CN103942684A - Data security interactive system - Google Patents

Data security interactive system Download PDF

Info

Publication number
CN103942684A
CN103942684A CN201410171437.1A CN201410171437A CN103942684A CN 103942684 A CN103942684 A CN 103942684A CN 201410171437 A CN201410171437 A CN 201410171437A CN 103942684 A CN103942684 A CN 103942684A
Authority
CN
China
Prior art keywords
intelligent cipher
cipher equipment
information
terminal
transaction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410171437.1A
Other languages
Chinese (zh)
Inventor
李东声
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tendyron Technology Co Ltd
Original Assignee
Tendyron Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tendyron Technology Co Ltd filed Critical Tendyron Technology Co Ltd
Priority to CN201410171437.1A priority Critical patent/CN103942684A/en
Publication of CN103942684A publication Critical patent/CN103942684A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a data security interactive system. According to the system, a terminal scans intelligent code devices, obtains the identification information of the intelligent code devices, generates a message to be signed and an authentication instruction, sends the message to be signed and the authentication instruction to the intelligent code devices, receives a signed message and a certificate of each intelligent code device, sends authentication request information, the identification information, the message to be signed, the signed messages and the certificates to a background, obtains user information and stores the user information in a list after authentication is finished by the background, generates transaction information, obtains transaction request information, sends the transaction request information to the intelligent code devices, receives transaction confirmation information, obtains a transaction data packet, and sends the transaction data packet to the background; the intelligent code devices receive the message to be signed and the authentication instruction, conduct signing to obtain the signed messages, sends the signed messages and the certificates to the terminal, receive the transaction request information, give a prompt about the transaction information, receive a confirmation instruction, and generate the transaction confirmation information; the background receives the authentication request information, the identification information, the message to be signed, the signed messages and the equipment certificates, verifies whether the certificate is legal, verifies the signed messages, finishes verification, receives the transaction data packet, obtains the transaction confirmation information, and executes the transaction after verification of the transaction data packet.

Description

Data security interactive system
Technical field
The present invention relates to a kind of information security field, relate in particular to a kind of data security interactive system.
Background technology
A kind of method of service that mobile payment allows user to use its mobile terminal (terminals such as smart mobile phone, PDA, panel computer, notebook computer) to carry out account payment to consumed commodity or service exactly.Unit or individual by mobile terminal, internet or closely sensing directly or indirectly to bank finance mechanism, send the behavior that payment instruction produces monetary payoff and fund flow, thereby realize mobile payment function.Mobile payment is merged mobile terminal, internet, application provider and financial institution mutually, for user provides monetary payoff, the financial business such as pay the fees.
Mobile payment mainly comprises that remote payment and near field pay two kinds.Remote payment refer to user by mobile terminal login that bank's webpage pays, account operation etc., be mainly used in shopping and the consumption of e-commerce website on line; Near field pays and refers to that consumer is when buying commodity or service, IMU is crossed mobile terminal and is paid to businessman, the processing paying is carried out at the scene, and be not need to use under mobile network's line to operate, by using the passages such as the radio frequency (NFC) of mobile terminal, infrared, bluetooth, the local communication of realization and automatic vending machine and POS machine.
In the process of whole mobile payment, the participant who relates to payment comprises: consumption user, trade company, mobile operator, third party service provider, bank.Consumption user and trade company are the service objects of system, and mobile operator provides network support, and bank side provides bank's related service, and third party service provider provides payment platform service, and the combination by each side is to realize business.The electronization of means of payment and mobile have become inevitable development trend, and the safety issue of mobile-payment system is the key problem of mobile e-business safety.
How in the process of mobile payment, to guarantee that the security of data interaction is problem demanding prompt solution.
Summary of the invention
The present invention is intended to one of address the above problem.
Fundamental purpose of the present invention is to provide a kind of data security interactive system.
For achieving the above object, technical scheme of the present invention is specifically achieved in that
One aspect of the present invention provides a kind of data security interactive system, comprising:
Terminal, at signal cover interscan intelligent cipher equipment, and obtains the identification information of the described intelligent cipher equipment scanning; Generate first and treat signing messages; To intelligent cipher equipment, send described first and treat signing messages and authentication instruction; Receive described the first signing messages and intelligent cipher device certificate that described intelligent cipher equipment sends, the identification information, described first that sends authentication request information, described intelligent cipher equipment to backstage system server is treated signing messages, described the first signing messages and described intelligent cipher device certificate; After described background system server completes the authentication of described intelligent cipher equipment, obtain user profile corresponding to described intelligent cipher equipment; Described user profile is stored in active user's list of setting up in advance; The user profile corresponding according to intelligent cipher equipment to be transacted generates Transaction Information, and obtains transaction request information according to described Transaction Information; To described intelligent cipher equipment, send described transaction request information; Receive described trade confirmation information; According to described trade confirmation information acquisition transaction data package, and send described transaction data package to described background system server;
Described intelligent cipher equipment, treats signing messages and described authentication instruction for receiving described first of described terminal transmission, utilizes the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation, obtains the first signing messages; To described terminal, send described the first signing messages and intelligent cipher device certificate; Receive the described transaction request information that described terminal sends, according to Transaction Information described in described transaction request information acquisition; Point out described Transaction Information; Confirmation of receipt instruction, and generate trade confirmation information;
Described background system server, for receiving the described authentication request information that described terminal sends, whether the identification information, described first of described intelligent cipher equipment is treated signing messages, described the first signing messages and described intelligent cipher device certificate, utilize described in the root certification authentication that the intelligent cipher device certificate that prestores is corresponding intelligent cipher device certificate legal; After the described intelligent cipher device certificate of checking is legal, utilize the first signing messages described in the public key verifications of described intelligent cipher equipment; After described the first signing messages of checking passes through, complete the authentication to described intelligent cipher equipment; Receive the described transaction data package that described terminal sends, according to described transaction data package, obtain described trade confirmation information; Described trade confirmation information is verified, and carried out transaction after being verified.
In addition, in this system,
Described terminal, also for sending identification information and the user profile read requests of described intelligent cipher equipment to described background system server; Receive after the response message of the described user profile read requests that described background system server sends, according to the response message of described user profile read requests, obtain described user profile; Described background system server, also, for receiving identification information and the described user profile read requests of the described intelligent cipher equipment of described terminal transmission, according to the identification information of described intelligent cipher equipment, obtain the user profile corresponding with described intelligent cipher equipment; According to described user profile, obtain the response message of described user profile read requests, and to described terminal, send the response message of described user profile read requests.
In addition, in this system,
Described terminal, also for sending user profile read requests to described intelligent cipher equipment; The response message that receives the described user profile read requests of described intelligent cipher equipment transmission, obtains described user profile according to the response message of described user profile read requests; Described intelligent cipher equipment, also for obtaining pre-stored user profile, and obtains the response message of described user profile read requests, and to described terminal, sends the response message of described user profile read requests according to described user profile.
In addition,, in this system, described background system server, also for sending user profile corresponding to described intelligent cipher equipment to described terminal; Described terminal, user profile corresponding to described intelligent cipher equipment also sending for receiving described background system server.
In addition, in this system,
Described terminal, also in described terminal at signal cover interscan intelligent cipher equipment, and after obtaining the identification information of the described intelligent cipher equipment scanning, the identification information of the whole intelligent cipher equipment of acquisition in the signal cover of described terminal, generates real-time identification list; The identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list is compared according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list, not in described active user's list, obtains user profile corresponding to described intelligent cipher equipment according to the identification information of the described intelligent cipher equipment scanning; And if the identification information of the intelligent cipher equipment in described active user's list is in described real-time identification list, delete in described active user's list the not user profile of the intelligent cipher equipment in described real-time identification list.
In addition, in this system,
Described terminal, also in described terminal at signal cover interscan intelligent cipher equipment, and after obtaining the identification information of the described intelligent cipher equipment scanning, the identification information of the whole intelligent cipher equipment of acquisition in the signal cover of described terminal, generates real-time identification list; The identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list is compared according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list is not in described active user's list, according to the identification information of the described intelligent cipher equipment scanning, obtain user profile corresponding to described intelligent cipher equipment, and obtain after described user profile in described terminal, described user profile is stored in described real-time identification list; And if the identification information of the intelligent cipher equipment in described real-time identification list is in described active user's list, the user profile of described intelligent cipher equipment in described active user's list is stored in described real-time identification list; Described active user's list using described real-time identification list after upgrading.
In addition, in this system,
Described intelligent cipher equipment, also, for receiving described first after signing messages and described authentication instruction, is converted to wake-up states by dormant state; Under wake-up states, utilize the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation, obtain the first signing messages.
In addition, in this system,
Described background system server, also, for receiving at described background system server after the identification information, described first of described authentication request information, described intelligent cipher equipment treats signing messages, described the first signing messages and intelligent cipher device certificate, judge whether the identification information of described intelligent cipher equipment is included in the intelligent cipher unit exception list prestoring in described background system server; After the identification information of judging described intelligent cipher equipment is in described intelligent cipher unit exception list, obtain locking intelligent cipher device directive, and utilize the private key of described background system server to sign and obtain the second signing messages locking intelligent cipher device directive, and to described intelligent cipher equipment, send described locking intelligent cipher device directive and described the second signing messages by described terminal; Described intelligent cipher equipment, the described locking intelligent cipher device directive and described the second signing messages that also for receiving described background system server, by described terminal, send, utilize the PKI in the described background system server certificate prestoring to verify described the second signing messages; After described the second signing messages of checking passes through, according to described locking intelligent cipher device directive, carry out lock operation.
In addition, in this system,
Described background system server, also for receiving the application of intelligent cipher facility registration, and application is examined to described intelligent cipher facility registration; After the application of the described intelligent cipher facility registration of audit is passed through, to described intelligent cipher equipment, send intelligent cipher device keys to generating instruction; Receive after the PKI of the described intelligent cipher device keys centering that described intelligent cipher equipment sends, generate described intelligent cipher device certificate, and send described intelligent cipher device certificate to described intelligent cipher equipment; Described intelligent cipher equipment, also, for receiving described intelligent cipher device keys that described background system server sends to generating after instruction, generates intelligent cipher device keys pair; To described background system server, send the PKI of described intelligent cipher device keys centering; Store described intelligent cipher device certificate.
In addition, in this system,
Described intelligent cipher equipment, also for obtaining intelligent cipher equipment cancellation application, utilize the private key of described intelligent cipher equipment to sign and obtain the 3rd signing messages described cancellation application, and send described intelligent cipher equipment cancellation application and described the 3rd signing messages to described background system server; The described intelligent cipher equipment cancellation that receives described background system server transmission completes information, deletes the private key of described intelligent cipher equipment; Described background system server, the described intelligent cipher equipment cancellation application and described the 3rd signing messages that also for receiving described intelligent cipher equipment, send, utilize the PKI in the described intelligent cipher device certificate prestoring to verify described the 3rd signing messages; In checking, after described the 3rd signing messages passes through, delete the described intelligent cipher device certificate prestoring, and generate the cancellation of intelligent cipher equipment and complete information, to described intelligent cipher equipment, send the cancellation of described intelligent cipher equipment and complete information.
In addition,, in this system, described background system server, also for sending user-authorization-request information by described terminal to described intelligent cipher equipment; Receive the described authorization message that described intelligent cipher equipment sends by described terminal, to described terminal, send the response message of described user profile read requests; Described intelligent cipher equipment, the described user-authorization-request information also sending by described terminal for receiving described background system server, generates authorization message, and to described background system server, sends described authorization message by described terminal.
In addition,, in this system, described intelligent cipher equipment, also, for after receiving described user-authorization-request information, is converted to wake-up states by dormant state; Under wake-up states, generate authorization message.
In addition,, in this system, described intelligent cipher equipment, also, for after receiving described transaction request information, is converted to wake-up states by dormant state; Under wake-up states according to Transaction Information described in described transaction request information acquisition.
In addition,, in this system, described intelligent cipher equipment, also for utilizing the private key of described intelligent cipher equipment to sign to described Transaction Information, generates trading signature information as trade confirmation information or generates dynamic password as trade confirmation information.
In addition, in this system,
Described intelligent cipher equipment, also for generating single transaction sign, and utilizes the private key of described intelligent cipher equipment to sign to described Transaction Information and described single transaction sign, generates trading signature information as trade confirmation information; Or described intelligent cipher equipment, also for generating single transaction sign, utilize the private key of described intelligent cipher equipment to sign and obtain the signing messages of single transaction sign described single transaction sign, and generating dynamic password, the signing messages that single transaction is identified and described dynamic password are as trade confirmation information.
In addition, in this system,
Described terminal, also for receiving the acoustic signals of described intelligent cipher equipment transmission and described acoustic signals being decoded and obtained trade confirmation information; Or gather the image information of described intelligent cipher equipment demonstration and described image information is decoded and obtained described trade confirmation information; Or the communication interface of mating with described intelligent cipher equipment by described terminal receives described trade confirmation information; Or trade confirmation information described in the information acquisition of inputting by described terminal.
In addition, in this system,
Described background system server, also for described trade confirmation information being verified at described background system server, and carry out transaction after being verified after, to described terminal, send Transaction Success acknowledgement information and/or to described intelligent cipher equipment, send Transaction Success acknowledgement information by described terminal; Described intelligent cipher equipment, the described Transaction Success acknowledgement information also sending by described terminal for receiving described background system server, points out described Transaction Success acknowledgement information.
In addition, in this system,
Described terminal, also at described background system server, described trade confirmation information being verified, and carry out transaction after being verified after, sends reimbursement information to described intelligent cipher equipment; Receive described reimbursement confirmation, to described background system server, send described reimbursement confirmation; Described intelligent cipher equipment, the described reimbursement information also sending for receiving described terminal, points out described reimbursement information; Receive reimbursement and confirm instruction, and utilize the private key of described intelligent cipher equipment to sign to described reimbursement information, generate reimbursement confirmation; Described background system server, the described reimbursement confirmation also sending for receiving described terminal, verifies described reimbursement confirmation, and after being verified, carries out reimbursement operation.
In addition, in this system,
Described intelligent cipher equipment, also at described background system server, described trade confirmation information being verified, and carry out transaction after being verified after, sends refund request to described terminal; Receive the described reimbursement information that described terminal sends, point out described reimbursement information; Receive reimbursement and confirm instruction, and utilize the private key of described intelligent cipher equipment to sign to described reimbursement information, generate reimbursement confirmation; Described terminal, also for generating reimbursement information, and sends described reimbursement information to described intelligent cipher equipment; Receive described reimbursement confirmation, to described background system server, send described reimbursement confirmation; Described background system server, the described reimbursement confirmation also sending for receiving described terminal, verifies described reimbursement confirmation, and after being verified, carries out reimbursement operation.
In addition, in this system,
Described intelligent cipher equipment, also at described background system server, described trade confirmation information being verified, and carry out transaction after being verified after, sends refund request to described terminal; Receive the described refund request sign that described terminal sends, generate reimbursement information, and utilize the private key of described intelligent cipher equipment to sign to described reimbursement information, obtain reimbursement confirmation, and send described reimbursement confirmation to described terminal; Described terminal, also for generating refund request sign, and sends described refund request sign to described intelligent cipher equipment; Receive described reimbursement confirmation, to described background system server, send described reimbursement confirmation; Described background system server, the described reimbursement confirmation also sending for receiving described terminal, verifies described reimbursement confirmation, and after being verified, carries out reimbursement operation.
In addition,, in this system, in described reimbursement information, also comprise electron pair bill.
In addition,, in this system, described Transaction Success acknowledgement information also comprises electron pair bill.
In addition,, in this system, in described Transaction Information, also comprise electron pair bill.
In addition,, in this system, described intelligent cipher equipment, also, for before by described terminal scanning, enters and can be scanned state.
As seen from the above technical solution provided by the invention, the terminal of trade company can be by first reading the identification information of intelligent cipher equipment, and the identification information that recycles this intelligent cipher equipment obtains the user profile that intelligent cipher equipment is corresponding.Therefore, client can be without carrying out payment for merchandise by modes such as wallet, credit card, mobile phones, thereby simplified the interactive operation of client and trade company, promoted user's experience.
Accompanying drawing explanation
In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.
Fig. 1 is data security interactive system structural representation provided by the invention;
Fig. 2 is the process flow diagram of data security exchange method provided by the invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on embodiments of the invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.
In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of indications such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, rather than device or the element of indication or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as indication or hint relative importance or quantity or position.
In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be to be also electrically connected to; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.
Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.
Data security interactive system provided by the invention, system architecture applicatory as shown in Figure 1, comprising: background system server, terminal and intelligent cipher equipment.Wherein:
Background system server can complete to the management of intelligent cipher equipment and to the storage of user profile with issue management, such as comprising management such as the registration of intelligent cipher equipment, cancellation, locking, authentications, it can provide the financial services such as bank's related service, payment platform service; Can comprise the combination of one or more servers such as paying server, certificate server, management server.
Terminal can be the terminal of trade company's end, to complete the initiation of mobile payment, the maintenance of user profile etc., this terminal can arrive the intelligent cipher equipment in its signal cover by autoscan, and the communication connection of foundation and intelligent cipher equipment, obtain the user profile that intelligent cipher equipment is corresponding.Terminal of the present invention (such as POS machine etc.) having increased radio communication function module, backstage and terminal room adopt dedicated Internet access, guarantee security.
Intelligent cipher equipment possesses secure payment (for example: electronic signature, dynamic password generate) function, this intelligent cipher equipment possesses wireless communication module (such as bluetooth, infrared ray, RFID, NFC, light, sound wave, heat energy, vibration, WIFI etc.), can and terminal between by this wireless communication module, communicate, certainly, this intelligent cipher equipment can also include line interface (such as audio interface, USB interface, serial ports etc.), and communicates by wireline interface and terminal.In addition, intelligent cipher equipment can also possess connectivity option function, if user does not open this function, terminal cannot be obtained the identification information of intelligent cipher equipment and corresponding user profile.For example: intelligent cipher equipment can enter the state that can be scanned, so that terminal scanning arrives this intelligent cipher equipment.The connectivity option function that intelligent cipher equipment possesses, can open and realize for the hardware switch that arranges on intelligent cipher equipment, also can by software, open realization for intelligent cipher equipment.
As shown in Figure 2, the framework shown in application drawing 1, data security interactive system provided by the invention can be carried out associative operation in the following manner:
Intelligent cipher equipment is registered to backstage system server:
Background system server receives the application of intelligent cipher facility registration, and application is examined to intelligent cipher facility registration; Concrete, the user who holds intelligent cipher equipment can arrive the application for registration that bank counter is handled this intelligent cipher equipment, also can handle by internet the application for registration of this intelligent cipher equipment, background system server receives after this application for registration, and the legitimacy of this user's identity is examined.
Background system server, after the application of audit intelligent cipher facility registration is passed through, sends intelligent cipher device keys to generating instruction to intelligent cipher equipment; Concrete, after the legitimacy of background system server audit user identity etc. is passed through, agreed to user's intelligent cipher equipment to register, to intelligent cipher equipment, send key to generating instruction simultaneously, be used to indicate intelligent cipher equipment and generate intelligent cipher device keys pair, this intelligent cipher device keys is to comprising a pair of public and private key.
Intelligent cipher equipment receives intelligent cipher device keys to generating after instruction, generates intelligent cipher device keys pair; Concrete, in intelligent cipher equipment, can preset a generating mode that key is right, at intelligent cipher equipment, receive intelligent cipher device keys to generating after instruction, according to default key, generating mode is generated to intelligent cipher device keys pair, generate a pair of public and private key.
Intelligent cipher equipment sends the PKI of intelligent cipher device keys centering to backstage system server; Concrete, intelligent cipher equipment can send the PKI of the intelligent cipher device keys centering of its generation by believable communication link to backstage system server, with the security that guarantees that the PKI of intelligent cipher equipment sends; Also can the PKI of the intelligent cipher device keys centering of its generation be sent to backstage system server by internet, to improve the convenience of the PKI transmission of intelligent cipher equipment.
Background system server receives after the PKI of intelligent cipher device keys centering, generates intelligent cipher device certificate, and sends intelligent cipher device certificate to intelligent cipher equipment; Concrete, background system server can calculate and generate intelligent cipher device certificate the PKI of user's information and intelligent cipher equipment with the private key of backstage system server; In background system server, can also comprise CA server, the private key by this CA server calculates and generates intelligent cipher device certificate the PKI of user's information and intelligent cipher equipment; Background system server can also be sent to CA by the PKI of user's information and intelligent cipher equipment, CA calculates and generates intelligent cipher device certificate the PKI of user's information and intelligent cipher equipment according to the private key of CA, and sends to intelligent cipher equipment by background system server.
Intelligent cipher device storage intelligent cipher device certificate; Concrete, intelligent cipher equipment, after receiving the intelligent cipher device certificate of background system server transmission, is stored in this intelligent cipher device certificate in the memory block of carrying out security function.Certainly, for different background system servers, intelligent cipher equipment can also be stored the different intelligent cipher device certificate that different background system servers sends.
Certainly, terminal also can be registered to backstage system server.
Terminal is at signal cover interscan intelligent cipher equipment, and obtains the identification information of the intelligent cipher equipment scanning:
Concrete, terminal can send request signal (for example sequence number of terminal) according to certain time interval and inquire about the intelligent cipher equipment in certain wireless signal coverage;
Intelligent cipher equipment is intercepted (inquiry scan) to the inquiry of terminal, after intelligent cipher equipment enters in the signal cover of terminal, the identification information that sends intelligent cipher equipment to terminal, thus, terminal scanning has arrived the identification information of intelligent cipher equipment.
Below, provide two kinds to realize the mode that terminal scanning obtains the identification information of intelligent cipher equipment:
(1) terminal can be used IAC(Inquiry Access Code, Inquiry Access Code) inquire about the intelligent cipher equipment in certain wireless signal coverage;
Intelligent cipher equipment is intercepted (inquiry scan) to the inquiry of terminal, after intelligent cipher equipment enters in the signal cover of terminal, sends address and the clock information of intelligent cipher equipment to terminal;
Intelligent cipher equipment intercepts the paging information of self terminal, carries out page scan;
The intelligent cipher equipment that paging terminal has inquired;
Intelligent cipher equipment receives after paging information, sends the DAC(Device Access Code of intelligent cipher equipment, device access code to terminal).
(2) terminal sends request signal and inquires about the intelligent cipher equipment in certain wireless signal coverage;
Intelligent cipher equipment is intercepted (inquiry scan) to the request signal of terminal, after intelligent cipher equipment enters in the signal cover of terminal, sends the address of intelligent cipher equipment to terminal.
Certainly, how the present invention only obtains the identification information of intelligent cipher equipment with above two examples explanation terminal, but the present invention is not limited thereto, based on above-mentioned two modes that obtain the identification information of intelligent cipher equipment, intelligent cipher equipment can be when receiving any information of terminal transmission, the information that all terminal can be sent is as dormancy awakening signal, and intelligent cipher equipment, according to dormancy awakening signal, switches to wake-up states (being normal mode of operation) by dormant state.Meanwhile, intelligent cipher equipment, after any command execution finishes, all can automatically reply dormant state.Intelligent cipher equipment enters dormant state to save the electric energy of intelligent cipher equipment, increases the service life.
Before terminal scanning intelligent cipher equipment, intelligent cipher equipment also needs to enter the state that can be scanned, so that terminal can scan this intelligent cipher equipment, wherein, intelligent cipher equipment enters the state that can be scanned and can be opened and be realized by the hardware switch arranging on intelligent cipher equipment, also can be opened and be realized by intelligent cipher device software.
Background system server authenticates intelligent cipher equipment:
Terminal generates first and treats signing messages, concrete, terminal can generate random number by random number generator and treat signing messages as first, also can adopt self sequence number, MAC Address or other identification information to treat signing messages as first, can be also that the combination of random number and identification information is treated signing messages as first.Wherein, as long as the information that can be signed by intelligent cipher equipment all can be used as first, treat signing messages, so that intelligent cipher equipment is sent to background system server after returning to signing messages, background system server is authenticated to intelligent cipher equipment.Random number can be a kind of or several combination arbitrarily in the characters such as numeral, letter, special character.
Terminal sends first to intelligent cipher equipment and treats signing messages and authentication instruction; Concrete, terminal can treat that by first signing messages and authentication instruction send to intelligent cipher equipment by wireless communication link, the convenience sending with guarantee information; Also can by first, treat that signing messages and authentication instruction send to intelligent cipher equipment by wireline interface, to improve the security of communication.
Intelligent cipher equipment receives first after signing messages and authentication instruction, utilizes the private key of intelligent cipher equipment to treat that to first signing messages carries out signature calculation, obtains the first signing messages;
In addition, intelligent cipher equipment is receiving first after signing messages and authentication instruction, utilize the private key of intelligent cipher equipment to treat that to first signing messages carries out signature calculation, while obtaining the first signing messages, intelligent cipher equipment can also, receiving first after signing messages and authentication instruction, be converted to wake-up states by dormant state; Intelligent cipher equipment utilizes the private key of intelligent cipher equipment to treat that to first signing messages carries out signature calculation under wake-up states, obtains the first signing messages.By dormant state, be converted to wake-up states to complete normal work, and after intelligent cipher equipment is finished the work, again switch to dormant state, to reduce electric energy loss, increase the service life.
Intelligent cipher equipment sends the first signing messages and intelligent cipher device certificate to terminal;
Terminal receives after the first signing messages and intelligent cipher device certificate, and the identification information, first that sends authentication request information, intelligent cipher equipment to backstage system server is treated signing messages, the first signing messages and intelligent cipher device certificate.Concrete, terminal only plays the effect of data retransmission, improves data transmission efficiency.
Whether background system server receives the identification information, first of authentication request information, intelligent cipher equipment after signing messages, the first signing messages and intelligent cipher device certificate, utilize the root certification authentication intelligent cipher device certificate that the intelligent cipher device certificate prestore is corresponding legal; Concrete, background system server also obtains the root certificate that intelligent cipher device certificate is corresponding, to intelligent cipher equipment is carried out to legitimate verification.
In order to ensure the security of data interaction and the legitimacy of intelligent cipher equipment, background system server receives the identification information, first of authentication request information, intelligent cipher equipment after signing messages, the first signing messages and intelligent cipher device certificate, also judges whether the identification information of intelligent cipher equipment is included in the intelligent cipher unit exception list prestoring in background system server; Background system server is after the identification information of judging intelligent cipher equipment is in intelligent cipher unit exception list, obtain locking intelligent cipher device directive, and utilize the private key of background system server to sign and obtain the second signing messages locking intelligent cipher device directive, and to intelligent cipher equipment, send locking intelligent cipher device directive and the second signing messages by terminal; Intelligent cipher equipment receives after locking intelligent cipher device directive and the second signing messages, utilizes the PKI in the background system server certificate prestoring to verify the second signing messages; Intelligent cipher equipment, after checking the second signing messages passes through, is carried out lock operation according to locking intelligent cipher device directive.
Concrete, intelligent cipher unit exception list can be for blacklist, report the loss list, inefficacy list etc. represents arbitrarily the illegal list of intelligent cipher equipment identities; If the identification information of intelligent cipher equipment is in intelligent cipher unit exception list, illustrate that this intelligent cipher equipment is illegal intelligent cipher equipment, now, in order to ensure security, background system server sends lock instruction to lock this illegal intelligent cipher equipment by terminal to this illegal intelligent cipher equipment, and meanwhile, background system server is also signed to this lock instruction, to guarantee the legal source of lock instruction, avoid illegally locking the malicious operation of intelligent cipher equipment.
Certainly, the present invention is not limited thereto, for practical application, as long as can the illegal intelligent cipher equipment of legal locking.
In addition, background system server can not signed to lock instruction yet, only send lock instruction to illegal terminal to lock this illegal terminal.
Intelligent cipher equipment is carried out lock operation according to locking intelligent cipher device directive and can be comprised: intelligent cipher equipment refusal is carried out any request, destroys the any-modes such as certificate of self storing.
Certainly, background system server, after sending lock instruction, can also be carried out any request of this illegal intelligent cipher equipment of refusal.
Visible, when user has lost after intelligent cipher equipment, can report the loss to backstage system server, background system server registers to the EIC equipment identification code of this intelligent cipher equipment to report the loss on list; Or occur that account the situation such as reported extremely, background system server also can be by these intelligent cipher device registration in blacklist.Equipment in these abnormal lists all can be as abnormal device registration on abnormal list.Before each transaction, background system server can authenticate intelligent cipher equipment, can be by this device identification and exception name digital ratio pair, if this intelligent cipher equipment is locked on list in verification process.Application which, if someone usurps other people intelligent cipher equipment, and illegal this intelligent cipher equipment that uses of attempt is transferred accounts while stealing user's fund, owing to all can intelligent cipher equipment being authenticated before the each transaction of background system server, background system server can be long-range by this intelligent cipher equipment locking, even if therefore this intelligent cipher equipment is illegally usurped and also can be ensured that user account do not suffer a loss by others.
Background system server, after checking intelligent cipher device certificate is legal, utilizes public key verifications first signing messages of intelligent cipher equipment;
Background system server, after checking the first signing messages passes through, completes the authentication to intelligent cipher equipment; Concrete, background system server, after checking the first signing messages passes through, can also generate and authenticate message, and send to terminal, to inform that terminal authentication completes.
The authentication of intelligent cipher equipment being carried out based on above-mentioned background system server, can guarantee the legitimacy of intelligent cipher equipment, improves the security of subsequent treatment.Meanwhile, can take precautions against fishing risk, prevent the transaction risks such as the distorting of transmission information, long-range abduction and man-in-the-middle attack, thereby effectively ensure intelligent cipher equipment holder's fund security.
Terminal is obtained user profile:
Concrete, terminal (is for example obtained user profile that intelligent cipher equipment is corresponding according to the identification information of the intelligent cipher equipment that scans, can be user's the information such as photo, name, account), specifically can obtain the user profile that intelligent cipher equipment is corresponding through but not limited to following mode:
Mode one, terminal obtain from background system server the user profile that intelligent cipher equipment is corresponding:
Terminal sends identification information and the user profile read requests of intelligent cipher equipment to backstage system server; Concrete, when terminal sends the identification information of intelligent cipher equipment and user profile read requests to backstage system server, can be directly to identification information and the user profile read requests of backstage system server transmission intelligent cipher equipment.
Background system server receives after the identification information and user profile read requests of intelligent cipher equipment, according to the identification information of intelligent cipher equipment, obtains the user profile corresponding with intelligent cipher equipment; Concrete, background system server user profile corresponding to registered each intelligent cipher equipment that prestored, to obtain according to the identification information of the intelligent cipher equipment receiving the user profile that this intelligent cipher equipment is corresponding.
In addition, in order to guarantee the security of user profile, background system server also needs user profile corresponding to this intelligent cipher equipment to be sent to terminal by intelligent cipher equipment holder's mandate.Background system server sends user-authorization-request information (for example, this user-authorization-request information can be random number) by terminal to intelligent cipher equipment; Intelligent cipher equipment receives after user-authorization-request information, generates authorization message (for example, this authorization message can be the information obtaining after this random number is signed), and to backstage system server, sends authorization message by terminal; Background system server receives after authorization message, sends the response message of user profile read requests to terminal.Certainly, after background system server can also utilize the private key of background system server that user-authorization-request information is signed, by terminal, to intelligent cipher equipment, send, intelligent cipher equipment receives after the information of signature, signature is verified, after being verified, think that user-authorization-request information is to come from legal background system server, and this request is confirmed to authorize background system server; Intelligent cipher equipment sends to background system server by terminal after also can utilizing the private key of intelligent cipher equipment to sign to authorization message, background system server receives after the information of signature, signature is verified, after being verified, think that authorization message is to come from correct intelligent cipher equipment, to carry out subsequent operation according to authorization message.Below be only background system server to several modes of intelligent cipher device request mandate, the present invention is not limited thereto, above all kinds of distortion combinations also should belong to protection scope of the present invention.
Certainly, at intelligent cipher equipment, receiving after user-authorization-request information, can also be converted to wake-up states by dormant state; Intelligent cipher equipment generates authorization message under wake-up states.So that saving electric energy, the serviceable life of prolongation intelligent cipher equipment.
Background system server obtains the response message of user profile read requests according to user profile, and to terminal, sends the response message of user profile read requests;
Terminal receives after the response message of user profile read requests, according to the response message of user profile read requests, obtains user profile.
Mode two, terminal obtain from intelligent cipher equipment the user profile that intelligent cipher equipment is corresponding:
Terminal sends user profile read requests to intelligent cipher equipment;
Intelligent cipher equipment obtains pre-stored user profile, and according to user profile, obtains the response message of user profile read requests, and to terminal, sends the response message of user profile read requests;
Terminal receives after the response message of user profile read requests, according to the response message of user profile read requests, obtains user profile.
In addition,, if the holder of intelligent cipher equipment refuses to send user profile, can or to terminal, send exclude information by software control by the button that arranges on intelligent cipher equipment, to guarantee the safety of user profile.
Mode three: background system server directly sends user profile corresponding to intelligent cipher equipment by terminal to intelligent cipher equipment when completing authentication:
Background system server is when the authentication completing intelligent cipher equipment, and background system server also sends user profile corresponding to intelligent cipher equipment to terminal; Concrete, background system server is after completing the authentication of intelligent cipher equipment, can also send and authenticate message to terminal, to inform that terminal background system server authentication intelligent cipher equipment completes, when background system server has authenticated message to terminal transmission, can also obtain the user profile corresponding with this intelligent cipher equipment prestoring according to the identification information of intelligent cipher equipment, thereby send user profile corresponding to intelligent cipher equipment to terminal.
Terminal is obtained the user profile that intelligent cipher equipment is corresponding, the information that terminal directly sends from background system server, gets the user profile that this intelligent cipher equipment is corresponding.
Terminal stores user profile in active user's list of setting up in advance; Concrete, due to flowing of the variation of the volume of the flow of passengers in shop, terminal place, personnel, the intelligent cipher equipment detecting is also constantly to change, and now, this current user list can upgrade through but not limited to following mode:
Mode one:
Terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of terminal, generates real-time identification list;
Terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in real-time identification list and active user's list according to the default time interval;
If the identification information of the intelligent cipher equipment in identification list, not in active user's list, obtains according to the identification information of the intelligent cipher equipment scanning the user profile that intelligent cipher equipment is corresponding in real time; And if the identification information of the intelligent cipher equipment in active user's list is in real-time identification list, delete in active user's list not the user profile of the intelligent cipher equipment in identification list in real time.
By the manner, active user's list is upgraded, can guarantee that user profile corresponding to intelligent cipher equipment in terminal signaling coverage can update in active user's list, for user profile corresponding to intelligent cipher equipment of leaving in terminal signaling coverage, can from active user's list, delete in time, guarantee security.
Mode two:
Terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of terminal, generates real-time identification list;
Terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in real-time identification list and active user's list according to the default time interval;
If the identification information of the intelligent cipher equipment in identification list is not in active user's list in real time, according to the identification information of the intelligent cipher equipment scanning, obtain the user profile that intelligent cipher equipment is corresponding, and obtain after user profile in terminal, user profile is stored in real-time identification list; And if the identification information of the intelligent cipher equipment in real-time identification list is in active user's list, the user profile of the intelligent cipher equipment in active user's list is stored in real-time identification list;
Active user's list using real-time identification list after upgrading.
By the manner, active user's list is upgraded, can only user profile corresponding to intelligent cipher equipment in the signal cover of terminal be upgraded in time, improve and upgrade efficiency.Utilize the manner, terminal is when obtaining user profile, the user profile that in shop, original intelligent cipher equipment is corresponding directly can be copied in real-time identification list from original active user's list, user profile corresponding to client of newly entering shop can be by obtaining to backstage system server or intelligent cipher equipment proposition user profile read requests.
As can be seen here, when shop, the terminal place volume of the flow of passengers changes, do not need trade company to carry out any operation, active user's list can be upgraded automatically, has facilitated the salesman of trade company to safeguard client's information management.
In addition, terminal can show user profile corresponding to user in stored active user's list, so that the holder of intelligent cipher equipment checks this user profile, guarantees the correctness of transaction.
In prior art, process of exchange all needs SIM card or smart card etc. to possess the equipment of account memory function, user's operations such as mobile phone of need to swiping the card, and so trade company could obtain user's accounts information.
Be different from prior art, the terminal of trade company can be by first reading the identification information of intelligent cipher equipment, and the identification information that recycles this intelligent cipher equipment obtains the user profile that intelligent cipher equipment is corresponding.Therefore, client can be without carrying out payment for merchandise by modes such as wallet, credit card, mobile phones, thereby simplified the interactive operation of client and trade company, promoted user's experience.
Transaction Information is processed:
Terminal generates Transaction Information according to user profile corresponding to intelligent cipher equipment to be transacted, and obtains transaction request information according to Transaction Information; Concrete, Transaction Information can comprise dealing money, bank settlement both sides' account information, bank settlement both sides' the information such as identification information, in Transaction Information, can also comprise electron pair bill, user can be according to electron pair bill audit trade detail, for example, concrete exchange hour, transaction odd numbers, the article of dealing money, purchase etc.
Terminal sends transaction request information to intelligent cipher equipment; Concrete, terminal can send transaction request information through but not limited to following mode: terminal sends by acoustic signals after transaction request information is encoded; Or terminal carries out also showing so that intelligent cipher equipment carries out image acquisition after encoding of graphs to transaction request information; Or the communication interface that terminal is mated with intelligent cipher equipment by terminal sends transaction request information.
Intelligent cipher equipment receives after transaction request information, according to transaction request information acquisition Transaction Information;
In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, after receiving transaction request information, be converted to wake-up states by dormant state; Intelligent cipher equipment under wake-up states according to transaction request information acquisition Transaction Information.
Intelligent cipher device prompts Transaction Information; Concrete, intelligent cipher equipment can show Transaction Information by display screen, also can by loudspeaker etc., by Transaction Information, the mode with voice plays back.Certainly, intelligent cipher equipment can also point out user to know real Transaction Information by other means, guarantees the safety of transaction.In addition, intelligent cipher equipment gets after Transaction Information, can also to Transaction Information, carry out the extraction of key message, and intelligent cipher equipment is only pointed out key message, concrete prompting mode can be referring to intelligent cipher equipment the prompting mode to Transaction Information.
Intelligent cipher equipment confirmation of receipt instruction, and generate trade confirmation information; Concrete, the information confirmation of receipt instruction that intelligent cipher equipment can send when the acknowledgement key being arranged on intelligent cipher equipment being detected and be pressed, also can touch the information confirmation of receipt instruction that the virtual acknowledgement key of screen display sends when clicked by detecting, the biological informations such as voice that can also be by detecting, fingerprint, iris are as confirming the any-modes such as instruction.Further, intelligent cipher equipment can generate trade confirmation information through but not limited to following mode: the private key of intelligent cipher equipment utilization intelligent cipher equipment is signed to Transaction Information, generates trading signature information as trade confirmation information; Or intelligent cipher equipment generates dynamic password as trade confirmation information.Certainly, in order to prevent repeat business, guarantee user's account safety, when intelligent cipher equipment generates trade confirmation information at every turn, intelligent cipher equipment also generates single transaction sign, and utilize the private key of intelligent cipher equipment to sign to Transaction Information and single transaction sign, generate trading signature information as trade confirmation information; Or intelligent cipher equipment generates single transaction sign, utilize the private key of intelligent cipher equipment to sign and obtain the signing messages of single transaction sign single transaction sign, and generate dynamic password, the signing messages that single transaction is identified and dynamic password are as trade confirmation information, to guarantee that once transaction is only successfully executed once, wherein single transaction sign can be for random number etc.Because wireless network transmissions circuit is unstable, may occur that intelligent cipher equipment can not receive the situation of receipt, if single transaction sign is not set, terminal is not when receiving the signing messages of intelligent cipher equipment, may need the user who holds this intelligent cipher equipment repeatedly to confirm signature operation, namely intelligent cipher equipment repeatedly sends signing messages to terminal, so just likely cause terminal can utilize these a plurality of signature values to generate a plurality of transaction data package and send to background system server, thereby account corresponding to intelligent cipher equipment repeated to withhold.And if be provided with single transaction sign, when occurring that circuit is unstable, intelligent cipher equipment will continue Transaction Information and same single transaction sign to sign again and send to terminal again, until receive Transaction Success acknowledgement information.The signature that terminal is sent with intelligent cipher equipment generates transaction data package; background system server receives that transaction data package can identify and judge the single transaction of the inside; if this single transaction sign has been kept in transaction daily record; that is to say and conclude the business; just can to this transaction data package, not process again; can not cause repeatedly or repeat to withhold, thereby having protected intelligent cipher equipment user's account fund safety.
Terminal receives trade confirmation information; Concrete, terminal can receive trade confirmation information through but not limited to following mode: terminal receives the acoustic signals of intelligent cipher equipment transmission and acoustic signals is decoded and (for example obtained trade confirmation information, can adopt sound wave identification equipment to identify acoustic signals, adopt sound wave demoder to decode and obtain trade confirmation information acoustic signals); Or terminal gathers image information that intelligent cipher equipment shows to image information (for example, Quick Response Code, bar code etc.) decoding obtains trade confirmation information (for example adopt image capture device to gather image information, employing demoder obtains trade confirmation information after image information is decoded); Or the communication interface that terminal is mated with intelligent cipher equipment by terminal receives trade confirmation information; Or the information acquisition trade confirmation information that terminal is inputted by terminal.
Terminal is according to trade confirmation information acquisition transaction data package, and sends transaction data package to backstage system server; Concrete, in transaction data package, also can comprise other information such as Transaction Information.Transaction Information can comprise dealing money, bank settlement both sides' account information, bank settlement both sides' the information such as identification information, in Transaction Information, can also comprise electron pair bill, user can be according to electron pair bill audit trade detail, for example, concrete exchange hour, transaction odd numbers, the article of dealing money, purchase etc.
Background system server receives after transaction data package, according to transaction data package, obtains trade confirmation information;
Background system server is verified trade confirmation information, and carry out transaction after being verified; Concrete, background system server only after the Information Authentication of checking trade confirmation is passed through, just illustrates that this transaction passed through the confirmation of legal intelligent cipher equipment, and carries out and conclude the business according to the result after confirming.Certainly, in order to guarantee that the holder of intelligent cipher equipment knows transaction and completes, background system server can also send Transaction Success acknowledgement information to intelligent cipher equipment by terminal; Intelligent cipher equipment receives after Transaction Success acknowledgement information, prompting Transaction Success acknowledgement information, in Transaction Success acknowledgement information, can also comprise electron pair bill, user can be according to electron pair bill audit trade detail, for example, concrete exchange hour, transaction odd numbers, the article of dealing money, purchase etc.Background system server can also send Transaction Success acknowledgement information to terminal, so that terminal is known, has concluded the business.Transaction Success acknowledgement information can be also by terminal, to send to intelligent cipher equipment after the private key of background system server by utilizing background system server is signed, intelligent cipher equipment to the information of signature carry out sign test by after be prompted to user and know.
Reimbursement:
When customer need reimbursement, can carry out but be not limited to following several mode to realize reimbursement operation:
Mode one, terminal send reimbursement information to intelligent cipher equipment; Concrete, reimbursement information can comprise: reimbursement both sides' account, refund amount, reimbursement transaction odd numbers, reimbursement both sides' the combination in any such as identification information, in reimbursement information, can also comprise electron pair bill, user can be according to electron pair bill audit reimbursement details, for example, concrete reimbursement time, reimbursement transaction odd numbers, refund amount, the article replaced etc.Terminal can also send reimbursement information through but not limited to following mode: terminal sends by acoustic signals after reimbursement information is encoded; Or terminal carries out also showing so that intelligent cipher equipment carries out image acquisition after encoding of graphs to reimbursement information; Or the communication interface that terminal is mated with intelligent cipher equipment by terminal sends reimbursement information.
Intelligent cipher equipment receives after reimbursement information, prompting reimbursement information; Concrete, intelligent cipher equipment, after receiving reimbursement information, is crossed this reimbursement information exchange the any-modes such as speech play or display screen demonstration and is prompted to user and knows, so that user determines this reimbursement information, is real reimbursement information.
In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, after receiving reimbursement information, be converted to wake-up states by dormant state; Intelligent cipher equipment is pointed out reimbursement information under wake-up states.
Intelligent cipher equipment receives reimbursement and confirms instruction, and utilizes the private key of intelligent cipher equipment to sign to reimbursement information, generates reimbursement confirmation; Concrete, user, after having determined that reimbursement information is real reimbursement information, confirms by modes such as the physical button that arranges on intelligent cipher equipment or virtual keys.Intelligent cipher equipment for example,, (, sending after acoustic signals corresponding to reimbursement confirmation, or show that image information corresponding to reimbursement confirmation reached after predetermined time) after terminal transmission reimbursement confirmation, is converted to dormant state by wake-up states.
Terminal receives reimbursement confirmation, to backstage system server, sends reimbursement confirmation; Concrete, terminal can receive reimbursement confirmation through but not limited to following mode: terminal receives the acoustic signals of intelligent cipher equipment transmission and acoustic signals is decoded and (for example obtained reimbursement confirmation, can adopt sound wave identification equipment to identify acoustic signals, adopt sound wave demoder to decode and obtain reimbursement confirmation acoustic signals); Or terminal gathers image information that intelligent cipher equipment shows to image information (for example, Quick Response Code, bar code etc.) decoding obtains reimbursement confirmation (for example adopt image capture device to gather image information, employing demoder obtains reimbursement confirmation after image information is decoded); Or the communication interface that terminal is mated with intelligent cipher equipment by terminal receives reimbursement confirmation.Meanwhile, terminal can send reimbursement confirmation to backstage system server by safe dedicated network.
Background system server receives after reimbursement confirmation, reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.
For mode one, provide a kind of application scenarios of reimbursement, but the present invention is not limited thereto below:
Shop, according to client's reimbursement purpose, generates reimbursement information (this reimbursement information can be to obtain by searching the Transaction Information having recorded, and can be also a reimbursement information or the other forms of reimbursement information regenerating) by terminal;
Intelligent cipher equipment, after receiving reimbursement information, is converted to wake-up states by dormant state, and reimbursement information is shown, for client, confirms;
Client confirms that this reimbursement information is correct, the acknowledgement key of pressing on intelligent cipher equipment is confirmed, intelligent cipher equipment receives this reimbursement and confirms, after instruction, to utilize the private key of intelligent cipher equipment to sign and obtain reimbursement confirmation reimbursement information, and reimbursement confirmation is sent to terminal;
Terminal receives after reimbursement confirmation, and reimbursement confirmation is sent to background system server;
Background system server receives after reimbursement confirmation, utilizes the PKI of intelligent cipher equipment to verify reimbursement confirmation, after being verified, carrying out reimbursement operation, and sends reimbursement success receipt information to terminal and/or intelligent cipher equipment.
Mode two, which two are with the difference of mode one: before terminal sends reimbursement information to intelligent cipher equipment, this terminal also receives the refund request that this intelligent cipher equipment sends, and generates reimbursement information according to refund request.Concrete, client can be by pressing button on intelligent cipher equipment to generate refund request, and intelligent cipher equipment receives after this refund request, and this refund request is sent to this terminal.In reimbursement information, can also comprise electron pair bill, user can be according to electron pair bill audit reimbursement details, for example, and concrete reimbursement time, reimbursement transaction odd numbers, refund amount, the article replaced etc.Certainly, anyly can trigger the implementation that intelligent cipher equipment generates refund request and all belong in protection scope of the present invention.
In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, sending before refund request to terminal, be converted to wake-up states by dormant state; Intelligent cipher equipment sends refund request to terminal under wake-up states.Intelligent cipher equipment is converted to dormant state by wake-up states after sending refund request.When intelligent cipher equipment receives the reimbursement information of terminal transmission, by dormant state, be converted to wake-up states, under wake-up states, carry out the operation of prompting reimbursement information and generation reimbursement confirmation.Intelligent cipher equipment for example,, (, sending after acoustic signals corresponding to reimbursement confirmation, or show that image information corresponding to reimbursement confirmation reached after predetermined time) after terminal transmission reimbursement confirmation, is converted to dormant state by wake-up states.
Mode three, intelligent cipher equipment send refund request to terminal; Concrete, client can be by pressing button on intelligent cipher equipment to generate refund request, and intelligent cipher equipment receives after this refund request, and this refund request is sent to this terminal.Certainly, anyly can trigger the implementation that intelligent cipher equipment generates refund request and all belong in protection scope of the present invention.
In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, sending before refund request to terminal, be converted to wake-up states by dormant state; Intelligent cipher equipment sends refund request to terminal under wake-up states.
Terminal generates refund request sign, and sends refund request sign to intelligent cipher equipment; Concrete, terminal can generate random number, and this random number is identified as refund request, and this random number is used for offering intelligent cipher equipment to generate reimbursement information.
Intelligent cipher equipment receives after refund request sign, generates reimbursement information, and utilizes the private key of intelligent cipher equipment to sign to reimbursement information, obtains reimbursement confirmation, and sends reimbursement confirmation to terminal; Concrete, the Information generation reimbursement information such as this refund request sign of intelligent cipher equipment utilization, refund amount, reimbursement account, this reimbursement information can also comprise reimbursement transaction odd numbers, reimbursement both sides' the combination in any such as identification information; Wherein, refund amount can be inputted by the button on intelligent cipher equipment, certainly, also can be by other means (for example, phonetic entry) input, reimbursement account can be inputted by the button on intelligent cipher equipment, can also the reimbursement account in intelligent cipher equipment input by reading pre-stored; Certainly, can also after completing, transaction preserve Transaction Information on intelligent cipher equipment, by inquiring about Transaction Information to obtain the information such as refund amount and reimbursement account.Intelligent cipher equipment can also send reimbursement information through but not limited to following mode: intelligent cipher equipment sends by acoustic signals after reimbursement information is encoded; Or intelligent cipher equipment carries out also showing so that terminal is carried out image acquisition after encoding of graphs to reimbursement information; Or the communication interface that intelligent cipher equipment mates with terminal by intelligent cipher equipment sends reimbursement information.
In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also be after sending reimbursement confirmation to terminal (for example, send after acoustic signals corresponding to reimbursement confirmation, or show that image information corresponding to reimbursement confirmation reached after predetermined time), by wake-up states, be converted to dormant state.
Terminal receives reimbursement confirmation, to backstage system server, sends reimbursement confirmation; Concrete, terminal can receive reimbursement confirmation through but not limited to following mode: terminal receives the acoustic signals of intelligent cipher equipment transmission and acoustic signals is decoded and (for example obtained reimbursement confirmation, can adopt sound wave identification equipment to identify acoustic signals, adopt sound wave demoder to decode and obtain reimbursement confirmation acoustic signals); Or terminal gathers image information that intelligent cipher equipment shows to image information (for example, Quick Response Code, bar code etc.) decoding obtains reimbursement confirmation (for example adopt image capture device to gather image information, employing demoder obtains reimbursement confirmation after image information is decoded); Or the communication interface that terminal is mated with intelligent cipher equipment by terminal receives reimbursement confirmation.In addition, terminal sends reimbursement confirmation by dedicated network to backstage system server.
Background system server receives after reimbursement confirmation, reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.Concrete, the PKI of background system server by utilizing intelligent cipher equipment is verified reimbursement confirmation.
For mode three, provide a kind of application scenarios of reimbursement, but the present invention is not limited thereto below:
Intelligent cipher equipment is converted to wake-up states by dormant state; For example, can make intelligent cipher equipment enter wake-up states by holding the client's of this intelligent cipher equipment button operation;
Client can be by pressing button on intelligent cipher equipment to generate refund request, and intelligent cipher equipment receives after this refund request, and this refund request is sent to this terminal;
Terminal can generate random number R, by this random number, as R, is refund request sign, and sends refund request sign to intelligent cipher equipment;
Intelligent cipher equipment generates reimbursement information, and utilizes the private key of intelligent cipher equipment to sign to reimbursement information, obtains reimbursement confirmation, and sends reimbursement confirmation to terminal; Wherein, this reimbursement information at least comprises: the information such as refund request sign, refund amount, reimbursement account, wherein, the information such as refund amount, reimbursement account can be inputted by the button on intelligent cipher equipment by client, or refund amount can be by client by the key-press input on intelligent cipher equipment, the information that reimbursement account prestores from intelligent cipher equipment, read acquisition, or the information such as refund amount, reimbursement account all can read acquisition from the information that intelligent cipher equipment prestores;
Terminal receives after reimbursement confirmation, to backstage system server, sends reimbursement confirmation;
Background system server receives after reimbursement confirmation, utilizes the PKI of intelligent cipher equipment to verify reimbursement confirmation, after being verified, carrying out reimbursement operation, and sends reimbursement success receipt information to terminal and/or intelligent cipher equipment.
In above three kinds of reimbursement modes, can also comprise single reimbursement sign in reimbursement confirmation, this single reimbursement sign can be random number, to guarantee that a reimbursement is only successfully executed once.Certainly, this single reimbursement sign can be generated by terminal, also can be generated by intelligent cipher equipment, can be by intelligent cipher device subscription in reimbursement confirmation.
Certainly, background system server, after carrying out reimbursement operation, can also send reimbursement success receipt information to terminal and/or intelligent cipher equipment, so that shop and/or client can learn reimbursement success.
As can be seen here, by above-mentioned reimbursement flow process, can greatly simplify the operation of client in reimbursement process, the device-dependent security function of application intelligent cipher can ensure the security of client's reimbursement process, for consumer brings seamless experience.
Cancellation:
Comprise the cancellation of terminal and the cancellation of intelligent cipher equipment, below only the cancellation of intelligent cipher equipment described:
Intelligent cipher equipment obtains intelligent cipher equipment cancellation application, utilizes the private key of intelligent cipher equipment to sign and obtain the 3rd signing messages cancellation application, and sends intelligent cipher equipment cancellation application and the 3rd signing messages to backstage system server; Concrete, the 3rd signing messages can send by terminal, also can manually handle.
Background system server receives after the cancellation application of intelligent cipher equipment and the 3rd signing messages, utilizes the PKI in the intelligent cipher device certificate prestoring to verify the 3rd signing messages.
Background system server after the 3rd signing messages passes through, is deleted the intelligent cipher device certificate prestoring in checking, and generates the cancellation of intelligent cipher equipment and complete information, sends the cancellation of intelligent cipher equipment complete information to intelligent cipher equipment; Concrete, background system server, when carrying out cancellation, except deleting the intelligent cipher device certificate prestoring, can also be put into information corresponding to this intelligent cipher equipment in the default cancellation list of background system server and wait other cancellations to operate.
Intelligent cipher equipment receives the cancellation of intelligent cipher equipment and completes after information, deletes the private key of intelligent cipher equipment.Concrete, intelligent cipher equipment can carry out sign test to signing messages, and after sign test is passed through, carries out deletion action.
Background system server, by managing registration, cancellation, the authentication of intelligent cipher equipment and locking several aspects, is guaranteed the legitimacy of intelligent cipher equipment, the property loss having produced while having stopped illegally to be usurped due to intelligent cipher equipment.
What deserves to be explained is; above operation is not carried out successively; it can only complete wherein several operations; in addition; above operation is also not limited only to complete under same application scenarios; no matter under which kind of application scenarios, as long as use arbitrary operation of the present invention, and can safety execute transaction and should belong to protection scope of the present invention.
Below, provide the exemplary a kind of application scenarios of the present invention:
In this application scene, integrated wireless communication module on intelligent cipher equipment, and status control module forms the novel intelligent cipher equipment that can be used for secure payment of the present invention.This intelligent cipher equipment comprises wireless communication module, it can be bluetooth communication or WIFI communication module etc., this wireless communication module can carry out inquiry scan and page scan to other equipment, and can carry out the mutual of signal and data with other wireless devices.On this intelligent cipher equipment, also comprise a status control module simultaneously, can control the duty of wireless communication module and the main frame of intelligent cipher equipment.And intelligent cipher equipment of the present invention possesses two states: dormant state and wake-up states, under dormant state, only have transceiver (wireless communication module) and status control module in work, CPU will close, (for example: signature can not carry out command operating, receive, send the functions such as data), thus make the state of intelligent cipher equipment in a kind of low-power consumption.When other wireless devices are issued this intelligent cipher equipment application instruction from outside, status control module can be identified these signals, and generates wake-up signal, and CPU is waken up as wake-up states, starts to carry out this utility command.After command execution is complete, CPU will enter dormant state again.
Below, for transaction flow process of the present invention, be briefly described:
Intelligent cipher equipment is in dormant state, user enters in the wireless signal coverage of terminal with this intelligent cipher equipment, intelligent cipher equipment and terminal complete the interactive identification of wireless device, and terminal can be known has intelligent cipher equipment to enter shop, terminal place and connects with this intelligent cipher equipment.
After terminal and intelligent cipher equipment connect, terminal can send to intelligent cipher equipment the request of authenticating device, intelligent cipher equipment receives this request, status control module can be sent wake-up signal, now CPU will be waken up, intelligent cipher equipment enters wake-up states, and carries out corresponding operation.
After intelligent cipher equipment completes command adapted thereto, return to dormant state, and continue the equipment interactive identification of maintenance and terminal, so that terminal can judge the holder of intelligent cipher equipment, whether check out.
Terminal proposes the request of reading user profile to backstage system server, background system server proposes the request of input authorized user message, and now terminal can send user-authorization-request to intelligent cipher equipment.
The user-authorization-request that intelligent cipher equipment under dormant state receives self terminal to send, enters wake-up states.Intelligent cipher equipment is by the request of display terminal, and prompting user judges whether to authorize.
The request that user sends according to the terminal showing judges whether to authorize, if authorize, the acknowledgement key of pressing on intelligent cipher equipment makes intelligent cipher equipment produce authorization message and send to terminal, then proceed to dormant state, otherwise, intelligent cipher device end fill order, directly proceeds to dormant state.
When clearing, terminal can send customer transaction again and confirm request instruction to the intelligent cipher equipment of dormant state, intelligent cipher equipment under dormant state receives this instruction and enters wake-up states, intelligent cipher equipment shows the Transaction Information receiving, user confirms, if Transaction Information is correct, presses acknowledgement key intelligent cipher equipment is signed to Transaction Information, and return to terminal; Otherwise, finishing executable operations, intelligent cipher equipment proceeds to dormant state.
Below, provide another kind of application scenarios of the present invention:
Terminal is set up active user's list at home server, and this current user list can be used for storing user profile corresponding to intelligent cipher equipment that the client in current shop holds;
Terminal home server for example, is monitored the intelligent cipher equipment in the wireless signal coverage of terminal by wireless mode (adopting wireless exploration equipment);
Client is carrying the shopping of going window-shopping of the intelligent cipher equipment (in dormant state) with wireless communication function, and in this client enters the wireless signal coverage of terminal, intelligent cipher equipment can be arrived by terminal searching, and sets up wireless connections with terminal;
Terminal sends to intelligent cipher equipment by random number R 1, and sends authentication instruction to intelligent cipher equipment;
Intelligent cipher equipment in dormant state is waken up after receiving the authentication instruction that terminal sends, and enters wake-up states;
Intelligent cipher equipment is made a summary to R1 and is used its encrypted private key summarization generation signature S, and this signature value S and intelligent cipher device certificate are sent to terminal;
Terminal, after receiving the signature S and intelligent cipher device certificate that intelligent cipher equipment sends over, sends to background system server by the identification information of signature S, intelligent cipher device certificate, the random number R 1 producing before and the intelligent cipher equipment that gets;
Background system server is used the legitimacy of the root certification authentication intelligent cipher device certificate that intelligent cipher device certificate is corresponding; If checking is not passed through, finish;
If be verified, background system server is used the public key verifications signature S of intelligent cipher equipment; If checking is not passed through, finish;
If be verified,, after the success of background system server authentication intelligent cipher equipment, user's the user profile such as account are sent to terminal;
Terminal receives after the user profile of background system server transmission, and user profile is stored in active user's list;
After finishing, client's shopping settles accounts to cashier;
Terminal settlement amounts, and account corresponding to intelligent cipher equipment of choosing this client to hold in active user's list;
Terminal generates Transaction Information by the combination in any in the commodity of choosing, dealing money, bank settlement both sides account, bank settlement both sides identification information etc., and sends to intelligent cipher equipment;
Intelligent cipher equipment receives after Transaction Information, proceeds to wake-up states, and Transaction Information is shown on screen, waits for that user confirms;
Client confirms Transaction Information, if having problem by cancellation, and trading suspension, intelligent cipher equipment proceeds to dormant state;
If user presses the confirmation button arranging on intelligent cipher equipment after confirming that Transaction Information is correct, intelligent cipher equipment generates random number, as single transaction sign, makes intelligent cipher equipment sign to Transaction Information and single transaction sign;
Intelligent cipher equipment sends to terminal by signing messages, and terminal is sent to background system server by transfer request and signing messages;
Background system server receives after transfer request and signing messages, certifying signature, and after certifying signature passes through, complete and transfer accounts, and send to terminal the successful information that paid of transferring accounts, certainly, background system server can also complete payment information exchange and cross terminal and send to intelligent cipher equipment, so that client learns, has concluded the business;
Terminal receives that this payment completes information, to client, pays commodity, and checkout completes.
By background system server, intelligent cipher equipment being authenticated, is in believable situation at intelligent cipher equipment, and while utilizing transaction, intelligent cipher equipment, to showing the link of information manual confirmation, has also guaranteed intelligent cipher equipment holder's transaction security.
Based on data security interactive system provided by the invention, client is when entering shop and conclude the business, without related account vehicle equipments such as matching with mobile phone, bank card or financial IC cards, complete payment, and the payment process of original technology all need to possess by SIM card or smart card etc. the equipment of account memory function, user also needs to swipe the card, brush the operations such as mobile phone just can complete transaction.Adopt system provided by the invention, client can be without completing payment by modes such as wallet, credit card, mobile phones, thereby simplified the interactive operation in payment process of client and trade company, improved payment efficiency, promoted the experience of client in the payment process of near field; Utilize the security of the safety profile promise customer payment process of intelligent cipher equipment simultaneously.
Client has chosen commodity later when checkout, terminal is without obtaining user profile by the mode that allows client manually swipe the card or to brush mobile phone again, to have suffered because this user profile has been stored in active user's list of terminal when just entering shop, during checkout, client only need quote the name of oneself, terminal can directly be sent to the Transaction Informations such as the amount of money after clearing client's intelligent cipher equipment and show, now, client only need utilize intelligent cipher equipment to confirm, and export trade confirmation information, terminal generates transaction data package and sends to background system server, the processing of transferring accounts after this transaction data package of background system server authentication is accurate, can complete payment process.
When client walks out the signal cover in this family shop, intelligent cipher equipment is connected and will automatically interrupts with the network between terminal, and user profile disappears from active user's list in this shop.If when client enters again another family shop, will automatically enter in active user's list in this another family shop, start another shopping.Do not need like this client to carry out any operation, only need client, when shopping, a small and exquisite intelligent cipher equipment is put into oneself to pocket, adopt the present invention just can bring seamless experience for client.
In process flow diagram or any process of otherwise describing at this or method describe and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of the step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in storer and by software or the firmware of suitable instruction execution system execution.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: have for data-signal being realized to the discrete logic of the logic gates of logic function, the special IC with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is to come the hardware that instruction is relevant to complete by program, described program can be stored in a kind of computer-readable recording medium, this program, when carrying out, comprises step of embodiment of the method one or a combination set of.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module usings that the form of software function module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium.
The above-mentioned storage medium of mentioning can be ROM (read-only memory), disk or CD etc.
In the description of this instructions, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or feature can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, modification, replacement and modification.Scope of the present invention is by claims and be equal to and limit.

Claims (24)

1. a data security interactive system, is characterized in that, comprising:
Terminal, at signal cover interscan intelligent cipher equipment, and obtains the identification information of the described intelligent cipher equipment scanning; Generate first and treat signing messages; To intelligent cipher equipment, send described first and treat signing messages and authentication instruction; Receive described the first signing messages and intelligent cipher device certificate that described intelligent cipher equipment sends, the identification information, described first that sends authentication request information, described intelligent cipher equipment to backstage system server is treated signing messages, described the first signing messages and described intelligent cipher device certificate; After described background system server completes the authentication of described intelligent cipher equipment, obtain user profile corresponding to described intelligent cipher equipment; Described user profile is stored in active user's list of setting up in advance; The user profile corresponding according to intelligent cipher equipment to be transacted generates Transaction Information, and obtains transaction request information according to described Transaction Information; To described intelligent cipher equipment, send described transaction request information; Receive described trade confirmation information; According to described trade confirmation information acquisition transaction data package, and send described transaction data package to described background system server;
Described intelligent cipher equipment, treats signing messages and described authentication instruction for receiving described first of described terminal transmission, utilizes the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation, obtains the first signing messages; To described terminal, send described the first signing messages and intelligent cipher device certificate; Receive the described transaction request information that described terminal sends, according to Transaction Information described in described transaction request information acquisition; Point out described Transaction Information; Confirmation of receipt instruction, and generate trade confirmation information;
Described background system server, for receiving the described authentication request information that described terminal sends, whether the identification information, described first of described intelligent cipher equipment is treated signing messages, described the first signing messages and described intelligent cipher device certificate, utilize described in the root certification authentication that the intelligent cipher device certificate that prestores is corresponding intelligent cipher device certificate legal; After the described intelligent cipher device certificate of checking is legal, utilize the first signing messages described in the public key verifications of described intelligent cipher equipment; After described the first signing messages of checking passes through, complete the authentication to described intelligent cipher equipment; Receive the described transaction data package that described terminal sends, according to described transaction data package, obtain described trade confirmation information; Described trade confirmation information is verified, and carried out transaction after being verified.
2. system according to claim 1, is characterized in that,
Described terminal, also for sending identification information and the user profile read requests of described intelligent cipher equipment to described background system server; Receive after the response message of the described user profile read requests that described background system server sends, according to the response message of described user profile read requests, obtain described user profile;
Described background system server, also, for receiving identification information and the described user profile read requests of the described intelligent cipher equipment of described terminal transmission, according to the identification information of described intelligent cipher equipment, obtain the user profile corresponding with described intelligent cipher equipment; According to described user profile, obtain the response message of described user profile read requests, and to described terminal, send the response message of described user profile read requests.
3. system according to claim 1, is characterized in that,
Described terminal, also for sending user profile read requests to described intelligent cipher equipment; The response message that receives the described user profile read requests of described intelligent cipher equipment transmission, obtains described user profile according to the response message of described user profile read requests;
Described intelligent cipher equipment, also for obtaining pre-stored user profile, and obtains the response message of described user profile read requests, and to described terminal, sends the response message of described user profile read requests according to described user profile.
4. system according to claim 1, is characterized in that,
Described background system server, also for sending user profile corresponding to described intelligent cipher equipment to described terminal;
Described terminal, user profile corresponding to described intelligent cipher equipment also sending for receiving described background system server.
5. according to the system described in claim 1 to 4 any one, it is characterized in that,
Described terminal, also in described terminal at signal cover interscan intelligent cipher equipment, and after obtaining the identification information of the described intelligent cipher equipment scanning, the identification information of the whole intelligent cipher equipment of acquisition in the signal cover of described terminal, generates real-time identification list; The identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list is compared according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list, not in described active user's list, obtains user profile corresponding to described intelligent cipher equipment according to the identification information of the described intelligent cipher equipment scanning; And if the identification information of the intelligent cipher equipment in described active user's list is in described real-time identification list, delete in described active user's list the not user profile of the intelligent cipher equipment in described real-time identification list.
6. according to the system described in claim 1 to 4 any one, it is characterized in that,
Described terminal, also in described terminal at signal cover interscan intelligent cipher equipment, and after obtaining the identification information of the described intelligent cipher equipment scanning, the identification information of the whole intelligent cipher equipment of acquisition in the signal cover of described terminal, generates real-time identification list; The identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list is compared according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list is not in described active user's list, according to the identification information of the described intelligent cipher equipment scanning, obtain user profile corresponding to described intelligent cipher equipment, and obtain after described user profile in described terminal, described user profile is stored in described real-time identification list; And if the identification information of the intelligent cipher equipment in described real-time identification list is in described active user's list, the user profile of described intelligent cipher equipment in described active user's list is stored in described real-time identification list; Described active user's list using described real-time identification list after upgrading.
7. according to the system described in claim 1 to 6 any one, it is characterized in that,
Described intelligent cipher equipment, also, for receiving described first after signing messages and described authentication instruction, is converted to wake-up states by dormant state; Under wake-up states, utilize the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation, obtain the first signing messages.
8. according to the system described in claim 1 to 7 any one, it is characterized in that,
Described background system server, also, for receiving at described background system server after the identification information, described first of described authentication request information, described intelligent cipher equipment treats signing messages, described the first signing messages and intelligent cipher device certificate, judge whether the identification information of described intelligent cipher equipment is included in the intelligent cipher unit exception list prestoring in described background system server; After the identification information of judging described intelligent cipher equipment is in described intelligent cipher unit exception list, obtain locking intelligent cipher device directive, and utilize the private key of described background system server to sign and obtain the second signing messages locking intelligent cipher device directive, and to described intelligent cipher equipment, send described locking intelligent cipher device directive and described the second signing messages by described terminal;
Described intelligent cipher equipment, the described locking intelligent cipher device directive and described the second signing messages that also for receiving described background system server, by described terminal, send, utilize the PKI in the described background system server certificate prestoring to verify described the second signing messages; After described the second signing messages of checking passes through, according to described locking intelligent cipher device directive, carry out lock operation.
9. according to the system described in claim 1 to 8 any one, it is characterized in that,
Described background system server, also for receiving the application of intelligent cipher facility registration, and application is examined to described intelligent cipher facility registration; After the application of the described intelligent cipher facility registration of audit is passed through, to described intelligent cipher equipment, send intelligent cipher device keys to generating instruction; Receive after the PKI of the described intelligent cipher device keys centering that described intelligent cipher equipment sends, generate described intelligent cipher device certificate, and send described intelligent cipher device certificate to described intelligent cipher equipment;
Described intelligent cipher equipment, also, for receiving described intelligent cipher device keys that described background system server sends to generating after instruction, generates intelligent cipher device keys pair; To described background system server, send the PKI of described intelligent cipher device keys centering; Store described intelligent cipher device certificate.
10. system according to claim 9, is characterized in that,
Described intelligent cipher equipment, also for obtaining intelligent cipher equipment cancellation application, utilize the private key of described intelligent cipher equipment to sign and obtain the 3rd signing messages described cancellation application, and send described intelligent cipher equipment cancellation application and described the 3rd signing messages to described background system server; The described intelligent cipher equipment cancellation that receives described background system server transmission completes information, deletes the private key of described intelligent cipher equipment;
Described background system server, the described intelligent cipher equipment cancellation application and described the 3rd signing messages that also for receiving described intelligent cipher equipment, send, utilize the PKI in the described intelligent cipher device certificate prestoring to verify described the 3rd signing messages; In checking, after described the 3rd signing messages passes through, delete the described intelligent cipher device certificate prestoring, and generate the cancellation of intelligent cipher equipment and complete information, to described intelligent cipher equipment, send the cancellation of described intelligent cipher equipment and complete information.
11. systems according to claim 2, is characterized in that,
Described background system server, also for sending user-authorization-request information by described terminal to described intelligent cipher equipment; Receive the described authorization message that described intelligent cipher equipment sends by described terminal, to described terminal, send the response message of described user profile read requests;
Described intelligent cipher equipment, the described user-authorization-request information also sending by described terminal for receiving described background system server, generates authorization message, and to described background system server, sends described authorization message by described terminal.
12. systems according to claim 11, is characterized in that,
Described intelligent cipher equipment, also, for after receiving described user-authorization-request information, is converted to wake-up states by dormant state; Under wake-up states, generate authorization message.
13. according to the system described in claim 1 to 12 any one, it is characterized in that,
Described intelligent cipher equipment, also, for after receiving described transaction request information, is converted to wake-up states by dormant state; Under wake-up states according to Transaction Information described in described transaction request information acquisition.
14. according to the system described in claim 1 to 13 any one, it is characterized in that,
Described intelligent cipher equipment, also for utilizing the private key of described intelligent cipher equipment to sign to described Transaction Information, generates trading signature information as trade confirmation information or generates dynamic password as trade confirmation information.
15. according to the system described in claim 1 to 13 any one, it is characterized in that,
Described intelligent cipher equipment, also for generating single transaction sign, and utilizes the private key of described intelligent cipher equipment to sign to described Transaction Information and described single transaction sign, generates trading signature information as trade confirmation information; Or
Described intelligent cipher equipment, also for generating single transaction sign, utilize the private key of described intelligent cipher equipment to sign and obtain the signing messages of single transaction sign described single transaction sign, and generating dynamic password, the signing messages that single transaction is identified and described dynamic password are as trade confirmation information.
16. according to the system described in claims 14 or 15, it is characterized in that,
Described terminal, also for receiving the acoustic signals of described intelligent cipher equipment transmission and described acoustic signals being decoded and obtained trade confirmation information; Or
Gather the image information of described intelligent cipher equipment demonstration and described image information is decoded and obtained described trade confirmation information; Or
The communication interface of mating with described intelligent cipher equipment by described terminal receives described trade confirmation information; Or
Trade confirmation information described in the information acquisition of inputting by described terminal.
17. according to the system described in claim 1 to 16 any one, it is characterized in that,
Described background system server, also for described trade confirmation information being verified at described background system server, and carry out transaction after being verified after, to described terminal, send Transaction Success acknowledgement information and/or to described intelligent cipher equipment, send Transaction Success acknowledgement information by described terminal;
Described intelligent cipher equipment, the described Transaction Success acknowledgement information also sending by described terminal for receiving described background system server, points out described Transaction Success acknowledgement information.
18. according to the system described in claim 1 to 17 any one, it is characterized in that,
Described terminal, also at described background system server, described trade confirmation information being verified, and carry out transaction after being verified after, sends reimbursement information to described intelligent cipher equipment; Receive described reimbursement confirmation, to described background system server, send described reimbursement confirmation;
Described intelligent cipher equipment, the described reimbursement information also sending for receiving described terminal, points out described reimbursement information; Receive reimbursement and confirm instruction, and utilize the private key of described intelligent cipher equipment to sign to described reimbursement information, generate reimbursement confirmation;
Described background system server, the described reimbursement confirmation also sending for receiving described terminal, verifies described reimbursement confirmation, and after being verified, carries out reimbursement operation.
19. according to the system described in claim 1 to 17 any one, it is characterized in that,
Described intelligent cipher equipment, also at described background system server, described trade confirmation information being verified, and carry out transaction after being verified after, sends refund request to described terminal; Receive the described reimbursement information that described terminal sends, point out described reimbursement information; Receive reimbursement and confirm instruction, and utilize the private key of described intelligent cipher equipment to sign to described reimbursement information, generate reimbursement confirmation;
Described terminal, also for generating reimbursement information, and sends described reimbursement information to described intelligent cipher equipment; Receive described reimbursement confirmation, to described background system server, send described reimbursement confirmation;
Described background system server, the described reimbursement confirmation also sending for receiving described terminal, verifies described reimbursement confirmation, and after being verified, carries out reimbursement operation.
20. according to the system described in claim 1 to 17 any one, it is characterized in that,
Described intelligent cipher equipment, also at described background system server, described trade confirmation information being verified, and carry out transaction after being verified after, sends refund request to described terminal; Receive the described refund request sign that described terminal sends, generate reimbursement information, and utilize the private key of described intelligent cipher equipment to sign to described reimbursement information, obtain reimbursement confirmation, and send described reimbursement confirmation to described terminal;
Described terminal, also for generating refund request sign, and sends described refund request sign to described intelligent cipher equipment; Receive described reimbursement confirmation, to described background system server, send described reimbursement confirmation;
Described background system server, the described reimbursement confirmation also sending for receiving described terminal, verifies described reimbursement confirmation, and after being verified, carries out reimbursement operation.
21. according to the system described in claim 18 or 19, it is characterized in that, in described reimbursement information, also comprises electron pair bill.
22. systems according to claim 17, is characterized in that, described Transaction Success acknowledgement information also comprises electron pair bill.
23. according to the system described in claim 1 to 22 any one, it is characterized in that, also comprises electron pair bill in described Transaction Information.
24. according to the system described in claim 1 to 23 any one, it is characterized in that,
Described intelligent cipher equipment, also, for before by described terminal scanning, enters and can be scanned state.
CN201410171437.1A 2014-04-25 2014-04-25 Data security interactive system Pending CN103942684A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410171437.1A CN103942684A (en) 2014-04-25 2014-04-25 Data security interactive system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410171437.1A CN103942684A (en) 2014-04-25 2014-04-25 Data security interactive system

Publications (1)

Publication Number Publication Date
CN103942684A true CN103942684A (en) 2014-07-23

Family

ID=51190344

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410171437.1A Pending CN103942684A (en) 2014-04-25 2014-04-25 Data security interactive system

Country Status (1)

Country Link
CN (1) CN103942684A (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104219058A (en) * 2014-09-28 2014-12-17 小米科技有限责任公司 Identity authentication and authorization method and device
CN104376455A (en) * 2014-12-04 2015-02-25 苏州海博智能系统有限公司 Band card transfer payment method
CN105007575A (en) * 2014-12-31 2015-10-28 天地融科技股份有限公司 Calling method and system
CN105243541A (en) * 2015-11-13 2016-01-13 广西米付网络技术有限公司 BLE Bluetooth and sound wave combined mobile payment method and system
CN105488670A (en) * 2015-11-23 2016-04-13 上海银生宝电子支付服务有限公司 Payment request processing method, apparatus and system
WO2017012580A1 (en) * 2015-07-22 2017-01-26 天地融科技股份有限公司 Data processing method and apparatus, and pos machine transaction system
WO2017128974A1 (en) * 2016-01-25 2017-08-03 阿里巴巴集团控股有限公司 Credit payment method and apparatus based on mobile terminal ese
CN107122969A (en) * 2017-03-22 2017-09-01 深圳付贝科技有限公司 A kind of method of payment and its device, system and electronic equipment
CN107481357A (en) * 2017-07-10 2017-12-15 广东工业大学 Gate inhibition's safety certifying method based on certificate locking with dynamic key
WO2018082232A1 (en) * 2016-11-02 2018-05-11 中兴通讯股份有限公司 Method and device for identifying signature, mobile terminal and cloud server
CN108874912A (en) * 2018-05-29 2018-11-23 阿里巴巴集团控股有限公司 A kind of cancellation method and server
CN109076075A (en) * 2016-03-03 2018-12-21 黑莓有限公司 Access corporate resources
CN109919594A (en) * 2019-02-26 2019-06-21 苏州盛迪通电子科技有限公司 A kind of pos electromechanics authentication subprocess method of commerce

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030076961A1 (en) * 2001-10-18 2003-04-24 Kim Hee Sun Method for issuing a certificate using biometric information in public key infrastructure-based authentication system
KR20060118247A (en) * 2005-05-16 2006-11-23 에스케이 텔레콤주식회사 System and method for security of information
CN101131756A (en) * 2006-08-24 2008-02-27 联想(北京)有限公司 Security authentication system, device and method for electric cash charge of mobile paying device
CN101465019A (en) * 2009-01-14 2009-06-24 北京华大智宝电子系统有限公司 Method and system for implementing network authentication
CN101789934A (en) * 2009-11-17 2010-07-28 北京飞天诚信科技有限公司 Method and system for online security trading
CN101860525A (en) * 2009-09-25 2010-10-13 深圳市安捷信联科技有限公司 Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal
CN101944997A (en) * 2010-08-25 2011-01-12 北京市劳动信息中心 IC (Integrated Circuit) card attesting method and system based on double-key and digital certificate system
CN102595643A (en) * 2010-11-19 2012-07-18 罗技欧洲股份有限公司 System and method used for connection and pairing of wireless devices
CN102938116A (en) * 2012-10-25 2013-02-20 时代亿宝(北京)科技有限公司 Full-link protection and management method for ensuring safety of transaction
CN103078742A (en) * 2013-01-10 2013-05-01 天地融科技股份有限公司 Generation method and system of digital certificate
CN103152366A (en) * 2013-04-10 2013-06-12 珠海市魅族科技有限公司 Method, terminal and server for obtaining terminal authorization

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030076961A1 (en) * 2001-10-18 2003-04-24 Kim Hee Sun Method for issuing a certificate using biometric information in public key infrastructure-based authentication system
KR20060118247A (en) * 2005-05-16 2006-11-23 에스케이 텔레콤주식회사 System and method for security of information
CN101131756A (en) * 2006-08-24 2008-02-27 联想(北京)有限公司 Security authentication system, device and method for electric cash charge of mobile paying device
CN101465019A (en) * 2009-01-14 2009-06-24 北京华大智宝电子系统有限公司 Method and system for implementing network authentication
CN101860525A (en) * 2009-09-25 2010-10-13 深圳市安捷信联科技有限公司 Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal
CN101789934A (en) * 2009-11-17 2010-07-28 北京飞天诚信科技有限公司 Method and system for online security trading
CN101944997A (en) * 2010-08-25 2011-01-12 北京市劳动信息中心 IC (Integrated Circuit) card attesting method and system based on double-key and digital certificate system
CN102595643A (en) * 2010-11-19 2012-07-18 罗技欧洲股份有限公司 System and method used for connection and pairing of wireless devices
CN102938116A (en) * 2012-10-25 2013-02-20 时代亿宝(北京)科技有限公司 Full-link protection and management method for ensuring safety of transaction
CN103078742A (en) * 2013-01-10 2013-05-01 天地融科技股份有限公司 Generation method and system of digital certificate
CN103152366A (en) * 2013-04-10 2013-06-12 珠海市魅族科技有限公司 Method, terminal and server for obtaining terminal authorization

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104219058A (en) * 2014-09-28 2014-12-17 小米科技有限责任公司 Identity authentication and authorization method and device
CN104219058B (en) * 2014-09-28 2018-05-25 小米科技有限责任公司 Authentication, identification authorization method and device
CN104376455A (en) * 2014-12-04 2015-02-25 苏州海博智能系统有限公司 Band card transfer payment method
CN105119887B (en) * 2014-12-31 2018-11-30 天地融科技股份有限公司 Method of calling and system
CN105025469A (en) * 2014-12-31 2015-11-04 天地融科技股份有限公司 Sign-in method and system
CN105119889A (en) * 2014-12-31 2015-12-02 天地融科技股份有限公司 Calling method and calling system
CN105007575B (en) * 2014-12-31 2019-06-25 天地融科技股份有限公司 Method of calling and system
CN105119889B (en) * 2014-12-31 2019-01-08 天地融科技股份有限公司 Method of calling and system
CN105119887A (en) * 2014-12-31 2015-12-02 天地融科技股份有限公司 Calling method and system and fixed telephone set
CN105025469B (en) * 2014-12-31 2019-06-25 天地融科技股份有限公司 One kind is registered method and system
CN105007575A (en) * 2014-12-31 2015-10-28 天地融科技股份有限公司 Calling method and system
WO2017012580A1 (en) * 2015-07-22 2017-01-26 天地融科技股份有限公司 Data processing method and apparatus, and pos machine transaction system
US10769597B2 (en) 2015-07-22 2020-09-08 Tendyron Corporation Data processing method and device, and POS transaction system
CN105243541A (en) * 2015-11-13 2016-01-13 广西米付网络技术有限公司 BLE Bluetooth and sound wave combined mobile payment method and system
CN105488670A (en) * 2015-11-23 2016-04-13 上海银生宝电子支付服务有限公司 Payment request processing method, apparatus and system
US11210650B2 (en) 2016-01-25 2021-12-28 Advanced New Technologies Co., Ltd. Credit payment method and apparatus based on mobile terminal embedded secure element
US11288655B2 (en) 2016-01-25 2022-03-29 Advanced New Technologies Co., Ltd. Credit payment method and apparatus based on mobile terminal embedded secure element
WO2017128974A1 (en) * 2016-01-25 2017-08-03 阿里巴巴集团控股有限公司 Credit payment method and apparatus based on mobile terminal ese
CN109076075B (en) * 2016-03-03 2021-11-09 黑莓有限公司 Accessing enterprise resources
CN109076075A (en) * 2016-03-03 2018-12-21 黑莓有限公司 Access corporate resources
WO2018082232A1 (en) * 2016-11-02 2018-05-11 中兴通讯股份有限公司 Method and device for identifying signature, mobile terminal and cloud server
CN107122969A (en) * 2017-03-22 2017-09-01 深圳付贝科技有限公司 A kind of method of payment and its device, system and electronic equipment
CN107481357A (en) * 2017-07-10 2017-12-15 广东工业大学 Gate inhibition's safety certifying method based on certificate locking with dynamic key
CN108874912A (en) * 2018-05-29 2018-11-23 阿里巴巴集团控股有限公司 A kind of cancellation method and server
CN109919594A (en) * 2019-02-26 2019-06-21 苏州盛迪通电子科技有限公司 A kind of pos electromechanics authentication subprocess method of commerce

Similar Documents

Publication Publication Date Title
US9807612B2 (en) Secure data interaction method and system
CN103942684A (en) Data security interactive system
AU2012303620B2 (en) System and method for secure transaction process via mobile device
CN103942687A (en) Data security interactive system
CN105608577B (en) Method for realizing non-repudiation, payment management server and user terminal thereof
CN103942688A (en) Data security interactive system
CN103944736A (en) Data security interactive method
CN103944730A (en) Data security interactive system
US11108558B2 (en) Authentication and fraud prevention architecture
CN103942685A (en) Data security interactive system
CN103942690A (en) Data security interactive system
WO2015161690A1 (en) Secure data interaction method and system
CN103944729A (en) Data security interactive method
CN103944908A (en) Data updating method and system
CN103944734A (en) Data security interactive method
CN202771476U (en) Security certification system
CN112889046A (en) System and method for password authentication of contactless cards
US20120303534A1 (en) System and method for a secure transaction
CN103944728A (en) Data security interactive system
CN103944735A (en) Data security interactive method
CN103944731A (en) Data security interactive method
WO2015161693A1 (en) Secure data interaction method and system
CN103942686A (en) Data security interactive system
CN103944907A (en) Data updating method and system
CN103944909A (en) Data updating method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination