals (POS) supporting novel electronic payment modes such as face payment, two-dimensional code payment and union pay card payment are produced at the end Of business, and convenience is brought to offline payment Of users.
Disclosure of Invention
The application aims to provide the safety equipment which has the functions of checking and signing payment-related data, processing and monitoring payment-unrelated data and outputting prompt information.
An embodiment of the present application provides a security device, including:
the safety related interface module is used for inputting safety authentication data, first data to be checked and data without being checked and outputting a first processing result, a second processing result, a third processing result and first prompt information, wherein the safety authentication data comprises at least one of password data and account data;
the first application processor module is used for processing the label-free data and generating a third processing result;
the safety processor module is respectively connected with the safety related interface module and the first application processor module and used for processing the safety authentication data and generating a first processing result, checking the first data to be checked and generating a second processing result, forwarding the data without being checked to the first application processor module, forwarding the third processing result to the safety related interface module, monitoring the data without being checked and the third processing result and generating first prompt information.
In one embodiment, the secure processor module is specifically configured to:
when the label-free data is monitored, carrying out security verification on the label-free data, forwarding the label-free data to the first application processor module when the security verification of the label-free data passes, and generating first prompt information when the security verification of the label-free data does not pass;
when the third processing result is monitored, performing security verification on the third processing result, forwarding the third processing result to the security-related interface module when the security verification of the third processing result passes, and generating the first prompt information when the security verification of the third processing result does not pass;
or when the label-free data is monitored, forwarding the label-free data to the first application processor module and generating the first prompt information;
and when the third processing result is monitored, forwarding the third processing result to the safety-related interface module and generating the first prompt message.
In one embodiment, the security-related interface module comprises:
at least one password input interface for inputting password data, the password data including at least one of a payment password and a device password;
the system comprises at least one account input interface, a password authentication interface and a digital certificate interface, wherein the account input interface is used for inputting account data, and the account data comprises at least one of a card authentication account, a biological characteristic authentication account, a password authentication account, a coding authentication account and a digital certificate account;
a display screen interface for outputting the first processing result, the second processing result, the third processing result and the first prompt message;
and the at least one first communication interface is used for inputting the data to be checked and signed and the data without signing and outputting the first processing result, the second processing result, the third processing result and the first prompt message.
In one embodiment, the at least one password input interface is used for connecting with at least one of a first touch screen and a first physical keyboard;
the at least one account input interface is used for being connected with at least one of a card reader, a biological characteristic acquisition device, a second touch screen, a second physical keyboard, a code acquisition device and a digital certificate device.
The display screen interface is used for being connected with a display screen;
the at least one first communication interface is used for connecting with at least one communication module.
In one embodiment, the secure processor module is further configured to control a first preset area of the display screen to display the first prompt message after the first prompt message is generated.
In one embodiment, the secure processor module is further configured to output a second prompt message through the at least one first communication interface when the authentication of the secure authentication data fails or the verification of the data to be verified fails.
In one embodiment, the security-related interface module further comprises:
and the at least one storage interface is used for inputting the data to be checked and signed and the data without being signed and outputting the first processing result, the second processing result and the third processing result, and is used for outputting the first processing result, the second processing result, the third processing result and the first prompt message.
In one embodiment, the at least one first communication interface is further for interfacing with at least one of a printer, a sensor, a positioning module, and an LED;
the at least one storage interface is used for connecting with at least one storage device;
the at least one audio interface is used for connecting with at least one audio device.
In one embodiment, the security independent interface module is further configured to input second data to be checked and signed and output a fourth processing result and a fifth processing result;
the safety processor module is further used for processing the second data to be checked and signed and generating a fourth processing result;
the security device further comprises:
and the second application processor module is connected with the safety-related interface module, the safety-unrelated interface module and the safety processor module and is used for processing the second data to be checked and signed and generating a fifth processing result when the second data to be checked and signed is successfully checked and signed.
In one embodiment, the secure processor module and the second application processor module are provided integrally or independently of each other.
The safety equipment provided by the embodiment of the application inputs safety certification data, first data to be signed, and non-signed data through the safety related interface module and outputs a first processing result, a second processing result, a third processing result and first prompt information, the first application processor module processes the non-signed data and generates a third processing result, the safety processor module processes the safety certification data and generates a first processing result, processes the first data to be signed and generates a second processing result, the non-signed data is forwarded to the first application processor module, the third processing result is forwarded to the safety related interface module, the non-signed data and the third processing result are monitored and generate first prompt information, and payment related and payment unrelated password data and/or account number data, data to be signed and non-signed data can be processed, meanwhile, the functions of checking and signing the data related to payment, processing and monitoring the data unrelated to payment and outputting prompt information are achieved, the safety of the transaction related to payment is guaranteed, the functions of the safety equipment unrelated to payment can be expanded, and the diversified requirements of users are met.
Drawings
Fig. 1 is a first structural schematic diagram of a security device provided in an embodiment of the present application;
fig. 2 is a second structural schematic diagram of the safety device provided by the embodiment of the present application;
FIG. 3 is a schematic diagram of a third structure of a security device provided in an embodiment of the present application;
fig. 4 is a schematic diagram of a fourth structure of the security device provided in the embodiment of the present application.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects to be solved by the present application clearer, the present application is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
It will be understood that when an element is referred to as being "secured to" or "disposed on" another element, it can be directly on the other element or be indirectly on the other element. When an element is referred to as being "connected to" another element, it can be directly connected to the other element or be indirectly connected to the other element.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present application, "a plurality" means two or more unless specifically limited otherwise.
The security device provided by the embodiment of the application can be specifically realized through terminal devices such as a POS, a mobile phone, a tablet Computer, a wearable device, a vehicle-mounted device, a notebook Computer, a Personal Computer (PC), a netbook, and a Personal Digital Assistant (PDA), and by improving these devices, the security device provided by the embodiment of the application, which has a function of verifying data related to payment and a function of exempting from signing data unrelated to payment, can be obtained. The embodiment of the present application does not set any limit to the specific type of the terminal device.
As shown in fig. 1, a security device 100 provided in an embodiment of the present application includes:
the safety related interface module 1 is used for inputting safety authentication data and sign-free data and outputting a first processing result, a third processing result and first prompt information, wherein the safety authentication data comprises at least one of password data and account data;
the first application processor module 2 is used for processing the label-free data and generating a third processing result;
and the safety processor module 3 is respectively connected with the safety-related interface module 1 and the first application processor module 2, and is used for processing the safety authentication data to generate a first processing result, forwarding the label-free data to the first application processor module 2, forwarding the third processing result to the safety-related interface module 1, monitoring the label-free data and the third processing result, and generating first prompt information.
In an Application, the security-related interface module includes at least one security-related interface, the Secure Processor module includes at least one Secure Processor (SP), and the first Application Processor module includes at least one first Application Processor (AP). The number of interfaces or devices in the security device may be set according to actual needs, for example, the number includes a plurality of security-related interfaces, a security processor, and a first application processor; or, a plurality of security-related interfaces, a plurality of security processors, a first application processor; or a plurality of safety-related interfaces, a plurality of safety processors and a plurality of first application processors. Any one of the security processors may be connected to at least one first application processor, which may invoke the security-related interface through the security processor connected thereto. The first application processor and the security processor which are connected with each other can be in communication connection through the second communication interface, and can also be directly connected through a wiring structure of a Printed Circuit Board (PCB), a wiring structure of a Flexible Printed Circuit (FPC) or a cable. The second communication interface can be a COM interface, an RS-232 interface, an RS-485 interface, a UART interface, an SPI interface, an I2C interface, a TTL interface and other serial interfaces.
In an application, the security authentication data includes password data and/or account data related to payment, and may also include password data and/or account data unrelated to payment. The password data may include at least one of a payment password and a device password. The payment password and the device password may both include a numeric password, a string password, and the like, the string may be composed of at least two of numbers, letters, and symbols, and the numeric password may be a Personal Identification Number (PIN). The payment password may be set by the user, or may be generated by a payment-related computing device (e.g., a computer or server of a financial institution such as a bank), and the device password may be set by the user, or may be generated by a security device. The account data may include at least one of a card authentication account, a biometric authentication account, a password authentication account, a coded authentication account, and a Digital Certificate account. The Card authentication account may include a Magnetic Card (Magnetic Card) account, a contact IC Card (Integrated Circuit Card) account, a Non-contact Card (Non-contact Card) account, and the like, and the biometric authentication account may include a face account based on face recognition, a fingerprint (Finger Print) account based on fingerprint recognition technology, an Electronic Signature account based on Electronic Signature (Electronic Signature) recognition technology, a voiceprint account based on voiceprint recognition technology, and the like. An electronic signature is data contained in electronic form in a data message that is attached to identify the identity of a signer and to indicate that the signer has recognized the content therein. The password authentication account is a user account which logs in through a user name and a password, and the password can be a fixed password set by the user or a dynamic password (namely a dynamic password) generated by computing equipment related to payment. The code authentication account may include a one-dimensional code account based on a one-dimensional code identification technology or a two-dimensional code account based on a two-dimensional code identification technology, and the one-dimensional code may specifically refer to a one-dimensional barcode. The digital certificate is a digital certificate for marking identity information of each communication party in internet communication, and can be used for identifying the identity in the internet, the digital certificate comprises a mobile certificate and a browser certificate, the mobile certificate uses a priority shield (U-KEY) carrier as an encryption and storage device of the digital certificate, and the browser certificate uses a computer carrier as a device for downloading and installing the digital certificate.
In application, the first data to be signed is firmware or an application program used for encrypting, storing, transmitting and the like of the security authentication data, and the data to be signed can be operated in the security processor module only after being signed by the security processor module and the authenticity and the integrity of the data are determined. The first processing result is a processing result obtained by the security processor module encrypting, storing, and transmitting the security authentication data input by the security processor module, for example, when the security authentication data is a payment password, the security processor module encrypts the payment password, transmits the encrypted payment password to the payment-related computing device for authentication, and receives a first processing result fed back by the computing device, where the first processing result may include data such as second prompt information or a payment bill for representing "success of payment password authentication", or data such as second prompt information or a to-be-paid bill for representing "failure of payment password authentication". The safety processor module can be powered by a backup battery for 24h, the working state of the safety equipment is detected in real time, once the safety equipment is detected to be attacked, the safety processor module erases the key and safety information such as safety authentication data encrypted by the key, and the like, so that the safety of the safety information is guaranteed. The second processing result includes related data generated by the secure processor module after the secure processor module performs signature verification on the first data to be signed input by the secure processor module, and also includes data generated after the first data to be signed is successfully verified, the first data to be signed is stored or run, and other processing operations are performed, for example, when the first data to be signed is successfully verified, the second processing result may include second prompt information for characterizing that the first data to be signed is successfully verified or the first data to be signed is failed. The non-subscription data is data that is not related to payment, such as application data that is not related to payment and multimedia data such as audio, video, images, and the like. The third processing result is data generated after the first application processor module performs processing operations such as storing or running on the incoming label-free data, for example, when the label-free data is digital audio data, the third processing result may include analog audio data.
