CN103944731A - Data security interactive method - Google Patents

Abstract

The invention provides a data security interactive method. The data security interactive method comprises the steps that identification information of an intelligent cryptographic device is obtained by a terminal; information to be signed is generated by the terminal; the terminal sends the information to be signed and an authentication instruction; the intelligent cryptographic device signs the information to be signed, so that signed information is obtained; the intelligent cryptographic device sends the signed information and a certificate; authentication request information, identification information, the information to be signed, the signed information and the certificate are sent to a background through the terminal; the certificate and the signed information are verified by the background, and after both the certificate and the signed information pass verification, authentication is finished; user information is obtained and stored through the terminal and transaction request information is obtained according to the user information; the transaction request information is sent by the terminal; the intelligent cryptographic device obtains transaction information according to the transaction request information; the intelligent cryptographic device gives a prompt of the transaction information, receives a confirmation instruction and generates confirmation information; the terminal receives the confirmation information; the terminal obtains transaction packages according to the confirmation information and sends the transaction packages to the background; the background obtains and verifies the confirmation information and a transaction is conducted after verification is passed.

Description

Data security exchange method

Technical field

The present invention relates to a kind of information security field, relate in particular to a kind of data security exchange method.

Background technology

A kind of method of service that mobile payment allows user to use its mobile terminal (terminal such as such as smart mobile phone, PDA, panel computer, notebook computer) to carry out account payment to consumed commodity or service exactly.Unit or individual by mobile terminal, the Internet or closely sensing directly or indirectly send payment instruction to bank finance mechanism and produce the behavior of monetary payoff and fund flow, thereby realize mobile payment function.Mobile payment is merged mobile terminal, the Internet, application provider and financial institution mutually, for user provides the financial business such as monetary payoff, payment.

Mobile payment mainly comprises that remote payment and near field pay two kinds.Remote payment refer to user by mobile terminal login that bank's webpage pays, account operation etc., be mainly used in shopping and the consumption of e-commerce website on line; Near field pays and refers to that consumer is in the time buying commodity or service, IMU is crossed mobile terminal and is paid to businessman, the processing paying is carried out at the scene, and be not need to use under mobile network's line to operate, by using the passages such as the radio frequency (NFC) of mobile terminal, infrared, bluetooth, the local communication of realization and automatic vending machine and POS machine.

In the process of whole mobile payment, the participant who relates to payment comprises: consumption user, trade company, mobile operator, third party service provider, bank.Consumption user and trade company are the service objects of system, and mobile operator provides network support, and bank side provides bank's related service, and third party service provider provides payment platform service, and the combination by each side is to realize business.The electronization of means of payment and mobile have become inevitable development trend, and the safety issue of mobile-payment system is the key problem of mobile e-business safety.

How in the process of mobile payment, to ensure that the fail safe of data interaction is problem demanding prompt solution.

Summary of the invention

The present invention is intended to one of address the above problem.

Main purpose of the present invention is to provide a kind of data security exchange method.

For achieving the above object, technical scheme of the present invention is specifically achieved in that

A kind of data security exchange method, comprising: terminal is at signal cover interscan intelligent cipher equipment, and obtains the identification information of the described intelligent cipher equipment scanning; Described terminal generates first and treats signing messages; Described terminal sends described first to intelligent cipher equipment and treats signing messages and certification instruction; Described intelligent cipher equipment receives described first after signing messages and described certification instruction, utilizes the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation, obtains the first signing messages; Described intelligent cipher equipment sends described the first signing messages and intelligent cipher device certificate to described terminal; Described terminal receives after described the first signing messages and intelligent cipher device certificate, and the identification information, described first that sends authentication request information, described intelligent cipher equipment to backstage system server is treated signing messages, described the first signing messages and described intelligent cipher device certificate; Whether described background system server receives the identification information, described first of described authentication request information, described intelligent cipher equipment after signing messages, described the first signing messages and described intelligent cipher device certificate, utilize described in the root certification authentication that the intelligent cipher device certificate that prestores is corresponding intelligent cipher device certificate legal; Described background system server, after the described intelligent cipher device certificate of checking is legal, utilizes the first signing messages described in the public key verifications of described intelligent cipher equipment; Described background system server, after described the first signing messages of checking passes through, completes the certification to described intelligent cipher equipment; After described background system server completes the certification of described intelligent cipher equipment, described terminal is obtained user profile corresponding to described intelligent cipher equipment; Described terminal stores described user profile in active user's list of setting up in advance; Described terminal generates Transaction Information according to user profile corresponding to intelligent cipher equipment to be transacted, and obtains transaction request information according to described Transaction Information; Described terminal sends described transaction request information to described intelligent cipher equipment; Described intelligent cipher equipment receives after described transaction request information, according to Transaction Information described in described transaction request information acquisition; Transaction Information described in described intelligent cipher device prompts; Described intelligent cipher equipment confirmation of receipt instruction, and generate trade confirmation information; Described terminal receives described trade confirmation information; Described terminal is according to described trade confirmation information acquisition transaction data package, and sends described transaction data package to described background system server; Described background system server receives after described transaction data package, obtains described trade confirmation information according to described transaction data package; Described background system server is verified described trade confirmation information, and carry out transaction after being verified.

In addition, described terminal is obtained user profile corresponding to described intelligent cipher equipment and is comprised: described terminal sends identification information and the user profile read requests of described intelligent cipher equipment to described background system server; Described background system server receives after the identification information and described user profile read requests of described intelligent cipher equipment, obtains the user profile corresponding with described intelligent cipher equipment according to the identification information of described intelligent cipher equipment; Described background system server obtains the response message of described user profile read requests according to described user profile, and sends the response message of described user profile read requests to described terminal; Described terminal receives after the response message of described user profile read requests, obtains described user profile according to the response message of described user profile read requests.

In addition, described terminal is obtained user profile corresponding to described intelligent cipher equipment and is comprised: described terminal sends user profile read requests to described intelligent cipher equipment; Described intelligent cipher equipment obtains pre-stored user profile, and obtains the response message of described user profile read requests according to described user profile, and sends the response message of described user profile read requests to described terminal; Described terminal receives after the response message of described user profile read requests, obtains described user profile according to the response message of described user profile read requests.

In addition, described background system server completes the certification of described intelligent cipher equipment is comprised: described background system server sends user profile corresponding to described intelligent cipher equipment to described terminal; Described terminal is obtained user profile corresponding to described intelligent cipher equipment and is comprised: described terminal receives user profile corresponding to described intelligent cipher equipment that described background system server sends.

In addition, described terminal is at signal cover interscan intelligent cipher equipment, and after obtaining the step of identification information of the described intelligent cipher equipment scanning, described method also comprises: described terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of described terminal, generates real-time identification list; Described terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list not in described active user's list, is carried out described terminal and obtains according to the identification information of the described intelligent cipher equipment scanning the step of the user profile that described intelligent cipher equipment is corresponding; And if the identification information of intelligent cipher equipment in described active user's list is in described real-time identification list, delete in described active user's list the not user profile of the intelligent cipher equipment in described real-time identification list.

In addition, described terminal is at signal cover interscan intelligent cipher equipment, and after obtaining the step of identification information of the described intelligent cipher equipment scanning, described method also comprises: described terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of described terminal, generates real-time identification list; Described terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list is not in described active user's list, carry out described terminal and obtain the step of the user profile that described intelligent cipher equipment is corresponding according to the identification information of the described intelligent cipher equipment scanning, and obtain after described user profile in described terminal, described user profile is stored in described real-time identification list; And if the identification information of intelligent cipher equipment in described real-time identification list is in described active user's list, the user profile of described intelligent cipher equipment in described active user's list is stored in described real-time identification list; Described active user's list using described real-time identification list after upgrading.

In addition, described intelligent cipher equipment receives described first after signing messages and described certification instruction, utilize the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation, obtaining the first signing messages comprises: described intelligent cipher equipment, receiving described first after signing messages and described certification instruction, is converted to wake-up states by resting state; Described intelligent cipher equipment utilizes the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation under wake-up states, obtains the first signing messages.

In addition, described background system server receives the identification information, described first of described authentication request information, described intelligent cipher equipment after signing messages, described the first signing messages and intelligent cipher device certificate, and described method also comprises: described background system server judges whether the identification information of described intelligent cipher equipment is included in the intelligent cipher unit exception list prestoring in described background system server; Described background system server is after the identification information of judging described intelligent cipher equipment is in described intelligent cipher unit exception list, obtain locking intelligent cipher device directive, and utilize the private key of described background system server to sign and obtain the second signing messages locking intelligent cipher device directive, and send described locking intelligent cipher device directive and described the second signing messages by described terminal to described intelligent cipher equipment; Described intelligent cipher equipment receives after described locking intelligent cipher device directive and described the second signing messages, utilizes the PKI in the described background system server certificate prestoring to verify described the second signing messages; Described intelligent cipher equipment, after described the second signing messages of checking passes through, is carried out lock operation according to described locking intelligent cipher device directive.

In addition, described method also comprises: described background system server receives the application of intelligent cipher facility registration, and application is audited to described intelligent cipher facility registration; Described background system server, after the application of the described intelligent cipher facility registration of examination & verification is passed through, sends intelligent cipher device keys to generating instruction to described intelligent cipher equipment; Described intelligent cipher equipment receives described intelligent cipher device keys to generating after instruction, generates intelligent cipher device keys pair; Described intelligent cipher equipment sends the PKI of described intelligent cipher device keys centering to described background system server; Described background system server receives after the PKI of described intelligent cipher device keys centering, generates described intelligent cipher device certificate, and sends described intelligent cipher device certificate to described intelligent cipher equipment; Intelligent cipher device certificate described in described intelligent cipher device storage.

