CN104079529A - Remote data acquisition method - Google Patents

Remote data acquisition method Download PDF

Info

Publication number
CN104079529A
CN104079529A CN201310098802.6A CN201310098802A CN104079529A CN 104079529 A CN104079529 A CN 104079529A CN 201310098802 A CN201310098802 A CN 201310098802A CN 104079529 A CN104079529 A CN 104079529A
Authority
CN
China
Prior art keywords
acquisition
server
terminal
security
unit
Prior art date
Application number
CN201310098802.6A
Other languages
Chinese (zh)
Other versions
CN104079529B (en
Inventor
赵茂林
Original Assignee
北京中创智信科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京中创智信科技有限公司 filed Critical 北京中创智信科技有限公司
Priority to CN201310098802.6A priority Critical patent/CN104079529B/en
Publication of CN104079529A publication Critical patent/CN104079529A/en
Application granted granted Critical
Publication of CN104079529B publication Critical patent/CN104079529B/en

Links

Abstract

The invention discloses a remote data acquisition method. The remote data acquisition method comprises the steps that: an application terminal sends an acquisition request to an application server; the application server sends the acquisition request to a safety acquisition server; the safety acquisition server sends an acquisition instruction to a safety acquisition terminal according to the acquisition request; the safety acquisition terminal acquires information on a to-be-acquired information carrier according to the requirement of the acquisition instruction; the safety acquisition terminal returns the acquired information to the safety acquisition server; the safety acquisition server sends the acquired information to the application server; and the application server sends a prompt of acquisition completion to the application terminal, wherein the application terminal is provided with an open operating system, and the safety acquisition terminal and the application terminal are not interconnected, and the safety acquisition server and the application terminal are not interconnected.

Description

远程数据采集方法 Remote Data Collection

技术领域 FIELD

[0001] 本发明涉及远程数据采集方法,尤其涉及安全的基于开放式操作系统的远程数据采集方法。 [0001] The present invention relates to a method for remote data acquisition, in particular based remote data acquisition system according to an open operating safety.

背景技术 Background technique

[0002] 传统的基于开放式操作系统的远程数据采集系统,如图1所示,一般包括数据采集终端101、应用终端102和应用服务器(APP) 103,其中数据采集终端101与应用终端102在客户侧连接,并且应用终端102与应用服务器103连接。 [0002] traditional open operating system for remote data acquisition system shown in Figure 1, generally includes a data collection terminal 101, terminal 102 and application server application (APP) 103, wherein the data collection terminal 101 and the application 102 in the terminal client-side connector, and the terminal application 102 and application server 103 is connected. 例如,安装有开放式操作系统的计算机作为应用终端102,读卡器作为数据采集终端101,该读卡器与该计算机连接,而该计算机与应用服务器103连接,其中该读卡器用来读取例如智能卡或磁条卡信息,而该计算机可以输入用户口令以确保采集信息传输给应用服务器103。 For example, open operating system is installed as an application of the computer terminal 102, the reader 101 as the data collection terminal, the card reader connected to the computer, and the computer 103 is connected with the application server, wherein the card reader to read for example, a smart card or magnetic stripe card information, and the computer may be collected to ensure that the user password input information to the application server 103. 这里需要说明的是,在本申请中,“开放式操作系统”是一种由开发商提供的操作系统,这种操作系统具有以下特征:开发商、用户和第三方都可以在这种操作系统下开发各种应用软件和程序,或者开发商、用户和第三方都可以在这种操作系统的界面上安装、调试、运行、管理软件和程序。 It is noted that, in the present application, the "open operating system" is an operating system provided by the developer, this operation system has the following characteristics: developers, users and third parties are in such an operating system under development of various applications and programs, or developers, users and third parties can be installed on this operating system interface, commissioning, operation, management software and procedures.

[0003]当需要采集相关信息时,如图2所示,这种基于开放式操作系统的远程数据采集系统的数据采集操作流程包括如下步骤: [0003] When the information to be collected, as shown, such an operation based on the data flow collection of remote data acquisition system of open operating system 2 comprising the steps of:

[0004] 在步骤S201,应用服务器103向应用终端102发起一个采集请求; [0004] In step S201, the application server 103 to the terminal 102 initiates an application acquisition request;

[0005] 在步骤S202,应用终端102向数据采集终端101发送采集指令,从而驱动数据采集终端101处于采集信息状态; [0005] In step S202, the application terminal 102 to the data collection terminal 101 transmits collection commands, thereby driving the data collection terminal 101 is in the state information acquired;

[0006] 在步骤S203,用户将信息载体靠近数据采集终端101或者将信息输入数据采集终端101,从而数据采集终端101获取采集的数据; [0006] In step S203, the user information carrier near to the data collection terminal 101 or the information input terminal 101 the data acquisition so that the data collection terminal 101 acquires data collection;

[0007] 在步骤S204,数据采集终端101将采集的数据发给应用终端102 ;和 [0007] Data terminal 102 to an application step S204, the data collection terminal 101 is collected; and

[0008] 在步骤S205,应用终端102将采集的数据发送给应用服务器103。 Data [0008] In step S205, the application terminal 102 to send the collected application server 103.

[0009] 之后,应用服务器依据预定的业务处理逻辑进行处理,例如查询、比对、或者身份认证等。 After the [0009], the application server based on predetermined business logic processing, such as queries, alignment, or the identity authentication.

[0010] 然而,现有技术中以上基于开放式操作系统的远程数据采集系统和方法存在以下问题。 [0010] However, the above prior art has the following problems based remote data acquisition system and method of open operating system.

[0011] 由于上述传统的基于开放式操作系统的远程数据采集系统中应用终端102通常是台式计算机(例如,PC机)、笔记本电脑、手机、数字电视、自动售货机、自动柜员机、固定电话、或者平板电脑等计算设备,其中安装了开放式操作系统,如Windows、Linux、1S或者Android等,所以,至少因第三方可以在这种操作系统下开发各种应用软件和程序,或者第三方可以在这种操作系统的界面上安装、调试、运行、管理软件和程序的缘故,在这些开放式操作系统上很容易安装恶意程序。 [0011] Application of the above conventional terminal remote data acquisition system based on an open operating system 102 is typically a desktop computer (e.g., PC machine), notebook computers, mobile phones, digital TV, vending machines, automatic teller machines, fixed telephone, tablet or other computing device, wherein the mounting of open operating systems such as Windows, Linux, 1S Android or the like, so that at least the development of various application software programs and operating systems because in such a third party or a third party may on this operating system interface is installed, the reason commissioning, operation, management software and programs on these open operating system is easy to install malicious programs. 当这种数据采集系统进行数据采集时,由于数据采集终端与应用终端直接相连,采集的数据首先要经过应用终端才能发送到应用服务器,所以应用终端上的恶意程序有可能窃取采集的数据,如磁条卡信息和口令等,并将采集的数据发送给攻击者,从而导致采集的数据泄露。 When such a data acquisition system for data acquisition, because the data collection terminal directly connected with the application terminal, the collected data is first to be sent to the terminal to the application server through the application, a malicious program on the applications could capture the terminal data acquired, such as data magnetic stripe card information and passwords, and collected to the attacker, resulting in leakage of data collection. 例如,攻击者就可以用获得的磁条卡信息复制磁条卡,并用获得的口令或者手写签名冒充用户刷卡,从而给用户带来巨大损失。 For example, an attacker could copy the magnetic stripe card with a magnetic stripe card information obtained and used to obtain passwords or credit card handwritten signature impersonate the user, leading to huge losses to the user. 另外,恶意程序也可能篡改采集的数据,使应用服务器无法得到正确的采集数据。 In addition, the data also may tamper with malicious programs collected so that the application server can not get the right data collection. 因此,很难保证采集的数据的机密性或完整性。 Therefore, it is difficult to ensure the confidentiality or integrity of the data collected.

[0012]另外,在上述传统的基于开放式操作系统的远程数据采集系统中,应用终端需要将采集的数据发送给应用服务器,此过程例如可通过应用终端上的应用程序(App)或通用浏览器来完成,而用户有可能下载并安装假的应用程序(App)(例如,由网络侧钓鱼网站提供的假的应用程序),从而将采集的数据直接发给了攻击者(例如,发给网络侧钓鱼网站从而被窃取)。 [0012] Further, to the application server in the data of the conventional-based remote data acquisition system open operating system, the application terminal needs to be collected, this process, for example, by the application (the App) on the application terminal or generic browser is done, the user may have to download and install the fake application (App) (for example, provided by the network side of the phishing sites fake applications), so that the data collected will be sent directly to the attacker (eg, distributed the network side so as to be phishing sites to steal). 例如,若有攻击者仿造了某一机构发行的磁条卡应用程序,并且被大量用户下载,则可能导致大量用户的磁条卡信息和口令泄露,给应用服务器所服务的整个机构体系都会带来严重的后果。 For example, if an attacker counterfeit magnetic stripe card issued by an institution applications, and downloaded a large number of users, it may lead to large numbers of users of magnetic stripe card information and passwords leaked, the entire body system to the application server services will bring to serious consequences.

[0013] 再有,在上述传统的基于开放式操作系统的远程数据采集系统中,用户需要在自己的应用终端上安装驱动程序才能使用数据采集终端。 [0013] Further, in order to use the data collection terminal based on the above-described conventional remote data acquisition system of open operating system, the user needs to install the application on his terminal driver. 由于用户的应用终端可能安装的是不同的开放式操作系统,如1S、Android、Windows、或Symbian等,这些操作系统的不同版本可能差别较大,而且不同的终端厂商还可能对相应的开放式操作系统进行裁剪,所以,需要针对不同的开放式操作系统、不同的版本、和/或不同的厂商分别开发驱动程序。 Since the user may install the application terminal is different open operating systems, such as 1S, Android, Windows, or the like Symbian, different versions of these operating systems may be large differences, and different terminal manufacturers may also open the corresponding cutting operating system, so the need for different open operating systems, different versions, and / or different manufacturers are developing drivers. 这样,开发成本巨大很大。 In this way, the huge development costs greatly. 而且,如果用户安装的驱动程序不对应就无法使用,这就对用户的操作水平提出很高要求,从而使得很多用户因为操作复杂而拒绝使用。 Further, if the driver does not correspond to the user installation can not be used, which operation level the user significant demands, so that many users because of the complexity reject operation.

[0014] 还有,在上述传统的基于开放式操作系统的远程数据采集系统中,不同厂商开发的应用终端的硬件接口很多并不统一,尤其是在应用终端具有不同形态,例如是自动售货机、自动柜员机、固定电话、平板电脑、PC机或者笔记本电脑时,硬件接口有很大差异。 [0014] Further, in the above conventional remote data acquisition system based on an open operating system, different hardware manufacturers to develop many applications interface of the terminal is not uniform, in particular with different forms of application of the terminal, for example, a vending machine , ATMs, fixed phone, tablet, PC or laptop computer, are very different hardware interfaces. 当应用终端与数据采集终端的硬件接口不一致或者不兼容时,二者无法连接,就无法实现数据采集。 When the application terminal and data acquisition hardware interface of the terminal are inconsistent or incompatible, both can not be connected, the data acquisition can not be achieved.

发明内容 SUMMARY

[0015] 本发明能够克服现有技术存在的上述一个或者多个缺点。 [0015] The present invention is capable of overcoming one or more disadvantages of the prior art.

[0016] 根据本发明的一个方面,提供一种基于开放式操作系统的远程数据采集方法,这种方法可以包括:应用终端发送采集请求到应用服务器;所述应用服务器将所述采集请求发送给安全采集服务器;所述安全采集服务器根据所述采集请求,将采集指令发给安全采集终端;所述安全采集终端根据所述采集指令的要求采集待采集信息载体上的信息;所述安全采集终端将采集的信息返回给所述安全采集服务器;所述安全采集服务器将所述采集的信息发送到所述应用服务器;和所述应用服务器向所述应用终端发送采集完成的提示,其中所述应用终端安装有开放式操作系统,所述安全采集终端与所述应用终端之间互不连接,并且所述安全采集服务器与所述应用终端之间互不连接。 [0016] In accordance with one aspect of the present invention, there is provided a remote data acquisition method based on an open operating system, this method may include: The terminal sends a request to the application server acquired; the application server, the request to collect safety acquisition server; collecting the security server according to the acquisition request, the acquired instruction to secure collection terminal; the collected security information to be collected on the information carrier according to claim collecting terminal acquiring instruction; and the safety collection terminal the collected information is returned to the secure collection server; transmitting the security server collecting the collected information to the application server; and said server application transmits the completed acquisition prompt application to the terminal, wherein the application terminal open operating system is installed, the safety and do not collect between the terminal and the connecting terminal application, the secure collection and not connected to each terminal between the server and the application.

[0017] 进一步地,在上述基于开放式操作系统的远程数据采集方法中,所述安全采集服务器将采集指令发给安全采集终端的步骤和所述安全采集终端将采集的信息返回给所述安全采集服务器的步骤可以通过无线通信的方式实现。 [0017] Further, based on the information of the remote data acquisition method of open operating system, the security server will collect acquisition instruction to secure the collection terminal and the step of the collected security acquisition terminal returns to the security step acquisition server may be implemented by means of wireless communication.

[0018] 再有,在上述基于开放式操作系统的远程数据采集方法中,所述安全采集终端可以包括:采集通信单元,所述通信单元用于与所述安全采集服务器进行通信;采集安全单元,所述采集安全单元用于保护经所述采集通信单元传输的数据;采集单元,所述采集单元用于采集所述待采集信息载体上的信息;用户提示单元,所述用户提示单元用于给用户提示信息;和采集存储单元,所述采集存储单元用于存储所述采集的信息。 [0018] Further, in the remote data acquisition method based open operating system, the security acquisition terminal may comprise: acquiring a communication unit, the communication unit configured to communicate with the collection server security; acquisition security unit the acquisition unit for protecting the security of data via the communication unit transmits the acquisition; collecting unit, the collecting unit for collecting information on the information carrier to be collected; user prompt unit, the unit prompts the user for prompt information to the user; and an acquisition memory, the acquisition information storage unit for storing the collected. 这里,所述采集单元可以包括以下任一装置或它们的组合:磁条卡信息采集装置、条码采集装置、二维码采集装置、电子标签采集装置、身份证信息采集装置、和生物识别信息采集装置。 Here, the acquisition unit may comprise any of the following means or a combination thereof: a magnetic stripe card information collecting apparatus, bar code acquisition device, a two-dimensional code acquisition device, an electronic label collection device, identification information acquiring means, and biometric information collection device. 这里,所述生物识别信息采集装置可以包括:指纹识别装置、脸形识别装置、掌纹识别装置、手写体识别装置、手形识别装置、生物声音识别装置、视网膜识别装置、脸部热谱图识别装置、或者虹膜识别装置。 Here, the biometric information collection means may comprise: a fingerprint identification device, face recognition device, palmprint identification means, handwriting recognition means, hand shape recognition means, the speech recognition apparatus of biological, retina recognition device, facial thermogram identification means, or iris recognition apparatus.

[0019] 另外,在上述基于开放式操作系统的远程数据采集方法中,所述安全采集服务器可以包括:第一通信单元,所述第一通信单元用于与所述应用服务器进行通信;第一安全单元,所述第一安全单元用于保护经所述第一通信单元传输的数据;第二通信单元,所述第二通信单元用于与所述安全采集终端进行通信;第二安全单元,所述第二安全单元用于保护经所述第二通信单元传输的数据;采集终端管理单元,所述采集终端管理单元用于对所述安全采集终端进行管理;采集事务管理单元,所述采集事务管理单元用于管理采集事件;服务器存储单元,所述服务器存储单元用于存储来自所述采集终端管理单元和所述采集事务管理单元的数据;和输入输出单元,用于与所述第一安全单元、所述第二安全单元、所述采集终端管理单元和所述采集事务管理单元进 [0019] Further, in the remote data acquisition method based open operating system, the server may secure collection comprising: a first communication unit, the first communication unit for communicating with the application server; first safety means, the first security unit for protecting data via said first communication unit; and a second communication unit, the second unit for communication with the communication security collection terminal; a second security element, the second security element for protecting data communication via said second transmission unit; acquisition terminal management unit, the terminal management unit for collecting the secure collection terminal management; acquisition transaction management means, said acquisition transaction management means for managing the capture event; server storage unit, a server storage unit for storing data from the data collection terminal management unit and the transaction management acquisition unit; and an input output unit for the first secure unit, the second security element, said acquisition terminal management unit and the transaction management unit into the collection 通信。 Communication.

[0020] 再有,在上述基于开放式操作系统的远程数据采集方法中,所述安全采集服务器与所述应用服务器之间的通信可以是专线连接通信或基于数字证书的双向认证安全机制的通信。 [0020] Further, in the bi-directional communication connection or line authentication security mechanism based on the digital certificate based on the method of remote data acquisition open operating system, the secure communication between the server and collect the application server may be .

[0021] 另外,在上述基于开放式操作系统的远程数据采集方法中,所述安全采集服务器与所述安全采集终端之间的通信可以是通过基于对称密钥或非对称密钥的双向认证安全机制的通信。 [0021] Further, in the remote data acquisition method based open operating system, the secure communication between the server and collect the secure terminal may be collected by a symmetric key or an asymmetric key based mutual authentication security communication mechanism.

[0022] 进一步地,在上述基于开放式操作系统的远程数据采集方法中,所述安全采集服务器与所述安全采集终端之间的通信还可以是实现机密性和/或完整性保护的通信。 [0022] Further, the remote data acquisition method based on an open operating system, the secure communication between the server and the acquisition of the above-described security collection terminal may also be implemented communication confidentiality and / or integrity protection.

[0023] 还有,在上述基于开放式操作系统的远程数据采集方法中,所述应用终端可以包括:台式计算机、笔记本电脑、手机、数字电视、自动售货机、自动柜员机(ATM)、固定电话、或者平板电脑。 [0023] Further, in the method of remote data acquisition based open operating system, the application of the above terminal may comprise: desktop computers, notebook computers, mobile phones, digital TV, vending machines, automated teller machines (the ATM), fixed telephone or tablet.

[0024] 根据本发明的另一个方面,提供一种基于开放式操作系统的远程数据采集系统,该基于开放式操作系统的远程数据采集系统可以包括:安全采集终端,所述安全采集终端适用于采集待采集信息载体上的信息;应用终端,所述应用终端适用于用户输入采集请求;应用服务器,所述应用服务器适用于接收来自所述应用终端的所述采集请求;和安全采集服务器,所述安全采集服务器适用于接收来自所述应用服务器的所述采集请求,根据所述采集请求向所述采集终端发送采集指令,从所述安全采集终端接收采集的信息,和将所述采集的信息发送给所述应用服务器,其中所述应用服务器还适用于将采集完成的提示发送给所述应用终端,并处理所述采集的信息,其中所述安全采集终端与所述安全采集服务器连接,所述应用终端与所述应用服务器连接,所述 [0024] According to another aspect of the invention, there is provided a remote data acquisition system based on an open operating system, the remote data acquisition system based on an open operating system may include: security acquisition terminal, the terminal is adapted to secure collection collecting information on the information carrier to be acquired; application terminal, the application terminal is adapted to request a user input acquisition; application server, the application server adapted to receive the acquisition request from the application terminal; collection server and security, the said security information collection server adapted to receive the acquisition request from the application server, and transmits the acquired instruction to the terminal according to the acquired collection request, received from the security collecting collection terminal, the collected information and sent to the application server, wherein the application server is further adapted to prompt the application is sent to the terminal of the acquisition is complete, and processing the collected information, wherein the security collection terminal is connected with the secure collection server, the application of said connecting terminal and the application server, the 全采集服务器与所述应用服务器连接,所述安全采集终端与所述应用终端之间互不连接,并且所述安全采集服务器与所述应用终端之间互不连接,并且其中所述应用终端安装有开放式操作系统。 Full collection server connected to the application server, the secure connection between mutually acquisition terminal and the terminal application, and the connection between the security and do not collect the application server and the terminal, and wherein the terminal application installed there is an open operating system.

[0025] 进一步地,在上述基于开放式操作系统的远程数据采集系统中,所述安全采集服务器与所述安全采集终端的连接是无线通信连接。 [0025] Further, the remote data acquisition system based on an open operating system, the security server and the security acquisition connecting the collection terminal is a wireless communication connection.

[0026] 再有,在上述基于开放式操作系统的远程数据采集系统中,所述安全采集终端可以包括:采集通信单元,所述通信单元用于与所述安全采集服务器进行通信;采集安全单元,所述采集安全单元用于保护经所述采集通信单元传输的数据;采集单元,所述采集单元用于采集所述待采集信息载体上的信息;用户提示单元,所述用户提示单元用于给用户提示信息;和采集存储单元,所述采集存储单元用于存储所述采集的信息。 [0026] Further, in the remote data acquisition system based on an open operating system, the security acquisition terminal may comprise: acquiring a communication unit, the communication unit configured to communicate with the collection server security; acquisition security unit the acquisition unit for protecting the security of data via the communication unit transmits the acquisition; collecting unit, the collecting unit for collecting information on the information carrier to be collected; user prompt unit, the unit prompts the user for prompt information to the user; and an acquisition memory, the acquisition information storage unit for storing the collected. 这里,所述采集单元可以包括以下任一装置或它们的组合:磁条卡信息采集装置、条码采集装置、二维码采集装置、电子标签采集装置、身份证信息采集装置、和生物识别信息采集装置。 Here, the acquisition unit may comprise any of the following means or a combination thereof: a magnetic stripe card information collecting apparatus, bar code acquisition device, a two-dimensional code acquisition device, an electronic label collection device, identification information acquiring means, and biometric information collection device. 这里,所述生物识别信息采集装置可以包括:指纹识别装置、脸形识别装置、掌纹识别装置、手写体识别装置、手形识别装置、生物声音识别装置、视网膜识别装置、脸部热谱图识别装置、或者虹膜识别装置。 Here, the biometric information collection means may comprise: a fingerprint identification device, face recognition device, palmprint identification means, handwriting recognition means, hand shape recognition means, the speech recognition apparatus of biological, retina recognition device, facial thermogram identification means, or iris recognition apparatus.

[0027]另外,在上述基于开放式操作系统的远程数据采集系统中,所述安全采集服务器可以包括:第一通信单元,所述第一通信单元用于与所述应用服务器进行通信;第一安全单元,所述第一安全单元用于保护经所述第一通信单元传输的数据;第二通信单元,所述第二通信单元用于与所述安全采集终端进行通信;第二安全单元,所述第二安全单元用于保护经所述第二通信单元传输的数据;采集终端管理单元,所述采集终端管理单元用于对所述安全采集终端进行管理;采集事务管理单元,所述采集事务管理单元用于管理采集事件;服务器存储单元,所述服务器存储单元用于存储来自所述采集终端管理单元和所述采集事务管理单元的数据;和输入输出单元,用于与所述第一安全单元、所述第二安全单元、所述采集终端管理单元和所述采集事务管理单元进行 [0027] Further, in the remote data acquisition system based on an open operating system, the server may secure collection comprising: a first communication unit, the first communication unit for communicating with the application server; first safety means, the first security unit for protecting data via said first communication unit; and a second communication unit, the second unit for communication with the communication security collection terminal; a second security element, the second security element for protecting data communication via said second transmission unit; acquisition terminal management unit, the terminal management unit for collecting the secure collection terminal management; acquisition transaction management means, said acquisition transaction management means for managing the capture event; server storage unit, a server storage unit for storing data from the data collection terminal management unit and the transaction management acquisition unit; and an input output unit for the first secure unit, the second security element, said acquisition terminal management unit and the transaction management acquisition unit 通信。 Communication.

[0028] 再有,在上述基于开放式操作系统的远程数据采集系统中,所述安全采集服务器与所述应用服务器之间的连接是专线连接,或是基于数字证书的双向认证安全机制的连接。 [0028] Further, in the remote data acquisition system based on an open operating system, the secure connection between the collection server and the application server is a dedicated connection, or a connection based on two-way digital certificate authentication security mechanism of .

[0029]另外,在上述基于开放式操作系统的远程数据采集系统中,所述安全采集服务器与所述安全采集终端之间的连接可以是通过基于对称密钥或非对称密钥的双向认证安全机制的连接。 [0029] Further, the remote data acquisition system based on an open operating system, the secure connection between the collection server and the terminal may be acquired through the security mutual authentication based on symmetric key or an asymmetric key secure the connection mechanism.

[0030] 进一步地,在上述基于开放式操作系统的远程数据采集系统中,所述安全采集服务器与所述安全采集终端之间的连接还可以是实现机密性和/或完整性保护的连接。 [0030] Further, the remote data acquisition system based on an open operating system, the security of the connection between the collection and the security server may also be implemented collection terminal connected to confidentiality and / or integrity protection.

[0031] 还有,在上述基于开放式操作系统的远程数据采集系统中,所述应用终端可以包括:台式计算机、笔记本电脑、手机、数字电视、自动售货机、自动柜员机、固定电话、或者平板电脑。 [0031] Further, in the remote data acquisition system based on an open operating system, the application of the above terminal may comprise: desktop computers, notebook computers, mobile phones, digital TV, vending machines, automatic teller machines, fixed telephone, or a tablet computer.

[0032] 通过采用本发明的基于开放式操作系统的远程数据采集方法,可避免采集数据泄密或被篡改。 [0032] The remote data collection method through the use of open operating system based on the present invention, data can be collected to avoid leaks or tampered.

[0033] 另外,通过采用本发明的基于开放式操作系统的远程数据采集方法,可避免钓鱼网站对采集数据的获取。 [0033] Further, by using a remote data collection method based on an open operating system of the present invention can prevent access to phishing sites acquired data.

[0034] 再有,通过采用本发明的基于开放式操作系统的远程数据采集方法,节约了开发本,并且免去了用户安装驱动程序的麻烦。 [0034] Further, by using a remote data collection method based on an open operating system of the present invention, the present development saving, and eliminates the trouble of installing the drivers.

[0035] 还有,通过采用本发明的基于开放式操作系统的远程数据采集方法,解决了采集终端与应用终端的硬件接口必须适配才能采集的限制。 [0035] Further, by employing the present invention, the remote data collection method based on an open operating system, the hardware solution collection terminals and application interface of the terminal to be adapted in order to limit the collection.

[0036] 对本领域的技术人员来说很显然的是,在上述内容的基础上可对它们做各种修改、变换或任意组合。 [0036] to those skilled in the art that it is clear that, on the basis of the above various modifications may be made thereof, transformation or any combination thereof.

[0037] 根据下面附图和详细描述,本发明的基于开放式操作系统的远程数据采集方法以及相应的其他特征和优点对于本领域技术人员来说将变得显而易见。 [0037] The accompanying drawings and the following detailed description, the present invention is based on the method of remote data acquisition open operating systems and corresponding other features and advantages of ordinary skill in the art will become apparent. 本申请意在使所有这些和其他方法、系统、特征和优点都包含在该描述中。 This application is intended that all of these and other methods, systems, features and advantages be included within this description. 应当理解,本文前面的一般性描述和下面的详细描述都是示例性的和解释性的,意在提供如对所要求保护的技术方案的进一步的理解,但没有任何东西应被视为是对所要求保护的技术方案的限制。 It should be understood that both the foregoing general description herein and the following detailed description are exemplary and explanatory and are intended to provide technical solutions as claimed further appreciated, but nothing to be considered to limit the claimed technical solution.

附图说明 BRIEF DESCRIPTION

[0038] 以下,为更好地理解本发明,将结合附图详细描述本发明的各示例性的具体实施方式。 [0038] Hereinafter, for a better understanding of the present invention, each of the exemplary embodiments of the present invention are described in detail in conjunction with the accompanying drawings.

[0039] 图1是一种已有的基于开放式操作系统的远程数据采集系统的结构示意图; [0039] FIG. 1 is a schematic structural diagram of a remote data acquisition system based on an open operating system, a conventional;

[0040]图2是图1所示基于开放式操作系统的远程数据采集系统进行的数据采集方法的流程图; [0040] FIG 2 is a flowchart of the data acquisition method shown in FIG. 1 is a remote data acquisition system based on an open operating system;

[0041] 图3是根据本发明一个示例性具体实施方式的一种基于开放式操作系统的远程数据采集系统实例的整体结构示意图; [0041] FIG. 3 is a diagram showing an overall configuration example of remote data acquisition system based on an open operating system according to one embodiment of the exemplary embodiment of the present invention;

[0042]图4是图3所示基于开放式操作系统的远程数据采集系统实例进行的数据采集方法的示例流程图; [0042] FIG. 4 is an exemplary data acquisition method shown in Figure 3 is performed based remote data acquisition system of the example of open operating system flowchart;

[0043]图5是图3所示基于开放式操作系统的远程数据采集系统实例中安全采集终端的结构不意图;和 [0043] FIG 5 is a configuration example in FIG. 3 based on the security acquisition terminal open operating system for remote data acquisition system is not intended shown; and

[0044] 图6是图3所示基于开放式操作系统的远程数据采集系统实例中安全采集服务器的结构示意图。 [0044] FIG. 6 is a schematic view of FIG. 3 remote data acquisition system based on an open operating system instance acquired security server.

具体实施方式 Detailed ways

[0045] 现在将参照本文的各实施方式进行详细描述,附图中图解了其实例。 [0045] Reference will now be herein described in detail the embodiments, examples of which are illustrated in the accompanying drawings. 为了将其思想传达给本领域普通技术人员,提供此后引入的这些实施方式作为实例。 In order to convey the thought of ordinary skill in the art, these embodiments are provided as examples hereafter introduced. 因此,这些实施方式可以以不同的形式实施,从而并不限于这里所述的这些实施方式。 Thus, these embodiments may be embodied in different forms and is therefore not limited to the embodiments described herein. 而且,在任何可能的地方,在整个说明书和附图中将使用相同的附图标记表示相同或相似的部件。 Further, any possible, the same reference numerals designate the same or similar parts throughout the specification and drawings.

[0046] 图3是根据本发明一个示例性具体实施方式的一种基于开放式操作系统的远程数据采集系统实例的整体结构示意图,如图3所示,该基于开放式操作系统的远程数据采集系统包括安全采集终端301、应用终端302、应用服务器(APP >303和安全采集服务器304,其中安全采集终端301与安全采集服务器304连接,应用终端302与应用服务器303连接,安全采集服务器304与应用服务器303连接,安全采集终端301与应用终端302之间互不连接,并且安全采集服务器304与应用终端302之间互不连接。 [0046] FIG 3 is in accordance with one embodiment of the exemplary embodiment of the present invention, a schematic view of an overall configuration example of a remote data acquisition system based on an open operating system, shown in Figure 3, the remote data acquisition based on the open operating system the system includes a safety collection terminal 301, the application terminal 302, the application server (APP> 303 and secure capture server 304, wherein the security acquisition terminal 301 is connected to the security acquisition server 304, the application terminal 302 is connected to the application server 303, server 304 and application security acquisition server 303 is connected, not connected to each collecting security between the terminal 301 and the application terminal 302, and the security and application acquisition server 304 is connected between the terminal 302 mutually.

[0047]图5是图3所示基于开放式操作系统的远程数据采集系统实例中安全采集终端实例的结构示意图。 [0047] FIG. 5 is a schematic structural diagram shown in Figure 3 based on an open operating system for remote data acquisition system instance safety collection terminal instance. 如图5所示,安全采集终端实例中,安全采集终端301包括:采集通信单元3011,用于与安全采集服务器304进行通信;采集安全单元3012,用于保护经采集通信单元3011传输的数据;采集单元3014,用于采集待采集信息载体上的信息;用户提示单元3015,用于给用户提示信息;和采集存储单元3013,用于存储采集的信息。 5, the example security collection terminal, the security acquisition terminal 301 comprising: collecting communication unit 3011 for communicating with a security acquisition server 304; 3012 acquisition security unit for protecting data communication via the acquisition unit 3011 of the transmission; acquisition unit 3014 for acquiring information on the information carrier to be acquired; user presentation unit 3015, prompts the user for information; and an acquisition memory 3013 for storing information collected. 采集安全单元3012实现与安全采集服务器的安全机制,可选的是,可以基于对称密钥或非对称密钥,以增强数据通信的安全性。 Safety acquisition unit 3012 and the security mechanisms implemented collected security server, optionally, may be based on symmetric key or asymmetric key, in order to enhance the security of data communication. 用户提示单元3015可以给用户必要的提示,例如当前业务信息、提示用户刷卡、输指纹、和/或完成等。 Unit 3015 may prompt the user to prompt the user necessary, such as the current traffic information, the user is prompted credit card, a fingerprint input, and / or completed. 采集单元3014可以实现相关信息的采集,依据被采集信息而有所不同,采集单元3014可以是以下任一装置或它们的组合:磁条卡信息采集装置、条码采集装置、二维码采集装置、电子标签采集装置、身份证信息采集装置、和生物识别信息采集装置。 Acquisition unit 3014 may be implemented to collect relevant information, based on the collected information is different, the acquisition unit 3014 may be any of the following means or a combination thereof: a magnetic stripe card information collecting apparatus, means, bar code capture two-dimensional code acquisition means, tag collection device, identification information acquiring means, and biometric information collection means. 例如,采集单元3014可以包括磁条卡读头、IC卡读头、指纹采集头、虹膜采集头、和/或口令键盘。 For example, the acquisition unit 3014 may include a magnetic stripe card reading head, IC cards read head, the first fingerprint, iris acquisition head, and / or a keyboard password.

[0048] 这里,磁条卡信息采集装置、条码采集装置、二维码采集装置、电子标签采集装置、和身份证信息采集装置采集到的这些数据可作为身份标识使用,也可作为信息查询的依据,从而保证了系统应用操作的安全性和准确性。 [0048] Here, the magnetic stripe card information collecting apparatus, bar code acquisition device, a two-dimensional code acquisition device, an electronic tag collecting apparatus, and identification information acquisition device may identify the data to be used as identity information may be queried as basis, thus ensuring the security and accuracy of the application operating system. 例如,磁条卡中的数据可作为用户银行卡的身份标识,而条形码中的数据可作为查询该物品的依据。 For example, magnetic stripe card data as a user's bank card identity identification, bar code and data queries can be used as the basis of the article.

[0049] 上述生物识别信息采集装置可以包括:指纹识别装置、面部信息识别装置、生物声音识别装置、或者虹膜识别装置,由此采集到的这些生物识别数据可用于原始信息录入,也可用于用户身份认证。 [0049] The biometric information collection means may comprise: a fingerprint identification device, face recognition device information, biological voice recognition device, or the iris identification means, whereby these collected data may be used for the original biometric information input, the user can also be used Authentication.

[0050] 安全采集终端301的采集方式可以例如是键盘手工输入(如键盘、触摸屏或手写笔)、光电扫描输入、射频输入、和/或音频输入等方式。 Acquisition mode [0050] Security collection terminal 301 such as a keyboard may be entered manually (e.g., a keyboard, a touch screen or stylus), a photoelectric scanning input, RF input, and / or an audio input or the like.

[0051] 应用终端302可以是台式计算机(例如,PC机)、笔记本电脑、手机、数字电视、自动售货机、自动柜员机、固定电话、或者平板电脑等计算设备,其中安装了开放式操作系统如Windows、Linux、1S或者Android等,但并不限于此,还可以是本领域技术人员能够想到的其他安装了开放式操作系统的应用终端。 [0051] Application of terminal 302 may be a desktop computer (e.g., PC machine), notebook computers, mobile phones, digital TV, vending machines, automatic teller machines, fixed telephone, tablet computer, or computing device, wherein the mounting of open operating systems such as Windows, Linux, 1S Android or the like, but is not limited thereto, may also occur to those skilled in the open end of the other applications of the operating system installed.

[0052] 应用服务器(APP) 303可以是网银服务器、支付服务器、或身份验证服务器等业务应用服务器,依据不同的业务而有所不同。 [0052] Application Server (APP) 303 may be a server online banking, payment server, authentication server, or other business application server, based on different business vary. 当然,还可以是本领域技术人员能够想到的其他可能的服务器,本领域的技术人员在阅读和理解本发明后,可对其做各种修改和变换。 Of course, also other possible server occur to those skilled in the art, one skilled in the art upon reading and understanding the present invention, various modifications and variations thereof.

[0053] 安全采集服务器304例如可以是图6所示的安全采集服务器。 [0053] Security collection server 304 may be, for example, the security acquisition server 6 shown in FIG. 图6是图3所示基于开放式操作系统的远程数据采集系统实例中安全采集服务器的结构示意图。 FIG 6 is a schematic view shown in FIG. 3 remote data acquisition system based on an open operating system instance acquired security server. 如图6所示,安全采集服务器304包括:第一通信单元3041,用于与应用服务器303进行通信;第一安全单元3043,用于保护经第一通信单元3041传输的数据;第二通信单元3042,用于与安全采集终端301进行通信;第二安全单元3044,用于保护经第二通信单元3042传输的数据;采集终端管理单元3045,用于对安全采集终端301进行管理,例如管理终端ID、是否在线、当前状态等;采集事务管理单元3046,用于管理采集事件,例如包括接收来自应用服务器303的采集请求、发送采集指令、接收采集结果、向应用服务器303发送采集结果等;服务器存储单元3049,用于存储来自采集终端管理单元3045和所述采集事务管理单元3046的数据;和输入输出单元304A,用于与第一安全单元3043、第二安全单元3044、采集终端管理单元3045和采集事务管理单元3046进行通信。 6, security acquisition server 304 comprises: a first communication unit 3041 for communicating with the application server 303; a first security element 3043, via the first data communication unit for protecting the transmission 3041; a second communication unit 3042, for the collection and secure communications terminal 301; second security element 3044, 3042 used for data transmission via the second communication unit protection; collection terminal management unit 3045, configured to collect security management terminal 301, for example, the management terminal ID, whether online, current status; acquisition transaction management unit 3046 for managing the capture event, for example, comprise receiving the acquisition request from the application server 303 transmits the acquisition instruction, the reception results collected, collection 303 sends the results to the application server or the like; server a storage unit 3049 for storing data from the data collection terminal management unit and the transaction management unit 3045 of the acquired 3046; and input-output unit 304A, and a first security element 3043, a second security element 3044, acquisition terminal management unit 3045 acquisition and transaction management means 3046 in communication. 当然,安全采集服务器304还可以是本领域技术人员能够想到的其他可能的服务器,本领域的技术人员在阅读和理解本发明后,可对其做各种修改和变换。 Of course, security acquisition server 304 may also be other servers may occur to those skilled in the art, one skilled in the art upon reading and understanding the present invention, various modifications and variations thereof.

[0054] 应用终端302可以通过互联网对应用服务器303进行访问。 [0054] Applications can access terminal 302 to the application server 303 via the Internet. 当然,应用终端302还可以通过其他方式对应用服务器303进行访问,例如通过专用通信线路进行访问,还可以是本领域技术人员能够想到的其他访问方式,本领域的技术人员在阅读和理解本发明后,可对其做各种修改和变换。 Of course, the application terminal 302 may also be other ways to the application server 303 to access, for example, accessible via a dedicated communication line, and may be other access methods skilled in the art can be occur to one skilled in the art upon reading and understanding the present invention after, you can do all kinds of changes and transformations. 而安全采集服务器304可以通过有线或者无线通信网络与应用服务器303连接。 And safe acquisition server 304 may be connected via wired or wireless communication network and application server 303. 可选的是,安全采集服务器304与安全采集终端301之间的连接可以例如是无线通信连接,由此,使得安全采集终端的使用灵活性大大提高,使用空间范围扩大。 Alternatively, the secure connection between the collection server 304 and security acquisition terminal 301 may be a wireless communication link, whereby the flexibility of use such that the safety is greatly improved collection terminal, using the spatial scope. 可选的是,安全采集服务器304与安全采集终端301之间的通信可以例如是通过基于对称密钥或非对称密钥的双向认证安全机制的通信。 Alternatively, the communication between the security server 304 and security collection collection terminal 301 may, for example, by the communication symmetric key or symmetric key based on mutual authentication security mechanism. 进一步可选的是,安全采集服务器304与安全采集终端301之间的通信还可以是实现机密性和/或完整性保护的通信。 Further alternatively, the communication between the security server 304 and security collection collection terminal 301 may also be implemented confidentiality and / or integrity protection communications.

[0055]图4是图3所示基于开放式操作系统的远程数据采集系统实例进行的数据采集方法的示例流程图。 [0055] FIG. 4 is an exemplary data acquisition method shown in Figure 3 is performed based remote data acquisition system example of an open operating system. FIG. 如图4所示,该数据采集方法包括: 4, the data acquisition method comprises:

[0056] 在步骤S401,应用终端302发送采集请求到应用服务器303 ; [0056] In step S401, the terminal 302 transmits the application acquisition request to the application server 303;

[0057] 在步骤S402,应用服务器303将采集请求发送给安全采集服务器304 ; [0057] In step S402, the application server 303 will collect request sent to the security server 304 acquired;

[0058] 在步骤S403,安全采集服务器304将采集指令发给安全采集终端301 ; [0058] In step S403, the security server 304 will collect collection instruction to collect security terminal 301;

[0059] 在步骤S404,安全采集终端301根据采集指令的要求采集待采集信息载体上的信息; [0059] In step S404, the security information collection terminal 301 collected on the information carrier to be acquired in accordance with the requirements of the acquiring instruction;

[0060] 在步骤S405,安全采集终端301将采集的信息返回给安全采集服务器304 ; Information [0060] In step S405, the safe collection of the collected terminal 301 returns to the secure collection server 304;

[0061] 在步骤S406,安全采集服务器304将采集的信息发送到应用服务器303 ;和 [0061] In step S406, the security acquisition server 304 transmits the collected information to the application server 303; and

[0062] 在步骤S407,应用服务器303向应用终端302发送采集完成的提示。 [0062] In step S407, the application server 303 transmits the application to the terminal 302 to complete the collection of tips.

[0063] 以下通过几个实例来进行示例性说明。 [0063] The following be illustrated by a few illustrative examples.

[0064] —个例子是刷卡系统,其中以安装有1S或者Android操作系统的手机作为应用终端,以读卡器作为安全采集终端,以支付服务器作为应用服务器,以图6所示的服务器作为安全采集服务器,手机与支付服务器相互连接,支付服务器与安全采集服务器相互连接,安全采集服务器与读卡器相互连接,手机与读卡器之间互不连接,并且安全采集服务器与手机互不连接。 [0064] - an example is the credit card system, which is mounted 1S Android operating system or application as a mobile terminal, the card reader to a safety collection terminal, to the payment server as an application server, to the server shown in FIG. 6 as a safety acquisition server, mobile and payment server interconnected, secure payment server and collection server connected to each other, secure acquisition server interconnected with the reader, and do not connect between the phone and the card reader, and safe acquisition server and the phone is not connected to each other. 如前所述,这些连接方式可以是本领域技术人员能够想到的各种方式,本领域的技术人员在阅读和理解本发明后,可对其做各种修改和变换,这里不再赘述。 As described above, these connections may be various ways to those skilled occur to one skilled in the art upon reading and understanding the present invention, various modifications and variations thereof will not be repeated here.

[0065] 该例子中的读卡器可以包括前述安全采集终端所包括的各单元,本领域的技术人员在阅读和理解本发明后,可对其做相应的修改和变换,这里不再赘述。 [0065] This example may include a card reader in the security acquisition terminal units included, those skilled in the art upon reading and understanding the present invention, can be modified accordingly and its transformation, is not repeated here.

[0066] 这种系统的一种刷卡数据处理和采集操作的步骤为: [0066] One such system is the credit card data processing and acquisition operations the steps of:

[0067] 用户通过手机发送采集磁条卡信息和用户秘密数据的请求到支付服务器; [0067] user sends a request to capture the magnetic stripe card information and user secret data to the payment server through a mobile phone;

[0068] 支付服务器将采集磁条卡信息和用户秘密数据的请求发送给安全采集服务器; [0068] The payment server requests will be collected magnetic stripe card information and user secret data to the collection server security;

[0069] 安全采集服务器将采集磁条卡信息和用户秘密数据的指令发给读卡器; [0069] Security collection server instruction will be collected magnetic stripe card information and user secret data sent to the card reader;

[0070] 读卡器根据采集磁条卡信息和用户秘密数据的指令,提示用户可刷卡并输入用户秘密数据,用户在读卡器上刷卡并输入用户秘密数据,以使读卡器收到磁条卡信息和用户秘密数据; [0070] The magnetic stripe card reader according to an instruction acquired information and user secret data, the user may be prompted to enter a user card and secret data, the user card and the user input the secret data on the card reader, so that the received magnetic stripe reader card information and user secret data;

[0071] 读卡器将收到的磁条卡信息和用户秘密数据发送给安全采集服务器; [0071] The magnetic stripe card reader and the user information received secret data sent to the security collection server;

[0072] 安全采集服务器将上述磁条卡信息和用户秘密数据发送到支付服务器;和 [0072] Security collection server transmits the user information and magnetic stripe cards to a payment server secret data; and

[0073] 支付服务器处理磁条卡信息和用户秘密数据,并向手机发送磁条卡信息和用户秘密数据采集完成的提示。 [0073] magnetic stripe card payment processing server information and user secret data and sends phone card magnetic stripe information and user secret data collection completed prompt.

[0074] 这里,用户秘密数据可以例如是口令或者手写签名,但并不限于此,本领域的技术人员在阅读和理解本发明后,可对其做各种修改和变换。 [0074] Here, user data may, for example, a secret password or a handwritten signature, but are not limited to, those skilled in the art upon reading and understanding the present invention, various modifications and variations thereof.

[0075] 与用户在和手机相连的读卡器上刷卡并在手机上输入用户秘密数据的现有技术相比,采用本发明后,由于磁条卡信息和用户秘密数据是通过安全采集服务器发送到应用服务器的,所以即使手机的操作系统内被安装了恶意程序,攻击者无论是在应用终端,还是在服务器侧,都无法获得磁条卡信息和用户秘密数据,从而使得用户的磁条卡信息及用户秘密数据被盗的风险大大降低,可显著提高系统的安全性。 [0075] Compared with the prior art user input card and user secret data on the phone and the card reader connected to the phone, the present invention, since the magnetic stripe card information and user secret data is sent through a secure collection server to the application server, so even if the phone's operating system is installed the malware, the attacker either in the application terminal, or on the server side, are unable to obtain magnetic stripe card information and user secret data, so that the user's magnetic stripe cards risk information and user secret data stolen is greatly reduced, can significantly improve the security of the system. 而且,操作简单,适用性强。 Moreover, simple operation and strong applicability.

[0076] 另一个例子是远程指纹识别系统,其中以安装有Windows操作系统的台式PC机作为应用终端,以指纹识别仪作为安全采集终端,所需用来采集的信息是指纹信息,以身份验证服务器的作为应用服务器,以图6所示的服务器作为安全采集服务器,台式PC机与身份验证服务器相互连接,身份验证服务器与安全采集服务器相互连接,安全采集服务器与指纹识别仪相互连接,台式PC机与指纹识别仪之间互不连接,并且安全采集服务器与台式PC机互不连接。 [0076] Another example is a remote fingerprint identification system, wherein the desktop PC with Windows operating system as an application terminal for fingerprint recognition as a safety collection terminal, is used to collect information required fingerprint information to authenticate server as the application server to the server shown in FIG. 6 as a safety collection server, a desktop PC and an authentication server connected to each other, the authentication server and the security server connected to each acquisition, acquisition server and the security device connected to each fingerprint, a desktop PC not connected to each unit and between the fingerprint identification device, and the security server and the desktop PC acquisition mutually connected. 如前所述,这些连接方式可以是本领域技术人员能够想到的各种方式,本领域的技术人员在阅读和理解本发明后,可对其做各种修改和变换,这里不再赘述。 As described above, these connections may be various ways to those skilled occur to one skilled in the art upon reading and understanding the present invention, various modifications and variations thereof will not be repeated here.

[0077] 该例子中的指纹识别仪可以包括前述安全采集终端所包括的各单元,本领域的技术人员在阅读和理解本发明后,可对其做相应的修改和变换,这里不再赘述。 [0077] This example fingerprint identification device may include the security acquisition terminal units included, those skilled in the art upon reading and understanding the present invention, can be modified accordingly and its transformation, is not repeated here.

[0078] 这种系统的一种指纹采集的步骤为: [0078] Step A fingerprint acquisition system such as:

[0079] 用户通过台式PC机发送采集指纹信息的请求到身份验证服务器; [0079] The user sends a request for acquisition of the fingerprint information to the authentication server via desktop PC;

[0080] 身份验证服务器将采集指纹信息的请求发送给安全采集服务器; [0080] The authentication server sends a request to collect fingerprint information acquisition server to the security;

[0081] 安全采集服务器将采集指纹信息的指令发给指纹识别仪; [0081] The security server acquired fingerprint information acquisition command issued to the fingerprint identification device;

[0082] 指纹识别仪根据采集指纹信息的指令从用户获取指纹信息; [0082] The fingerprint identification device acquires fingerprint information according to an instruction from the user fingerprint information;

[0083] 指纹识别仪将获取的指纹信息发送给安全采集服务器; [0083] The fingerprint identification device transmits the acquired security information to the fingerprint collection server;

[0084] 安全采集服务器将上述指纹信息发送到身份验证服务器;和 [0084] Security collection server transmits the fingerprint information to the authentication server; and

[0085] 身份验证服务器向台式PC机发送指纹信息采集完成的提示。 [0085] The authentication server sends fingerprint information collection prompted to complete the desktop PC.

[0086] 这里,从用户获取指纹信息的方式可以是利用按压传感器获取的方式、利用滑动式传感器获取的方式等,但并不限于此,本领域的技术人员在阅读和理解本发明后,可对其做各种修改和变换。 [0086] Here, the acquiring the fingerprint information from the user mode can be acquired by using a sensor pressing manner by way of acquisition of slide sensor, but are not limited to, those skilled in the art upon reading and understanding the present invention, its various modifications and transformations.

[0087] 由于生物特征具有生物所固有的不可复制的唯一性,这一生物密钥无法复制或者被遗忘,所以,用生物识别技术进行例如身份认定,就很安全、可靠、准确。 [0087] Since the biometric inherent biological uniqueness can not be copied, this key can not be copied or biological forgotten, so that, for example, determined using biometrics identification, it is safe, reliable, and accurate. 但是,如果在传输过程中被截取,则会出现安全风险,且原用户的生物特征将不再可用。 However, if intercepted during transmission, it will be a security risk, and the original biometric user will no longer be available. 不仅影响到当前系统,而且任何使用相同生物特征的系统均会受到威胁。 Not only affects the current system, and any system that uses the same biological characteristics will be threatened. 正是由于这一点,生物识别技术通常只能在网络可信的环境中使用,无法在开放的互联网上使用,应用范围大打折扣。 Because of this, biometrics usually can use a trusted network environment, can not be used on the open Internet, greatly reduced the scope of application. 那么,与指纹识别仪和台式PC机相连的现有技术指纹识别系统、或者无法在开放的互联网上使用的现有技术指纹识别系统相比,采用本发明后,由于指纹信息是通过安全采集服务器发送到应用服务器的,所以即使台式PC机的操作系统内被安装了恶意程序,攻击者无论是在应用终端,还是在服务器侧,都无法获得指纹信息,从而使得用户的指纹信息被盗的风险大大降低,指纹识别技术可以用于开放式的操作系统环境中,例如用于开放的互联网上,扩大了应用范围,同时可显著提高系统的安全性。 So, the prior art fingerprint identification system and fingerprint recognition and connected desktop PC, or the prior art fingerprint identification system can not be used on the open Internet, compared, using the present invention, since the fingerprint information acquired by the Security Server to the application server, so even in the desktop PC operating system is installed malware, attackers both in the application terminal, or on the server side, are unable to obtain fingerprint information, so that the risk of the user's fingerprint information stolen greatly reduced, fingerprint recognition technology may be used to open the operating system environment, for example on the open Internet, to expand the range of applications, while significantly improving the security of the system.

[0088] 而且,通过采用本发明,指纹识别仪可远程设置。 [0088] Moreover, by using the present invention, the fingerprint identification device remotely disposed.

[0089] 另外,如前所述,操作简单,适用性强。 [0089] Further, as described above, simple operation, good applicability.

[0090] 当然,这种系统还可变换为其他生物识别系统,例如脸形、虹膜、视网膜、掌纹、声音、手写体、手形和脸部热谱图的识别系统,可获得类似的效果,本领域的技术人员在阅读和理解本发明后,可做各种修改和变换,这里不再赘述。 [0090] Of course, such a system may also be converted into other biometric systems such as face, iris, retina, palm prints, voice, handwriting, hand and face thermogram recognition system, a similar effect can be obtained, the present art the art upon reading and understanding the present invention, that various modifications and alterations will not be repeated here.

[0091] 类似的例子还包括使用射频识别RFID (Rad1 Frequency Identif icat1n,又称电子标签)之类非接触式自动识别技术的数据采集系统。 [0091] Similar examples include the use of a radio frequency identification RFID (Rad1 Frequency Identif icat1n, also known as an electronic tag) or the like non-contact automatic identification technology, data acquisition system. 例如,利用内置了RFID芯片的第二代身份证或者门票的远程数据采集系统,使用了RFID技术的高速公路ETC (电子不停车收费)系统等。 For example, a RFID chip with built-in second generation identity card or ticket remote data acquisition system, RFID technology uses the ETC highway (Electronic Toll Collection) system.

[0092] 以身份信息远程采集系统为例,在该系统中,以安装有Windows操作系统的台式PC机作为应用终端,以RFID识别器作为安全采集终端,以身份验证服务器的作为应用服务器,以图6所示的服务器作为安全采集服务器,台式PC机与身份验证服务器相互连接,身份验证服务器与安全采集服务器相互连接,安全采集服务器与RFID识别器相互连接,台式PC机与RFID识别器之间互不连接,并且安全采集服务器与台式PC机互不连接。 [0092] In the remote identification information acquisition system, for example, in the system, with Windows operating system to a desktop PC as a terminal application, the RFID identifier as a safety collection terminal, an application server to the authentication server to server shown in FIG. 6 as a safety collection server, a desktop PC and an authentication server connected to each other, the authentication server and the security server connected to each collection, security, and RFID identification acquisition server connected to each other, between the desktop PC and the RFID identifier and do not connect, and secure acquisition server and desktop PC is not connected to each other. 如前所述,这些连接方式可以是本领域技术人员能够想到的各种方式,本领域的技术人员在阅读和理解本发明后,可对其做各种修改和变换,这里不再赘述。 As described above, these connections may be various ways to those skilled occur to one skilled in the art upon reading and understanding the present invention, various modifications and variations thereof will not be repeated here.

[0093] 该例子中的RFID识别器可以包括前述安全采集终端所包括的各单元,本领域的技术人员在阅读和理解本发明后,可对其做相应的修改和变换,这里不再赘述。 [0093] This example may comprise an RFID identifying the security acquisition terminal units included, those skilled in the art upon reading and understanding the present invention, can be modified accordingly and its transformation, is not repeated here.

[0094] 这种系统的一种身份信息采集的步骤为: [0094] Step a status information collection system such as:

[0095] 用户通过台式PC机发送采集身份信息的请求到身份验证服务器; [0095] The user sends the identity information collection request to the authentication server via desktop PC;

[0096] 身份验证服务器将采集身份信息的请求发送给安全采集服务器; [0096] The authentication server transmits the collected information to the identity of the requesting secure collection server;

[0097] 安全采集服务器将采集身份信息的指令发给RFID识别器; [0097] The collection server security identity information acquiring instruction sent RFID identifier;

[0098] RFID识别器根据采集身份信息的指令从内置RFID芯片的身份证获取身份信息; [0098] RFID acquires identification information from the identification card RFID chip built according to the instruction acquired identity information;

[0099] RFID识别器将获取的身份信息发送给安全采集服务器; [0099] RFID identifier transmitting the acquired information to the identity security collection server;

[0100] 安全采集服务器将上述身份信息发送到身份验证服务器;和 [0100] Security collection server transmits the identification information to the authentication server; and

[0101] 身份验证服务器向台式PC机发送身份信息采集完成的提示。 [0101] The authentication server sends the identity information gathering tips to complete desktop PC.

[0102] 与RFID识别器和台式PC机相连的现有技术身份信息采集系统相比,采用本发明后,由于身份信息是通过安全采集服务器发送到应用服务器的,所以即使台式PC机的操作系统内被安装了恶意程序,攻击者无论是在应用终端,还是在服务器侧,都无法获得或者篡改采集到的用户身份信息,从而使得用户的身份信息被盗或者毁坏的风险大大降低,可显著提高系统的安全性。 [0102] compared to the present invention, since the identity information is sent to the application server through a secure collection server, so prior art operating system identity information acquisition system and RFID identification and even desktop PC connected to the desktop PC within the installed malicious program, the attacker either in the application terminal, or on the server side, are unable to obtain or tamper with the collected user identity information, so that the user's identity information is stolen or greatly reduce the risk of destruction, can significantly improve security of the system.

[0103] 而且,通过采用本发明,RFID识别器可远程设置。 [0103] Moreover, by using the present invention, the RFID identifier can be set remotely.

[0104] 另外,如前所述,操作简单,适用性强。 [0104] Further, as described above, simple operation, good applicability.

[0105]由此可见,在本发明中,采集终端不与安装了开放式操作系统的应用终端相连,采集的信息通过安全采集服务器发送到应用服务器,根本不经过应用终端,从而即使安装了开放式操作系统的应用终端被安装了恶意程序,采集的信息也无法被窃取或篡改。 [0105] Thus, in the present invention, the collecting terminals are not connected to the terminal application is installed open operating system, the information collected to the application server via a secure collection server, the application does not go through the terminal, so that even if the installation of the open operating system application terminals are installed malicious programs, information collected can not be stolen or tampered with.

[0106]另外,在本发明中,采集终端只与安全采集服务器相连,不与应用终端发生任何关系,从而提供采集终端的设备厂商也无需为不同的操作系统、不同版本开发驱动程序,开发成本大大降低(以某公司的聊天应用客户端为例,由于诸如手机之类的用户移动终端有上百种品牌,而各品牌的型号有的达数十种,所以,该聊天应用客户端目前为不同用户移动终端维护了上千个版本,若驱动程序也要开发如此多版本,无疑要支付巨大的开发成本。若驱动程序的版本数量不够多,则该应用就会大大受限)。 [0106] Further, in the present invention, a collection terminal is connected to only secure collection server, it does not have any relationship with the application terminal, thereby providing equipment vendors collection terminal is no need for different operating systems, different versions of driver development, development costs greatly reduced (to a company's client chat application, for example, as a user, such as a mobile phone terminal like there are hundreds of brands and models of each brand and some of dozens, so the chat client application is currently different mobile terminal users to maintain thousands of versions, if the driver you have to develop so many versions, we have to pay huge development costs. If the version number of the driver are not enough, then the application will be greatly restricted). 进一步,也免去了用户安装驱动程序的操作,故用户的操作复杂度大大降低,极大方便了用户使用,用户体验好。 Further, the operation also eliminates the user to install the driver, so the complexity of the user's operation is greatly reduced, greatly facilitates the user, the user experience is good.

[0107] 还有,在本发明中,由于不存在采集终端与应用终端相连的问题,因而也就不存在硬件接口兼容性的问题,也就是说用户可以在任何终端上使用。 [0107] In the present invention, since the problems connected with the application terminal acquisition terminal does not exist, and thus there is no hardware interface compatibility problems, meaning that the user can use any terminal. 故本发明的适用性非常强,可适用于各种形式的业务终端,如手机、PC、笔记本、平板电脑、数字电视、自动售货机、自动柜员机等,甚至普通电话都可以进行刷卡操作。 Therefore, the applicability of the present invention is very strong, and is applicable to all forms of service terminal, such as a mobile phone, PC, laptop, tablet computer, a digital TV, vending machines, automatic teller machines and the like, can be carried out even ordinary telephone credit card operation.

[0108] 进一步地,在本发明中,安全采集服务器与应用服务器间可以采用专线或基于数字证书的双向认证安全机制,保证只有真正的应用服务器才能向安全采集服务器发送请求。 [0108] Further, in the present invention, the security server between the acquisition and application server can use a dedicated line or a two-way authentication security mechanism based on digital certificates to ensure that only genuine application server can send a request to the Security collection server. 这样,即使用户被钓鱼,如安装了一个虚假APP,访问了一个钓鱼应用服务器,但该服务器并不能向安全采集服务器发送有效请求,从而无法获得采集信息。 Thus, even if the user is fishing, such as the installation of a false APP, I visited a fishing application server, but the server can not send a valid request to the Security collection server, in order to collect information not available. 另一种可能是钓鱼应用服务器作为中间人,收到用户的请求后,将其发送给真正的应用服务器,从而可以触发有效请求,在这种情况下,采集数据返回后,将被保存在真正的应用服务器,而钓鱼应用服务器无法得到任何数据。 Another possibility is the application server as an intermediary for fishing, after receiving the user's request, send it to a real application server, which may trigger a valid request, in this case, the data returned after collection, to be stored in the real application servers, application servers and fishing can not get any data.

[0109] 前面结合本发明的典型实施方式和实例详细描述了本发明,但本领域的技术人员可以理解,这些典型实施方式和实例并不应作为对本发明的保护范围的限制,那些对本领域的技术人员来说很明显的修改、变换和替换都应落在本发明的保护范围内。 [0109] foregoing exemplary embodiments and examples in conjunction with the present invention is described in detail the present invention, those skilled in the art will appreciate, these exemplary embodiments and examples should not be construed as limiting the scope of the present invention, those skilled in the it is obvious to the skilled person modifications, permutations and alterations shall fall within the scope of the present invention.

Claims (10)

1.一种基于开放式操作系统的远程数据采集方法,所述方法包括以下步骤: 应用终端发送采集请求到应用服务器; 所述应用服务器将所述采集请求发送给安全采集服务器; 所述安全采集服务器根据所述采集请求,将采集指令发给安全采集终端; 所述安全采集终端根据所述采集指令的要求采集待采集信息载体上的信息; 所述安全采集终端将采集的信息返回给所述安全采集服务器; 所述安全采集服务器将所述采集的信息发送到所述应用服务器;和所述应用服务器向所述应用终端发送采集完成的提示, 其中所述应用终端安装有开放式操作系统,所述安全采集终端与所述应用终端之间互不连接,并且所述安全采集服务器与所述应用终端之间互不连接。 1. A remote data acquisition method based on an open operating system, said method comprising the steps of: the terminal application transmits a request to the application server acquired; the application server, the acquisition request to the secure collection server; collecting said security the collection request to the server, the acquired instruction to secure collection terminal; acquisition terminal according to the security requirements of the acquiring instruction information collected on the information carrier to be acquired; the security information collection terminal will return to the collection safety acquisition server; collecting the security server transmits the collected information to the application server; and said server application transmits the completed acquisition prompt application to the terminal, wherein the terminal application mounted with an open operating system, the security between the terminal and the collecting terminals not connected to each application, and the secure connection between the server and do not capture the terminal application.
2.如权利要求1所述的方法,其中所述安全采集服务器将采集指令发给安全采集终端的步骤和所述安全采集终端将采集的信息返回给所述安全采集服务器的步骤是通过无线通信的方式实现的。 2. The method according to claim 1, wherein said security server acquisition instruction to the collected security information acquisition step and the terminal of the collected security acquisition terminal returns to the step of collecting the security server via the wireless communication the way to achieve.
3.如权利要求1或2所述的方法,其中所述安全采集终端包括: 采集通信单元, 所述采集通信单元用于与所述安全采集服务器进行通信; 采集安全单元,所述采集安全单元用于保护经所述采集通信单元传输的数据; 采集单元,所述采集单元用于采集所述待采集信息载体上的信息; 用户提示单元,所述用户提示单元用于给用户提示信息;和采集存储单元,所述采集存储单元用于存储所述采集的信息。 3. The method of claim 1 or claim 2, wherein said safety collection terminal comprising: collecting communication unit, the collecting communication unit for communicating with the secure collection server; acquisition security unit, said security unit collecting for protecting data communication unit for transmission via said acquisition; collecting unit, the collecting unit for collecting the information to be collected on the information carrier; prompt the user unit, the user prompt unit for providing a user prompt information; and an acquisition memory, the acquisition memory for storing the collected information.
4.如权利要求3所述的方法,其中所述采集单元包括以下任一装置或它们的组合:磁条卡信息采集装置、条码采集装置、二维码采集装置、电子标签采集装置、身份证信息采集装置、和生物识别信息采集装置。 4. The method according to claim 3, wherein said acquisition unit comprises one of the following means or a combination thereof: a magnetic stripe card information collecting apparatus, bar code acquisition device, a two-dimensional code acquisition device, an electronic tag collecting apparatus, ID information collection means, and biometric information collection means.
5.如权利要求4所述的方法,其中所述生物识别信息采集装置包括:指纹识别装置、脸形识别装置、掌纹识别装置、手写体识别装置、手形识别装置、生物声音识别装置、视网膜识别装置、脸部热谱图识别装置、或者虹膜识别装置。 5. The method according to claim 4, wherein said biometric information collection apparatus comprising: a fingerprint identification device, face recognition device, palmprint identification means, handwriting recognition means, hand shape recognition means, the speech recognition apparatus of biological, retina recognition device , facial thermogram recognition means, or iris recognition apparatus.
6.如权利要求1至5任一项权利要求所述的方法,其中所述安全采集服务器包括: 第一通信单元,所述第一通信单元用于与所述应用服务器进行通信; 第一安全单元,所述第一安全单元用于保护经所述第一通信单元传输的数据; 第二通信单元,所述第二通信单元用于与所述安全采集终端进行通信; 第二安全单元,所述第二安全单元用于保护经所述第二通信单元传输的数据; 采集终端管理单元,所述采集终端管理单元用于对所述安全采集终端进行管理; 采集事务管理单元,所述采集事务管理单元用于管理采集事件; 服务器存储单元,所述服务器存储单元用于存储来自所述采集终端管理单元和所述采集事务管理单元的数据;和输入输出单元,用于与所述第一安全单元、所述第二安全单元、所述采集终端管理单元和所述采集事务管理单元进行通信。 As claimed in any one of claims 1 to 5. A method as claimed in claim, wherein said safety collection server comprising: a first communication unit, the first communication unit for communicating with the application server; a first security unit, the first security unit for protecting data via said first communication unit; and a second communication unit, the second communication unit for communicating with the secure collection terminal; second security element, the said second security element for protecting data communication via said second transmission unit; acquisition terminal management unit, the terminal management unit for collecting the secure collection terminal management; acquisition transaction management unit, the acquisition transaction event management unit for managing a collection; server storage unit, a server storage unit for storing data from the data acquisition unit transaction management terminal management unit and the acquisition; and input and output units for communicating with the first security unit, the second security element, said acquisition terminal management unit and the transaction management collecting the communication unit.
7.如权利要求1至6任一项权利要求所述的方法,所述安全采集服务器与所述应用服务器之间的通信是专线通信或基于数字证书的双向认证安全机制的通信。 7. The method according to any one of claims 1 to 6, the collecting secure communication between the server and the application server is a communication line or a bidirectional communication security mechanisms for authentication based on the digital certificate of claim.
8.如权利要求1至7任一项权利要求所述的方法,所述安全采集服务器与所述安全采集终端之间的通信是通过基于对称密钥或非对称密钥的双向认证安全机制的通信。 1-7 8. The method of claim any one of claims claim, said collection server and said secure communication between the secure terminal is acquired by two-way authentication security mechanism based on a symmetric key or an asymmetric key of communication.
9.如权利要求7或8所述的方法,所述安全采集服务器与所述安全采集终端之间的通信还是实现机密性和/或完整性保护的通信。 9. The method of claim 7 or claim 8, said collecting secure communication between the server and the terminal is implemented acquisition security communication confidentiality and / or integrity protection.
10.如权利要求1至9任一项权利要求所述的方法,其中所述应用终端包括:台式计算机、笔记本电脑、手机、数字电视、自动售货机、自动柜员机、固定电话、或者平板电脑。 10. The claim as claimed in any of claims 1-1 A method according to claim 9, wherein the terminal application comprising: desktop computers, notebook computers, mobile phones, digital TV, vending machines, automatic teller machines, fixed telephone, or a tablet.
CN201310098802.6A 2013-03-26 2013-03-26 Remote data acquisition method CN104079529B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310098802.6A CN104079529B (en) 2013-03-26 2013-03-26 Remote data acquisition method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310098802.6A CN104079529B (en) 2013-03-26 2013-03-26 Remote data acquisition method

Publications (2)

Publication Number Publication Date
CN104079529A true CN104079529A (en) 2014-10-01
CN104079529B CN104079529B (en) 2019-03-01

Family

ID=51600578

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310098802.6A CN104079529B (en) 2013-03-26 2013-03-26 Remote data acquisition method

Country Status (1)

Country Link
CN (1) CN104079529B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070118758A1 (en) * 2005-11-24 2007-05-24 Hitachi, Ltd. Processing device, helper data generating device, terminal device, authentication device and biometrics authentication system
CN101197736A (en) * 2007-12-28 2008-06-11 中国移动通信集团浙江有限公司 Wireless net member equipment monitoring system and monitoring method thereof
CN102682283A (en) * 2012-04-09 2012-09-19 重庆市行安电子科技有限公司 Dynamic face recognition system
CN102982678A (en) * 2012-11-28 2013-03-20 青岛海信网络科技股份有限公司 Traffic data information service system and method for realizing traffic data information service

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070118758A1 (en) * 2005-11-24 2007-05-24 Hitachi, Ltd. Processing device, helper data generating device, terminal device, authentication device and biometrics authentication system
CN101197736A (en) * 2007-12-28 2008-06-11 中国移动通信集团浙江有限公司 Wireless net member equipment monitoring system and monitoring method thereof
CN102682283A (en) * 2012-04-09 2012-09-19 重庆市行安电子科技有限公司 Dynamic face recognition system
CN102982678A (en) * 2012-11-28 2013-03-20 青岛海信网络科技股份有限公司 Traffic data information service system and method for realizing traffic data information service

Also Published As

Publication number Publication date
CN104079529B (en) 2019-03-01

Similar Documents

Publication Publication Date Title
US7350230B2 (en) Wireless security module
US8510572B2 (en) Remote access system, gateway, client device, program, and storage medium
RU2523304C2 (en) Trusted integrity manager (tim)
EP2038227B1 (en) System and method for activating telephone-based payment instrument
RU2537795C2 (en) Trusted remote attestation agent (traa)
JP2009541870A (en) Method, apparatus, server and system for identification based on biometric features
US10043180B2 (en) System and method for secure transactions at a mobile device
US9904912B2 (en) Protecting transactions
US8371501B1 (en) Systems and methods for a wearable user authentication factor
US8843757B2 (en) One time PIN generation
ES2599985T3 (en) Validation at any time for verification tokens
US8108317B2 (en) System and method for restricting access to a terminal
EP2797020A2 (en) Proximity authentication system
RU2576586C2 (en) Authentication method
US9832019B2 (en) Authentication in ubiquitous environment
AU2010289507B2 (en) A personalized multifunctional access device possessing an individualized form of authenticating and controlling data exchange
KR101111381B1 (en) User identification system, apparatus, smart card and method for ubiquitous identity management
US20130060618A1 (en) Method and System for Electronic Wallet Access
US20030115490A1 (en) Secure network and networked devices using biometrics
KR20170121341A (en) Method for authentication using biometric data for mobile device e-commerce transactions
JP4221385B2 (en) Biometric authentication device, terminal device and automatic transaction device
TW201121280A (en) Network security verification method and device and handheld electronic device verification method.
CN102930436A (en) Mobile payment method and device
US20110161232A1 (en) Virtualization of authentication token for secure applications
US9301140B1 (en) Behavioral authentication system using a secure element, a behaviometric server and cryptographic servers to authenticate users

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
GR01 Patent grant