CN103944907A - Data updating method and system - Google Patents

Data updating method and system Download PDF

Info

Publication number
CN103944907A
CN103944907A CN201410171436.7A CN201410171436A CN103944907A CN 103944907 A CN103944907 A CN 103944907A CN 201410171436 A CN201410171436 A CN 201410171436A CN 103944907 A CN103944907 A CN 103944907A
Authority
CN
China
Prior art keywords
password
user
smart
device
information
Prior art date
Application number
CN201410171436.7A
Other languages
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Priority to CN201410171436.7A priority Critical patent/CN103944907A/en
Publication of CN103944907A publication Critical patent/CN103944907A/en

Links

Abstract

The invention provides a data updating method and system. The method comprises the steps that a terminal obtains the identification information of all intelligent code devices within the signal covering range of the terminal and generates a real-time identification list; the terminal compares the real-time identification list with a current user list; if the identification information of an intelligent code device in the current user list is not in the real-time identification list, the user information of the intelligent code device is deleted from the current user list; if the identification information of an intelligent code device in the real-time identification list is not in the current user list, the terminal obtains the identification information and dynamic authentication password of the intelligent code device and sends an authentication request, the identification information and dynamic authentication password of the intelligent code device to a background, the background finishes the authentication of the intelligent code device, and the terminal obtains the user information of the intelligent code device and stores the user information in the pre-established current user list.

Description

数据更新方法和系统 Method and system for updating data

技术领域 FIELD

[0001] 本发明涉及一种信息安全领域,尤其涉及一种数据更新方法和系统。 [0001] The present invention relates to an information security, and in particular, to a method and system for updating data.

背景技术 Background technique

[0002] 移动支付就是允许用户使用其移动终端(例如智能手机、PDA、平板电脑、笔记本电脑等终端)对所消费的商品或服务进行账务支付的一种服务方式。 [0002] Mobile payment is to allow users to use their mobile devices (such as smart phones, PDA, tablet PCs, notebook computers and other terminal) of goods or services consumed way be a service of paid accounts. 单位或个人通过移动终端、互联网或者近距离传感直接或间接向银行金融机构发送支付指令产生货币支付与资金流转的行为,从而实现移动支付功能。 Units or individuals through mobile terminals, the Internet or proximity sensing send payment instructions directly or indirectly generate money payment and transfer of funds to conduct bank financial institutions, enabling mobile payment function. 移动支付将移动终端、互联网、应用提供商以及金融机构相融合,为用户提供货币支付、缴费等金融业务。 The mobile payment mobile terminal, the Internet, application providers and financial institutions of integration, to provide users with monetary payments, payment and other financial services.

[0003] 移动支付主要包括远程支付和近场支付两种。 [0003] mobile payments including remote payment and near-field payment two kinds. 远程支付指用户通过移动终端登录银行网页进行支付、账户操作等,主要应用于线上电子商务网站的购物与消费;近场支付是指消费者在购买商品或服务时,即时通过移动终端向商家进行支付,支付的处理在现场进行,并且是不需要使用移动网络的线下操作,通过使用移动终端的射频(NFC)、红外、蓝牙等通道,实现与自动售货机以及POS机的本地通讯。 Remote payment means the user login page by bank mobile payment terminals, account operation, mainly used in consumer online shopping and e-commerce site; near-field payment refers consumers to purchase goods or services, real-time via the mobile device business payment, payment processing site, and the operation of the line is no need to use the mobile network, the mobile terminal by using a radio frequency (the NFC), infrared, Bluetooth channels for local communication with the vending machine and a POS machine.

[0004] 在整个移动支付的过程中,涉及到支付的参与者包括:消费用户、商户、移动运营商、第三方服务提供商、银行。 [0004] In the course of the entire mobile payment, involving participants paid include: consumer users, merchants, mobile operators, third-party service providers, banks. 消费用户和商户是系统的服务对象,移动运营商提供网络支持,银行方提供银行相关服务,第三方服务提供商提供支付平台服务,通过各方的结合以实现业务。 Consumer users and businesses are clients of the system, the mobile operator to provide network support, provided by the bank bank-related services, third-party service providers to offer payment services platform by combining the parties to achieve the business. 支付手段的电子化和移动化已经成为了不可避免的发展趋势,而移动支付系统的安全性问题又是移动电子商务安全的核心问题。 Electronic means of payment and mobile has become the inevitable trend of development, and security issues mobile payment system is the core problem of mobile e-commerce security.

[0005] 如何在移动支付的过程中保证数据交互的安全性是亟待解决的问题。 [0005] In the process of how to ensure the security of mobile payments in the data exchange is a serious problem.

发明内容 SUMMARY

[0006] 本发明旨在解决上述问题之一。 [0006] The present invention aims to solve one of the problems described above.

[0007] 本发明的主要目的在于提供一种数据更新方法和系统。 [0007] The main object of the present invention is to provide a method and system for updating data.

[0008] 为达到上述目的,本发明的技术方案具体是这样实现的: [0008] To achieve the above object, the technical solution of the present invention is specifically implemented as follows:

[0009] 本发明一方面,提供了一种数据更新方法,包括:终端在信号覆盖范围内扫描智能密码设备,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;所述终端根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息;且如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则所述终端获得不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令,所述终端向后台系统服务器发送认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息 [0009] In one aspect of the present invention, there is provided a data update method, comprising: scanning the intelligent terminal in the cryptographic device within range, to obtain the password identification information of all smart devices within the signal coverage area of ​​the terminal, generating real-time identification list; the terminal identification information of the smart interval cryptographic device identification information of the intelligent real-time password device identifier list with the list of current users are aligned in accordance with a preset time; if the current user list smart password identification information in real-time identification of the device is not in the list, delete the user information is not in the user list intelligent real-time password device identification list of the current; and if the real-time identification list of smart password device identification information is not the current user list, the terminal obtaining the identification information is not in the current dynamic password authentication and cryptographic smart devices in the user list, the terminal requests the server to send back-end authentication system, not the the current identification information of the smart device user password list 及认证动态口令,所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,完成对所述不在所述当前用户列表中的智能密码设备的认证,在所述后台系统服务器完成对所述不在所述当前用户列表中的智能密码设备的认证之后,所述终端获取所述不在所述当前用户列表中的智能密码设备对应的用户信息,所述终端将所述用户信息存储到预先建立的当前用户列表中。 And dynamic password authentication, the background system to the authentication server receives the request, after the identification information is not in the current dynamic password authentication and cryptographic smart devices in the user list, the complete list of the current user is not the smart password authentication device is completed in the background after the server system is not in the current smart password authentication device in the user list, the terminal obtains the current user is not in the list of devices corresponding to smart password user information, the user terminal storing the information to a list of current users pre-established.

[0010] 此外,所述终端获得不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令包括:所述终端向所述不在所述当前用户列表中的智能密码设备发送认证指令,所述不在所述当前用户列表中的智能密码设备接收到所述认证指令后,生成认证动态口令,向所述终端发送所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令,所述终端接收所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令;或者所述终端向所述不在所述当前用户列表中的智能密码设备发送认证指令,所述不在所述当前用户列表中的智能密码设备接收到所述认证指令后,生成认证动态口令,所述不在所述当前用户列表中的智能密码设备向所述终端发送所述不在所述当前用户列表中的智能密码设备的标识信息,所述终端接收用户输入的 [0010] Further, the terminal obtaining the identification information is not in the current dynamic password authentication and cryptographic smart devices in the user list comprises: the terminal to the smart password is not the current user sending an authentication command list, the device is not in the current smart password in the user list upon receipt of the authentication instruction, the authentication generating a dynamic password, the current does not transmit the identification information and authentication cryptographic device intelligent dynamic list of users to the terminal password, the terminal does not receive the identification information and the current dynamic password authentication password intelligent device's user list; or the terminal to the smart password is not the current user sending an authentication command list, the said apparatus is not in the current smart password in the user list upon receipt of the authentication instruction, the authentication generating a dynamic password, the password is not in the current smart device user is not in the list sent to the terminal, the current user smart identification information of the cryptographic device in the list, the terminal receives user input 证动态口令,所述终端获得所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令。 Dynamic password card, the terminal obtaining the identification information is not in the current dynamic password authentication and cryptographic smart devices in the user list.

[0011] 此外,所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,完成对所述不在所述当前用户列表中的智能密码设备的认证包括:所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,根据所述不在所述当前用户列表中的智能密码设备的标识信息获取所述不在所述当前用户列表中的智能密码设备对应的种子密钥;所述后台系统服务器根据所述种子密钥生成认证动态口令的验证口令;所述后台系统服务器将所述认证动态口令和所述验证口令进行对比,在所述认证动态口令和所述验证口令对比一致时,完成对所述不在所述当前用户列表中的智能密码设备的认证。 [0011] In addition, the background system to the authentication server receives the request, after the identification information is not in the current devices smart password and user list dynamic password authentication, completion of the current user is not in the list, smart password authentication device comprising: a background system server receives the authentication request, the identification information is not in the current dynamic password authentication and cryptographic smart devices in the user list, according to the current user is not the password identification information of the smart device list obtaining the cryptographic device is not the intelligent current user list corresponding to the seed key; said background system password authentication server according to the key generation seed dynamic password authentication; the background system server, the dynamic password authentication and the password authentication by comparing the authentication and dynamic password authentication password when the comparison is consistent, the authentication is completed by the current user is not in the list of devices in the smart password.

[0012] 此外,所述终端获取所述不在所述当前用户列表中的智能密码设备对应的用户信息包括:所述终端向所述后台系统服务器发送所述不在所述当前用户列表中的智能密码设备的标识信息以及用户信息读取请求;所述后台系统服务器接收到所述不在所述当前用户列表中的智能密码设备的标识信息以及所述用户信息读取请求后,根据所述不在所述当前用户列表中的智能密码设备的标识信息获取与所述不在所述当前用户列表中的智能密码设备对应的用户信息;所述后台系统服务器根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息;所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的响应信息获得所述用户信肩、O [0012] Further, the terminal obtains the current user is not the password information of the smart device user list corresponds comprises: the terminal transmitting the current user is not the smart password list back to the server system identification information reading request and the user information device; the backend system server after receiving the identification information of the smart not the current user of the device password and the user list information read request, not according to the said smart password identification information of the current user of the device acquires the list is not in the list of current users of corresponding user devices smart password information; and the background system server obtains the subscriber information read request according to the user information response information to said information terminal transmits said response information of the user read request; the terminal after receiving a response information of the user information read request, the response is obtained the information of the user information read request said user cell shoulder, O

[0013] 此外,所述终端获取所述不在所述当前用户列表中的智能密码设备对应的用户信息包括:所述终端向所述不在所述当前用户列表中的智能密码设备发送用户信息读取请求;所述不在所述当前用户列表中的智能密码设备获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息;所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的响应信息获得所述用户信息。 [0013] Further, the terminal obtains the current user is not the password information of the smart device user list corresponds comprises: the terminal is not read by the current user to the list of cryptographic smart device sends user information request; the device is not in the current smart password in the user list obtained user information stored in advance, and obtaining information of the user in response to the read request information according to the user information, and the terminal transmits the user information read response information request; the terminal after receiving the response information to the subscriber information read request, obtaining the user information according to the response information to the subscriber information read request.

[0014] 此外,所述后台系统服务器完成对所述不在所述当前用户列表中的智能密码设备的认证包括:所述后台系统服务器向所述终端发送所述不在所述当前用户列表中的智能密码设备对应的用户信息;所述终端获取所述不在所述当前用户列表中的智能密码设备对应的用户信息包括:所述终端接收所述后台系统服务器发送的所述不在所述当前用户列表中的智能密码设备对应的用户信息。 [0014] In addition, the background system server to complete the authentication of the cryptographic device intelligent current user is not in the list comprising: the server transmitting the background system is not in the list of the current user terminal to the intelligent the password information corresponding to the user equipment; the terminal obtains the current user is not the password information of the smart device user list corresponds comprises: receiving the terminal server transmitting the background system is not the current user list smart password of user information corresponding to the device.

[0015] 此外,所述不在所述当前用户列表中的智能密码设备接收到所述认证指令后,生成认证动态口令包括:所述不在所述当前用户列表中的智能密码设备接收到所述认证指令后,由休眠状态转换为唤醒状态;所述不在所述当前用户列表中的智能密码设备在唤醒状态下生成认证动态口令。 [0015] Further, the apparatus is not in the current smart password in the user list upon receipt of the authentication instruction, generating a dynamic password authentication comprising: the apparatus is not in the current smart password received from the user list to the authentication after the command converted by the sleep state to the awake state; said apparatus is not in the current user list smart password authentication dynamic password is generated in the awake state.

[0016] 此外,所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,所述方法还包括:所述后台系统服务器判断所述不在所述当前用户列表中的智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中;所述后台系统服务器在判断出所述不在所述当前用户列表中的智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,并通过所述终端向所述不在所述当前用户列表中的智能密码设备发送所述锁定智能密码设备指令;所述不在所述当前用户列表中的智能密码设备接收到所述锁定智能密码设备指令,根据所述锁定智能密码设备指令执行锁定操作。 After [0016] In addition, the system back-end server receives the authentication request, the identification information is not in the current dynamic password authentication and cryptographic smart user of the device list, the method further comprising: a background system server determining whether the identification information is not the current user of the device smart password list contains a list of pre-stored smart cryptographic device in the abnormal backend server system; and the system back-end server determines that the user is not in the current smart password identification information in the device list after the list of the abnormality in the intelligent cryptographic device, the cryptographic device to acquire the lock smart command, the list of current users and the cryptographic smart device is not transmitted to the terminal by the said locking smart cryptographic device instruction; the cryptographic device is not in the current smart user list received the locking command the smart cryptographic device, the cryptographic device in accordance with the instruction intelligent lock locking operation is performed.

[0017] 此外,所述方法还包括:所述后台系统服务器接收智能密码设备注册申请,并对所述智能密码设备注册申请进行审核;所述后台系统服务器在审核所述智能密码设备注册申请通过后,存储所述智能密码设备对应的用户信息与所述智能密码设备的标识信息和种子密钥的映射关系。 [0017] In addition, the method further comprises: the background system receives the registration request smart password server apparatus, and the smart password registration device for review; in the back-end system registration server cryptographic device via the smart audit after the mapping relationship between the identification information and the seed key stored in said user smart password information corresponding to the device with the smart device password.

[0018] 此外,所述后台系统服务器获取智能密码设备销户申请,并对所述智能密码设备销户申请进行审核;所述后台系统服务器在审核所述智能密码设备销户申请通过后,删除所述智能密码设备对应的用户信息与所述智能密码设备的标识信息和种子密钥的映射关系O [0018] In addition, the back-end server system acquiring smart cancellation request the cryptographic device, the cryptographic device and the smart cancellation request for review; in the background system server audits the smart cryptographic device after cancellation by the application, deleting the user information of the intelligent smart cryptographic device the cryptographic device corresponding to the identification information and the mapping relationship between the seed key O

[0019] 此外,所述终端在信号覆盖范围内扫描智能密码设备之前,所述方法还包括:所述智能密码设备进入可被扫描状态。 Before [0019] In addition, the intelligent terminal scans the cryptographic device within the coverage area, the method further comprising: the intelligent cryptographic device may be scanned into the state.

[0020] 本发明另一方面,提供一种数据安全交互系统,包括:终端、智能密码设备以及后台系统服务器:终端,用于在信号覆盖范围内扫描智能密码设备,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息;且如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则获得不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令,向后台系统服务器发送认证请求、所述不在所述当前用户列表中的 [0020] aspect of the invention, there is provided a data security interactive system, comprising: a terminal, smart devices and backend system server password: a terminal device for scanning a smart password within range, a signal of the terminal smart password identification information of all devices within the coverage area, generating real-time identification list; according to a preset time interval smart password identification device identification information of the intelligent real-time password device identifier list in the current user list information for comparison; if the current identification information of the smart device user password is not in the list of real-time identification list, the user password information intelligent device in the list of current users are not in the real-time identification list is deleted; and if the identification information of the intelligent real-time password device identifier list of the current user is not in the list, you do not get the current identification information and dynamic password authentication intelligent device's user password list, the system sends an authentication back-end server request, the user is not in the current list 能密码设备的标识信息以及认证动态口令;在所述后台系统服务器完成对所述不在所述当前用户列表中的智能密码设备的认证之后,获取所述不在所述当前用户列表中的智能密码设备对应的用户信息,将所述用户信息存储到预先建立的当前用户列表中;所述后台系统服务器,用于接收所述终端发送的所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令,完成对所述不在所述当前用户列表中的智能密码设备的认证。 Device identification information and an authentication password can dynamic password; after completion of the current smart password authentication is not the user of the device list acquired in the background of the current system is not in the server cryptographic smart device user list corresponding to the user information, the user information is stored in a pre-established list of current users; said background system server, for receiving the authentication request sent by the terminal, the user is not in the list of the current smart identification information and an authentication device dynamic password, the authentication is not completed in the current user list cryptographic smart devices.

[0021] 此外,所述终端,还用于向所述不在所述当前用户列表中的智能密码设备发送认证指令;接收所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令;所述不在所述当前用户列表中的智能密码设备,用于接收所述终端发送的所述认证指令,生成认证动态口令,向所述终端发送所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令;或者所述终端,还用于向所述不在所述当前用户列表中的智能密码设备发送认证指令;接收用户输入的认证动态口令,获得所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令;所述不在所述当前用户列表中的智能密码设备,用于接收所述终端发送的所述认证指令,生成认证动态口令,向所述终端发送所述不在所述当前用户列表中的智能密码设备的标识信息。 [0021] In addition, the terminal, the current is not further used in the smart password sending an authentication command to the user list; dynamic current identification information and authentication cryptographic smart device receiving the user list is not the password; the password is not the smart device current user list for receiving the authentication instruction sent by the terminal, generating a dynamic password authentication, the smart not transmitting the current user list to the terminal identification information and authentication dynamic password devices; or the terminal is further configured to the password is not in the current smart device sends user authentication command list; dynamic password authentication receiving user input, not obtaining the said the current dynamic password identification information and authentication cryptographic smart devices in the user list; the cryptographic device is not the smart current user list for receiving the authentication instruction sent by the terminal, generating a dynamic password authentication, to the said terminal is not transmitting the identification information of the current user of the device smart password list.

[0022] 此外,所述后台系统服务器,还用于接收所述终端发送的所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令,根据所述不在所述当前用户列表中的智能密码设备的标识信息获取所述不在所述当前用户列表中的智能密码设备对应的种子密钥;根据所述种子密钥生成认证动态口令的验证口令;将所述认证动态口令和所述验证口令进行对比,在所述认证动态口令和所述验证口令对比一致时,完成对所述不在所述当前用户列表中的智能密码设备的认证。 [0022] In addition, the system back-end server is further configured to receive the authentication request sent by the terminal, the identification information is not in the current dynamic password authentication and cryptographic smart devices in the user list, according to the not smart password identification information of the current user of the device list acquiring smart cryptographic device the user is not in the current list of keys corresponding to the seed; password authentication key generated dynamic password authentication based on the seed; the dynamic password authentication and the password authentication by comparing the authentication and dynamic password authentication password when the comparison is consistent, the authentication is not completed in the current user list cryptographic smart devices.

[0023] 此外,所述终端,还用于向所述后台系统服务器发送所述不在所述当前用户列表中的智能密码设备的标识信息以及用户信息读取请求;接收所述后台系统服务器发送的所述用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息;所述后台系统服务器,还用于接收所述终端发送的所述不在所述当前用户列表中的智能密码设备的标识信息以及所述用户信息读取请求,根据所述不在所述当前用户列表中的智能密码设备的标识信息获取与所述不在所述当前用户列表中的智能密码设备对应的用户信息;根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息。 [0023] Further, the terminal is further configured to send back to the server system is not in the smart password identification information of the current user of the device list and the user information read request; background system receives the transmitted server the response information of the user information read request, obtaining the user information according to the user information in response to the read request; the backend system server is further configured to receive the terminal is not transmitting the current user password identification information of the smart device list request and the user information is read, acquiring apparatus according to the identifier of the smart password is not in the list of current users of the information is not in the current smart device user password list corresponding to user information; information obtaining response information to the subscriber information read request according to the user, the terminal transmits response information to the subscriber information read request.

[0024] 此外,所述终端,还用于向所述不在所述当前用户列表中的智能密码设备发送用户信息读取请求;接收所述不在所述当前用户列表中的智能密码设备发送的所述用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息;所述不在所述当前用户列表中的智能密码设备,还用于获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息。 [0024] Further, the terminal is further configured to request the read current is not in the user list on the smart password device sends user information; receiving the intelligent currently not the password sent by the user list said response information of the user information read request, obtaining the user information according to the response information to the subscriber information read request; the device is not in the current smart password in the user list is further configured to obtain user information stored in advance and obtaining the user information according to the user information in response to a read request, the terminal transmits response information to the subscriber information read request.

[0025] 此外,所述后台系统服务器,还用于向所述终端发送所述不在所述当前用户列表中的智能密码设备对应的用户信息;所述终端,还用于接收所述后台系统服务器发送的所述不在所述当前用户列表中的智能密码设备对应的用户信息。 [0025] In addition, the system back-end server is further configured to send the user information is not the device is currently smart password in the user list corresponding to the terminal; the terminal is further configured to receive the back-end server system transmitting the current user is not the user list information corresponding to the device's smart password.

[0026] 此外,所述不在所述当前用户列表中的智能密码设备,还用于在接收到所述认证指令后,由休眠状态转换为唤醒状态;在唤醒状态下生成认证动态口令。 [0026] Further, the apparatus is not in the current smart password in the user list is further configured to, after receiving the authentication instruction from the sleep state to an awake state; generating a dynamic password authentication in the awake state.

[0027] 此外,所述后台系统服务器,还用于在所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,判断所述不在所述当前用户列表中的智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中;在判断出所述不在所述当前用户列表中的智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,并通过所述终端向所述不在所述当前用户列表中的智能密码设备发送所述锁定智能密码设备指令;所述不在所述当前用户列表中的智能密码设备,还用于接收所述后台系统服务器通过所述终端发送的所述锁定智能密码设备指令,根据所述锁定智能密码设备指令执行锁定操作。 After [0027] In addition, the system back-end server is further configured to receive the authentication request to the backend system server, the identification information is not in the current dynamic password authentication and cryptographic smart user of the device list, it is determined the identification information is not the current user of the device smart password list contains a list of pre-stored smart cryptographic device in the abnormal backend server in the system; smart password is judged that the apparatus is not in the current user list the list of identification information of the abnormality in the intelligent cryptographic device, the cryptographic device to acquire the lock smart instruction by the terminal to the current user is not in the list on the smart password locking device sends the intelligent cryptographic device instruction; the said cryptographic apparatus is not in the smart list of the current user, further configured to receive the background system by the transmitting terminal server smart password lock command device, the cryptographic device in accordance with the instruction intelligent lock locking operation is performed.

[0028] 此外,所述后台系统服务器,还用于接收智能密码设备注册申请,并对所述智能密码设备注册申请进行审核;在审核所述智能密码设备注册申请通过后,存储所述智能密码设备对应的用户信息与所述智能密码设备的标识信息和种子密钥的映射关系。 [0028] In addition, the system back-end server is further configured to receive the smart apparatus registration password, and the smart password registration device for review; review the application in the smart password registration device by storing the cryptographic smart mapping relationship between the identification information and the seed key device corresponding to user information and the password to the intelligent device.

[0029] 此外,所述后台系统服务器,还用于获取智能密码设备销户申请,并对所述智能密码设备销户申请进行审核;在审核所述智能密码设备销户申请通过后,删除所述智能密码设备对应的用户信息与所述智能密码设备的标识信息和种子密钥的映射关系。 [0029] In addition, the system back-end server is further configured to obtain the cryptographic device intelligent cancellation request, the cryptographic device and the smart cancellation request for review; reviewed in the smart cryptographic device after the cancellation by the application deletes the mapping relationship between the identification information and user information of said seed key cryptographic smart device corresponding to the cryptographic smart device.

[0030] 此外,所述智能密码设备,还用于在被所述终端扫描之前,进入可被扫描状态。 [0030] Further, the smart cryptographic device, also for the terminal before being scanned can be scanned into the state.

[0031] 由上述本发明提供的技术方案可以看出,通过本数据更新方法和系统,对当前用户列表进行更新,可以保证在终端信号覆盖范围内的智能密码设备对应的用户信息可以及时更新到当前用户列表中,对于离开终端信号覆盖范围内的智能密码设备对应的用户信息可以及时从当前用户列表中删除。 [0031] provided by the technical solution of the present invention can be seen, the current user list is updated by the data updating method and system of the present, the user can ensure that the information in the signal coverage of the terminal corresponding to the smart device may update the password the list of the current user, user password information for intelligent devices within the terminal leaving the coverage of a signal corresponding to the user can be promptly removed from the current list.

附图说明 BRIEF DESCRIPTION

[0032] 为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他附图。 [0032] In order to more clearly illustrate the technical solutions in the embodiments of the present invention, briefly describes the accompanying drawings required for describing the embodiments used in the following embodiments will be apparent in the following description of the accompanying drawings are merely some embodiments of the present invention. embodiment, those of ordinary skill in the art is concerned, without creative efforts, other figures may also be obtained according to these drawings.

[0033] 图1为本发明提供的数据安全交互系统结构示意图; [0033] FIG security data structure of the present invention provides an interaction system schematic;

[0034] 图2为本发明提供的数据安全交互方法的流程图; [0034] FIG 2 is a flowchart of the data security interaction method provided by the present invention;

[0035] 图3为本发明提供的数据更新方法的流程图; Flowchart [0035] FIG. 3 data updating method of the present invention provides;

[0036] 图4为本发明提供的数据更新系统的结构示意图。 Schematic structural diagram of [0036] FIG 4 the data updating system of the present disclosure.

具体实施方式 Detailed ways

[0037] 下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。 [0037] Next, in conjunction with the present invention in the accompanying drawings, technical solutions of embodiments of the present invention are clearly and completely described, obviously, the described embodiments are merely part of embodiments of the present invention rather than all embodiments . 基于本发明的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明的保护范围。 Based on the embodiments of the present invention, all other embodiments of ordinary skill in the art without any creative effort shall fall within the scope of the present invention.

[0038] 在本发明的描述中,需要理解的是,术语“中心”、“纵向”、“横向”、“上”、“下”、“前”、“后”、“左”、“右”、“竖直”、“水平”、“顶”、“底”、“内”、“外”等指示的方位或位置关系为基于 [0038] In the description of the present invention, it is to be understood that the term "center", "longitudinal", "lateral", "upper", "lower", "front", "rear", "left", "right "," vertical "," horizontal "," top "," bottom "," inner "," outer position or positional relationship "and the like based on the indication

附图所示的方位或位置关系,仅是为了便于描述本发明和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本发明的限制。 Merely for convenience and to simplify the description of the present invention is described, but not indicate or imply that the device or element referred to must have a particular orientation or positional relationship of the orientation shown in the drawings, a specific configuration and orientation of the operation, and therefore not to be considered limit the present invention. 此外,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或数量或位置。 In addition, the terms "first", "second" are for illustrative purposes only, and not intended to indicate or imply relative importance or number or location.

[0039] 在本发明的描述中,需要说明的是,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或一体地连接;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通。 [0039] In the description of the present invention, it is noted that, unless otherwise expressly specified or limited, the terms "mounted," "connected to", "connected" are to be broadly understood, for example, may be a fixed connection, may be a detachable connection, or integrally connected; may be a mechanical connector may be electrically connected; may be directly connected, can also be connected indirectly through intervening structures, it may be in communication the interior of the two elements. 对于本领域的普通技术人员而言,可以具体情况理解上述术语在本发明中的具体含义。 Those of ordinary skill in the art, be appreciated that the specific circumstances of the specific meanings in the present invention.

[0040] 下面将结合附图对本发明实施例作进一步地详细描述。 [0040] conjunction with the accompanying drawings will be described in detail embodiments of the present invention is further embodied.

[0041] 本发明提供的数据安全交互方法,可适用的系统架构如图1所示,包括:后台系统服务器、终端以及智能密码设备。 [0041] Data security interaction method provided by the invention, applicable to the system architecture shown in Figure 1, comprising: a back-end server systems, cryptographic devices and smart terminals. 其中: among them:

[0042] 后台系统服务器可以完成对智能密码设备的管理以及对用户信息的存储和下发管理,例如包括对智能密码设备的注册、销户、锁定、认证等管理,其可以提供银行相关服务、支付平台服务等金融服务;可以包括支付服务器、认证服务器、管理服务器等一个或多个服务器的组合。 [0042] back-end system server to complete the management of the intelligent cryptographic equipment, and storage and issued the management of user information, such as including registration, cancellation of smart password device lock, certification management, which can provide banking related services, payment platform services and other financial services; payment may include a combination of server, authentication server, such as a management server or multiple servers.

[0043] 终端可以为商户端的终端,以完成移动支付的发起,用户信息的维护等,该终端可以自动扫描到其信号覆盖范围内的智能密码设备,并建立与智能密码设备的通信连接,获取智能密码设备对应的用户信息。 [0043] The terminal may be a terminal merchant terminal, to complete the originating mobile payment, maintain user information and the like, the terminal may automatically scan the smart cryptographic devices within its coverage range, and establishes a communication connection with the smart cryptographic device acquires smart password user information corresponding to the device. 本发明的终端(比如POS机等)增加了无线通信功能模块,后台和终端间可以采用专用网络连接,保证安全性。 Terminal of the present invention (such as POS, etc.) adds radio communication function module, between the terminal and the background can be dedicated network connection, to ensure security.

[0044] 智能密码设备(例如:动态口令生成装置、0ΤΡ、电子令牌、动态令牌、带有动态口令生成功能的USBkey)具备安全支付功能,该智能密码设备具备无线通信模块(例如:蓝牙、红外线、RFID、NFC、光、声波、热能、振动、WIFI等),可以与终端之间通过该无线通信模块进行通信,当然,该智能密码设备还可以包括有线接口(例如:音频接口、USB接口、串口等),并通过有线接口与终端进行通信。 [0044] Intelligent cryptographic device (for example: dynamic password generating means, 0ΤΡ, an electronic token, a token dynamically with dynamic password generation function USBkey) includes a secure payment function, the cryptographic device includes a intelligent wireless communication module (e.g.: Bluetooth , infrared, RFID, NFC, optical, acoustic, thermal, vibration, WIFI, etc.), and may be performed between the terminal via the wireless communication module, of course, the apparatus may further include a smart password wired interface (e.g.: an audio interface, USB interface, serial port, etc.), and communicates with the terminal via the wired interface. 另外,智能密码设备还可以具备连接选项功能,如果用户不开启该功能,则终端无法获取智能密码设备的标识信息和对应的用户信息。 Further, the cryptographic device may further includes a intelligent connection options feature, if the user does not open the function, the terminal can not obtain the identification information of the smart device and the password corresponding to the user information. 例如:智能密码设备可以进入可被扫描的状态,以便终端扫描到该智能密码设备。 For example: a smart device may enter a state code can be scanned, so as to scan the smart terminal cryptographic device. 智能密码设备具备的连接选项功能,可以为在智能密码设备上设置的硬件开关开启实现的,也可以为智能密码设备通过软件开启实现的。 Smart password devices with connectivity options function can be turned on to achieve, it can also be implemented as a smart password to open the device hardware through software switch setting on the smart device password.

[0045] 如图2所示,本发明提供的数据安全交互方法,包括: [0045] As shown, the security data interactive method of the present invention provides 2, comprising:

[0046] 步骤一:智能密码设备向后台系统服务器进行注册: [0046] Step one: smart password device to register with the back-end server systems:

[0047] 后台系统服务器接收智能密码设备注册申请,并对智能密码设备注册申请进行审核;具体的,持有智能密码设备的用户可以到银行柜台办理该智能密码设备的注册申请,也可以通过互联网办理该智能密码设备的注册申请,后台系统服务器接收到该注册申请后,对该用户的身份的合法性进行审核。 [0047] back-end server system receives an application for registration intelligent cryptographic device, cryptographic devices and smart applications for registration review; Specifically, the user holds the device can be smart password to the bank counter application for registration of the intelligent cryptographic device, also via the Internet after the application for registration of the smart password devices, back-office systems server receives the application for registration, the legitimacy of the identity of the user for review.

[0048] 后台系统服务器在审核智能密码设备注册申请通过后,存储智能密码设备对应的用户信息与智能密码设备的标识信息和种子密钥的映射关系;具体的,后台系统服务器审核用户身份的合法性等通过后,予以同意对用户的智能密码设备进行注册,并且,后台系统服务器可以预先存储种子密钥与智能密码设备的标识信息的对应关系,在注册完成后,将智能密码设备的标识信息以及种子密钥与用户信息关联,以便与智能密码设备对应完成后续处理。 [0048] back-end systems server after the application for registration review smart password device by mapping the relationship between seed key identification information and user information storage devices and smart password smart password corresponding to the device; specifically, the background system server auditing legitimate user's identity after the adoption, etc., to be agreed on smart password device users to register, and back-end server system can be pre-stored correspondence between the identification information of cryptographic seed key and smart devices, after registration is completed, the password identification information intelligent devices seed key and the information associated with the user, and subsequent processing to complete the smart password corresponding device.

[0049] 当然,终端也可以向后台系统服务器进行注册。 [0049] Of course, the terminal may register with the system back-end server.

[0050] 步骤二:终端在信号覆盖范围内扫描智能密码设备,并获得智能密码设备的标识信息和认证动态口令: [0050] Step two: Scan intelligent terminal in the cryptographic device within range and to obtain dynamic password identification information and authentication cryptographic smart device:

[0051] 具体的,终端可以按照一定的时间间隔发送查询信号(例如终端的序列号)查询一定无线信号覆盖范围内的智能密码设备; [0051] Specifically, the terminal may send a query signal interval (e.g. SEQ ID NO terminal) according to a certain time within a cryptographic device query smart wireless signal coverage;

[0052] 智能密码设备对终端的查询进行侦听(查询扫描),当智能密码设备进入终端的信号覆盖范围内后,向终端发送智能密码设备的标识信息,由此,终端扫描到了智能密码设备的标识信息。 [0052] The intelligent terminal cryptographic device listens for inquiry (inquiry scan), when the smart terminal device enters a password signal coverage, transmitting the identification information to the intelligent terminal cryptographic device, whereby the terminal equipment scans the smart password the identification information.

[0053] 以下,提供两种实现终端扫描得到智能密码设备的标识信息的方法: [0053] Hereinafter, two methods provide smart password identification information obtained by scanning the terminal devices:

[0054] (I)终端可以使用IAC (Inquiry Access Code,查询访问码)查询一定无线信号覆盖范围内的智能密码设备; [0054] (I) terminal may use the IAC (Inquiry Access Code, Inquiry Access Code) within a cryptographic device query smart wireless signal coverage;

[0055] 智能密码设备对终端的查询进行侦听(查询扫描),当智能密码设备进入终端的信号覆盖范围内后,向终端发送智能密码设备的地址和时钟信息; [0055] intelligent terminal cryptographic device listens for inquiry (inquiry scan), when the smart terminal device enters a password signal coverage, address and clock information transmitting device smart password to a terminal;

[0056] 智能密码设备侦听来自终端的寻呼信息,进行寻呼扫描; [0056] smart password from the terminal equipment listens to paging information, paging scans;

[0057] 终端寻呼已经查询到的智能密码设备; [0057] paging terminal has been queried intelligent cryptographic device;

[0058] 智能密码设备接收到寻呼信息后,向终端发送智能密码设备的DAC(DeviCeAccess Code,设备访问码)。 [0058] Smart cryptographic device after receiving the paging message, transmitting to the terminal device smart password DAC (DeviCeAccess Code, the device access code).

[0059] (2)终端发送查询信号查询一定无线信号覆盖范围内的智能密码设备; [0059] (2) transmits a query signal terminal cryptographic device within a smart query the wireless signal coverage;

[0060] 智能密码设备对终端的查询信号进行侦听(查询扫描),当智能密码设备进入终端的信号覆盖范围内后,向终端发送智能密码设备的地址。 [0060] smart password interrogation signal terminal equipment listens (inquiry scan), when the smart terminal device enters a password signal coverage, sends the address to the terminal device smart password.

[0061] 当然,本发明仅以以上两个示例说明终端如何获得智能密码设备的标识信息,但本发明并不局限于此,基于上述两个获得智能密码设备的标识信息的方法,智能密码设备可以在接收到终端发送的任何信息时,均可以将终端发送的信息作为休眠唤醒信号,智能密码设备根据休眠唤醒信号,将休眠状态切换为唤醒状态(即正常工作模式)。 [0061] Of course, the invention only the above two examples show how intelligent terminal obtains identification information of the cryptographic device, but the present invention is not limited to this method of obtaining the identification information of the two devices based on smart password, smart cryptographic device may upon receiving any information sent by the terminal, the terminal information can be transmitted as a wake-up signal, the cryptographic device in accordance with intelligent wake-up signal, the sleep state to the awake state (i.e. normal operating mode). 同时,智能密码设备在任何命令执行结束以后,均可以自动回复休眠状态。 Meanwhile, the smart device password after the end of execution of any order, can automatically reply to a dormant state. 智能密码设备进入休眠状态以节省智能密码设备的电能,延长使用寿命。 Smart password goes into sleep mode to save power smart password devices and prolong life.

[0062] 在本步骤终端扫描智能密码设备之前,智能密码设备还需要进入可被扫描的状态,以便终端可以扫描到该智能密码设备,其中,智能密码设备进入可被扫描的状态可以通过在智能密码设备上设置的硬件开关开启实现,也可以通过智能密码设备软件开启实现。 [0062] Before this step the terminal scans the smart cryptographic devices, smart cryptographic device further required to enter state can be scanned, so that the terminal can be scanned into the smart cryptographic device, wherein the smart password device enters may be scanned state via the Smart hardware switch on the device is turned implement password can also be achieved through smart password to open the device software.

[0063] 具体的,终端获得智能密码设备的标识信息和认证动态口令可以采用但不限于如下实现方式: [0063] Specifically, the terminal obtains identification information of the intelligent device and password authentication dynamic password may be used but not limited to implementation:

[0064] 方式一、终端向智能密码设备发送认证指令,智能密码设备接收到认证指令后,生成认证动态口令,向终端发送智能密码设备的标识信息和认证动态口令,终端接收智能密码设备的标识信息和认证动态口令。 After [0064] Mode 1, the terminal receives the authentication command to the smart cryptographic device transmits authentication instruction, intelligent cryptographic device, generates an authentication dynamic password, transmits the identification information and authentication dynamic password smart password device to the terminal, the terminal receives identification smart password device information and dynamic password authentication.

[0065] 方式二、终端向智能密码设备发送认证指令,智能密码设备接收到认证指令后,生成认证动态口令,智能密码设备向终端发送智能密码设备的标识信息,终端接收用户输入的认证动态口令,终端获得智能密码设备的标识信息和认证动态口令。 [0065] The second approach, after the terminal receives the authentication command to the smart cryptographic device transmits authentication instruction, intelligent cryptographic device, generates an authentication dynamic password, smart cryptographic device transmits identification information of the smart cryptographic device to the terminal, the terminal receives the authentication dynamic password input by the user , get smart terminal device identification information and password authentication dynamic password.

[0066] 智能密码设备接收到认证指令后,生成认证动态口令具体可以采用但不限于如下方式实现:智能密码设备接收到认证指令后,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下生成认证动态口令。 [0066] Smart cryptographic device after receiving the authentication instruction, generates an authentication dynamic password may specifically be, but is not limited to the following manner: intelligent cryptographic device after receiving the authentication instruction, converted from the sleep state to the awake state; intelligent cryptographic device in the awake state generating a dynamic password authentication. 智能密码设备进入休眠状态以节省智能密码设备的电能,延长使用寿命。 Smart password goes into sleep mode to save power smart password devices and prolong life.

[0067] 智能密码设备的标识信息可以采用自身的序列号、MAC地址或者其他的标识信息等可以唯一标识智能密码设备的信息。 [0067] The identification information of the smart cryptographic device may be information uniquely identifying itself intelligent cryptographic device serial number, MAC address or other identification information, etc. used.

[0068] 步骤三:后台系统服务器对智能密码设备进行认证: [0068] Step three: background system server device authenticates smart password:

[0069] 终端向后台系统服务器发送认证请求、智能密码设备的标识信息以及认证动态口令; [0069] The terminal sends the authentication request to the backend system server, identification information of the smart device and an authentication password dynamic password;

[0070] 后台系统服务器接收到认证请求、智能密码设备的标识信息以及认证动态口令后,完成对智能密码设备的认证;具体的,完成对智能密码设备的认证可以采用但不限于如下实现方式:后台系统服务器接收到认证请求、智能密码设备的标识信息以及认证动态口令后,根据智能密码设备的标识信息获取智能密码设备对应的种子密钥;后台系统服务器根据种子密钥生成认证动态口令的验证口令;后台系统服务器将认证动态口令和验证口令进行对比,在认证动态口令和验证口令对比一致时,完成对智能密码设备的认证; [0070] back-end system server after receiving the authentication request, the identification information of the smart cryptographic device and an authentication dynamic password, authentication is completed intelligent cryptographic devices; in particular, the completion of the authentication smart cryptographic device may be, but is not limited to the following ways: background system server receives the authentication request, the identification information of the smart device and an authentication password OTP, cryptographic device corresponding to acquiring smart seed key cryptographic smart device according to the identification information; background system seed key according to the authentication server generates a dynamic password authentication password; background system dynamic password authentication server and authentication password comparison, when the same contrast and dynamic password authentication password authentication, password authentication is completed of the intelligent device;

[0071] 为了确保数据交互的安全性以及智能密码设备的合法性,后台系统服务器接收到认证请求、智能密码设备的标识信息以及认证动态口令后,还判断智能密码设备的标识信息是否包含在后台系统服务器中预存的智能密码设备异常名单中;后台系统服务器在判断出智能密码设备的标识信息在智能密码设备异常名单中后,获取锁定智能密码设备指令,并通过终端向智能密码设备发送锁定智能密码设备指令;智能密码设备接收到锁定智能密码设备指令后,根据锁定智能密码设备指令执行锁定操作。 [0071] In order to ensure the legitimacy and security of cryptographic devices intelligent data interaction, the system back-end server receives the authentication request, the identification information, and authentication password OTP smart devices, identification information of the smart also determines the cryptographic device is included in the background list of intelligent cryptographic device exception system server stored in; backend system server determines that the identification information of the smart cryptographic device after the list of abnormal smart password device, to acquire the lock smart cryptographic device command, and locking the smart to the smart transmitting cryptographic device via the terminal cryptographic device instruction; smart password after the device receives the locking command the smart cryptographic device, the locking device instruction smart password locking operation is performed.

[0072] 具体的,智能密码设备异常名单可以为黑名单、挂失名单、失效名单等任意表示智能密码设备身份非法的名单;如果智能密码设备的标识信息在智能密码设备异常名单中,则说明该智能密码设备是非法的智能密码设备,此时,为了确保安全性,后台系统服务器通过终端向该非法智能密码设备发送锁定指令以锁定该非法智能密码设备。 [0072] In particular, the device may be abnormal smart password list is a blacklist, report the loss list, failure list, etc. represent any unlawful list of smart password device identity; if the identification information of the device in the list of smart password abnormal smart password device, it indicates that the intelligent smart cryptographic device the cryptographic device is illegal, this time, in order to ensure security, the background system server sends the lock instruction to the illegal smart password through the terminal device to lock the illegal smart cryptographic device.

[0073] 当然,本发明并不局限于此,对于实际应用来说,只要可以合法锁定非法智能密码设备即可。 [0073] Of course, the invention is not limited to this, for practical purposes, as long as you can legally lock the device to illegal smart password.

[0074] 智能密码设备根据锁定智能密码设备指令执行锁定操作可以包括:智能密码设备拒绝执行任何请求,销毁自身存储的种子密钥等任意方式。 [0074] The smart password lock the locking device to perform instruction operations may smart cryptographic device comprising: a cryptographic smart devices refuse to accept any request, to destroy any manner like a seed key stored in itself.

[0075] 当然,后台系统服务器在发送锁定指令后,还可以执行拒绝该非法智能密码设备的任何请求。 [0075] Of course, the backend system server after transmitting the lock command, the request may also perform any illegal smart password rejected devices.

[0076] 可见,当用户遗失了智能密码设备后,可以向后台系统服务器进行挂失,后台系统服务器将该智能密码设备的设备识别码登记到挂失名单上;或者出现账户异常遭到举报等情况,后台系统服务器也会将这些智能密码设备登记在黑名单中。 [0076] visible, when the user password is lost smart device, the server system can report the loss to the background, the background system server registration device identification code on the smart password to report the loss of the device list; or the like where the account is flagged abnormality occurs, background system server password will these smart devices registered in the blacklist. 这些异常名单中的设备都会作为异常设备登记在异常名单上。 These abnormalities are a list of devices registered on the device abnormality exception list. 每次交易之前,后台系统服务器会对智能密码设备进行认证,认证过程中会将该设备标识与异常名单比对,若在名单上即对该智能密码设备进行锁定。 Before each transaction, the server will back-office systems smart password authentication device, the authentication process will identify and list the equipment abnormal alignment, if that is the smart password locking device on the list. 应用该方法,若有人盗用他人的智能密码设备,并企图非法使用该智能密码设备进行转账盗取用户资金时,由于后台系统服务器每次交易之前都会对智能密码设备进行认证,后台系统服务器可以远程将这个智能密码设备锁定,因此即使该智能密码设备被别人被非法盗用也能保障用户账户不受损失。 When using this method, if anyone is smart password theft devices of others, and attempted illegal use of the smart password to steal user equipment transfers of funds, due to the equipment will be on smart password authentication server before each transaction back-office systems, back-end server systems remotely this smart password device lock, even if the others are smart password device is also illegal use of user accounts to protect against losses.

[0077] 当然,后台系统服务器在完成对智能密码设备的认证后,还可以生成认证完成消息,并发送给终端,以告知终端认证完成,也可以将认证完成消息发送至智能密码设备,以告知智能密码设备认证完成。 [0077] Of course, the back-end server system after the completion of the authentication password intelligent device, can also generate an authentication complete message, sent to the terminal to inform the terminal authentication is completed, authentication may also be complete message to the smart cryptographic device, to notify smart password authentication device is completed.

[0078] 基于上述后台系统服务器对智能密码设备进行的认证,可以确保智能密码设备的合法性,提高后续处理的安全性。 [0078] Based on the above authentication server on the back-end system equipment smart password, you can ensure the legitimacy of smart password equipment, improve the safety of subsequent treatment. 同时,可以防范钓鱼风险,防止传输信息的篡改、远程劫持和中间人攻击等交易风险,从而有效的保障智能密码设备持有者的资金安全。 At the same time, it can prevent the risk of fishing, to prevent tampering with information transmission, remote hijacking, and intermediary attacks trading risks, so as to effectively protect the financial security of smart password device holder.

[0079] 步骤四:终端获取用户信息:[0080] 具体的,在后台系统服务器完成对智能密码设备的认证之后,终端获取智能密码设备对应的用户信息。 [0079] Step Four: the terminal obtains subscriber information: [0080] Specifically, after completion of the smart password authentication device, the terminal device acquires a password corresponding to the user information of the smart system server in the background.

[0081] 本步骤中,终端获取智能密码设备对应的用户信息(例如,可以是用户的照片、姓名、账号等信息),具体可以通过但不限于以下方式获取智能密码设备对应的用户信息: [0081] In this step, the terminal acquires the device code corresponding to the smart user information (for example, a user's photo, name, account information, etc.), but is not limited by the specific user information acquiring apparatus smart password corresponding to the following ways:

[0082] 方式一、终端从后台系统服务器获取智能密码设备对应的用户信息: [0082] one embodiment, the terminal apparatus acquires the user information corresponding to the password from the smart backend system server:

[0083] 终端向后台系统服务器发送智能密码设备的标识信息以及用户信息读取请求;具体的,在终端向后台系统服务器发送智能密码设备的标识信息以及用户信息读取请求时,可以直接向后台系统服务器发送智能密码设备的标识信息以及用户信息读取请求。 [0083] The terminal transmits identification information of the smart device password and the user information fetch request to the backend system server; Specifically, when transmitting the identification information of the smart device password and the user information fetch request to the backend system server terminal, directly to the background the system server sends the smart cryptographic device identification information and the user information read request.

[0084] 后台系统服务器接收到智能密码设备的标识信息以及用户信息读取请求后,根据智能密码设备的标识信息获取与智能密码设备对应的用户信息;具体的,后台系统服务器预存了已注册的每个智能密码设备对应的用户信息,以便根据接收到的智能密码设备的标识信息获得该智能密码设备对应的用户信息。 [0084] After the background system receives the identification information of the server device and the user smart password information read request, the user information acquisition device corresponding to the identification information of the intelligent smart password according to the password device; Specifically, the backend system server prestores registered each smart user information corresponding to the cryptographic device, to obtain user information corresponding to the smart cryptographic apparatus according to the identification information of the smart device received password.

[0085] 另外,为了保证用户信息的安全性,后台系统服务器还需要通过智能密码设备持有者的授权才能将该智能密码设备对应的用户信息发送给终端。 [0085] Further, in order to ensure security, the background system needs the user information server sends the user information to the smart password corresponding to the terminal device through an authorized password to the intelligent device holder. 后台系统服务器通过终端向智能密码设备发送用户授权请求信息(例如,该用户授权请求信息可以是随机数);智能密码设备接收到用户授权请求信息后,生成授权信息,并通过终端向后台系统服务器发送授权信息;后台系统服务器接收到授权信息后,执行后台系统服务器向终端发送用户信息读取请求的响应信息的步骤。 Backend system server authorization request information through the terminal to the smart password sent by the user (e.g., the user authorization request message can be a random number); the intelligent cryptographic device receives a user authorization request information, generating the authorization information, and through the terminal to the backend system server transmitting authorization information; background system after the server receives the authorization information, the step of performing background system transmits server response information to the user information read request to the terminal.

[0086] 当然,在智能密码设备在接收到用户授权请求信息后,还可以由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下生成授权信息。 [0086] Of course, the cryptographic device after the intelligent information received authorization request to the user may also convert the sleep state to the awake state; smart password authorization information generating device in the awake state. 以便节省电能,延长智能密码设备的使用寿命。 To conserve power, extend the life of the intelligent cryptographic device.

[0087] 后台系统服务器根据用户信息获得用户信息读取请求的响应信息,并向终端发送用户信息读取请求的响应信息; [0087] The system back-end server obtains the user information read request response information based on the user information, and transmits response information of the user terminal information read request;

[0088] 终端接收到用户信息读取请求的响应信息后,根据用户信息读取请求的响应信息获得用户信息。 [0088] After the terminal receives the response information of the user information read request, the user information is obtained according to the user information in response to the read request.

[0089] 方式二、终端从智能密码设备获取智能密码设备对应的用户信息: [0089] The second approach, the terminal apparatus acquiring smart password corresponding to the user information from the smart cryptographic device:

[0090] 终端向智能密码设备发送用户信息读取请求; [0090] The user terminal transmits the password information to the intelligent device read request;

[0091] 智能密码设备获得预先存储的用户信息,并根据用户信息获得用户信息读取请求的响应信息,并向终端发送用户信息读取请求的响应信息; [0091] Smart device obtains user password information stored in advance, and obtains the user information read request response information based on the user information, and transmits response information of the user terminal information read request;

[0092] 终端接收到用户信息读取请求的响应信息后,根据用户信息读取请求的响应信息获得用户信息。 [0092] After the terminal receives the response information of the user information read request, the user information is obtained according to the user information in response to the read request.

[0093] 此外,如果智能密码设备的持有者拒绝发送用户信息,则可以通过智能密码设备上设置的按键或者通过软件控制向终端发送拒绝信息,以保证用户信息的安全。 [0093] Further, if the smart password holder device refuses to send the user information, may be provided on the smart key by the cryptographic device, or send a rejection message to the terminal through software control, to ensure the security of user information.

[0094] 方式三:后台系统服务器在完成认证的同时直接通过终端向智能密码设备发送智能密码设备对应的用户信息: [0094] Three ways: background system server sends the corresponding information to a device user smart password smart password authentication is completed while the device directly through the terminal:

[0095] 后台系统服务器在完成对智能密码设备的认证时,后台系统服务器还向终端发送智能密码设备对应的用户信息;具体的,后台系统服务器在完成对智能密码设备的认证后,还可以向终端发送认证完成消息,以告知终端后台系统服务器认证智能密码设备完成,在后台系统服务器向终端发送认证完成消息时,还可以根据智能密码设备的标识信息获取预存的与该智能密码设备对应的用户信息,从而向终端发送智能密码设备对应的用户信息。 [0095] The backend system server upon completion of the authentication smart password devices, backend system server also sends the user information of the smart cryptographic device corresponding to the terminal; Specifically, the backend system server Upon completion of the authentication smart cryptographic device, also to the terminal sends an authentication complete message to notify the terminal background system server authentication smart cryptographic device is completed, the transmission authentication completion message to the terminal in the background system server may also acquire the smart cryptographic device corresponding to a user pre-stored in accordance with identification information of the smart cryptographic apparatus information, to transmit information of the smart user password corresponding to the terminal device.

[0096] 终端获取智能密码设备对应的用户信息,即终端直接从后台系统服务器发送的信息中获取到该智能密码设备对应的用户信息。 [0096] the terminal apparatus acquires the user information corresponding to the smart password, i.e., the terminal acquires information from the backend system server sends the user information to the smart device corresponding password.

[0097] 终端将用户信息存储到预先建立的当前用户列表中;具体的,由于终端所在店铺内客流量的变化、人员的流动,探测到的智能密码设备也是不断变化的,此时,该当前用户列表可以通过但不限于如下方式进行更新: [0097] The current user list of user terminal information is stored in pre-established; Specifically, the traffic due to changes in the shop terminal is located, movement of persons detected smart password changing device is, at this time, the current user list can be updated, but not limited to, the following manner:

[0098] 方式一、参见图3所示的数据更新方法,包括: [0098] one embodiment, referring to FIG. 3 data update method, comprising:

[0099] 终端在信号覆盖范围内扫描智能密码设备,获得在终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表; [0099] In the terminal to scan the signal coverage of smart cryptographic device to obtain information about all smart password identification device within the coverage area of ​​the terminal, generating a real-time identification list;

[0100] 终端根据预设的时间间隔将实时标识列表中的智能密码设备的标识信息与当前用户列表中的智能密码设备的标识信息进行比对; [0100] The identification information of the terminal spacer intelligent real-time password device identifier list for comparison with the current device password identification information of the smart user list according to a preset time;

[0101] 如果当前用户列表中的智能密码设备的标识信息不在实时标识列表中,则删除当前用户列表中不在实时标识列表中的智能密码设备的用户信息;且如果实时标识列表中的智能密码设备的标识信息不在当前用户列表中,则终端获得不在当前用户列表中的智能密码设备的标识信息和认证动态口令,终端向后台系统服务器发送认证请求、不在当前用户列表中的智能密码设备的标识信息以及认证动态口令,后台系统服务器接收到认证请求、不在当前用户列表中的智能密码设备的标识信息以及认证动态口令后,完成对不在当前用户列表中的智能密码设备的认证,在后台系统服务器完成对不在当前用户列表中的智能密码设备的认证之后,终端获取不在当前用户列表中的智能密码设备对应的用户信息,终端将用户信息存储到预先建立的当前用户列表中。 [0101] If the identification information of the smart password device's current list of users that are not in the real-time identification in the list, delete user information list of current users are not in real-time identification smart password in the device list of; and if the intelligent cryptographic devices in real-time identification list identification information is not the current user list, the terminal obtains not identification information and authentication dynamic password of the current smart password user of the device list, the terminal request to the backend system server sends an authentication, not in the current identification information of the smart cryptographic device user list and an authentication dynamic password, the background system server receives the authentication request, not in the current identification information of the smart cryptographic device user list and the authentication dynamic password, to complete the authentication smart password devices not in the current user list, in the background system server the current user is currently not in the list after the device authentication smart password in the user list, the terminal obtains the current user is not the user list information corresponds to the device on the smart password, the user terminal information stored in the pre-established.

[0102] 同时,参见图4所示的数据更新系统,该系统采用如图3所示的数据更新方法,在此不再进行进一步的赘述,仅对该系统结构进行简单说明。 [0102] Meanwhile, the data updating system shown in FIG. 4 See, the system uses the data updating method shown in FIG. 3, which is not further repeated here, only the configuration of the system will be briefly described. 本发明提供的数据更新系统包括:终端、后台系统服务器以及智能密码设备; Data updating system according to the present invention comprises: a terminal, a server and a background system intelligent cryptographic device;

[0103] 终端,用于在信号覆盖范围内扫描智能密码设备,获得在终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;根据预设的时间间隔将实时标识列表中的智能密码设备的标识信息与当前用户列表中的智能密码设备的标识信息进行比对;如果当前用户列表中的智能密码设备的标识信息不在实时标识列表中,则删除当前用户列表中不在实时标识列表中的智能密码设备的用户信息;且如果实时标识列表中的智能密码设备的标识信息不在当前用户列表中,则获得不在当前用户列表中的智能密码设备的标识信息和认证动态口令,向后台系统服务器发送认证请求、不在当前用户列表中的智能密码设备的标识信息以及认证动态口令;在后台系统服务器完成对不在当前用户列表中的智能密码设备的认证之后,获取不在当前用户列表中的智 [0103] terminal, for scanning within the signal coverage of smart password device, to obtain information about all smart password identification device within the coverage area of ​​the terminal, generating a real-time identification list; according to a preset time interval in the real-time identifier list identification information of the intelligent cryptographic device to compare with the current identification information intelligent cryptographic device user list; if the identification information smart password device's current list of users that are not in the real-time identification in the list, delete the current user list is not real-time identification user information smart password device in the list; and if the identification information of the smart password for the device in real-time identification list not in the current user list, you obtain identification information and authentication dynamic password smart password device is not in the current user list, to the background the system server sends an authentication request, not in the current identification information, and authentication dynamic password smart password device's user list; done in the background system server after authentication smart password device is not in the current user list, get out of the current list of users in Chile 能密码设备对应的用户信息,将用户信息存储到预先建立的当前用户列表中; User information can be password corresponds to the device, the user information stored in the current user list of pre-established;

[0104] 后台系统服务器,用于接收终端发送的认证请求、不在当前用户列表中的智能密码设备的标识信息以及认证动态口令,完成对不在当前用户列表中的智能密码设备的认证。 [0104] back-end server systems, for an authentication request sent by a terminal, not in the current dynamic password identification information, and authentication password intelligent device's user list and completes the authentication of the current user is not in the list of cryptographic smart devices.

[0105] 通过本数据更新方法及系统,对当前用户列表进行更新,可以保证在终端信号覆盖范围内的智能密码设备对应的用户信息可以及时更新到当前用户列表中,对于离开终端信号覆盖范围内的智能密码设备对应的用户信息可以及时从当前用户列表中删除,保证安全性。 [0105], the current user list is updated by updating the method and system of the present data, it is possible to ensure that the user information in the terminal signal coverage corresponding intelligent cryptographic device can update the current user list within the coverage area for departure terminal signal smart password of user information corresponding to the device can be promptly removed from the current list of users, to ensure safety.

[0106]方式二: [0106] Second way:

[0107] 终端在信号覆盖范围内扫描智能密码设备,获得在终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表; [0107] In the terminal to scan the signal coverage of smart cryptographic device to obtain information about all smart password identification device within the coverage area of ​​the terminal, generating a real-time identification list;

[0108] 终端根据预设的时间间隔将实时标识列表中的智能密码设备的标识信息与当前用户列表中的智能密码设备的标识信息进行比对; [0108] The identification information of the terminal spacer intelligent real-time password device identifier list for comparison with the current device password identification information of the smart user list according to a preset time;

[0109] 如果实时标识列表中的智能密码设备的标识信息在当前用户列表中,则将在当前用户列表中的智能密码设备的用户信息存储至实时标识列表中;且如果实时标识列表中的智能密码设备的标识信息不在当前用户列表中,则终端获得不在当前用户列表中的智能密码设备的标识信息和认证动态口令; [0109] If the identification information intelligent real-time password device identifier list of the current user list, then the user information stored in the current user list intelligent real-time password devices to identify the list; and if intelligent real-time identification list cryptographic device identification information of the current user is not in the list, the terminal identification information is not obtained and the dynamic password authentication device current smart password in the user list;

[0110] 终端向后台系统服务器发送认证请求、不在当前用户列表中的智能密码设备的标识信息以及认证动态口令; [0110] the terminal sends an authentication request to the backend system server, not in the current password identification information of the intelligent device's user list and the dynamic password authentication;

[0111] 后台系统服务器接收到认证请求、不在当前用户列表中的智能密码设备的标识信息以及认证动态口令后,完成对不在当前用户列表中的智能密码设备的认证; [0111] The system back-end server receives the authentication request, the identification information and not in the current dynamic password authentication password intelligent user of the device list after the completion of the authentication of the current user is not in the list of cryptographic smart device;

[0112] 在后台系统服务器完成对不在当前用户列表中的智能密码设备的认证之后,终端获取不在当前用户列表中的智能密码设备对应的用户信息; [0112] After completion smart password authentication apparatus is not in the list of the current user, the current user terminal obtains the information of the user is not in the list of devices corresponding to the smart password system server in the background;

[0113] 终端将用户信息存储至实时标识列表中; [0113] The user terminal identifier information stored in the list in real time;

[0114] 终端将实时标识列表作为更新后的当前用户列表。 [0114] The real-time terminal identification list as the current list of users after the update.

[0115] 通过本方式对当前用户列表进行更新,可以仅将在终端的信号覆盖范围内的智能密码设备对应的用户信息进行及时更新,提高更新效率。 [0115] update the list of current users present embodiment, the user information can only be within range of the terminal device corresponding to smart password update, update improve efficiency. 利用本方式,终端在获取用户信息时,可以将店内原有智能密码设备对应的用户信息直接从原有的当前用户列表中复制到实时标识列表中,新进店的顾客对应的用户信息可以通过向后台系统服务器或者智能密码设备提出用户信息读取请求来获得。 When utilizing this mode, the user terminal in obtaining information, the user information store original smart password corresponding to the device can be copied directly from the original list of current users in real-time to identify the list, the user information about new customers into the store by the corresponding proposed user information read request to the backend system server or device to get smart password.

[0116] 由此可见,当终端所在店铺客流量发生变化时,不需要商户进行任何操作,当前用户列表可以自动进行更新,方便了商户的店员对顾客的信息管理维护。 [0116] Thus, when the terminal is located changes in store traffic, businesses do not need to do anything, the current user list can be updated automatically to facilitate the business of the clerk of the customer information management and maintenance.

[0117] 另外,终端可以将所存储的当前用户列表中用户对应的用户信息显示出来,以便智能密码设备的持有者查看该用户信息,确保交易的正确性。 [0117] Further, the terminal may be the user information of the current user list corresponding to the stored user is displayed to view the holder device smart password information of the user, to ensure the accuracy of the transaction.

[0118] 现有技术中,交易过程均需要SIM卡或智能卡等具备账户存储功能的设备,用户需要进行刷卡刷手机等操作,如此商户才能获得用户的账户信息。 [01] prior art, the transaction process require SIM cards or smart cards with account storage device functionality, users need to brush mobile phone card and other operations, so the merchant to get the user's account information.

[0119] 区别于现有技术,商户的终端可以通过先读取智能密码设备的标识信息,再利用该智能密码设备的标识信息获取智能密码设备对应的用户信息。 [0119] distinguished from the prior art, the merchant terminal may read the identification information of the first device smart password, and then use the password identification information of the intelligent device acquires user information corresponding to the smart device password. 因此,顾客可以无需借助钱包、信用卡、手机等方式来支付商品,从而简化了顾客与商户的交互操作,提升了用户体验。 Thus, a customer can pay for goods without having to help wallet, credit cards, cell phones, etc., thus simplifying the interaction between customers and merchants, enhance the user experience.

[0120] 步骤五:交易信息处理: [0120] Step Five: transaction information processing:

[0121] 终端根据待交易的智能密码设备对应的用户信息生成交易信息,并根据交易信息获得交易请求信息;具体的,交易信息可以包含交易金额、收付款双方的账号信息、收付款双方的标识信息等信息,交易信息中还可以包括电子对账单,用户可以根据电子对账单审核交易细节,例如,具体交易时间、交易单号,交易金额、购买的物品等。 [0121] terminal is generated according to the user information of the smart cryptographic apparatus be transactions corresponding to the transaction information, and obtains the transaction request information according to the transaction information; Specifically, the transaction information may include transaction amount, receive payment account both information, collection and payment identification of both information and other information, transaction information may also include electronic statements, electronic statements users can review details of the transaction, for example, specific trading hours, order number, transaction amount, items purchased and so on.

[0122] 终端向智能密码设备发送交易请求信息;具体的,终端可以通过但不限于如下方式发送交易请求信息:终端对交易请求信息进行编码后通过声波信号发送;或者终端对交易请求信息进行图形编码后并显示以便智能密码设备进行图像采集;或者终端通过终端与智能密码设备匹配的通信接口发送交易请求信息。 [0122] the terminal request information to smart password sent by the transaction; Specifically, the terminal may be by, but not sent to the manner transaction request information: the terminal transaction request information encoded transmitted via acoustic signals; or a terminal transaction request information pattern and displaying the coded password to the intelligent image capture device; or a terminal transmits request information via the communication interface with the transaction terminal smart password matches the device.

[0123] 智能密码设备接收到交易请求信息后,根据交易请求信息获得交易信息; [0123] Smart device password information after receiving the transaction request, the transaction information obtained in accordance with the transaction request information;

[0124] 为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在接收到交易请求信息后,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下根据交易请求信息获得交易信息。 [0124] In order to save power devices smart password, extend the service life, the cryptographic device may also be smart after receiving the transaction request information, converted from the sleep state to the awake state; smart password awake state device according to the transaction request information acquiring transaction information .

[0125] 智能密码设备提示交易信息;具体的,智能密码设备可以通过显示屏将交易信息显示出来,也可以通过扬声器等将交易信息以语音的方式播放出来。 [0125] intelligent device password prompt transaction information; specifically, intelligent cryptographic device can display the transaction information displayed, transaction information can also be a way to voice broadcast through speakers. 当然,智能密码设备还可以通过其他方式提示用户以获知真实的交易信息,确保交易的安全。 Of course, the smart device can also prompt the user for a password through other means in order to know the real transaction information to ensure secure transactions. 此外,智能密码设备获取到交易信息后,还可以对交易信息进行关键信息的提取,智能密码设备仅对关键信息进行提示,具体提示方式可以参见智能密码设备对交易信息的提示方式。 In addition, the intelligent cryptographic device after obtaining the transaction information, may also be only the key information extraction and intelligent device password prompt critical information on transaction information, refer to specific ways to prompt smart password prompt mode device for transaction information.

[0126] 智能密码设备接收确认指令,并生成交易动态口令;具体的,智能密码设备可以通过检测到设置在智能密码设备上的确认键被按下时发送的信息接收确认指令,也可以通过检测到触摸屏上显示的虚拟确认键被点击时发送的信息接收确认指令,还可以通过检测到的语音、指纹、虹膜等生物特征信息作为确认指令等任意方式。 [0126] Smart device receives the password confirmation instruction, and generates a dynamic password transactions; Specifically, the intelligent device may receive the password confirmation instruction information transmitted by detecting when the enter key is pressed to set the password on the smart device, can be detected by information transmitted is clicked virtual OK button on the touch screen display command reception acknowledgment, also through biometric voice, fingerprints, iris detected information in any manner as a confirmation command and the like. 进一步,智能密码设备可以通过但不限于如下方式生成交易动态口令:智能密码设备利用全部或者部分交易信息生成交易动态口令;或者智能密码设备利用全部或者部分交易信息结合时间因子生成交易动态口令;或者智能密码设备利用全部或者部分交易信息结合事件因子生成交易动态口令;或者智能密码设备利用全部或者部分交易信息结合时间因子以及事件因子生成交易动态口令,当然,智能密码设备还可以接收用户输入的挑战码单独生成交易动态口令,或者结合时间因子和/或事件因子等因子生成交易动态口令。 Further, intelligent cryptographic device may be by, but is not limited to the following embodiment generates a transaction dynamic passwords: Smart cryptographic device using all or part of the transaction information creating transactions dynamic password; or intelligent cryptographic device using all or part of the transaction information in conjunction with the time factor generating transactions dynamic password; or intelligent cryptographic device using all or part of the transaction information in conjunction with the event factor to generate trading dynamic password; or intelligent cryptographic device using all or part of the transaction information in conjunction with the time factor and the event factor to generate trading dynamic password, of course, intelligent cryptographic device may also receive a challenge entered by the user generating a dynamic password individual transaction code, or a combination of the time factor and / or cytokine production transaction events factor dynamic password.

[0127] 终端接收交易动态口令;具体的,终端可以通过但不限于如下方式接收交易动态口令:终端接收智能密码设备发送的声波信号并对声波信号进行解码获得交易动态口令(例如,可以采用声波识别设备对声波信号进行识别,采用声波解码器对声波信号进行解码获得交易动态口令);或者终端采集智能密码设备显示的图像信息并对图像信息(例如,二维码、条形码等)进行解码获得交易动态口令(例如采用图像采集设备对图像信息进行采集,采用解码器对图像信息进行解码后获得交易动态口令);或者终端通过终端与智能密码设备匹配的通信接口接收交易动态口令;或者终端通过终端输入的信息获得交易动态口令。 [0127] receiving transaction terminal dynamic password; Specifically, the terminal may receive transaction dynamic password, but not limited to, the following manner: the terminal apparatus receives the smart password transmitted acoustic signal and the acoustic signal obtained by decoding the dynamic password transaction (e.g., sound waves may be employed identification device for identifying an acoustic signal, acoustic decoder using acoustic signals obtained by decoding the dynamic password transactions); or the terminal information and the image information captured image (e.g., two-dimensional codes, bar codes, etc.) smart password obtained by decoding the display device transaction dynamic password (e.g., using image acquisition device to the image information acquisition, the acquiring transaction dynamic password after the image information is decoded using a decoder); or the terminal between the terminal and smart password matches the device communication interface receives transaction dynamic password; or terminal through information obtained input terminal transaction dynamic password.

[0128] 终端根据交易动态口令以及交易信息获得交易数据包,并向后台系统服务器发送交易数据包;具体的,交易数据包中也可以包括交易信息等其他信息。 [0128] The transaction terminal obtains the dynamic information of the transaction and a transaction password data packet, and sends the packet's backend system server; Specifically, the packet transaction may also include other information about the transaction information. 交易信息可以包含交易金额、收付款双方的账号信息、收付款双方的标识信息等信息,交易信息中还可以包括电子对账单,用户可以根据电子对账单审核交易细节,例如,具体交易时间、交易单号,交易金额、购买的物品等。 Transaction information may include transaction amount, payment and collection account information of both parties, collection and payment identification information such as the two sides of information, transaction information may also include electronic statements, users can e-audit transaction details on the bill, for example, specific trading hours, single number, transaction amount, items purchased and so on.

[0129] 后台系统服务器接收到交易数据包后,对交易动态口令进行验证,并在验证通过后执行交易;具体的,后台系统服务器只有在验证交易动态口令验证通过后,才说明本次交易经过了合法的智能密码设备的确认,并根据确认后的结果执行交易。 After the [0129] back-end system, the server receives the transaction data packet, the transaction dynamic password for authentication, and performs transactions after the verification; Specifically, the backend system server only if the validation transaction dynamic password authentication is passed, only that the transaction elapsed confirmed legitimate smart password for the device, and to execute trades based on the result of confirmation. 当然,为了保证智能密码设备的持有者知晓交易已经完成,后台系统服务器还可以通过终端向智能密码设备发送交易成功回执信息;智能密码设备接收到交易成功回执信息后,提示交易成功回执信息,交易成功回执信息中还可以包括电子对账单,用户可以根据电子对账单审核交易细节,例如,具体交易时间、交易单号,交易金额、购买的物品等。 Of course, in order to ensure that the holder of the smart device knows the password transaction has been completed, the background system server can also send transaction information to the smart password successful receipt by terminal equipment; intelligent cryptographic device receives the transaction is successful receipt of information after the transaction was successful receipt information, successful receipt transaction information may also include electronic statements, electronic users can review details of the transaction on the bill, for example, specific trading hours, order number, transaction amount, items purchased and so on. 后台系统服务器还可以向终端发送交易成功回执信息,以便终端获知交易完成。 Background system server can also send successful transaction receipt information to the terminal so that the terminal learned completion of the transaction.

[0130] 步骤六:退款: [0130] Step Six: Refund:

[0131] 当顾客需要退款时,可以执行但不限于如下几种方式以实现退款操作: [0131] When a customer needs a refund, but not limited to be performed in several ways to accomplish the operations Refund:

[0132] 方式一、终端向智能密码设备发送退款信息;具体的,退款信息可以包括:退款双方的账号、退款金额、退款交易单号、退款双方的标识信息等任意组合,退款信息中还可以包括电子对账单,用户可以根据电子对账单审核退款细节,例如,具体退款时间、退款交易单号,退款金额、退换的物品等。 [0132] a way, the terminal sends the refund information to the intelligent cryptographic device; specifically, the refund information may include: a refund of both accounts, the amount of the refund, the refund transaction order number, refund identification information such as any combination of both refund information may also include electronic statements, electronic user can review the refund details of the bill, for example, the specific time of the refund, the refund transaction order number, the amount of the refund, returned items and so on. 终端还可以通过但不限于如下方式发送退款信息:终端对退款信息进行编码后通过声波信号发送;或者终端对退款信息进行图形编码后并显示以便智能密码设备进行图像采集;或者终端通过终端与智能密码设备匹配的通信接口发送退款信息。 The terminal can also, but not limited to the following embodiment refund information transmission: the terminal transmits the refund information is encoded by the acoustic signal; or refund information terminal after encoding and graphically displays the password to the intelligent image capture device; or via a terminal the communication interface device and the smart password matches the device transmits the refund information.

[0133] 智能密码设备接收到退款信息后,提示退款信息;具体的,智能密码设备在接收到退款信息后,将该退款信息通过语音播放或者显示屏显示等任意方式提示给用户知晓,以便用户确定该退款信息是真实的退款信息。 After the [0133] smart password device receives refund information, prompt refund information; Specifically, smart cryptographic device after receiving the refund information, the refund information by voice playback or display screen presented to the user in any way known, so that the user determines that the information is true refund refund information.

[0134] 为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在接收到退款信息后,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下提示退款信息。 [0134] In order to save power devices smart password, long life, cryptographic smart device may also refund after receiving the information, converted from the sleep state to the awake state; smart password prompt refund information device in the awake state.

[0135] 智能密码设备接收退款确认指令,生成退款动态口令;具体的,用户在确定了退款信息是真实的退款信息后,通过智能密码设备上设置的实体按键或者虚拟按键等方式进行确认。 [0135] Smart device receives refund confirmation password command, generating refund dynamic password; physical buttons Specifically, after the user determines the refund information is true refund information, provided by the cryptographic device or smart virtual buttons, etc. Undergo verification. 智能密码设备在向终端发送退款确认信息后(例如,发送退款确认信息对应的声波信号后,或者显示退款确认信息对应的图像信息达到预定的时间后),由唤醒状态转换为休眠状态。 (E.g. after sending a refund confirmation information corresponding to the acoustic signal, or a refund confirmation display image information corresponding to a predetermined time) smart password confirmation device transmits the refund information to the terminal, converted from the awake state to the sleep state .

[0136] 终端接收退款动态口令,向后台系统服务器发送退款动态口令;具体的,终端可以通过但不限于如下方式接收退款动态口令:终端接收智能密码设备发送的声波信号并对声波信号进行解码获得退款动态口令(例如,可以采用声波识别设备对声波信号进行识别,采用声波解码器对声波信号进行解码获得退款动态口令);或者终端采集智能密码设备显示的图像信息并对图像信息(例如,二维码、条形码等)进行解码获得退款动态口令(例如采用图像采集设备对图像信息进行采集,采用解码器对图像信息进行解码后获得退款动态口令);或者终端通过终端与智能密码设备匹配的通信接口接收退款动态口令。 [0136] The terminal receives a refund dynamic password, sending a refund to the background system server dynamic password; Specifically, the terminal can be but is not limited to the refund OTP manner: receiving the acoustic signal and the acoustic signal transmitting apparatus smart password terminal decoding refund dynamic password (e.g., sound waves may be employed for the identification device to identify acoustic signals using an acoustic signal to the acoustic decoder decodes refund dynamic password); or the terminal and acquire image information of the image display apparatus smart password information (e.g., two-dimensional codes, bar codes, etc.) to obtain a refund for decoding the dynamic password (e.g., using image acquisition device to capture image information, dynamic password refund after the image information is decoded using a decoder); by the terminal or the terminal the communication interface with the smart device password matches the received refund dynamic password. 同时,终端可以通过安全的专用网络向后台系统服务器发送退款动态口令。 Meanwhile, the terminal may send a refund to the background system server dynamic password through a secure private network.

[0137] 后台系统服务器接收到退款动态口令后,对退款动态口令进行验证,并在验证通过后,执行退款操作。 After the [0137] back-end server receives a refund system dynamic password on the refund dynamic password for authentication, and after the verification, performs the refund operation.

[0138] 以下针对方式一,提供一种退款的应用场景,但本发明并不局限于此: [0138] below for a way to provide one kind of refund application scenario, but the present invention is not limited thereto:

[0139] 店铺根据顾客的退款意向,由终端生成退款信息(该退款信息可以是通过查找已记录的交易信息获得,也可以是重新生成的一个退款信息或其他形式的退款信息); [0139] According to store customer refund intention refund information generated by the terminal (the refund information can be obtained by looking up the transaction information has been recorded, it can be regenerated a refund information or other form of refund information );

[0140] 智能密码设备在接收到退款信息后,由休眠状态转换为唤醒状态,并对退款信息进行显示,以供顾客进行确认; [0140] Smart cryptographic device after receiving the refund information, converted from the sleep state to the awake state, and refund information displayed for the customer for confirmation;

[0141] 顾客确认该退款信息正确,按下智能密码设备上的确认键进行确认,智能密码设备接收到该退款确认指令后,生成退款动态口令,并将退款动态口令发送给终端; After [0141] The refund confirmation customer information is correct, pressing the Enter key on the smart password confirmation device, the device receiving the smart password refund confirmation command, to generate a dynamic password refund, and the dynamic password to the terminal refund ;

[0142] 终端接收到退款动态口令后,将退款动态口令发送至后台系统服务器; After [0142] receiving terminal refund dynamic password, transmits the password to the background refund dynamic system server;

[0143] 后台系统服务器接收到退款动态口令后,对退款动态口令进行验证,在验证通过后,执行退款操作,并发送退款成功回执信息给终端和/或智能密码设备。 After the [0143] back-end server receives a refund system dynamic password, the dynamic password to authenticate refund, after the verification, performs the refund operation, and transmits the refund receipt success information to the terminal and / or smart cryptographic device.

[0144] 方式二、该方式二与方式一的区别在于:在终端向智能密码设备发送退款信息之前,该终端还接收该智能密码设备发送的退款请求,并根据退款请求生成退款信息。 [0144] second approach, the second approach is a manner except that: before the terminal transmits the refund information to the smart device password, the terminal also receives refund request sent by the smart password, and generates a refund request according to a refund information. 具体的,顾客可以通过按下智能密码设备上的按键以生成退款请求,智能密码设备接收到该退款请求后,将该退款请求发送给该终端。 Specifically, the customer can press a key on the smart device to generate a refund request a password, smart cryptographic device after receiving the refund request, the refund request is sent to the terminal. 退款信息中还可以包括电子对账单,用户可以根据电子对账单审核退款细节,例如,具体退款时间、退款交易单号,退款金额、退换的物品等。 Refund information may also include electronic statements, electronic user can review the refund details of the bill, for example, the specific time of the refund, the refund transaction order number, the amount of the refund, returned items and so on. 当然,任何可以触发智能密码设备生成退款请求的实现方式都属于本发明的保护范围内。 Of course, any device can be triggered to generate cryptographic smart refund requests implementations are within the scope of the present invention.

[0145] 为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在向终端发送退款请求前,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下向终端发送退款请求。 [0145] In order to save power devices smart password, extend the service life, the intelligent device may also send a password to the terminal before the refund request, converted from the sleep state to the awake state; smart password request to the terminal apparatus transmits a refund in the awake state . 智能密码设备发送退款请求之后,由唤醒状态转换为休眠状态。 Smart password device after sending a refund request, converted from the awake state to the sleep state. 当智能密码设备接收到终端发送的退款信息时,由休眠状态转换为唤醒状态,在唤醒状态下执行提示退款信息和生成退款动态口令的操作。 When smart password refund information terminal apparatus receives transmitted, converted from the sleep state to the awake state, and performs the refund information prompts refund dynamic password generated in the awake state. 智能密码设备在向终端发送退款动态口令后(例如,发送退款动态口令对应的声波信号后,或者显示退款动态口令对应的图像信息达到预定的时间后),由唤醒状态转换为休眠状态。 After transmitting the cryptographic device intelligent refund dynamic password to the terminal (e.g. after sending a refund corresponding to the acoustic signal dynamic password, or the display image information corresponding to the refund dynamic password reaches a predetermined time), converted from the awake state to the sleep state .

[0146] 方式三、智能密码设备向终端发送退款请求;具体的,顾客可以通过按下智能密码设备上的按键以生成退款请求,智能密码设备接收到该退款请求后,将该退款请求发送给该终端。 [0146] Three ways, smart password request to the terminal device transmits the refund; Specifically, the customer can by pressing a key on the smart device to generate a password request refund after receiving the cryptographic device intelligent refund request, the refund shall request to the terminal. 当然,任何可以触发智能密码设备生成退款请求的实现方式都属于本发明的保护范围内。 Of course, any device can be triggered to generate cryptographic smart refund requests implementations are within the scope of the present invention.

[0147] 为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在向终端发送退款请求前,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下向终端发送退款请求。 [0147] In order to save power devices smart password, extend the service life, the intelligent device may also send a password to the terminal before the refund request, converted from the sleep state to the awake state; smart password request to the terminal apparatus transmits a refund in the awake state .

[0148] 终端生成退款请求标识,并向智能密码设备发送退款请求标识;具体的,终端可以生成随机数,将该随机数作为退款请求标识,该随机数用于提供给智能密码设备以生成退政Ih息。 [0148] The terminal generates a refund request identifier, and requests the transmitting device identification smart password refundable; Specifically, the terminal may generate a random number, the random number as a refund request identifier, the random number for the cryptographic device provided to the intelligence Ih retreat to generate political interest.

[0149] 智能密码设备接收到退款请求标识后,生成退款确认信息并向终端发送退款确认信息,其中,退款确认信息包括退款信息和退款动态口令;具体的,智能密码设备利用该退款请求标识、退款金额、退款账户等信息生成退款信息,该退款信息还可以包括退款交易单号、退款双方的标识信息等任意组合;其中,退款金额可以通过智能密码设备上的按键进行输入,当然,也可以通过其他方式(例如,语音输入)输入,退款账户可以通过智能密码设备上的按键进行输入,还可以通过读取预先存储在智能密码设备中的退款账户来输入;当然,还可以在交易完成后,在智能密码设备上保存交易信息,通过查询交易信息以获得退款金额和退款账户等信息。 [0149] Smart device receives the password request identifies a refund, generating refund confirmation information to the terminal sends a Confirm message refund, wherein the confirmation information includes the refund refund refund information and dynamic password; Specifically, smart cryptographic device the use of the refund request identifier, the refund amount, a refund account information generating refund information, the refund information may also include any combination of a refund transaction order number, the identification information of both the refund; wherein, the refund amount may be through the key input password on the smart device, of course, also possible (e.g., voice input) input, the refund account may be entered through keys on the smart password device in other ways, it may be stored in advance by reading the smart cryptographic device the refund account to enter; of course, you can also save transaction information on a smart password device after completion of the transaction, the transaction information by querying for a refund and the refund amount and other account information. 智能密码设备还可以通过但不限于如下方式发送退款信息:智能密码设备对退款信息进行编码后通过声波信号发送;或者智能密码设备对退款信息进行图形编码后并显示以便终端进行图像采集;或者智能密码设备通过智能密码设备与终端匹配的通信接口发送退款信息。 Smart cryptographic device may also be transmitted by, but is not limited to the following embodiment refund information: intelligent cryptographic device after refund information transmitted by the acoustic signal encoding; or the smart cryptographic device after the refund information is encoded and the graphic display terminal for image acquisition ; or communications interface device transmits the refund information smart password matches the password by the intelligent terminal device.

[0150] 为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在向终端发送退款动态口令后(例如,发送退款动态口令对应的声波信号后,或者显示退款动态口令对应的图像信息达到预定的时间后),由唤醒状态转换为休眠状态。 After [0150] In order to save power devices smart password, extend the service life, the device may also be in the smart password transmitted to the terminal refund dynamic password (e.g., after sending a refund corresponding to the acoustic signal dynamic password or dynamic password corresponding to the refund after the image information reaches a predetermined time), converted from the awake state to the sleep state.

[0151] 终端接收退款动态口令,向后台系统服务器发送退款动态口令;具体的,终端可以通过但不限于如下方式接收退款动态口令:终端接收智能密码设备发送的声波信号并对声波信号进行解码获得退款动态口令(例如,可以采用声波识别设备对声波信号进行识别,采用声波解码器对声波信号进行解码获得退款动态口令);或者终端采集智能密码设备显示的图像信息并对图像信息(例如,二维码、条形码等)进行解码获得退款动态口令(例如采用图像采集设备对图像信息进行采集,采用解码器对图像信息进行解码后获得退款动态口令);或者终端通过终端与智能密码设备匹配的通信接口接收退款动态口令。 [0151] The terminal receives a refund dynamic password, sending a refund to the background system server dynamic password; Specifically, the terminal can be but is not limited to the refund OTP manner: receiving the acoustic signal and the acoustic signal transmitting apparatus smart password terminal decoding refund dynamic password (e.g., sound waves may be employed for the identification device to identify acoustic signals using an acoustic signal to the acoustic decoder decodes refund dynamic password); or the terminal and acquire image information of the image display apparatus smart password information (e.g., two-dimensional codes, bar codes, etc.) to obtain a refund for decoding the dynamic password (e.g., using image acquisition device to capture image information, dynamic password refund after the image information is decoded using a decoder); by the terminal or the terminal the communication interface with the smart device password matches the received refund dynamic password. 另外,终端可以通过专用网络向后台系统服务器发送退款动态口令。 Further, the terminal may send a refund dynamic password to the background system server through a private network.

[0152] 后台系统服务器接收到退款动态口令后,对退款动态口令进行验证,并在验证通过后,执行退款操作。 After the [0152] back-end server receives a refund system dynamic password on the refund dynamic password for authentication, and after the verification, performs the refund operation.

[0153] 当然,后台系统服务器在执行退款操作后,还可以向终端和/或智能密码设备发送退款成功回执信息,以便店铺和/或顾客可以得知退款成功。 [0153] Of course, the back-end server systems operations after performing a refund, the refund can also be sent to the successful receipt of information terminals and / or smart password device to store and / or customers can learn refund success.

[0154] 由此可见,通过上述退款流程,可以大大简化顾客在退款过程中的操作,应用智能密码设备相关的安全功能能保障顾客退款过程的安全性,为消费者带来无缝使用体验。 [0154] Thus, the above refund process, customers can greatly simplify the operation in the refund process, the device applies a smart password security-related functions to protect the safety of customer refund process, seamless for consumers experience.

[0155] 步骤七:销户: [0155] Step 7: cancellation:

[0156] 包括终端的销户和智能密码设备的销户,以下仅对智能密码设备的销户进行说明: [0156] comprising a pin and a user terminal smart password cancellation apparatus, the cancellation only cryptographic smart devices will be described:

[0157] 智能密码设备获取智能密码设备销户申请,并对智能密码设备销户申请进行审核;具体的,该销户申请可以是通过终端或者智能密码设备发送的,也可以是人工办理的。 [0157] Smart device password acquisition request cancellation smart cryptographic device, the cryptographic device and smart cancellation request for review; Specifically, the user application may be a pin terminal or a smart password sent by the device, the handle may be artificial.

[0158] 后台系统服务器在审核智能密码设备销户申请通过后,删除智能密码设备对应的用户信息与智能密码设备的标识信息和种子密钥的映射关系;具体的,后台系统服务器在进行销户时,除了删除智能密码设备对应的用户信息与智能密码设备的标识信息和种子密钥的映射关系外,还可以将该智能密码设备对应的信息放到后台系统服务器预设的销户列表里等其他销户操作。 [0158] After the back-end server system audit smart cancellation herein by the cryptographic device, deleting the mapping relationship between the identification information and user information and a seed key cryptographic smart devices smart password corresponding to the device; Specifically, the backend system server performing cancellation when, in addition to mapping between the identification information and the seed key to delete the smart device password corresponding to the user information and passwords intelligent devices, this information can also be smart password corresponding to the device in the background system server preset list waiting for cancellation other cancellation operations.

[0159] 后台系统服务器通过管理智能密码设备的注册、销户、认证以及锁定几个方面,确保智能密码设备的合法性,杜绝了由于智能密码设备被非法盗用时产生的财产损失。 [0159] back-end server systems by managing smart password device registration, cancellation, certification as well as several aspects of the lock to ensure legality smart password device, to prevent the loss of property due to illegal use smart password device is produced.

[0160] 值得说明的是,以上的步骤一至步骤七并非依次执行的,其可以仅完成其中几个步骤,另外,以上的步骤一至步骤七也不仅限于同一应用场景下完成,无论在何种应用场景下,只要使用本发明的任一步骤,并可以安全的执行完交易即应属于本发明的保护范围。 [0160] It should be noted that the above steps 1 to seven is not executed sequentially, which can be done only a few steps, in addition, the above steps 1 to seven is also not limited to the completion of the same scenario, no matter what application scenario, as long as any of the steps used according to the present invention, and can safely executing the transaction shall fall within the protection scope of the present invention.

[0161] 以下,给出本发明示例性的一种应用场景: [0161] Here, an example is given of an application scenario of the present invention:

[0162] 本应用场景中,在智能密码设备上集成无线通信模块,以及状态控制模块形成本发明的新型的可用于安全支付的智能密码设备。 [0162] In this application scenario, integrated cryptographic device on the smart wireless communication module, and a status control module smart password forming apparatus of the present invention may be novel for secure payment. 该智能密码设备包括无线通信模块,其可以是蓝牙通信模块或者WIFI通信模块等,该无线通信模块可以对其他设备进行查询扫描和寻呼扫描,并可以与其他无线设备进行信号和数据的交互。 The cryptographic smart device includes a wireless communication module, which may be a Bluetooth communication module or WIFI communication module, the wireless communication module may perform inquiry scan and page scan to other devices, and may interact with other signals and data wireless device. 同时该智能密码设备上还包括一个状态控制模块,可以控制智能密码设备的无线通信模块和主机的工作状态。 Meanwhile, the password on the smart device further comprises a status control module operating state, the cryptographic device may control the intelligent wireless communication module and the host. 且本发明的智能密码设备具备两个状态:休眠状态以及唤醒状态,在休眠状态下只有收发器(无线通信模块)和状态控制模块处于工作,CPU将关闭,不能进行指令操作(例如:接收、发送数据等功能),从而使智能密码设备处于一种低功耗的状态。 Smart password and apparatus of the present invention includes two states: the sleep state and the awake state only in the sleep state the transceiver (wireless communication module) and a state control module in operation, the CPU will be closed, the operation instruction can not be performed (e.g.: receiving, data transmission and other functions), so that in a low-power state smart cryptographic device. 当其他无线设备从外部发给该智能密码设备应用指令时,状态控制模块可以对这些信号进行识别,并生成唤醒信号,将(PU唤醒为唤醒状态,开始执行这个应用命令。当命令执行完毕以后,CPU将再次进入休眠状态。 When the other wireless devices smart password sent from an external instruction device application, the state control module may identify these signals and generates a wake-up signal, the (PU wake the awake state, the application starts executing the command. When the command is complete , CPU will go into hibernation again.

[0163] 以下,对于本发明的完整交易流程进行简单说明: [0163] Hereinafter, the present invention is to complete the transaction process will be briefly described:

[0164] 智能密码设备处于休眠状态,用户带着该智能密码设备进入终端的无线信号覆盖范围内,智能密码设备与终端完成无线设备的交互识别,即终端可以知道有智能密码设备进入终端所在店铺并与该智能密码设备建立连接。 [0164] Smart cryptographic device in the dormant state, the user password with the smart device enters wireless coverage area of ​​a terminal, intelligent terminal completes the cryptographic device and the wireless identification device interaction, i.e., the terminal device can know the password into the intelligent terminal stores located and establish a connection with the intelligent cryptographic device.

[0165] 终端与智能密码设备建立连接以后,终端会向智能密码设备发送认证设备的请求,智能密码设备接收到该请求,状态控制模块会发出唤醒信号,此时CPU就会被唤醒,智能密码设备进入唤醒状态,并执行相应的操作。 [0165] After the establishment of the connection device and the smart device password, the terminal will, smart password to the requesting device receives the password sent by the intelligent device to the authentication request, the status control module will send a wakeup signal, and the CPU will be awakened, the smart password the device enters the awake state, and performs a corresponding operation.

[0166] 智能密码设备完成相应指令以后,恢复至休眠状态,并继续保持与终端的设备交互识别,以便终端能够判断智能密码设备的持有者是否离店。 After the [0166] smart cryptographic device corresponding instruction is completed, return to a sleep state, and to continue to interact with the device identification of the terminal so that the terminal device can be determined whether the smart password holder out.

[0167] 终端向后台系统服务器提出读取用户信息的请求,后台系统服务器提出输入用户授权信息的请求,此时终端会向智能密码设备发送用户授权请求。 [0167] made to the terminal background system server reads the user information request, the user input made backend system server authorization request information, then the terminal will request the authorization password to the intelligent device transmitting user.

[0168] 休眠状态下的智能密码设备接收到来自终端发送的用户授权请求,进入唤醒状态。 [0168] Smart device in a dormant state password received from the user terminal sends a request for authorization, enters the awake state. 智能密码设备将显示终端的请求,提示用户进行判断是否授权。 Smart device displays the password request from the terminal, determining whether to prompt the user for authorization.

[0169] 用户根据显示的终端发送的请求判断是否授权,若授权,则按下智能密码设备上的确认键使智能密码设备产生授权信息并发送给终端,然后转入休眠状态,否则,智能密码设备结束执行命令,直接转入休眠状态。 [0169] The authorized user to determine whether the request sent by the terminal display, if authorized, press enter a password on the smart device enables intelligent device generates a password authorization information sent to the terminal, and then goes to sleep, otherwise, the Cryptography end devices execute commands directly into hibernation.

[0170] 在结算时,终端又会向休眠状态的智能密码设备发送用户交易确认请求指令,处于休眠状态下的智能密码设备接收到该指令进入唤醒状态,智能密码设备显示接收到的交易信息,用户进行确认,若交易信息正确,则按下确认键使智能密码设备生成交易动态口令,并返回给终端;否则,结束执行操作,智能密码设备转入休眠状态。 [0170] When the settlement, the terminal will send the password to the intelligent user transaction device sleep state confirmation request command, the device is a smart password dormant state receiving the instruction enters the awake state, the intelligent display device password to the received transaction information, user confirmation, if the transaction information is correct, then press enter to make intelligent device generates a transaction password dynamic password, and returns to the terminal; otherwise, end the execution of the operation, the smart cryptographic device into hibernation.

[0171] 以下,给出本发明的另一种应用场景: [0171] Hereinafter, the present invention gives another application scenario:

[0172] 终端在本地服务器建立一个当前用户列表,该当前用户列表可以用来存储当前店内的顾客持有的智能密码设备对应的用户信息; [0172] the terminal to establish a list of current users in the local server, the list of current users may be used to store user information corresponding to the current equipment smart password store customer holdings;

[0173] 终端本地服务器通过无线方式(例如采用无线探测设备)对终端的无线信号覆盖范围内的智能密码设备进行监测; [0173] Terminal local server (e.g., wireless detection device) of the cryptographic smart devices within a wireless coverage area monitor terminal by wireless;

[0174] 顾客携带着具有无线通讯功能的智能密码设备(处于休眠状态)逛街购物,当该顾客进入终端的无线信号覆盖范围内,智能密码设备可以被终端搜索到,并与终端建立无线连接; [0174] Customers carrying smart cryptographic device having a wireless communication function (in a dormant state) shopping, when within the customer enters the terminal's wireless coverage area, the smart cryptographic device may be a terminal search and establish a wireless connection with the terminal;

[0175] 终端向智能密码设备发送认证指令; [0175] intelligent terminal sends an authentication instruction to the cryptographic device;

[0176] 处于休眠状态的智能密码设备在接收到终端发来的认证指令以后被唤醒,进入唤醒状态; Smart cryptographic device [0176] is waking up a dormant state after receiving the authentication command sent by the terminal, enters the awake state;

[0177] 智能密码设备生成认证动态口令,将认证动态口令和序列号发送给终端; [0177] smart password authentication device generates a dynamic password, authentication dynamic password and serial number to the terminal;

[0178] 终端在接收到智能密码设备发送过来的认证动态口令和序列号后,将认证动态口令和序列号发送给后台系统服务器; [0178] In the terminal after receiving the dynamic password authentication password and serial number of the device sent from the intelligent, dynamic password authentication and the send sequence number to the backend system server;

[0179] 后台系统服务器验证智能密码设备的合法性;若验证不通过,则结束;[0180] 若验证通过,则后台系统服务器认证智能密码设备成功,将用户的账号等用户信息发送给终端; [0179] back-end server system to verify the legality of intelligent cryptographic device; if the authentication fails, the end; [0180] If verified, the back-office systems smart password authentication server device is successful, sends the user's account number and other information to the user terminal;

[0181] 终端接收到后台系统服务器发送的用户信息后,将用户信息存储在当前用户列表中; [0181] After receiving the user terminal information sent from the server back-end system, the current user information stored in user list;

[0182] 顾客购物结束以后到收银处进行结算; [0182] After the end of customers shopping to be settled at the cash register;

[0183] 终端结算金额,并在当前用户列表中选中该顾客持有的智能密码设备对应的账户; [0183] terminal payment amount and check the current user list, the customer holds a smart device password corresponding to the account;

[0184] 终端将选购的商品、交易金额、收付款双方账号、收付款双方标识信息等中的任意组合生成交易信息,并向智能密码设备发送; Any combination of [0184] terminal will buy the goods, the transaction amount, payment and collection account both sides, both the collection and payment identification information and the like to generate transaction information, and send intelligent cryptographic device;

[0185] 智能密码设备接收到交易信息后,则转入唤醒状态,将交易信息在屏幕上显示出来,等待用户确认; [0185] smart password device after receiving the transaction information is transferred to awake the transaction information displayed on the screen, waiting for the user to confirm;

[0186] 顾客对交易信息进行确认,若有问题则按取消,交易中止,智能密码设备转入休眠状态; [0186] customer transaction information to confirm if the problem press cancel, abort the transaction, intelligent cryptographic device goes to sleep;

[0187] 若用户确认交易信息正确后,按下智能密码设备上设置的确认按键,智能密码设备生成并显示交易动态口令; [0187] If the user confirms the transaction information is correct, press OK key provided on the cryptographic smart devices, smart cryptographic device to generate and display the transaction dynamic password;

[0188] 用户在终端上输入该交易动态口令,终端将转账请求以及交易动态口令发送至后台系统服务器; [0188] The user input dynamic password transaction on the terminal, the terminal transfer request transaction and dynamic passwords are sent back to the system server;

[0189] 后台系统服务器接收到转账请求以及交易动态口令后,验证交易动态口令,并在验证通过后,完成转账,并向终端发送转账成功的支付完成信息,当然,后台系统服务器还可以将支付完成信息通过终端发送给智能密码设备,以便顾客得知交易完成; [0189] The system back-end server upon receiving the transfer request transaction and dynamic password, dynamic password authentication transaction, and after the verification, the transfer is completed, and sends the payment transfer completion information terminal successfully, of course, also possible to back-end system server payment complete information to the smart password device through the terminal to the customer that the transaction is completed;

[0190] 终端收到该支付完成信息,向顾客交付商品,结账完成。 [0190] The payment terminal receives complete information, delivery of goods to customers, completion of settlement.

[0191] 通过后台系统服务器对智能密码设备进行认证,在智能密码设备是可信的情况下,利用交易时智能密码设备对显示信息手动确认的环节,也保证了智能密码设备持有者的交易安全。 [0191] authenticate the intelligent cryptographic device by back-end server systems, smart device password is authentic, the transaction smart password when using the device to display the information manually confirm the link, but also to ensure smart password device holders transaction Safety.

[0192] 基于本发明提供的数据安全交互方法,顾客在进入店铺进行交易时,无需配合手机、银行卡或金融IC卡等相关账户载体设备完成支付,而原有技术的支付过程均需要借助SIM卡或智能卡等具备账户存储功能的设备,用户还需要进行刷卡、刷手机等操作才能完成交易。 [0192] Data Security interaction method of the invention to provide based on customer entering the shop at the time of the transaction, with no need to phone, bank cards or financial IC card account and other related support equipment to complete the payment, and the payment process by means of existing technologies require SIM cards or smart cards with account storage function, users need to swipe the brush mobile phones and other operations to complete the transaction. 采用本发明提供的方法,顾客可以无需借助钱包、信用卡、手机等方式来完成支付,从而简化了顾客与商户在支付过程中的交互操作,提高了支付效率,提升了顾客在近场支付过程中的体验;同时利用智能密码设备的安全性特点保证顾客支付过程的安全性。 The method provided by the invention, customers may not need to complete the payment by means of purse, credit cards, cell phones, etc., thus simplifying the customer and merchant interaction in the payment process, improve payment efficiency, enhance customer in the near-field payment process experience; while taking advantage of the security features of the smart device password to ensure the safety of the customer payment process.

[0193] 顾客选购好商品以后在结账时,终端无需再通过让顾客手动刷卡或刷手机的方式获得用户信息,是因为该用户信息在刚进店时已经存储在终端的当前用户列表中了,结账时顾客只需报出自己的姓名,终端即可直接将结算后的金额等交易信息发送至顾客的智能密码设备并显示,此时,顾客只需利用智能密码设备进行确认,并在终端上输入交易动态口令,终端将交易信息和交易动态口令发送给后台系统服务器,后台系统服务器验证该交易动态口令准确无误后进行转账处理,即可完成支付过程。 [0193] After customers to buy good merchandise at checkout, the terminal no longer need to manually credit card customers through phone or brush way to get user information, because the user information when he first entered the shop is already stored in the user terminal in the current list , checkout customers can simply give your name, the terminal can be sent directly to the amount of the settlement transaction information to a customer's smart cryptographic devices and displays, this time, the customer can simply use smart password to confirm equipment and terminal dynamic password input transaction, the terminal transmits the transaction information and the transaction server system dynamic password to the background, the background system to verify the transaction server dynamic password is correct after the transfer process, to complete the payment process.

[0194] 当顾客走出这家店铺的信号覆盖范围时,智能密码设备与终端之间的网络连接就会自动中断,用户信息从该店铺的当前用户列表中消失。 [0194] When the customer out of the signal coverage of this shop, the network connection between the device and the terminal smart password will automatically interrupt the user information disappears from the list of current users in this shop. 若顾客又进入另一家店铺时,将会自动进入该另一家店铺的当前用户列表中,开始另一次购物。 If the customer has entered another shop, the other will automatically enter the shop of the current user list, start another shopping. 这样不需要顾客执行任何操作,只需要顾客在购物时将一个小巧的智能密码设备随身放入口袋,采用本发明就可以为顾客带来无缝使用体验。 So customers do not need to do anything, only customers in the shopping smart password will be a small portable device in a pocket, with the present invention that can bring customers a seamless experience.

[0195] 流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本发明的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本发明的实施例所属技术领域的技术人员所理解。 [0195] In the flowchart in any process or method or otherwise described in this description may be understood as representing modules comprises one or more steps for implementing specific logical functions or processes executable instructions, fragment or portion, and the scope of the preferred embodiment of the present invention includes other implementations, which may be shown or discussed in order not press, comprising a substantially simultaneous manner or in reverse order, depending upon the functionality to perform the functions involved it should be understood that embodiments skilled in the art of the present invention.

[0196] 应当理解,本发明的各部分可以用硬件、软件、固件或它们的组合来实现。 [0196] It should be understood that various portions of the present invention may be implemented in hardware, software, firmware or a combination thereof to achieve. 在上述实施方式中,多个步骤或方法可以用存储在存储器中且由合适的指令执行系统执行的软件或固件来实现。 In the above-described embodiment, a plurality of steps or methods may be implemented in software or firmware and executed by a suitable system executing instructions stored in a memory with. 例如,如果用硬件来实现,和在另一实施方式中一样,可用本领域公知的下列技术中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路,具有合适的组合逻辑门电路的专用集成电路,可编程门阵列(PGA),现场可编程门阵列(FPGA)等。 For example, if implemented in hardware, as in another embodiment, the present technique may be any one of the following well-known in the art, or their combination thereof: a logic gate circuit for implementing logic functions upon data signals discrete logic circuits having appropriate combinational logic gate circuit ASIC, a programmable gate array (PGA), a field programmable gate array (FPGA) and the like.

[0197] 本技术领域的普通技术人员可以理解实现上述实施例方法携带的全部或部分步骤是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,该程序在执行时,包括方法实施例的步骤之一或其组合。 [0197] skilled in the art can understand that ordinary method embodiments that all or part of the steps may be by a program instructing relevant hardware, the program may be stored in a computer-readable storage medium, one of the steps in the implementation of the embodiment of the method includes the program, or combinations thereof.

[0198] 此外,在本发明各个实施例中的各功能单元可以集成在一个处理模块中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个模块中。 [0198] In addition, the functional units may be integrated in one processing module, or may be physically separate units exist, may be two or more units are integrated in a module in various embodiments of the present invention. 上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。 The integrated module may be implemented in the form of hardware, software functional modules may also be implemented. 所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。 If the integrated module is implemented as an independent product sold or used in the form of a software functional module, it may be stored in a computer-readable storage medium.

[0199] 上述提到的存储介质可以是只读存储器,磁盘或光盘等。 [0199] The storage medium may be a read-only memory, magnetic or optical disk.

[0200] 在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。 [0200] In the description of the present specification, reference to the term "one embodiment," "some embodiments", "an example", "a specific example", or "some examples" means that a description of the exemplary embodiment or embodiments described a particular feature, structure, material, or characteristic is included in at least one embodiment of the present invention, embodiments or examples. 在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。 In the present specification, a schematic representation of the above terms necessarily referring to the same embodiment or example. 而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。 Furthermore, the particular features, structures, materials, or characteristics described embodiments or examples may be at any one or more in a proper manner.

[0201] 尽管上面已经示出和描述了本发明的实施例,可以理解的是,上述实施例是示例性的,不能理解为对本发明的限制,本领域的普通技术人员在不脱离本发明的原理和宗旨的情况下在本发明的范围内可以对上述实施例进行变化、修改、替换和变型。 [0201] Although the above has been illustrated and described embodiments of the present invention, it is understood that the above embodiments are exemplary and are not to be construed as limiting the present invention, those of ordinary skill in the art without departing from the present invention. may be performed from the principles and spirit of the present invention within the scope of the above-described embodiment, variations, modifications, alternatives, and modifications. 本发明的范围由所附权利要求及其等同限定。 By the scope of the invention defined in the appended claims and their equivalents.

Claims (22)

1.一种数据更新方法,其特征在于,包括: 终端在信号覆盖范围内扫描智能密码设备,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表; 所述终端根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对; 如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息;且如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则所述终端获得不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令,所述终端向后台系统服务器发送认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动 A data updating method comprising: scanning the intelligent terminal in the cryptographic device within range, to obtain the password identification information of all smart devices within the signal coverage area of ​​the terminal, generating a real-time identification list; the said terminal according to a preset time interval the device identification information of the smart password identification information of the intelligent real-time password device identifier list in the current user list for comparison; if the current user list on the smart password identification information of the device is not in the real-time identification list, delete the user information is not in the user list intelligent real-time password device identification list of the current; and if the intelligent real-time password device identification list of identification information the user is not the current list, the terminal obtaining the identification information is not in the current dynamic password authentication and cryptographic smart devices in the user list, the terminal sends an authentication request to the backend system server, the user is not in the current smart password identification information in the list of devices and authentication for 口令,所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,完成对所述不在所述当前用户列表中的智能密码设备的认证,在所述后台系统服务器完成对所述不在所述当前用户列表中的智能密码设备的认证之后,所述终端获取所述不在所述当前用户列表中的智能密码设备对应的用户信息,所述终端将所述用户信息存储到预先建立的当前用户列表中。 Password, the background system to the authentication server receives the request, after the identification information is not in the current dynamic password authentication and cryptographic smart devices in the user list, complete the current user is not in the list on the smart password the authentication device, in the complete background system is not in the server after the password authentication intelligent current user of the device list, the terminal obtains the information of the smart user password is not the device is currently in the user list corresponding to the user terminal information is stored in the current user list of pre-established.
2.根据权利要求1所述的方法,其特征在于,所述终端获得不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令包括: 所述终端向所述不在所述当前用户列表中的智能密码设备发送认证指令,所述不在所述当前用户列表中的智能密码设备接收到所述认证指令后,生成认证动态口令,向所述终端发送所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令,所述终端接收所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令;或者所述终端向所述不在所述当前用户列表中的智能密码设备发送认证指令,所述不在所述当前用户列表中的智能密码设备接收到所述认证指令后,生成认证动态口令,所述不在所述当前用户列表中的智能密码设备向所述终端发送所述不在所述当前用户列表中的智能密码设备的标识 2. The method according to claim 1, characterized in that, the terminal obtains identification information and authentication cryptographic device intelligent dynamic password is not the current user list comprises: the terminal with the current user is not the list smart password authentication instruction sending device, after the device is not in the current user list smart password to the authentication command is received, it generates a dynamic password authentication, transmitting the current user is not in the list to the terminal dynamic password identification information and authentication cryptographic smart device, the terminal receiving the identifier is not in the current devices smart password in the user list information and authentication dynamic password; to the terminal or the current user is not in the list intelligent cryptographic device transmits authentication instruction, the current is not the authentication after receiving the instruction, generates a dynamic password authentication smart password in the user list apparatus, the current user is not in the list of the device to the smart password said transmitting terminal is not in the current smart password identifying the user of the device list 息,所述终端接收用户输入的认证动态口令,所述终端获得所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令。 Information, the terminal receives a user input dynamic password authentication, the terminal obtaining the identification information is not in the current dynamic password authentication and cryptographic smart devices in the user list.
3.根据权利要求1或2所述的方法,其特征在于,所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,完成对所述不在所述当前用户列表中的智能密码设备的认证包括: 所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,根据所述不在所述当前用户列表中的智能密码设备的标识信息获取所述不在所述当前用户列表中的智能密码设备对应的种子密钥; 所述后台系统服务器根据所述种子密钥生成认证动态口令的验证口令; 所述后台系统服务器将所述认证动态口令和所述验证口令进行对比,在所述认证动态口令和所述验证口令对比一致时,完成对所述不在所述当前用户列表中的智能密码设备的认证。 3. The method of claim 1 or claim 2, characterized in that the background system server receives the authentication request, the identification information is not in the current devices smart password in the user list and the dynamic password authentication to complete the smart password authentication apparatus is not the current user of the list comprising: the background system server receives the authentication request, the identification information is not in the current devices smart password in the user list and the authentication after the dynamic password, smart password identification information acquiring apparatus according to the current user is not in the list of the device is not in the current smart password in the user list corresponding to the seed key; the backend system server according to the seed generating an authentication key dynamic password authentication password; background system the dynamic password authentication server, the authentication password and said comparing, the dynamic password authentication and the authentication password coincides contrast, the complete absence of the said the current smart password authentication device's user list.
4.根据权利要求1至3任一项所述的方法,其特征在于,所述终端获取所述不在所述当前用户列表中的智能密码设备对应的用户信息包括: 所述终端向所述后台系统服务器发送所述不在所述当前用户列表中的智能密码设备的标识信息以及用户信息读取请求; 所述后台系统服务器接收到所述不在所述当前用户列表中的智能密码设备的标识信息以及所述用户信息读取请求后,根据所述不在所述当前用户列表中的智能密码设备的标识信息获取与所述不在所述当前用户列表中的智能密码设备对应的用户信息; 所述后台系统服务器根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息; 所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的响应信息获得所述用户信息。 4. The method according to any one of claims 1 to 3, characterized in that the terminal apparatus acquires the user information is not the smart password in the user list corresponding to the current comprises: the terminal with the background the system server sends the identification information is not in the current devices smart password in the user list and the user information read request; the background system receives the server identification information is not in the current devices smart password and user list after the subscriber information read request, obtaining the current user is not the user list information smart password corresponding apparatus according to the identifier of the device is not smart password of the current user list information; and the background system the server obtains the user information in response to information of the user information read request, the terminal transmits response information to the user information read request; the terminal receives the response information of the user information read request after obtaining the user information according to the response information to the subscriber information read request.
5.根据权利要求1至3任一项所述的方法,其特征在于,所述终端获取所述不在所述当前用户列表中的智能密码设备对应的用户信息包括: 所述终端向所述不在所述当前用户列表中的智能密码设备发送用户信息读取请求; 所述不在所述当前用户列表中的智能密码设备获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息; 所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的响应信息获得所述用户信息。 5. The method according to any one of claims 1 to 3, characterized in that the terminal apparatus acquires the user information is not the smart password in the user list corresponding to the current comprises: the terminal to the not the current user list on the smart password information read request transmitting user device; not the current user of the intelligent cryptographic device list obtaining user information stored in advance, and obtaining the user information according to the user information reading in response to the information request, and the information of the user terminal transmitting the response information read request; after receiving the response information in response to information of the user information read request, the read request according to the user information of the terminal obtaining the user information.
6.根据权利要求1至3任一项所述的方法,其特征在于, 所述后台系统服务器完成对所述不在所述当前用户列表中的智能密码设备的认证包括: 所述后台系统服务器向所述终端发送所述不在所述当前用户列表中的智能密码设备对应的用户信息; 所述终端获取所述不在所述当前用户列表中的智能密码设备对应的用户信息包括:所述终端接收所述后台系统服务器发送的所述不在所述当前用户列表中的智能密码设备对应的用户信息。 6. The method according to any one of claims 1 to 3, characterized in that the background system server to complete the authentication of the smart password is not in the current device user list comprises: the background system to the server the terminal transmits the user information is not the current user list corresponding to the smart cryptographic device; the user terminal acquires information about said current user is not in the list on the smart password corresponding apparatus comprises: the receiving terminal said server transmitting the background system is not the current user information of the user list corresponding to the smart cryptographic device.
7.根据权利要求2所述的方法,其特征在于,所述不在所述当前用户列表中的智能密码设备接收到所述认证指令后,生成认证动态口令包括: 所述不在所述当前用户列表中的智能密码设备接收到所述认证指令后,由休眠状态转换为唤醒状态; 所述不在所述当前用户列表中的智能密码设备在唤醒状态下生成认证动态口令。 7. The method according to claim 2, characterized in that said apparatus is not in the current smart password in the user list upon receipt of the authentication instruction, generating a dynamic password authentication comprising: a list of the current user is not the intelligent cryptographic device after receiving the authentication command, converted from the sleep state to the awake state; said apparatus is not in the current user list smart password authentication dynamic password is generated in the awake state.
8.根据权利要求1至7任一项所述的方法,其特征在于,所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,所述方法还包括: 所述后台系统服务器判断所述不在所述当前用户列表中的智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中; 所述后台系统服务器在判断出所述不在所述当前用户列表中的智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,并通过所述终端向所述不在所述当前用户列表中的智能密码设备发送所述锁定智能密码设备指令; 所述不在所述当前用户列表中的智能密码设备接收到所述锁定智能密码设备指令,根据所述锁定智能密码设备指令执行锁定操作。 1 8. The method according to any one of claims 7, characterized in that the background system server receives the authentication request, the identification information is not in the current devices smart password in the user list and the authentication after the dynamic password, the method further comprises: the server determines whether the background system is not smart password identification information of the current user of the device list is included in the back-end server system exception list smart password stored in the device; the back-end server determines that the system is not smart password identification information of the current user of the device list after the list of device abnormality smart password, smart password locking device acquires instruction by the terminal to the the current user list is not intelligent device transmitting the cryptographic smart password locking device instruction; said apparatus is not in the current smart password in the user list received the locking command the smart cryptographic device, the cryptographic device according to the intelligent lock locking operation instruction execution.
9.根据权利要求1至8任一项所述的方法,其特征在于,所述方法还包括: 所述后台系统服务器接收智能密码设备注册申请,并对所述智能密码设备注册申请进行审核; 所述后台系统服务器在审核所述智能密码设备注册申请通过后,存储所述智能密码设备对应的用户信息与所述智能密码设备的标识信息和种子密钥的映射关系。 9. A method according to any one of claims 1 to 8, characterized in that the method further comprises: the background system receives the registration request smart password server apparatus, and the smart password registration device for review; the background system server after the application is approved smart password device registration, mapping relationship between the identification information and the user information stored seed key to the smart device password corresponding to the intelligent cryptographic device.
10.根据权利要求9所述的方法,其特征在于, 所述后台系统服务器获取智能密码设备销户申请,并对所述智能密码设备销户申请进行审核; 所述后台系统服务器在审核所述智能密码设备销户申请通过后,删除所述智能密码设备对应的用户信息与所述智能密码设备的标识信息和种子密钥的映射关系。 10. The method according to claim 9, characterized in that the background system server acquires cancellation application smart cryptographic device, the cryptographic device and the smart cancellation request for review; reviewed in the background system to the server after the cryptographic device intelligent cancellation herein by mapping relationship between the identification information and the seed key to delete the user information of the smart device password corresponding to the password with the smart device.
11.根据权利要求1至10任一项所述的方法,其特征在于,所述终端在信号覆盖范围内扫描智能密码设备之前,所述方法还包括: 所述智能密码设备进入可被扫描状态。 11. A method according to any one of claims 1 to 10, characterized in that the terminal device prior to scanning smart password within range, the method further comprising: the intelligent cryptographic device may be scanned into the state .
12.—种数据安全交互系统,其特征在于,包括:终端、智能密码设备以及后台系统服务器: 终端,用于在信号覆盖范围内扫描智能密码设备,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息;且如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则获得不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令,向后台系统服务器发送认证请求、所述不在所述当前用户列表中的智能密码设 12.- kinds of data security interactive system, comprising: a terminal, smart devices and backend system server password: a terminal device for scanning a smart password within signal coverage is obtained in the signal coverage of the terminal smart password identification information of all devices, generating real-time identification list; to compare a preset time interval in accordance with the identification information of the cryptographic device identification information of the smart real-time identifier list with the list of current users of the cryptographic smart devices ; if the current identification information of the smart device user password is not in the list of real-time identification list, delete the user information is not in the user list intelligent real-time password device identification list of the current; and if the identification information of the intelligent real-time password device identifier list is not the list of the current user, the current is obtained not dynamic password identification information and authentication cryptographic smart devices in the user list, send a request to the authentication server background system, the not in the current smart password reset user list 的标识信息以及认证动态口令;在所述后台系统服务器完成对所述不在所述当前用户列表中的智能密码设备的认证之后,获取所述不在所述当前用户列表中的智能密码设备对应的用户信息,将所述用户信息存储到预先建立的当前用户列表中; 所述后台系统服务器,用于接收所述终端发送的所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令,完成对所述不在所述当前用户列表中的智能密码设备的认证。 The dynamic password authentication and identification information; after completion of the current smart password authentication is not the user of the device list, acquiring the cryptographic device is not in the current smart user list corresponding to the user in the background system server information, listing the current user information stored in the user pre-established; the backend system server, for receiving the authentication request of the terminal, not the smart cryptographic device the user list of the current dynamic password authentication and identification information, the authentication is not completed in the current user list cryptographic smart devices.
13.根据权利要求12所述的系统,其特征在于, 所述终端,还用于向所述不在所述当前用户列表中的智能密码设备发送认证指令;接收所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令; 所述不在所述当前用户列表中的智能密码设备,用于接收所述终端发送的所述认证指令,生成认证动态口令,向所述终端发送所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令; 或者所述终端,还用于向所述不在所述当前用户列表中的智能密码设备发送认证指令;接收用户输入的认证动态口令,获得所述不在所述当前用户列表中的智能密码设备的标识信息和认证动态口令;所述不在所述当前用户列表中的智能密码设备,用于接收所述终端发送的所述认证指令,生成认证动态口令,向所述终端发送所述不在所述当前用户列 13. The system according to claim 12, characterized in that the terminal is further configured to the user is not in the list of the current device sends smart password authentication instruction; receiving the current user is not in the list identification information and authentication password OTP intelligent device; said cryptographic device is not the smart current user list for receiving the authentication instruction sent by the terminal, generating a dynamic password authentication, transmits to the terminal said smart password identification is not the current user of the device list information and authentication dynamic password; or the terminal is further configured to the password is not in the current smart device sends user authentication command list; receiving a user's input the apparatus is not in the current smart password in the user list, sent by the terminal for receiving; dynamic password authentication, obtaining the identification information is not in the current dynamic password authentication and cryptographic smart device user list authentication instruction, the authentication generating a dynamic password, the transmission is not in the current row to the user terminal 中的智能密码设备的标识信息。 Smart password identification information in the device.
14.根据权利要求12或13所述的系统,其特征在于, 所述后台系统服务器,还用于接收所述终端发送的所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令,根据所述不在所述当前用户列表中的智能密码设备的标识信息获取所述不在所述当前用户列表中的智能密码设备对应的种子密钥;根据所述种子密钥生成认证动态口令的验证口令;将所述认证动态口令和所述验证口令进行对比,在所述认证动态口令和所述验证口令对比一致时,完成对所述不在所述当前用户列表中的智能密码设备的认证。 14. The system of claim 12 or claim 13, characterized in that the background system server is further configured to receiving the authentication request sent by the terminal, not the smart cryptographic device the current user list identification information, and authentication dynamic password, smart password identification information acquiring apparatus according to the current user is not in the list of the device is not in the current smart password in the user list corresponding to the seed key; the density of the seed generating a dynamic password authentication key of the authentication password; the dynamic password authentication and the password authentication by comparing the authentication and dynamic password authentication password when the comparison is consistent, complete the current user is not in the list smart password authentication devices.
15.根据权利要求12至14任一项所述的系统,其特征在于, 所述终端,还用于向所述后台系统服务器发送所述不在所述当前用户列表中的智能密码设备的标识信息以及用户信息读取请求;接收所述后台系统服务器发送的所述用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息; 所述后台系统服务器,还用于接收所述终端发送的所述不在所述当前用户列表中的智能密码设备的标识信息以及所述用户信息读取请求,根据所述不在所述当前用户列表中的智能密码设备的标识信息获取与所述不在所述当前用户列表中的智能密码设备对应的用户信息;根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息。 15. A system according to any one of claims 12 to 14, characterized in that the terminal is further configured to identify the smart device transmits the password to the server is not in the background system by the current user list information and a user information read request; response information to the user receiving the read request information sent by the server back-end system, the user information obtaining response information according to the user information read request; the backend system server further transmitting means for receiving the terminal identification information is not the current user of the device smart password and the user list information reading request, according to the identification information of the intelligent device password is not the current user list acquiring the current user is not the device information of the smart password corresponding to the user list; obtaining response information of the user information read request according to the user information, and the terminal transmits the user information read request the response information.
16.根据权利要求12至14任一项所述的系统,其特征在于, 所述终端,还用于向所述不在所述当前用户列表中的智能密码设备发送用户信息读取请求;接收所述不在所述当前用户列表中的智能密码设备发送的所述用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息; 所述不在所述当前用户列表中的智能密码设备,还用于获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应息。 16. The system according to any one of claims 12 to 14, characterized in that the terminal is further configured to the user list is not in the current smart password device transmits the user information read request; receiving said response information is not the current user of the smart password sent by the user list information read request, obtaining the user information according to the response information to the subscriber information read request; the current user is not the listing intelligent cryptographic device for obtaining user information is also stored in advance, and obtaining information of the user in response to the read request information according to the user information, the terminal sends a response message to the user information read request .
17.根据权利要求12至14任一项所述的系统,其特征在于, 所述后台系统服务器,还用于向所述终端发送所述不在所述当前用户列表中的智能密码设备对应的用户信息; 所述终端,还用于接收所述后台系统服务器发送的所述不在所述当前用户列表中的智能密码设备对应的用户信息。 17. A system according to any one of claims 12 to 14, characterized in that the background system server is further configured to send to the terminal by the current user is not in the list corresponding to a user equipment smart password information; and the terminal, receiving the back-end system is further configured to send the server is not the current user information of the user list corresponding to the smart cryptographic device.
18.根据权利要求13所述的系统,其特征在于, 所述不在所述当前用户列表中的智能密码设备,还用于在接收到所述认证指令后,由休眠状态转换为唤醒状态;在唤醒状态下生成认证动态口令。 18. The system according to claim 13, wherein said apparatus is not in the current smart password in the user list is further configured to, after receiving the authentication command, converted from the sleep state to the awake state; in generating a dynamic password authentication awake state.
19.根据权利要求12至18任一项所述的系统,其特征在于, 所述后台系统服务器,还用于在所述后台系统服务器接收到所述认证请求、所述不在所述当前用户列表中的智能密码设备的标识信息以及认证动态口令后,判断所述不在所述当前用户列表中的智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中;在判断出所述不在所述当前用户列表中的智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,并通过所述终端向所述不在所述当前用户列表中的智能密码设备发送所述锁定智能密码设备指令; 所述不在所述当前用户列表中的智能密码设备,还用于接收所述后台系统服务器通过所述终端发送的所述锁定智能密码设备指令,根据所述锁定智能密码设备指令执行锁定操作。 19. A system according to any one of claims 12 to 18, characterized in that the background system server is further configured to receive the authentication request to the backend system server, the user is not in the current list after the identification information and the dynamic password authentication password in a smart device, the current determination is not the password identification information of the smart user of the device list is included in the back-end server system exception list smart password stored in the device; the it is determined that the identification information is not in the current devices smart password in the user list after the list of the abnormality in the intelligent cryptographic device, the cryptographic device acquires intelligent lock instruction by the terminal to the current user is not in the list intelligent smart password cryptographic device sends the lock instruction apparatus; said apparatus is not in the current smart password in the user list, further configured to receive the background system by the transmitting terminal server smart password locking device instruction the cryptographic device of the intelligent lock locking operation instruction execution.
20.根据权利要求12至19任一项所述的系统,其特征在于, 所述后台系统服务器,还用于接收智能密码设备注册申请,并对所述智能密码设备注册申请进行审核;在审核所述智能密码设备注册申请通过后,存储所述智能密码设备对应的用户信息与所述智能密码设备的标识信息和种子密钥的映射关系。 20. The system of any one of claims 12 to claim 19, characterized in that the background system server is further configured to receive a smart password registration device, and the smart password registration device for review; audit the smart password registration device herein by mapping relationship between the identification information and the seed key stored in said user smart password information corresponding to the device with the smart device password.
21.根据权利要求20所述的系统,其特征在于, 所述后台系统服务器,还用于获取智能密码设备销户申请,并对所述智能密码设备销户申请进行审核;在审核所述智能密码设备销户申请通过后,删除所述智能密码设备对应的用户信息与所述智能密码设备的标识信息和种子密钥的映射关系。 21. The system according to claim 20, characterized in that the background system server is further configured to obtain the cryptographic device intelligent cancellation request, the cryptographic device and the smart cancellation request for review; the smart audit after the cryptographic device cancellation herein by mapping relationship between the identification information and the user information delete seed smart password corresponding to the device with the smart key of the cryptographic device.
22.根据权利要求12至21任一项所述的系统,其特征在于, 所述智能密码设备,还用于在被所述终端扫描之前,进入可被扫描状态。 22. The system of any one of claims 12 to claim 21, wherein the smart cryptographic device, further for the terminal before being scanned can be scanned into the state.
CN201410171436.7A 2014-04-25 2014-04-25 Data updating method and system CN103944907A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410171436.7A CN103944907A (en) 2014-04-25 2014-04-25 Data updating method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410171436.7A CN103944907A (en) 2014-04-25 2014-04-25 Data updating method and system

Publications (1)

Publication Number Publication Date
CN103944907A true CN103944907A (en) 2014-07-23

Family

ID=51192391

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410171436.7A CN103944907A (en) 2014-04-25 2014-04-25 Data updating method and system

Country Status (1)

Country Link
CN (1) CN103944907A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015161693A1 (en) * 2014-04-25 2015-10-29 天地融科技股份有限公司 Secure data interaction method and system
WO2016062113A1 (en) * 2014-10-20 2016-04-28 中兴通讯股份有限公司 Wireless network access security detection method and terminal
CN105991685A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data update method and system
CN106603588A (en) * 2015-10-14 2017-04-26 北京国双科技有限公司 Processing method and device for server node

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1758589A (en) * 2004-10-08 2006-04-12 飞力凯网路股份有限公司 Information processing apparatus, information processing method, and program
CN101076823A (en) * 2004-04-21 2007-11-21 电脑信用公司 Selling site user identification system
CN101582886A (en) * 2009-04-02 2009-11-18 北京飞天诚信科技有限公司 Method and system for identity authentication based on dynamic password
CN102186169A (en) * 2010-04-30 2011-09-14 北京华大智宝电子系统有限公司 Identity authentication method, device and system
CN102521743A (en) * 2011-11-16 2012-06-27 赵启程 Mobile phone safety payment method and system on basis of wireless channel
US20120171992A1 (en) * 2010-12-30 2012-07-05 Sk C&C System and method for secure containment of sensitive financial information stored in a mobile communication terminal
CN102640526A (en) * 2009-09-22 2012-08-15 特瑞芬恩有限公司 Subscriber identification management broker for fixed/mobile networks
US20120276868A1 (en) * 2011-04-28 2012-11-01 Boku, Inc Systems and methods to process donations
US20130030915A1 (en) * 2011-06-23 2013-01-31 Qualcomm Incorporated Apparatus and method for enhanced in-store shopping services using mobile device
CN103259765A (en) * 2012-02-19 2013-08-21 上海博路信息技术有限公司 Zone social intercourse system based on Bluetooth
CN103699997A (en) * 2013-12-27 2014-04-02 Tcl集团股份有限公司 Method, device and electronic equipment for locking mobile payment service

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101076823A (en) * 2004-04-21 2007-11-21 电脑信用公司 Selling site user identification system
CN1758589A (en) * 2004-10-08 2006-04-12 飞力凯网路股份有限公司 Information processing apparatus, information processing method, and program
CN101582886A (en) * 2009-04-02 2009-11-18 北京飞天诚信科技有限公司 Method and system for identity authentication based on dynamic password
CN102640526A (en) * 2009-09-22 2012-08-15 特瑞芬恩有限公司 Subscriber identification management broker for fixed/mobile networks
CN102186169A (en) * 2010-04-30 2011-09-14 北京华大智宝电子系统有限公司 Identity authentication method, device and system
US20120171992A1 (en) * 2010-12-30 2012-07-05 Sk C&C System and method for secure containment of sensitive financial information stored in a mobile communication terminal
US20120276868A1 (en) * 2011-04-28 2012-11-01 Boku, Inc Systems and methods to process donations
US20130030915A1 (en) * 2011-06-23 2013-01-31 Qualcomm Incorporated Apparatus and method for enhanced in-store shopping services using mobile device
CN102521743A (en) * 2011-11-16 2012-06-27 赵启程 Mobile phone safety payment method and system on basis of wireless channel
CN103259765A (en) * 2012-02-19 2013-08-21 上海博路信息技术有限公司 Zone social intercourse system based on Bluetooth
CN103699997A (en) * 2013-12-27 2014-04-02 Tcl集团股份有限公司 Method, device and electronic equipment for locking mobile payment service

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015161693A1 (en) * 2014-04-25 2015-10-29 天地融科技股份有限公司 Secure data interaction method and system
WO2016062113A1 (en) * 2014-10-20 2016-04-28 中兴通讯股份有限公司 Wireless network access security detection method and terminal
CN105991685A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data update method and system
CN106603588A (en) * 2015-10-14 2017-04-26 北京国双科技有限公司 Processing method and device for server node

Similar Documents

Publication Publication Date Title
US7357309B2 (en) EMV transactions in mobile terminals
US9911118B2 (en) Device pairing via trusted intermediary
US8534564B2 (en) Integration of verification tokens with mobile communication devices
KR100953232B1 (en) Electronic transaction methods therefor
US8840030B2 (en) Secure credit card with near field communications
US20070130085A1 (en) Method and apparatus of secure authentication and electronic payment through mobile communication tool
US20130226813A1 (en) Cyberspace Identification Trust Authority (CITA) System and Method
US8332320B2 (en) Techniques for remote controlled physical transactions with dynamic key generation and authentication
US20130110658A1 (en) Systems and methods for enabling mobile payments
US20120330769A1 (en) Electronic transaction techniques implemented over a computer network
JP6238971B2 (en) A method and system for the wallet admission
CN100565597C (en) Self-help values charging system and method
US8934865B2 (en) Authentication and verification services for third party vendors using mobile devices
US8421595B2 (en) Method, device, server and system for identity authentication using biometrics
CN101946453B (en) System for receiving and transmitting encrypted data
US7458510B1 (en) Authentication of automated vending machines by wireless communications devices
US20130006847A1 (en) Mixed Mode Transaction Protocol
US20100082490A1 (en) Systems and methods for secure wireless transactions
US20090172402A1 (en) Multi-factor authentication and certification system for electronic transactions
US8788349B2 (en) Mobile payment using picture messaging
US20140279556A1 (en) Distributed authenticity verification for consumer payment transactions
US20180114210A1 (en) Secure payments with untrusted devices
JP2011516980A (en) Configured transaction server to allow the payment transaction using a mobile phone device
EP3270540A1 (en) A transmitter for transmitting a secure access signal
CN101567109A (en) Device integrating payment and gathering functions, system and trade method

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
RJ01