CN103218711A - Device, system and method for off-line data interactive processing - Google Patents

Device, system and method for off-line data interactive processing Download PDF

Info

Publication number
CN103218711A
CN103218711A CN2013100881531A CN201310088153A CN103218711A CN 103218711 A CN103218711 A CN 103218711A CN 2013100881531 A CN2013100881531 A CN 2013100881531A CN 201310088153 A CN201310088153 A CN 201310088153A CN 103218711 A CN103218711 A CN 103218711A
Authority
CN
China
Prior art keywords
line data
data interaction
interaction process
process device
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2013100881531A
Other languages
Chinese (zh)
Other versions
CN103218711B (en
Inventor
吴蕃
吕涛
吴佳文
周新衡
郑显凌
陈智荣
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN201310088153.1A priority Critical patent/CN103218711B/en
Publication of CN103218711A publication Critical patent/CN103218711A/en
Application granted granted Critical
Publication of CN103218711B publication Critical patent/CN103218711B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a device, a system and a method for off-line data interactive processing. The device for off-line data interactive processing comprises a server authentication module, an identity authentication module, an integrated circuit (IC) card verifying module, a service interactive processing module, an off-line service sending module, an off-line service receiving module and a batch uploading module, wherein the server authentication module is used for being connected to a service processing server for registration authentication through a wireless internet, the identity authentication module is used for verifying the legality of the identity of a user after the registration authentication of the server is successful, the IC card verifying module is used for verifying an IC card off-line cipher input by the user, the service interactive processing module is used for the user to input off-line service information after the identity of the user and the IC card off-line cipher are successfully verified, the off-line service sending module is used for sending the off-line service information to another off-line data interactive processing device to be processed, the off-line service receiving module is used for receiving off-line service processing results returned by the off-line data interactive processing device, and the batch uploading module is used for uploading the off-line service processing results to the service processing server in a batched mode.

Description

A kind of off-line data interaction process device, system and method
Technical field
The invention relates to Electronic Finance equipment and system field, especially a kind of off-line data interaction process device, system and method.
Background technology
At present, the major transaction channel that the holder uses bank card to conclude the business has ATM, self-help terminal equipments such as POS, Web bank, telephone bank, Mobile banking etc.Yet these channels all have certain potential safety hazard: ATM, and self-aided terminals such as POS are stolen card image by the lawless person easily, and bank card password is also spied upon easily; Web bank is subjected to the invasion of computer virus and wooden horse easily, causes account No. and password stolen.
Along with the development of banking, in order to improve security of payment, reliability, bank is advancing bank card by the migration of magnetic stripe card to IC-card at present on a large scale both at home and abroad.IC-card has the characteristics of aspects such as information storage capacity is big, the security information processing power is strong.A large amount of user profile can be preserved in the IC-card, just writing of information can be finished as long as the user has been equipped with read-write equipment.The IC-card its working principles is: frequency read/write is sent out the electromagnetic wave of one group of fixed frequency to IC-card, have an IC series connection to assist the circuit that shakes in the card, its frequency is identical with the frequency of read write line emission, like this under excitation of electromagnetic wave, LC assists the circuit that shakes to produce resonance, thereby make electric charge has been arranged in the electric capacity; The other end of electric charge, be connected to the electronic pump of a unidirectional conducting, the electric charge in the electric capacity delivered to another capacitor memory storage, when the electric charge that is accumulated reaches 2V, this electric capacity can be used as power supply and provides operating voltage for other circuit, data transmission in the card is gone out or accepted the data of read write line.
IC-card in the principle of work of using on bank ATM machine or the POS facility is: contact or contactless fetch equipment are installed on ATM or POS machine, and card number by reading holder in the IC-card and safety verification information send to bank's background system and carry out authentication and business processing.
At present, when IC-card carries out business processing, in the mutual link of it and Service Process Server, take the bandwidth of transaction processing system network and the resource of business processing in real time.In addition, existing business transaction terminal also can't be accepted two transaction between the holder by off-line, transfers accounts as electronic cash, has the valence electron security to give authorized transactions or the like.
Summary of the invention
The present invention based on the application of IC-card, proposes a kind of off-line data interaction process device, system and method in conjunction with the IC-card business that develops rapidly.Purpose is to improve the security that the user makes IC-card, and the minimizing business processing takies the transaction processing system network bandwidth and Service Process Server resource, finishes the bilateral data interaction between the IC-card holder.
For achieving the above object, the invention provides a kind of off-line data interaction process device, be connected by wireless network with Service Process Server and other off-line data interaction process devices, and carry out the offline business transaction with described other off-line data interaction process devices; Wherein, described off-line data interaction process device comprises: the server authentication module is used for being linked into described Service Process Server by wireless network the authentication of registering; Authentication module is used for after described Service Process Server is registered authentication success, and the legitimacy of user identity is authenticated; IC-card verification module is used for the IC-card off-line cipher of described user's input is carried out verification; The service interaction processing module is used for after authenticating user identification success and IC-card off-line cipher verification succeeds, and described user carries out the input of offline business information; The offline business sending module is used for that described offline business information is sent to the second off-line data interaction process device and handles; The offline business receiver module is used to receive the offline business result that the described second off-line data interaction process device returns; Pull on transmission module, be used for described offline business result is uploaded to described Service Process Server in batches.
For achieving the above object, the invention provides a kind of off-line data interaction process system, form by a plurality of off-line data interaction process devices and a Service Process Server, connect by wireless network between described a plurality of off-line data interaction process device, be connected by wireless network between described a plurality of off-line data interaction process devices and the described Service Process Server; Wherein, described off-line data interaction process device comprises: the server authentication module is used for being linked into described Service Process Server by wireless network the authentication of registering; Authentication module is used for after described Service Process Server is registered authentication success, and the legitimacy of user identity is authenticated; IC-card verification module is used for the IC-card off-line cipher of user's input is carried out verification; The service interaction processing module is used for after authenticating user identification success and IC-card off-line cipher verification succeeds, and described user carries out the input of offline business information; The offline business sending module is used for that described offline business information is sent to the second off-line data interaction process device and handles; The offline business receiver module is used to receive the offline business result that the described second off-line data interaction process device returns; Pull on transmission module, be used for described offline business result is uploaded to described Service Process Server in batches; Described Service Process Server comprises: the terminal authentication module, be used for when described off-line data interaction process device when described Service Process Server initiates to register, whether the described off-line data interaction process of described terminal authentication module check device archives exist, if exist, then return off-line data interaction process device authentication result; Pull on the biography processing module, be used to handle the described offline business result in batch that submits to when described off-line data interaction process device is pulled on biography, finish the transaction processing on professional backstage.
For achieving the above object, the invention provides a kind of method of utilizing aforementioned off-line data disposal system to carry out the off-line data processing, comprise: described off-line data interaction process device send server authentication information is to described Service Process Server, the authentication of registering; After described Service Process Server was registered authentication success, the user imported authentication information, and described off-line data interaction process device authenticates the legitimacy of user identity; The user imports the IC-card off-line cipher, and described off-line data interaction process device carries out verification to described IC-card off-line cipher; After authenticating user identification success and IC-card off-line cipher verification succeeds, described user carries out the input of offline business information in described off-line data interaction process device; Described off-line data interaction process device sends to another off-line data interaction process device with described offline business information and handles; Described off-line data interaction process device receives the offline business result that described another off-line data interaction process device returns; Described off-line data interaction process device is uploaded to described Service Process Server in batches with described offline business result.
For achieving the above object, the invention provides another kind and utilize aforementioned off-line data disposal system to carry out the method that off-line data is handled, comprising: off-line data interaction process device send server authentication information is to Service Process Server, the authentication of registering; After described Service Process Server was registered authentication success, the user imported authentication information, and described off-line data interaction process device authenticates the legitimacy of user identity; The user imports the IC-card off-line cipher, and described off-line data interaction process device carries out verification to described IC-card off-line cipher; After authenticating user identification success and IC-card off-line cipher verification succeeds, described user receives the offline business information that another off-line data interaction process device sends; Described offline business information is carried out service interaction handle, generate offline business result described another off-line data interaction process device; Described offline business result is sent to described another off-line data interaction process device, and described offline business result is uploaded to described Service Process Server in batches.
The off-line data interaction process device that the embodiment of the invention proposes, system and method, use in conjunction with fast-developing IC-card, the prior art of comparing, have the following advantages: the IC-card holder is by off-line data interaction process device, system and method is finished with another one IC-card holder and is finished handling of data service, has alleviated the dependence of holder to bank outlets, finishes transaction whenever and wherever possible.Off-line data interaction process device only is connected with Service Process Server and mutual registering and pull on when sending, other data interaction is finished by the mode of off-line off line, has reduced taking the transaction processing system network bandwidth and Service Process Server resource.Authentication between off-line data interaction process device and the user, authentication between off-line data interaction process device and the Service Process Server, and the mutual authentication between data interaction take over party and initiator's the off-line data interaction process device, these authentication mechanisms have guaranteed the security of transaction.And along with the expansion that following IC-card is used, the type of service that IC-card is supported can constantly be upgraded.The off-line data interaction process device of the embodiment of the invention has very strong extensibility, can finish automatic software updating by being connected with Service Process Server, obtains the banking function of bringing in constant renewal in.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, does not constitute limitation of the invention.In the accompanying drawings:
Fig. 1 is the synoptic diagram of the off-line data interaction process system of the embodiment of the invention;
Fig. 2 is the off-line data interaction process schematic representation of apparatus of the embodiment of the invention;
Fig. 3 is the off-line data interaction process schematic representation of apparatus of another embodiment of the present invention;
Fig. 4 is the structural representation of the Service Process Server of the embodiment of the invention;
Fig. 5 is the structural representation of the Service Process Server of another embodiment of the present invention;
Fig. 6 is the flow chart of steps of the off-line data interaction processing method of one embodiment of the invention;
Fig. 7 is the flow chart of steps of the off-line data interaction processing method of another embodiment of the present invention;
Fig. 8 is the flow chart of steps of the off-line data interaction processing method of the specific embodiment of the invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the embodiment of the invention is described in further details below in conjunction with accompanying drawing.At this, illustrative examples of the present invention and explanation thereof are used to explain the present invention, but not as a limitation of the invention.
Fig. 1 is the synoptic diagram of the off-line data interaction process system of the embodiment of the invention.As shown in Figure 1, off-line data interaction process system comprises: multi-section off-line data interaction process device and Service Process Server 20 such as off-line data interaction process device 10, off-line data interaction process device 11, off-line data interaction process device 12, wherein all off-line data interaction process apparatus structure functions are identical, only, connect by wireless network between all devices with the label difference.
Off-line data interaction process device 10 is registered with Service Process Server 20, after the authentication, off-line data interaction process device 10 obtains key on the same day, when key is used for carrying out data interaction between the off-line data interaction process device offline business information is encrypted transmission, the safety of guarantee information.
The user can operate off-line data interaction process device 10 down with the state of Service Process Server 20 off-lines, carries out professional processing, and carries out business with other off-line data interaction process devices and initiate and return results.After business processing was finished, off-line data interaction process device 10 can regularly be uploaded to Service Process Server 20 with the business data processing result.
Off-line data interaction process device 10 can also carry out operations such as version updating when registering with Service Process Server 20 simultaneously.
In conjunction with Fig. 1, Fig. 2 is the off-line data interaction process schematic representation of apparatus of the embodiment of the invention.As shown in Figure 2, off-line data interaction process device 10 comprises: server authentication module 101, authentication module 102, IC-card verification module 103, service interaction processing module 104, offline business sending module 105, offline business receiver module 106 and pull on transmission module 107; Wherein,
Server authentication module 101 is used for being linked into Service Process Server 20 by wireless network, the authentication of registering.
Before the first stroke transaction of every day, off-line data interaction process device 10 needs by server authentication module 101, being connected to Service Process Server 20 registers, Service Process Server 20 can check whether the archives of off-line data interaction process device 10 exist, if exist, then the return authentication result can carry out business and upload, operations such as download and renewal.
Authentication module 102 is used for after Service Process Server 20 is registered authentication success, and the legitimacy of user identity is authenticated.
IC-card verification module 103 is used for the IC-card off-line cipher of user's input is carried out verification.
The user inserts IC-card by the prompting of off-line data interaction process device 10, and input IC-card off-line cipher, concludes the business if import the off-line cipher mistake then refuse.
Service interaction processing module 104, after authenticating user identification success and IC-card off-line cipher verification succeeds, the user can carry out the input of offline business information.
After authenticating user identification success and the IC-card off-line cipher verification succeeds, can enter menu selects professional, off-line data interaction process device 10 display business menus are selected for the user, business such as for example electric gift certificate transfer, electronic cash are transferred accounts, integration transfer, offline authorization.
The user is according to prompting incoming traffic request slip information needed, after the user determines type of service, and the information that system progressively points out the user to fill in, the user is entry information on request.For example: the user has selected the electric gift certificate transfer, then the type of system prompt input electric gift certificate.Behind user's input type, the quantity of system prompt electric gift certificate, the user finishes filling in of data message step by step by prompting.
Offline business sending module 105 is used for that offline business information is sent to another off-line data interaction process device and handles.
Offline business receiver module 106 is used to receive the offline business result that another off-line data interaction process device returns.
Pull on transmission module 107, be used for the offline business result is uploaded to Service Process Server in batches.
After off-line data interaction process device 10 is finished transaction, the offline business result records in the off-line data interaction process device 10, by the time off-line data interaction process device 10 is connected with Service Process Server 20 and when registering, pulls on all offline business results of sending on the transmission module 107 in one batch and give Service Process Server 20.Service Process Server 20 is finished professional background process.
In the present embodiment, the offline business sending module 106 in the off-line data interaction process device 10 also can be used for receiving the offline business information that other off-line data interaction process devices send;
Accordingly, service interaction processing module 104 is used for that also the offline business information that other off-line data interaction process devices send is carried out service interaction to be handled, and generates the offline business result of other off-line data interaction process devices;
Accordingly, offline business sending module 105 also is used for the offline business result to other off-line data interaction process devices is sent to other off-line data interaction process devices.
In the present embodiment, off-line data interaction process device 10 also comprises the auto-update module, is used for inserting by wireless network with Service Process Server 20, carries out the auto-update of off-line data interaction process device software function.
In conjunction with Fig. 1 and Fig. 2, Fig. 3 is the off-line data interaction process schematic representation of apparatus of another embodiment of the present invention.As shown in Figure 3, the off-line data interaction process device that off-line data interaction process device 10 is compared shown in Figure 2 also comprises: session encryption module 108, MAC verification module 109, bio-identification module 110, static password authentication module 111; Wherein,
The user will be provided with static password or utilize the user fingerprints information that bio-identification module 110 collection can legal this device of operation after obtaining off-line data interaction process device 10 in static password authentication module 111.
Bio-identification module 110 and static password authentication module 111 are used for when the legitimacy of 102 pairs of user identity of authentication module authenticates, and be used for that fingerprint to the user authenticates or the static password of user's input is authenticated.The user need verify static password or check finger print information when using this device to carry out business transaction, adopt the finger print information checking can further promote the security of this device.
In the present embodiment, server authentication module 101 is also obtained the session key and the MAC key on the same day from Service Process Server 20 when registering authentication;
Session encryption module 108 in the off-line data interaction process device 10 is used to utilize session key that offline business information is encrypted, and generates secure service information;
When another off-line data interaction process device was initiated connection request, session encryption module 108 can be encrypted offline business information, to guarantee the security of information at off-line data interaction process device 10.
Another off-line data interaction process device can utilize session key that ciphered data information is decrypted, and the user both can carry out business data processing.
MAC verification module 109, be used to utilize the MAC key that secure service information is carried out XOR, generate check information, off-line data interaction process device is by judging and the check information of other off-line data interaction process devices generations identical other off-line data interaction process devices that authenticates whether, if identical, then authenticate other off-line data interaction process devices.
When sending secure service information, the MAC verification module 109 of off-line data interaction process device 10 can be carried out XOR to secure service information and be obtained check information; After other off-line data interaction process devices received secure service information, MAC verification module 109 also can be carried out XOR to secure service information and be obtained check information, if check information is identical, then two device authentications pass through, and can carry out data interaction.
In conjunction with Fig. 1, Fig. 4 is the structural representation of the Service Process Server of the embodiment of the invention.As shown in Figure 4, Service Process Server 20 comprises: terminal authentication module 201 and pull on and pass processing module 202; Wherein,
Terminal authentication module 201, be used for when off-line data interaction process device 10 when Service Process Server 20 initiates to register, terminal authentication module 201 checks that whether off-line data interaction process device 10 archives exist, if exist, then return off-line data interaction process device authentication result;
Pull on and pass processing module 202, be used to handle the offline business result in batch that submits to when off-line data interaction process device 10 is pulled on biography, finish the transaction processing on professional backstage;
In conjunction with Fig. 1 and Fig. 4, Fig. 5 is the structural representation of the Service Process Server of another embodiment of the present invention.As shown in Figure 5, the compare Service Process Server of Fig. 4 of Service Process Server 20 also comprises: key production module 203 and terminal staging module 204; Wherein,
Key production module 203, be used to generate work at present day corresponding session key and MAC key, behind 201 pairs of off-line data interaction process of terminal authentication module device, 10 authentication successs, passing to off-line data interaction process device 10 under corresponding session key and the MAC key;
Terminal staging module 204 for off-line data interaction process device 10 provides the software download of latest edition, is finished the software upgrading of off-line data interaction process device 10.
In conjunction with shown in Figure 1, Fig. 6 is the flow chart of steps of the off-line data interaction processing method of one embodiment of the invention.As shown in Figure 6, step S601, off-line data interaction process device 10 send server authentication informations be to Service Process Server 20, the authentication of registering.
Step S602, after Service Process Server 20 was registered authentication success, the user imported authentication information, and the legitimacy of 10 pairs of user identity of off-line data interaction process device authenticates.
Step S603, user import the IC-card off-line cipher, and 10 pairs of described IC-card off-line ciphers of off-line data interaction process device are carried out verification.
Step S604, after authenticating user identification success and IC-card off-line cipher verification succeeds, the user carries out the input of offline business information in off-line data interaction process device 10.
Step S605, off-line data interaction process device 10 sends to another off-line data interaction process device with offline business information and handles.
Step S606, off-line data interaction process device 10 receives the offline business result that another off-line data interaction process device returns.
Step S607, off-line data interaction process device 10 is uploaded to Service Process Server 20 in batches with described offline business result.
In present embodiment step S601, before the first stroke transaction of every day, off-line data interaction process device 10 need be connected to Service Process Server 20 and register, whether Service Process Server 20 can exist the archives of checking off-line data interaction process device 10, if exist, then return authentication result, a session key and a MAC key.
In present embodiment step S602, the user can utilize and press the end finger line or import the legitimacy authentication that static password carries out identity.Pass through as authentication, then prompting is landed success and is pointed out the user to insert IC-card; If user and accumulative total authentication errors number are then pointed out in the authentication failure.The number of times that transfinites that is provided with when surpassing issued by banks as the authentication frequency of failure will automatically lock equipment and point out the user and the customer service association process.
In present embodiment step S603, the user inserts IC-card by the prompting of off-line data interaction process device 10, and input IC-card off-line cipher, concludes the business if import the off-line cipher mistake then refuse.
In present embodiment step S604, after authenticating user identification success and the IC-card off-line cipher verification succeeds, can enter menu and select business, business such as for example electric gift certificate transfer, electronic cash are transferred accounts, integration transfer, offline authorization.
The user is according to prompting incoming traffic request slip information needed, after the user determines type of service, and the information that system progressively points out the user to fill in, the user is entry information on request.For example: the user has selected the electric gift certificate transfer, then the type of system prompt input electric gift certificate.Behind user's input type, the quantity of system prompt electric gift certificate, the user finishes filling in of data message step by step by prompting.
In present embodiment step S605, off-line data interaction process device 10 utilizes session key to encrypt offline business information, and utilizes the MAC key to carry out XOR to generate check information.
In present embodiment step S606, another off-line data interaction process device receives the offline business information after encrypting, also utilize the MAC key to carry out XOR and generate check information, if identical with the check information of off-line data interaction process device 10 generations, then two mutual authentications of device are passed through.
After authentication was passed through, another off-line data interaction process device utilized session key to offline business decrypts information, business processing after encrypting, and returns the offline business result and give off-line data interaction process device 10.
In present embodiment step S607, after off-line data interaction process device 10 is finished transaction processing, off-line data interaction process device 10 is with offline business result record, by the time off-line data interaction process device 10 is connected with Service Process Server 20 and when registering, all offline business results of uploading in one batch are given Service Process Server 20.Service Process Server 20 is finished professional background process.
In conjunction with shown in Figure 1, Fig. 7 is the flow chart of steps of the off-line data interaction processing method of another embodiment of the present invention.
As shown in Figure 7, step 701, off-line data interaction process device 10 send server authentication informations are to Service Process Server 20, the authentication of registering.
Step S702, after Service Process Server 20 was registered authentication success, the user imported authentication information, and the legitimacy of 10 pairs of user identity of off-line data interaction process device authenticates.
Step S703, user import the IC-card off-line cipher, and 10 pairs of described IC-card off-line ciphers of off-line data interaction process device are carried out verification.
Step S704, off-line data interaction process device 10 receives the offline business information that another off-line data interaction process device sends.
Step S705, the offline business information that off-line data interaction process device 10 sends another off-line data interaction process device is carried out the service interaction processing, generates the offline business result to another off-line data interaction process device.
Step S706, off-line data interaction process device 10 will send to another off-line data interaction process device to the offline business result of another off-line data interaction process device.
In present embodiment step S701, before the first stroke transaction of every day, off-line data interaction process device 10 need be connected to Service Process Server 20 and register, whether Service Process Server 20 can exist the archives of checking off-line data interaction process device 10, if exist, then return authentication result, a session key and a MAC key.
In present embodiment step S702, the user can utilize and press the end finger line or import the legitimacy authentication that static password carries out identity.Pass through as authentication, then prompting is landed success and is pointed out the user to insert IC-card; If user and accumulative total authentication errors number are then pointed out in the authentication failure.The number of times that transfinites that is provided with when surpassing issued by banks as the authentication frequency of failure will automatically lock equipment and point out the user and the customer service association process.
In present embodiment step S703, the user inserts IC-card by the prompting of off-line data interaction process device 10, and input IC-card off-line cipher, concludes the business if import the off-line cipher mistake then refuse.
In present embodiment step S704, another off-line data interaction process device utilizes session key that offline business information is encrypted, and utilize the MAC key to carry out XOR generation check information, offline business information and check information after encrypting are sent in the off-line data interaction process device 10.
In present embodiment step S705, the offline business information that off-line data interaction process device 10 receives after encrypting, also utilize the MAC key to carry out XOR and generate check information, if identical with the check information of another off-line data interaction process device generation, then two mutual authentications of device are passed through
After authentication was passed through, off-line data interaction process device 10 utilized session key to offline business decrypts information, business processing after encrypting, generates the offline business result of another off-line data interaction process device.
To shown in Figure 7, Fig. 8 is the flow chart of steps of the off-line data interaction processing method of the specific embodiment of the invention in conjunction with Fig. 1.
As shown in Figure 8, step S801, initiator's off-line data interaction process device and take over party's off-line data interaction process device are registered with Service Process Server 20 respectively, and session key and MAC key are obtained in authentication.
Step S802, initiator user and take over party user utilize the legitimacy of finger print identifying or static password authenticating identity respectively.
Step S803, initiator user and take over party user insert IC-card respectively and carry out the off-line cipher verification.
Step S804, after authentication and the verification of IC-card off-line cipher were passed through, initiator user entered menu and selects electric gift certificate to transfer the possession of business.
Step S805, the type of initiator's off-line data interaction process device prompting input electric gift certificate.Behind user's input type, the quantity of electric gift certificate is transferred the possession of in the prompting of initiator's off-line data interaction process device, and the user finishes filling in of data message step by step by prompting, generates offline business information.
Step S806, initiator's off-line data interaction process device utilizes session key that offline business information is encrypted.
Step S807, initiator's off-line data interaction process device utilizes the MAC key that the offline business information after encrypting is carried out XOR, generate initiator's check information, and offline business information and initiator's check information after encrypting are sent to take over party's off-line data interaction process device.
Step S808, take over party's off-line data interaction process device utilize the MAC key that the offline business information after encrypting is carried out XOR and generate take over party's check information, if identical with initiator's check information, then authenticate between two devices and pass through.
Step S809, take over party's off-line data interaction process device utilize session key that the offline business information after encrypting is decrypted.
Step S810, take over party user handles offline business information, confirms the quantity of the electric gift certificate that initiator user transfers the possession of, and the offline business data processed result is returned initiator's off-line data interaction process device, and execution in step S811.
Step S811, take over party's record traffic is handled daily record, and can increase the quantity of electric gift certificate according to the offline business information updating IC-card data of electric gift certificate transfer.
Step S812, initiator user confirm the offline business result.
Step S813, initiator user's end operation, record traffic is handled daily record, according to the offline business information updating IC-card data that electric gift certificate is transferred the possession of, reduces the quantity of electric gift certificate.
Step S814, off-line data interaction process device is regularly uploaded the offline business result to Service Process Server 20 in batches.
Among this specific embodiment step S801 and the step S814, off-line data interaction process device and Service Process Server 20 are connected by wireless network, carry out the data transmission interaction process.Other steps are all operated under off-line state, reduce data service to the network bandwidth of transaction processing system and taking of Service Process Server resource.And, can improve the security that the user uses IC-card by off-line operation and secret key encryption.
The embodiment of the invention is used in conjunction with the IC-card of fast development, a kind of IC-card off-line data interaction process device is proposed, system and method, the prior art of comparing, have the following advantages: the IC-card holder is by off-line data interaction process device, system and method is finished with another one IC-card holder and is finished handling of data service, has alleviated the dependence of holder to bank outlets, finishes transaction whenever and wherever possible.Off-line data interaction process device only is connected with Service Process Server and mutual registering and pull on when sending, other data interaction is finished by the mode of off-line off line, has reduced taking the transaction processing system network bandwidth and Service Process Server resource.Authentication between off-line data interaction process device and the user, authentication between off-line data interaction process device and the Service Process Server, and the mutual authentication between data interaction take over party and initiator's the off-line data interaction process device, these authentication mechanisms have guaranteed the security of transaction.And along with the expansion that following IC-card is used, the type of service that IC-card is supported can constantly be upgraded.The off-line data interaction process device of the embodiment of the invention has very strong extensibility, can finish automatic software updating by being connected with Service Process Server, obtains the banking function of bringing in constant renewal in.
Above-described specific embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is specific embodiments of the invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (28)