In the application, the security processor monitors the non-signed data input by the first application processor connected with the security processor and the output third processing result and generates first prompt information to prompt a user so as to prevent the first application processor from inputting or outputting data threatening payment security and carry out risk prompt on possible payment risks. The first prompt is used to indicate that the data is not signed or that the first processor may be at risk of payment, e.g., when the data is application data, the first prompt may mean "illegal application, risk! "is selected from the group consisting of; when the result of the third processing is text data, the first prompt message may mean "non-transaction status, no transaction is allowed! "is used as the information. The first prompt message may be in the form of text, image, sound, etc.
In one embodiment, the secure processor module is specifically configured to:
when the label-free data is monitored, carrying out security verification on the label-free data, forwarding the label-free data to the first application processor module when the security verification of the label-free data passes, and generating first prompt information when the security verification of the label-free data does not pass;
when the third processing result is monitored, performing security verification on the third processing result, forwarding the third processing result to the security-related interface module when the security verification of the third processing result passes, and generating the first prompt information when the security verification of the third processing result does not pass;
or when the label-free data is monitored, forwarding the label-free data to the first application processor module and generating first prompt information;
and when the third processing result is monitored, forwarding the third processing result to the safety-related interface module and generating first prompt information.
In application, the method for performing security verification on the tag-free data includes, but is not limited to, semantic analysis, image recognition, keyword or keyword search and the like, when the tag-free data includes a field or an image related to payment, the tag-free data is considered to pose a threat to the payment security, the security verification of the tag-free data is judged not to pass, and first prompt information is generated, otherwise, the security verification of the tag-free data is judged to pass, and the first prompt information is forwarded to the first application processor module. And only generating first prompt information to prompt the user when the security verification is not performed when the label-free data or the third processing result is monitored, so that the user can judge the security of the data by himself.
In the embodiment corresponding to fig. 1, the safety-related interfaces can be called by both the safety processor module and the first application processor module, so that multiplexing of the safety-related interfaces is realized, the utilization rate of the interfaces can be effectively improved, and the structure of the safety device is simplified.
As shown in fig. 2, in one embodiment, the security-related interface module 1 includes M (M is any integer greater than or equal to 2) security-related interfaces, where the M security-related interfaces include:
at least one password input interface (shown in fig. 2 as an example m)1A password input interface respectively marked as 111, 112, … and 11m1) For inputting password data, the password data including at least one of a payment password and a device password;
at least one account number input interface (shown in fig. 2 as an example m)2An account number input interface, respectively designated as 121, 122, …, 12m2) The account data comprises at least one of a card authentication account, a biological characteristic authentication account, a password authentication account, a coding authentication account and a digital certificate account;
a display screen interface 131 for outputting the first processing result, the second processing result, the third processing result and the first prompt message;
at least one first communication interface (shown by way of example in fig. 2 as m)3A communication interface respectively designated as 141, 142, …, 14m3,M=m1+m2+m3+1 and M, m1、m2And m3All positive integers) for inputting the data to be checked and the data without checking and outputting the first processing result, the second processing result, the third processing result and the first prompt message.
In application, the number of each type of safety-related interface can be set according to actual needs, and the safety-related interface module can only comprise one of a password input interface and an account input interface, so as to simplify the structure of the safety equipment. The display screen interface is used for outputting a first processing result, a second processing result, a third processing result and first prompt information which need to be displayed, and the communication interface is used for realizing interaction of data which are irrelevant to payment and are between the secure processor module and the external equipment and between the first secure processor module and the external equipment.
In the embodiment corresponding to fig. 2, the security-related interface module simultaneously includes the password input interface, the account input interface, the display screen interface and the communication interface, so that the security device can simultaneously support two payment modes, namely password payment and account payment, realize interaction of data unrelated to payment between external devices, monitor the data unrelated to payment, and output prompt information. By enabling the password data to comprise at least one of the payment password and the equipment password, and enabling the account data to comprise at least one of the card authentication account, the biological characteristic authentication account, the password authentication account, the coding authentication account and the digital certificate account, the safety of payment is guaranteed, and meanwhile the safety equipment can simultaneously support card-free payment and card-containing payment.
As shown in fig. 3, in one embodiment, at least one password input interface in the security-related interface module 1 is used for connecting with at least one of the first touch screen and the first physical keyboard (fig. 3 exemplarily shows that the security-related interface module 1 includes two password input interfaces 111 and 112 for connecting with the first touch screen 101 and the first physical keyboard 102 in a one-to-one correspondence);
at least one first account number input interface in the security-related interface module 1 is used for being connected with at least one of a card reader, a biometric acquisition device, a second touch screen, a second physical keyboard, a code acquisition device, and a digital certificate device (fig. 3 exemplarily shows that the security-related interface module 1 includes three password input interfaces 121-123, which are respectively used for being connected with the card reader 103, the biometric acquisition device 104, and the digital certificate device 105 in a one-to-one correspondence manner);
the display screen interface 131 in the safety-related interface module 1 is connected with the display screen 106;
at least one first communication interface of the safety-relevant interface module 1 is connected to at least one communication module (fig. 3 shows, by way of example, that the safety-relevant interface module 1 comprises a first communication interface 141 for connection to the communication module 107).
In application, password data can be input through the first touch screen and/or the first physical keyboard. The first Touch Panel (TP) may collect a Touch operation performed by a user on or near the first Touch Panel (for example, an operation performed by the user on or near the first Touch Panel using any suitable object or accessory such as a finger or a stylus), and drive the corresponding connection device according to a preset program. The first touch screen can be realized by various types such as resistance type, capacitance type, infrared ray, surface acoustic wave and the like. The first physical keyboard may only include numeric keys, may also include at least one of alphabetic keys and character keys, and may further include function keys such as a delete key, an clear key, a switch key, and the like. The card reader may include a magnetic card reader, a contact IC card reader, a contactless card reader, or the like. The biometric acquisition device may include a first camera, a fingerprint module, an electronic signature panel, a first microphone, and the like. The first touch screen may be used as an Electronic Signature Panel (Electronic Signature Panel). The second touch screen and the first touch screen have the same implementation principle and may be the same touch screen, and the second physical keyboard and the first physical keyboard have the same implementation principle and may be the same physical keyboard, which are not described herein again. The code acquisition equipment can comprise a second camera or a code scanning gun, and the first camera and the second camera can be the same camera. The digital certificate device may include a security key.
In application, the display screen may also be used to display content related to security authentication data, for example, an input interface displaying a personal identification code, a face image collected by a camera when a user inputs a face account, and prompt information prompting the user to input various security authentication data. The Display screen may be any type of Display screen, such as a Liquid Crystal Display screen based on Liquid Crystal Display (LCD) technology, an Organic electroluminescent Display screen based on Organic electroluminescent Display (OLED) technology, a Quantum Dot Light Emitting diode (Quantum Dot Light Emitting Diodes) Display screen based on Quantum Dot Light Emitting Diodes (QLED) technology, or a curved Display screen. The functions of the first touch screen, the second touch screen and the display screen can be combined into a whole, and the touch screen with touch and display functions is adopted to replace the touch screen.
In application, the communication Module may be a Subscriber Identity Module (SIM) card (also called a Subscriber Identity Module), a Wireless Local Area Network (WLAN) Module (e.g., Wi-Fi Module), a Bluetooth (BT) Module, a Zigbee (Zigbee) protocol Module, a Frequency Modulation (FM) Module, a Near Field Communication (NFC) Module, an Infrared (IR) Module, a mobile communication network (cellular/mobile network) Module, or other Wireless communication modules, the communication module may be a wired communication module such as a Local Area Network (LAN) module, a two-wire Serial Bus (I2C) module, a Universal Serial Bus (USB) module, a Universal Asynchronous Receiver/Transmitter (UART) module, and the like.
The security-related interface module provided in the embodiment corresponding to fig. 3 includes a plurality of security-related interfaces for inputting payment-related data, so that the security device can support a plurality of payment methods and is widely applicable.
In one embodiment, the secure processor module is further configured to control a first preset area of the display screen to display the first prompt message after the first prompt message is generated.
In one embodiment, the secure processor module is further configured to output a second prompt message through the at least one first communication interface when the authentication of the secure authentication data fails or the verification of the data to be verified fails.
In an application, when the authentication of the security authentication data fails, for example, when any security-related interface receives wrong password data or account data, the security processor module may control the second preset area of the display screen to display second prompt information for prompting the user that the password data or the account data is wrong, specifically, "password is wrong, please re-input |)! ". When the first data to be verified fails to be authenticated, for example, when the payment-related firmware or application program received by any safety-related interface has a safety risk, the safety processor module may control the second preset area of the display screen to display second prompt information for prompting that the payment-related firmware or application program has the safety risk, specifically, "there is a safety risk, installation is prohibited |)! ". The first preset area or the second preset area can be set as any area of the display screen according to actual needs, for example, an upper left corner area, an upper right corner area, a top area, a bottom area and the like of the display screen. The first preset area and the second preset area may be the same area or different areas of the display screen.
In one embodiment, the security-related interface module further comprises:
the storage interface is used for inputting the data to be checked and signed and the data without being signed and outputting a first processing result, a second processing result and a third processing result;
and the at least one audio interface is used for outputting the first processing result, the second processing result, the third processing result and the first prompt message.
In an application, the security-independent interface may not include an audio interface. The number and the functions of the communication interface, the storage interface and the audio interface are different according to different types of data needing to be input or output, and the data can be set according to actual needs, for example, when the first processing result comprises a bill for payment, the security irrelevant interface module can comprise a communication interface used for being connected with a printer and a communication interface used for being connected with a second display screen; when the first processing result includes encrypted security authentication data, the security independent interface module may include a storage interface for connecting with a storage device; when the non-signed data includes the application program, the security independent interface module may include a communication interface for connecting with the communication module to download the application program, and may further include a storage interface for connecting with the storage device to read the application program from the storage device; when the third processing result is analog audio data, the security independent interface module may include an audio interface for connecting with an audio device to output the analog audio data to the audio device for playing.
In one embodiment, the at least one communication interface in the safety-related interface module is further for connecting with at least one of a printer, a sensor, a positioning module, and an LED;
at least one storage interface in the security-related interface module is used for connecting with at least one storage device;
at least one audio interface in the security-relevant interface module is used for connecting with at least one audio device.
In application, the sensor can be set as any sensor according to actual needs, for example, a light sensor for sensing the ambient brightness to adaptively adjust the brightness of the display screen. The Positioning module may be a Global Positioning System (GPS) module, a Global Navigation Satellite System (GNSS) module, a BeiDou Navigation Satellite System (BDS) module, or the like. The LED may be any color of LED, such as red, green, or yellow, that can be continuously illuminated or flash at different frequencies to indicate to the user various operating states of the security device, such as on, off, low, full, standby, sleep, etc. The secure processor module may be connected to a corresponding number of communication modules, printers, sensors, positioning modules, or LEDs via any number of communication interfaces.
In application, the storage device may be a Secure Access Module (SAM) Card, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Memory Card (Flash Card), a Double Data Rate Synchronous Dynamic Random Access Memory (DDR SDRAM), a USB Flash Disk (USB Flash Disk, UFD), or the like. The secure processor module may be connected to a corresponding number of storage devices through any number of storage interfaces.
In applications, the audio device may include a Buzzer (e.g., a Digital beeper), a Speaker (Speaker), and the like. The buzzer and the loudspeaker are used for sending out voice prompt information according to actual needs, for example, the buzzer can send out a buzzer when the user password data or the account number data are wrong, and the loudspeaker can send out voice prompt information when the user password data or the account number data are wrong, specifically, the voice prompt information can mean' password error, request for re-inputting! "is used. The secure processor module may be connected to a corresponding number of audio devices through any number of audio interfaces.
In the above embodiment, the security-related interface module includes a password input interface, an account input interface, a display screen interface, a communication interface, a storage interface, and an audio interface, so that the security device has functions of password input, account input, display, communication, storage, and voice interaction.
As shown in fig. 4, in an embodiment, the security-related interface module 1 is further configured to input the second data to be checked and output the fourth processing result and the fifth processing result;
the safety processor module 3 is also used for checking the second data to be checked and generating a fourth processing result;
the security device 100 further comprises:
and the second application processor module 4 is connected with the safety-related interface module 1 and the safety processor module 3 and is used for processing the second data to be checked and signed and generating a fifth processing result when the second data to be checked and signed is successfully checked and signed.
In an application, the second application processor module comprises at least one second application processor. The number of the second application processors included in the second application processor module can be set according to actual needs, for example, the second application processor module includes one or more second application processors. Each second application processor may be connected to any number of security processors, first application processors and security-related interfaces as desired. The second application processor and the safety processor which are connected with each other can be in communication connection through the second communication interface, and can also be directly connected through a wiring structure of a printed circuit board, a wiring structure of a flexible circuit board or a cable.
In the application, the second data to be verified is data related to payment, such as Boot Loader (Boot Loader), firmware or application program related to payment, in addition to the password data and the account data. The security authentication data further comprises password data or account data corresponding to the second data to be checked, and the security processor module is specifically used for checking the second data to be checked in a manner of checking the password data or the account data corresponding to the second data to be checked. The fourth processing result is related data generated by the secure processor module after the secure processor module performs signature verification on the data input by the secure processor module and to be verified, wherein the related data is used for representing success or failure of signature verification on the data to be verified, for example, when the signature verification of the data to be verified is successful, the second signature verification result may include second prompt information used for representing "success of verification"; when the second data to be checked fails to check the label, the second result of checking the label may include second prompt information for representing "verification failed". The fifth processing result is data generated after the second application processor performs processing operations such as storage or running on the input second data to be checked and signed successfully, for example, when the second data to be checked and signed successfully is the payment-related application program, the second first result may include data output by the payment-related application program.
In one embodiment, the secure processor module and the second application processor module are provided integrally or independently of each other.
In the application, any number of safety processors and any number of second application processors in the safety equipment can be integrated and arranged into a whole according to actual needs so as to reduce the size, and can also be arranged independently, so that the maintenance and the replacement are convenient.
The secure processor module 3 and the second application processor module 4 are shown in an integrated configuration in fig. 4 by way of example.
In an Application, the secure Processor, the first Application Processor, and the second Application Processor may be implemented by a Central Processing Unit (CPU), a general-purpose Processor (e.g., a Microprocessor (MCU)), a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, and the like.
In application, each component connected with the safety-related interface module can be integrated with the safety equipment according to actual needs to be arranged into a whole as a part of the safety equipment, and can also be arranged independently from the safety equipment to be used as a peripheral component of the safety equipment.
The safety device provided by the embodiment of the application has the functions of checking and signing related data of payment, processing and monitoring unrelated data of payment and outputting prompt information, the safety of payment related currency transaction is guaranteed, the functions of the safety device unrelated to payment can be expanded, and the diversified requirements of users are met.
It will be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely illustrated, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the apparatus is divided into different functional modules to perform all or part of the above described functions. Each functional module in the embodiments may be integrated into one processing module, or each module may exist alone physically, or two or more modules are integrated into one module, and the integrated module may be implemented in a form of hardware, or in a form of software functional module. In addition, specific names of the functional modules are only used for distinguishing one functional module from another, and are not used for limiting the protection scope of the application.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative modules described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the modules is only one logical division, and other divisions may be realized in practice, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (10)

1. A security device, comprising:
the safety related interface module is used for inputting safety authentication data, first data to be checked and data without being checked and outputting a first processing result, a second processing result, a third processing result and first prompt information, wherein the safety authentication data comprises at least one of password data and account data;
the first application processor module is used for processing the label-free data and generating a third processing result;
the safety processor module is respectively connected with the safety related interface module and the first application processor module and used for processing the safety authentication data and generating a first processing result, processing the first data to be checked and generated a second processing result, forwarding the data without being checked to the first application processor module, forwarding the third processing result to the safety related interface module, monitoring the data without being checked and the third processing result and generating first prompt information.
2. The security device of claim 1, wherein the security processor module is specifically configured to:
when the label-free data is monitored, carrying out security verification on the label-free data, forwarding the label-free data to the first application processor module when the security verification of the label-free data passes, and generating first prompt information when the security verification of the label-free data does not pass;
when the third processing result is monitored, performing security verification on the third processing result, forwarding the third processing result to the security-related interface module when the security verification of the third processing result passes, and generating the first prompt information when the security verification of the third processing result does not pass;
or when the label-free data is monitored, forwarding the label-free data to the first application processor module and generating the first prompt information;
and when the third processing result is monitored, forwarding the third processing result to the safety-related interface module and generating the first prompt message.
3. The security device of claim 1, wherein the security-related interface module comprises:
at least one password input interface for inputting password data, the password data including at least one of a payment password and a device password;
the system comprises at least one account input interface, a password authentication interface and a digital certificate interface, wherein the account input interface is used for inputting account data, and the account data comprises at least one of a card authentication account, a biological characteristic authentication account, a password authentication account, a coding authentication account and a digital certificate account;
a display screen interface for outputting the first processing result, the second processing result, the third processing result and the first prompt message;
and the at least one first communication interface is used for inputting the data to be checked and signed and the data without signing and outputting the first processing result, the second processing result, the third processing result and the first prompt message.
4. The security device of claim 3, wherein the at least one password input interface is to interface with at least one of a first touch screen and a first physical keyboard;
the at least one account input interface is used for being connected with at least one of a card reader, a biological characteristic acquisition device, a second touch screen, a second physical keyboard, a code acquisition device and a digital certificate device;
the display screen interface is used for being connected with a display screen;
the at least one first communication interface is used for connecting with at least one communication module.
5. The security device of claim 4, wherein the security processor module is further configured to control a first preset area of the display screen to display the first reminder message after the first reminder message is generated.
6. The security device of claim 4, wherein the security processor module is further configured to output a second prompt via the at least one first communication interface when the authentication of the security authentication data fails or the verification of the data to be verified fails.
7. The security device of claim 3, wherein the security-related interface module further comprises:
and the at least one storage interface is used for inputting the data to be checked and signed and the data without being signed and outputting the first processing result, the second processing result and the third processing result, and is used for outputting the first processing result, the second processing result, the third processing result and the first prompt message.
8. The security device of claim 7, wherein the at least one first communication interface is further for interfacing with at least one of a printer, a sensor, a positioning module, and an LED;
the at least one storage interface is used for connecting with at least one storage device;
the at least one audio interface is used for connecting with at least one audio device.
9. The security device according to any one of claims 1 to 8, wherein the security independent interface module is further configured to input second data to be checked and output a fourth processing result and a fifth processing result;
the safety processor module is further used for processing the second data to be checked and signed and generating a fourth processing result;
the security device further comprises:
and the second application processor module is connected with the safety-related interface module, the safety-unrelated interface module and the safety processor module and is used for processing the second data to be checked and signed and generating a fifth processing result when the second data to be checked and signed is successfully checked and signed.
10. The secure device of claim 9, wherein the secure processor module and the second application processor module are provided integrally or independently of each other.
CN202010898996.8A 2020-08-31 2020-08-31 Safety device Pending CN112036883A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010898996.8A CN112036883A (en) 2020-08-31 2020-08-31 Safety device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010898996.8A CN112036883A (en) 2020-08-31 2020-08-31 Safety device

Publications (1)

Publication Number Publication Date
CN112036883A true CN112036883A (en) 2020-12-04

Family

ID=73586466

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010898996.8A Pending CN112036883A (en) 2020-08-31 2020-08-31 Safety device

Country Status (1)

Country Link
CN (1) CN112036883A (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103473865A (en) * 2013-08-30 2013-12-25 福建升腾资讯有限公司 Security monitoring method for self-service intelligent POS (point of sale) payment terminal
WO2015003524A1 (en) * 2013-07-11 2015-01-15 Tencent Technology (Shenzhen) Company Limited Method and apparatus for increasing security of an electronic payment
US20150324792A1 (en) * 2014-05-08 2015-11-12 Square, Inc. Establishment of a secure session between a card reader and a mobile device
WO2015188718A1 (en) * 2014-06-10 2015-12-17 北京奇虎科技有限公司 Mobile terminal-based payment method and apparatus, and mobile terminal
CN105761067A (en) * 2016-02-05 2016-07-13 北京微智全景信息技术有限公司 Intelligent pos machine security module and starting method thereof
CN205656721U (en) * 2016-05-17 2016-10-19 福建新大陆支付技术有限公司 Based on intelligence POS safety circuit of android system
CN106529931A (en) * 2016-11-30 2017-03-22 广州云移信息科技有限公司 Intelligent POS payment safety management system
WO2019001061A1 (en) * 2017-06-26 2019-01-03 深圳市文鼎创数据科技有限公司 Payment verification method and system, and mobile device and security authentication device
US20190166152A1 (en) * 2017-11-30 2019-05-30 Bank Of America Corporation System for information security threat assessment
CN109903020A (en) * 2019-01-24 2019-06-18 北京银联金卡科技有限公司 Internet of Things secure payment platform and clean boot, defence, method of payment
US20200043018A1 (en) * 2018-08-02 2020-02-06 Capital One Services, Llc Intelligent data sharing

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015003524A1 (en) * 2013-07-11 2015-01-15 Tencent Technology (Shenzhen) Company Limited Method and apparatus for increasing security of an electronic payment
CN103473865A (en) * 2013-08-30 2013-12-25 福建升腾资讯有限公司 Security monitoring method for self-service intelligent POS (point of sale) payment terminal
US20150324792A1 (en) * 2014-05-08 2015-11-12 Square, Inc. Establishment of a secure session between a card reader and a mobile device
WO2015188718A1 (en) * 2014-06-10 2015-12-17 北京奇虎科技有限公司 Mobile terminal-based payment method and apparatus, and mobile terminal
CN105761067A (en) * 2016-02-05 2016-07-13 北京微智全景信息技术有限公司 Intelligent pos machine security module and starting method thereof
CN205656721U (en) * 2016-05-17 2016-10-19 福建新大陆支付技术有限公司 Based on intelligence POS safety circuit of android system
CN106529931A (en) * 2016-11-30 2017-03-22 广州云移信息科技有限公司 Intelligent POS payment safety management system
WO2019001061A1 (en) * 2017-06-26 2019-01-03 深圳市文鼎创数据科技有限公司 Payment verification method and system, and mobile device and security authentication device
US20190166152A1 (en) * 2017-11-30 2019-05-30 Bank Of America Corporation System for information security threat assessment
US20200043018A1 (en) * 2018-08-02 2020-02-06 Capital One Services, Llc Intelligent data sharing
CN109903020A (en) * 2019-01-24 2019-06-18 北京银联金卡科技有限公司 Internet of Things secure payment platform and clean boot, defence, method of payment

Similar Documents

Publication Publication Date Title
US9674705B2 (en) Method and system for secure peer-to-peer mobile communications
US9824244B1 (en) Systems and methods for a wearable user authentication factor
US9904912B2 (en) Protecting transactions
US9898695B2 (en) Security token and authentication system
CN106688004B (en) Transaction authentication method and device, mobile terminal, POS terminal and server
CN110276588B (en) Electronic signature authentication method and device and computer readable storage medium
CN101551840A (en) Camera module and authentication system
US20190311106A1 (en) System and method for pin entry on mobile devices
CN102035654A (en) Identity authentication method, identity authentication equipment, server and identity authentication-based encryption method
CN203386262U (en) Mobile terminal, authentication confirmation device and authentication system
US10147090B2 (en) Validating a transaction with a secure input without requiring pin code entry
US9449316B2 (en) Settlement terminal device and settlement process method using the same
US20220014526A1 (en) Multi-layer biometric authentication
US11797974B2 (en) Systems and methods for securely generating and printing a document
CN101222334B (en) Cipher token safety authentication method adopting picture interference
NO314280B1 (en) Procedure for digitally signing a message
CN201577098U (en) Information security verification equipment
CN112036861B (en) Safety equipment
CN112036883A (en) Safety device
CN103020506A (en) Key equipment and method integrating photographing and bar code identification technologies
CN112036860A (en) Safety device
US20210350389A1 (en) Notarization mobile application system and method
TWM624786U (en) Interactive remote contracting and signature generating system
JP2002041478A (en) System and method for authentication, and recording medium with authentication program recorded thereon
TWM612913U (en) Identity Verification System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20201223

Address after: 401, 402, building 3, Shenzhen Software Park, Nanshan District, Shenzhen City, Guangdong Province

Applicant after: PAX COMPUTER TECHNOLOGY (SHENZHEN) Co.,Ltd.

Address before: 518000 701, Jinke office building, No.8 Qiongyu Road, Science Park community, Yuehai street, Nanshan District, Shenzhen City, Guangdong Province

Applicant before: Shenzhen Zhaolong Technology Co.,Ltd.