TW201830917A - Safety information interaction method and equipment - Google Patents

Safety information interaction method and equipment Download PDF

Info

Publication number
TW201830917A
TW201830917A TW107103237A TW107103237A TW201830917A TW 201830917 A TW201830917 A TW 201830917A TW 107103237 A TW107103237 A TW 107103237A TW 107103237 A TW107103237 A TW 107103237A TW 201830917 A TW201830917 A TW 201830917A
Authority
TW
Taiwan
Prior art keywords
security information
information interaction
communication link
information carrier
data
Prior art date
Application number
TW107103237A
Other languages
Chinese (zh)
Other versions
TWI661707B (en
Inventor
胡吉晶
宋漢石
李偉
Original Assignee
大陸商中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商中國銀聯股份有限公司 filed Critical 大陸商中國銀聯股份有限公司
Publication of TW201830917A publication Critical patent/TW201830917A/en
Application granted granted Critical
Publication of TWI661707B publication Critical patent/TWI661707B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Abstract

The invention discloses a safety information interaction method and equipment. The method comprises the steps that: a safety information interaction terminal establishes a physical connection with a safety information carrier via a first communication link; after the safety information carrier is confirmed to have supporting capacity, the safety information interaction terminal executes an authentication operation aiming at the safety information carrier in an offline mode; and in a case that the result of the authentication operation is that the authentication operation is successful, the safety information interaction terminal completes the subsequent safety information interaction process via a second communication link and based on an online mode. The safety information interaction method and equipment disclosed by the invention have a high data processing speed and are convenient and rapid to use.

Description

安全性資訊交互方法及設備Safety information interaction method and equipment

[0001] 本發明涉及資訊交互方法及設備,更具體地,涉及安全性資訊交互方法及設備。[0001] The present invention relates to a method and device for information interaction, and more particularly, to a method and device for security information interaction.

[0002] 目前,隨著電腦和網路應用的日益廣泛以及不同領域的業務種類的日益豐富,實施安全性資訊交互過程(即對安全性要求較高的資訊交互過程,例如金融領域中的支付交易)變得越來越重要。   [0003] 現有的實施安全性資訊交互過程的方式如下:安全性資訊交互終端(例如POS機)與安全性資訊載體(例如金融IC卡)建立物理連接;所述安全性資訊交互終端通過連線方式或離線方式兩者中的一個來驗證所述安全性資訊載體的合法性並完成後續的安全性資訊交互過程(例如支付交易過程)。   [0004] 然而,現有的技術方案存在如下問題:(1)當採用連線方式實施認證和隨後的安全性資訊交互過程時,由於需要經由網路將資料傳送至伺服器進行驗證,故資料處理速度較低;(2)當採用離線方式實施認證和隨後的安全性資訊交互過程時,由於需要使用者對與安全性資訊載體相關聯的帳戶預先充值,故操作不便。   [0005] 由此,存在如下需求:提供具有高的資料處理速度並且使用便捷的安全性資訊交互方法及設備。[0002] Currently, with the increasing application of computers and networks and the increasing variety of services in different fields, security information interaction processes (that is, information interaction processes with high security requirements, such as payment in the financial field) are implemented. Transactions) are becoming increasingly important. [0003] The existing way of implementing the security information interaction process is as follows: a security information interaction terminal (such as a POS machine) establishes a physical connection with a security information carrier (such as a financial IC card); the security information interaction terminal is connected through a connection Either one of the two modes, offline mode or offline mode, to verify the legitimacy of the security information carrier and complete a subsequent security information interaction process (such as a payment transaction process). [0004] However, the existing technical solutions have the following problems: (1) When the authentication and subsequent security information interaction processes are implemented in a connected manner, data needs to be transmitted to the server for verification via the network, so data processing The speed is low; (2) When the offline authentication and subsequent security information interaction process is implemented, the user is required to recharge the account associated with the security information carrier in advance, so the operation is inconvenient. [0005] Therefore, there is a need to provide a security information interaction method and device that have high data processing speed and are convenient to use.

[0006] 為了解決上述現有技術方案所存在的問題,本發明提出了具有高的資料處理速度並且使用便捷的安全性資訊交互方法及設備。   [0007] 本發明的目的是通過以下技術方案實現的:   一種安全性資訊交互方法,所述安全性資訊交互方法包括下列步驟:   (A1)安全性資訊交互終端經由第一通信鏈路與安全性資訊載體建立物理連接;   (A2)在確認所述安全性資訊載體具有支援能力後,所述安全性資訊交互終端通過離線的方式執行針對所述安全性資訊載體的認證操作;   (A3)在所述認證操作的結果是“成功”的情況下,所述安全性資訊交互終端經由第二通信鏈路並基於連線的方式完成後續的安全性資訊交互過程。   [0008] 在上面所公開的方案中,優選地,所述第一通信鏈路是基於非接觸通信協定或其它通訊傳輸方式的物理通道。   [0009] 在上面所公開的方案中,優選地,所述步驟(A2)進一步包括:所述安全性資訊交互終端通過與所述安全性資訊載體進行資料交互而彼此確認兩者的支援能力,並且選擇兩者均支持的應用來進行後續的資料交互過程。   [0010] 在上面所公開的方案中,優選地,所述步驟(A2)進一步包括:在確認安全性資訊交互終端和安全性資訊載體均支援採用離線模式進行認證並採用連線模式進行後續的安全性資訊交互過程的情況下,所述安全性資訊載體經由所述第一通信鏈路向所述安全性資訊交互終端發送包含經簽名的業務資料的資料包。   [0011] 在上面所公開的方案中,優選地,所述步驟(A2)進一步包括:所述安全性資訊交互終端通過驗證所述包含經簽名的業務資料的資料包中的簽名來認證所述安全性資訊載體的合法性。   [0012] 在上面所公開的方案中,優選地,所述步驟(A3)進一步包括:在所述認證操作的結果是“成功”的情況下,所述安全性資訊交互終端記錄所述業務資料並觸發與當前認證操作的結果相關聯的外部操作。   [0013] 在上面所公開的方案中,優選地,所述步驟(A3)進一步包括:所述安全性資訊交互終端週期性地經由所述第二通信鏈路並根據所記錄的業務資料與資料處理伺服器進行連線模式的資料交互以實際完成所述業務資料指示的業務操作。   [0014] 在上面所公開的方案中,優選地,所述第二通信鏈路是網際網路。   [0015] 本發明的目的也可以通過以下技術方案實現:   一種安全性資訊交互終端,其包括:   通道建立單元,所述通道建立單元被配置為經由第一通信鏈路與安全性資訊載體建立物理連接,   資料處理單元,所述資料處理單元被配置為在確認所述安全性資訊載體具有支援能力後,通過離線的方式執行針對所述安全性資訊載體的認證操作,並且在所述認證操作的結果是“成功”的情況下,經由第二通信鏈路並基於連線的方式完成後續的安全性資訊交互過程。   [0016] 一種安全性資訊載體,其包括:   通道建立單元,所述通道建立單元被配置為經由第一通信鏈路與安全性資訊交互終端建立物理連接,   資料處理單元,所述資料處理單元被配置為在確認所述安全性資訊交互終端具有支援能力後,通過離線的方式輔助執行針對所述安全性資訊載體的認證操作。   [0017] 本發明所公開的安全性資訊交互方法及設備具有以下優點:由於採用離線模式進行認證並採用連線模式延遲進行後續的安全性資訊交互過程,故具有高的資料處理速度並且使用便捷。[0006] In order to solve the problems existing in the above-mentioned prior art solutions, the present invention proposes a security information interaction method and device with high data processing speed and convenient use. [0007] The object of the present invention is achieved by the following technical solutions: A security information interaction method, the security information interaction method includes the following steps: (A1) the security information interaction terminal communicates with security via a first communication link The information carrier establishes a physical connection; (A2) After confirming that the security information carrier has support capabilities, the security information interactive terminal performs an authentication operation on the security information carrier in an offline manner; (A3) In the case where the result of the authentication operation is "success", the security information interactive terminal completes the subsequent security information interactive process via the second communication link and based on the connection. [0008] In the solution disclosed above, preferably, the first communication link is a physical channel based on a contactless communication protocol or other communication transmission mode. [0009] In the solution disclosed above, preferably, the step (A2) further includes: the security information interactive terminal confirms each other's support capabilities through data interaction with the security information carrier, And select the applications that both support for the subsequent data interaction process. [0010] In the solution disclosed above, preferably, the step (A2) further includes: confirming that the security information interactive terminal and the security information carrier both support authentication in an offline mode and follow-up in a connection mode. In the case of the security information interaction process, the security information carrier sends a data packet containing the signed service data to the security information interaction terminal via the first communication link. [0011] In the solution disclosed above, preferably, the step (A2) further includes: the security information interactive terminal authenticates the certificate by verifying a signature in the data package containing the signed service information. The legitimacy of the security information carrier. [0012] In the solution disclosed above, preferably, the step (A3) further includes: when the result of the authentication operation is "success", the security information interactive terminal records the service data And trigger an external operation associated with the result of the current authentication operation. [0013] In the solution disclosed above, preferably, the step (A3) further comprises: the security information interactive terminal periodically via the second communication link and according to the recorded service data and data The processing server performs data interaction in the connection mode to actually complete the business operation indicated by the business data. [0014] In the solution disclosed above, preferably, the second communication link is the Internet. [0015] The object of the present invention can also be achieved by the following technical solutions: A security information interactive terminal, comprising: a channel establishing unit configured to establish a physics with a security information carrier via a first communication link Connecting, a data processing unit configured to perform an authentication operation for the security information carrier in an offline manner after confirming that the security information carrier has support capabilities, and If the result is "success", the subsequent security information interaction process is completed via the second communication link and based on the connection. [0016] A security information carrier comprising: a channel establishing unit configured to establish a physical connection with a security information interactive terminal via a first communication link, a data processing unit, the data processing unit being It is configured to, after confirming that the security information interactive terminal has support capability, assist in performing an authentication operation for the security information carrier in an offline manner. [0017] The security information interaction method and device disclosed by the present invention have the following advantages: because the authentication is performed in an offline mode and the subsequent security information interaction process is delayed in a connected mode, it has a high data processing speed and is convenient to use .

[0019] 圖1是根據本發明的實施例的安全性資訊交互方法的流程圖。如圖1所示,本發明所公開的安全性資訊交互方法包括下列步驟:(A1)安全性資訊交互終端(例如POS機)經由第一通信鏈路與安全性資訊載體(例如金融IC卡)建立物理連接;(A2)在確認所述安全性資訊載體具有支援能力後,所述安全性資訊交互終端通過離線的方式執行針對所述安全性資訊載體的認證操作;(A3)在所述認證操作的結果是“成功”的情況下,所述安全性資訊交互終端經由第二通信鏈路並基於連線的方式完成後續的安全性資訊交互過程。   [0020] 優選地,在本發明所公開的安全性資訊交互方法中,所述第一通信鏈路是基於非接觸通信協議(例如近場通信協定NFC)或其它通訊傳輸方式(例如二維碼方式)的物理通道。   [0021] 優選地,在本發明所公開的安全性資訊交互方法中,所述步驟(A2)進一步包括:所述安全性資訊交互終端通過與所述安全性資訊載體進行資料交互而彼此確認兩者的支援能力,並且選擇兩者均支持的應用來進行後續的資料交互過程(例如,兩者通過相互傳遞各自指示自身所支援的資料處理模式的標記位元的值來確認兩者的能力是否匹配,即兩者是否均支援採用離線模式進行認證並採用連線模式進行後續的安全性資訊交互過程)。   [0022] 優選地,在本發明所公開的安全性資訊交互方法中,所述步驟(A2)進一步包括:在確認安全性資訊交互終端和安全性資訊載體均支援採用離線模式進行認證並採用連線模式進行後續的安全性資訊交互過程的情況下,所述安全性資訊載體經由所述第一通信鏈路向所述安全性資訊交互終端發送包含經簽名的業務資料(諸如應用密文、簽名的動態應用資料、應用文件定位器AFL等)的資料包。   [0023] 優選地,在本發明所公開的安全性資訊交互方法中,所述步驟(A2)進一步包括:所述安全性資訊交互終端通過驗證所述包含經簽名的業務資料的資料包中的簽名來認證所述安全性資訊載體的合法性。   [0024] 優選地,在本發明所公開的安全性資訊交互方法中,所述步驟(A3)進一步包括:在所述認證操作的結果是“成功”的情況下,所述安全性資訊交互終端記錄所述業務資料並觸發與當前認證操作的結果相關聯的外部操作(諸如允許進站/上車、允許出站/下車等等)。   [0025] 優選地,在本發明所公開的安全性資訊交互方法中,所述步驟(A3)進一步包括:所述安全性資訊交互終端週期性地(例如每日的固定時間)經由所述第二通信鏈路並根據所記錄的業務資料與資料處理伺服器進行連線模式的資料交互以實際完成所述業務資料指示的業務操作(例如批量的扣款操作)。   [0026] 優選地,在本發明所公開的安全性資訊交互方法中,所述第二通信鏈路是網際網路。   [0027] 由上可見,本發明所公開的安全性資訊交互方法具有下列優點:由於採用離線模式進行認證並採用連線模式延遲進行後續的安全性資訊交互過程,故具有高的資料處理速度並且使用便捷。   [0028] 圖2是根據本發明的實施例的安全性資訊交互設備的示意圖。如圖2所示,本發明所公開的安全性資訊交互終端2(例如POS機)包括通道建立單元5和資料處理單元6,所述通道建立單元5被配置為經由第一通信鏈路與安全性資訊載體(例如金融IC卡)建立物理連接,所述資料處理單元6被配置為在確認所述安全性資訊載體具有支援能力後,通過離線的方式執行針對所述安全性資訊載體的認證操作,並且在所述認證操作的結果是“成功”的情況下,經由第二通信鏈路並基於連線的方式完成後續的安全性資訊交互過程。   [0029] 優選地,在本發明所公開的安全性資訊交互終端中,所述第一通信鏈路是基於非接觸通信協議(例如近場通信協定NFC)或其它通訊傳輸方式(例如二維碼方式)的物理通道。   [0030] 優選地,在本發明所公開的安全性資訊交互終端中,所述資料處理單元6進一步被配置為通過與所述安全性資訊載體進行資料交互而彼此確認兩者的支援能力,並且選擇兩者均支持的應用來進行後續的資料交互過程(例如,兩者通過相互傳遞各自指示自身所支援的資料處理模式的標記位元的值來確認兩者的能力是否匹配,即兩者是否均支援採用離線模式進行認證並採用連線模式進行後續的安全性資訊交互過程)。   [0031] 優選地,在本發明所公開的安全性資訊交互終端中,所述資料處理單元6通過驗證來自所述安全性資訊載體的包含經簽名的業務資料的資料包中的簽名來認證所述安全性資訊載體的合法性。   [0032] 優選地,在本發明所公開的安全性資訊交互終端中,所述資料處理單元6進一步被配置為:在所述認證操作的結果是“成功”的情況下,記錄所述業務資料並觸發與當前認證操作的結果相關聯的外部操作(諸如允許進站/上車、允許出站/下車等等)。   [0033] 優選地,在本發明所公開的安全性資訊交互終端中,所述資料處理單元6進一步被配置為:週期性地(例如每日的固定時間)經由所述第二通信鏈路並根據所記錄的業務資料與資料處理伺服器進行連線模式的資料交互以實際完成所述業務資料指示的業務操作(例如批量的扣款操作)。   [0034] 優選地,在本發明所公開的安全性資訊交互終端中,所述第二通信鏈路是網際網路。   [0035] 如圖2所示,本發明所公開的安全性資訊載體(例如金融IC卡)包括通道建立單元3和資料處理單元4,所述通道建立單元3被配置為經由第一通信鏈路與安全性資訊交互終端(例如POS機)建立物理連接,所述資料處理單元4被配置為在確認所述安全性資訊交互終端具有支援能力後,通過離線的方式輔助執行針對所述安全性資訊載體的認證操作。   [0036] 優選地,在本發明所公開的安全性資訊載體中,所述第一通信鏈路是基於非接觸通信協議(例如近場通信協定NFC)的物理通道。   [0037] 優選地,在本發明所公開的安全性資訊載體中,所述資料處理單元4進一步被配置為在確認安全性資訊交互終端和安全性資訊載體均支援採用離線模式進行認證並採用連線模式進行後續的安全性資訊交互過程的情況下,經由所述第一通信鏈路向所述安全性資訊交互終端發送包含經簽名的業務資料(諸如應用密文、簽名的動態應用資料、應用文件定位器AFL等)的資料包。   [0038] 由上可見,本發明所公開的安全性資訊交互設備具有下列優點:由於採用離線模式進行認證並採用連線模式延遲進行後續的安全性資訊交互過程,故具有高的資料處理速度並且使用便捷。   [0039] 儘管本發明是通過上述的優選實施方式進行描述的,但是其實現形式並不局限於上述的實施方式。應該認識到:在不脫離本發明主旨和範圍的情況下,本領域技術人員可以對本發明做出不同的變化和修改。1 is a flowchart of a security information interaction method according to an embodiment of the present invention. As shown in FIG. 1, the security information interaction method disclosed in the present invention includes the following steps: (A1) A security information interaction terminal (such as a POS machine) communicates with a security information carrier (such as a financial IC card) via a first communication link. Establish a physical connection; (A2) After confirming that the security information carrier has support capabilities, the security information interactive terminal performs an authentication operation for the security information carrier in an offline manner; (A3) during the authentication When the operation result is "success", the security information interactive terminal completes the subsequent security information interactive process via the second communication link and based on the connection. [0020] Preferably, in the security information interaction method disclosed in the present invention, the first communication link is based on a contactless communication protocol (such as near field communication protocol NFC) or other communication transmission methods (such as a two-dimensional code) Way) of the physical channel. [0021] Preferably, in the security information interaction method disclosed in the present invention, the step (A2) further includes: the security information interaction terminal confirms each other by performing data interaction with the security information carrier. Support capabilities of the user, and select an application that both support for the subsequent data interaction process (for example, the two can confirm whether the capabilities of the two are passed by mutually passing the value of the flag bit indicating the data processing mode supported by each other). Matching, that is, whether both support authentication in offline mode and subsequent security information interaction process in connection mode). [0022] Preferably, in the security information interaction method disclosed in the present invention, the step (A2) further includes: confirming that the security information interaction terminal and the security information carrier both support authentication in an offline mode and adopt a connection method. In a case where the subsequent security information interaction process is performed in the online mode, the security information carrier sends the security information interactive terminal including the signed service data (such as application cipher text, signature, etc.) via the first communication link. Dynamic application data, application file locator AFL, etc.). [0023] Preferably, in the security information interaction method disclosed in the present invention, the step (A2) further comprises: the security information interaction terminal verifying the information in the data package containing the signed service data A signature to verify the legitimacy of the security information carrier. [0024] Preferably, in the security information interaction method disclosed in the present invention, the step (A3) further includes: when the result of the authentication operation is "success", the security information interaction terminal Record the business profile and trigger external operations (such as allow in / out, allow out / out, etc.) associated with the result of the current authentication operation. [0025] Preferably, in the security information interaction method disclosed in the present invention, the step (A3) further includes: the security information interaction terminal periodically (eg, a fixed time every day) via the first The two communication links perform data interaction in a connection mode with the data processing server according to the recorded business data to actually complete the business operations indicated by the business data (such as batch debit operations). [0026] Preferably, in the security information interaction method disclosed in the present invention, the second communication link is the Internet. [0027] As can be seen from the above, the security information interaction method disclosed by the present invention has the following advantages: because it uses an offline mode for authentication and a connection mode for delaying the subsequent security information interaction process, it has a high data processing speed and Easy to use. [0028] FIG. 2 is a schematic diagram of a security information interaction device according to an embodiment of the present invention. As shown in FIG. 2, the security information interactive terminal 2 (for example, a POS machine) disclosed in the present invention includes a channel establishing unit 5 and a data processing unit 6. The channel establishing unit 5 is configured to communicate with the security via a first communication link. A physical information carrier (such as a financial IC card) establishes a physical connection. The data processing unit 6 is configured to perform an authentication operation on the security information carrier in an offline manner after confirming that the security information carrier has support capabilities. And, if the result of the authentication operation is "success", the subsequent security information interaction process is completed via the second communication link and based on the connection. [0029] Preferably, in the security information interactive terminal disclosed in the present invention, the first communication link is based on a contactless communication protocol (such as near field communication protocol NFC) or other communication transmission methods (such as a two-dimensional code) Way) of the physical channel. [0030] Preferably, in the security information interactive terminal disclosed in the present invention, the data processing unit 6 is further configured to confirm each other's support capabilities through data interaction with the security information carrier, and Select an application that both support for the subsequent data interaction process (for example, the two can confirm whether their capabilities match by passing the value of a flag bit that indicates the data processing mode they support each other, that is, whether they are Both support offline mode for authentication and connected mode for subsequent security information interaction process). [0031] Preferably, in the security information interactive terminal disclosed in the present invention, the data processing unit 6 authenticates the identity by verifying the signature in the data package containing the signed business data from the security information carrier. The legality of the security information carrier is described. [0032] Preferably, in the security information interactive terminal disclosed in the present invention, the data processing unit 6 is further configured to record the business data in a case where the result of the authentication operation is “success”. And trigger external operations associated with the result of the current authentication operation (such as allow in / out, allow out / out, etc.). [0033] Preferably, in the security information interactive terminal disclosed in the present invention, the data processing unit 6 is further configured to periodically (for example, a fixed time every day) via the second communication link and According to the recorded business data, data interaction with the data processing server is performed in a connection mode to actually complete the business operations indicated by the business data (such as batch debit operations). [0034] Preferably, in the security information interactive terminal disclosed in the present invention, the second communication link is the Internet. [0035] As shown in FIG. 2, the security information carrier (such as a financial IC card) disclosed in the present invention includes a channel establishing unit 3 and a data processing unit 4, and the channel establishing unit 3 is configured to pass through a first communication link. Establish a physical connection with a security information interactive terminal (such as a POS machine), and the data processing unit 4 is configured to assist the execution of the security information in an offline manner after confirming that the security information interactive terminal has support capabilities Carrier authentication operation. [0036] Preferably, in the security information carrier disclosed in the present invention, the first communication link is a physical channel based on a contactless communication protocol (for example, near field communication protocol NFC). [0037] Preferably, in the security information carrier disclosed in the present invention, the data processing unit 4 is further configured to confirm that both the security information interactive terminal and the security information carrier support authentication in an offline mode and adopt a connection method. When the subsequent security information interaction process is performed in the online mode, the security information interactive terminal is sent to the security information interactive terminal via the first communication link, including signed service data (such as application cipher text, signed dynamic application data, application File locator AFL, etc.). [0038] It can be seen from the above that the security information interaction device disclosed by the present invention has the following advantages: because it uses the offline mode for authentication and the connection mode for delaying the subsequent security information interaction process, it has a high data processing speed and Easy to use. [0039] Although the present invention has been described by the above-mentioned preferred embodiments, its implementation form is not limited to the above-mentioned embodiments. It should be recognized that those skilled in the art can make different changes and modifications to the present invention without departing from the spirit and scope of the present invention.

[0040][0040]

A1~A3‧‧‧步驟A1 ~ A3‧‧‧‧Steps

1‧‧‧安全性資訊載體1‧‧‧security information carrier

2‧‧‧安全性資訊交互終端2‧‧‧security information interactive terminal

3‧‧‧通道建立單元3‧‧‧Channel establishment unit

4‧‧‧資料處理單元4‧‧‧Data Processing Unit

5‧‧‧通道建立單元5‧‧‧Channel establishment unit

6‧‧‧資料處理單元6‧‧‧Data Processing Unit

[0018] 結合圖式,本發明的技術特徵以及優點將會被本領域技術人員更好地理解,其中:   圖1是根據本發明的實施例的安全性資訊交互方法的流程圖;   圖2是根據本發明的實施例的安全性資訊交互設備的示意圖。[0018] With reference to the drawings, the technical features and advantages of the present invention will be better understood by those skilled in the art, where: FIG. 1 is a flowchart of a security information interaction method according to an embodiment of the present invention; FIG. 2 is A schematic diagram of a security information interaction device according to an embodiment of the present invention.

Claims (10)

一種安全性資訊交互方法,所述安全性資訊交互方法包括下列步驟:   (A1)安全性資訊交互終端經由第一通信鏈路與安全性資訊載體建立物理連接;   (A2)在確認所述安全性資訊載體具有支援能力後,所述安全性資訊交互終端通過離線的方式執行針對所述安全性資訊載體的認證操作;   (A3)在所述認證操作的結果是“成功”的情況下,所述安全性資訊交互終端經由第二通信鏈路並基於連線的方式完成後續的安全性資訊交互過程。A security information interaction method includes the following steps: (A1) the security information interactive terminal establishes a physical connection with the security information carrier via a first communication link; 第一 (A2) confirms the security After the information carrier has the support capability, the security information interactive terminal performs an authentication operation for the security information carrier in an offline manner; (A3) when the result of the authentication operation is "success", the The security information interaction terminal completes the subsequent security information interaction process via the second communication link and based on the connection. 根據請求項1所述的安全性資訊交互方法,其中,所述第一通信鏈路是基於非接觸通信協定或其它通訊傳輸方式的物理通道。The security information interaction method according to claim 1, wherein the first communication link is a physical channel based on a non-contact communication protocol or other communication transmission methods. 根據請求項2所述的安全性資訊交互方法,其中,所述步驟(A2)進一步包括:所述安全性資訊交互終端通過與所述安全性資訊載體進行資料交互而彼此確認兩者的支援能力,並且選擇兩者均支持的應用來進行後續的資料交互過程。The security information interaction method according to claim 2, wherein the step (A2) further comprises: the security information interaction terminal confirms each other's support capabilities through data interaction with the security information carrier. , And select an application that supports both for the subsequent data interaction process. 根據請求項3所述的安全性資訊交互方法,其中,所述步驟(A2)進一步包括:在確認安全性資訊交互終端和安全性資訊載體均支援採用離線模式進行認證並採用連線模式進行後續的安全性資訊交互過程的情況下,所述安全性資訊載體經由所述第一通信鏈路向所述安全性資訊交互終端發送包含經簽名的業務資料的資料包。The security information interaction method according to claim 3, wherein the step (A2) further comprises: confirming that the security information interaction terminal and the security information carrier both support authentication in offline mode and follow-up in connection mode In the case of the security information interaction process, the security information carrier sends a data packet containing the signed service data to the security information interactive terminal via the first communication link. 根據請求項4所述的安全性資訊交互方法,其中,所述步驟(A2)進一步包括:所述安全性資訊交互終端通過驗證所述包含經簽名的業務資料的資料包中的簽名來認證所述安全性資訊載體的合法性。The security information interaction method according to claim 4, wherein the step (A2) further comprises: the security information interaction terminal authenticates the identity by verifying a signature in the data package containing the signed business information. The legality of the security information carrier is described. 根據請求項5所述的安全性資訊交互方法,其中,所述步驟(A3)進一步包括:在所述認證操作的結果是“成功”的情況下,所述安全性資訊交互終端記錄所述業務資料並觸發與當前認證操作的結果相關聯的外部操作。The security information interaction method according to claim 5, wherein the step (A3) further comprises: when the result of the authentication operation is "success", the security information interaction terminal records the service Profile and trigger an external operation associated with the result of the current authentication operation. 根據請求項6所述的安全性資訊交互方法,其中,所述步驟(A3)進一步包括:所述安全性資訊交互終端週期性地經由所述第二通信鏈路並根據所記錄的業務資料與資料處理伺服器進行連線模式的資料交互以實際完成所述業務資料指示的業務操作。The security information interaction method according to claim 6, wherein the step (A3) further comprises: the security information interaction terminal periodically via the second communication link and according to the recorded service data and The data processing server performs data interaction in the connection mode to actually complete the business operations indicated by the business data. 根據請求項7所述的安全性資訊交互方法,其中,所述第二通信鏈路是網際網路。The security information interaction method according to claim 7, wherein the second communication link is the Internet. 一種安全性資訊交互終端,其包括:   通道建立單元,所述通道建立單元被配置為經由第一通信鏈路與安全性資訊載體建立物理連接,   資料處理單元,所述資料處理單元被配置為在確認所述安全性資訊載體具有支援能力後,通過離線的方式執行針對所述安全性資訊載體的認證操作,並且在所述認證操作的結果是“成功”的情況下,經由第二通信鏈路並基於連線的方式完成後續的安全性資訊交互過程。A security information interactive terminal includes: a channel establishment unit configured to establish a physical connection with a security information carrier via a first communication link, and a data processing unit configured to After confirming that the security information carrier has support capabilities, perform an authentication operation for the security information carrier in an offline manner, and if the result of the authentication operation is "success", via the second communication link And complete the subsequent security information interaction process based on the connection. 一種安全性資訊載體,其包括:   通道建立單元,所述通道建立單元被配置為經由第一通信鏈路與安全性資訊交互終端建立物理連接,   資料處理單元,所述資料處理單元被配置為在確認所述安全性資訊交互終端具有支援能力後,通過離線的方式輔助執行針對所述安全性資訊載體的認證操作。A security information carrier includes: (i) a channel establishing unit configured to establish a physical connection with a security information interactive terminal via a first communication link, and (ii) a data processing unit configured to After confirming that the security information interactive terminal has a supporting capability, it assists in performing an authentication operation for the security information carrier in an offline manner.
TW107103237A 2017-02-09 2018-01-30 Safety information interaction method, terminal and computer program product TWI661707B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
??201710070746.3 2017-02-09
CN201710070746.3A CN107135194B (en) 2017-02-09 2017-02-09 Security information interaction method and device

Publications (2)

Publication Number Publication Date
TW201830917A true TW201830917A (en) 2018-08-16
TWI661707B TWI661707B (en) 2019-06-01

Family

ID=59721057

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107103237A TWI661707B (en) 2017-02-09 2018-01-30 Safety information interaction method, terminal and computer program product

Country Status (2)

Country Link
CN (1) CN107135194B (en)
TW (1) TWI661707B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111540100B (en) * 2020-01-22 2022-05-17 中国银联股份有限公司 Data processing method and system based on asynchronous pre-authorization and offline data authentication
CN113301547B (en) * 2021-05-07 2023-03-31 范创升 Efficient communication method of low-power-consumption Bluetooth chip

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9286457B2 (en) * 2004-06-14 2016-03-15 Rodney Beatson Method and system for providing password-free, hardware-rooted, ASIC-based authentication of a human to a mobile device using biometrics with a protected, local template to release trusted credentials to relying parties
CN101923754B (en) * 2009-06-17 2013-06-26 中国工商银行股份有限公司 System and method for realizing rapid payment based on bank intelligent card
MY180632A (en) * 2011-09-20 2020-12-03 Numoni Pte Ltd A system and a method for purchasing electronic vouchers
CN102376125B (en) * 2011-10-17 2014-06-25 北京百纳威尔科技有限公司 Mobile terminal and one-card system based on same
US9858560B2 (en) * 2012-06-28 2018-01-02 Maxim Integrated Products, Inc. Secure payments with untrusted devices
CN103812835A (en) * 2012-11-09 2014-05-21 深圳市华营数字商业有限公司 Public key algorithm based offline mode ID and transaction authentication method
CN104102998A (en) * 2013-04-02 2014-10-15 中国银联股份有限公司 Security information interaction system, device and method
WO2015106284A1 (en) * 2014-01-13 2015-07-16 uQontrol, Inc. Data storage key for secure online transactions
CN104200362A (en) * 2014-09-12 2014-12-10 上海闪购信息技术有限公司 Payment processing method based on NFC smart card and mobile internet terminal
CN105989489B (en) * 2015-02-03 2019-07-05 深圳融合高科信息技术有限公司 A kind of method and payment terminal of IC card networking certification
CN105119933B (en) * 2015-09-11 2018-12-28 中国农业银行股份有限公司 A kind of processing method carrying out on-line transaction using multi-mobile-terminal

Also Published As

Publication number Publication date
TWI661707B (en) 2019-06-01
CN107135194A (en) 2017-09-05
CN107135194B (en) 2021-02-02

Similar Documents

Publication Publication Date Title
AU2018202542B2 (en) Automated account provisioning
US11676145B2 (en) Method and apparatus for authenticating and processing secure transactions using a mobile device
US11258777B2 (en) Method for carrying out a two-factor authentication
TWI792284B (en) Methods for validating online access to secure device functionality
TWI676945B (en) Method and device for binding wearable device, electronic payment method and device
JP6713081B2 (en) Authentication device, authentication system and authentication method
Isaac et al. Secure mobile payment systems
CN107784499B (en) Secure payment system and method of near field communication mobile terminal
US20170032362A1 (en) Streamlined enrollment of credit cards in mobile wallets
WO2017020618A1 (en) Electronic resource processing method and apparatus
JP2014529273A (en) Secure authentication method and system for online transactions
WO2014194822A1 (en) Secure information interaction method for electronic resources transfer
CN110740136A (en) Network security control method for open bank and open bank platform
US9246677B2 (en) Method and system for secure data communication between a user device and a server
TWI661707B (en) Safety information interaction method, terminal and computer program product
CN105160531B (en) Transaction data processing method and processing device
TWI728212B (en) Authentication method based on ciphertext
US11257063B2 (en) Telephone call purchase with payment using mobile payment device
TW201131490A (en) Payment data processing method, system, payment terminal and payment server
WO2014048319A1 (en) Security information exchange system, apparatus, and method
CN104980276A (en) Identity authentication method for security information interaction
WO2015014254A1 (en) Method for secure exchange of information related to resource transfers