CN203350880U

CN203350880U - POS safety certification device and system

Info

Publication number: CN203350880U
Application number: CN 201320266926
Authority: CN
Inventors: 董宏勋; 肖平; 肖凯提; 袁洲; 王琛; 牟战东; 沈新力; 张新莲; 赵萍; 孙珊珊
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2013-05-16
Filing date: 2013-05-16
Publication date: 2013-12-18
Anticipated expiration: 2023-05-16

Abstract

The utility model discloses a POS safety certification device and system. The device comprises a safety certification information acquisition module, a certification information communication module, a master control module and a data channel safety control module, wherein the safety certification information acquisition module is used for acquiring safety certification information of a user, the certification information communication module is used for sending the safety certification information of the user to a bank server to conduct safety certification and receiving the returned safety certification data, the master control module is used for generating a data processing result according to the safety certification data, and the data channel safety control module is used for controlling data interaction between the POS safety certification device and an external device according to the data processing result. According to the POS safety certification device and system, acquisition, registration and safety certification verification of satellite positioning information of relevant devices and equipment are achieved, the biological characteristic safety authorization verification function is provided for the POS safety certification, the safety of the POS safety certification is effectively improved, a password of the user is prevented from being leaked, and safety payment of a mobile phone of the user at a given time and place is achieved.

Description

POS safety certification device and system

Technical field

The utility model, about information security field, particularly about bank POS equipment safety technology, is a kind of POS safety certification device and system concretely.

Background technology

Along with the fast development of infotech, mobile-phone payment starts prevailing.For ensureing the safety of mobile-phone payment, existing before the method for mobile-phone payment usually be divided into three steps, at first, the client opens the mobile-phone payment business bank is signing, completes relevant registration and the mandates such as binding of mobile phone card number and bank account; Secondly, before mobile-phone payment, the client sends the payment request information with simple payment cipher secure authenticated information by mobile phone to bank's mobile-phone payment security certification system; Finally, by bank's mobile-phone payment security certification system, client's simple payment cipher payment request information is carried out to safety certification, if safety certification by completing mobile-phone payment, otherwise, refuse this mobile phone with payment function and pay request.

Yet, along with the mobile phone trojan horse spread unchecked and the malice of mobile phone operating system security breaches is surveyed and illegal the utilization, the hand set paying method of prior art exists obvious technical security hidden danger and functional defect.At first, under the prior art condition, the satnav geographical location information of the keys such as mobile phone with payment function payment opertaing device do not carried out in good time safety verification, the associated wireless devices such as mobile phone and the crucial opertaing device that pays easily occurring and illegally usurped or illegally access the crime dramas such as payment transaction net network, causes heavy losses.Secondly, existing Mobile-Payment Technology, do not carry out safety certification and check mobile phone with payment function and digital certificates holder's legitimacy, authenticity, biological characteristic, has an authentication password, certificate and do not authenticate the potential safety hazard of people and equipment.Have again, existing Mobile-Payment Technology, only be conceived to mobile phone holder's service authorization legitimacy is authenticated, fail to realize that the POS of trade company digital certificates, people, system, equipment that trade company's charge is played a crucial role carry out the maltilevel security authentication, do not realize that the mobile-phone payment client pays the electronic license book in the on-the-spot there and then of shopping with Quick Response Code and paid autonomous confirmation and on-the-spot audio-visual evidence obtaining yet, the client easily occurs and palm off the denial that pays or conclude the business.

Therefore, not only there is the deficiency on some function in existing mobile-phone payment, and the security of mobile-phone payment and POS payment is poor, exist obvious technical security and information leakage hidden danger, easily cause transaction to deny personation and the crucial illegal use that pays control device, make the popularization of mobile-phone payment run into exceptional hardship.

The utility model content

The utility model embodiment provides a kind of POS safety certification device, and described device comprises:

The secure authenticated information acquisition module, for obtaining user's secure authenticated information;

The authentication information communication module, carry out safety certification for described user safety authentication information is sent to bank server, and receive the safety certification data of returning;

Main control module, for according to described safety certification data generated data result;

Data channel peace control module, for controlling the data interaction of POS safety certification device and external unit according to described data processed result.

Preferably, the secure authenticated information in the utility model embodiment comprises: accounts information, user's biological information, user's digital certificates information and the condition code of POS safety certification device of user's input.

Preferably, the biological information of the user in the utility model embodiment comprises: user's head portrait, voice, nethike embrane, iris, fingerprint, finger vena information;

Preferably, the digital certificates information of the user in the utility model embodiment comprises: the digital certificates information of mobile phone two-dimensional code electronic certificate information, ID (identity number) card information, bank card information, social security card information, U shield digital certificates and IC-card, TF clip type;

The condition code of described POS safety certification device: comprise banking institution's coding, device coding, Subscriber Unit account identification coding, user of service's recognition coding, generate according to specific cryptographic algorithm.

Preferably, the secure authenticated information acquisition module in the utility model embodiment comprises:

Data input device, for receiving the accounts information of user's input;

The collecting biological feature information device, for head portrait, voice, nethike embrane, iris, fingerprint, the finger vena information that gathers the user;

External certificate information harvester, for ID (identity number) card information, bank card information, social security card information, U shield digital certificates and the IC-card that gathers the user, the digital certificates information of TF clip type;

The mobile phone two-dimension code information receiver, the mobile phone two-dimensional code electronic certificate information collected for receiving external unit.

Preferably, in the utility model embodiment, the POS safety certification device also comprises:

The usb communication module, for carrying out usb communication with external unit;

Wireless communication module, for carrying out radio communication with external unit;

Quick Response Code multimedia message communication module, for and external unit between to carry out the Quick Response Code multimedia message mutual.

Preferably, the peace control of the data channel in the utility model embodiment module is controlled the data interaction of described usb communication module, wireless communication module and Quick Response Code multimedia message communication module and external unit according to described data processed result.

Preferably, the POS safety certification device in the utility model embodiment also comprises:

The satellite positioning information processing module, for gathering and generate the satellite positioning information of described POS safety certification device.

Simultaneously, the invention also discloses a kind of POS security certification system, this system comprises: bank server, POS safety feature, trade company's application server, the POS of trade company terminal, scene evidence taking Quick Response Code reading device and biological characteristic entrance guard device;

Described scene evidence taking Quick Response Code reading device is connected with the described POS of trade company terminal, the described POS of trade company terminal and biological characteristic entrance guard device are connected with described trade company application server by trade company's network, and described trade company application server is connected with described bank server by described POS safety certification device; Wherein,

Described POS safety feature comprises:

Described user's digital certificates information comprises: the digital certificates information of mobile phone two-dimensional code electronic certificate information, ID (identity number) card information, bank card information, social security card information, U shield digital certificates and IC-card, TF clip type;

Preferably, the biological characteristic entrance guard device in the utility model embodiment, for head portrait, voice, nethike embrane, iris, fingerprint, the finger vena information that gathers the user.

Preferably, the trade company's POS terminal in the utility model embodiment comprises:

Data input device, for receiving the accounts information of user's input;

External certificate information harvester, for ID (identity number) card information, bank card information, social security card information, U shield digital certificates and the IC-card that gathers the user, the digital certificates information of TF clip type.

Preferably, the scene evidence taking Quick Response Code reading device in the utility model embodiment, for gathering user's mobile phone two-dimensional code electronic certificate information.

Preferably, the POS safety feature in the utility model embodiment also comprises:

Preferably, the scene evidence taking Quick Response Code reading device in the utility model embodiment also comprises:

The satellite positioning information processing module, the satellite positioning information of the POS of the trade company terminal be connected with described scene evidence taking Quick Response Code reading device with generation for collection.

For above and other purpose of the present utility model, feature and advantage can be become apparent, preferred embodiment cited below particularly, and coordinate appended graphicly, be described in detail below.

The accompanying drawing explanation

In order to be illustrated more clearly in the utility model embodiment or technical scheme of the prior art, below will the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described, apparently, accompanying drawing in the following describes is only embodiment more of the present utility model, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.

The structured flowchart that Fig. 1 is the disclosed a kind of POS safety certification device of the utility model;

The structured flowchart that Fig. 2 is the utility model POS safety certification device one embodiment;

The POS security certification system structural representation that Fig. 3 is the utility model embodiment;

The structured flowchart that Fig. 4 is the utility model scene evidence taking and Quick Response Code reading device;

The structured flowchart that Fig. 5 is the financial intermediary's mobile-phone payment front end processor in the utility model embodiment;

The structured flowchart that Fig. 6 is the financial POS Service Process Server in the utility model embodiment;

The process flow diagram that Fig. 7 is mobile-phone payment safety certifying method during the utility model is implemented;

Fig. 8 is the mutatis mutandis safety certification workflow diagram of registering of the utility model embodiment POS digital certificates safety certification device;

Fig. 9 is the mutatis mutandis safety certification workflow diagram of registering of the utility model embodiment trade company's scene evidence taking and Quick Response Code reading device.

Embodiment

Below in conjunction with the accompanying drawing in the utility model embodiment, the technical scheme in the utility model embodiment is clearly and completely described, obviously, described embodiment is only the utility model part embodiment, rather than whole embodiment.Embodiment based in the utility model, those of ordinary skills are not making under the creative work prerequisite the every other embodiment obtained, and all belong to the scope of the utility model protection.

The utility model provides a kind of POS safety certification device, there is two dimension code reading and the crucial opertaing device satnav geographical location information that pays gathers authentication function in good time, the crucial Quick Response Code that pays the current satnav geographical location information stamp of opertaing device and timeliness stamp and financial payment clearing safety verification relevant information that has that can read and identify on client's mobile phone screen pays the electronic license book, the on-the-spot E-Payment of compulsory implement certificate is autonomous to be confirmed and on-the-spot audio-visual evidence obtaining confirmation, and with the POS security certification system, coordinate the security related information to wherein comprising to implement safety certification, to realize that the client carries out secure payment in trade company's on-the-spot there and then of doing shopping with mobile phone, prevent crucial to pay control device and mobile phone is illegally usurped or the illegal crime dramas such as access.

As shown in Figure 1, the structured flowchart for the disclosed a kind of POS safety certification device of the utility model comprises:

Secure authenticated information acquisition module 101, for obtaining user's secure authenticated information;

Wherein, secure authenticated information comprises: accounts information, user's biological information, user's digital certificates information and the condition code of POS safety certification device of user's input.User's biological information comprises: user's head portrait, voice, nethike embrane, iris, fingerprint, finger vena information; User's digital certificates information comprises: the digital certificates information of mobile phone two-dimensional code electronic certificate information, ID (identity number) card information, bank card information, social security card information, U shield digital certificates and IC-card, TF clip type;

Authentication information communication module 102, carry out safety certification for user safety authentication information is sent to bank server, and receive the safety certification data of returning.

Main control module 103, for according to safety certification data generated data result;

Data channel peace control module 104, for controlling the data interaction of POS safety certification device and external unit according to data processed result.In addition, also comprise the satellite positioning information processing module, for gathering and generate the satellite positioning information of described POS safety certification device.

Wherein, the secure authenticated information acquisition module comprises:

Data input device, for receiving the accounts information of user's input;

Wherein, each parts of secure authenticated information acquisition module can be realized by the device be connected with the POS safety certification device, as the data input media, can realize by the input keyboard of the POS terminal that is connected with the POS safety certification device, the collecting biological feature information device can be by realizations such as external camera, fingerprint acquisition device, retinal information harvesters, and external certificate information harvester can be realized by the card reader of POS terminal.

Wherein, the POS safety certification device also comprises:

Data channel peace control module 104 is controlled the data interaction of described usb communication module, wireless communication module and Quick Response Code multimedia message communication module and external unit according to data processed result.

When POS digital certificates safety certification device of the present utility model is specifically applied, can be made as a kind of micro device, easy to carry and use.The safety check selection key, select to arrange authentication for the authenticate device keeper of trade company, the authenticate device keeper of trade company triggers authentication selection function menu by this button, making it is the selected a kind of suitable maltilevel security of the electronic authorization step by step authentication mode of the authenticate device operator of trade company neatly, in order to complete the use authority authentication of authenticate device.Except a kind of biological information to startup password and the authenticate device operator of trade company is authenticated, also to carry out the validity authentication to the digital certificates of the authenticate device operator's of trade company a certain standard, as IC-card certificate, SD(or TF) card certificate, U shield certificate, close range wireless communication (NFC) digital certificates, radio frequency identification (RFID) digital certificates etc., accomplish that public and private mandate all must legally authenticate, prevent that authenticate device is by illegal unauthorized operation and use; Parameter arranges the registration button, for the authenticate device keeper of trade company, by the parameter setting function of the automatic triggering authentication device of this button, completes parameter registration is set, and realizes people, machine, the authentication of system maltilevel security; Application master menu button, for the authenticate device keeper of trade company, pass through after the audio-visual evidence obtaining information of the system mend upgrading of the automatic triggering authentication application of installation of this button and parameter maintenance and curstomer`s site pays to check function, its user and password are set when the authenticate device arrangement in-place activation by the personnel of financial institution, and the reading of content according to current I C card I.D. realizes the switching between a plurality of users simultaneously.Effect is to set up to be connected with the IP of financial POS business information processing server, and automatic deployment downloads, moves, upgrades, upgrades some application and system mend and safeguard some operational factor, or the log-on message of authenticate device and apparatus characteristic information etc. are sent to financial POS business information processing server; Confirm and direction is controlled button, confirmed after completing the current window input message for the user, the notification authentication device carries out subsequent treatment, or completes the cursor location by the direction operating key; Cancel/revise button, for the user, the input message of current secret window cancelled and re-entered, or fast revising timely with the information to input error; Camera, with the infrared illumination lamp, for obtaining site environment image video of living in and the photo of this human head picture of user biological characteristic or authenticate device, complete security monitoring in case of necessity; Microspeaker, be used for play cuing voice and from the alarm voice signal of server, and its volume keys available is regulated setting; Touching display screen, be used for generality input and the operation of completing user, and show user related information and input window, the duty of indication channel security authenticate device; The physical characteristics collecting device, be responsible for gathering safely user fingerprints or finger vena information, can be also the biological characteristic that nethike embrane, iris etc. easily extract; Microphone, for gathering user speech and site environment sound; Merchant server connector and scene evidence taking and Quick Response Code reading device interface, the merchant server connector is used for connecting authenticate device and merchant server by the serial communication mode, realizes communication and exchanges data between them, one of them work, another is standby, or all carries on a shoulder pole.Scene evidence taking and Quick Response Code reading device interface are for being connected to authenticate device by scene evidence taking and Quick Response Code reading device by wired or wireless network, realize that mobile phone on-site payment Quick Response Code visa is confirmed and the client pays scene evidence taking, be positioned at the authenticate device trailing flank; External power supply, for connecting external power source, for authenticate device supplies distribution, be positioned at the authenticate device trailing flank; External connected electronic certificate interface, be used for the authenticate device user in safety certification process, automatically read the main security factor information of user IC chip card, and the information of the multiple electronic security(ELSEC) certificate of certification such as IC-card certificate, TF card (or SD card) certificate, U shield digital certificates, close range wireless communication (NFC) digital certificates, radio frequency identification (RFID) digital certificates, process and be transmitted to the POS security certification system and carry out safety certification.NFC, RFID, IC-card certificate information reader all are positioned at the trailing flank of authenticate device, and IC-card digital certificates information reading device can also, for reading active user's IC-card information, comprise the information of the IC chip cards such as IC-card I.D., IC bank card, social security IC-card.SD(or TF) card certificate socket is positioned at the left surface of authenticate device, and U shield card certificate socket is positioned at the right flank of authenticate device, be responsible for gathering user U shield information and carry out safety certification, or be connected between authenticate device and merchant server, carrying out the USB communication, also can download digital certificates information for the user; Receiver J-Horner, for frames connecting with headphone, realize the earphone output of sound, and volume can be regulated with the button on its side, is positioned at the authenticate device right flank; Power switch, for carrying out the control of authenticate device power supply, opened or closed, and is positioned at the authenticate device right flank; The communication card socket, be used to remote I P wireless communication card and two different operators' multimedia message address card that circumscription socket is provided, and realizes relevant communication, is positioned at the authenticate device left surface; The external wireless antenna module, for financial intermediary mobile-phone payment front end processor, carrying out the telecommunication network communication antenna, strengthen the reliability of signal, is positioned at the authenticate device right flank; The authenticate device back side, for arranging the auxiliary auxiliary facilities such as rechargeable battery; The authenticate device main frame, be used to authenticate device that master control electric component and relevant matching component are provided, and comprises some status indicator lamps, facilitates fault diagnosis and condition monitoring.

Below in conjunction with concrete embodiment, the utility model embodiment is described in further details.

Fig. 2 is the structured flowchart of the utility model POS safety certification device one embodiment, for realizing main technical content of the present utility model.POS safety certification device of the present utility model specifically can be achieved as follows function:

One is to provide the two dimension code reading function, can read and identify the two-dimensional code electronic license passport information on client's mobile phone, this two-dimensional code electronic certificate license information has the crucial current satnav geographical location information stamp of opertaing device and the timeliness stamp of paying, financial payment clearing safety verification relevant information, can realize that in the on-the-spot there and then mobile phone secure payment of shopping, confirming to provide technology to control supports for the client by this function.

The 2nd, set up POS digital certificates safety certification device separate and isolation the payment data exchange message passage between 2 D code information interchange channel, trade company's application server and the POS digital certificates safety certification device between maintenance and secure authenticated channel, POS digital certificates safety certification device and scene evidence taking and Quick Response Code reading device information exchanging channel, POS digital certificates safety certification device and financial intermediary's mobile-phone payment front end processor is set, identify and implement passage regulation and control and shunting transmission by information source, the information that effectively prevents is kidnapped and the malicious attack invasion;

The 3rd, by the client being paid to the biometric secure checkings such as on-the-spot audio-visual evidence obtaining and head portrait identification, fingerprint recognition, speech recognition, realize evaluation before the payment of the true legitimacy of mobile phone possessor and inspection after paying;

The 4th, for the safety certification characteristic parameter arranges location registration process, safety certification, upgrade maintenance, payment operation information data exchange correlation mobile-phone payment mode of operation provides technical support.

With reference to Fig. 2, POS digital certificates safety certification device of the present utility model comprises: central processing unit 200, safety check selection key 201, parameter arranges registration button 202, application master menu button 203, confirm and direction control button 204, cancel/revise button 205, scene evidence taking and Quick Response Code fetch interface device 206, touch control display apparatus 207, physical characteristics collecting device 208, external certificate information harvester 209, information partition management and top control module 210, information-communication device 211, information identification passage security control device 212, satellite positioning information processing module 213, power supply and battery charger 214.All parts are all implemented electrical connection with central processing unit 200 by data bus, and carry out information interaction, power supply and battery charger 214 are powered for all parts, for the message exchange between trade company's application system and financial POS security certification system provides equipment and technical support.

Central processing unit 200, to carry out the maincenter of two-way information interaction between each parts of POS digital certificates safety certification device, it is also the control center of each parts of device, for the work between master control, management and inner each parts of collaborative described POS digital certificates safety certification device, complete information interaction and command service response between its internal part.Between central processing unit 200 and other parts, information interaction is all arranged, central processing unit 200 receives the various log-on messages that arrange of button operation and touch control display apparatus 207 inputs, comprise: POS digital certificates safety certification device user right register information, POS digital certificates safety certification device subscriber authorisation secure authenticated information, digital certificates technical parameter table information, the POS of trade company register name, the POS operating personnel of trade company list, trust the POS of trade company apparatus characteristic log-on message, the POS of trade company satnav characteristic information, the customization of transmission information form, information element splits analytical algorithm automatically, classified information conversion deformation algorithm, information element automatic packaging packing algorithm, Quick Response Code multimedia message Processing Algorithm, the less radio-frequency messaging software, the close range wireless communication process software, the information such as user's input feature vector information, and recalls information partition management and top control module 210 it is processed after subregion carry out safe storage.When central processing unit 200 receives POS digital certificates safety certification device user's logging request and the POS of trade company equipment and trusts user's authorizing secure authentication request and even during trade company's payment and settlement information security prosecution solicited message, recalls information partition management and top control module 210, information identification passage security control device 212 and satellite positioning information processing module 213, resolve the safety certification relevant information of extracting wherein, carry out the POS operating personnel of trade company, the POS of trade company apparatus characteristic, the POS of trade company satellite positioning information rationality, after the maltilevel security authentication responses such as swap data form and content characteristic are processed, the feedback processing object information is transmitted to the POS of trade company again to touch control display apparatus 107 or by merchant server.When central processing unit 100 receives audio-visual evidence obtaining information and POS certificate safety certification request information and POS digital certificates safety certification device upgrade maintenance solicited message, call scene evidence taking and Quick Response Code fetch interface device 106, information partition management and top control module 210, information identification passage security control device 212, after satellite positioning information processing module 213 is screened management and control and respective handling to it, send to information-communication device 211, send the mobile-phone payment front end processor to financial intermediary by information-communication device 211 again, and then be transmitted to the financial POS Service Process Server and carry out that safety certification and upgrade maintenance are processed and the inspection of audio-visual evidence obtaining information, or reception financial intermediary mobile-phone payment front end processor forwards next financial POS Service Process Server service response processing feedback result, call scene evidence taking and Quick Response Code fetch interface device 206, information partition management and top control module 210, information identification passage security control device 212 and satellite positioning information processing module 213, complete voice suggestion and complete the concrete subsequent treatment work of financial POS Service Process Server relevant control instruction, further by information source, identify again and after passage regulation and control process, feed back to the request apparatus for initiating, when central processing unit 200 receives the relevant information of mobile-phone payment settlement data exchange message that trade company's application server sends and two dimension code reading harvester, recalls information partition management and top control module 210, scene evidence taking and Quick Response Code fetch interface device 206, satellite positioning information processing module 213, information identification passage security control device 212 relevant apparatus, automatically resolve extraction payment and settlement related exchange information and carry out multiple Information Authentication management and control, and after carrying out the processing such as safety encipher and Quick Response Code generation, send to Quick Response Code multimedia message dispensing device, and then be transmitted to that financial intermediary's mobile-phone payment front end processor carries out information analysis and format is processed, again and then be transmitted to the financial POS Service Process Server and carry out safety of payment inspection control and payment transaction Account Disposal.Then, the financial POS Service Process Server feeds back to financial intermediary's mobile-phone payment front end processor by the client's mobile-phone payment information result after processing, be transmitted to information identification passage security control device 212 after formaing processing by it again, and then be transmitted to Quick Response Code multimedia message breath receiving trap, carry out Quick Response Code dissection process Hou Xunyuan road and feed back to trade company's application server and even the POS of trade company.

Safety check selection key 201, when POS digital certificates safety certification device is operated in the safety certification pattern, the authenticate device keeper of trade company triggers the authentication selection function by this button, making it is the selected a kind of suitable authentication of the authenticate device operator of trade company neatly, in order to complete the use authority authentication of POS digital certificates safety certification device.Now, the POS digital certificates safety certification device automatic acquisition authenticate device keeper of trade company authentication selection result information, call the associated components such as touch control display apparatus 207, physical characteristics collecting device 208, external certificate information harvester 209, information partition management and top control module 210, after carrying out necessary processing, subregion is preserved, and starts the authenticate device operator of trade company is carried out the security certificate authentication of device rights of using and data exchange channel unlatching authority according to this authentication.The authenticate device keeper of trade company can independently select the combination attestation mode of the biological informations such as different types of digital certificates, I.D., IC bank card, password and fingerprint, completes the safety certification of the use of POS digital certificates safety certification device and operation validity.The safety certification combination must meet following technical manual: the one, must comprise and only comprise a kind of biological characteristic authentication key element in the safety certification combination; The 2nd, for make safety certification efficient, flexibly, convenient, can only select wherein a kind of of multiclass digital certificates; The default project that substantially comprises that the 3rd, POS digital certificates safety certification device condition code, POS digital certificates safety certification device register name are the safety certification content, register with the implement device real name; The 4th, only have the user who is trusted in advance registed authorization just to have the right to use and operate POS digital certificates safety certification device.So just having formed flexible selection applies multiple digital certificates and carries out electronic authorization step by step, the safety certification example combinations of maltilevel security authentication, as: IC-card digital certificates+password+fingerprint+POS digital certificates safety certification device condition code+POS digital certificates safety certification device register name, TF card (or SD card) digital certificates+password+head portrait identification+POS digital certificates safety certification device condition code+POS digital certificates safety certification device register name, U shield digital certificates+password+voice+POS digital certificates safety certification device condition code+POS digital certificates safety certification device register name, close range wireless communication (NFC) or radio frequency identification (RFID) digital certificates+password+finger vena+POS digital certificates safety certification device condition code+POS digital certificates safety certification device register name etc.For improving security, it must be that the registed authorization user just can carry out operational access that the safety check mode is selected change, carry out necessary fraction and operating right system, the people is set in registration and certified people can not be identical, carry out the user by brush I.D. defeated close mode and operate login, but Modify password after login, if forget Password must re-register and could implement the password replacement by the personnel of financial institution.

After elected Dingan County procuratorial organ formula, just start that POS digital certificates safety certification device real name is registered and the authentication of relevant information channel security.Now, according to the authenticate device keeper of trade company, selected authentication carries out voice suggestion automatic acquisition associated safety authentication information to POS digital certificates safety certification device central processing unit 100, call scene evidence taking and Quick Response Code fetch interface device 206, information partition management and top control module 210, information identification passage security control device 212, after carrying out necessary temporary and format processing, send to information-communication device 211, send the mobile-phone payment front end processor to financial intermediary by information-communication device 211 again, and then be transmitted to that the financial POS Service Process Server carries out that POS digital certificates safety certification device real name is registered and relevant information passage regulation and control safety certification is processed, if authentication is passed through, pass through the Quick Response Code multimedia message receiving cable of financial intermediary's mobile-phone payment front end processor to POS digital certificates safety certification device, the Quick Response Code multimedia message that granting has the current satnav geography information stamp of POS digital certificates safety certification device and timeliness stamp and financial payment clearing safety verification relevant information sends the electronic license book, make and only held multimedia message transmission electronic license book, the Quick Response Code multimedia message sendaisle of POS digital certificates safety certification device could send data message and implement the payment information exchange.After this, the financial POS Service Process Server passes through financial intermediary's mobile-phone payment front end processor processing forward security certification result to central processing unit 200, if safety certification is passed through, recalls information partition management and top control module 210, touch control display apparatus 207 is processed rear demonstration feedback result, call after scene evidence taking and Quick Response Code fetch interface device 206 are processed simultaneously feedback result is carried out to voice suggestion, recalls information is identified passage security control device 212 and satellite positioning information processing module 213 simultaneously, carry out the instruction of financial POS Service Process Server relevant control, regulation and control locking POS digital certificates safety certification device safety certification and upgrade maintenance passage, open POS digital certificates safety certification device and scene evidence taking and Quick Response Code reading device information exchanging channel, 2 D code information interchange channel between POS digital certificates safety certification device and financial intermediary's mobile-phone payment front end processor, payment data exchange message passage between trade company's application server and POS digital certificates safety certification device, start to proceed to payment operation information data exchange mode of operation, if safety certification is not passed through, central processing unit 200 recalls information partition managements and top control module 210, touch control display apparatus 207 is processed rear demonstration feedback safety certification and is not passed through object information, call after scene evidence taking and Quick Response Code fetch interface device 206 are processed simultaneously and feedback result is carried out to the voice suggestion user re-start safety certification, when repeatedly safety certification is not successful, central processing unit 200 recalls information partition managements and top control module 210, information identification passage security control device 212, the locking secure authenticated channel, the closed safe authentication function, carry out audio alert also to the authenticate device keeper of trade company, the warning messages such as the personnel of financial institution cell phone multimedia message.

Parameter arranges registration button 202, POS digital certificates safety certification device (hereinafter to be referred as: when authenticate device) being operated in the safety certification characteristic parameter location registration process pattern be set, parameter for the authenticate device keeper of trade company by the automatic triggering authentication device of this button arranges registering functional, completes following parameter task is set: one completes the authenticate device keeper of trade company and operator's ID (identity number) card No. and the initialization mandate of password is set and registration, the two completes setting and the configuration of authenticate device operational factor, the three completes setting and the registration of being trusted the information source device features such as the POS of trade company satellite positioning information of Internet access trade company application server, four complete the POS of the trade company operation user's name of having the right to carry out the payment data exchange, the POS of trade company endpoint registration title, registration and the setting of the security control informations such as the POS of trade company satnav characteristic information, realize man-machine system three's binding, only have the user of setting to use designated equipment login POS security certification system to be operated, could implement legal effective payment related data exchange, otherwise being judged to be invalid data by the satellite positioning information processing module exchanges, end its every operation and exchanges data, implementation accesses examination to the unauthorized POS of trade company when paying operation, prevent illegal access, legitimacy and the security of protected data exchange, information format and the content essential characteristic of five setting data exchanges, so that relevant apparatus and module are carried out automatic screening and rejecting to exchange data information format and content feature accordingly, on the one hand prevent information leakage, prevent on the other hand overlength, against regulation form, have not clear intention mess code and contain can not identifying information trade company pay application message and import in the POS security certification system.Wherein trade company's authenticate device keeper's authorized user title and password are registered setting by the personnel of financial institution when authenticate device is provided, but Modify password after login, if forget Password must by the personnel of financial institution could implement the replacement, change the device setting to prevent the unauthorized personnel.Now, authenticate device automatic acquisition parameter setting information, recalls information partition management and top control module 210, information identification passage security control device 212, satellite positioning information processing module 213, carry out necessary processing, preservation, and activation parameter arranges result, its parameter setting is come into force, and then start to carry out information processing according to this parameters and related data operating strategy.

Application master menu button 203, when authenticate device is operated in the upgrade maintenance pattern, pass through the audio-visual evidence obtaining information inspection of the system mend upgrading of the automatic triggering authentication application of installation of this button and parameter maintenance and curstomer`s site function for the authenticate device keeper of trade company, complete following task: one obtain the personnel of financial institution to authenticate device application master menu ID (identity number) card No. and the password relevant information by the bonding method user, complete that the initialization mandate is set and registration; The two foundation is connected with the IP of financial POS Service Process Server, and carries out the dependent instruction automatic deployment and download, move, upgrade, upgrade some application system patch and operational factor and software program module; The three sets up and is connected with the IP of financial POS Service Process Server, and according to client's phone number inspection checking client, (generalized case is to retain three times, can be set by trade company several times recently.) the audio-visual evidence obtaining information of mobile phone on-site payment; Four selection triggering and the fingerprints that have been used for functional mode are controlled and switch.In this process, central processing unit 200 receives application master menu button 203 trigger messages and operation user fingerprints safety verification information, when safety verification by the time automatically switch and start the corresponding function of application master menu, by with financial intermediary's mobile-phone payment front end processor, the financial POS Service Process Server carries out message exchange and completes the setting of related application maintenance parameters, and the application system auto-update is disposed and the audio-visual evidence obtaining information of curstomer`s site pays rear inspection, and accept the server response and process feedback result, recalls information partition management and top control module 210, touch control display apparatus 207 is processed rear demonstration relevant information switching task processing result information, after calling scene evidence taking and Quick Response Code fetch interface device 206 simultaneously and being processed, by voice suggestion feedback-related information switching task processing result information.

Confirm and direction is controlled button 204, for obtaining, current secret window information input validation that trade company and the personnel of financial institution send to authenticate device completes and cursor direction moves the control dependent instruction, and passes to top control module 210 and processed.In this process, the complete/input validation of operation that central processing unit 200 reception buttons 204 send is controlled information command, and passes to the POS security certification system after recalls information partition management and top control module 210 processing, completes the subsequent treatment work of this instruction.Certainly, its cursor position also can be positioned by contactor control device.

Cancel/revise button 205, for obtaining the cancellation that trade company and the personnel of financial institution send to authenticate device or the instruction of revising current secret window information, the information of current secret window input is cancelled and mobile cursor is modified or re-enters wrong content implementing.In this process, central processing unit 200 receives cancels/revises the command information of controlling that buttons 205 send, and recalls information partition management and top control module 210 be transmitted to the POS security certification system after processing, and completes the subsequent treatment work of this instruction.

Scene evidence taking and Quick Response Code fetch interface device 206, the payment on-site customer voice, head portrait and the mobile phone two-dimensional code electronic certificate information that for receiving scene evidence taking and Quick Response Code reading device, collect, after format is processed, be transferred to authenticate device central processing unit 200 and carry out relevant treatment.In this process, payment on-site customer voice, head portrait and mobile phone two-dimensional code electronic certificate information that scene evidence taking and Quick Response Code fetch interface device 206 reception scene evidence takings and Quick Response Code reading device collect, and, after automatically to imaging client, increasing scene evidence taking and the processing such as Quick Response Code reading device satnav address stamp and timestamp, be transferred to authenticate device central processing unit 200 and carry out relevant treatment.And then after being transmitted to financial intermediary's mobile-phone payment front end processor and formaing and process, and then be transmitted to again the financial POS Service Process Server and carry out maltilevel security authentication and payment processes.If safety check is passed through, complete client's mobile-phone payment and accounting processing, and retention client's mobile-phone payment scene is audio-visual, so that the later stage is paid on-the-spot audio-visual inspection; Otherwise, delete its scene audio-visual, and pay failed information or warning multimedia message to the POS of trade company, the operating personnel of trade company and client's mobile phone feedback.

Touch control display apparatus 207, be used for obtaining authenticate device operator's information input from touch screen and operation steering order forwarding relevant apparatus, and show the duty of authenticate device itself and all information that need to inform the authenticate device operator.To carry out information bidirectional mutual according to setting rule for touch control display apparatus 207 and central processing unit 200, touch control display apparatus 207 gathers user's operational order and be transmitted to central processing unit 200 after pre-service, after central processing unit 200 recalls information partition managements and top control module 210 are processed, be transmitted to other parts or the POS security certification system is processed; Or after the relevant demonstration of central processing unit 200 reception information processing, then after being transmitted to touch control display apparatus 207 processing, the enforcement relevant information shows.

Physical characteristics collecting device 208, for authenticate device user safety authentication process, the biological characteristic that automatically gathers the user under the control of central processing unit 200 passes to relevant apparatus, completes the biometric secure authentication.Biological characteristic can be fingerprint or finger vena information, even can comprise the finger temperature information that SMD intelligent temperature sensor collects.It can certainly be the biological characteristic that the head portrait, voice, nethike embrane, iris etc. of registered in advance authorized user easily extract; In this process, central processing unit 200 receives the user biological characteristic information that physical characteristics collecting device 208 gathers, and is transmitted to the POS security certification system after processing, carries out the authentication of user biological feature.

External certificate information harvester 209, be used for the authenticate device user in safety certification process, automatically read the main security factor information of IC chip card such as user identity card number, bank card number, social security card, and the information of the electronic security(ELSEC) certificate of certification of the multiple types such as IC-card certificate, TF card (or SD card) certificate, U shield digital certificates, close range wireless communication (NFC) digital certificates, radio frequency identification (RFID) digital certificates, process and be transmitted to the POS security certification system and carry out safety certification.In this process, central processing unit 200 receives and responds the instruction of POS security certification system, requirement according to related procedure receives user IC chip card information and the multiple types electronic security(ELSEC) certificate of certification information that external certificate information harvester 209 collects, and is transmitted to the POS security certification system after processing and carries out authenticate device administrator and operator's user safety authentication.

Information partition management and top control module 210, be used for resolving and extracting relevant information with the cipher mode partitioned storage and with manner of decryption according to information classification, and it carried out to respective handling.Described information and processing module comprise: POS digital certificates safety certification device user right registration information, POS digital certificates safety certification device subscriber authorisation secure authenticated information, digital certificates technical parameter table information, the POS of trade company register name, the POS operating personnel of trade company list, trust the POS of trade company apparatus characteristic log-on message, the POS of trade company satnav characteristic information, the customization of transmission information form, information element splits analytical algorithm automatically, information element automatic packaging packing algorithm, Quick Response Code multimedia message Processing Algorithm, the less radio-frequency messaging software, nearly short-distance wireless communication software, the information such as user's input feature vector information, user's input feature vector information table, master control menu modular program module, the hardware setting functional program module, user function changeover program module, button Trigger Function program module, the communication interface functional program module, satellite positioning information handler module etc.After information partition management and top control module 210 reception central processing unit 200 instructions and information are processed, the feedback processing result feeds back to relevant information and processes request parts or device after further processing to central processing unit 200.

Information-communication device 211, receive the external data exchange message for authenticate device, carry out being transmitted to other device of POS security certification system or server after information processing, realize security information communication and data information exchange between POS digital certificates safety certification device and other device of POS security certification system or associated server.Under the control commander of central processing unit 200, at information partition management and top control module 210, information identification passage security control device 212, under the coordinated of scene evidence taking and Quick Response Code fetch interface device 206 and satellite positioning information processing module 213, receive authenticate device exterior orientation exchanges data information and other relevant information, after carrying out relevant treatment, send to other device of POS security certification system or associated server, and directional data exchange message and other relevant information of reception POS other device of security certification system or associated server, after carrying out relevant treatment, POS digital certificates safety certification device and even trade company's application server are submitted in forwarding.Its communication modes is automatically selected according to the difference of passage, comprises that USB, close range wireless communication (NFC), ultrahigh frequency radio frequency identification communication (RFID), the multiple spot of transmission range in tens meters scopes send single-point and receive wireless transmission method, wireless remote IP etc.

When information-communication device 211 is operated in the safety certification pattern, receives central processing unit 200 and forward the secure authenticated information of coming, after being processed, be transmitted to financial intermediary's mobile-phone payment front end processor, be transmitted to the financial POS Service Process Server after being processed by this front end processor format again and carry out safety certification, the financial POS Service Process Server carries out the safety certification processing and the former road of authentication result is fed back to financial intermediary's mobile-phone payment front end processor and even central processing unit 200 is processed, and further feeds back to information-communication device 211 again, after this information-communication device 211 receives the financial POS Service Process Server Security Authentication Service response result that these front end processors send and has authenticate device satnav geography information stamp and the color breath transmission of the Quick Response Code electronic license book of timeliness stamp and financial payment clearing safety verification relevant information, and call satellite positioning information processing module 213, information partition management and top control module 210, passage unlatching and locking and coupled system and the safety certification of message exchange peace control module 212 and safeguard that treating apparatus is opened the multimedia message sendaisle or after locking processes, forward the relevant treatment result and feed back to scene evidence taking and Quick Response Code fetch interface device 206 or touch control display apparatus 207, if voice messaging sends to Microspeaker to complete voice suggestion by scene evidence taking and Quick Response Code fetch interface device 206, if demonstration information completes directed the demonstration by touch control display apparatus 207.

When information-communication device 211 is operated in the upgrade maintenance pattern, for POS digital certificates safety certification device and financial intermediary's mobile-phone payment front end processor are set up the service of Wireless IP network connecting communication automatically, realize automatically downloading upgrading application deployment system patch and other data message that need to be exchanged, and it is encrypted to partitioned storage.

Information-communication device 211 is operated in while paying operation information data switch mode, trade company's digital certificates safety certification success, POS digital certificates safety certification device upgrade maintenance and the secure authenticated channel locking of giving orders, the service of Wireless IP network connecting communication is closed automatically, the unlatching and other passage is given orders.In addition, the multimedia message communication module of Quick Response Code multimedia message dispensing device and each self-assembly different service providers of Quick Response Code multimedia message receiving trap in the present embodiment, implementation information intersection coordinating transmissions, can avoid the information that important key message may cause with net transmission to kidnap, distort and information-leakage.In this process, information-communication device 211 is according to target and the source of the instruction automatic identification information transmission of central processing unit 200, suitable passage is selected in regulation and control, realizes bidirectional safe information communication and data information exchange between POS digital certificates safety certification device and other device of POS security certification system or server.

Information identification passage security control device 212, for carrying out security customization and management and control to information exchanging channel under information partition management and top control module 210 assistance.Comprise following auxiliary equipment: at least one Quick Response Code multimedia message receiving trap 212a, at least one Quick Response Code multimedia message dispensing device 212b, passage is opened and locking and coupled system 212c, safety certification and safeguard treating apparatus 212d, information storage and administration module 212e.Each auxiliary equipment all is connected with information identification passage security control device 212, and identify between passage security control device 212 and other auxiliary equipment and carry out message exchange by information, perhaps with central processing unit 200, carry out message exchange, so the transfer by central processing unit 200 realizes and other device of POS security certification system or associated server between carry out bidirectional safe information communication and data information exchange.Quick Response Code multimedia message receiving trap 212a, the payment operation information data exchange result of sending for receiving financial intermediary's mobile-phone payment front end processor, or color breath of Quick Response Code with authenticate device satnav geography information stamp and timeliness stamp and financial payment clearing safety verification relevant information that reception financial intermediary mobile-phone payment front end processor is sent sends the electronic license book, giving orders to control to make only has safety certification to pass through, held the electronic license book, the Quick Response Code multimedia message sendaisle of authenticate device could send data message, implements to pay the exchange of operation information data, Quick Response Code multimedia message dispensing device 212b, pay related data information for to financial intermediary's mobile-phone payment front end processor, sending the client, passage is opened and locking and coupled system 212c, be used for according to the channel security authentication result, give orders and control united opening or the locking of relevant information passage, if channel security authentication success, the locking authenticate device of giving orders arranges to be safeguarded and secure authenticated channel, give orders and open authenticate device and the audio-visual evidence obtaining of curstomer`s site and client's mobile-phone payment 2 D code information collection interchange channel, 2 D code information interchange channel between authenticate device and financial intermediary's mobile-phone payment front end processor, exchanges data information channel between trade company's application server and authenticate device, identify and implement passage regulation and control and shunting transmission by information source, avoiding information to kidnap distorts, otherwise, keep each passage default conditions, and safety certification repeatedly not by the time locking authenticate device of giving orders arrange and safeguard and secure authenticated channel, send the warning messages such as cell phone multimedia message by financial intermediary's mobile-phone payment front end processor to trade company or the personnel of financial institution in time, safety certification and safeguard treating apparatus 212d, provide the environmental facility technical support for carrying out authenticate device satellite positioning information rationality safety certification and application system upgrade maintenance.Register the value of the information source recognition feature parameter of setting according to the personnel of financial institution in the authenticate device erecting stage in the POS security certification system, trigger the relevant apparatus module and carry out automatically gathering and generating and be uploaded to the POS security certification system; When authenticate device safety certification and device maintenance license safety check, central processing unit 200 generates according to engagement arithmetic and rule the corresponding response message that comprises the information such as authenticate device satnav characteristic information, condition code, register name, be transmitted to the financial POS Service Process Server after sending to financial intermediary's mobile-phone payment front end processor further to process, carry out authenticate device safety certification and authenticate device and safeguard the license authentication.If authenticate device upgrade maintenance license safety check is successfully passed through, call the relative program module and complete the maintenance process such as authenticate device application patch upgrading, implement the relevant treatment such as patch automatic deployment, complete upgrade maintenance; If the authenticate device safety certification is successfully passed through, the financial POS Service Process Server sends the color breath transmission of a Quick Response Code electronic license book with authenticate device satnav geography information stamp and timeliness stamp and financial payment clearing safety verification relevant information to the Quick Response Code multimedia message receiving cable of authenticate device feedback, and then completes authenticate device and register.Otherwise, the unsuccessful information of feedback authentication, and send the warning messages such as cell phone multimedia message by financial intermediary's mobile-phone payment front end processor to trade company or the personnel of financial institution in time; Information storage and administration module 212e, be used to the message exchange security control device to provide message buffer storage and necessary format to process.

Satellite positioning information processing module 213, for automatically gathering and generating the authenticate device satellite positioning information, send to the device and the module that need these information, for relevant apparatus and module provide the information support.When the safety certification characteristic parameter arranges registration, on the one hand the value of the POS of each trade company satellite positioning information apparatus characteristic parameter arranged to location registration process, because of the POS of the trade company scene evidence taking supporting with it and Quick Response Code reading device geographic position identical, therefore normal conditions will be registered as the POS of trade company satnav geographical location information with the supporting scene evidence taking of the POS of each trade company and the satellite positioning information of Quick Response Code reading device, automatically gather and generate on the other hand the satellite positioning information of authenticate device self, and it is passed to other device of authenticate device and module completes the relevant registration of authenticate device at the POS security certification system, simultaneously, when the authenticate device safety certification, automatically gather and generate the satellite positioning information of authenticate device self, and it is passed to financial intermediary's mobile-phone payment front end processor and the financial POS Service Process Server carries out satellite positioning information rationality safety certification, if safety certification is passed through, and the current satnav geographic position of authenticate device is within deviation range that its early stage, registered location allowed, by Quick Response Code multimedia message passage, send the color breath of Quick Response Code with authenticate device location geography information stamp and timeliness stamp and financial payment clearing safety verification relevant information and send the electronic license book, when paying the exchange of operation information data, on the one hand the value of the POS of trade company satellite positioning information apparatus characteristic parameter being carried out to automatically resolve identification and access checks, mobile phone satnav geography information stamp relevant information in the multimedia message of the opposing party's facing customers mobile phone two-dimension code is checked, whether checking is the payment of client's there and then, if the POS of trade company satellite positioning information rationally and be the believable equipment of registering, and Quick Response Code multimedia message passage has received that information sends the electronic license book, simultaneously, through the POS security certification system, authentication is the payment behavior of client's there and then, send to financial intermediary's mobile-phone payment front end processor after payment information being ressembled to processing, and after being processed, it until the financial POS Service Process Server is submitted in forwarding, carries out the business Account Disposal, otherwise, the POS of trade company satellite positioning information apparatus characteristic Safety Examination does not pass through, the information of automatically it being sent is rejected, and this equipment is piped off, simultaneously, send the warnings such as multimedia message to financial personnel and with the authenticate device keeper of trade company mobile phone, after this feedback processing result is to authenticate device.

Power supply and battery charger 214, be responsible for the charging of authenticate device power supply and battery thereof, shares this power supply with making safe and stable arrangement on all POS of being integrated in digital certificates safety certification devices.

As shown in Figure 3, POS security certification system structural representation for the utility model embodiment, as shown in the figure, this system comprises: POS digital certificates safety certification device 301, biological characteristic entrance guard device 302, financial intermediary's mobile-phone payment front end processor 303, financial POS business information processing server 304, trade company's application server 305, the POS of trade company device 306, scene evidence taking and Quick Response Code reading device 307 and client's mobile phone 308.The POS306 of trade company is connected by the USB passage with its supporting scene evidence taking and Quick Response Code reading device 307, a plurality of POS306 of trade company and scene evidence taking and Quick Response Code reading device 307 for its supporting trade company, at least one biological characteristic entrance guard device 302, be connected with trade company application server 305 by trade company's application network; Trade company's application server 305 with POS digital certificates safety certification device 301(hereinafter to be referred as authenticate device 301) by serial ports or USB passage, be communicated with; With scene evidence taking and Quick Response Code reading device 307, by transmission range, the multiple spot in tens meters scopes sends single-point and receives the near field wireless transfer channel at least one client, or wired IP network, or be connected with authenticate device 301 by ultrahigh frequency radio frequency recognition technology transfer mode, complete client's mobile phone two-dimension code and read and pay on-the-spot audio-visual evidence obtaining.Authenticate device 301 is operated in while paying operation information data switch mode, by Quick Response Code multimedia message passage with at least one mobile-phone payment front end processor 303(of financial intermediary hereinafter to be referred as front end processor 303) be connected, front end processor 303 is connected with financial POS business information processing server (hereinafter to be referred as server 304) by financial Intranet again, thereby completed authenticate device 301, with the final of server 304, is connected or connection; When authenticate device 301 is operated in safety certification and upgrade maintenance pattern, by long distance wireless, access private network and fire wall is connected with at least one front end processor 303; At least one front end processor 303 is connected with server 307 by financial Intranet; Trade company's application network can be wired or wireless network, long distance wireless access private network is the wide area wireless network that the radio communication service business provides, can be also broadband network or private line access, the finance Intranet can be wide area or LAN (Local Area Network), for between each device of POS security certification system, providing network interconnection communication, the near field network can be that short-range wireless networks can be also cable network.Client's mobile phone carries out information interaction by multimedia message net and front end processor 303.

The utility model is the POS digital certificates safety certification device 301 in embodiment, and Main Function comprises:

One, provide the two dimension code reading function, the Quick Response Code with scene evidence taking and the current satnav geographical location information stamp of Quick Response Code reading device and timeliness stamp and financial payment clearing safety verification relevant information that can identify on client's mobile phone screen pays the electronic license book, for the client realizes providing digital certificates to confirm to support in the on-the-spot there and then mobile phone secure payment of shopping;

Two, set up POS digital certificates safety certification device separate and isolation the payment data exchange message passage between 2 D code information interchange channel, trade company's application server and the POS digital certificates safety certification device between maintenance and secure authenticated channel, POS digital certificates safety certification device and scene evidence taking and Quick Response Code reading device information exchanging channel, POS digital certificates safety certification device and financial intermediary's mobile-phone payment front end processor is set, identify and implement passage regulation and control and shunting transmission by information source, the information that effectively prevents is kidnapped and malicious attack;

Three, by the client being paid to the biometric secures checkings such as on-the-spot audio-visual evidence obtaining and head portrait identification, fingerprint recognition, speech recognition, realize to the payment pronucleus of the true legitimacy of mobile phone possessor to identify and pay after check;

Four, for the safety certification characteristic parameter arranges location registration process, safety certification, upgrade maintenance, payment operation information data exchange correlation mobile-phone payment mode of operation provides technical support.

POS digital certificates safety certification device 301 receives trade company's application server 305 or scene evidence taking and Quick Response Code reading device 307 and forwards the relevant information of coming, after carrying out information safety filtrating management and control and format processing, select the suitable information channel of regulation and control to be transmitted at least one front end processor 303 of POS security certification system, front end processor 303 is transmitted at least one server 307 after being processed again, the traffic information services processing is carried out in server 307 respond services requests, and select suitable path and passage to feed back to authenticate device 301 result, after authenticate device 301 is processed again, select again the payment data exchange message passage between trade company's application server and POS digital certificates safety certification device, feed back to trade company's application server 305 and the POS of other trade company.

When POS digital certificates safety certification device 301 is operated in safety certification or maintenance upgrade pattern, obtain user safety authentication and maintenance upgrade relevant information, after being processed, be transmitted to front end processor 303, then carry out safety certification and maintenance upgrade by after front end processor 303 format processing, being transmitted to reason server 307; Server 307 response safety certification and maintenance upgrade requests, launch safety certification and the maintenance upgrade response is processed.If maintenance upgrade safety certification success, automatic deployment upgrade application patch and other data message that need to be exchanged are in authenticate device 301, after finishing dealing with, safety certification and maintenance upgrade result are fed back to front end processor 303 according to former road and format processing, further feed back to again authenticate device 301.If pay the operation safety authentication success, completing authenticate device registers, issue the two-dimensional code electronic license passport with the current satnav geography information stamp of authenticate device and timeliness stamp and financial payment clearing safety verification relevant information to authenticate device 301 simultaneously, passage, the multimedia message passage sending function that carries out message exchange between authenticate device and the trade company's application server unlatching of giving orders, the locking and authenticate device safety certification and upgrade maintenance passage are given orders, and the service of Wireless IP network connecting communication is also closed automatically.If safety certification is unsuccessful, safety certification repeatedly not by the time transmit orders relevant apparatus locking safety certification and upgrade maintenance passage, and in time by trade company or the personnel of financial institution, sending the warning messages such as cell phone multimedia message.

When POS digital certificates safety certification device 301 is operated in while paying operation information data switch mode, POS digital certificates safety certification device 301 obtains trade company's application server 305 and forwards relevant information that the biological characteristic entrance guard device 302 that comes and the POS of trade company collect and the relevant information of scene evidence taking and Quick Response Code reading device 307.At first, carry out the authentication of the POS of trade company user biological Characteristic Contrast, if biological characteristic entrance guard device 302 collection in worksite to the user biological characteristic information in authenticate device 301 registration, the POS of trade company user safety authentication success, and there is the scene evidence taking of having assigned and Quick Response Code reading device 307 and the POS of trade company satnav geography information stamp by authenticate device to the granting of the POS operating personnel of trade company mobile phone, the timeliness stamp, the POS of trade company title, trade company's application system login user title, the dynamic login password of trade company's application system user (asu), trade company's application system access two-dimensional code electronic certificate of the safety verification relevant informations such as the POS operating personnel of trade company phone number, and the POS of trade company networking IP address note, realize that in this way the POS operating personnel of trade company login trade company's level electronic authorization of trade company's application system, operated the identification authentication of people and mobile phone by real name.Secondly, the POS operating personnel of trade company, according to the content of the POS of the trade company networking IP address note network settings that networked, make the POS of trade company and trade company's application server formally realize network-in-dialing.Then, trade company's scene evidence taking and Quick Response Code reading device 307 obtain the trade company's application system access two-dimensional code electronic certificate on the POS operating personnel of trade company mobile phone, are transmitted to trade company's application server and carry out the parsing of two-dimensional code electronic certificate and merchant equipment feature safety certification.If the merchant equipment that the POS operating personnel of trade company use is registration in authenticate device 301 really, authentication success, merchant equipment completes mutatis mutandis the registering in authenticate device 301.Simultaneously, if the satnav geography information of trade company's scene evidence taking and Quick Response Code reading device 307 is registration in authenticate device 301 really, and the geographic position of current scene evidence taking and Quick Response Code reading device 307 is also really in rational position, authentication success, scene evidence taking and Quick Response Code reading device 307 also can complete mutatis mutandis the registering in authenticate device 301, and trade company's application server 305 utilizes two-dimensional code electronic certificate analysis result information automatically to complete the login of the POS operating personnel of trade company in trade company's application system.If equipment can not complete mutatis mutandis registering, relevant device can not carry out message exchange with authenticate device 301, has so just realized the maltilevel security authentication of digital certificates, people, machine (equipment), system.Again, carry out application message data interchange format and content characteristic authentication, if all authentications of front are passed through, carry out the processing such as information encryption, then send to front end processor 303 by the multimedia message sendaisle, be transmitted to server 307 after being decrypted and formaing processing by it again, the business Account Disposal is carried out in server 307 respond services requests, and then processing result information is fed back to front end processor 303, after front end processor 303 format encryptions, feed back to authenticate device 301 by the multimedia message receiving cable, authenticate device 301 carries out after decrypts information etc. processes, finally feed back to trade company's application server 305 and the POS of trade company.If safety certification is unsuccessful, safety certification repeatedly by the time, instruction locking safety certification and upgrade maintenance passage, and send the warning messages such as cell phone multimedia message to trade company's webmaster or financial personnel in time.

Biological characteristic entrance guard device 302 in the utility model embodiment, be used for obtaining the POS of trade company operation user's (attendant of trade company) biological characteristic, be transmitted to trade company's application server 305 and authenticate device 301 after completing necessary processing, implement user's safety certification and mandate, and the Certificate Authority result is fed back to the user by multimedia message.Biological characteristic can be fingerprint or finger vena information, even can comprise the finger temperature information that SMD intelligent temperature sensor collects, and can certainly be the biological characteristic that the head portrait, voice, nethike embrane, iris etc. of registered in advance authorized user easily extract, so that trade company's application server 305 and authenticate device 301 are achieved as follows function jointly accordingly: the one, according to the gate inhibition management apparatus of the biological characteristic authentication output control of trade company's application server 305 commander biological characteristic entrance guard device 302, automatically carry out the unlatching of electric linkage protective door or close, to control, whether allowing the staff of this trade company to enter trade company's application service zone, the 2nd, trade company's application server 305 and authenticate device 301 are jointly according to biological characteristic authentication result and predefined licensing scheme, automatically detect and determine whether that the permission attendant of this trade company operates the POS306 of trade company equipment, if allow it to carry out 306 operations of the POS of trade company equipment, for it, distribute the exercisable POS of a trade company equipment 306 and attached scene evidence taking and Quick Response Code reading device 307 thereof, and by trade company's application system access two-dimensional code electronic certificate of the effective restriction of authenticate device 301 transmission, and the POS of trade company networking IP address multimedia message, realize that in this way the POS operating personnel of trade company login trade company's level electronic authorization of trade company's application system, operate and realized digital certificates by real name, the people, machine (equipment), the maltilevel security authentication of system.

Front end processor 303, can be multiple servers or PC, it can be also the part-time front server of comprehensive multinomial identity function, be mainly used in having set up the bridge of services request and service response between server 307 and authenticate device 301 and carry out information processing and transfer, thering is the functions such as multimedia message transmitting-receiving processing, service request information transfer, audio and video information processing.Front end processor 303 receives and forwards the business service request relevant information that authenticate device 301 is issued server 307, format is transmitted to server 307 after processing, and receive the service request response result message that described at least one server 307 sends, and after the service response processing result information that described at least one server 307 is sent format, feedback is forwarded to the authenticate device 301 that sends business service request related news, thereby erected the information bridge of services request and service response between server 307 and authenticate device 301, complete its information bidirectional and reach alternately format processing and transmitting-receiving transfer.Simultaneously, also can completion service device 307 relevant feedback and the tasks such as voice and video information conversion generations of information, and voice suggestion and voice reading information are fed back and sent authenticate device 301 to.

Financial POS business information processing server 307, be used for providing safety certification and information service response to process and information support for the POS digital certificates safety certification device 301 of POS security certification system, is core and the maincenter of POS security certification system.With database mode centralized management and the various information data table such as storage, disposal system trip information table, digital certificates correlation technique parameter list, authenticate device satellite positioning information feature Registry, user's input feature vector information table, user profile tables of data, business datum table, transmission information form customized information table of classifying.Certainly, also to store the correlation function program module, and realize its function under the support of relevant information processing supporter.Forward for receiving front end processor 303 the service request information of coming, according to different services request, carry out appropriate service response and information processing, and formation service response result message, feed back to front end processor 303, feed back to authenticate device 301 again after format is processed, complete safety certification and POS business processing.

Trade company's application server 305, can be multiple servers or PC, be mainly used in trade company's level information processing and service, do not belong to the utility model content, the POS of trade company associated safety authentication information and the supports of business processing relevant information such as the POS of trade company apparatus characteristic, the POS user of service of trade company feature only are provided for the utility model authenticate device 301.Obtain the POS of trade company, biological characteristic entrance guard device 302 relevant informations are transmitted to authenticate device 301 after being processed, or receive after authenticate device 301 relevant informations are processed and are transmitted to authenticate device 301, are transmitted to the POS of trade company, biological characteristic entrance guard device.

The POS306 of trade company, can be commercial POS equipment or other trade company customization relevant device, there is merchandising information networking propagation function, be mainly used in information acquisition and the forwardings such as trade company's merchandise sales application, do not belong to the utility model content, only coordinate trade company's application server 305 jointly to gather and provide the POS of trade company associated safety authentication information and merchandising and the related service process informations such as the POS of trade company satellite positioning information, the POS user of service of trade company feature for the utility model authenticate device 301.

Be illustrated in figure 4 the structured flowchart of the utility model scene evidence taking and Quick Response Code reading device 307, its building block mainly comprises: master control device 3071, authenticate device network communication interface unit 3072, audio-visual evidence obtaining and data processing unit 3073, Quick Response Code reading unit 3074, satnav geography information generation unit 3075, data buffer storage and processing unit 3076, power supply and hardware supported unit 3077.

A plurality of scene evidence takings and Quick Response Code reading device 307 carry out network with authenticate device or trade company's application network and are connected, be mainly used in: one, gather the on-the-spot audio and video information of client's mobile-phone payment and realize evidence obtaining, and be that its generation mark satnav geography information are stabbed, timestamp automatically, realize that with control there and then pays, and provides first-hand direct audio-visual evidence for paying rear inspection simultaneously; Two, read client's mobile phone two-dimension code and pass to authenticate device and resolve identification, for authentication, differentiate and mobile phone holder's the whether legal positive evidence that provides of identity realize client's there and then secure payment certificate validation; Three, read the trade company's application system access two-dimensional code electronic certificate on the operating personnel of trade company mobile phone, pass to trade company's application server and resolve identification, with control, realize trade company's application system secure log, complete trade company's level Lawful access mandate; Gather the client and pay on-the-spot audio and video information, 2 D code information, and pass to together merchant server 305 and authenticate device 301 with information such as the satnav geography information stamp automatically generated, timestamps, be transmitted to front end processor 303 and server 307 by authenticate device 301 again, server 307 is processed Hou Anyuan road feedback processing result to authenticate device 301 persons such as service request such as information processing such as grade.

Master control device 3071 is connected with other parts information of carrying out respectively and message center is controlled, and power supply and hardware supported unit 3077 provide power supply and hardware support for all parts.Master control device 3071 is control center and brains of device, directly control data communication and the information interaction between scene evidence taking and Quick Response Code reading device 307 and authenticate device, simultaneously, also directly control data communication and the information interaction between scene evidence taking and inner each parts of Quick Response Code reading device 307; Authenticate device network communication interface unit 3072, be mainly used to realization and be connected with the network between authenticate device, and implementation data communication and information interaction, and network is wired also available wireless; Audio-visual evidence obtaining and data processing unit 3073, be used for gathering and processing the client and pay on-the-spot audio and video information, as paying on-the-spot evidence, prevents from paying and deny; Quick Response Code reading unit 3074, be used for reading mobile phone two-dimension code, then pass to merchant server or authenticate device and resolve identification, trade company's level application Quick Response Code is resolved by merchant server, and finance level Client application Quick Response Code is responsible for being resolved by authenticate device 301; Satnav geography information generation unit 3075, the main satnav geography information of being responsible for automatically generating there and then scene evidence taking and Quick Response Code reading device 307, pass to authenticate device 301 and carry out subsequent analysis judgement and safety inspection, prevent that scene evidence taking and Quick Response Code reading device from illegally accessing; Data buffer storage and processing unit 3076, be used for assisting the master control device to call other unit and implement the related data information processing, touch screen implemented to control and carry out with it message exchange simultaneously; Power supply and hardware supported unit 3077, be used for providing power supply for each parts, and support for the realization of each Elementary Function provides hardware carrier.When authenticate device 301 is operated in payment operation information data switch mode, obtain trade company's application server 305 and forward relevant information that the biological characteristic entrance guard device that comes and the POS of trade company collect and the relevant information of scene evidence taking and Quick Response Code reading device 307, at first, carry out the authentication of the POS of trade company user biological Characteristic Contrast and trade company's level electronic authorization.Before the POS operating personnel of trade company enter trade company's POS service scene by the biological characteristic gate inhibition, first must on authenticate device, input the information such as biological characteristic (as fingerprint etc.), phone number and IC-card I.D., and then complete the POS operating personnel of the trade company relevant information registration of trade company's application system under the authenticate device keeper's of trade company authorization; When the POS operating personnel of trade company will enter the POS of trade company service scene by the biological characteristic gate inhibition, by the biological characteristic gate inhibition, the POS operating personnel of trade company are carried out to the biological characteristic safety check on the one hand, gate control system is controlled commander gate inhibition's actuating unit, automatically carry out the unlatching of electric linkage protective door or close, to control, whether allowing the POS operating personnel of this trade company to enter the on-the-spot zone of the POS of trade company service.If biological characteristic entrance guard device collection in worksite to the user biological characteristic information in authenticate device 301 registration, the POS of trade company user safety authentication success, trade company's application server User safety certification and Authorization result and predefined licensing scheme, automatically detect and determine whether that the permission personnel of this trade company operate the POS of trade company equipment, if allow it to carry out the POS of trade company equipment operating, for it, distribute the exercisable POS of a trade company equipment, and there is the scene evidence taking of having assigned and Quick Response Code reading device 307 and the POS of trade company satnav geography information stamp by authenticate device to the granting of the POS operating personnel of trade company mobile phone, the timeliness stamp, the POS of trade company title, trade company's application system login user title, the dynamic login password of trade company's application system user (asu), trade company's application system access two-dimensional code electronic certificate of the safety verification relevant informations such as the POS operating personnel of trade company phone number, and the POS of trade company title, scene evidence taking and Quick Response Code reading device title and the POS of trade company networking IP address note, realize that in this way the POS operating personnel of trade company login trade company's level electronic authorization of trade company's application system, operated the identification authentication of people and mobile phone by real name.Secondly, configuration POS parameter, realize network-in-dialing.The POS operating personnel of trade company arrive smoothly and specify the POS of trade company geographic location according to the POS of trade company title, trade company's application network system receives the POS operating personnel's of trade company input message, automatically according to the POS of the Content Implementation trade company networking network settings of the POS of trade company title and networking IP address note, make the POS of trade company and trade company's application server formally realize network-in-dialing; Again, facilities and equipments are registered, the login application system.

When the POS of trade company login trade company application system, trade company's application system access two-dimensional code electronic certificate that scene evidence taking and Quick Response Code reading device 307 gather on the POS operating personnel of trade company mobile phone screen, pass to the POS of trade company together with the audio-visual evidence obtaining and the Quick Response Code reading device satellite positioning information that automatically generate, and then, after carrying out the safety check pre-treatment, be transmitted to trade company's application server and carry out the parsing of two-dimensional code electronic certificate and merchant equipment feature safety certification; Trade company's application system login relevant information of the information such as trade company's application server parses Quick Response Code generating merchant POS operating personnel, and implement the POS operating personnel of trade company and login safety check, the POS of trade company satnav geography information register safety check and the aftertreatment thereof of the Quick Response Code relevant informations such as safety check, ageing safety check, trade company's application system login user and password safety check.If the merchant equipment that the POS operating personnel of trade company use is registration in authenticate device 301 really, authentication success, merchant equipment completes mutatis mutandis the registering in authenticate device 301.Simultaneously, if the satnav geography information of trade company's scene evidence taking and Quick Response Code reading device 307 is registration in authenticate device 301 really, and the geographic position of current scene evidence taking and Quick Response Code reading device 307 is also really in rational position, authentication success, scene evidence taking and Quick Response Code reading device 307 also can complete mutatis mutandis the registering in authenticate device 301, and trade company's application server 305 utilizes two-dimensional code electronic certificate analysis result information automatically to complete the login of the POS operating personnel of trade company in trade company's application system.If safety check is passed through, complete trade company's application system user (asu) login, the access that completes merchant equipment is registered, and prompting starts customer service and pays the exchange of operation information data; Otherwise, send miscue information or warning multimedia message, so just realized the maltilevel security authentication of digital certificates, people, machine (equipment), system, realized that the gate inhibition pacifies control, the mobile phone checking, the dynamic password granting, equipment is assigned automatically.Finally, on-the-spot certificate validation, complete mobile-phone payment.If financial scene evidence taking and Quick Response Code reading device 307, obtain client's Quick Response Code mobile-phone payment electronic license book and carry out the Quick Response Code parsing by the near field network delivery to authenticate device 301, implement order number, phone number, age information, the coupling of the information such as finance scene evidence taking and Quick Response Code reading device 307 satellite positioning informations is checked, then send accounting processing information to front end processor 303 by the multimedia message sendaisle, be transmitted to server 307 after being decrypted and formaing processing by it again, server carries out application message data interchange format and content characteristic authentication, and carry out service request response and the client pays Account Disposal, and then processing result information is fed back to front end processor 303, after front end processor 303 format encryptions, feed back to authenticate device 301 by the multimedia message receiving cable, authenticate device 301 carries out after decrypts information etc. processes, finally feed back to trade company's application server 305 and the POS of trade company.If the mobile-phone payment success, by authenticate device 301, to client and the POS operating personnel of trade company, feed back mobile-phone payment success voice and other information, and retention client's mobile-phone payment scene is audio-visual, so that the later stage is paid on-the-spot audio-visual inspection; Otherwise, delete its scene audio-visual, and feed back the unsuccessful voice of mobile-phone payment and information and other corresponding warning message by authenticate device 301 to client and the POS operating personnel of trade company.

Scene evidence taking of the present utility model and Quick Response Code reading device are a kind of micro device, easy to carry and use.Infrared high-definition camera 801, be used for absorbing field image or photo evidence and give over to payment and operation evidence; Built-in microphone 802, be used for collection site sound to give over to and pay or the operation evidence; Photoresistance 803, be used for sensing exterior light photograph degree information to master control device 701, in order to control night vision infrared lamp 804, provides light source while being used for collecting evidence for the night vision image; External loudspeaker 805, provide support for playing to prompting and the alarm sound feedback information of upper end equipment, but frames connecting with headphone or loudspeaker; Adjustable mirror circle 806, carry out lens focusing for the image evidence obtaining improves quality; Network interface 807, for scene evidence taking and Quick Response Code reading device provide the access hardware supported by the IP network physical connection POS of trade company equipment; USB interface 808, for scene evidence taking and Quick Response Code reading device provide hardware supported by USB interface physical connection authenticate device equipment; Removable antenna 809, for connecting antenna, for scene evidence taking and Quick Response Code reading device provide hardware supported by wireless mode interface physical connection authenticate device; Reset button 810, user's factory reset, can pin this switch more than 5 seconds when the operational factors such as the precision of need to being made a video recording as the user arrange, and comes into effect setting; Power interface 811, for connecting power supply DC5V adapter, for scene evidence taking and Quick Response Code reading device provide power supply; Power switch 812, be used for the switch of hand-guided scene evidence taking and Quick Response Code reading device power supply, advances its use of two controls; Touch screen 813, be used for carrying out scene evidence taking and the operational factor setting of Quick Response Code reading device or state and information and show.

In concrete enforcement, scene evidence taking of the present utility model and Quick Response Code reading device are a kind of micro device, easy to carry and use.Have as lower component:

Infrared high-definition camera, be used for absorbing field image or photo evidence and give over to payment and operation evidence; Built-in microphone, be used for collection site sound to give over to and pay or the operation evidence; Photoresistance, be used for sensing exterior light photograph degree information to the master control device, in order to control the night vision infrared lamp, provides light source while being used for collecting evidence for the night vision image; External loudspeaker, provide support for playing to prompting and the alarm sound feedback information of upper end equipment, but frames connecting with headphone or loudspeaker; The adjustable mirror circle, carry out lens focusing for the image evidence obtaining improves quality; Network interface, for scene evidence taking and Quick Response Code reading device provide the access hardware supported by the IP network physical connection POS of trade company equipment; USB interface, for scene evidence taking and Quick Response Code reading device provide hardware supported by USB interface physical connection authenticate device equipment; Removable antenna, for connecting antenna, for scene evidence taking and Quick Response Code reading device provide hardware supported by wireless mode interface physical connection authenticate device; Reset button, user's factory reset, can pin this switch more than 5 seconds when the operational factors such as the precision of need to being made a video recording as the user arrange, and comes into effect setting; Power interface, for connecting power supply DC5V adapter, for scene evidence taking and Quick Response Code reading device provide power supply; Power switch, be used for the switch of hand-guided scene evidence taking and Quick Response Code reading device power supply, advances its use of two controls; Touch screen, be used for carrying out scene evidence taking and the operational factor setting of Quick Response Code reading device or state and information and show.

Client's mobile phone 308, be used for sending client's payment request information and secure authenticated information to front end processor 303 and even server 307 by the multimedia message mobile network, completes the safety of payment authentication; Then, when the safety of payment authentication success, then the Quick Response Code mobile-phone payment electronic license book that sends of reception server 307, it is obtained by scene evidence taking and Quick Response Code reading device 307, thereby complete client's payment affirmation, realize client's there and then mobile phone secure payment.This mobile phone, with physical characteristics collecting functions such as client's fingerprint, voice, head portraits, has the function that automatic collection generates mobile phone there and then satellite positioning information simultaneously, and 3071 is reliable to guarantee client's safety of payment.

As shown in Figure 5, the structured flowchart for the financial intermediary's mobile-phone payment front end processor 303 in the utility model embodiment comprises: front end processor master control device 403, authenticate device interface 401, audio-visual evidence obtaining data processing unit 402, server interface 404, data storage and administrative unit 405.Front end processor master control device 403 is connected with authenticate device interface 401, audio-visual evidence obtaining data processing unit 402, server interface 404, data storage and administrative unit 405 respectively.Front end processor is mainly used in having set up the bridge of services request and service response between server 400 and authenticate device 100, receive safety certification and maintenance upgrade and the payment information of authenticate device 100, be transmitted to server 400 after the processing such as formaing, or the safety certification of reception server 400, maintenance upgrade, payment information and result feedback information are transmitted to authenticate device 100 after the processing such as being formatd.

Front end processor master control device 403, be used to the bi-directional exchanges of information between each member of front end processor format processing and coordinate control center, and the services request of authenticate device interface 401 is carried out being transmitted to server interface 404 after the Data Format Transform processing; Or contrary, front end processor master control device 403, after receiving server 400 processing result information that server interface 404 receives, it is carried out to format conversion processing, and then loopback is to authenticate device interface 401.

Authenticate device interface 401, for complete bidirectional information transmitting-receiving and the exchange of front end processor master control device 403 and authenticate device 100 according to the agreement prescribed form, be mainly used for providing format processing and information transmit-receive transfer for the multimedia message between authenticate device interface 401 and server 400 and network information exchange.Under the control of front end processor master control device 403, the relevant informations such as operational order, input message, multimedia message, Quick Response Code, safety certification, maintenance upgrade and payment that authenticate device interface 401 receives authenticate device 100 inputs or receives, store and administrative unit 405, audio-visual evidence obtaining data processing unit 402 is transmitted to server interface 404 after processing by data, then be transmitted to server 400 by server interface 404; Or service response result and the feedback information of server interface 404 reception servers 400, by data, store and after administrative unit 405, audio-visual evidence obtaining data processing unit 402 process, be transmitted to authenticate device interface 401, send to authenticate device 100 by authenticate device interface 401 again, erect the bridge of information bidirectional exchange between authenticate device 100 and server 400.The passage of its information transmission has two kinds, multimedia message and network, according to information, receives characteristics of objects and task character implements automatically to select switching.

Audio-visual evidence obtaining data processing unit 402, for receiving and dispatching the authentication storage device audio-visual safety certification of 100 client and evidence obtaining information, and effectively manage canned data.

Server interface 404, for completing bidirectional information transmitting-receiving and the exchange between front end processor master control device 403 and server 400 according to the agreement prescribed form.

Data buffer storage and switch processing unit 405, for receiving the instruction of front end processor master control device 403, support for relevant interface transceiving data and information provide data buffer storage and information management and processing to process.

Be illustrated in figure 6 the structured flowchart of the financial POS Service Process Server 304 in the utility model embodiment, comprise: the security feature parameter arranges location registration process unit 501, safety certification and maintenance upgrade unit 502, multimedia message processing unit 503, audio and video information administrative unit 504,2 D code information processing unit 505, satnav geography information discriminating unit 506, POS business account processing unit 507, data storage and administrative unit 508.Being used for processing and information support for the POS digital certificates safety certification device 100 of POS security certification system, financial intermediary's mobile-phone payment front end processor 300 etc. provide safety certification and information service response, is core and the maincenter of POS security certification system.

Financial POS Service Process Server 304 mainly completes following information processing services: the one, and call the security feature parameter and location registration process and correlation unit are set to authenticate device 301 operational factor tables, digital certificates technical parameter table, authenticate device satellite positioning information characteristic information table, user's input feature vector information table, user's characteristic information table (comprising the biological characteristic relevant information), the business datum table, the technical parameter table, safety certification policy information table, the information such as transmission information form customized information are registered default, the 2nd, call safety certification and maintenance upgrade unit the information such as digital certificates technical parameter, authenticate device satellite positioning information characteristic information, user's input feature vector information, user's characteristic information (comprising the biological characteristic relevant information), business datum, technical parameter, safety certification policy information, transmission information form customized information are carried out to safety certification and management and control, and according to authentication result, authenticate device 301 is provided and had the Quick Response Code multimedia message transmission electronic license book that the current satnav geography information stamp of authenticate device and timeliness stamp and financial payment are settled accounts the safety verification relevant information, and then authenticate device 301 is carried out to the passage management and control, or the adjusting function program module is carried out the maintenance processing such as application system upgrading to authenticate device 301, the 3rd, call POS security certification system multimedia message processing unit, POS business account processing unit, data storage and administrative unit the business processing request is carried out to the service response processing, and the feedback processing result, control with the audio alert multimedia message of associated user's mobile phone and authenticate device 301 mutual simultaneously, the 4th, according to operation flow, the interactive instruction that releases news, commander's correlation unit is worked in coordination with and is carried out information processing, the 5th, with database mode centralized management, classification storage, process the information such as various information data table and system operational parameters, authenticate device satellite positioning information characteristic information table, user's input feature vector information table, user's characteristic information table (comprising the biological characteristic relevant information), business datum table, technical parameter table, safety certification policy information table, transmission information form customized information, and correlation function program module running technology parameter etc.The financial POS Service Process Server receives front end processor 303 or server 305 forwards the traffic information services request message of coming, for different services request, call the relevant treatment unit and carry out appropriate service response and information processing, and formation service response result message, feed back to front end processor 303, after processing, format feeds back to authenticate device 301 or server 305 and the POS306 of trade company, completing user safety certification and business processing again.

The security feature parameter arranges location registration process unit 501, for to trade company's release information channel security authenticate device the time, according to trade company's feature and requirement, generating the secure authenticated information such as client's digital certificate, and call the security feature parameter and location registration process and correlation unit are set to authenticate device 301 operational factor tables, digital certificates technical parameter table, authenticate device satellite positioning information characteristic information table, user's input feature vector information table, user's characteristic information table (comprising the biological characteristic relevant information), the business datum table, the technical parameter table, safety certification policy information table, transmission information form customized information, the information such as mobile-phone payment relevant apparatus satellite positioning information are registered default.Converting thereof into ciphertext on the one hand is issued in the information channel safety certification device, be stored on the other hand the user's characteristic information tables of data of the data storage of server and management processing unit and authenticate device and register in the characteristic information tables of data, in order to login when the POS security certification system carries out safety certification and upgrade maintenance and carry out the maltilevel security authentication the user; Financial institution is when selling the information channel safety certification device to trade company, relevant registration presupposed information is obtained in this unit collection, according to safety certification mechanism, the generating ciphertext partitioned storage, in the storage medium in the information channel safety certification device, and is recorded in the data table related of the data storage of server 304 and administrative unit 508 simultaneously.

Safety certification and maintenance upgrade unit 502, carry out safety certification for calling data storage and 508 pairs of digital certificates technical parameters of administrative unit, authenticate device satellite positioning information characteristic information, user's characteristic information (comprising the biological characteristic relevant information), user's input feature vector information according to information such as authenticate device 301 operational factors, technical parameter, safety certification policy information, transmission information form customized informations; And according to the authentication result color breath transmission of the Quick Response Code electronic license book that 301 passage grantings have authenticate device satnav geography information stamp and timeliness stamp and financial payment clearing safety verification relevant information to authenticate device, and then authenticate device 301 is carried out to the passage management and control, or the adjusting function program module is carried out the maintenance processing such as application system upgrading to authenticate device 301.Safety certification and maintenance upgrade unit 502 receive the safety certification request information that front end processor 303 forwards the authenticate device 301 come, calling data storage and administrative unit 505, according to authenticate device 301 operational factors, technical parameter, authenticate device satellite positioning information characteristic information, user's characteristic information, the safety certification policy information, the information such as transmission information form customized information are carried out as IC-card certificate+password+fingerprint+authenticate device satellite positioning information feature the user, TF card (or SD card) certificate+password+head portrait photo+authenticate device satellite positioning information feature, the safety certification of U shield certificate+password+fingerprint+voice+modes such as authenticate device satellite positioning information feature, with this, guarantee to only have the accredited personnel to use the POS of trade company device and the mobile phone of appointment, hold legal digital certificates, input meets the information of my feature and has carried out meeting the operation of my role's authority, the related service of just having the right to process.Then, according to authentication result, complete suitable information processing, generate return message, feed back to front end processor 303.If safety certification is passed through, safety certification and maintenance upgrade unit 502 call multimedia message processing unit 503, and according to the authentication result color breath transmission of the Quick Response Code electronic license book that 301 passage grantings have authenticate device satnav geography information stamp and timeliness stamp and financial payment clearing safety verification relevant information to authenticate device, and then authenticate device 301 is carried out to the passage management and control, and start to carry out applied business information processing and safety certification processing; Or the adjusting function program module opens network IP and connect, authenticate device 301 is carried out to system upgrade etc. and safeguard that response processes.Otherwise the feedback information, allow the user to correct input message, processes until interrupt this safety certification, sends the warning messages such as cell phone multimedia message by front end processor 303 to trade company or the personnel of financial institution in time.

Multimedia message processing unit 503, process request for the applied business of calling data storage and 405 pairs of servers 305 of administrative unit and carry out the service response processing, and feedback result, controls with the voice multimedia-message-alarming of associated user's mobile phone and authenticate device 301 mutual simultaneously; Or calling data storage and administrative unit 505, safety certification and maintenance upgrade unit 502 in the situation that safety certification pass through, the color breath of Quick Response Code that has its satnav geography information stamp and timeliness stamp and financial payment clearing safety verification relevant information to authenticate device 301 passage grantings sends the electronic license book, and then authenticate device 301 completes the passage management and control accordingly.Service request information is processed in the multimedia message that reception server 305 forwardings come, and calling data storage and administrative unit 405 are carried out the service response processing to application business multimedia message processing solicited message, then result are fed back to server 305; Or when authenticate device 301 channel security authentications are passed through, send the color breath of Quick Response Code with authenticate device satnav geography information stamp and timeliness stamp and financial payment clearing safety verification relevant information to authenticate device 301 and send the electronic license book, giving orders to control to make only has safety certification to pass through, hold the multimedia message sendaisle of the information channel safety certification device of dynamic electron license passport and could send out receipts multimedia message data information, practiced the exchange of control that has of information data.

Audio and video information administrative unit 504, be mainly used to bear the management roles such as storage, scheduling, inspection of the on-the-spot audio and video information evidence obtaining of client's mobile-phone payment information, and audio-visual category information differentiates the service processing tasks such as application, for client's mobile phone secure payment provides support.

2 D code information processing unit 505, be mainly used to bear the management such as storage, scheduling of client's Quick Response Code mobile-phone payment electronic license book relevant information, and the service processing tasks such as the Quick Response Code category information is resolved, checking, transmission, generation making, for client's mobile phone secure payment provides support.Client's Quick Response Code mobile-phone payment electronic license book mainly comprises the information such as client's phone number, authenticate device satnav geography information, effective time, order number, the POS of trade company title, scene evidence taking and Quick Response Code reading device title, the operating personnel of trade company title, guarantees accurate association that order pays and safe and punctual.

Satnav geography information discriminating unit 506, be mainly used to bear the service processing tasks such as discriminating that authenticate device 301 related satellites are located geography information, for client's mobile phone there and then secure payment provides the information support.

POS business account processing unit 507, be mainly used to bear the business account information handling task of POS application message data.Reception server 305 forwards the application message data of coming and processes service request information, and calling data storage and administrative unit 508 are carried out POS business account service response to the application information data and processed, and then result are fed back to server 305; Whether the processing item: block expiredly, whether certificate is effectively, whether content is correct, whether feature meets, whether information format is correct etc. if having.

Data storage and administrative unit 508, be mainly used to manage concentratedly with database mode, the classification storage, process various system operational parameters, functional program module and associated electrical certificate technical parameter table, authenticate device satellite positioning information characteristic information table, user's input feature vector information table, user's characteristic information table (comprising the biological characteristic relevant information), the business datum table, the technical parameter table, safety certification policy information table, the information such as transmission information form customized information, for other unit provides the data message support, other unit all needs calling data storage and administrative unit 508 when completing information processing.

Be illustrated in figure 7 the process flow diagram of mobile-phone payment safety certifying method in the utility model enforcement, comprise following technical step:

Step S601: full dose customization registration, the progressive operation mandate, open mobile-phone payment, and payment cipher is set.First implement the Financial Information registration, the one, POS digital certificates safety certification device (calling authenticate device in the following text) obtains trade company's digital certificate when being issued to trade company, authenticate device satnav characteristic information, the digital certificates technical parameter, operational factor, user's input feature vector information, user's characteristic information (comprising the biological characteristic relevant information), the business datum table, the technical parameter table, mobile-phone payment safety certification policy information, the information such as transmission information form customized information, held the default registration of the various information that need at financial POS Service Process Server (calling server 400 in the following text), and store trade company's digital certificates into the ciphertext granting respectively according to its information ownership, in the Financial Information dedicated memory of authenticate device and the tables of data of financial POS Service Process Server, carry out safety certification in order to login the POS security certification system the authenticate device user, carry out the maltilevel security authentication when upgrade maintenance and mobile-phone payment.And carry out and carry out the progressive operation empowerment management, finance level upgrade maintenance function only authorizes the personnel of financial institution to be operated, and trade company's level arranges a registration authorized merchants managerial personnel and is operated, and so on; According to the principle of whose preservation of whose information, information interaction both sides' one side's log-on message true form, the opposing party is the feature of log-on message only, but some information needs both sides to preserve separately simultaneously, meets the needs of safety certification, meets again and prevents the requirement of divulging a secret.The 2nd, carry out the personnel of trade company authorization information and the POS of trade company facility registration, authenticate device obtains the POS of trade company user profile, the POS of trade company satellite positioning information, scene evidence taking and Quick Response Code reading device satellite positioning information, the personnel of the trade company authorization information such as biological information that biological characteristic entrance guard device and intelligent paste sensor collect, the POS of trade company facility registration information, scene evidence taking and Quick Response Code reading device log-on message, processing post-registration stores in the merchant information dedicated memory of authenticate device, with difference and system data dedicated memory and Financial Information dedicated memory, so that for realizing the real name operation, the dynamic password login, the information that the multiple authentication collection is enough, realize digital certificates, the people, machine (equipment), system, the authentication of the maltilevel securities such as satellite positioning information.The 3rd, the client will be in server 400 end registering mobile-phone payment business, reserved outlet is as biometric secure authentication informations such as photo, voice, fingerprints, default payment cipher, implement mobile-phone payment full dose information registering, in order to carry out biological characteristic and the checking of other full dose information security when paying, realize the mandate of mobile phone secure payment.

Step S602: single-point connects traffic, and selected safety check mode, install mutatis mutandis registering, passage authentication regulation and control.Authenticate device is connected by serial ports or USB line with the trade company application server, and with financial intermediary's mobile-phone payment front end processor (calling front end processor in the following text) by the multimedia message channel connection.Authenticate device is intermediary's control device that trade company's application server and server 400 carry out message exchange, safe and reliable for guaranteeing, trade company's application system is only opened financial intermediary's information transportation and controlled authenticate device, carries out the single-point traffic and connects.For preventing that authenticate device is illegally used, each legal authenticate device has the authenticate device digital certificates that server 400 is issued, and be stored in the system data dedicated memory, with the difference with the merchant information dedicated memory and with the Financial Information dedicated memory, simultaneously, the authentication informations such as its device name, feature, digital certificates must be registered in advance in server 400.The authentication that authenticate device is set according to the authenticate device keeper of trade company obtains the authenticate device operator of trade company associated safety authentication information, and sends it to front end processor and then be transmitted to server 400, sends the Security Authentication Service request.Authentication mode is for example: IC-card certificate+password+fingerprint+authenticate device satellite positioning information feature, TF card (or SD card) certificate+password+head portrait photo+authenticate device satellite positioning information feature, the mutatis mutandis authentication of safety of U shield certificate+password+voice+modes such as authenticate device satellite positioning information feature, guarantee with this input media and the certificate that only have the accredited personnel of trade company to use appointment, input meets the information and the operation of having carried out meeting my role-security, the relevant issues of just having the right to process of my feature.Then, the requests of server 400 response Security Authentication Service are carried out the safety certification response and are processed, and the safety certification result is fed back to front end processor according to former road format processing, then feed back to authenticate device.If the mutatis mutandis authentication success of authenticate device safety, complete that authenticate device is mutatis mutandis registers, server 400 is issued the Quick Response Code multimedia message with authenticate device satnav geography information stamp and timeliness stamp and financial payment clearing safety verification relevant information by front end processor to authenticate device and is sent the electronic license book, authenticate device receives this digital certificates, its associated inner system module is automatically resolved these digital certificates and is implemented accordingly the related channel program regulation and control, the passage that carries out message exchange between authenticate device and trade company's application server, the unlatching of giving orders of multimedia message passage sending function, the locking and POS digital certificates safety certification device safety certification and upgrade maintenance passage are given orders, and the service of Wireless IP network connecting communication is also closed automatically.So just make only have safety certification by and the multimedia message sendaisle of having held the authenticate device of dynamic electron license passport could send out and receive multimedia message data information, the controlled exchange of implementation information data.If safety certification is unsuccessful, safety certification repeatedly not by the time transmit orders authenticate device locking safety certification and upgrade maintenance passage, and send the warning messages such as cell phone multimedia message by front end processor to trade company or the personnel of financial institution in time, carry out the rehabilitation of some necessity simultaneously, interrupt or exit safety certification.If the success of maintenance upgrade safety certification, automatic deployment upgrade application patch and other data message that need to be exchanged are to authenticate device.Realized that single-point connects traffic, selected safety check mode, install mutatis mutandis registering, passage authentication regulation and control.

Step S603: biological gate inhibition pacifies control, the checking of user's access; Operating equipment is assigned, the login certificate granting.The biological characteristic entrance guard device obtains the biological information of trade company's traffic operation staffs such as the POS of trade company operation user (attendant of trade company) and authenticate device operating personnel, and send it to trade company's application server request and carry out user safety authentication and mandate, log-on message in trade company's application server invokes authentication device carries out the service request response processing, and its result is fed back to the biological characteristic entrance guard device by trade company's application network.At first, biological gate inhibition pacifies control, the checking of user's access.Whether gate control system is controlled commander gate inhibition's actuating unit, automatically carries out the unlatching of electric linkage protective door or closes, to control, allow the POS operating personnel of this trade company to enter the on-the-spot zone of the POS of trade company service.Biological characteristic entrance guard device collection in worksite to the user biological characteristic information in authenticate device 100 registration, the POS of trade company user safety authentication success, trade company's application server User safety certification and Authorization result and predefined licensing scheme, automatically detect and determine whether that the permission personnel of this trade company operate the POS of trade company equipment, if allow it to carry out the POS of trade company equipment operating, for it, distribute the exercisable POS of a trade company equipment, and there is the scene evidence taking of having assigned and Quick Response Code reading device 700 and the POS of trade company satnav geography information stamp by authenticate device to the granting of the POS operating personnel of trade company mobile phone, the timeliness stamp, the POS of trade company title, trade company's application system login user title, the dynamic login password of trade company's application system user (asu), trade company's application system access two-dimensional code electronic certificate of the safety verification relevant informations such as the POS operating personnel of trade company phone number, and the POS of trade company title, scene evidence taking and Quick Response Code reading device title and the POS of trade company networking IP address note, realize that in this way the POS operating personnel of trade company login trade company's level electronic authorization of trade company's application system, the real name mandate of completing user login trade company application system operation and the identification and associated confirmation of mobile phone.Secondly, the configuration network parameter, realize network-in-dialing.The POS operating personnel of trade company arrive smoothly and specify the POS of trade company geographic location according to the POS of trade company title, trade company's application network system receives the POS operating personnel's of trade company input message, automatically according to the POS of the Content Implementation trade company networking network settings of the POS of trade company title and networking IP address note, make the POS of trade company and trade company's application server formally realize network-in-dialing.Biological characteristic can be fingerprint or finger vena information, even can comprise the biological characteristic authentication informations such as finger temperature information that SMD intelligent temperature sensor collects, it can certainly be the biological characteristic that the head portrait, voice, nethike embrane, iris etc. of registered in advance authorized user easily extract, operate by real name the maltilevel security authentication that has realized digital certificates, people, machine (equipment), system, passage like this, realized that biological gate inhibition pacifies control, the checking of user's access; Operating equipment is assigned, the login certificate granting.

Step S604: read the mobile phone certificate, implement the feature safety check, the login commerce system, POS equipment is registered.When the POS of trade company login trade company application system, trade company's application system access two-dimensional code electronic certificate that scene evidence taking and Quick Response Code reading device 700 gather on the POS operating personnel of trade company mobile phone screen, pass to the POS of trade company together with the audio-visual evidence obtaining and the Quick Response Code reading device satnav characteristic information that automatically generate, after carrying out the safety check pre-treatment, be transmitted to trade company's application server and carry out the parsing of two-dimensional code electronic certificate and merchant equipment feature safety certification; The information such as trade company's application server parses Quick Response Code, trade company's application system login relevant information of generating merchant POS operating personnel, and implement safety check and the aftertreatment thereof that the POS operating personnel of trade company login the Quick Response Code relevant informations such as safety check, the safety check of the POS of trade company satnav geography information, ageing safety check, trade company's application system login user and password safety check.If the merchant equipment that the POS operating personnel of trade company use is registration in authenticate device 100 really, and the geographic position of current trade company scene evidence taking and Quick Response Code reading device 700 is also really in the there and then rational position, user cipher is all correct, authentication success, complete the mutatis mutandis of merchant equipment and register.Trade company's application server 500 utilizes two-dimensional code electronic certificate analysis result information automatically to complete the login of the POS operating personnel of trade company in trade company's application system, and prompting starts customer service and pays the exchange of operation information data; Otherwise, send miscue information or warning multimedia message, otherwise transmission illegal invasion or the POS of trade company illegally accessing warning message, logging off users, pipe off the POS of this trade company.So just realize the maltilevel security authentication of digital certificates, people, machine (equipment), system, thereby completed, read the mobile phone certificate, implemented the feature safety check, the login commerce system, POS equipment is registered, and has prevented the illegal access of merchant equipment and has illegally used operation.

Step S605: the manifest of automatically gathering and editing, the statistics consumption amount of money; Send and pay application, issue payment certificate.The POS of trade company acquisition scans merchandise news produces the order inventory, obtain client's mobile phone with payment function number and automatically add up to generate and comprise the account payment order of consuming amount information, and then be transmitted to authenticate device by trade company's application server, authenticate device is transmitted to front end processor in the multimedia message mode again, front end processor is transmitted to server 400 by Intranet again, announcement server 400 these client's mobile phones are just being attempted this number order is implemented to on-the-spot mobile-phone payment, and special application is provided Quick Response Code mobile-phone payment electronic license book for it, then, client's cell phone system obtains client's biological characteristic and pays the application voice, or payment application fingerprint, or payment application head portrait, and mobile-phone payment password, the current satellite positioning information of mobile phone, it is paid to the application multimedia message and send to front end processor, be transmitted to again server 400 after formaing processing, server 400 correlation units carry out the service request response processing, to current client's mobile phone with payment function holder's biological characteristic whether with the POS security certification system in this mobile telephone registration person's the consistance of biological characteristic verified, examine and judge that whether mobile phone is in stolen, falsely use state, carry out the cell phone apparatus safety check.If being the registered client, client's mobile phone holds, pay application legal, effectively, safety, server 400 has scene evidence taking and Quick Response Code reading device satnav geography information stamp by front end processor to the granting of client's mobile phone with payment function, timeliness stamp and the POS of trade company title, scene evidence taking and Quick Response Code reading device title, the operating personnel of trade company title, phone number, the Quick Response Code mobile-phone payment electronic license book of the information such as payment account order number, otherwise pay application refusal and warning message to client's mobile phone and authenticate device granting feedback, prompting re-starts to pay application or pay and stops, realized automatically gathering and editing manifest, the statistics consumption amount of money, send and pay application, issue payment certificate.

Step S606: certificate information is resolved, and positioning address comparison, order number are checked, timeliness restriction checking.At first scene evidence taking and Quick Response Code reading device read the Quick Response Code mobile-phone payment electronic license book on client's mobile phone, next gathers the client and pays on-the-spot audio-visual evidence obtaining information, pass in the lump authenticate device together with scene evidence taking and the current satellite positioning information of Quick Response Code reading device, after authenticate device carries out the certificate information parsing, further carry out the information comparison such as client's mobile phone, the POS of trade company, scene evidence taking and Quick Response Code reading device satnav address, and carry out that order number is checked and timeliness restriction checking.If satnav address deviation is in setting range, and the match is successful for order number, and timeliness restriction is verified, sends and allow payment information and scene evidence taking information to go forward side by side after the row format processing to front end processor, and then be transmitted to server 400 requests and carry out the processing of account payment and settlement.Realized the certificate information parsing, positioning address comparison, order number are checked, timeliness restriction checking, have realized the information boundary prosecution, and equipment access is set up defences, client's there and then mobile phone secure payment.

Step S607: reject and manage payment by oneself, abolish abnormal order, stop illegally exchange, implement the account clearing.Server 400 advances the respond services request and carries out mobile phone account clearing pre-treatment, reject the POS operating personnel of trade company oneself for managing the mobile-phone payment of handling by oneself, and abolish the multimedia message of abnormal form, content, feature, stop the invalid data exchange of non-registered device and equipment, and unauthorized access device and equipment are piped off, stop and carry out message exchange with it after reporting to the police.After this guaranteeing under the prerequisite of safety of payment, implementing the account payment and settlement and process, if the success of account payment and settlement, server 400 is to client's mobile phone and authenticate device until the POS of trade company feedback mobile-phone payment successful information, and payment process completes.Otherwise, paying failure information to the related facilities such as client's mobile phone and authenticate device and even the POS of trade company feedback, prompting client and the POS operating personnel of trade company pay failure, and refusal delivery, end consumption.Manage payment by oneself thereby realized rejecting, to abolish abnormal order, to stop illegally exchange, to implement the account clearing, to have realized that mobile phone there and then secure payment confirms.

Be illustrated in figure 8 the mutatis mutandis safety certification workflow diagram of registering of the utility model embodiment POS digital certificates safety certification device, comprise following technical step:

Step S801: device registration, the peace control arranges.When being issued to trade company, obtains POS digital certificates safety certification device (calling authenticate device in the following text) trade company's digital certificate, authenticate device satnav characteristic information, the digital certificates technical parameter, operational factor, the information such as user's input feature vector information, held the default registration of the various information that need at financial POS Service Process Server (calling server 400 in the following text), and store trade company's digital certificates into the ciphertext granting respectively according to its information ownership, in the Financial Information dedicated memory of authenticate device and the tables of data of financial POS Service Process Server, carry out safety certification in order to login the POS security certification system the authenticate device user, carry out the maltilevel security authentication when upgrade maintenance and mobile-phone payment, implement the peace control mandate of agreement.

Step S802: safety certification, electronic authorization.Authenticate device obtains the authenticate device keeper's of trade company user biological feature, digital certificates information, user login information, and automatically generate the authenticate device facility information, pass to network by POS wireless access private network in the lump and pass to 400 requests of front end processor 300 and server and carry out safety certification, the server 400 contrast POS of trade company electronics, people, authenticate device, system user relevant information are implemented safety certification and are processed and trade company's level electronic authorization.If above-mentioned maltilevel security authentication succeeds, and issue the color breath transmission of the Quick Response Code electronic license book with the current satnav geography information of authenticate device stamp and timeliness stamp and financial payment clearing safety verification relevant information to authenticate device 100 by front end processor 300 multimedia message passages, complete the mutatis mutandis electronic authorization of registering of authenticate device.If safety certification is unsuccessful, safety certification repeatedly not by the time transmit orders relevant apparatus locking safety certification and upgrade maintenance passage, and send the warning messages such as cell phone multimedia message by front end processor 300 multimedia message passages to trade company or the personnel of financial institution in time.

Step S803: resolve certificate, mutatis mutandis registering.The authenticate device correlation unit is resolved the color breath of Quick Response Code and is sent the electronic license book, give orders to open between authenticate device and trade company's application server after the checking digital certificates are effective and carry out the passage of message exchange, the sending function of multimedia message passage, and locking authenticate device safety certification and upgrade maintenance passage, automatically close Wireless IP network connecting communication service function, complete the mutatis mutandis safety certification of registering of authenticate device.

Be illustrated in figure 9 the mutatis mutandis safety certification workflow diagram of registering of the utility model embodiment trade company's scene evidence taking and Quick Response Code reading device, comprise following technical step:

Step S901: device registration, the peace control arranges.POS digital certificates safety certification device obtains the information such as trade company's scene evidence taking and Quick Response Code reading device (calling authenticate device in the following text) apparatus characteristic, satnav characteristic information, operational factor, operation user's characteristic information, complete at POS digital certificates safety certification device the default registration of various information that safety certification needs, and with the ciphertext granting, store in dedicated memory respectively according to its information ownership, in order to carry out the maltilevel security authentication when trade company's scene evidence taking and Quick Response Code reading device user login trade company's application system, implement the peace control mandate of agreement.

Step S902: electronic authorization, certificate is resolved.If trade company's application system allows the POS equipment operator of trade company, it carries out the POS of trade company equipment operating, for it, distribute the exercisable POS600 of a trade company equipment, and provided and there is scene evidence taking and Quick Response Code reading device 700 and the POS of the trade company satnav geography information stamp of having assigned to trade company's POS operating personnel's mobile phone by authenticate device, the timeliness stamp, the POS of trade company title, trade company's application system login user title, the dynamic login password of trade company's application system user (asu), trade company's application system access two-dimensional code electronic certificate of the safety verification relevant informations such as the POS operating personnel of trade company phone number, and the POS of trade company title, scene evidence taking and Quick Response Code reading device title and the POS of trade company networking IP address relevant information.After this, trade company's scene evidence taking and Quick Response Code reading device obtain the POS operating personnel's of trade company user biological feature, digital certificates information, user login information, and the trade company's application system access two-dimensional code electronic certificate on the POS equipment operator of trade company mobile phone, and with the satnav geography information stamp automatically generated, the information such as timestamp pass in the lump trade company's application server 500 and resolve identification, and further pass to authenticate device and carry out scene evidence taking and the mutatis mutandis Security Authentication Service application of registering of Quick Response Code reading device, carry out trade company's application system secure log authentication with control, complete trade company's level Lawful access mandate.

Step S903: safety certification, mutatis mutandis registering, server 500 is according to Quick Response Code analysis result information generating merchant POS operating personnel's trade company application system login relevant information, automatically implements the POS operating personnel of trade company and logins safety check, the POS of trade company satnav geography information register safety check and the aftertreatment thereof of the Quick Response Code relevant informations such as safety check, ageing safety check, trade company's application system login user and password safety check.If the satnav geography information of trade company's scene evidence taking and Quick Response Code reading device 700 is registration in authenticate device 100 really, the POS600 of the trade company equipment that the POS operating personnel of trade company use is registration in authenticate device 100 really, authentication success, and the geographic position of current these devices and equipment is also really in rational position, complete the POS600 of trade company equipment and scene evidence taking and the mutatis mutandis of Quick Response Code reading device 700 registered, by the mutatis mutandis information of registering of network-feedback to the POS600 of trade company.If safety certification is unsuccessful, by authenticate device 100 to the POS operating personnel of trade company feedback the register unsuccessful voice of authentication and information and other corresponding warning message, so just realized the maltilevel security authentication of digital certificates, people, machine (equipment), system.

POS digital certificates safety certification device, POS security certification system and mobile-phone payment safety certifying method advantage that the utility model embodiment provides are as follows:

1, the collection that has realized relevant apparatus and equipment satellite positioning information is registered and identification checking safely, has effectively prevented the illegal access of the crucial payment devices such as the POS of trade company, POS digital certificates safety certification device, scene evidence taking and Quick Response Code reading device and has illegally palmed off and use and invade.Simultaneously, also realized that in the payment process, the attendant of trade company separates with the thorough of client's operating equipment, guaranteed the independence of operation separately, protected the safety of each side's information, prevented from divulging a secret.

2, provide biometric secure authority checking function for the POS safety certification, and the real holder in due course who is whether mobile phone or certificate to the possessor has carried out safe strict biological characteristic and has checked, not only authentication password and certificate but also authenticate holder, effectively improved the security of POS safety certification, prevent the client password leakage, realized client's mobile phone there and then secure payment.

In addition, the utility model also provides a kind of POS equipment safety authentication method, and method comprises:

Obtain user's secure authenticated information;

Described user safety authentication information is sent to bank server and carry out safety certification, and receive the safety certification data of returning;

According to described safety certification data generated data result;

Control the data interaction of POS device and external unit according to described data processed result.

A kind of mobile-phone payment safety certifying method of the present utility model, overcome the safety problem that existing hand set paying method safety certification aspect exists, realized the mobile-phone payment multiple authentication, effectively management and control, authentication is tight, safe and reliable, realized not only authenticating part but also recognize facility environment and the on-the-spot confirmation of people's there and then Quick Response Code payment electronic license book secure payment, for the client provides a kind of more flexible consumption service approach and means.

Applied specific embodiment in the utility model principle of the present utility model and embodiment are set forth, the explanation of above embodiment is just for helping to understand method of the present utility model and core concept thereof; , for one of ordinary skill in the art, according to thought of the present utility model, all will change in specific embodiments and applications, in sum, this description should not be construed as restriction of the present utility model simultaneously.

Claims

1. a POS safety certification device, it is characterized in that, described device comprises: the secure authenticated information acquisition module, the authentication information communication module, main control module and data channel peace control module, described secure authenticated information acquisition module, authentication information communication module and data channel peace control module all are connected with main control module; Wherein,

2. POS safety certification device as claimed in claim 1, is characterized in that, described secure authenticated information comprises: accounts information, user's biological information, user's digital certificates information and the condition code of POS safety certification device of user's input.

3. POS safety certification device as claimed in claim 2, is characterized in that,

Described user's biological information comprises: user's head portrait, voice, nethike embrane, iris, fingerprint, finger vena information;

4. POS safety certification device as claimed in claim 3, is characterized in that, described secure authenticated information acquisition module comprises:

Data input device, for receiving the accounts information of user's input;

5. POS safety certification device as claimed in claim 1, is characterized in that, described POS safety certification device also comprises:

6. POS safety certification device as claimed in claim 5, it is characterized in that, described data channel peace control module is controlled the data interaction of described usb communication module, wireless communication module and Quick Response Code multimedia message communication module and external unit according to described data processed result.

7. POS safety certification device as claimed in claim 1, is characterized in that, described POS safety certification device also comprises:

8. a POS security certification system, is characterized in that, described system comprises: bank server, POS safety feature, trade company's application server, the POS of trade company terminal, scene evidence taking Quick Response Code reading device and biological characteristic entrance guard device;

Described POS safety feature comprises:

9. POS security certification system as claimed in claim 8, is characterized in that, described secure authenticated information comprises: accounts information, user's biological information, user's digital certificates information and the condition code of POS safety certification device of user's input.

10. POS security certification system as claimed in claim 9, is characterized in that,

11. POS security certification system as claimed in claim 10, is characterized in that,

Described biological characteristic entrance guard device, for head portrait, voice, nethike embrane, iris, fingerprint, the finger vena information that gathers the user.

12. POS security certification system as claimed in claim 10, is characterized in that, trade company's POS terminal comprises:

Data input device, for receiving the accounts information of user's input;

13. POS security certification system as claimed in claim 10, is characterized in that,

Described scene evidence taking Quick Response Code reading device, for gathering user's mobile phone two-dimensional code electronic certificate information.

14. POS security certification system as claimed in claim 8, is characterized in that, described POS safety feature also comprises:

15. POS security certification system as claimed in claim 14, it is characterized in that, described data channel peace control module is controlled the data interaction of described usb communication module, wireless communication module and Quick Response Code multimedia message communication module and external unit according to described data processed result.

16. POS security certification system as claimed in claim 13, is characterized in that, described scene evidence taking Quick Response Code reading device also comprises: