WO2015161694A1 - Secure data interaction method and system - Google Patents
Secure data interaction method and system Download PDFInfo
- Publication number
- WO2015161694A1 WO2015161694A1 PCT/CN2015/071584 CN2015071584W WO2015161694A1 WO 2015161694 A1 WO2015161694 A1 WO 2015161694A1 CN 2015071584 W CN2015071584 W CN 2015071584W WO 2015161694 A1 WO2015161694 A1 WO 2015161694A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- cryptographic device
- smart
- smart cryptographic
- terminal
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- the present invention relates to the field of information security, and in particular, to a data security interaction method and system.
- Mobile payment is a service that allows users to use their mobile terminals (such as smart phones, PDAs, tablets, laptops, etc.) to pay for goods or services they consume.
- the unit or individual sends the payment instruction directly or indirectly to the banking financial institution through the mobile terminal, the Internet or proximity sensing to generate the behavior of money payment and capital circulation, thereby realizing the mobile payment function.
- Mobile payment combines mobile terminals, the Internet, application providers, and financial institutions to provide users with financial services such as money payment and payment.
- Mobile payment mainly includes remote payment and near-field payment.
- Remote payment refers to the user logging in to the bank's webpage through the mobile terminal for payment, account operation, etc., which is mainly applied to the shopping and consumption of online e-commerce websites;
- near-field payment refers to the instant payment to the merchant through the mobile terminal when the consumer purchases the goods or services.
- the payment is made, the processing of the payment is performed on site, and the offline operation of the mobile network is not required, and the local communication with the vending machine and the POS machine is realized by using the radio frequency (NFC), infrared, Bluetooth, and the like of the mobile terminal.
- NFC radio frequency
- the participants involved in the payment include: consumer users, merchants, mobile operators, third-party service providers, banks.
- Consumer users and merchants are the service objects of the system, mobile operators provide network support, banks provide bank-related services, and third-party service providers provide payment platform services to achieve business through the combination of all parties.
- the electronic and mobileization of payment methods has become an inevitable development trend, and the security issue of mobile payment systems is the core issue of mobile e-commerce security.
- the present invention is directed to solving one of the above problems.
- a primary object of the present invention is to provide a data security interaction method.
- Another main object of the present invention is to provide a data security interaction system.
- An aspect of the present invention provides a data security interaction method, including: a terminal scanning a smart cryptographic device within a signal coverage area, and obtaining the scanned identification information of the smart cryptographic device; the background system server obtains the Identification information of the smart cryptographic device, and completing authentication of the smart cryptographic device; in the background system After the server completes the authentication of the smart cryptographic device, the terminal acquires user information corresponding to the smart cryptographic device; the terminal stores the user information into a pre-established current user list.
- the background system server obtains the identification information of the smart cryptographic device, and completes the authentication of the smart cryptographic device, including: the terminal generates first to-be-signed information; and the terminal sends the first to-be-sending to the smart cryptographic device. a signature information and an authentication instruction; after receiving the first to-be-signed information and the authentication instruction, the smart cryptographic device performs signature calculation on the first to-be-signed information by using a private key of the smart cryptographic device to obtain a first a signature information; the smart cryptographic device sends the first signature information and the smart cryptographic device certificate to the terminal; after receiving the first signature information and the smart cryptographic device certificate, the terminal sends the authentication to the background system server.
- the background system server receives the authentication request information, the smart Identification information of the cryptographic device, the first to-be-signed information, and the first signature information
- the root certificate corresponding to the pre-stored smart password device certificate is used to verify whether the smart password device certificate is legal
- the background system server uses the smart password after verifying that the smart password device certificate is legal.
- the public key of the device verifies the first signature information; after the background system server verifies that the first signature information is passed, the background system server completes the authentication of the smart cryptographic device.
- the background system server obtains the identification information of the smart cryptographic device, and completes the authentication of the smart cryptographic device, including: the terminal sends the identification information of the smart cryptographic device to the background system server; the background system server receives After the identification information of the smart cryptographic device is sent, the first to-be-signed information is generated, and the first to-be-signed information is sent to the terminal; after receiving the first to-be-signed information, the terminal sends the information to the smart cryptographic device.
- the first to-be-signed information and the authentication instruction after receiving the first to-be-signed information and the authentication instruction, the smart cryptographic device performs the first to-be-signed information by using a private key of the smart cryptographic device
- the signature calculation is performed to obtain the first signature information; the smart cryptographic device sends the first signature information and the smart cryptographic device certificate to the terminal; after receiving the first signature information and the smart cryptographic device certificate, the terminal sends a
- the background system server sends the authentication request information, the first signature information, and the smart password setting a certificate, the background system server, after receiving the authentication request information, the first signature information, and the smart password device certificate, verifying whether the smart password device certificate is legal by using a root certificate corresponding to the pre-stored smart password device certificate. After the background system server verifies that the smart cryptographic device certificate is legal, the first signature information is verified by using the public key of the smart cryptographic device; after the background system server verifies that the first signature information is passed, The authentication of the smart cryptographic device is completed.
- the acquiring, by the terminal, the user information corresponding to the smart cryptographic device includes: sending, by the terminal, identification information of the smart cryptographic device and a user information read request to the background system server; After the identification information of the smart cryptographic device and the user information read request, according to the smart password setting Obtaining the user information corresponding to the smart cryptographic device; the background system server obtains the response information of the user information read request according to the user information, and sends the user information to the terminal to read The response information of the request; after receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request.
- the acquiring, by the terminal, the user information corresponding to the smart cryptographic device includes: the terminal sending a user information reading request to the smart cryptographic device; the smart cryptographic device obtaining pre-stored user information, and according to the user Obtaining response information of the user information reading request, and transmitting response information of the user information reading request to the terminal; after receiving the response information of the user information reading request, the terminal according to the The user information is obtained from the response information of the user information read request.
- the performing, by the background system server, the authentication of the smart cryptographic device includes: the background system server sending the user information corresponding to the smart cryptographic device to the terminal; and the terminal acquiring the user corresponding to the smart cryptographic device
- the information includes: the terminal receiving user information corresponding to the smart cryptographic device sent by the background system server.
- the method further includes: obtaining, by the terminal, signal coverage at the terminal And generating, by the identifier information of all the smart cryptographic devices, the real-time identification list; the terminal, according to the preset time interval, the identification information of the smart cryptographic device in the real-time identification list and the smart cryptographic device in the current user list The identification information is compared; if the identification information of the smart cryptographic device in the real-time identification list is not in the current user list, the terminal is configured to acquire the smart password according to the scanned identification information of the smart cryptographic device.
- the method further includes: obtaining, by the terminal, signal coverage at the terminal And generating, by the identifier information of all the smart cryptographic devices, the real-time identification list; the terminal, according to the preset time interval, the identification information of the smart cryptographic device in the real-time identification list and the smart cryptographic device in the current user list The identification information is compared; if the identification information of the smart cryptographic device in the real-time identification list is not in the current user list, the terminal is configured to acquire the smart password according to the scanned identification information of the smart cryptographic device.
- the real-time identification list is used as the updated current user list.
- the smart cryptographic device after receiving the first to-be-signed information and the authentication instruction, performs signature calculation on the first to-be-signed information by using a private key of the smart cryptographic device, and obtains the first signature information, including
- the smart cryptographic device converts from a sleep state to an awake state after receiving the first to-be-signed information and the authentication command; the smart cryptographic device utilizes a private key pair of the smart cryptographic device in an awake state
- the first signature information is subjected to signature calculation to obtain first signature information.
- the method further includes: the background system server determining whether the identification information of the smart cryptographic device includes the pre-stored smart in the background system server In the password device exception list, the background system server obtains the instruction to lock the smart password device after determining that the identification information of the smart password device is in the abnormal list of the smart password device, and uses the private key of the background system server Signing the smart cryptographic device command to obtain the second signature information, and transmitting, by the terminal, the locked smart cryptographic device command and the second signature information to the smart cryptographic device; the smart cryptographic device receives the After the smart cryptographic device command and the second signature information are locked, the second signature information is verified by using a pre-stored public key in the background system server certificate; the smart cryptographic device is verifying the second signature information After passing, according to the instructions for locking the smart password device Row lock operation.
- the method further includes: the background system server receiving the smart password device registration application, and reviewing the smart password device registration application; the background system server, after reviewing the smart password device registration application, The smart cryptographic device sends a smart cryptographic device key pair generation command; after receiving the smart cryptographic device key pair generation instruction, the smart cryptographic device generates a smart cryptographic device key pair; the smart cryptographic device The background system server sends the public key in the smart cryptographic device key pair; after the background system server receives the public key in the smart cryptographic device key pair, the smart cryptographic device certificate is generated, and the The smart cryptographic device sends the smart cryptographic device certificate; the smart cryptographic device stores the smart cryptographic device certificate.
- the smart cryptographic device obtains a smart PIN device account cancellation application, uses the private key of the smart cryptographic device to sign the account cancellation application to obtain third signature information, and sends the smart password to the background system server.
- the third signature information the background system server, after receiving the smart password device account cancellation application and the third signature information, using the public key pair in the pre-stored smart password device certificate The third signature information is verified; after the third-party signature information is verified, the background system server deletes the pre-stored smart password device certificate, and generates a smart password device account completion information to the smart password.
- the background system server receives the identification information of the smart cryptographic device and the user information read After the step of requesting, the step of the background system server sending the response information of the user information read request to the terminal, the method further includes: the background system server using the terminal to the smart password The device sends the user authorization request information; after receiving the user authorization request information, the smart cryptographic device generates authorization information, and sends the authorization information to the background system server by using the terminal; the background system server receives After the authorization information, the step of the background system server transmitting the response information of the user information read request to the terminal is performed.
- the step of generating the authorization information includes: after receiving the user authorization request information, the smart cryptographic device converts from a sleep state to an awake state; The smart cryptographic device generates authorization information in the awake state.
- the method further includes: the smart cryptographic device enters a scanable state.
- a data security interaction system including: a terminal, a background system server, and a smart cryptographic device; the terminal configured to scan a smart cryptographic device within a signal coverage area, and obtain the scanned smart sensible device Identification information of the cryptographic device; after the background system server completes the authentication of the smart cryptographic device, acquiring user information corresponding to the smart cryptographic device; storing the user information in a pre-established current user list; The background system server is configured to obtain identification information of the smart cryptographic device, and complete authentication of the smart cryptographic device.
- the terminal is further configured to generate first to-be-signed information, send the first to-be-signed information and an authentication command to the smart cryptographic device, and receive the first signature information and the smart cryptographic device sent by the smart cryptographic device.
- a certificate, the authentication request information, the identification information of the smart cryptographic device, the first to-be-signed information, the first signature information, and the smart cryptographic device certificate are sent to the background system server;
- Receiving the first to-be-signed information and the authentication instruction sent by the terminal performing signature calculation on the first to-be-signed information by using a private key of the smart cryptographic device, to obtain first signature information, and obtaining the first signature information;
- the background system server is further configured to receive the authentication request information sent by the terminal, the identification information of the smart cryptographic device, and the first to-be-signed information.
- the first signature information and the smart password device certificate using a pre-stored smart password device
- the root certificate corresponding to the book verifies whether the smart cryptographic device certificate is legal; after verifying that the smart cryptographic device certificate is legal, the first signature information is verified by using the public key of the smart cryptographic device; and the first signature is verified After the information is passed, the authentication of the smart cryptographic device is completed.
- the terminal is further configured to send the identification information of the smart cryptographic device to the background system server, receive the first to-be-signed information sent by the background system server, and send the first to-be-signed information to the smart cryptographic device.
- the authentication command ; receiving the first signature information and the smart password device certificate sent by the smart cryptographic device, and sending the authentication request information, the first signature information, and the smart cryptographic device certificate to the background system server;
- the system server is further configured to receive the identification information of the smart cryptographic device sent by the terminal, generate first to-be-signed information, and send the first to-be-signed information to the terminal; and receive the authentication sent by the terminal Requesting information, the first signature information, and the smart cryptographic device certificate, verifying whether the smart cryptographic device certificate is legal by using a root certificate corresponding to the pre-stored smart cryptographic device certificate; and verifying that the smart cryptographic device certificate is legal, using The public key of the smart cryptographic device verifies the first signature information; after verifying that the first signature information is passed, the authentication of the smart
- the terminal is further configured to send the identification information of the smart cryptographic device and the user information read request to the background system server, and receive the response information of the user information read request sent by the background system server, Obtaining the user information according to the response information of the user information reading request;
- the background system server is further configured to receive the identification information of the smart cryptographic device and the user information reading request sent by the terminal, according to The identification information of the smart cryptographic device acquires user information corresponding to the smart cryptographic device; obtains response information of the user information read request according to the user information, and sends the user information read request to the terminal Response information.
- the terminal is further configured to send a user information read request to the smart cryptographic device, receive response information of the user information read request sent by the smart cryptographic device, and read the request according to the user information.
- the smart cryptographic device is further configured to obtain pre-stored user information, and obtain response information of the user information read request according to the user information, and send the User information read request response information.
- the background system server is further configured to send the user information corresponding to the smart cryptographic device to the terminal; the terminal is further configured to receive user information corresponding to the smart cryptographic device sent by the background system server.
- the terminal is further configured to: after the terminal scans the smart cryptographic device within the signal coverage range, and obtains the scanned identification information of the smart cryptographic device, obtains all the signal coverage within the terminal And the identification information of the smart cryptographic device is compared with the identification information of the smart cryptographic device in the current user list according to the preset time interval; If the identification information of the smart cryptographic device in the real-time identification list is not in the current user list, Obtaining, by the identifier information of the smart cryptographic device, the user information corresponding to the smart cryptographic device; and if the identification information of the smart cryptographic device in the current user list is not in the real-time identifier list, deleting the current User information of the smart cryptographic device that is not in the real-time identification list in the user list.
- the terminal is further configured to: after the terminal scans the smart cryptographic device within the signal coverage range, and obtains the scanned identification information of the smart cryptographic device, obtains all the signal coverage within the terminal And the identification information of the smart cryptographic device is compared with the identification information of the smart cryptographic device in the current user list according to the preset time interval; If the identification information of the smart cryptographic device in the real-time identities list is not in the current user list, obtaining the user information corresponding to the smart cryptographic device according to the scanned identification information of the smart cryptographic device, and in the After the terminal obtains the user information, the user information is stored in the real-time identifier list; and if the identifier information of the smart cryptographic device in the real-time identifier list is in the current user list, the User information of the smart cryptographic device in the current user list is stored to the real-time identifier Table; the real-time identification of the updated list as a list of current users.
- the smart cryptographic device is further configured to: transition from a sleep state to an awake state after receiving the first to-be-signed information and the authentication command; and use a private key pair of the smart cryptographic device in an awake state
- the first to-be-signed information is used for signature calculation to obtain first signature information.
- the background system server is further configured to: after the background system server obtains the identification information of the smart cryptographic device, determine whether the identification information of the smart cryptographic device includes a smart password pre-stored in the background system server. After determining that the identification information of the smart cryptographic device is in the abnormal list of the smart cryptographic device, obtaining an instruction to lock the smart cryptographic device, and using the private key pair of the background system server to lock the smart cryptographic device command Performing a signature to obtain the second signature information, and transmitting, by the terminal, the locked smart cryptographic device instruction and the second signature information to the smart cryptographic device; the smart cryptographic device is further configured to receive the background system server And verifying, by using the pre-stored public key in the background system server certificate, the second signature information by using the locked smart cryptographic device command and the second signature information sent by the terminal; After the signature information is passed, the smart password device is locked according to the So that the locking operation.
- the background system server is further configured to receive a smart password device registration application, and review the smart password device registration application; and send the smart to the smart password device after reviewing the smart password device registration application
- the cryptographic device key pair generates an instruction; receiving the public key in the smart cryptographic device key pair sent by the smart cryptographic device, generating the smart cryptographic device certificate, and transmitting the smart cryptographic device to the smart cryptographic device a smart cryptographic device, configured to receive the smart cryptographic device key pair generation command sent by the background system server, generate a smart cryptographic device key pair, and send the smart cryptographic setting to the background system server
- the public key in the backup key pair storing the smart password device certificate.
- the smart cryptographic device is further configured to obtain a smart PIN device account cancellation application, and use the private key of the smart cryptographic device to sign the account cancellation application to obtain third signature information, and send the third signature information to the background system server.
- the background system server is further configured to send user authorization request information to the smart cryptographic device through the terminal, and receive the authorization information sent by the smart cryptographic device through the terminal, and send the device to the terminal.
- the smart cryptographic device is further configured to receive the user authorization request information sent by the background system server by using the terminal, generate authorization information, and send the authorization information to the The background system server sends the authorization information.
- the smart cryptographic device is further configured to: after receiving the user authorization request information, transition from a sleep state to an awake state; and generate authorization information in the awake state.
- the smart cryptographic device is further configured to enter a scannable state before being scanned by the terminal.
- the terminal of the merchant can obtain the user information corresponding to the smart cryptographic device by first reading the identification information of the smart cryptographic device and then using the identification information of the smart cryptographic device. Therefore, the customer can pay for the product without using a wallet, a credit card, a mobile phone, etc., thereby simplifying the interaction between the customer and the merchant, and improving the user experience.
- FIG. 1 is a schematic structural diagram of a data security interaction system provided by the present invention.
- FIG. 2 is a flow chart of a data security interaction method provided by the present invention.
- connection In the description of the present invention, it should be noted that the terms “installation”, “connected”, and “connected” are to be understood broadly, and may be fixed or detachable, for example, unless otherwise explicitly defined and defined. Connected, or integrally connected; can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
- Connected, or integrally connected can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
- first and second are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
- the data security interaction method provided by the present invention is applicable to the system architecture shown in FIG. 1, and includes: a background system server, a terminal, and a smart cryptographic device. among them:
- the background system server can complete the management of the smart cryptographic device and the storage and delivery management of the user information, for example, including registration, account cancellation, authentication, authentication, etc. of the smart cryptographic device, which can provide banking related services and payment platform services.
- Financial services may include a combination of one or more servers, such as a payment server, an authentication server, and a management server.
- the terminal can be a terminal of the merchant terminal, to complete the initiation of the mobile payment, the maintenance of the user information, etc., the terminal can automatically scan the smart password device within the coverage of the signal, and establish a communication connection with the smart password device to obtain the smart password device. Corresponding user information.
- the terminal (such as a POS machine) of the present invention adds a wireless communication function module, and a dedicated network connection is used between the background and the terminal to ensure security.
- the smart cryptographic device has a function of secure payment (for example, electronic signature, dynamic password generation), and the smart cryptographic device has a wireless communication module (for example: Bluetooth, infrared, RFID, NFC, light, sound wave, heat, vibration, WIFI, etc.), The wireless communication module communicates with the terminal.
- the smart cryptographic device can also include a wired interface (for example, an audio interface, a USB interface, a serial port, etc.), and communicates with the terminal through a wired interface.
- the smart password device can also have a connection option function. If the user does not enable the function, the terminal cannot obtain the identification information of the smart password device and the corresponding user information.
- a smart cryptographic device can enter a state that can be scanned for the terminal to scan to the smart cryptographic device.
- the connection option function of the smart password device can be implemented for the hardware switch set on the smart password device, or can be implemented by the software for the smart password device.
- the data security interaction method provided by the present invention includes the following steps 1 to 7.
- Step 1 The smart password device registers with the background system server.
- the background system server receives the smart password device registration application and audits the smart password device registration application; specifically, the user holding the smart password device can apply for the registration of the smart password device at the bank counter, or can handle the smart through the Internet. After the registration request of the cryptographic device, the background system server receives the registration application and reviews the legality of the identity of the user.
- the background system server sends a smart password device key pair generation instruction to the smart password device; specifically, the background system server approves the legality of the user identity, and then agrees to the user's smart password.
- the device performs registration, and sends a key pair generation instruction to the smart cryptographic device, and is configured to instruct the smart cryptographic device to generate a smart cryptographic device key pair, the smart cryptographic device key pair including a pair of public and private keys.
- the smart cryptographic device After receiving the instruction of the smart cryptographic device key pair, the smart cryptographic device generates a smart cryptographic device key pair. Specifically, a smart key device may preset a key pair generation manner, and the smart cryptographic device receives the smart password. After the device key pair generates an instruction, the smart cipher device key pair is generated according to the preset key pair generation manner, that is, a pair of public and private keys are generated.
- the smart cryptographic device sends the public key in the smart cryptographic device key pair to the background system server; specifically, the smart cryptographic device can forward the public key in the smart cryptographic device key pair generated by the smart cryptographic device to the background system through the trusted communication link
- the server sends the key to ensure the security of the public key of the smart cryptographic device.
- the public key of the smart cryptographic device key pair generated by the server can also be sent to the background system server through the Internet to improve the public key of the smart cryptographic device. Convenience of transmission.
- the background system server After receiving the public key in the smart cryptographic device key pair, the background system server generates a smart cryptographic device certificate and sends the smart cryptographic device certificate to the smart cryptographic device; specifically, the background system server can use the private key of the background system server to the user.
- the information and the public key of the smart cryptographic device are calculated to generate a smart cryptographic device certificate; the backend system server may further include a CA server, and the user's information and the public key of the smart cryptographic device are calculated by the private key of the CA server to generate a smart password.
- the device certificate can also send the user's information and the public key of the smart cryptographic device to the CA.
- the CA calculates the smart cryptographic device certificate by calculating the user's information and the public key of the smart cryptographic device according to the private key of the CA.
- the background system server sends the smart password device.
- the smart password device stores the smart password device certificate. Specifically, after receiving the smart password device certificate sent by the background system server, the smart password device stores the smart password device certificate in a storage area where the security function is executed.
- the smart cryptographic device can also store different smart cryptographic device certificates sent by different background system servers.
- the terminal can also register with the backend system server.
- Step 2 The terminal scans the smart cryptographic device within the signal coverage area, and obtains the identification information of the scanned smart cryptographic device.
- the terminal may send the query signal (such as the serial number of the terminal) to query the smart cryptographic device within the coverage of a certain wireless signal according to a certain time interval;
- the query signal such as the serial number of the terminal
- the smart cryptographic device listens to the query of the terminal (query scan). After the smart cryptographic device enters the signal coverage of the terminal, the smart cryptographic device sends the identification information of the smart cryptographic device to the terminal, and the terminal scans the identification information of the smart cryptographic device. .
- the terminal can use the IAC (Inquiry Access Code) to query the smart cryptographic device within the coverage of a certain wireless signal;
- IAC Inquiry Access Code
- the smart cryptographic device listens (query scans) the query of the terminal, and sends the address and clock information of the smart cryptographic device to the terminal after the smart cryptographic device enters the signal coverage of the terminal;
- the smart cryptographic device listens to paging information from the terminal and performs paging scanning
- the terminal pages the smart cryptographic device that has been queried
- the smart cryptographic device After receiving the paging information, the smart cryptographic device sends a DAC (Device Access Code) of the smart cryptographic device to the terminal.
- DAC Device Access Code
- the terminal sends an inquiry signal to query a smart cryptographic device within a certain wireless signal coverage range
- the smart cryptographic device listens (query scans) the query signal of the terminal, and sends the address of the smart cryptographic device to the terminal after the smart cryptographic device enters the signal coverage of the terminal.
- the present invention only uses the above two examples to describe how the terminal obtains the identification information of the smart cryptographic device, but the present invention is not limited thereto.
- the smart cryptographic device may receive When any information is sent to the terminal, the information sent by the terminal can be used as a sleep wake-up signal, and the smart cryptographic device switches the sleep state to the awake state (ie, the normal working mode) according to the sleep wake-up signal. At the same time, the smart cryptographic device can automatically reply to the sleep state after any command execution ends. The smart cryptographic device enters a sleep state to save power of the smart cryptographic device and prolong its service life.
- the smart password device Before the terminal scans the smart password device, the smart password device also needs to enter a state that can be scanned, so that the terminal can scan the smart password device, wherein the smart password device enters the scanable state and can pass the smart password device.
- the set hardware switch is enabled, and can also be implemented by the smart password device software.
- Step 3 The background system server authenticates the smart cryptographic device.
- the terminal generates the first to-be-signed information.
- the terminal may generate the random number as the first to-be-signed information by using the random number generator, or may use its own serial number, MAC address, or other identification information as the first to-be-signed information.
- the information may also be a combination of a random number and identification information as the first to-be-signed information.
- the information that can be signed by the smart cryptographic device can be used as the first to-be-signed information, so that the smart cryptographic device returns the signature information and sends the information to the background system server, so that the background system server authenticates the smart cryptographic device.
- the random number can be one of a combination of numbers, letters, special characters, or the like.
- the terminal sends the first to-be-signed information and the authentication command to the smart cryptographic device; specifically, the terminal may send the first to-be-signed information and the authentication command to the smart cryptographic device through the wireless communication link, so as to ensure the convenience of the information transmission;
- the first to-be-signed information and the authentication instruction may be sent to the smart cryptographic device through a wired interface to improve the security of the information transmission.
- the smart cryptographic device After receiving the first to-be-signed information and the authentication command, the smart cryptographic device performs signature calculation on the first to-be-signed information by using the private key of the smart cryptographic device to obtain the first signature information;
- the smart cryptographic device after receiving the first to-be-signed information and the authentication command, performs the signature calculation on the first signature information by using the private key of the smart cryptographic device to obtain the first signature information, and the smart cryptographic device may also be in the step of obtaining the first signature information.
- the dormant state is switched to the awake state; the smart cryptographic device performs signature calculation on the first to-be-signed information by using the private key of the smart cryptographic device in the awake state to obtain the first signature information.
- the sleep state is changed to the awake state to complete the normal work, and after the smart cryptographic device completes the work, it is switched to the sleep state again to reduce the power loss and prolong the service life.
- the smart cryptographic device sends the first signature information and the smart cryptographic device certificate to the terminal;
- the terminal After receiving the first signature information and the smart cryptographic device certificate, the terminal sends the authentication request information, the identification information of the smart cryptographic device, the first to-be-signed information, the first signature information, and the smart cryptographic device certificate to the background system server. Specifically, in this step, the terminal only plays the role of data forwarding, and improves data transmission efficiency.
- the background system server After receiving the authentication request information, the identification information of the smart cryptographic device, the first to-be-signed information, the first signature information, and the smart cryptographic device certificate, the background system server verifies whether the smart cryptographic device certificate is verified by using the root certificate corresponding to the pre-stored smart cryptographic device certificate. Specifically, the background system server also obtains the root certificate corresponding to the smart password device certificate, so as to verify the legality of the smart password device.
- the background system server determines the authentication request information, the identification information of the smart cryptographic device, the first to-be-signed information, the first signature information, and the smart cryptographic device certificate.
- the background system server obtains the instruction to lock the smart cryptographic device after determining that the identification information of the smart cryptographic device is in the abnormal list of the smart cryptographic device, And using the private key of the background system server to sign the locked smart password device instruction to obtain the second signature information, and sending the locked smart password device instruction and the second signature information to the smart password device through the terminal;
- the smart password device receives the locked smart password After the device instruction and the second signature information, the second signature information is verified by using the public key in the pre-stored background system server certificate; after verifying that the second signature information is passed, the smart cryptographic device performs a locking operation according to the instruction of the locked smart cryptographic device.
- the smart password device abnormal list may be a blacklist, a loss list, an invalidation list, or the like, which is an illegal list of the smart password device identity; if the smart password device identification information is in the smart password device abnormal list, the smart password device is specified. It is an illegal smart password device.
- the background system server sends a lock instruction to the illegal smart password device through the terminal to lock the illegal smart password device, and the background system server also signs the lock command. To ensure the legal source of the lock instruction, to avoid malicious operations that illegally lock the smart password device.
- the background system server may not sign the lock instruction and only send the lock command to the illegal terminal to lock the illegal terminal.
- the smart cryptographic device may perform the locking operation according to the instruction of the locked smart cryptographic device, and may include any manner in which the smart cryptographic device refuses to execute any request, destroys the certificate stored by itself, and the like.
- the background system server can also perform any request to reject the illegal smart cryptographic device after sending the lock instruction.
- the background system server can report the loss, and the background system server registers the device identification code of the smart password device on the loss list; or the account abnormality is reported, etc., the background system server
- These smart cryptographic devices are also registered in the blacklist. Devices in these exception lists are registered as exception devices on the exception list.
- the background system server authenticates the smart password device. During the authentication process, the device identifier is compared with the abnormal list. If the smart password device is locked on the list. Applying this method, if someone steals another person's smart password device and attempts to illegally use the smart password device to transfer funds to steal user funds, the background system server can remotely authenticate the smart password device before each transaction. The smart password device is locked, so that even if the smart password device is illegally stolen by others, the user account can be protected from loss.
- the background system server After verifying that the smart cryptographic device certificate is legal, the background system server verifies the first signature information by using the public key of the smart cryptographic device;
- the background system server After verifying that the first signature information is passed, the background system server completes the authentication of the smart cryptographic device. Specifically, after verifying that the first signature information is passed, the background system server may also generate an authentication completion message and send it to the terminal to notify the terminal. The certification is completed.
- the authentication of the smart cryptographic device by the background system server can ensure the legality of the smart cryptographic device and improve the security of subsequent processing. At the same time, it can prevent phishing risks, prevent transaction risks such as tampering, remote hijacking and man-in-the-middle attacks, thus effectively protecting the security of smart cryptographic device holders.
- Step 4 The terminal obtains user information.
- the terminal obtains the user information corresponding to the smart cryptographic device according to the information of the scanned smart cryptographic device (for example, the user's photo, name, account, and the like), which may be, but not limited to, the following manner.
- the user information corresponding to the smart password device for example, the user's photo, name, account, and the like.
- Method 1 The terminal obtains user information corresponding to the smart password device from the background system server:
- the terminal sends the identification information of the smart cryptographic device and the user information read request to the background system server; specifically, when the terminal sends the identification information of the smart cryptographic device and the user information read request to the background system server, the terminal may directly send the request to the background system server. Identification information of the smart cryptographic device and a user information read request.
- the background system server After receiving the identification information of the smart cryptographic device and the user information reading request, the background system server obtains the user information corresponding to the smart cryptographic device according to the identification information of the smart cryptographic device; specifically, the background system server prestores each registered smart device.
- the user information corresponding to the cryptographic device is used to obtain the user information corresponding to the smart cryptographic device according to the received identification information of the smart cryptographic device.
- the background system server also needs to authorize the smart password device holder to send the user information corresponding to the smart password device to the terminal.
- the background system server sends the user authorization request information to the smart cryptographic device through the terminal (for example, the user authorization request information may be a random number); after receiving the user authorization request information, the smart cryptographic device generates authorization information (for example, the authorization information may be And the information obtained by signing the random number), and sending the authorization information to the background system server by the terminal; and after the background system server receives the authorization information, performing the step of the background system server transmitting the response information of the user information read request to the terminal.
- the user authorization request information may be a random number
- the smart cryptographic device after receiving the user authorization request information, the smart cryptographic device generates authorization information (for example, the authorization information may be And the information obtained by signing the random number), and sending the authorization information to the background system server by the terminal; and after the background system server receives the authorization information, performing the step of the background system server transmitting the response information of the user information read request
- the background system server can also use the private key of the background system server to sign the user authorization request information, and then send the information to the smart cryptographic device through the terminal.
- the smart cryptographic device After receiving the signed information, the smart cryptographic device verifies the signature, and after the verification is passed.
- the user authorization request information is considered to be from a legitimate background system server, and the request is confirmed to authorize the background system server; the smart cryptographic device can also use the private key of the smart cryptographic device to sign the authorization information and then send it to the background through the terminal.
- the system server verifies the signature. After the verification is passed, the authorization information is considered to be from the correct smart password device to perform subsequent operations according to the authorization information.
- the above is only a few ways for the background system server to request authorization from the smart cryptographic device. The present invention is not limited thereto, and the above various combinations of variants should also fall within the protection scope of the present invention.
- the smart cryptographic device After the smart cryptographic device receives the user authorization request information, it can also be converted from the sleep state to Wake-up state; the smart cryptographic device generates authorization information in the awake state. In order to save energy and extend the life of smart password devices.
- the background system server obtains the response information of the user information read request according to the user information, and sends the response information of the user information read request to the terminal;
- the terminal After receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request.
- Manner 2 The terminal obtains user information corresponding to the smart password device from the smart password device:
- the terminal sends a user information read request to the smart cryptographic device
- the smart cryptographic device obtains pre-stored user information, and obtains response information of the user information read request according to the user information, and sends response information of the user information read request to the terminal;
- the terminal After receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request.
- the refusal information may be sent to the terminal through a button set on the smart cryptographic device or through software control to ensure the security of the user information.
- Manner 3 The background system server sends the user information corresponding to the smart cryptographic device to the smart cryptographic device directly through the terminal while completing the authentication:
- the background system server When the background system server completes the authentication of the smart cryptographic device, the background system server also sends the user information corresponding to the smart cryptographic device to the terminal; specifically, the background system server may also send the authentication to the terminal after completing the authentication of the smart cryptographic device.
- the completion message is sent to the terminal system server to authenticate the smart cryptographic device.
- the background system server sends the authentication completion message to the terminal, the pre-stored user information corresponding to the smart cryptographic device can be obtained according to the identification information of the smart cryptographic device. Send the user information corresponding to the smart password device to the terminal.
- the terminal obtains the user information corresponding to the smart cryptographic device, that is, the terminal directly obtains the user information corresponding to the smart cryptographic device from the information sent by the background system server.
- the terminal stores the user information in the pre-established current user list.
- the detected smart password device is constantly changing due to the change of the passenger flow in the store where the terminal is located and the flow of the personnel.
- the current user list may be Update by, but not limited to, the following:
- the terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;
- the terminal compares the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval;
- the current user list is updated in this manner to ensure that the user information corresponding to the smart cryptographic device in the coverage of the terminal signal can be updated to the current user list in time, and the user information corresponding to the smart cryptographic device within the coverage of the terminal signal is removed. It can be deleted from the current user list in time to ensure security.
- the terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;
- the terminal compares the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval;
- the step of obtaining the user information corresponding to the smart cryptographic device according to the identification information of the scanned smart cryptographic device is performed, and after the terminal obtains the user information, The user information is stored in the real-time identification list; and if the identification information of the smart cryptographic device in the real-time identification list is in the current user list, the user information of the smart cryptographic device in the current user list is stored in the real-time identification list;
- the real-time identification list is taken as the updated current user list.
- the terminal can copy the user information corresponding to the original smart password device in the store directly from the original current user list to the real-time identification list, and the user information corresponding to the customer of the newly entered store can pass.
- a user information read request is obtained from the background system server or the smart cryptographic device to obtain.
- the current user list can be automatically updated, which facilitates the management and maintenance of the information of the merchant's store staff.
- the terminal may display the user information corresponding to the user in the stored current user list, so that the holder of the smart password device can view the user information to ensure the correctness of the transaction.
- the transaction process requires a device with an account storage function such as a SIM card or a smart card, and the user needs to perform operations such as swiping the mobile phone, so that the merchant can obtain the account information of the user.
- an account storage function such as a SIM card or a smart card
- the terminal of the merchant can obtain the user information corresponding to the smart cryptographic device by first reading the identification information of the smart cryptographic device and then using the identification information of the smart cryptographic device. Therefore, customers can use the wallet without Credit card, mobile phone, etc. to pay for goods, which simplifies the interaction between the customer and the merchant, and enhances the user experience.
- Step 5 Transaction information processing.
- the terminal generates transaction information according to the user information corresponding to the smart cryptographic device to be traded, and obtains the transaction request information according to the transaction information; specifically, the transaction information may include information such as the transaction amount, the account information of both parties of the payment and payment, and the identification information of both parties of the payment and payment.
- the transaction information may also include an electronic statement, and the user may review the transaction details according to the electronic statement, such as the specific transaction time, the transaction number, the transaction amount, the purchased item, and the like.
- the terminal sends the transaction request information to the smart cryptographic device.
- the terminal may send the transaction request information by using, but not limited to, the following: the terminal encodes the transaction request information and sends the signal through the sound wave; or the terminal performs graphic coding on the transaction request information. Displayed for the smart cryptographic device to perform image acquisition; or the terminal transmits the transaction request information through a communication interface that the terminal matches with the smart cryptographic device.
- the smart cryptographic device After receiving the transaction request information, the smart cryptographic device obtains the transaction information according to the transaction request information;
- the smart cryptographic device can also switch from the sleep state to the awake state after receiving the transaction request information; the smart cryptographic device obtains the transaction information according to the transaction request information in the awake state.
- the smart password device prompts the transaction information; specifically, the smart password device can display the transaction information through the display screen, and can also play the transaction information in a voice manner through a speaker or the like.
- the smart cryptographic device can also prompt the user to know the real transaction information by other means to ensure the security of the transaction.
- the key information can be extracted from the transaction information, and the smart cryptographic device only prompts the key information.
- the specific prompting manner refer to the prompting manner of the smart cryptographic device for the transaction information.
- the smart cryptographic device receives the confirmation command and generates the transaction confirmation information; specifically, the smart cryptographic device can receive the confirmation command by detecting the information sent when the confirmation button set on the smart cryptographic device is pressed, or can detect the touch screen by detecting The information confirmation confirmation command sent when the virtual confirmation key is displayed is clicked, and the biometric information such as the detected voice, fingerprint, and iris may be used as a confirmation command or the like. Further, the smart cryptographic device may generate the transaction confirmation information by, but not limited to, the smart cryptographic device signing the transaction information by using the private key of the smart cryptographic device, generating the transaction signature information as the transaction confirmation information; or generating the dynamic password as the smart cryptographic device. Transaction confirmation information.
- the smart cryptographic device in order to prevent duplicate transactions and ensure the security of the user's account, each time the smart cryptographic device generates the transaction confirmation information, the smart cryptographic device also generates a single transaction identifier, and uses the private key of the smart cryptographic device to transaction information and a single transaction.
- the identifier is signed, the transaction signature information is generated as the transaction confirmation information; or the smart cryptographic device generates a single transaction identifier, and the single transaction identifier is signed by the private key of the smart cryptographic device to obtain the signature information of the single transaction identifier, and the dynamic password is generated.
- the signature information of the single transaction identifier and the dynamic password are used as transaction confirmation information to ensure that one transaction is successfully executed only once, and the single transaction identifier may be a random number or the like.
- the transmission line of the wireless network is unstable, and the smart password device may not receive the receipt.
- the terminal may need to hold the user of the smart password device when the signature information of the smart password device is not received.
- the verification signature operation is performed multiple times, that is, the smart cryptographic device sends the signature information to the terminal multiple times, so that the terminal may use the multiple signature values to generate multiple transaction data packets and send them to the background system server, thereby The corresponding account is repeatedly debited. If a single transaction identifier is set, when the line is unstable, the smart cryptographic device will continue to sign the transaction information and the same single transaction identifier and then send it to the terminal until the transaction success receipt information is received.
- the terminal generates a transaction data packet by using the signature sent by the smart cryptographic device, and the background system server receives the transaction data packet to determine the single transaction identifier inside, if the single transaction identifier has been saved in the transaction log, that is, already After the transaction is over, the transaction data packet will not be processed again, and no multiple or repeated debits will be incurred, thus protecting the account funds of the smart password device user.
- the terminal receives the transaction confirmation information.
- the terminal may receive the transaction confirmation information by using, but not limited to, the following manner: the terminal receives the sound wave signal sent by the smart password device and decodes the sound wave signal to obtain the transaction confirmation information (for example, the sound wave identification device may be used. The sound wave signal is recognized, the sound wave signal is decoded by the sound wave decoder to obtain the transaction confirmation information); or the terminal collects the image information displayed by the smart password device and decodes the image information (for example, the two-dimensional code, the barcode, etc.) to obtain the transaction confirmation information.
- the terminal receives the sound wave signal sent by the smart password device and decodes the sound wave signal to obtain the transaction confirmation information (for example, the sound wave identification device may be used.
- the sound wave signal is recognized, the sound wave signal is decoded by the sound wave decoder to obtain the transaction confirmation information
- the terminal collects the image information displayed by the smart password device and decodes the image information (for example, the two-dimensional code, the barcode
- the image acquisition device is used to collect the image information
- the decoder is used to decode the image information to obtain the transaction confirmation information
- the terminal receives the transaction confirmation information through the communication interface matched by the terminal and the smart cryptographic device; or the terminal inputs through the terminal.
- the information is obtained by confirming the transaction.
- the terminal obtains the transaction data packet according to the transaction confirmation information, and sends the transaction data packet to the background system server; specifically, the transaction data package may also include other information such as transaction information.
- the transaction information may include information such as the transaction amount, the account information of the parties to the payment, and the identification information of both parties.
- the transaction information may also include an electronic statement, and the user may review the transaction details according to the electronic statement, for example, the specific transaction time, the transaction. Single number, transaction amount, purchased items, etc.
- the background system server After receiving the transaction data packet, the background system server obtains the transaction confirmation information according to the transaction data packet;
- the background system server verifies the transaction confirmation information, and executes the transaction after the verification is passed; specifically, the background system server only confirms that the transaction has been verified by the legal smart password device after verifying that the transaction confirmation information is verified, and The transaction is executed based on the confirmed result.
- the background system server may also send the transaction success receipt information to the smart cryptographic device through the terminal; after receiving the transaction success receipt information, the smart cryptographic device prompts the transaction success receipt information.
- the transaction success receipt information may also include an electronic statement, and the user may review the transaction details according to the electronic statement, such as the specific transaction time, the transaction number, the transaction amount, the purchased item, and the like.
- the background system server may also send a transaction success receipt information to the terminal, so that the terminal knows that the transaction is completed.
- the transaction success receipt information can also be the background system server using the background system service. After the private key of the server is signed, it is sent to the smart cryptographic device through the terminal, and the smart cryptographic device prompts the user to know after signing the signed information.
- Step 6 Refund.
- the terminal sends the refund information to the smart password device; specifically, the refund information may include: any combination of the account number of the refund, the refund amount, the refund transaction ticket number, and the identification information of both parties of the refund, and the refund
- the information can also include an electronic statement, and the user can review the refund details based on the electronic statement, such as the specific refund time, the refund transaction number, the refund amount, and the returned item.
- the terminal may also send the refund information by, but not limited to, the following: the terminal encodes the refund information and sends the sound signal through the sound wave signal; or the terminal graphically encodes the refund information and displays it for the smart password device to perform image collection; or the terminal passes The communication interface that the terminal matches with the smart cryptographic device sends a refund information.
- the smart password device After receiving the refund information, the smart password device prompts the refund information; specifically, after receiving the refund information, the smart password device prompts the user to know the refund information by any means such as voice play or display display, so that The user determines that the refund information is a true refund information.
- the smart cryptographic device can also switch from the sleep state to the awake state after receiving the refund information; the smart cryptographic device prompts the refund information in the awake state.
- the smart cryptographic device receives the refund confirmation instruction and signs the refund information by using the private key of the smart cryptographic device to generate a refund confirmation information; specifically, the user passes the smart after determining that the refund information is true refund information. Confirm the physical button or virtual button set on the password device. After the smart cryptographic device sends the refund confirmation information to the terminal (for example, after transmitting the sound wave signal corresponding to the refund confirmation information, or after displaying the image information corresponding to the refund confirmation information for a predetermined time), the awake state is changed to the sleep state. .
- the terminal receives the refund confirmation information and sends the refund confirmation information to the background system server.
- the terminal may receive the refund confirmation information by, but not limited to, receiving the sound wave signal sent by the smart password device and decoding the sound wave signal.
- Refund confirmation information for example, the sound wave identification device can be used to identify the sound wave signal, the sound wave signal is decoded by the sound wave decoder to obtain the refund confirmation information
- the terminal collects the image information displayed by the smart cryptographic device and the image information (for example) , QR code, barcode, etc.) to obtain the refund confirmation information (for example, the image acquisition device is used to collect the image information, and the decoder is used to decode the image information to obtain the refund confirmation information); or the terminal passes the terminal and the smart password.
- the device-matched communication interface receives the refund confirmation message.
- the terminal can send a refund confirmation message to the backend system server through a secure private network.
- the background system server After receiving the refund confirmation information, the background system server verifies the refund confirmation information and performs a refund operation after the verification is passed.
- the store generates refund information according to the customer's refund intention (the refund information may be obtained by searching for the recorded transaction information, or may be a regenerated refund information or other forms of refund information);
- the smart cryptographic device After receiving the refund information, the smart cryptographic device changes from the sleep state to the awake state, and displays the refund information for the customer to confirm;
- the terminal After receiving the refund confirmation information, the terminal sends the refund confirmation information to the background system server;
- the background system server After receiving the refund confirmation information, the background system server verifies the refund confirmation information by using the public key of the smart password device. After the verification is passed, the refund operation is performed, and the refund success receipt information is sent to the terminal and/or the smart password. device.
- Mode 2 The difference between the second mode and the first mode is that before the terminal sends the refund information to the smart cryptographic device, the terminal further receives the refund request sent by the smart cryptographic device, and generates the refund information according to the refund request.
- the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request to the terminal after receiving the refund request.
- the refund information can also include an electronic statement, and the user can review the refund details based on the electronic statement, such as the specific refund time, the refund transaction number, the refund amount, and the returned item.
- any implementation that can trigger a smart cryptographic device to generate a refund request is within the scope of the present invention.
- the smart cryptographic device can also switch from the sleep state to the awake state before sending the refund request to the terminal; the smart cryptographic device sends a refund request to the terminal in the awake state. After the smart cryptographic device sends a refund request, it transitions from the awake state to the sleep state. When the smart cryptographic device receives the refund information sent by the terminal, it changes from the sleep state to the awake state, and performs an operation of prompting the refund information and generating the refund confirmation information in the awake state.
- the awake state is changed to the sleep state.
- Method 3 The smart password device sends a refund request to the terminal; specifically, the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request after receiving the refund request. Give the terminal.
- the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request after receiving the refund request.
- the terminal can trigger a smart cryptographic device to generate a refund request.
- the smart cryptographic device can also switch from the sleep state to the awake state before sending the refund request to the terminal; the smart cryptographic device sends the awake state to the terminal. Refund request.
- the terminal generates a refund request identifier, and sends a refund request identifier to the smart password device.
- the terminal may generate a random number, and the random number is used as a refund request identifier, and the random number is configured to be provided to the smart password device to generate a refund. Information.
- the smart password device After receiving the refund request identifier, the smart password device generates a refund information, and uses the private key of the smart password device to sign the refund information, obtains the refund confirmation information, and sends a refund confirmation information to the terminal; specific, intelligent The password device generates the refund information by using the refund request identifier, the refund amount, the refund account and the like, and the refund information may further include any combination of the refund transaction ticket number and the identification information of both parties of the refund;
- the amount can be input through the keys on the smart password device. Of course, it can also be input by other means (for example, voice input).
- the refund account can be input through the keys on the smart password device, and can also be pre-stored in the smart by reading.
- the refund account in the password device is input; of course, the transaction information can be saved on the smart password device after the transaction is completed, and the transaction information can be queried to obtain the refund amount and the refund account.
- the smart cryptographic device may also send the refund information by, but not limited to, the following: the smart cryptographic device encodes the refund information and transmits the sound signal; or the smart cryptographic device graphically encodes the refund information and displays it for the terminal to perform image collection. Or the smart cryptographic device sends a refund message via the communication interface that the smart cryptographic device matches the terminal.
- the smart cryptographic device can also send the refund confirmation information to the terminal (for example, after transmitting the sound wave signal corresponding to the refund confirmation information, or displaying the image information corresponding to the refund confirmation information) After the predetermined time has elapsed, the state transitions from the awake state to the sleep state.
- the terminal receives the refund confirmation information and sends the refund confirmation information to the background system server.
- the terminal may receive the refund confirmation information by, but not limited to, receiving the sound wave signal sent by the smart password device and decoding the sound wave signal.
- Refund confirmation information for example, the sound wave identification device can be used to identify the sound wave signal, the sound wave signal is decoded by the sound wave decoder to obtain the refund confirmation information
- the terminal collects the image information displayed by the smart cryptographic device and the image information (for example) , QR code, barcode, etc.) to obtain the refund confirmation information (for example, the image acquisition device is used to collect the image information, and the decoder is used to decode the image information to obtain the refund confirmation information); or the terminal passes the terminal and the smart password.
- the device-matched communication interface receives the refund confirmation message.
- the terminal sends a refund confirmation message to the backend system server through a private network.
- the background system server After receiving the refund confirmation information, the background system server verifies the refund confirmation information and performs a refund operation after the verification is passed. Specifically, the background system server verifies the refund confirmation information by using the public key of the smart cryptographic device.
- the smart cryptographic device is switched from a sleep state to an awake state; for example, it can be held by the smart cryptographic device.
- the guest's key operation causes the smart cryptographic device to enter an awake state;
- the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request to the terminal after receiving the refund request;
- the terminal may generate a random number R, and the random number is R as a refund request identifier, and send a refund request identifier to the smart password device;
- the smart password device generates the refund information, and uses the private key of the smart password device to sign the refund information, obtain the refund confirmation information, and send the refund confirmation information to the terminal; wherein the refund information includes at least: a refund request Information such as identification, refund amount, refund account, etc., wherein the refund amount, refund account and other information can be input by the customer through the button on the smart password device, or the refund amount can be passed by the customer through the button on the smart password device Input, refund account is read from the information pre-stored by the smart password device, or the refund amount, refund account and other information can be read from the information pre-stored by the smart password device;
- a refund request Information such as identification, refund amount, refund account, etc.
- the terminal After receiving the refund confirmation information, the terminal sends a refund confirmation message to the background system server;
- the background system server After receiving the refund confirmation information, the background system server verifies the refund confirmation information by using the public key of the smart password device. After the verification is passed, the refund operation is performed, and the refund success receipt information is sent to the terminal and/or the smart password. device.
- the refund confirmation information may also include a single refund identifier, and the single refund identifier may be a random number to ensure that one refund is successfully executed only once.
- the single refund identifier may be generated by the terminal or generated by the smart password device, and may be signed by the smart password device in the refund confirmation information.
- the background system server may also send a refund success receipt information to the terminal and/or the smart password device, so that the store and/or the customer can know that the refund is successful.
- Step 7 Sell out.
- the smart password device obtains the smart password device account cancellation application, uses the private key of the smart password device to sign the account cancellation application to obtain the third signature information, and sends the smart password device account cancellation application and the third signature information to the background system server;
- the third signature information may be sent by the terminal or manually.
- the background system server After receiving the smart PIN device account cancellation application and the third signature information, the background system server verifies the third signature information by using the public key in the pre-stored smart cryptographic device certificate.
- the background system server After verifying that the third signature information is passed, the background system server deletes the pre-stored smart password device certificate, generates a smart password device account completion information, and sends the smart password device to the smart password device to complete the information; specifically, When the back-end system server performs the account cancellation, in addition to deleting the pre-stored smart password device certificate, the information corresponding to the smart password device can be placed in the default account list of the back-end system server and other other account operations.
- the smart cryptographic device After receiving the information about the completion of the smart cryptographic device, the smart cryptographic device deletes the private key of the smart cryptographic device. Specifically, the smart cryptographic device can perform the verification operation on the signature information, and after the verification is passed, perform the deletion operation.
- the back-end system server ensures the legality of the smart password device by managing the registration, account cancellation, authentication and locking of the smart password device, and prevents the property loss caused by the illegal use of the smart password device.
- steps 1 to 7 are not performed in sequence, and only a few of them may be completed.
- steps 1 to 7 are not limited to the same application scenario, regardless of the application scenario. It is within the scope of the present invention to use any of the steps of the present invention and to perform the transaction safely.
- a wireless communication module is integrated on the smart cryptographic device, and the state control module forms a novel smart cryptographic device configurable as a secure payment of the present invention.
- the smart cryptographic device includes a wireless communication module, which may be a Bluetooth communication module or a WIFI communication module, etc., and the wireless communication module may perform inquiry scanning and page scanning on other devices, and may perform signal and data interaction with other wireless devices.
- the smart cryptographic device further includes a state control module, which can control the working state of the wireless communication module of the smart cryptographic device and the host.
- the smart cryptographic device of the present invention has two states: a sleep state and an awake state.
- the state control module can identify these signals, generate a wake-up signal, wake up the CPU to the awake state, and start executing the application command.
- the CPU will go to sleep again.
- the smart cryptographic device is in a dormant state, and the user enters the wireless signal coverage of the terminal with the smart cryptographic device, and the smart cryptographic device and the terminal complete the interactive identification of the wireless device, that is, the terminal can know that the smart cryptographic device enters the store where the terminal is located and A smart cryptographic device establishes a connection.
- the terminal After the terminal establishes a connection with the smart cryptographic device, the terminal sends a request for the authentication device to the smart cryptographic device.
- the state control module sends a wakeup signal, and the CPU is woken up, and the smart cryptographic device enters the wakeup. Status and perform the appropriate action.
- the smart cryptographic device After completing the corresponding instruction, the smart cryptographic device returns to the sleep state, and continues to maintain the device interaction identification with the terminal, so that the terminal can determine whether the holder of the smart cryptographic device leaves the store.
- the terminal proposes to read the user information to the background system server, and the background system server proposes to input the user authorization information, and the terminal sends a user authorization request to the smart password device.
- the smart cryptographic device in the sleep state receives the user authorization request sent from the terminal, and enters the awake state.
- the smart cryptographic device will display the request from the terminal, prompting the user to judge whether it is authorized.
- the user determines whether to authorize according to the request sent by the displayed terminal. If authorized, press the confirmation button on the smart password device to cause the smart password device to generate authorization information and send it to the terminal, and then enter the sleep state. Otherwise, the smart password device ends execution. Command, go directly to sleep state.
- the terminal sends a user transaction confirmation request command to the sleepy smart cryptographic device, and the smart cryptographic device in the sleep state receives the command to enter the awake state, and the smart cryptographic device displays the received transaction information, and the user confirms. If the transaction information is correct, press the enter key to cause the smart password device to sign the transaction information and return it to the terminal; otherwise, the execution operation is completed and the smart password device goes to sleep.
- the terminal establishes a current user list on the local server, where the current user list can be used to store user information corresponding to the smart password device held by the customer in the current store;
- the terminal local server monitors the smart cryptographic device in the wireless signal coverage of the terminal by using a wireless method (for example, using a wireless detecting device);
- the customer carries a smart cryptographic device with wireless communication function (sleeping state) to shop, and when the customer enters the wireless signal coverage of the terminal, the smart cryptographic device can be searched by the terminal and establish a wireless connection with the terminal;
- the terminal sends the random number R1 to the smart cryptographic device, and sends an authentication command to the smart cryptographic device;
- the smart cryptographic device in the dormant state is woken up after receiving the authentication command sent by the terminal, and enters the awake state;
- the smart cryptographic device summarizes R1 and encrypts the digest with its private key to generate a signature S, and sends the signature value S and the smart cryptographic device certificate to the terminal;
- the terminal After receiving the signature S and the smart password device certificate sent by the smart cryptographic device, the terminal sends the signature S, the smart cryptographic device certificate, the previously generated random number R1, and the obtained identification information of the smart cryptographic device to the background system server;
- the background system server verifies the legality of the smart password device certificate by using the root certificate corresponding to the smart password device certificate; if the verification fails, the process ends;
- the background system server verifies the signature S using the public key of the smart cryptographic device; if the verification fails, the process ends;
- the background system server authenticates the smart password device, and sends the user information such as the user account to the terminal;
- the terminal After receiving the user information sent by the background system server, the terminal stores the user information in the current user list.
- the terminal settles the amount, and selects an account corresponding to the smart password device held by the customer in the current user list;
- the terminal generates transaction information by using any combination of the purchased goods, the transaction amount, the account of the payment and payment parties, and the identification information of the payment and payment parties, and sends the transaction information to the smart cryptographic device;
- the smart cryptographic device After receiving the transaction information, the smart cryptographic device transfers to the awake state, and displays the transaction information on the screen, waiting for the user to confirm;
- the customer confirms the transaction information, if there is a problem, press cancel, the transaction is aborted, and the smart password device goes to sleep state;
- the smart password device If the user confirms that the transaction information is correct, press the confirmation button set on the smart password device, and the smart password device generates a random number as a single transaction identifier, so that the smart password device signs the transaction information and the single transaction identifier;
- the smart cryptographic device sends the signature information to the terminal, and the terminal sends the transfer request and the signature information to the background system server;
- the background system server After receiving the transfer request and the signature information, the background system server verifies the signature, and after the verification signature is passed, completes the transfer, and sends the payment completion information to the terminal successfully.
- the background system server may also send the payment completion information through the terminal. Give the smart password device so that the customer knows that the transaction is complete;
- the terminal receives the payment completion information, delivers the goods to the customer, and the settlement is completed.
- the smart password device is authenticated by the background system server.
- the smart password device is used to manually confirm the displayed information during the transaction, and the transaction security of the smart password device holder is also ensured.
- the payment does not need to be completed with a related account carrier device such as a mobile phone, a bank card or a financial IC card, and the payment process of the original technology requires a SIM card or a smart card.
- a related account carrier device such as a mobile phone, a bank card or a financial IC card
- SIM card or a smart card For devices with account storage, users also need to perform operations such as swiping and swiping the phone to complete the transaction.
- the customer can complete the payment without using the wallet, the credit card, the mobile phone, etc., thereby simplifying the interaction between the customer and the merchant in the payment process, improving the payment efficiency, and improving the customer in the near field payment process.
- the experience while using the security features of smart cryptographic devices to ensure the security of the customer payment process.
- the terminal After the customer purchases the goods, the terminal does not need to be obtained by allowing the customer to manually swipe or swipe the phone.
- the user information is because the user information is already stored in the current user list of the terminal when entering the store.
- the customer When the customer checks out, the customer only needs to report his or her name, and the terminal can directly send the transaction information such as the amount after the settlement to the customer.
- the smart password device is displayed, at this time, the customer only needs to use the smart password device to confirm and output the transaction confirmation information, the terminal generates the transaction data packet and sends it to the background system server, and the background system server verifies that the transaction data packet is accurate and then transfers the money. Processing, you can complete the payment process.
- the network connection between the smart cryptographic device and the terminal is automatically interrupted, and the user information disappears from the current user list of the store. If the customer enters another store again, he will automatically enter the current user list of the other store and start another shopping. This eliminates the need for the customer to perform any operations, and only requires the customer to put a small smart password device into the pocket while shopping, and the invention can provide a seamless user experience.
- portions of the invention may be implemented in hardware, software, firmware or a combination thereof.
- multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
- a suitable instruction execution system For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
- each functional unit in each embodiment of the present invention may be integrated into one processing module, or each unit may exist physically separately, or two or more units may be integrated into one module.
- the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
- the integrated modules, if implemented in the form of software functional modules and sold or used as stand-alone products, may also be stored in a computer readable storage medium.
- the above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
Abstract
Description
Claims (30)
- 一种数据安全交互方法,其特征在于,包括:A data security interaction method, comprising:终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息;The terminal scans the smart cryptographic device within the signal coverage area, and obtains the identification information of the scanned smart cryptographic device;后台系统服务器获得所述智能密码设备的标识信息,并完成对所述智能密码设备的认证;The background system server obtains the identification information of the smart cryptographic device, and completes the authentication of the smart cryptographic device;在所述后台系统服务器完成对所述智能密码设备的认证之后,所述终端获取所述智能密码设备对应的用户信息;After the background system server completes the authentication of the smart cryptographic device, the terminal acquires user information corresponding to the smart cryptographic device;所述终端将所述用户信息存储到预先建立的当前用户列表中。The terminal stores the user information in a pre-established current user list.
- 根据权利要求1所述的方法,其特征在于,所述后台系统服务器获得所述智能密码设备的标识信息,并完成对所述智能密码设备的认证包括:The method according to claim 1, wherein the background system server obtains the identification information of the smart cryptographic device, and completing the authentication of the smart cryptographic device comprises:终端生成第一待签名信息;The terminal generates first to-be-signed information;所述终端向智能密码设备发送所述第一待签名信息以及认证指令;Transmitting, by the terminal, the first to-be-signed information and an authentication instruction to the smart cryptographic device;所述智能密码设备接收到所述第一待签名信息以及所述认证指令后,利用所述智能密码设备的私钥对所述第一待签名信息进行签名计算,获得第一签名信息;After receiving the first to-be-signed information and the authentication command, the smart cryptographic device performs signature calculation on the first to-be-signed information by using a private key of the smart cryptographic device to obtain first signature information.所述智能密码设备向所述终端发送所述第一签名信息以及智能密码设备证书;The smart cryptographic device sends the first signature information and a smart cryptographic device certificate to the terminal;所述终端接收到所述第一签名信息以及智能密码设备证书后,向后台系统服务器发送认证请求信息、所述智能密码设备的标识信息、所述第一待签名信息、所述第一签名信息以及所述智能密码设备证书;After receiving the first signature information and the smart cryptographic device certificate, the terminal sends the authentication request information, the identification information of the smart cryptographic device, the first to-be-signed information, and the first signature information to the background system server. And the smart password device certificate;所述后台系统服务器接收到所述认证请求信息、所述智能密码设备的标识信息、所述第一待签名信息、所述第一签名信息以及所述智能密码设备证书后,利用预存的智能密码设备证书对应的根证书验证所述智能密码设备证书是否合法;After receiving the authentication request information, the identification information of the smart cryptographic device, the first to-be-signed information, the first signature information, and the smart cryptographic device certificate, the background system server uses the pre-stored smart password. The root certificate corresponding to the device certificate verifies whether the smart password device certificate is legal;所述后台系统服务器在验证所述智能密码设备证书合法后,利用所述智能密码设备的公钥验证所述第一签名信息;After verifying that the smart cryptographic device certificate is legal, the background system server verifies the first signature information by using a public key of the smart cryptographic device;所述后台系统服务器在验证所述第一签名信息通过后,完成对所述智能密码设备的认证。After the background system server verifies that the first signature information is passed, the background system server completes the authentication of the smart cryptographic device.
- 根据权利要求1所述的方法,其特征在于,所述后台系统服务器获得所述智能密码设备的标识信息,并完成对所述智能密码设备的认证包括:The method according to claim 1, wherein the background system server obtains the identification information of the smart cryptographic device, and completing the authentication of the smart cryptographic device comprises:所述终端向后台系统服务器发送智能密码设备的标识信息;Sending, by the terminal, identification information of the smart cryptographic device to the background system server;所述后台系统服务器接收到所述智能密码设备的标识信息后,生成第一待签名信息, 向所述终端发送所述第一待签名信息;After receiving the identification information of the smart cryptographic device, the background system server generates the first to-be-signed information. Sending the first to-be-signed information to the terminal;所述终端接收到所述第一待签名信息后,向智能密码设备发送所述第一待签名信息以及认证指令;After receiving the first to-be-signed information, the terminal sends the first to-be-signed information and an authentication command to the smart cryptographic device;所述智能密码设备接收到所述第一待签名信息以及所述认证指令后,利用所述智能密码设备的私钥对所述第一待签名信息进行签名计算,获得第一签名信息;After receiving the first to-be-signed information and the authentication command, the smart cryptographic device performs signature calculation on the first to-be-signed information by using a private key of the smart cryptographic device to obtain first signature information.所述智能密码设备向所述终端发送所述第一签名信息以及智能密码设备证书;The smart cryptographic device sends the first signature information and a smart cryptographic device certificate to the terminal;所述终端接收到所述第一签名信息以及智能密码设备证书后,向后台系统服务器发送认证请求信息、所述第一签名信息以及所述智能密码设备证书;After receiving the first signature information and the smart cryptographic device certificate, the terminal sends the authentication request information, the first signature information, and the smart cryptographic device certificate to the background system server;所述后台系统服务器接收到所述认证请求信息、所述第一签名信息以及所述智能密码设备证书后,利用预存的智能密码设备证书对应的根证书验证所述智能密码设备证书是否合法;After receiving the authentication request information, the first signature information, and the smart cryptographic device certificate, the background system server verifies whether the smart cryptographic device certificate is legal by using a root certificate corresponding to the pre-stored smart cryptographic device certificate;所述后台系统服务器在验证所述智能密码设备证书合法后,利用所述智能密码设备的公钥验证所述第一签名信息;After verifying that the smart cryptographic device certificate is legal, the background system server verifies the first signature information by using a public key of the smart cryptographic device;所述后台系统服务器在验证所述第一签名信息通过后,完成对所述智能密码设备的认证。After the background system server verifies that the first signature information is passed, the background system server completes the authentication of the smart cryptographic device.
- 根据权利要求1至3任一项所述的方法,其特征在于,所述终端获取所述智能密码设备对应的用户信息包括:The method according to any one of claims 1 to 3, wherein the acquiring, by the terminal, the user information corresponding to the smart cryptographic device comprises:所述终端向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求;Sending, by the terminal, identification information of the smart cryptographic device and a user information read request to the background system server;所述后台系统服务器接收到所述智能密码设备的标识信息以及所述用户信息读取请求后,根据所述智能密码设备的标识信息获取与所述智能密码设备对应的用户信息;After receiving the identification information of the smart cryptographic device and the user information reading request, the background system server obtains user information corresponding to the smart cryptographic device according to the identification information of the smart cryptographic device;所述后台系统服务器根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息;The background system server obtains response information of the user information read request according to the user information, and sends response information of the user information read request to the terminal;所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的响应信息获得所述用户信息。After receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request.
- 根据权利要求1至3任一项所述的方法,其特征在于,所述终端获取所述智能密码设备对应的用户信息包括:The method according to any one of claims 1 to 3, wherein the acquiring, by the terminal, the user information corresponding to the smart cryptographic device comprises:所述终端向所述智能密码设备发送用户信息读取请求;The terminal sends a user information read request to the smart cryptographic device;所述智能密码设备获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息;The smart cryptographic device obtains pre-stored user information, and obtains response information of the user information read request according to the user information, and sends response information of the user information read request to the terminal;所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的 响应信息获得所述用户信息。After receiving the response information of the user information read request, the terminal reads the request according to the user information. The user information is obtained in response to the information.
- 根据权利要求1至3任一项所述的方法,其特征在于,A method according to any one of claims 1 to 3, characterized in that所述后台系统服务器完成对所述智能密码设备的认证包括:The background system server completing the authentication of the smart cryptographic device includes:所述后台系统服务器向所述终端发送所述智能密码设备对应的用户信息;Sending, by the background system server, user information corresponding to the smart cryptographic device to the terminal;所述终端获取所述智能密码设备对应的用户信息包括:The acquiring, by the terminal, the user information corresponding to the smart cryptographic device includes:所述终端接收所述后台系统服务器发送的所述智能密码设备对应的用户信息。The terminal receives user information corresponding to the smart cryptographic device sent by the background system server.
- 根据权利要求1至6任一项所述的方法,其特征在于,所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息的步骤之后,所述方法还包括:The method according to any one of claims 1 to 6, wherein after the step of scanning the smart cryptographic device within the signal coverage and obtaining the scanned identification information of the smart cryptographic device, the terminal The method also includes:所述终端获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;The terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;所述终端根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;The terminal compares the identifier information of the smart cryptographic device in the real-time identifier list with the identifier information of the smart cryptographic device in the current user list according to a preset time interval;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则执行所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息的步骤;且如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息。If the identifier information of the smart cryptographic device in the real-time identities list is not in the current user list, the terminal is configured to acquire the user information corresponding to the smart cryptographic device according to the scanned identifier information of the smart cryptographic device. If the identification information of the smart cryptographic device in the current user list is not in the real-time identifier list, the user information of the smart cryptographic device that is not in the real-time identifier list in the current user list is deleted.
- 根据权利要求1至6任一项所述的方法,其特征在于,所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息的步骤之后,所述方法还包括:The method according to any one of claims 1 to 6, wherein after the step of scanning the smart cryptographic device within the signal coverage and obtaining the scanned identification information of the smart cryptographic device, the terminal The method also includes:所述终端获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;The terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;所述终端根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;The terminal compares the identifier information of the smart cryptographic device in the real-time identifier list with the identifier information of the smart cryptographic device in the current user list according to a preset time interval;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则执行所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息的步骤,并在所述终端获得所述用户信息后,将所述用户信息存储至所述实时标识列表中;且如果所述实时标识列表中的智能密码设备的标识信息在所述当前用户列表中,则将所述在所述当前用户列表中的智能密码设备的用户信息存储至所述实时标识列表中;If the identifier information of the smart cryptographic device in the real-time identities list is not in the current user list, the terminal is configured to acquire the user information corresponding to the smart cryptographic device according to the scanned identifier information of the smart cryptographic device. Step, and after the terminal obtains the user information, storing the user information into the real-time identifier list; and if the identifier information of the smart cryptographic device in the real-time identifier list is in the current user list And storing the user information of the smart cryptographic device in the current user list into the real-time identifier list;将所述实时标识列表作为更新后的所述当前用户列表。The real-time identification list is taken as the updated current user list.
- 根据权利要求2至8任一项所述的方法,其特征在于,所述智能密码设备接收到所 述第一待签名信息以及所述认证指令后,利用所述智能密码设备的私钥对所述第一待签名信息进行签名计算,获得第一签名信息包括:The method according to any one of claims 2 to 8, wherein the smart cryptographic device receives the location After the first to-be-signed information and the authentication instruction are described, the first signature information is signed and calculated by using the private key of the smart cryptographic device, and obtaining the first signature information includes:所述智能密码设备在接收到所述第一待签名信息以及所述认证指令后,由休眠状态转换为唤醒状态;After receiving the first to-be-signed information and the authentication instruction, the smart cryptographic device transitions from a sleep state to an awake state;所述智能密码设备在唤醒状态下利用所述智能密码设备的私钥对所述第一待签名信息进行签名计算,获得第一签名信息。The smart cryptographic device performs signature calculation on the first to-be-signed information by using a private key of the smart cryptographic device in an awake state to obtain first signature information.
- 根据权利要求1至9任一项所述的方法,其特征在于,所述后台系统服务器获得所述智能密码设备的标识信息后,所述方法还包括:The method according to any one of claims 1 to 9, wherein after the background system server obtains the identification information of the smart cryptographic device, the method further includes:所述后台系统服务器判断所述智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中;Determining, by the background system server, whether the identification information of the smart cryptographic device is included in an abnormal list of smart cryptographic devices pre-stored in the background system server;所述后台系统服务器在判断出所述智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,以及利用所述后台系统服务器的私钥对锁定智能密码设备指令进行签名获得第二签名信息,并通过所述终端向所述智能密码设备发送所述锁定智能密码设备指令以及所述第二签名信息;After determining, by the background system server, that the identifier information of the smart cryptographic device is in the abnormal list of the smart cryptographic device, acquiring a command for locking the smart cryptographic device, and using the private key pair of the background system server to lock the smart cryptographic device command Performing a signature to obtain second signature information, and transmitting, by the terminal, the locked smart cryptographic device instruction and the second signature information to the smart cryptographic device;所述智能密码设备接收到所述锁定智能密码设备指令以及所述第二签名信息后,利用预存的所述后台系统服务器证书中的公钥对所述第二签名信息进行验证;After receiving the locked smart cryptographic device command and the second signature information, the smart cryptographic device verifies the second signature information by using a pre-stored public key in the background system server certificate;所述智能密码设备在验证所述第二签名信息通过后,根据所述锁定智能密码设备指令执行锁定操作。After verifying that the second signature information is passed, the smart cryptographic device performs a locking operation according to the locked smart cryptographic device instruction.
- 根据权利要求1至10任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 10, further comprising:所述后台系统服务器接收智能密码设备注册申请,并对所述智能密码设备注册申请进行审核;Receiving, by the background system server, a smart password device registration application, and reviewing the smart password device registration application;所述后台系统服务器在审核所述智能密码设备注册申请通过后,向所述智能密码设备发送智能密码设备密钥对生成指令;After the background system server verifies that the smart password device registration application is approved, the background system server sends a smart password device key pair generation instruction to the smart password device;所述智能密码设备接收到所述智能密码设备密钥对生成指令后,生成智能密码设备密钥对;After receiving the smart cryptographic device key pair generation instruction, the smart cryptographic device generates a smart cryptographic device key pair;所述智能密码设备向所述后台系统服务器发送所述智能密码设备密钥对中的公钥;Sending, by the smart cryptographic device, the public key in the smart cryptographic device key pair to the background system server;所述后台系统服务器接收到所述智能密码设备密钥对中的公钥后,生成所述智能密码设备证书,并向所述智能密码设备发送所述智能密码设备证书;After receiving the public key in the smart cryptographic device key pair, the background system server generates the smart cryptographic device certificate, and sends the smart cryptographic device certificate to the smart cryptographic device;所述智能密码设备存储所述智能密码设备证书。The smart cryptographic device stores the smart cryptographic device certificate.
- 根据权利要求11所述的方法,其特征在于,The method of claim 11 wherein所述智能密码设备获取智能密码设备销户申请,利用所述智能密码设备的私钥对所述 销户申请进行签名获得第三签名信息,并向所述后台系统服务器发送所述智能密码设备销户申请以及所述第三签名信息;所述后台系统服务器接收到所述智能密码设备销户申请以及所述第三签名信息后,利用预存的所述智能密码设备证书中的公钥对所述第三签名信息进行验证;所述后台系统服务器在验证所述第三签名信息通过后,删除预存的所述智能密码设备证书,并生成智能密码设备销户完成信息,向所述智能密码设备发送所述智能密码设备销户完成信息;所述智能密码设备接收到所述智能密码设备销户完成信息后,删除所述智能密码设备的私钥。Obtaining, by the smart cryptographic device, a smart cryptographic device account cancellation application, using the private key of the smart cryptographic device The account cancellation application obtains the third signature information, and sends the smart password device account cancellation application and the third signature information to the background system server; the background system server receives the smart password device account cancellation application After the third signature information, the third signature information is verified by using the public key in the pre-stored smart cryptographic device certificate; after the third-party signature information is verified, the background system server deletes the pre-stored The smart password device certificate, and generate a smart password device account completion information, and send the smart password device account completion information to the smart password device; the smart password device receives the smart password device to complete the account cancellation After the information, the private key of the smart cryptographic device is deleted.
- 根据权利要求4所述的方法,其特征在于,所述后台系统服务器接收到所述智能密码设备的标识信息以及所述用户信息读取请求的步骤之后,所述后台系统服务器向所述终端发送所述用户信息读取请求的响应信息的步骤之前,所述方法还包括:The method according to claim 4, wherein after the background system server receives the identification information of the smart cryptographic device and the user information read request, the background system server sends the terminal system server to the terminal Before the step of the user information reading the response information of the request, the method further includes:所述后台系统服务器通过所述终端向所述智能密码设备发送用户授权请求信息;The background system server sends user authorization request information to the smart cryptographic device through the terminal;所述智能密码设备接收到所述用户授权请求信息后,生成授权信息,并通过所述终端向所述后台系统服务器发送所述授权信息;After receiving the user authorization request information, the smart cryptographic device generates authorization information, and sends the authorization information to the background system server by using the terminal;所述后台系统服务器接收到所述授权信息后,执行所述后台系统服务器向所述终端发送所述用户信息读取请求的响应信息的步骤。After receiving the authorization information, the background system server performs the step of the background system server sending the response information of the user information read request to the terminal.
- 根据权利要求13所述的方法,其特征在于,所述智能密码设备接收到所述用户授权请求信息后,生成授权信息的步骤包括:The method according to claim 13, wherein the step of generating the authorization information after the smart cryptographic device receives the user authorization request information comprises:所述智能密码设备在接收到所述用户授权请求信息后,由休眠状态转换为唤醒状态;After receiving the user authorization request information, the smart cryptographic device transitions from a sleep state to an awake state;所述智能密码设备在唤醒状态下生成授权信息。The smart cryptographic device generates authorization information in an awake state.
- 根据权利要求1至14任一项所述的方法,其特征在于,所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息之前,所述方法还包括:The method according to any one of claims 1 to 14, wherein the method further scans the smart cryptographic device within the signal coverage range and obtains the scanned identification information of the smart cryptographic device. include:所述智能密码设备进入可被扫描状态。The smart cryptographic device enters a state that can be scanned.
- 一种数据安全交互系统,其特征在于,包括:终端、后台系统服务器以及智能密码设备;A data security interaction system, comprising: a terminal, a background system server, and a smart cryptographic device;所述终端,配置为在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息;在所述后台系统服务器完成对所述智能密码设备的认证之后,获取所述智能密码设备对应的用户信息;将所述用户信息存储到预先建立的当前用户列表中;The terminal is configured to scan the smart cryptographic device within the signal coverage range, and obtain the scanned identification information of the smart cryptographic device; after the background system server completes the authentication of the smart cryptographic device, obtain the User information corresponding to the smart cryptographic device; storing the user information in a pre-established current user list;所述后台系统服务器,配置为获得所述智能密码设备的标识信息,并完成对所述智能密码设备的认证。The background system server is configured to obtain identification information of the smart cryptographic device, and complete authentication of the smart cryptographic device.
- 根据权利要求16所述的系统,其特征在于, The system of claim 16 wherein:所述终端,还配置为生成第一待签名信息;向智能密码设备发送所述第一待签名信息以及认证指令;接收所述智能密码设备发送的所述第一签名信息以及智能密码设备证书,向后台系统服务器发送认证请求信息、所述智能密码设备的标识信息、所述第一待签名信息、所述第一签名信息以及所述智能密码设备证书;The terminal is further configured to generate first to-be-signed information, send the first to-be-signed information and an authentication instruction to the smart cryptographic device, and receive the first signature information and the smart cryptographic device certificate sent by the smart cryptographic device. Sending, to the background system server, authentication request information, identification information of the smart cryptographic device, the first to-be-signed information, the first signature information, and the smart cryptographic device certificate;所述智能密码设备,配置为接收所述终端发送的所述第一待签名信息以及所述认证指令,利用所述智能密码设备的私钥对所述第一待签名信息进行签名计算,获得第一签名信息;向所述终端发送所述第一签名信息以及智能密码设备证书;The smart cryptographic device is configured to receive the first to-be-signed information and the authentication command sent by the terminal, and perform signature calculation on the first to-be-signed information by using a private key of the smart cryptographic device to obtain a first a signature information; sending the first signature information and a smart cryptographic device certificate to the terminal;所述后台系统服务器,还配置为接收所述终端发送的所述认证请求信息、所述智能密码设备的标识信息、所述第一待签名信息、所述第一签名信息以及所述智能密码设备证书,利用预存的智能密码设备证书对应的根证书验证所述智能密码设备证书是否合法;在验证所述智能密码设备证书合法后,利用所述智能密码设备的公钥验证所述第一签名信息;在验证所述第一签名信息通过后,完成对所述智能密码设备的认证。The background system server is further configured to receive the authentication request information sent by the terminal, the identification information of the smart cryptographic device, the first to-be-signed information, the first signature information, and the smart cryptographic device. a certificate, using the root certificate corresponding to the pre-stored smart cryptographic device certificate to verify whether the smart cryptographic device certificate is legal; after verifying that the smart cryptographic device certificate is legal, verifying the first signature information by using the public key of the smart cryptographic device After verifying that the first signature information is passed, the authentication of the smart cryptographic device is completed.
- 根据权利要求16所述的系统,其特征在于,The system of claim 16 wherein:所述终端,还配置为向后台系统服务器发送智能密码设备的标识信息;接收所述后台系统服务器发送的所述第一待签名信息,向智能密码设备发送所述第一待签名信息以及认证指令;接收所述智能密码设备发送的所述第一签名信息以及智能密码设备证书,向后台系统服务器发送认证请求信息、所述第一签名信息以及所述智能密码设备证书;The terminal is further configured to send the identifier information of the smart cryptographic device to the background system server, receive the first to-be-signed information sent by the background system server, and send the first to-be-signed information and the authentication command to the smart cryptographic device. Receiving the first signature information and the smart password device certificate sent by the smart cryptographic device, and sending the authentication request information, the first signature information, and the smart cryptographic device certificate to the background system server;所述后台系统服务器,还配置为接收所述终端发送的所述智能密码设备的标识信息,生成第一待签名信息,向所述终端发送所述第一待签名信息;接收所述终端发送的所述认证请求信息、所述第一签名信息以及所述智能密码设备证书,利用预存的智能密码设备证书对应的根证书验证所述智能密码设备证书是否合法;在验证所述智能密码设备证书合法后,利用所述智能密码设备的公钥验证所述第一签名信息;在验证所述第一签名信息通过后,完成对所述智能密码设备的认证;The background system server is further configured to receive the identification information of the smart cryptographic device sent by the terminal, generate first to-be-signed information, and send the first to-be-signed information to the terminal; The authentication request information, the first signature information, and the smart cryptographic device certificate verify whether the smart cryptographic device certificate is legal by using a root certificate corresponding to the pre-stored smart cryptographic device certificate; and verifying that the smart cryptographic device certificate is legal After the first signature information is verified by using the public key of the smart cryptographic device; after the first signature information is verified, the authentication of the smart cryptographic device is completed;所述智能密码设备,还配置为接收所述终端发送的所述第一待签名信息以及所述认证指令,利用所述智能密码设备的私钥对所述第一待签名信息进行签名计算,获得第一签名信息;向所述终端发送所述第一签名信息以及智能密码设备证书。The smart cryptographic device is further configured to receive the first to-be-signed information sent by the terminal and the authentication instruction, and perform signature calculation on the first to-be-signed information by using a private key of the smart cryptographic device to obtain First signature information; sending the first signature information and the smart cryptographic device certificate to the terminal.
- 根据权利要求16至18任一项所述的系统,其特征在于,A system according to any one of claims 16 to 18, wherein所述终端,还配置为向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求;接收所述后台系统服务器发送的所述用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息;The terminal is further configured to send the identification information of the smart cryptographic device and the user information read request to the background system server, and receive the response information of the user information read request sent by the background system server, according to the The response information of the user information read request obtains the user information;所述后台系统服务器,还配置为接收所述终端发送的所述智能密码设备的标识信息以 及所述用户信息读取请求,根据所述智能密码设备的标识信息获取与所述智能密码设备对应的用户信息;根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息。The background system server is further configured to receive the identification information of the smart cryptographic device sent by the terminal to And the user information reading request, obtaining user information corresponding to the smart cryptographic device according to the identification information of the smart cryptographic device; obtaining response information of the user information reading request according to the user information, and The terminal transmits response information of the user information read request.
- 根据权利要求16至18任一项所述的系统,其特征在于,A system according to any one of claims 16 to 18, wherein所述终端,还配置为向所述智能密码设备发送用户信息读取请求;接收所述智能密码设备发送的所述用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息;The terminal is further configured to send a user information read request to the smart cryptographic device; receive response information of the user information read request sent by the smart cryptographic device, and read response information according to the user information request Obtaining the user information;所述智能密码设备,还配置为获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息。The smart cryptographic device is further configured to obtain pre-stored user information, obtain response information of the user information read request according to the user information, and send the response information of the user information read request to the terminal. .
- 根据权利要求16至18任一项所述的系统,其特征在于,A system according to any one of claims 16 to 18, wherein所述后台系统服务器,还配置为向所述终端发送所述智能密码设备对应的用户信息;The background system server is further configured to send user information corresponding to the smart cryptographic device to the terminal;所述终端,还配置为接收所述后台系统服务器发送的所述智能密码设备对应的用户信息。The terminal is further configured to receive user information corresponding to the smart cryptographic device sent by the background system server.
- 根据权利要求16至21任一项所述的系统,其特征在于,A system according to any one of claims 16 to 21, wherein所述终端,还配置为在所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息之后,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则执根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息;且如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息。The terminal is further configured to: after the terminal scans the smart cryptographic device within the signal coverage range, and obtains the scanned identification information of the smart cryptographic device, obtain all the smart passwords within the signal coverage range of the terminal. The identification information of the device is generated, and the real-time identification list is generated; and the identification information of the smart cryptographic device in the real-time identification list is compared with the identification information of the smart cryptographic device in the current user list according to a preset time interval; If the identification information of the smart cryptographic device in the real-time identification list is not in the current user list, obtain the user information corresponding to the smart cryptographic device according to the scanned identification information of the smart cryptographic device; and if the current If the identification information of the smart cryptographic device in the user list is not in the real-time identifier list, the user information of the smart cryptographic device that is not in the real-time identifier list in the current user list is deleted.
- 根据权利要求16至21任一项所述的系统,其特征在于,A system according to any one of claims 16 to 21, wherein所述终端,还配置为在所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息之后,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息,并在所述终端获得所述用户信息后,将所述用户信息存储至所述实时标识列表中;且如果所述实时标识列表中的智能密码设备的标识信息在所述当前用户列表中,则将所述在所述当前用户列表中的 智能密码设备的用户信息存储至所述实时标识列表中;将所述实时标识列表作为更新后的所述当前用户列表。The terminal is further configured to: after the terminal scans the smart cryptographic device within the signal coverage range, and obtains the scanned identification information of the smart cryptographic device, obtain all the smart passwords within the signal coverage range of the terminal. The identification information of the device is generated, and the real-time identification list is generated; and the identification information of the smart cryptographic device in the real-time identification list is compared with the identification information of the smart cryptographic device in the current user list according to a preset time interval; Obtaining the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device, and obtaining the user information corresponding to the smart cryptographic device, and obtaining the user information of the smart cryptographic device. After the user information, the user information is stored in the real-time identification list; and if the identification information of the smart cryptographic device in the real-time identification list is in the current user list, then the In the current user list The user information of the smart cryptographic device is stored in the real-time identification list; the real-time identification list is used as the updated current user list.
- 根据权利要求17至23任一项所述的系统,其特征在于,A system according to any one of claims 17 to 23, wherein所述智能密码设备,还配置为在接收所述第一待签名信息以及所述认证指令后,由休眠状态转换为唤醒状态;在唤醒状态下利用所述智能密码设备的私钥对所述第一待签名信息进行签名计算,获得第一签名信息。The smart cryptographic device is further configured to: after receiving the first to-be-signed information and the authentication command, transition from a sleep state to an awake state; and in the awake state, use a private key of the smart cryptographic device to The signature information is calculated by the signature information to obtain the first signature information.
- 根据权利要求16至24任一项所述的系统,其特征在于,A system according to any one of claims 16 to 24, wherein所述后台系统服务器,还配置为在所述后台系统服务器获得所述智能密码设备的标识信息后,判断所述智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中;在判断出所述智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,以及利用所述后台系统服务器的私钥对锁定智能密码设备指令进行签名获得第二签名信息,并通过所述终端向所述智能密码设备发送所述锁定智能密码设备指令以及所述第二签名信息;The background system server is further configured to determine, after the background system server obtains the identification information of the smart cryptographic device, whether the identifier information of the smart cryptographic device includes an abnormality of a smart cryptographic device pre-stored in the background system server. In the list, after determining that the identification information of the smart cryptographic device is in the abnormal list of the smart cryptographic device, acquiring an instruction to lock the smart cryptographic device, and signing the locked smart cryptographic device command by using the private key of the background system server Obtaining second signature information, and sending, by the terminal, the locked smart cryptographic device instruction and the second signature information to the smart cryptographic device;所述智能密码设备,还配置为接收所述后台系统服务器通过所述终端发送的所述锁定智能密码设备指令以及所述第二签名信息,利用预存的所述后台系统服务器证书中的公钥对所述第二签名信息进行验证;在验证所述第二签名信息通过后,根据所述锁定智能密码设备指令执行锁定操作。The smart cryptographic device is further configured to receive the locked smart cryptographic device command and the second signature information sent by the background system server by using the terminal, and use the pre-stored public key pair in the background system server certificate The second signature information is verified; after verifying that the second signature information is passed, performing a locking operation according to the locked smart cryptographic device instruction.
- 根据权利要求16至25任一项所述的系统,其特征在于,A system according to any one of claims 16 to 25, wherein所述后台系统服务器,还配置为接收智能密码设备注册申请,并对所述智能密码设备注册申请进行审核;在审核所述智能密码设备注册申请通过后,向所述智能密码设备发送智能密码设备密钥对生成指令;接收所述智能密码设备发送的所述智能密码设备密钥对中的公钥,生成所述智能密码设备证书,并向所述智能密码设备发送所述智能密码设备证书;The background system server is further configured to receive a smart password device registration application, and perform an audit on the smart password device registration application; and after the auditing the smart password device registration application passes, send the smart password device to the smart password device a key pair generation instruction; receiving a public key in the smart cryptographic device key pair sent by the smart cryptographic device, generating the smart cryptographic device certificate, and transmitting the smart cryptographic device certificate to the smart cryptographic device;所述智能密码设备,还配置为接收所述后台系统服务器发送的所述智能密码设备密钥对生成指令,生成智能密码设备密钥对;向所述后台系统服务器发送所述智能密码设备密钥对中的公钥;存储所述智能密码设备证书。The smart cryptographic device is further configured to receive the smart cryptographic device key pair generation instruction sent by the background system server, generate a smart cryptographic device key pair, and send the smart cryptographic device key to the background system server. The public key of the pair; storing the smart cryptographic device certificate.
- 根据权利要求26所述的系统,其特征在于,The system of claim 26 wherein:所述智能密码设备,还配置为获取智能密码设备销户申请,利用所述智能密码设备的私钥对所述销户申请进行签名获得第三签名信息,并向所述后台系统服务器发送所述智能密码设备销户申请以及所述第三签名信息;接收所述后台系统服务器发送的所述智能密码设备销户完成信息,删除所述智能密码设备的私钥;The smart cryptographic device is further configured to obtain a smart PIN device account cancellation application, use the private key of the smart cryptographic device to sign the account cancellation application to obtain third signature information, and send the third signature information to the background system server. Receiving the smart password device account cancellation application and the third signature information; receiving the smart password device account completion information sent by the background system server, and deleting the private key of the smart password device;所述后台系统服务器,还配置为接收所述智能密码设备发送的所述智能密码设备销户 申请以及所述第三签名信息,利用预存的所述智能密码设备证书中的公钥对所述第三签名信息进行验证;在验证所述第三签名信息通过后,删除预存的所述智能密码设备证书,并生成智能密码设备销户完成信息,向所述智能密码设备发送所述智能密码设备销户完成信息。The background system server is further configured to receive the smart password device and send the account sent by the smart cryptographic device And applying the third signature information to verify the third signature information by using a public key in the pre-stored smart cryptographic device certificate; after verifying that the third signature information is passed, deleting the pre-stored smart password The device certificate is generated, and the smart password device account completion information is generated, and the smart password device account completion information is sent to the smart password device.
- 根据权利要求19所述的系统,其特征在于,The system of claim 19 wherein:所述后台系统服务器,还配置为通过所述终端向所述智能密码设备发送用户授权请求信息;接收所述智能密码设备通过所述终端发送的所述授权信息,向所述终端发送所述用户信息读取请求的响应信息;The background system server is further configured to send user authorization request information to the smart cryptographic device through the terminal; and receive the authorization information sent by the smart cryptographic device by using the terminal, and send the user to the terminal Response information of the information read request;所述智能密码设备,还配置为接收所述后台系统服务器通过所述终端发送的所述用户授权请求信息,生成授权信息,并通过所述终端向所述后台系统服务器发送所述授权信息。The smart cryptographic device is further configured to receive the user authorization request information sent by the background system server by using the terminal, generate authorization information, and send the authorization information to the background system server by using the terminal.
- 根据权利要求28所述的系统,其特征在于,The system of claim 28 wherein:所述智能密码设备,还配置为在接收到所述用户授权请求信息后,由休眠状态转换为唤醒状态;在唤醒状态下生成授权信息。The smart cryptographic device is further configured to: after receiving the user authorization request information, transition from a sleep state to an awake state; and generate authorization information in the awake state.
- 根据权利要求16至29任一项所述的系统,其特征在于,A system according to any one of claims 16 to 29, wherein所述智能密码设备,还配置为在被所述终端扫描之前,进入可被扫描状态。 The smart cryptographic device is further configured to enter a scannable state before being scanned by the terminal.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2946914A CA2946914C (en) | 2014-04-25 | 2015-01-26 | Secure data interaction method and system |
AU2015251467A AU2015251467B2 (en) | 2014-04-25 | 2015-01-26 | Secure data interaction method and system |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410172003.3 | 2014-04-25 | ||
CN201410171448.X | 2014-04-25 | ||
CN201410171448.XA CN103942686A (en) | 2014-04-25 | 2014-04-25 | Data security interactive system |
CN201410172003.3A CN103944733A (en) | 2014-04-25 | 2014-04-25 | Data security interactive method |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015161694A1 true WO2015161694A1 (en) | 2015-10-29 |
Family
ID=54331717
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/071584 WO2015161694A1 (en) | 2014-04-25 | 2015-01-26 | Secure data interaction method and system |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU2015251467B2 (en) |
CA (1) | CA2946914C (en) |
WO (1) | WO2015161694A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112562145A (en) * | 2020-10-29 | 2021-03-26 | 重庆恢恢信息技术有限公司 | Construction personnel troubleshooting working method for intelligent construction site |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101131756A (en) * | 2006-08-24 | 2008-02-27 | 联想(北京)有限公司 | Security authentication system, device and method for electric cash charge of mobile paying device |
CN101789934A (en) * | 2009-11-17 | 2010-07-28 | 北京飞天诚信科技有限公司 | Method and system for online security trading |
CN103944733A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive method |
CN103942686A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive system |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
BRPI0802251A2 (en) * | 2008-07-07 | 2011-08-23 | Tacito Pereira Nobre | system, method and device for authentication in electronic relationships |
CN101465019B (en) * | 2009-01-14 | 2011-06-29 | 北京华大智宝电子系统有限公司 | Method and system for implementing network authentication |
CN102469457A (en) * | 2010-11-05 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Communication system and synchronization and maintenance method of address list information |
-
2015
- 2015-01-26 WO PCT/CN2015/071584 patent/WO2015161694A1/en active Application Filing
- 2015-01-26 AU AU2015251467A patent/AU2015251467B2/en active Active
- 2015-01-26 CA CA2946914A patent/CA2946914C/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101131756A (en) * | 2006-08-24 | 2008-02-27 | 联想(北京)有限公司 | Security authentication system, device and method for electric cash charge of mobile paying device |
CN101789934A (en) * | 2009-11-17 | 2010-07-28 | 北京飞天诚信科技有限公司 | Method and system for online security trading |
CN103944733A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive method |
CN103942686A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Data security interactive system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112562145A (en) * | 2020-10-29 | 2021-03-26 | 重庆恢恢信息技术有限公司 | Construction personnel troubleshooting working method for intelligent construction site |
CN112562145B (en) * | 2020-10-29 | 2023-05-23 | 重庆恢恢信息技术有限公司 | Construction personnel investigation working method for intelligent construction site |
Also Published As
Publication number | Publication date |
---|---|
AU2015251467B2 (en) | 2018-11-15 |
AU2015251467A1 (en) | 2016-11-17 |
CA2946914C (en) | 2018-10-16 |
CA2946914A1 (en) | 2015-10-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9807612B2 (en) | Secure data interaction method and system | |
KR101948277B1 (en) | Proximity-based network security with IP whitelisting | |
KR101815430B1 (en) | Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data | |
JP6668460B2 (en) | Proximity-based network security | |
WO2015161690A1 (en) | Secure data interaction method and system | |
US20140214688A1 (en) | System and method for secure transaction process via mobile device | |
CN103942684A (en) | Data security interactive system | |
CN103944730A (en) | Data security interactive system | |
CN101101687A (en) | Method, apparatus, server and system using biological character for identity authentication | |
CN103942687A (en) | Data security interactive system | |
CN103942688A (en) | Data security interactive system | |
CN103944736A (en) | Data security interactive method | |
CN103942685A (en) | Data security interactive system | |
CN115004208A (en) | Generating barcodes using cryptographic techniques | |
CN103942690A (en) | Data security interactive system | |
CN103944908A (en) | Data updating method and system | |
WO2015161693A1 (en) | Secure data interaction method and system | |
CN103944729A (en) | Data security interactive method | |
CN103944734A (en) | Data security interactive method | |
JP2022501871A (en) | Systems and methods for cryptographic authentication of non-contact cards | |
US20210034769A1 (en) | System and method for secure device connection | |
CN103944728A (en) | Data security interactive system | |
CN103944735A (en) | Data security interactive method | |
CN103944731A (en) | Data security interactive method | |
CN103942686A (en) | Data security interactive system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15783770 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2946914 Country of ref document: CA |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2015251467 Country of ref document: AU Date of ref document: 20150126 Kind code of ref document: A |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15783770 Country of ref document: EP Kind code of ref document: A1 |