In addition, described intelligent cipher equipment obtains intelligent cipher equipment cancellation application, utilize the private key of described intelligent cipher equipment to sign and obtain the 3rd signing messages described cancellation application, and send described intelligent cipher equipment cancellation application and described the 3rd signing messages to described background system server; Described background system server receives after described intelligent cipher equipment cancellation application and described the 3rd signing messages, utilizes the PKI in the described intelligent cipher device certificate prestoring to verify described the 3rd signing messages; Described background system server is after described the 3rd signing messages of checking passes through, the described intelligent cipher device certificate that deletion prestores, and generate the cancellation of intelligent cipher equipment and complete information, send the cancellation of described intelligent cipher equipment to described intelligent cipher equipment and complete information; Described intelligent cipher equipment receives the cancellation of described intelligent cipher equipment and completes after information, deletes the private key of described intelligent cipher equipment.

In addition, after described background system server receives the identification information of described intelligent cipher equipment and the step of described user profile read requests, described background system server sends the step of response message of described user profile read requests to described terminal before, described method also comprises: described background system server sends user-authorization-request information by described terminal to described intelligent cipher equipment; Described intelligent cipher equipment receives after described user-authorization-request information, generates authorization message, and sends described authorization message by described terminal to described background system server; Described background system server receives after described authorization message, carries out described background system server and send to described terminal the step of the response message of described user profile read requests.

In addition, described intelligent cipher equipment receives after described user-authorization-request information, and the step that generates authorization message comprises: described intelligent cipher equipment, receiving after described user-authorization-request information, is converted to wake-up states by resting state; Described intelligent cipher equipment generates authorization message under wake-up states.

In addition, described intelligent cipher equipment receives after described transaction request information, comprise according to the step of Transaction Information described in described transaction request information acquisition: described intelligent cipher equipment receives after described transaction request information, is converted to wake-up states by resting state; Described intelligent cipher equipment under wake-up states according to Transaction Information described in described transaction request information acquisition.

In addition, the step that described intelligent cipher equipment generates trade confirmation information comprises: described in described intelligent cipher equipment utilization, the private key of intelligent cipher equipment is signed to described Transaction Information, generates trading signature information as trade confirmation information; Or described intelligent cipher equipment generates dynamic password as trade confirmation information.

In addition, the step that described intelligent cipher equipment generates trade confirmation information comprises: described intelligent cipher equipment generates single transaction mark, and utilize the private key of described intelligent cipher equipment to sign to described Transaction Information and described single transaction mark, generate trading signature information as trade confirmation information; Or described intelligent cipher equipment generates single transaction mark, utilize the private key of described intelligent cipher equipment to sign and obtain the signing messages of single transaction mark described single transaction mark, and generating dynamic password, the signing messages that single transaction is identified and described dynamic password are as trade confirmation information.

In addition the step that, described terminal receives described trade confirmation information comprises: described terminal receives acoustic signals that described intelligent cipher equipment sends and to the described acoustic signals acquisition trade confirmation information of decode; Or described terminal gathers the image information of described intelligent cipher equipment demonstration and described image information is decoded and obtained described trade confirmation information; Or the communication interface that described terminal is mated with described intelligent cipher equipment by described terminal receives described trade confirmation information; Or trade confirmation information described in the information acquisition that described terminal is inputted by described terminal.

In addition, described background system server is verified described trade confirmation information, and carry out the step of transaction after being verified after, described method also comprises: described background system server sends Transaction Success acknowledgement information to described terminal; Or described background system server sends Transaction Success acknowledgement information by described terminal to described intelligent cipher equipment; Described intelligent cipher equipment receives after described Transaction Success acknowledgement information, points out described Transaction Success acknowledgement information.

In addition, described background system server is verified described trade confirmation information, and carry out the step of transaction after being verified after, described method also comprises: described terminal sends reimbursement information to described intelligent cipher equipment; Described intelligent cipher equipment receives after described reimbursement information, points out described reimbursement information; Described intelligent cipher equipment receives reimbursement and confirms instruction, and utilizes the private key of described intelligent cipher equipment to sign to described reimbursement information, generates reimbursement confirmation; Described terminal receives described reimbursement confirmation, sends described reimbursement confirmation to described background system server; Described background system server receives after described reimbursement confirmation, described reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.

In addition, described background system server is verified described trade confirmation information, and carry out the step of transaction after being verified after, described method also comprises: described intelligent cipher equipment sends refund request to described terminal; Described terminal generates reimbursement information, and sends described reimbursement information to described intelligent cipher equipment; Described intelligent cipher equipment receives after described reimbursement information, points out described reimbursement information; Described intelligent cipher equipment receives reimbursement and confirms instruction, and utilizes the private key of described intelligent cipher equipment to sign to described reimbursement information, generates reimbursement confirmation; Described terminal receives described reimbursement confirmation, sends described reimbursement confirmation to described background system server; Described background system server receives after described reimbursement confirmation, described reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.

In addition, described background system server is verified described trade confirmation information, and carry out the step of transaction after being verified after, described method also comprises: described intelligent cipher equipment sends refund request to described terminal; Described terminal generates refund request mark, and sends described refund request mark to described intelligent cipher equipment; Described intelligent cipher equipment receives after described refund request mark, generates reimbursement information, and utilizes the private key of described intelligent cipher equipment to sign to described reimbursement information, obtains reimbursement confirmation, and sends described reimbursement confirmation to described terminal; Described terminal receives described reimbursement confirmation, sends described reimbursement confirmation to described background system server; Described background system server receives after described reimbursement confirmation, described reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.

In addition, in described reimbursement information, also comprise duplet bill.

In addition, described Transaction Success acknowledgement information also comprises duplet bill.

In addition, in described Transaction Information, also comprise duplet bill.

In addition, described terminal is at signal cover interscan intelligent cipher equipment, and before obtaining the identification information of the described intelligent cipher equipment scanning, described method also comprises: described intelligent cipher equipment enters and can be scanned state.

As seen from the above technical solution provided by the invention, the terminal of trade company can be by first reading the identification information of intelligent cipher equipment, and the identification information that recycles this intelligent cipher equipment obtains the user profile that intelligent cipher equipment is corresponding.Therefore, client can be without carrying out payment for merchandise by modes such as wallet, credit card, mobile phones, thereby simplified the interactive operation of client and trade company, promoted user's experience.

Brief description of the drawings

In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.

Fig. 1 is data security interactive system structural representation provided by the invention;

Fig. 2 is the flow chart of data security exchange method provided by the invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.

In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of instructions such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of device or the element of instruction or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.

In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also electrical connection; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

Data security exchange method provided by the invention, system architecture applicatory as shown in Figure 1, comprising: background system server, terminal and intelligent cipher equipment.Wherein:

Background system server can complete the management to intelligent cipher equipment and the storage to user profile and issue management, for example comprise the management such as registration to intelligent cipher equipment, cancellation, locking, certification, it can provide the financial service such as bank's related service, payment platform service; Can comprise the combination of one or more servers such as paying server, certificate server, management server.

Terminal can be the terminal of trade company's end, to complete the initiation of mobile payment, the maintenance of user profile etc., this terminal can arrive the intelligent cipher equipment in its signal cover by automatic scan, and the communication connection of foundation and intelligent cipher equipment, obtain the user profile that intelligent cipher equipment is corresponding.Terminal of the present invention (such as POS machine etc.) increasing radio communication function module, backstage and terminal room adopt dedicated Internet access, ensure fail safe.

Intelligent cipher equipment possesses secure payment (for example: electronic signature, dynamic password generate) function, this intelligent cipher equipment possesses wireless communication module (for example: bluetooth, infrared ray, RFID, NFC, light, sound wave, heat energy, vibration, WIFI etc.), can and terminal between communicate by this wireless communication module, certainly, this intelligent cipher equipment can also include line interface (for example: audio interface, USB interface, serial ports etc.), and communicates by wireline interface and terminal.In addition, intelligent cipher equipment can also possess connectivity option function, if user does not open this function, terminal cannot be obtained the identification information of intelligent cipher equipment and corresponding user profile.For example: intelligent cipher equipment can enter the state that can be scanned, so that terminal scanning arrives this intelligent cipher equipment.The connectivity option function that intelligent cipher equipment possesses, can be that the hardware switch arranging on intelligent cipher equipment is opened realization, can be also that intelligent cipher equipment is opened and realized by software.

As shown in Figure 2, data security exchange method provided by the invention, comprising:

Step 1: intelligent cipher equipment is registered to backstage system server:

Background system server receives the application of intelligent cipher facility registration, and application is audited to intelligent cipher facility registration; Concrete, the user who holds intelligent cipher equipment can arrive bank counter and handle the application for registration of this intelligent cipher equipment, also can handle by the Internet the application for registration of this intelligent cipher equipment, background system server receives after this application for registration, and the legitimacy of the identity to this user is audited.

Background system server, after the application of examination & verification intelligent cipher facility registration is passed through, sends intelligent cipher device keys to generating instruction to intelligent cipher equipment; Concrete, after the legitimacy of background system server examination & verification user identity etc. is passed through, agreed to user's intelligent cipher equipment to register, send key to generating instruction to intelligent cipher equipment simultaneously, be used to indicate intelligent cipher equipment and generate intelligent cipher device keys pair, this intelligent cipher device keys is to comprising a pair of public and private key.

Intelligent cipher equipment receives intelligent cipher device keys to generating after instruction, generates intelligent cipher device keys pair; Concrete, in intelligent cipher equipment, can preset a generating mode that key is right, receive intelligent cipher device keys to generating after instruction at intelligent cipher equipment, according to default key, generating mode is generated to intelligent cipher device keys pair, generate a pair of public and private key.

Intelligent cipher equipment sends the PKI of intelligent cipher device keys centering to backstage system server; Concrete, intelligent cipher equipment can send the PKI of the intelligent cipher device keys centering of its generation by believable communication link to backstage system server, with the fail safe that ensures that the PKI of intelligent cipher equipment sends; Also can the PKI of the intelligent cipher device keys centering of its generation be sent by the Internet to the convenience of transmitting to improve the PKI of intelligent cipher equipment to backstage system server.

Background system server receives after the PKI of intelligent cipher device keys centering, generates intelligent cipher device certificate, and sends intelligent cipher device certificate to intelligent cipher equipment; Concrete, background system server can be with the private key of backstage system server the PKI of the information to user and intelligent cipher equipment calculates generation intelligent cipher device certificate; In background system server, can also comprise CA server, the PKI of the information of the private key by this CA server to user and intelligent cipher equipment calculates and generates intelligent cipher device certificate; Background system server can also be sent to CA by the PKI of user's information and intelligent cipher equipment, the PKI of the CA information to user and intelligent cipher equipment according to the private key of CA calculates and generates intelligent cipher device certificate, and sends to intelligent cipher equipment by background system server.

Intelligent cipher device storage intelligent cipher device certificate; Concrete, intelligent cipher equipment, receiving after the intelligent cipher device certificate of background system server transmission, is stored in this intelligent cipher device certificate in the memory block of carrying out safety function.Certainly,, for different background system servers, intelligent cipher equipment can also be stored the different intelligent cipher device certificate that different background system servers sends.

Certainly, terminal also can be registered to backstage system server.

Step 2: terminal is at signal cover interscan intelligent cipher equipment, and obtain the identification information of the intelligent cipher equipment scanning:

Concrete, terminal can send request signal (sequence number of for example terminal) according to certain time interval and inquire about the intelligent cipher equipment in certain wireless signal coverage;

Intelligent cipher equipment is intercepted (inquiry scan) to the inquiry of terminal, after intelligent cipher equipment enters in the signal cover of terminal, the identification information that sends intelligent cipher equipment to terminal, thus, terminal scanning has arrived the identification information of intelligent cipher equipment.

Below, provide two kinds of methods that realize terminal scanning and obtain the identification information of intelligent cipher equipment:

(1) terminal can be used IAC (Inquiry Access Code, Inquiry Access Code) to inquire about the intelligent cipher equipment in certain wireless signal coverage;

Intelligent cipher equipment is intercepted (inquiry scan) to the inquiry of terminal, after intelligent cipher equipment enters in the signal cover of terminal, sends address and the clock information of intelligent cipher equipment to terminal;

Intelligent cipher equipment intercepts the paging information of self terminal, carries out page scan;

The intelligent cipher equipment that paging terminal has inquired;

Intelligent cipher equipment receives after paging information, sends the DAC (Device Access Code, device access code) of intelligent cipher equipment to terminal.

(2) terminal sends request signal and inquires about the intelligent cipher equipment in certain wireless signal coverage;

Intelligent cipher equipment is intercepted (inquiry scan) to the request signal of terminal, after intelligent cipher equipment enters in the signal cover of terminal, sends the address of intelligent cipher equipment to terminal.

Certainly, how the present invention only obtains the identification information of intelligent cipher equipment with above two examples explanation terminal, but the present invention is not limited thereto, the method of the identification information based on above-mentioned two acquisition intelligent cipher equipment, intelligent cipher equipment can be in the time receiving any information of terminal transmission, the information that all terminal can be sent is as dormancy awakening signal, and intelligent cipher equipment, according to dormancy awakening signal, switches to wake-up states (being normal mode of operation) by resting state.Meanwhile, intelligent cipher equipment, after any command execution finishes, all can automatically reply resting state.Intelligent cipher equipment enters resting state to save the electric energy of intelligent cipher equipment, increases the service life.

Before this step terminal scanning intelligent cipher equipment, intelligent cipher equipment also needs to enter the state that can be scanned, so that terminal can scan this intelligent cipher equipment, wherein, intelligent cipher equipment enters the state that can be scanned and can be opened and be realized by the hardware switch arranging on intelligent cipher equipment, also can be opened and be realized by intelligent cipher device software.

Step 3: background system server authenticates intelligent cipher equipment:

Terminal generates first and treats signing messages, concrete, terminal can generate random number by random number generator and treat signing messages as first, also can adopt self sequence number, MAC Address or other identification information to treat signing messages as first, can be also that the combination of random number and identification information is treated signing messages as first.Wherein, treat signing messages as long as the information that can be signed by intelligent cipher equipment all can be used as first, so that intelligent cipher equipment is sent to background system server after returning to signing messages, background system server is authenticated to intelligent cipher equipment.Random number can be a kind of or several combination arbitrarily in the characters such as numeral, letter, spcial character.

Terminal sends first to intelligent cipher equipment and treats signing messages and certification instruction; Concrete, terminal can treat that by first signing messages and certification instruction send to intelligent cipher equipment by wireless communication link, the convenience sending with guarantee information; Also can treat that by first signing messages and certification instruction send to intelligent cipher equipment by wireline interface, to improve the fail safe of communication.

Intelligent cipher equipment receives first after signing messages and certification instruction, utilizes the private key of intelligent cipher equipment to treat that to first signing messages carries out signature calculation, obtains the first signing messages;

In addition, intelligent cipher equipment is receiving first after signing messages and certification instruction, utilize the private key of intelligent cipher equipment to treat that to first signing messages carries out signature calculation, obtain in the step of the first signing messages, intelligent cipher equipment can also, receiving first after signing messages and certification instruction, be converted to wake-up states by resting state; Intelligent cipher equipment utilizes the private key of intelligent cipher equipment to treat that to first signing messages carries out signature calculation under wake-up states, obtains the first signing messages.Be converted to wake-up states to complete normal work by resting state, and after intelligent cipher equipment is finished the work, again switch to resting state, to reduce electric energy loss, increase the service life.

Intelligent cipher equipment sends the first signing messages and intelligent cipher device certificate to terminal;

Terminal receives after the first signing messages and intelligent cipher device certificate, and the identification information, first that sends authentication request information, intelligent cipher equipment to backstage system server is treated signing messages, the first signing messages and intelligent cipher device certificate.Concrete, in this step, terminal only plays the effect of data retransmission, improves data transmission efficiency.

Whether background system server receives the identification information, first of authentication request information, intelligent cipher equipment after signing messages, the first signing messages and intelligent cipher device certificate, utilize the root certification authentication intelligent cipher device certificate that the intelligent cipher device certificate that prestores is corresponding legal; Concrete, background system server also obtains the root certificate that intelligent cipher device certificate is corresponding, to intelligent cipher equipment is carried out to legitimate verification.

In order to ensure the fail safe of data interaction and the legitimacy of intelligent cipher equipment, background system server receives the identification information, first of authentication request information, intelligent cipher equipment after signing messages, the first signing messages and intelligent cipher device certificate, also judges whether the identification information of intelligent cipher equipment is included in the intelligent cipher unit exception list prestoring in background system server; Background system server is after the identification information of judging intelligent cipher equipment is in intelligent cipher unit exception list, obtain locking intelligent cipher device directive, and utilize the private key of background system server to sign and obtain the second signing messages locking intelligent cipher device directive, and send locking intelligent cipher device directive and the second signing messages by terminal to intelligent cipher equipment; Intelligent cipher equipment receives after locking intelligent cipher device directive and the second signing messages, utilizes the PKI in the background system server certificate prestoring to verify the second signing messages; Intelligent cipher equipment, after checking the second signing messages passes through, is carried out lock operation according to locking intelligent cipher device directive.

Concrete, intelligent cipher unit exception list can be for blacklist, report the loss list, inefficacy list etc. represents arbitrarily the illegal list of intelligent cipher equipment identities; If the identification information of intelligent cipher equipment is in intelligent cipher unit exception list, illustrate that this intelligent cipher equipment is illegal intelligent cipher equipment, now, in order to ensure fail safe, background system server sends lock instruction to lock this illegal intelligent cipher equipment by terminal to this illegal intelligent cipher equipment, and meanwhile, background system server is also signed to this lock instruction, to guarantee the legal source of lock instruction, avoid illegally locking the malicious operation of intelligent cipher equipment.

Certainly, the present invention is not limited thereto, for practical application, as long as can the illegal intelligent cipher equipment of legal locking.

In addition, background system server also can not signed to lock instruction, only send lock instruction to illegal terminal to lock this illegal terminal.

Intelligent cipher equipment is carried out lock operation according to locking intelligent cipher device directive and can be comprised: intelligent cipher equipment refusal is carried out any request, destroys the any-mode such as certificate of self storage.

Certainly, background system server is sending after lock instruction, can also carry out any request of this illegal intelligent cipher equipment of refusal.

Visible, when user has lost after intelligent cipher equipment, can report the loss to backstage system server, background system server registers to the EIC equipment identification code of this intelligent cipher equipment to report the loss on list; Or occur that account the situation such as reported extremely, background system server also can be by these intelligent cipher device registration in blacklist.Equipment in these abnormal lists all can be served as abnormal device registration on abnormal list.Before each transaction, background system server can authenticate intelligent cipher equipment, can be by this device identification and exception name digital ratio pair, if this intelligent cipher equipment is locked on list in verification process.Application the method, if someone usurps other people intelligent cipher equipment, and illegal this intelligent cipher equipment that uses of attempt is transferred accounts while stealing user's fund, owing to all can intelligent cipher equipment being authenticated before the each transaction of background system server, background system server can be long-range by this intelligent cipher equipment locking, even if therefore this intelligent cipher equipment is illegally usurped and also can be ensured that user account do not suffer a loss by others.

Background system server, after checking intelligent cipher device certificate is legal, utilizes public key verifications first signing messages of intelligent cipher equipment;

Background system server, after checking the first signing messages passes through, completes the certification to intelligent cipher equipment; Concrete, background system server, after checking the first signing messages passes through, can also generate and authenticate message, and send to terminal, to inform that terminal authentication completes.

The certification of intelligent cipher equipment being carried out based on above-mentioned background system server, can guarantee the legitimacy of intelligent cipher equipment, improves the fail safe of subsequent treatment.Meanwhile, can take precautions against fishing risk, prevent the transaction risks such as the distorting of transmission information, long-range abduction and man-in-the-middle attack, thereby effectively ensure intelligent cipher equipment holder's fund security.

Step 4: terminal is obtained user profile:

Concrete, in this step, terminal (is for example obtained user profile that intelligent cipher equipment is corresponding according to the identification information of the intelligent cipher equipment that scans, can be the information such as user's photo, name, account), specifically can obtain the user profile that intelligent cipher equipment is corresponding through but not limited to following mode:

Mode one, terminal obtain from background system server the user profile that intelligent cipher equipment is corresponding:

Terminal sends identification information and the user profile read requests of intelligent cipher equipment to backstage system server; Concrete, in the time that terminal sends the identification information of intelligent cipher equipment and user profile read requests to backstage system server, can be directly to identification information and the user profile read requests of backstage system server transmission intelligent cipher equipment.

Background system server receives after the identification information and user profile read requests of intelligent cipher equipment, obtains the user profile corresponding with intelligent cipher equipment according to the identification information of intelligent cipher equipment; Concrete, background system server user profile corresponding to registered each intelligent cipher equipment that prestored, to obtain according to the identification information of the intelligent cipher equipment receiving the user profile that this intelligent cipher equipment is corresponding.

In addition, in order to ensure the fail safe of user profile, background system server also needs user profile corresponding this intelligent cipher equipment to be sent to terminal by intelligent cipher equipment holder's mandate.Background system server sends user-authorization-request information (for example, this user-authorization-request information can be random number) by terminal to intelligent cipher equipment; Intelligent cipher equipment receives after user-authorization-request information, generates authorization message (for example, this authorization message can be the information obtaining after this random number is signed), and sends authorization message by terminal to backstage system server; Background system server receives after authorization message, carries out the step of background system server to the response message of terminal transmission user profile read requests.Certainly, after background system server can also utilize the private key of background system server that user-authorization-request information is signed, send to intelligent cipher equipment by terminal, intelligent cipher equipment receives after the information of signature, signature is verified, after being verified, think that user-authorization-request information is to come from legal background system server, and this request is confirmed to authorize background system server; Intelligent cipher equipment sends to background system server by terminal after also can utilizing the private key of intelligent cipher equipment to sign to authorization message, background system server receives after the information of signature, signature is verified, after being verified, think that authorization message is to come from correct intelligent cipher equipment, to carry out subsequent operation according to authorization message.Below be only several modes of background system server to the mandate of intelligent cipher device request, the present invention is not limited thereto, and above all kinds of distortion combinations also should belong to protection scope of the present invention.

Certainly, receiving after user-authorization-request information at intelligent cipher equipment, can also be converted to wake-up states by resting state; Intelligent cipher equipment generates authorization message under wake-up states.So that saving electric energy, the useful life of prolongation intelligent cipher equipment.

Background system server obtains the response message of user profile read requests according to user profile, and sends the response message of user profile read requests to terminal;

Terminal receives after the response message of user profile read requests, obtains user profile according to the response message of user profile read requests.

Mode two, terminal obtain from intelligent cipher equipment the user profile that intelligent cipher equipment is corresponding:

Terminal sends user profile read requests to intelligent cipher equipment;

Intelligent cipher equipment obtains pre-stored user profile, and obtains the response message of user profile read requests according to user profile, and sends the response message of user profile read requests to terminal;

Terminal receives after the response message of user profile read requests, obtains user profile according to the response message of user profile read requests.

In addition,, if the holder of intelligent cipher equipment refuses to send user profile, can or send exclude information by software control to terminal by the button that arranges on intelligent cipher equipment, to ensure the safety of user profile.

Mode three: background system server directly sends user profile corresponding to intelligent cipher equipment by terminal to intelligent cipher equipment in completing certification:

Background system server is in the time of the certification completing intelligent cipher equipment, and background system server also sends user profile corresponding to intelligent cipher equipment to terminal; Concrete, background system server is after completing the certification of intelligent cipher equipment, can also send and authenticate message to terminal, to inform that terminal background system server authentication intelligent cipher equipment completes, in the time that background system server has authenticated message to terminal transmission, can also obtain the user profile corresponding with this intelligent cipher equipment prestoring according to the identification information of intelligent cipher equipment, thereby send user profile corresponding to intelligent cipher equipment to terminal.

Terminal is obtained the user profile that intelligent cipher equipment is corresponding, the information that terminal directly sends from background system server, gets the user profile that this intelligent cipher equipment is corresponding.

Terminal stores user profile in active user's list of setting up in advance; Concrete, due to flowing of the variation of the volume of the flow of passengers in shop, terminal place, personnel, the intelligent cipher equipment detecting is also constantly to change, and now, this current user list can upgrade through but not limited to following mode:

Mode one:

Terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of terminal, generates real-time identification list;

Terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in real-time identification list and active user's list according to the default time interval;

If the identification information of the intelligent cipher equipment in real time in identification list not in active user's list, is carried out terminal and obtains according to the identification information of the intelligent cipher equipment scanning the step of the user profile that intelligent cipher equipment is corresponding; And if the identification information of intelligent cipher equipment in active user's list is in identification list in real time, delete in active user's list not the user profile of the intelligent cipher equipment in identification list in real time.

By the manner, active user's list is upgraded, can ensure that user profile corresponding to intelligent cipher equipment in terminal signaling coverage can update in active user's list, can from active user's list, delete in time for user profile corresponding to intelligent cipher equipment of leaving in terminal signaling coverage, ensure fail safe.

Mode two:

Terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of terminal, generates real-time identification list;

Terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in real-time identification list and active user's list according to the default time interval;

If the identification information of the intelligent cipher equipment in identification list is not in active user's list in real time, carry out terminal and obtain the step of the user profile that intelligent cipher equipment is corresponding according to the identification information of the intelligent cipher equipment scanning, and obtain after user profile in terminal, user profile is stored in real-time identification list; And if in real time the identification information of the intelligent cipher equipment in identification list, in active user's list, is stored to the user profile of the intelligent cipher equipment in active user's list in real-time identification list;

Active user's list using real-time identification list after upgrading.

By the manner, active user's list is upgraded, can only user profile corresponding to intelligent cipher equipment in the signal cover of terminal be upgraded in time, improve and upgrade efficiency.Utilize the manner, terminal is in the time obtaining user profile, the user profile that in shop, original intelligent cipher equipment is corresponding directly can be copied in real-time identification list from original active user's list, user profile corresponding to client of newly entering shop can be by obtaining to backstage system server or intelligent cipher equipment proposition user profile read requests.

As can be seen here, in the time that shop, the terminal place volume of the flow of passengers changes, do not need trade company to carry out any operation, active user's list can be upgraded automatically, has facilitated the salesman of trade company to safeguard client's information management.

In addition, terminal can show user profile corresponding to user in stored active user's list, so that the holder of intelligent cipher equipment checks this user profile, guarantees the correctness of transaction.

In prior art, process of exchange all needs SIM card or smart card etc. to possess the equipment of account memory function, user's operations such as mobile phone of need to swiping the card, and so trade company could obtain user's accounts information.

Be different from prior art, the terminal of trade company can be by first reading the identification information of intelligent cipher equipment, and the identification information that recycles this intelligent cipher equipment obtains the user profile that intelligent cipher equipment is corresponding.Therefore, client can be without carrying out payment for merchandise by modes such as wallet, credit card, mobile phones, thereby simplified the interactive operation of client and trade company, promoted user's experience.

Step 5: Transaction Information processing:

Terminal generates Transaction Information according to user profile corresponding to intelligent cipher equipment to be transacted, and obtains transaction request information according to Transaction Information; Concrete, Transaction Information can comprise dealing money, bank settlement both sides' the information such as account information, bank settlement both sides' identification information, in Transaction Information, can also comprise duplet bill, user can be according to duplet bill examination & verification trade detail, for example, concrete exchange hour, transaction odd numbers, the article of dealing money, purchase etc.

Terminal sends transaction request information to intelligent cipher equipment; Concrete, terminal can send transaction request information through but not limited to following mode: terminal sends by acoustic signals after transaction request information is encoded; Or terminal carries out also showing so that intelligent cipher equipment carries out IMAQ after encoding of graphs to transaction request information; Or the communication interface that terminal is mated with intelligent cipher equipment by terminal sends transaction request information.

Intelligent cipher equipment receives after transaction request information, according to transaction request information acquisition Transaction Information;

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, receiving after transaction request information, be converted to wake-up states by resting state; Intelligent cipher equipment under wake-up states according to transaction request information acquisition Transaction Information.

Intelligent cipher device prompts Transaction Information; Concrete, intelligent cipher equipment can show Transaction Information by display screen, also can Transaction Information be played back in the mode of voice by loud speaker etc.Certainly, intelligent cipher equipment can also point out user to know real Transaction Information by other means, guarantees the safety of transaction.In addition, intelligent cipher equipment gets after Transaction Information, can also carry out to Transaction Information the extraction of key message, and intelligent cipher equipment is only pointed out key message, concrete prompting mode can be referring to intelligent cipher equipment the prompting mode to Transaction Information.

Intelligent cipher equipment confirmation of receipt instruction, and generate trade confirmation information; Concrete, the information confirmation of receipt instruction that intelligent cipher equipment can send when detecting that the acknowledgement key being arranged on intelligent cipher equipment is pressed, also can touch the information confirmation of receipt instruction that the virtual acknowledgement key of screen display sends when clicked by detecting, the biological informations such as voice that can also be by detecting, fingerprint, iris are as confirming the any-modes such as instruction.Further, intelligent cipher equipment can generate trade confirmation information through but not limited to following mode: the private key of intelligent cipher equipment utilization intelligent cipher equipment is signed to Transaction Information, generates trading signature information as trade confirmation information; Or intelligent cipher equipment generates dynamic password as trade confirmation information.Certainly, in order to prevent repeat business, ensure user's account safety, in the time that intelligent cipher equipment generates trade confirmation information at every turn, intelligent cipher equipment also generates single transaction mark, and utilize the private key of intelligent cipher equipment to sign to Transaction Information and single transaction mark, generate trading signature information as trade confirmation information; Or intelligent cipher equipment generates single transaction mark, utilize the private key of intelligent cipher equipment to sign and obtain the signing messages of single transaction mark single transaction mark, and generate dynamic password, the signing messages that single transaction is identified and dynamic password are as trade confirmation information, to ensure that once transaction is only successfully executed once, wherein single transaction mark can be random number etc.Because wireless network transmissions circuit is unstable, may occur that intelligent cipher equipment can not receive the situation of receipt, if single transaction mark is not set, terminal is not in the time receiving the signing messages of intelligent cipher equipment, may need the user who holds this intelligent cipher equipment repeatedly to confirm signature operation, namely intelligent cipher equipment repeatedly sends signing messages to terminal, so just likely cause terminal can utilize these multiple signature values to generate multiple transaction data package and send to background system server, thereby account corresponding to intelligent cipher equipment repeated to withhold.And if be provided with single transaction mark, in the time occurring that circuit is unstable, intelligent cipher equipment will continue Transaction Information and same single transaction mark to sign again and send to terminal again, until receive Transaction Success acknowledgement information.The signature that terminal is sent with intelligent cipher equipment generates transaction data package; background system server receives that transaction data package can identify and judge the single transaction of the inside; if this single transaction mark has been kept in transaction daily record; that is to say and conclude the business; just can not process this transaction data package again; can not cause repeatedly or repeat to withhold, thereby having protected intelligent cipher equipment user's account fund safety.

Terminal receives trade confirmation information; Concrete, terminal can receive trade confirmation information through but not limited to following mode: terminal receives the acoustic signals of intelligent cipher equipment transmission and acoustic signals is decoded and (for example obtained trade confirmation information, can adopt sound wave identification equipment to identify acoustic signals, adopt sound wave decoder to decode and obtain trade confirmation information acoustic signals); Or terminal gathers image information that intelligent cipher equipment shows to image information (for example, Quick Response Code, bar code etc.) decoding obtains trade confirmation information (for example adopt image capture device to gather image information, employing decoder obtains trade confirmation information after image information is decoded); Or the communication interface that terminal is mated with intelligent cipher equipment by terminal receives trade confirmation information; Or the information acquisition trade confirmation information that terminal is inputted by terminal.

Terminal is according to trade confirmation information acquisition transaction data package, and sends transaction data package to backstage system server; Concrete, in transaction data package, also can comprise other information such as Transaction Information.Transaction Information can comprise dealing money, bank settlement both sides' the information such as account information, bank settlement both sides' identification information, in Transaction Information, can also comprise duplet bill, user can be according to duplet bill examination & verification trade detail, for example, concrete exchange hour, transaction odd numbers, the article of dealing money, purchase etc.

Background system server receives after transaction data package, obtains trade confirmation information according to transaction data package;

Background system server is verified trade confirmation information, and carry out transaction after being verified; Concrete, background system server only after the Information Authentication of checking trade confirmation is passed through, just illustrates that this transaction passed through the confirmation of legal intelligent cipher equipment, and carries out and conclude the business according to the result after confirming.Certainly,, in order to ensure that the holder of intelligent cipher equipment knows transaction and completes, background system server can also send Transaction Success acknowledgement information to intelligent cipher equipment by terminal; Intelligent cipher equipment receives after Transaction Success acknowledgement information, prompting Transaction Success acknowledgement information, in Transaction Success acknowledgement information, can also comprise duplet bill, user can be according to duplet bill examination & verification trade detail, for example, concrete exchange hour, transaction odd numbers, the article of dealing money, purchase etc.Background system server can also send Transaction Success acknowledgement information to terminal, has concluded the business so that terminal is known.Transaction Success acknowledgement information can be also to send to intelligent cipher equipment by terminal after the private key of background system server by utilizing background system server is signed, intelligent cipher equipment to the information of signature carry out sign test by after be prompted to user and know.

Step 6: reimbursement:

In the time of customer need reimbursement, can carry out but be not limited to following several mode to realize reimbursement operation:

Mode one, terminal send reimbursement information to intelligent cipher equipment; Concrete, reimbursement information can comprise: the combination in any such as reimbursement both sides' account, refund amount, reimbursement transaction odd numbers, reimbursement both sides' identification information, in reimbursement information, can also comprise duplet bill, user can be according to duplet bill examination & verification reimbursement details, for example, concrete reimbursement time, reimbursement transaction odd numbers, refund amount, the article replaced etc.Terminal can also send reimbursement information through but not limited to following mode: terminal sends by acoustic signals after reimbursement information is encoded; Or terminal carries out also showing so that intelligent cipher equipment carries out IMAQ after encoding of graphs to reimbursement information; Or the communication interface that terminal is mated with intelligent cipher equipment by terminal sends reimbursement information.

Intelligent cipher equipment receives after reimbursement information, prompting reimbursement information; Concrete, intelligent cipher equipment is receiving after reimbursement information, and this reimbursement information exchange is crossed to the any-mode such as speech play or display screen demonstration and be prompted to user and know, be real reimbursement information so that user determines this reimbursement information.

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, receiving after reimbursement information, be converted to wake-up states by resting state; Intelligent cipher equipment is pointed out reimbursement information under wake-up states.

Intelligent cipher equipment receives reimbursement and confirms instruction, and utilizes the private key of intelligent cipher equipment to sign to reimbursement information, generates reimbursement confirmation; Concrete, user, after having determined that reimbursement information is real reimbursement information, confirms by the mode such as physical button or virtual key arranging on intelligent cipher equipment.Intelligent cipher equipment after sending reimbursement confirmation to terminal (for example, send after acoustic signals corresponding to reimbursement confirmation, or show that image information corresponding to reimbursement confirmation reached after predetermined time), be converted to resting state by wake-up states.

Terminal receives reimbursement confirmation, sends reimbursement confirmation to backstage system server; Concrete, terminal can receive reimbursement confirmation through but not limited to following mode: terminal receives the acoustic signals of intelligent cipher equipment transmission and acoustic signals is decoded and (for example obtained reimbursement confirmation, can adopt sound wave identification equipment to identify acoustic signals, adopt sound wave decoder to decode and obtain reimbursement confirmation acoustic signals); Or terminal gathers image information that intelligent cipher equipment shows to image information (for example, Quick Response Code, bar code etc.) decoding obtains reimbursement confirmation (for example adopt image capture device to gather image information, employing decoder obtains reimbursement confirmation after image information is decoded); Or the communication interface that terminal is mated with intelligent cipher equipment by terminal receives reimbursement confirmation.Meanwhile, terminal can send reimbursement confirmation to backstage system server by safe dedicated network.

Background system server receives after reimbursement confirmation, reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.

For mode one, provide a kind of application scenarios of reimbursement, but the present invention is not limited thereto below:

Shop, according to client's reimbursement purpose, generates reimbursement information (this reimbursement information can be to obtain by searching the Transaction Information having recorded, and can be also a reimbursement information or the other forms of reimbursement information regenerating) by terminal;

Intelligent cipher equipment, receiving after reimbursement information, is converted to wake-up states by resting state, and reimbursement information is shown, confirms for client;

Client confirms that this reimbursement information is correct, the acknowledgement key of pressing on intelligent cipher equipment is confirmed, intelligent cipher equipment receives this reimbursement and confirms, after instruction, to utilize the private key of intelligent cipher equipment to sign and obtain reimbursement confirmation reimbursement information, and reimbursement confirmation is sent to terminal;

Terminal receives after reimbursement confirmation, and reimbursement confirmation is sent to background system server;

Background system server receives after reimbursement confirmation, utilizes the PKI of intelligent cipher equipment to verify reimbursement confirmation, after being verified, carrying out reimbursement operation, and sends reimbursement success receipt information to terminal and/or intelligent cipher equipment.

Mode two, which two are with the difference of mode one: before terminal sends reimbursement information to intelligent cipher equipment, this terminal also receives the refund request that this intelligent cipher equipment sends, and generates reimbursement information according to refund request.Concrete, client can be by pressing button on intelligent cipher equipment to generate refund request, and intelligent cipher equipment receives after this refund request, and this refund request is sent to this terminal.In reimbursement information, can also comprise duplet bill, user can be according to duplet bill examination & verification reimbursement details, for example, and concrete reimbursement time, reimbursement transaction odd numbers, refund amount, the article replaced etc.Certainly, any intelligent cipher equipment that can trigger generates the implementation of refund request and all belongs in protection scope of the present invention.

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, sending before refund request to terminal, be converted to wake-up states by resting state; Intelligent cipher equipment sends refund request to terminal under wake-up states.Intelligent cipher equipment is converted to resting state by wake-up states after sending refund request.In the time that intelligent cipher equipment receives the reimbursement information of terminal transmission, be converted to wake-up states by resting state, under wake-up states, carry out the operation of prompting reimbursement information and generation reimbursement confirmation.Intelligent cipher equipment after sending reimbursement confirmation to terminal (for example, send after acoustic signals corresponding to reimbursement confirmation, or show that image information corresponding to reimbursement confirmation reached after predetermined time), be converted to resting state by wake-up states.

Mode three, intelligent cipher equipment send refund request to terminal; Concrete, client can be by pressing button on intelligent cipher equipment to generate refund request, and intelligent cipher equipment receives after this refund request, and this refund request is sent to this terminal.Certainly, any intelligent cipher equipment that can trigger generates the implementation of refund request and all belongs in protection scope of the present invention.

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, sending before refund request to terminal, be converted to wake-up states by resting state; Intelligent cipher equipment sends refund request to terminal under wake-up states.

Terminal generates refund request mark, and sends refund request mark to intelligent cipher equipment; Concrete, terminal can generate random number, and this random number is identified as refund request, and this random number is used for offering intelligent cipher equipment to generate reimbursement information.

Intelligent cipher equipment receives after refund request mark, generates reimbursement information, and utilizes the private key of intelligent cipher equipment to sign to reimbursement information, obtains reimbursement confirmation, and sends reimbursement confirmation to terminal; Concrete, the Information generation reimbursement information such as this refund request mark of intelligent cipher equipment utilization, refund amount, reimbursement account, this reimbursement information can also comprise the combination in any such as reimbursement transaction odd numbers, reimbursement both sides' identification information; Wherein, refund amount can be inputted by the button on intelligent cipher equipment, certainly, also can be by other means (for example, phonetic entry) input, reimbursement account can be inputted by the button on intelligent cipher equipment, can also the reimbursement account in intelligent cipher equipment input by reading pre-stored; Certainly, can also, after transaction completes, on intelligent cipher equipment, preserve Transaction Information, by inquiring about Transaction Information to obtain the information such as refund amount and reimbursement account.Intelligent cipher equipment can also send reimbursement information through but not limited to following mode: intelligent cipher equipment sends by acoustic signals after reimbursement information is encoded; Or intelligent cipher equipment carries out also showing so that terminal is carried out IMAQ after encoding of graphs to reimbursement information; Or the communication interface that intelligent cipher equipment mates with terminal by intelligent cipher equipment sends reimbursement information.

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also be after sending reimbursement confirmation to terminal (for example, send after acoustic signals corresponding to reimbursement confirmation, or show that image information corresponding to reimbursement confirmation reached after predetermined time), be converted to resting state by wake-up states.

Terminal receives reimbursement confirmation, sends reimbursement confirmation to backstage system server; Concrete, terminal can receive reimbursement confirmation through but not limited to following mode: terminal receives the acoustic signals of intelligent cipher equipment transmission and acoustic signals is decoded and (for example obtained reimbursement confirmation, can adopt sound wave identification equipment to identify acoustic signals, adopt sound wave decoder to decode and obtain reimbursement confirmation acoustic signals); Or terminal gathers image information that intelligent cipher equipment shows to image information (for example, Quick Response Code, bar code etc.) decoding obtains reimbursement confirmation (for example adopt image capture device to gather image information, employing decoder obtains reimbursement confirmation after image information is decoded); Or the communication interface that terminal is mated with intelligent cipher equipment by terminal receives reimbursement confirmation.In addition, terminal sends reimbursement confirmation by dedicated network to backstage system server.

Background system server receives after reimbursement confirmation, reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.Concrete, the PKI of background system server by utilizing intelligent cipher equipment is verified reimbursement confirmation.

For mode three, provide a kind of application scenarios of reimbursement, but the present invention is not limited thereto below:

Intelligent cipher equipment is converted to wake-up states by resting state; For example, client's that can be by holding this intelligent cipher equipment button operation makes intelligent cipher equipment enter wake-up states;

Client can be by pressing button on intelligent cipher equipment to generate refund request, and intelligent cipher equipment receives after this refund request, and this refund request is sent to this terminal;

Terminal can generate random number R, is refund request mark by this random number as R, and sends refund request mark to intelligent cipher equipment;

Intelligent cipher equipment generates reimbursement information, and utilizes the private key of intelligent cipher equipment to sign to reimbursement information, obtains reimbursement confirmation, and sends reimbursement confirmation to terminal; Wherein, this reimbursement information at least comprises: the information such as refund request mark, refund amount, reimbursement account, wherein, the information such as refund amount, reimbursement account can be inputted by the button on intelligent cipher equipment by client, or refund amount can be by client by the key-press input on intelligent cipher equipment, the information that reimbursement account prestores from intelligent cipher equipment, read and obtain, or the information such as refund amount, reimbursement account all can read and obtains from the information that intelligent cipher equipment prestores;

Terminal receives after reimbursement confirmation, sends reimbursement confirmation to backstage system server;

Background system server receives after reimbursement confirmation, utilizes the PKI of intelligent cipher equipment to verify reimbursement confirmation, after being verified, carrying out reimbursement operation, and sends reimbursement success receipt information to terminal and/or intelligent cipher equipment.

In above three kinds of reimbursement modes, can also comprise single reimbursement mark in reimbursement confirmation, this single reimbursement mark can be random number, to ensure that a reimbursement is only successfully executed once.Certainly, this single reimbursement mark can be generated by terminal, also can be generated by intelligent cipher equipment, can be by intelligent cipher device subscription in reimbursement confirmation.

Certainly, background system server is being carried out after reimbursement operation, can also send reimbursement success receipt information to terminal and/or intelligent cipher equipment, so that shop and/or client can learn reimbursement success.

As can be seen here, by above-mentioned reimbursement flow process, can greatly simplify the operation of client in reimbursement process, the device-dependent safety function of application intelligent cipher can ensure the fail safe of client's reimbursement process, for consumer brings seamless experience.

Step 7: cancellation:

Comprise the cancellation of terminal and the cancellation of intelligent cipher equipment, below only the cancellation of intelligent cipher equipment described:

Intelligent cipher equipment obtains intelligent cipher equipment cancellation application, utilizes the private key of intelligent cipher equipment to sign and obtain the 3rd signing messages cancellation application, and sends intelligent cipher equipment cancellation application and the 3rd signing messages to backstage system server; Concrete, the 3rd signing messages can send by terminal, also can manually handle.

Background system server receives after the cancellation application of intelligent cipher equipment and the 3rd signing messages, utilizes the PKI in the intelligent cipher device certificate prestoring to verify the 3rd signing messages.

Background system server after the 3rd signing messages passes through, is deleted the intelligent cipher device certificate prestoring in checking, and generates the cancellation of intelligent cipher equipment and complete information, sends the cancellation of intelligent cipher equipment complete information to intelligent cipher equipment; Concrete, background system server, in the time carrying out cancellation, except deleting the intelligent cipher device certificate prestoring, can also be put into information corresponding this intelligent cipher equipment in the default cancellation list of background system server and wait other cancellations to operate.

Intelligent cipher equipment receives the cancellation of intelligent cipher equipment and completes after information, deletes the private key of intelligent cipher equipment.Concrete, intelligent cipher equipment can carry out sign test to signing messages, and after sign test is passed through, carries out deletion action.

Background system server, by managing registration, cancellation, the certification of intelligent cipher equipment and locking several aspects, is guaranteed the legitimacy of intelligent cipher equipment, the property loss having produced while having stopped illegally to be usurped due to intelligent cipher equipment.

What deserves to be explained is; above step 1 to step 7 is not carried out successively; it can only complete wherein several steps; in addition; above step 1 to step 7 is also not limited only to complete under same application scenarios; no matter under which kind of application scenarios, as long as use arbitrary step of the present invention, and can safety execute transaction and should belong to protection scope of the present invention.

Below, provide the exemplary a kind of application scenarios of the present invention:

In this application scene, integrated wireless communication module on intelligent cipher equipment, and status control module forms the novel intelligent cipher equipment that can be used for secure payment of the present invention.This intelligent cipher equipment comprises wireless communication module, it can be bluetooth communication or WIFI communication module etc., this wireless communication module can carry out inquiry scan and page scan to other equipment, and can carry out the mutual of signal and data with other wireless devices.On this intelligent cipher equipment, also comprise a status control module simultaneously, can control the operating state of wireless communication module and the main frame of intelligent cipher equipment.And intelligent cipher equipment of the present invention possesses two states: resting state and wake-up states, under resting state, only have transceiver (wireless communication module) and status control module in work, CPU will close, (for example: signature can not carry out command operating, receive, send the functions such as data), thus make the state of intelligent cipher equipment in a kind of low-power consumption.When other wireless devices are issued this intelligent cipher equipment application instruction from outside, status control module can be identified these signals, and generates wake-up signal, and CPU is waken up as wake-up states, starts to carry out this utility command.After command execution is complete, CPU will enter resting state again.

Below, be briefly described for transaction flow process of the present invention:

Intelligent cipher equipment is in resting state, user enters with this intelligent cipher equipment in the wireless signal coverage of terminal, intelligent cipher equipment and terminal complete the interactive identification of wireless device, and terminal can be known has intelligent cipher equipment to enter shop, terminal place and connects with this intelligent cipher equipment.

After terminal and intelligent cipher equipment connect, terminal can send to intelligent cipher equipment the request of authenticating device, intelligent cipher equipment receives this request, status control module can be sent wake-up signal, now CPU will be waken up, intelligent cipher equipment enters wake-up states, and carries out corresponding operation.

After intelligent cipher equipment completes command adapted thereto, return to resting state, and continue the equipment interactive identification of maintenance and terminal, whether check out so that terminal can judge the holder of intelligent cipher equipment.

Terminal proposes the request of reading user profile to backstage system server, background system server proposes the request of input authorized user message, and now terminal can send user-authorization-request to intelligent cipher equipment.

Intelligent cipher equipment under resting state receives the user-authorization-request that self terminal sends, and enters wake-up states.Intelligent cipher equipment is by the request of display terminal, and prompting user judges whether to authorize.

The request that user sends according to the terminal showing judges whether to authorize, if authorize, the acknowledgement key of pressing on intelligent cipher equipment makes intelligent cipher equipment produce authorization message and send to terminal, then proceed to resting state, otherwise, intelligent cipher device end fill order, directly proceeds to resting state.

In the time of clearing, terminal can send customer transaction to the intelligent cipher equipment of resting state again and confirm request instruction, intelligent cipher equipment under resting state receives this instruction and enters wake-up states, intelligent cipher equipment shows the Transaction Information receiving, user confirms, if Transaction Information is correct, presses acknowledgement key intelligent cipher equipment is signed to Transaction Information, and return to terminal; Otherwise, finishing executable operations, intelligent cipher equipment proceeds to resting state.

Below, provide another kind of application scenarios of the present invention:

Terminal is set up active user's list at home server, and this current user list can be used for storing user profile corresponding to intelligent cipher equipment that the client in current shop holds;

Terminal home server for example, is monitored the intelligent cipher equipment in the wireless signal coverage of terminal by wireless mode (adopting wireless exploration equipment);

Client is carrying the shopping of going window-shopping of the intelligent cipher equipment (in resting state) with wireless communication function, in this client enters the wireless signal coverage of terminal, intelligent cipher equipment can be arrived by terminal searching, and sets up wireless connections with terminal;

Random number R 1 is sent to intelligent cipher equipment by terminal, and send certification instruction to intelligent cipher equipment;

After the intelligent cipher equipment of resting state is receiving the certification instruction that terminal sends, be waken up, enter wake-up states;

Intelligent cipher equipment is made a summary to R1 and is used its encrypted private key summarization generation signature S, and this signature value S and intelligent cipher device certificate are sent to terminal;

Terminal is receiving after the signature S and intelligent cipher device certificate that intelligent cipher equipment sends over, and the identification information of the random number R 1 producing by signature S, intelligent cipher device certificate, before and the intelligent cipher equipment getting sends to background system server;

Background system server uses the legitimacy of the root certification authentication intelligent cipher device certificate that intelligent cipher device certificate is corresponding; If checking is not passed through, finish;

If be verified, background system server uses the public key verifications signature S of intelligent cipher equipment; If checking is not passed through, finish;

If be verified,, after the success of background system server authentication intelligent cipher equipment, the user profile such as user's account are sent to terminal;

Terminal receives after the user profile of background system server transmission, and user profile is stored in active user's list;

After finishing, client's shopping settles accounts to cashier;

Terminal settlement amounts, and account corresponding to intelligent cipher equipment of choosing this client to hold in active user's list;

The combination in any in the commodity of choosing, dealing money, bank settlement both sides account, bank settlement both sides identification information etc. is generated Transaction Information by terminal, and send to intelligent cipher equipment;

Intelligent cipher equipment receives after Transaction Information, proceeds to wake-up states, and Transaction Information is shown on screen, waits for that user confirms;

Client confirms Transaction Information, if having problem by cancellation, and trading suspension, intelligent cipher equipment proceeds to resting state;

If user presses the confirmation button arranging on intelligent cipher equipment after confirming that Transaction Information is correct, intelligent cipher equipment generates random number, as single transaction mark, makes intelligent cipher equipment sign to Transaction Information and single transaction mark;

Signing messages is sent to terminal by intelligent cipher equipment, and transfer request and signing messages are sent to background system server by terminal;

Background system server receives after transfer request and signing messages, certifying signature, and after certifying signature passes through, complete and transfer accounts, and send to terminal the successful information that paid of transferring accounts, certainly, background system server can also complete payment information exchange and cross terminal and send to intelligent cipher equipment, has concluded the business so that client learns;

Terminal receives that this payment completes information, pays commodity to client, and checkout completes.

By background system server, intelligent cipher equipment being authenticated, is in believable situation at intelligent cipher equipment, and while utilizing transaction, intelligent cipher equipment, to showing the link of information manual confirmation, has also ensured intelligent cipher equipment holder's transaction security.

Based on data security exchange method provided by the invention, client is in the time entering shop and conclude the business, complete payment without related account vehicle equipments such as matching with mobile phone, bank card or financial IC cards, and the payment process of original technology all need to possess by SIM card or smart card etc. the equipment of account memory function, user also needs to swipe the card, brush the operations such as mobile phone just can complete transaction.Adopt method provided by the invention, client can be without completing payment by modes such as wallet, credit card, mobile phones, thereby simplify the interactive operation in payment process of client and trade company, improved payment efficiency, promoted the experience of client in the payment process of near field; Utilize the fail safe of the safety profile promise customer payment process of intelligent cipher equipment simultaneously.

Client has chosen commodity later in the time of checkout, terminal is without obtaining user profile by the mode that allows client manually swipe the card or to brush mobile phone again, to have suffered because this user profile has been stored in active user's list of terminal in the time just entering shop, when checkout, client only need quote the name of oneself, terminal can directly be sent to the Transaction Informations such as the amount of money after clearing client's intelligent cipher equipment and show, now, client only need utilize intelligent cipher equipment to confirm, and export trade confirmation information, terminal generates transaction data package and sends to background system server, the processing of transferring accounts after this transaction data package of background system server authentication is accurate, can complete payment process.

In the time that client walks out the signal cover in this family shop, the network between intelligent cipher equipment and terminal is connected and will automatically interrupts, and user profile disappears from active user's list in this shop.If when client enters again another family shop, will automatically enter in active user's list in this another family shop, start another shopping.Do not need like this client to carry out any operation, only need client, in the time of shopping, a small and exquisite intelligent cipher equipment is put into oneself to pocket, adopt the present invention just can bring seamless experience for client.

Any process of otherwise describing in flow chart or at this or method are described and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.

Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple steps or method can realize with being stored in software or the firmware carried out in memory and by suitable instruction execution system.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: there is the discrete logic for data-signal being realized to the logic gates of logic function, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.

Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a kind of computer-readable recording medium, this program, in the time carrying out, comprises step of embodiment of the method one or a combination set of.

In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium using the form of software function module.

The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.

In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.

Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, amendment, replacement and modification.Scope of the present invention is by claims and be equal to and limit.

Claims (24)

1. a data security exchange method, is characterized in that, comprising:

Terminal is at signal cover interscan intelligent cipher equipment, and obtains the identification information of the described intelligent cipher equipment scanning;

Described terminal generates first and treats signing messages;

Described terminal sends described first to intelligent cipher equipment and treats signing messages and certification instruction;

Described intelligent cipher equipment receives described first after signing messages and described certification instruction, utilizes the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation, obtains the first signing messages;

Described intelligent cipher equipment sends described the first signing messages and intelligent cipher device certificate to described terminal;

Described terminal receives after described the first signing messages and intelligent cipher device certificate, and the identification information, described first that sends authentication request information, described intelligent cipher equipment to backstage system server is treated signing messages, described the first signing messages and described intelligent cipher device certificate;

Whether described background system server receives the identification information, described first of described authentication request information, described intelligent cipher equipment after signing messages, described the first signing messages and described intelligent cipher device certificate, utilize described in the root certification authentication that the intelligent cipher device certificate that prestores is corresponding intelligent cipher device certificate legal;

Described background system server, after the described intelligent cipher device certificate of checking is legal, utilizes the first signing messages described in the public key verifications of described intelligent cipher equipment;

Described background system server, after described the first signing messages of checking passes through, completes the certification to described intelligent cipher equipment;

After described background system server completes the certification of described intelligent cipher equipment, described terminal is obtained user profile corresponding to described intelligent cipher equipment;

Described terminal stores described user profile in active user's list of setting up in advance;

Described terminal generates Transaction Information according to user profile corresponding to intelligent cipher equipment to be transacted, and obtains transaction request information according to described Transaction Information;

Described terminal sends described transaction request information to described intelligent cipher equipment;

Described intelligent cipher equipment receives after described transaction request information, according to Transaction Information described in described transaction request information acquisition;

Transaction Information described in described intelligent cipher device prompts;

Described intelligent cipher equipment confirmation of receipt instruction, and generate trade confirmation information;

Described terminal receives described trade confirmation information;

Described terminal is according to described trade confirmation information acquisition transaction data package, and sends described transaction data package to described background system server;

Described background system server receives after described transaction data package, obtains described trade confirmation information according to described transaction data package;

Described background system server is verified described trade confirmation information, and carry out transaction after being verified.

2. method according to claim 1, is characterized in that, described terminal is obtained user profile corresponding to described intelligent cipher equipment and comprised:

Described terminal sends identification information and the user profile read requests of described intelligent cipher equipment to described background system server;

Described background system server receives after the identification information and described user profile read requests of described intelligent cipher equipment, obtains the user profile corresponding with described intelligent cipher equipment according to the identification information of described intelligent cipher equipment;

Described background system server obtains the response message of described user profile read requests according to described user profile, and sends the response message of described user profile read requests to described terminal;

Described terminal receives after the response message of described user profile read requests, obtains described user profile according to the response message of described user profile read requests.

3. method according to claim 1, is characterized in that, described terminal is obtained user profile corresponding to described intelligent cipher equipment and comprised:

Described terminal sends user profile read requests to described intelligent cipher equipment;

Described intelligent cipher equipment obtains pre-stored user profile, and obtains the response message of described user profile read requests according to described user profile, and sends the response message of described user profile read requests to described terminal;

Described terminal receives after the response message of described user profile read requests, obtains described user profile according to the response message of described user profile read requests.

4. method according to claim 1, is characterized in that,

Described background system server completes the certification of described intelligent cipher equipment is comprised:

Described background system server sends user profile corresponding to described intelligent cipher equipment to described terminal;

Described terminal is obtained user profile corresponding to described intelligent cipher equipment and is comprised:

Described terminal receives user profile corresponding to described intelligent cipher equipment that described background system server sends.

5. according to the method described in claim 1 to 4 any one, it is characterized in that, described terminal is at signal cover interscan intelligent cipher equipment, and after obtaining the step of identification information of the described intelligent cipher equipment scanning, described method also comprises:

Described terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of described terminal, generates real-time identification list;

Described terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list according to the default time interval;

If the identification information of the intelligent cipher equipment in described real-time identification list not in described active user's list, is carried out described terminal and obtains according to the identification information of the described intelligent cipher equipment scanning the step of the user profile that described intelligent cipher equipment is corresponding; And if the identification information of intelligent cipher equipment in described active user's list is in described real-time identification list, delete in described active user's list the not user profile of the intelligent cipher equipment in described real-time identification list.

6. according to the method described in claim 1 to 4 any one, it is characterized in that, described terminal is at signal cover interscan intelligent cipher equipment, and after obtaining the step of identification information of the described intelligent cipher equipment scanning, described method also comprises:

Described terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of described terminal, generates real-time identification list;

Described terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list according to the default time interval;

If the identification information of the intelligent cipher equipment in described real-time identification list is not in described active user's list, carry out described terminal and obtain the step of the user profile that described intelligent cipher equipment is corresponding according to the identification information of the described intelligent cipher equipment scanning, and obtain after described user profile in described terminal, described user profile is stored in described real-time identification list; And if the identification information of intelligent cipher equipment in described real-time identification list is in described active user's list, the user profile of described intelligent cipher equipment in described active user's list is stored in described real-time identification list;

Described active user's list using described real-time identification list after upgrading.

7. according to the method described in claim 1 to 6 any one, it is characterized in that, described intelligent cipher equipment receives described first after signing messages and described certification instruction, utilize the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation, obtain the first signing messages and comprise:

Described intelligent cipher equipment, receiving described first after signing messages and described certification instruction, is converted to wake-up states by resting state;

Described intelligent cipher equipment utilizes the private key of described intelligent cipher equipment to treat that to described first signing messages carries out signature calculation under wake-up states, obtains the first signing messages.

8. according to the method described in claim 1 to 7 any one, it is characterized in that, described background system server receives the identification information, described first of described authentication request information, described intelligent cipher equipment after signing messages, described the first signing messages and intelligent cipher device certificate, and described method also comprises:

Described background system server judges whether the identification information of described intelligent cipher equipment is included in the intelligent cipher unit exception list prestoring in described background system server;

Described background system server is after the identification information of judging described intelligent cipher equipment is in described intelligent cipher unit exception list, obtain locking intelligent cipher device directive, and utilize the private key of described background system server to sign and obtain the second signing messages locking intelligent cipher device directive, and send described locking intelligent cipher device directive and described the second signing messages by described terminal to described intelligent cipher equipment;

Described intelligent cipher equipment receives after described locking intelligent cipher device directive and described the second signing messages, utilizes the PKI in the described background system server certificate prestoring to verify described the second signing messages;

Described intelligent cipher equipment, after described the second signing messages of checking passes through, is carried out lock operation according to described locking intelligent cipher device directive.

9. according to the method described in claim 1 to 8 any one, it is characterized in that, described method also comprises:

Described background system server receives the application of intelligent cipher facility registration, and application is audited to described intelligent cipher facility registration;

Described background system server, after the application of the described intelligent cipher facility registration of examination & verification is passed through, sends intelligent cipher device keys to generating instruction to described intelligent cipher equipment;

Described intelligent cipher equipment receives described intelligent cipher device keys to generating after instruction, generates intelligent cipher device keys pair;

Described intelligent cipher equipment sends the PKI of described intelligent cipher device keys centering to described background system server;

Described background system server receives after the PKI of described intelligent cipher device keys centering, generates described intelligent cipher device certificate, and sends described intelligent cipher device certificate to described intelligent cipher equipment;

Intelligent cipher device certificate described in described intelligent cipher device storage.

10. method according to claim 9, is characterized in that,

Described intelligent cipher equipment obtains intelligent cipher equipment cancellation application, utilize the private key of described intelligent cipher equipment to sign and obtain the 3rd signing messages described cancellation application, and send described intelligent cipher equipment cancellation application and described the 3rd signing messages to described background system server; Described background system server receives after described intelligent cipher equipment cancellation application and described the 3rd signing messages, utilizes the PKI in the described intelligent cipher device certificate prestoring to verify described the 3rd signing messages; Described background system server is after described the 3rd signing messages of checking passes through, the described intelligent cipher device certificate that deletion prestores, and generate the cancellation of intelligent cipher equipment and complete information, send the cancellation of described intelligent cipher equipment to described intelligent cipher equipment and complete information; Described intelligent cipher equipment receives the cancellation of described intelligent cipher equipment and completes after information, deletes the private key of described intelligent cipher equipment.

11. methods according to claim 2, it is characterized in that, after described background system server receives the identification information of described intelligent cipher equipment and the step of described user profile read requests, described background system server sends the step of response message of described user profile read requests to described terminal before, described method also comprises:

Described background system server sends user-authorization-request information by described terminal to described intelligent cipher equipment;

Described intelligent cipher equipment receives after described user-authorization-request information, generates authorization message, and sends described authorization message by described terminal to described background system server;

Described background system server receives after described authorization message, carries out described background system server and send to described terminal the step of the response message of described user profile read requests.

12. methods according to claim 11, is characterized in that, described intelligent cipher equipment receives after described user-authorization-request information, and the step that generates authorization message comprises:

Described intelligent cipher equipment, receiving after described user-authorization-request information, is converted to wake-up states by resting state;

Described intelligent cipher equipment generates authorization message under wake-up states.

13. according to the method described in claim 1 to 12 any one, it is characterized in that, described intelligent cipher equipment receives after described transaction request information, comprises according to the step of Transaction Information described in described transaction request information acquisition:

Described intelligent cipher equipment receives after described transaction request information, is converted to wake-up states by resting state;

Described intelligent cipher equipment under wake-up states according to Transaction Information described in described transaction request information acquisition.

14. according to the method described in claim 1 to 13 any one, it is characterized in that, the step that described intelligent cipher equipment generates trade confirmation information comprises:

Described in described intelligent cipher equipment utilization, the private key of intelligent cipher equipment is signed to described Transaction Information, generates trading signature information as trade confirmation information; Or

Described intelligent cipher equipment generates dynamic password as trade confirmation information.

15. according to the method described in claim 1 to 13 any one, it is characterized in that, the step that described intelligent cipher equipment generates trade confirmation information comprises:

Described intelligent cipher equipment generates single transaction mark, and utilizes the private key of described intelligent cipher equipment to sign to described Transaction Information and described single transaction mark, generates trading signature information as trade confirmation information; Or

Described intelligent cipher equipment generates single transaction mark, utilize the private key of described intelligent cipher equipment to sign and obtain the signing messages of single transaction mark described single transaction mark, and generating dynamic password, the signing messages that single transaction is identified and described dynamic password are as trade confirmation information.

16. according to the method described in claims 14 or 15, it is characterized in that, the step that described terminal receives described trade confirmation information comprises:

Described terminal receives the acoustic signals of described intelligent cipher equipment transmission and described acoustic signals is decoded and obtained trade confirmation information; Or

Described terminal gathers the image information of described intelligent cipher equipment demonstration and described image information is decoded and obtained described trade confirmation information; Or

The communication interface that described terminal is mated with described intelligent cipher equipment by described terminal receives described trade confirmation information; Or

Trade confirmation information described in the information acquisition that described terminal is inputted by described terminal.

17. according to the method described in claim 1 to 16 any one, it is characterized in that, described background system server is verified described trade confirmation information, and carry out the step of transaction after being verified after, described method also comprises:

Described background system server sends Transaction Success acknowledgement information to described terminal; Or

Described background system server sends Transaction Success acknowledgement information by described terminal to described intelligent cipher equipment; Described intelligent cipher equipment receives after described Transaction Success acknowledgement information, points out described Transaction Success acknowledgement information.

18. according to the method described in claim 1 to 17 any one, it is characterized in that, described background system server is verified described trade confirmation information, and carry out the step of transaction after being verified after, described method also comprises:

Described terminal sends reimbursement information to described intelligent cipher equipment;

Described intelligent cipher equipment receives after described reimbursement information, points out described reimbursement information;

Described intelligent cipher equipment receives reimbursement and confirms instruction, and utilizes the private key of described intelligent cipher equipment to sign to described reimbursement information, generates reimbursement confirmation;

Described terminal receives described reimbursement confirmation, sends described reimbursement confirmation to described background system server;

Described background system server receives after described reimbursement confirmation, described reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.

19. according to the method described in claim 1 to 17 any one, it is characterized in that, described background system server is verified described trade confirmation information, and carry out the step of transaction after being verified after, described method also comprises:

Described intelligent cipher equipment sends refund request to described terminal;

Described terminal generates reimbursement information, and sends described reimbursement information to described intelligent cipher equipment;

Described intelligent cipher equipment receives after described reimbursement information, points out described reimbursement information;

Described intelligent cipher equipment receives reimbursement and confirms instruction, and utilizes the private key of described intelligent cipher equipment to sign to described reimbursement information, generates reimbursement confirmation;

Described terminal receives described reimbursement confirmation, sends described reimbursement confirmation to described background system server;

Described background system server receives after described reimbursement confirmation, described reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.

20. according to the method described in claim 1 to 17 any one, it is characterized in that, described background system server is verified described trade confirmation information, and carry out the step of transaction after being verified after, described method also comprises:

Described intelligent cipher equipment sends refund request to described terminal;

Described terminal generates refund request mark, and sends described refund request mark to described intelligent cipher equipment;

Described intelligent cipher equipment receives after described refund request mark, generates reimbursement information, and utilizes the private key of described intelligent cipher equipment to sign to described reimbursement information, obtains reimbursement confirmation, and sends described reimbursement confirmation to described terminal;

Described terminal receives described reimbursement confirmation, sends described reimbursement confirmation to described background system server;

Described background system server receives after described reimbursement confirmation, described reimbursement confirmation is verified, and after being verified, carried out reimbursement operation.

21. according to the method described in claim 18 or 19, it is characterized in that, in described reimbursement information, also comprises duplet bill.

22. methods according to claim 17, is characterized in that, described Transaction Success acknowledgement information also comprises duplet bill.

23. according to the method described in claim 1 to 22 any one, it is characterized in that, also comprises duplet bill in described Transaction Information.

24. according to the method described in claim 1 to 23 any one, it is characterized in that, described terminal is at signal cover interscan intelligent cipher equipment, and before obtaining the identification information of the described intelligent cipher equipment scanning, described method also comprises:

Described intelligent cipher equipment enters and can be scanned state.