1. an off-line data interaction process device is characterized in that, is connected by wireless network with Service Process Server and other off-line data interaction process devices, and carries out the offline business transaction with described other off-line data interaction process devices;
Wherein, described off-line data interaction process device comprises:
The server authentication module is used for being linked into described Service Process Server by wireless network, the authentication of registering;
Authentication module is used for after described Service Process Server is registered authentication success, and the legitimacy of user identity is authenticated;
IC-card verification module is used for the IC-card off-line cipher of described user's input is carried out verification;
The service interaction processing module is used for after authenticating user identification success and IC-card off-line cipher verification succeeds, and described user carries out the input of offline business information;
The offline business sending module is used for that described offline business information is sent to the second off-line data interaction process device and handles;
The offline business receiver module is used to receive the offline business result that the described second off-line data interaction process device returns;
Pull on transmission module, be used for described offline business result is uploaded to described Service Process Server in batches.
2. off-line data interaction process device according to claim 1 is characterized in that, described offline business receiver module also is used to receive the offline business information that the 3rd off-line data interaction process device sends;
Accordingly, described service interaction processing module is used for that also the offline business information that described the 3rd off-line data interaction process device sends is carried out service interaction to be handled, and generates the offline business result to described the 3rd off-line data interaction process device;
Accordingly, described offline business sending module also is used for the offline business result to described the 3rd off-line data interaction process device is sent to described the 3rd off-line data interaction process device.
3. off-line data interaction process device according to claim 1 and 2 is characterized in that, described Service Process Server authentication module also is used for obtaining a session key and a MAC key from described Service Process Server when registering authentication.
4. off-line data interaction process device according to claim 3 is characterized in that, described off-line data interaction process device also comprises session encryption module and MAC verification module: wherein,
The session encryption module is used to utilize described session key that described offline business information is encrypted, and generates secure service information;
MAC verification module, be used to utilize described MAC key that described secure service information is carried out XOR, generate check information, described off-line data interaction process device is by judging and the check information of described other off-line data interaction process devices generations identical other off-line data interaction process devices that authenticates whether, if identical, then authenticate described other off-line data interaction process devices.
5. off-line data interaction process device according to claim 1 and 2 is characterized in that, described off-line data interaction process device also comprises:
The bio-identification module is used for the fingerprint that described user presses pressure is carried out identity legitimacy authentication to described user;
The static password authentication module is used for the static password of described user's input is carried out described user's identity legitimacy is authenticated.
6. off-line data interaction process device according to claim 1 and 2, it is characterized in that, described off-line data interaction process device also comprises an auto-update module, be used for inserting by wireless network, carry out the auto-update of off-line data interaction process device software function with described Service Process Server.
7. off-line data interaction process device according to claim 1 and 2 is characterized in that, described offline business information comprises: electric gift certificate transferable information, electronic cash transfer accounts information, integration transferable information.
8. off-line data interaction process device as claimed in claim 1 or 2 is characterized in that described Service Process Server comprises:
The terminal authentication module, be used for when described off-line data interaction process device when described Service Process Server initiates to register, whether the described off-line data interaction process of described terminal authentication module check device archives exist, if exist, then return off-line data interaction process device authentication result;
Key production module, be used to generate work at present day corresponding described session key and described MAC key, after described terminal authentication module is to described off-line data interaction process device authentication success, passing to off-line data interaction process device under described session key and the described MAC key;
Pull on the biography processing module, be used to handle the described offline business result in batch that submits to when described off-line data interaction process device is pulled on biography, finish the transaction processing on professional backstage;
The terminal staging module for described off-line data interaction process device provides the software download of latest edition, is finished the software upgrading of described off-line data interaction process device.
9. off-line data interaction process system, it is characterized in that, form by a plurality of off-line data interaction process devices and a Service Process Server, connect by wireless network between described a plurality of off-line data interaction process device, be connected by wireless network between described a plurality of off-line data interaction process devices and the described Service Process Server; Wherein,
Described off-line data interaction process device comprises:
The server authentication module is used for being linked into described Service Process Server by wireless network, the authentication of registering;
Authentication module is used for after described Service Process Server is registered authentication success, and the legitimacy of user identity is authenticated;
IC-card verification module is used for the IC-card off-line cipher of user's input is carried out verification;
The service interaction processing module is used for after authenticating user identification success and IC-card off-line cipher verification succeeds, and described user carries out the input of offline business information;
The offline business sending module is used for that described offline business information is sent to the second off-line data interaction process device and handles;
The offline business receiver module is used to receive the offline business result that the described second off-line data interaction process device returns;
Pull on transmission module, be used for described offline business result is uploaded to described Service Process Server in batches;
Described Service Process Server comprises:
The terminal authentication module, be used for when described off-line data interaction process device when described Service Process Server initiates to register, whether the described off-line data interaction process of described terminal authentication module check device archives exist, if exist, then return off-line data interaction process device authentication result;
Pull on the biography processing module, be used to handle the described offline business result in batch that submits to when described off-line data interaction process device is pulled on biography, finish the transaction processing on professional backstage.
10. off-line data interaction process according to claim 9 system is characterized in that, described offline business receiver module also is used to receive the offline business information that the 3rd off-line data interaction process device sends;
Accordingly, described service interaction processing module is used for that also the offline business information that described the 3rd off-line data interaction process device sends is carried out service interaction to be handled, and generates the offline business result to described the 3rd off-line data interaction process device;
Accordingly, described offline business sending module also is used for the offline business result to described the 3rd off-line data interaction process device is sent to described the 3rd off-line data interaction process device.
11., it is characterized in that described Service Process Server authentication module also is used for obtaining a session key and a MAC key from described Service Process Server when registering authentication according to claim 9 or 10 described off-line data interaction process systems;
Accordingly, described Service Process Server also comprises key production module, be used to generate work at present day corresponding described session key and described MAC key, after described terminal authentication module is to described off-line data interaction process device authentication success, passing to described off-line data interaction process device under described session key and the described MAC key.
12. off-line data interaction process according to claim 11 system is characterized in that described off-line data interaction process device also comprises:
The session encryption module is used to utilize described session key that described offline business information is encrypted, and generates secure service information;
MAC verification module, be used to utilize described MAC key that described secure service information is carried out XOR, generate check information, described off-line data interaction process device is by judging and the check information of described other off-line data interaction process devices generations identical other off-line data interaction process devices that authenticates whether, if identical, then authenticate described other off-line data interaction process devices.
13., it is characterized in that described off-line data interaction process device also comprises according to claim 9 or 10 described off-line data interaction process systems:
The bio-identification module is used for the fingerprint that described user presses pressure is carried out described user's identity legitimacy authentication;
The static password authentication module is used for the static password of described user's input is carried out described user's identity legitimacy is authenticated.
14. according to claim 9 or 10 described off-line data interaction process systems, it is characterized in that, described off-line data interaction process device also comprises an auto-update module, be used for carrying out wireless network and insert, finish the auto-update of off-line data interaction process device software function with described Service Process Server.
15. off-line data interaction process according to claim 9 system, it is characterized in that, described Service Process Server also comprises the terminal staging module, be used to described off-line data interaction process device that the software download of latest edition is provided, finish the software upgrading of described off-line data interaction process device.
16., it is characterized in that described offline business information comprises: electric gift certificate transferable information, electronic cash transfer accounts information, integration transferable information according to claim 9 or 10 described off-line data interaction process systems.
17. one kind is utilized off-line data disposal system as claimed in claim 9 to carry out the method that off-line data is handled, and it is characterized in that, comprising:
Described off-line data interaction process device send server authentication information is to described Service Process Server, the authentication of registering;
After described Service Process Server was registered authentication success, the user imported authentication information, and described off-line data interaction process device authenticates the legitimacy of user identity;
The user imports the IC-card off-line cipher, and described off-line data interaction process device carries out verification to described IC-card off-line cipher;
After authenticating user identification success and IC-card off-line cipher verification succeeds, described user carries out the input of offline business information in described off-line data interaction process device;
Described off-line data interaction process device sends to another off-line data interaction process device with described offline business information and handles;
Described off-line data interaction process device receives the offline business result that described another off-line data interaction process device returns;
Described off-line data interaction process device is uploaded to described Service Process Server in batches with described offline business result.
18. off-line data interaction processing method according to claim 17, it is characterized in that, described off-line data interaction process device is linked into Service Process Server by wireless network, and the authentication of registering also comprises from described Service Process Server obtains a session key and a MAC key.
19. off-line data interaction processing method according to claim 18 is characterized in that, described method also comprises:
Utilize described session key, described offline business information is encrypted, generate secure service information;
Utilize described MAC key, described secure service information is carried out XOR, generate check information, whether described off-line data interaction process device is identical by judging the check information that generates with described another off-line data interaction process device, if identical, then authenticate described off-line data interaction process device and the mutual authentication success of described another off-line data interaction process device.
20. off-line data interaction processing method according to claim 17 is characterized in that, and is described after Service Process Server is registered authentication success, the legitimacy of described user identity authenticated also comprise:
Described user presses the end finger line, and the fingerprint of described user being pressed pressure carries out described user's identity legitimacy authentication;
Described user imports static password, and the static password that described user is imported carries out described user's identity legitimacy is authenticated.
21. off-line data interaction processing method according to claim 17 is characterized in that, described offline business information comprises: electric gift certificate transferable information, electronic cash transfer accounts information, integration transferable information.
22. off-line data interaction processing method according to claim 17 is characterized in that, described method also comprises the auto-update that carries out described off-line data interaction process device software function.
23. one kind is utilized off-line data disposal system as claimed in claim 9 to carry out the method that off-line data is handled, and it is characterized in that, comprising:
Off-line data interaction process device send server authentication information is to Service Process Server, the authentication of registering;
After described Service Process Server was registered authentication success, the user imported authentication information, and described off-line data interaction process device authenticates the legitimacy of user identity;
The user imports the IC-card off-line cipher, and described off-line data interaction process device carries out verification to described IC-card off-line cipher;
After authenticating user identification success and IC-card off-line cipher verification succeeds, described user receives the offline business information that another off-line data interaction process device sends;
Described offline business information is carried out service interaction handle, generate offline business result described another off-line data interaction process device;
Described offline business result is sent to described another off-line data interaction process device, and described offline business result is uploaded to described Service Process Server in batches.
24. off-line data interaction processing method according to claim 23, it is characterized in that, described off-line data interaction process device is linked into Service Process Server by wireless network, and the authentication of registering also comprises from described Service Process Server obtains a session key and a MAC key.
25. off-line data interaction processing method according to claim 24 is characterized in that, described method also comprises:
Described another off-line data interaction process device utilizes described session key, described offline business information is encrypted, generate secure service information, and utilize described MAC key, described secure service information is carried out XOR, generate check information, described secure service information and described check information are sent to described off-line data interaction process device;
Described off-line data interaction process device receives described secure service information and described check information, and utilize described MAC key, by described secure service information is carried out XOR, generate another check information, if described check information is identical with described another check information, then described off-line data interaction process device and the mutual authentication success of described another off-line data interaction process device;
Described off-line data interaction process device utilizes session key that described secure service information is decrypted, and service interaction is handled, and generates the offline business result to described another off-line data interaction process device.
26. off-line data interaction processing method according to claim 23 is characterized in that, and is described after Service Process Server is registered authentication success, the legitimacy of user identity authenticated also comprise:
Described user presses the end finger line, and the fingerprint of described user being pressed pressure carries out described user's identity legitimacy authentication;
Described user imports static password, and the static password that described user is imported carries out described user's identity legitimacy is authenticated.
27. off-line data interaction processing method according to claim 23 is characterized in that, described offline business information comprises: electric gift certificate transferable information, electronic cash transfer accounts information, integration transferable information.
28. off-line data interaction processing method according to claim 23 is characterized in that, described method also comprises the auto-update that carries out described off-line data interaction process device software function.
CN201310088153.1A 2013-03-19 2013-03-19 A kind of off-line data interaction process device, system and method Active CN103218711B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310088153.1A CN103218711B (en) 2013-03-19 2013-03-19 A kind of off-line data interaction process device, system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310088153.1A CN103218711B (en) 2013-03-19 2013-03-19 A kind of off-line data interaction process device, system and method

Publications (2)

Publication Number Publication Date
CN103218711A true CN103218711A (en) 2013-07-24
CN103218711B CN103218711B (en) 2016-12-28

Family

ID=48816475

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310088153.1A Active CN103218711B (en) 2013-03-19 2013-03-19 A kind of off-line data interaction process device, system and method

Country Status (1)

Country Link
CN (1) CN103218711B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618611A (en) * 2013-12-04 2014-03-05 天津大学 Identity verification method based on challenge responses and fingerprint identification
CN104715360A (en) * 2013-12-16 2015-06-17 中国银联股份有限公司 Card-free payment and collection system and method
CN106980920A (en) * 2017-02-17 2017-07-25 阿里巴巴集团控股有限公司 A kind of execution method and device of Internet service
WO2017162035A1 (en) * 2016-03-23 2017-09-28 中国银联股份有限公司 Method and system for transferring money between ic card electronic cash accounts
CN107426158A (en) * 2017-05-03 2017-12-01 中国银联股份有限公司 Safety information interaction method and equipment
CN109978531A (en) * 2017-12-27 2019-07-05 青岛胶南海尔洗衣机有限公司 Offline electronic payment method
CN109978530A (en) * 2017-12-27 2019-07-05 青岛胶南海尔洗衣机有限公司 Offline electronic payment method
CN110740128A (en) * 2019-09-27 2020-01-31 武汉虹识技术有限公司 off-line data encryption method and device
CN112182653A (en) * 2020-09-27 2021-01-05 中国建设银行股份有限公司 Service processing method, device, equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098371A (en) * 2006-06-29 2008-01-02 中国银联股份有限公司 Finance data processing method and mobile terminal equipment
CN102081821A (en) * 2009-11-27 2011-06-01 中国银联股份有限公司 IC (integrated circuit) card paying system and method as well as multi-application IC card and payment terminal
CN102096967A (en) * 2010-12-21 2011-06-15 捷德(中国)信息科技有限公司 Off-line payment method and consumption terminal for electronic purse

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098371A (en) * 2006-06-29 2008-01-02 中国银联股份有限公司 Finance data processing method and mobile terminal equipment
CN102081821A (en) * 2009-11-27 2011-06-01 中国银联股份有限公司 IC (integrated circuit) card paying system and method as well as multi-application IC card and payment terminal
CN102096967A (en) * 2010-12-21 2011-06-15 捷德(中国)信息科技有限公司 Off-line payment method and consumption terminal for electronic purse

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103618611A (en) * 2013-12-04 2014-03-05 天津大学 Identity verification method based on challenge responses and fingerprint identification
CN104715360A (en) * 2013-12-16 2015-06-17 中国银联股份有限公司 Card-free payment and collection system and method
CN104715360B (en) * 2013-12-16 2019-03-15 中国银联股份有限公司 Cash collecting system is paid without card and pays cashing method without card
WO2017162035A1 (en) * 2016-03-23 2017-09-28 中国银联股份有限公司 Method and system for transferring money between ic card electronic cash accounts
CN106980920A (en) * 2017-02-17 2017-07-25 阿里巴巴集团控股有限公司 A kind of execution method and device of Internet service
CN107426158A (en) * 2017-05-03 2017-12-01 中国银联股份有限公司 Safety information interaction method and equipment
CN109978531A (en) * 2017-12-27 2019-07-05 青岛胶南海尔洗衣机有限公司 Offline electronic payment method
CN109978530A (en) * 2017-12-27 2019-07-05 青岛胶南海尔洗衣机有限公司 Offline electronic payment method
CN109978530B (en) * 2017-12-27 2023-12-22 海尔衣联生态科技(上海)有限公司 Offline payment method
CN109978531B (en) * 2017-12-27 2023-12-26 海尔衣联生态科技(上海)有限公司 Offline payment method
CN110740128A (en) * 2019-09-27 2020-01-31 武汉虹识技术有限公司 off-line data encryption method and device
CN110740128B (en) * 2019-09-27 2022-08-23 武汉虹识技术有限公司 Offline data encryption method and device
CN112182653A (en) * 2020-09-27 2021-01-05 中国建设银行股份有限公司 Service processing method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN103218711B (en) 2016-12-28

Similar Documents

Publication Publication Date Title
US11664997B2 (en) Authentication in ubiquitous environment
CN103218711A (en) Device, system and method for off-line data interactive processing
EP3288214B1 (en) Authentication in ubiquitous environment
KR101111381B1 (en) User identification system, apparatus, smart card and method for ubiquitous identity management
RU2648944C2 (en) Methods, devices, and systems for secure provisioning, transmission and authentication of payment data
CN106656488B (en) Key downloading method and device for POS terminal
EP2779564A1 (en) Method and system for authenticating user's identity and equipment used therein
CN104038924B (en) Realize the method and system of Resource Exchange information processing
CN106789018A (en) Secret key remote acquisition methods and device
US20160012272A1 (en) Fingerprint authentication system and a fingerprint authentication method based on nfc
CN107784499B (en) Secure payment system and method of near field communication mobile terminal
AU2015264040A1 (en) Systems and methods for linking devices to user accounts
CN103020818A (en) Payment system utilizing dynamic two-dimensional verification codes
JP2015138545A (en) Electronic payment system and electronic payment method
CN106682905B (en) Application unlocking method
CN104835038A (en) Networking payment device and networking payment method
CN108537532B (en) Resource transfer method, device and system based on near field communication and electronic equipment
CN113595714A (en) Contactless card with multiple rotating security keys
KR20140012335A (en) Apparatus and method for processing finance banking information of smart device using qr code
KR101335091B1 (en) Automatic teller machine for generating a master key and method employing the same
KR20110029032A (en) Method for processing issue public certificate of attestation, terminal and recording medium
KR101103189B1 (en) System and Method for Issueing Public Certificate of Attestation using USIM Information and Recording Medium
CN104113417A (en) Dynamic password identity authentication method and system based on near field communication (NFC)
KR101078953B1 (en) System and Method for Processing Scrap Public Certificate of Attestation and Recording Medium
WO2014003684A1 (en) Terminal and method of authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant