WO2010088818A1 - 一种实现网银业务的方法、系统和设备 - Google Patents

一种实现网银业务的方法、系统和设备 Download PDF

Info

Publication number
WO2010088818A1
WO2010088818A1 PCT/CN2009/073637 CN2009073637W WO2010088818A1 WO 2010088818 A1 WO2010088818 A1 WO 2010088818A1 CN 2009073637 W CN2009073637 W CN 2009073637W WO 2010088818 A1 WO2010088818 A1 WO 2010088818A1
Authority
WO
WIPO (PCT)
Prior art keywords
online banking
service
proxy device
authentication information
pos
Prior art date
Application number
PCT/CN2009/073637
Other languages
English (en)
French (fr)
Inventor
桂永林
何智勤
Original Assignee
华为终端有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为终端有限公司 filed Critical 华为终端有限公司
Priority to EP20090839535 priority Critical patent/EP2395464A4/en
Publication of WO2010088818A1 publication Critical patent/WO2010088818A1/zh
Priority to US13/206,233 priority patent/US9015065B2/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/109Time management, e.g. calendars, reminders, meetings or time accounting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/109Time management, e.g. calendars, reminders, meetings or time accounting
    • G06Q10/1093Calendar-based scheduling for persons or groups
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/206Point-of-sale [POS] network systems comprising security or operator identification provisions, e.g. password entry
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction

Definitions

  • the present invention relates to the field of communications, and in particular, to a method, system and device for implementing an online banking service. Background technique
  • the wired connection is the connection between the POS device and the network bank private network through the physical line.
  • the wireless connection method greatly limits the use and scope of the POS device, and the cost of manufacturing, deploying and maintaining the POS device is
  • the wireless connection is to connect the POS device to the bank server through the online wireless private wireless network to realize the network banking service.
  • the wirelessly connected POS device needs both the banking function and the wireless communication function, P0S.
  • the function of the device is complex, manufacturing and maintenance This higher.
  • embodiments of the present invention provide a method, system, and device for implementing an online banking service.
  • the technical solution is as follows:
  • the proxy device and the POS device perform authentication
  • the proxy device After the authentication is passed, the proxy device establishes a connection with the online banking server by wirelessly accessing the Internet;
  • the proxy device forwards the online banking service data between the POS device and the online banking server to implement the online banking service.
  • an embodiment of the present invention provides a system for implementing an online banking service, where the system includes: an agent device connected to an online banking server and a P0S device,
  • the proxy device is configured to: after establishing the connection with the POS device, identify with the POS device; after the identification is passed, perform authentication with the POS device; when the authentication is passed, The address of the online banking server, the wireless access network establishes a connection with the online banking server; and is further configured to forward the online banking service data between the POS device and the online banking server, and implement the online banking industry.
  • a proxy device is provided, where the proxy device includes: an establishing module, configured to establish a connection with a POS device;
  • An identification module configured to identify the POS device after establishing a connection with the POS device
  • An authentication module configured to perform authentication with the POS device after the identification is passed
  • connection module configured to establish a connection with the online banking server by wirelessly accessing the Internet after the authentication is passed;
  • the service module is configured to forward the online banking service data between the POS device and the online banking server to implement the online banking service.
  • the embodiment of the present invention further provides a POS device, where the POS device includes: an establishing module, configured to establish a connection with the proxy device;
  • An identification module configured to identify with the proxy device after establishing a connection with the proxy device
  • the service module is configured to perform the online banking service by performing the online banking service data interaction between the proxy device and the online banking server, where the proxy device establishes a connection with the online banking server by wirelessly accessing the Internet.
  • an embodiment of the present invention further provides an online banking server, where the online banking server includes:
  • the service module is configured to perform online banking service data interaction by using the proxy device and the POS device to implement the online banking service.
  • the proxy device After the proxy device is connected to the online banking server based on the wireless access network, the proxy device forwards the online banking service data between the POS device and the online banking server, which is more convenient for the user to use the online banking service, and simplifies the function of the POS device, thereby reducing the POS device. Manufacturing and maintenance costs.
  • FIG. 1 is a schematic flowchart of a method for implementing an online banking service according to Embodiment 1 of the present invention.
  • FIG. 2 is a schematic diagram of networking for implementing online banking services according to Embodiment 2 of the present invention.
  • FIG. 3 is a schematic flowchart diagram of a method for implementing an online banking service according to Embodiment 2 of the present invention.
  • FIG. 4 is a schematic diagram of information interaction of a method for implementing an online banking service according to Embodiment 2 of the present invention.
  • FIG. 5 is a schematic structural diagram of a system for implementing an online banking service according to Embodiment 3 of the present invention.
  • FIG. 6 is a schematic structural diagram of a proxy device according to Embodiment 4 of the present invention.
  • FIG. 7 is a schematic structural diagram of a POS device according to Embodiment 5 of the present invention.
  • FIG. 8 is a schematic structural diagram of an online banking server according to Embodiment 6 of the present invention. detailed description
  • the embodiment of the present invention provides a method for implementing the online banking service.
  • the method is as follows: In the online banking business, the methods include:
  • the proxy device After the proxy device establishes a connection with the POS device, the proxy device and the POS device identify;
  • the proxy device and the POS device perform authentication
  • the proxy device After the authentication is passed, the proxy device establishes a connection with the online banking server through wireless access to the Internet;
  • the specific implementation may use the proxy device to establish a connection with the online banking server through wireless access to the Internet according to the address of the preset online banking server.
  • the proxy device forwards the online banking service data between the P0S device and the online banking server to implement the online banking service.
  • the identification of the proxy device and the POS device involved in step S1 includes:
  • the proxy device identifies the POS device, and/or the POS device identifies the proxy device.
  • the proxy device identifies the POS device, including: the POS device sends the device identifier of the POS device to the proxy device, and the proxy device identifies the POS device according to the received device identifier; the POS device identifies the proxy device, including: the proxy device to the POS device.
  • the device sends the device identifier of the proxy device, and the P0S device receives the device according to Device identification, identifying the agent device.
  • the proxy device and the P0S device involved in the step S2 are authenticated, including:
  • the proxy device authenticates the P0S device, and/or, the P0S device authenticates the proxy device. Among them, the proxy device authenticates the P0S device, including:
  • the proxy device receives the authentication information sent by the P0S device, and determines whether the received authentication information matches the preset authentication information according to the preset authentication information. If yes, the proxy device authenticates the P OS device;
  • the P0S device authenticates the proxy device, including:
  • the P0S device receives the authentication information sent by the proxy device, and compares with the pre-stored authentication information to determine whether the received authentication information matches the pre-stored authentication information. If yes, the P0S device authenticates the proxy device.
  • the foregoing authentication information is specifically: the encrypted authentication information, and correspondingly, before determining whether the received authentication information and the preset authentication information match, the method further includes: decrypting the encrypted authentication information.
  • the method provided by the embodiment of the present invention further includes: the POS device receives the user authentication information sent by the user, and sends the user authentication information to the proxy device;
  • the proxy device receives the user authentication information sent by the P0S device, and authenticates the user according to the pre-stored user authentication information. Accordingly, after the proxy device authenticates the user, the proxy device forwards the online banking service data between the P0S device and the online banking server. . Among them, the proxy device authenticates the user, including:
  • the proxy device receives the user authentication information sent by the P0S device, and determines whether the user authentication information sent by the P0S device matches the pre-stored user authentication information according to the pre-stored user authentication information. If yes, the proxy device passes the user authentication.
  • the proxy device involved in the foregoing step S4 forwards the online banking service data between the P0S device and the online banking server, including:
  • the proxy device receives the P0S device according to the communication requirements of the proxy device and the POS device, and the online banking data. Requiring the encrypted online banking service request, according to the communication requirements of the proxy device and the online banking server, processing the received encrypted online banking service request, and then sending the request to the online banking server;
  • the proxy device receives the response of the online banking service according to the communication requirements of the proxy device and the online banking server and the online banking data request, and responds to the received networked banking service response processing according to the communication requirements of the proxy device and the P0S device, and then sends the encrypted request to the P0S device.
  • the method further includes:
  • the P0S device receives the service authentication information input by the user, and forwards the service authentication information to the online banking server through the proxy device;
  • the online banking server determines whether the received service authentication information and the pre-stored service authentication information match according to the received service authentication information and the pre-stored service authentication information. If yes, the online banking server authenticates the user service and performs the subsequent completion of the online banking service. Step.
  • the method provided by the embodiment of the present invention further includes: the proxy device receiving the notification of the POS device, disconnecting from the POS device, and disconnecting from the online banking server.
  • the method for implementing the online banking service provided by the embodiment of the present invention is more convenient for the user to use the online banking service and simplify the function of the POS device, thereby reducing the manufacturing and maintenance costs of the POS device.
  • Embodiment 2 In order to describe the method provided by the foregoing embodiments of the present invention in detail, refer to the following embodiments: Embodiment 2
  • the device includes a POS device, a proxy device, and an online banking server. First, the functions of each device are described:
  • the device can be connected to the proxy device.
  • the manner in which the P0S device establishes a connection with the proxy device includes, but is not limited to, a USB (Universal Serial Bus) connection, a Bluetooth connection, Infrared connection.
  • USB Universal Serial Bus
  • Users can be provided with related operations of online banking services, including, but not limited to, deposits, expenses, transfers, etc.
  • the authentication function can be supported for performing security authentication.
  • the authentication includes but is not limited to the authentication of the proxy device and the authentication of the user.
  • the authentication mode includes but is not limited to: password authentication and fingerprint authentication; the authentication algorithm includes but is not limited to SHA1. SHA2, MD5, HMAC, CMAC, digital signature.
  • the data encryption and decryption specifically includes, but is not limited to, encrypting and decrypting communication data between the P0S device and the proxy device; and encrypting and decrypting the service data between the P0S device and the online banking server.
  • encryption and decryption algorithms include but are not limited to: symmetric encryption algorithms: DES, 3DES, RC2, RC5, RC6, AES; asymmetric encryption algorithms: Diff ie-Hellman RSA and Elliptic Curve Cryptography (ECC).
  • the prompting function is used to provide corresponding information of the online banking service to the user of the P0S device, and the prompting manner includes but is not limited to display such as LCD (Li quid Crystal Display). Display interface, CRT (Cathode Ray Tube, cathode ray tube display) display interface, etc., or voice prompts.
  • the input function is used to support user input and information related to the online banking service, and the input manner includes but is not limited to keyboard input, touch screen input, and fingerprint input.
  • the printing function is used for printing and outputting related information of the online banking service for the user, and the printing manner includes but is not limited to the P0S device self-contained printing module and the P0S device external printing machine.
  • the way in which the proxy device establishes a connection with the P0S device includes but is not limited to a USB connection, a Bluetooth connection, and an infrared connection.
  • wireless access to the Internet includes but is not limited to wireless LAN (WLAN) access to the Internet, based on mobile communication (such as 3G (3rd Generation, Third generation digital communication) system) implementation.
  • WLAN wireless LAN
  • mobile communication such as 3G (3rd Generation, Third generation digital communication) system
  • Support storage network information that is, information about the user's online banking stored in the device.
  • Personal identity information etc.
  • the authentication includes but is not limited to the P0S device authentication and user authentication; the authentication methods include but are not limited to: password authentication, fingerprint authentication; authentication Algorithms include, but are not limited to, SHA1, SHA2, MD5, HMA C, CMAC, digital signatures.
  • the data encryption and decryption specifically includes, but is not limited to, encrypting and decrypting communication data between the proxy device and the POS device; and encrypting and decrypting communication data between the proxy device and the online banking server.
  • the encryption and decryption algorithms include but are not limited to: symmetric encryption algorithms: DES, 3DES, RC2, RC5, RC6, AES; asymmetric encryption algorithms: Diff ie-Hel lman RSA and El l iptic Curve Cryptography (ECC).
  • the foregoing proxy device is specifically a USB device that supports wireless Internet access and supports USB KEY. Accordingly, the POS device and the USB device pass through the USB interface.
  • FIG. 3 and FIG. 4 are respectively a flowchart and a message interaction diagram of a method for implementing the online banking service according to an embodiment of the present invention, and the specific content is as follows:
  • Step 101 When the user needs to perform the online banking service, connect the USB device to the P0S device through the USB interface.
  • the USB device After the USB device is inserted into the P0S device through the USB interface, the USB device sends the device identifier to the P0S device. Accordingly, the P0S device determines whether the USB device supports the online banking service device according to the device identifier sent by the USB device. Yes, the USB device is successfully identified. Otherwise, the recognition fails.
  • the identification process, the communication data between the P0S device and the USB device may not be encrypted. Processing, in order to ensure the security and reliability of the online banking service, the communication data between the P0S device and the USB device can be encrypted.
  • the encryption algorithm includes but is not limited to a symmetric encryption algorithm: DES, 3DES, RC2, RC5 , RC6, AES; Asymmetric encryption algorithm: Diff ie-Hel lman, RSA and El l iptic Curve Cryptography (ECC).
  • Step 103 The POS device performs legality authentication on the USB device to determine whether the USB device is legal. If yes, execute step 104; otherwise, execute step 115.
  • the device After the POS device successfully identifies the USB device, the device initiates an authentication request to the USB device, and receives an authentication response returned by the USB device, and the authentication information of the USB device carried in the authentication response; determining the authentication information of the received USB device and the POS. Whether the authentication information pre-stored by the device matches, and if so, it is determined that the USB device is authenticated and is a valid USB device; otherwise, it is determined that the US B device fails to be authenticated, and is an illegal USB device.
  • the algorithm used for performing the authentication includes, but is not limited to, SHA1, SHA2, MD5, HMAC, CMAC, and digital signature. The embodiment does not impose any limitation on this.
  • Step 104 The USB device performs legality authentication on the P0S device to determine whether the P0S device is legal. If yes, execute step 105; otherwise, execute step 115.
  • the USB device After the PON device passes the USB device authentication, in order to ensure the security and reliability of the online banking service, the USB device needs to authenticate the POS device.
  • the content is as follows: The USB device initiates an authentication request to the P0S device, and receives the POS device. Returning the authentication response, the authentication information of the POS device carried in the authentication response; determining whether the authentication information of the received POS device and the authentication information pre-stored by the USB device match, and if yes, determining that the POS device passes the authentication, is legal The POS device; otherwise, it is determined that the POS device authentication failed, which is an illegal POS device.
  • the algorithm used for performing the authentication includes, but is not limited to, SHA1, SHA2, MD5, H MAC, CMAC, and digital signature. The present embodiment does not impose any limitation on this.
  • the sequence of the foregoing steps 103 and 104 may be performed in the first step of step 10 4, and then the step 103 is performed, that is, the USB device authenticates the POS device first, and then the POS device authenticates the USB device.
  • This embodiment does not impose any limitation on this.
  • the foregoing steps 103 and 104 may also be performed one by one. For example, only the USB device needs to be used for the POS device first. The authentication is performed, or only the POS device is required to authenticate the USB device. This embodiment does not impose any limitation.
  • the data used for authentication may be unencrypted, but to ensure the security and reliability of the online banking service.
  • the communication data between the P0S device and the USB device can be encrypted.
  • the encryption algorithm includes but is not limited to a symmetric encryption algorithm: DES, 3DES, RC2, R C5, RC6, AES; Asymmetric encryption algorithm: Diffie -Hel lman, RSA and El liptic Curve Cryptography (ECC).
  • Step 105 The POS device receives the user information input by the user, and forwards the user information to the USB device.
  • the USB device authenticates the user according to the user information input by the user and the user information pre-stored by the received POS device. It is determined whether the user is legal. If yes, step 106 is performed; otherwise, step 115 is performed.
  • the USB device After the mutual authentication between the POS device and the USB device is successful, the USB device sends a request to the POS device, where the request is used to request the POS device to provide user information, and accordingly, the user prompts according to the P OS device (such as display and voice prompt). And the user information is provided to the P0S device, where the user information includes, but is not limited to, user identity information such as fingerprint data information, password data information, and iris data information.
  • the embodiment preferably uses the password data information as an example: the P0S device Receiving the password data input by the user, the POS device forwards the password data to the USB device, and the USB device determines, according to the password data of the user pre-stored, whether the received password data matches the password data pre-stored by itself, and if yes, determines the user. Is a legitimate user; otherwise, the user is an illegal user.
  • the step 105 is an optional step.
  • the USB device can also perform identity authentication on the user, so as to reduce the complexity of the user operation, save the time for the user to perform the online banking service, and provide the efficiency of the online banking service.
  • Step 106 The USB device is connected to the Internet through a wireless connection, according to a preset USB device The address of the online banking server, establishes the connection between the USB device and the online banking server.
  • Step 107 The P0S device performs the first encryption on the service request sent to the online banking server according to the requirements of the online banking, and then performs the second encryption on the obtained encrypted service request according to the communication requirement between the P0S device and the USB device. And sending the second encrypted service request.
  • the P0S device side needs to send a service request to the online banking server, where the service request carries the online banking service type information (such as payment, inquiry, transfer, etc.), user account information, and the identifier of the P0S device (for example, Number, etc.) Information and so on.
  • the online banking server has its own encryption requirements for the transmitted data.
  • the POS device needs to encrypt the service request according to the online banking requirement. For the first encryption);
  • the communication between the P0S device and the USB device needs to be encrypted, and the first encrypted data needs to be encrypted again (called the second). Secondary encryption).
  • the encryption algorithm includes but is not limited to symmetric encryption algorithms: DES, 3DES, RC2, RC5, RC6, AES; asymmetric encryption algorithms: Diffie-Hellman, RSA and Elliptic Curve Cryptography (ECC).
  • the first encryption algorithm and the second encryption algorithm may be the same and may be different. This embodiment does not impose any limitation.
  • the data of the service request of the P0S device to be sent to the online banking server is A, using DES as the first encryption algorithm, and the data A1 is obtained after the first encryption; and the second encryption is performed on the data A1 (assuming the second encryption)
  • the algorithm is RSA), then the data A2 is obtained, and the data A2 is sent to the USB device.
  • Step 108 The USB device receives the service request sent by the P0S device, and performs the second decryption to obtain the second decrypted service request.
  • the USB device decrypts the data A2 by using the RSA algorithm to obtain the data A1 (that is, the data after the second decryption, that is, the data after the first encryption).
  • step 106 the USB device has been connected to the Internet through a wireless connection, and establishes a connection between the USB device and the online banking server according to the address of the online banking server preset in the USB device. Therefore, in step 109, The USB device sends the above-mentioned transported and decrypted service request to the online banking server via the Internet.
  • the obtained decrypted service request is directly sent to the online banking server via the Internet.
  • Step 110 The online banking server receives the third encrypted service request sent by the USB device, performs third decryption on the service request, and performs first decryption on the third decrypted data.
  • the online banking server uses the Diffie-Hellman algorithm to perform the third decryption to obtain Al.
  • Step 111 After receiving the service request, the online banking server returns a service response to the P0S terminal.
  • the online banking server after receiving the service request, performs the online banking service processing according to the service type and the user account information carried in the service request, for example, recording the user's service.
  • Type according to the service type, the user is required to provide real-time service authentication data for the service type to ensure the security of the online banking service performed by the user.
  • the online banking server returns a service response to the P0S terminal, and the service response is used to notify the P0S.
  • the terminal provides the real-time service authentication data of the user to the online banking server.
  • Step 112 The P0S terminal receives the service authentication data provided by the user, and forwards the service authentication data to the online banking server through the USB device, and the online banking server determines whether the received service authentication data of the user is legal according to the pre-stored service authentication data. If yes, go to step 113; otherwise, execute step 115.
  • the service authentication data provided by the user may be real-time service authentication data, for example, the network is delivered by using a short message, or may be a dynamic service authentication data, which is not limited in this embodiment.
  • the data communication between the P0S device and the USB device, and between the USB device and the online banking server are still processed by data encryption and decryption, and the method is similar to the above, and will not be described again.
  • Step 113 Providing the user with an online banking service to process the online banking service of the user.
  • the execution of the step 1 13 indicates that the online banking server has authenticated the online banking service that the user desires to perform, and accordingly, the online banking server processes the service (such as consumption, transfer, etc.) that the user desires to perform, and executes Corresponding processing, where the online banking server performs processing on the service may be similar to the manner and method supported by the prior art, and is not described in this embodiment.
  • Step 114 After the online banking service of the user is processed, the POS device notifies the USB device to disconnect from the POS device and disconnects from the Internet.
  • Step 115 Refuse to provide online banking services to users, and end.
  • the method for implementing the online banking service simplifies the function of the POS device.
  • the POS device only needs to support the online banking, and can be conveniently used in any place with wireless network coverage, and can be a commercial power supply.
  • the power supply can also be battery powered.
  • USB KEY and the wireless access function are combined in the USB device, which is more convenient for people to use the online banking in daily life.
  • USB devices In practical applications, due to the convenience of using mobile terminals (such as mobile phones), and with the advent of the 3G era of mobile terminals, the functions of the above USB devices can also be realized by mobile terminals, thereby further improving people's use. The efficiency and convenience of online banking are similar and will not be described again.
  • the proxy device provided by the embodiment of the present invention is more convenient for the user to use the online banking service and simplifies the function of the POS device, thereby reducing the manufacturing and maintenance costs of the POS device.
  • Example 3
  • an embodiment of the present invention provides a system for implementing an online banking service, where the system includes: a proxy device 501 connected to an online banking server 503 and a POS device 502, wherein the proxy device 501 uses After the connection with the POS device 502 is established, the POS device 502 is identified; after the identification is passed, the POS device 502 performs authentication; and after the authentication is passed, the wireless network access is also used according to the preset address of the online banking server 503.
  • the Internet establishes a connection with the online banking server 503. It is also used to forward the online banking service data between the POS device 502 and the online banking server 503 to implement the online banking service.
  • the system further includes an online banking server 503, configured to establish a connection with the proxy device 501, and interact with the online banking service data through the proxy device 501 and the POS device 502 to implement the online banking service.
  • an online banking server 503 configured to establish a connection with the proxy device 501, and interact with the online banking service data through the proxy device 501 and the POS device 502 to implement the online banking service.
  • the POS device 502 is further configured to receive user authentication information sent by the user, and send the information to the proxy device 501;
  • the proxy device 501 is further configured to receive user authentication information sent by the POS device 502, and authenticate the user according to the user authentication information pre-stored and the received user authentication information.
  • the online banking server 503 is specifically configured to establish a connection with the proxy device 501; receive the online banking service request sent by the POS device 502 forwarded by the proxy device 501; and send the online banking service response to the POS device 502 through the proxy device 501.
  • the POS device 502 is further configured to receive the service authentication information input by the user, and forward the service authentication information to the online banking server 503 through the proxy device 501;
  • the online banking server 503 is further configured to receive the service authentication information forwarded by the proxy device 501, and authenticate the user service according to the received service authentication information and the pre-stored service authentication information, for example, The online banking server 503 authenticates the user service by determining whether the received service authentication information and the pre-stored service authentication information match to achieve the authentication of the user service.
  • the POS device 502 is further configured to send a notification message to the proxy device 501;
  • the system for implementing the online banking service provided by the embodiment of the present invention is more convenient for the user to use the online banking service and simplify the function of the POS device, thereby reducing the manufacturing and maintenance costs of the POS device.
  • Example 4
  • an embodiment of the present invention provides a proxy device, where the proxy device includes:
  • the identification module 602 is configured to: after establishing the connection with the POS device, identify with the POS device; and the authentication module 603 is configured to perform authentication with the POS device after the identification is passed;
  • the specific implementation may be that the proxy device establishes a connection with the online banking server by wirelessly accessing the Internet according to the address of the preset online banking server.
  • the service module 605 is configured to forward the online banking service data between the P0S device and the online banking server to implement the online banking service.
  • the proxy device further includes:
  • the user authentication module is configured to receive user authentication information sent by the POS device, and authenticate the user according to the user authentication information pre-stored by the user.
  • the service module 605 includes:
  • the receiving unit is configured to receive an online banking service request sent by the POS device, and is further configured to receive an online banking service response sent by the online banking server;
  • the sending unit is configured to send the online banking service request to the online banking server, and is further configured to send the online banking service response to the POS device.
  • the proxy device when the online banking business is completed, the proxy device also includes:
  • the disconnection module is configured to receive the notification of the POS device, disconnect the connection with the POS device according to the notification, and disconnect the connection with the online banking server.
  • the proxy device establishes a connection with the online banking server through the wireless access to the Internet, thereby realizing the online banking service data of the online banking server and the POS device, facilitating the user to use the online banking service, and simplifying the function of the POS device. Thereby reducing the manufacturing and maintenance costs for the POS device.
  • Example 5
  • the embodiment of the present invention provides a POS device, where the POS device includes:
  • the establishing module 701 is configured to establish a connection with the proxy device.
  • the identification module 702 is configured to: after establishing the connection with the proxy device, identify with the proxy device; the authentication module 703, configured to perform authentication after the identification is passed, and the proxy device;
  • the service module 704 is configured to perform online banking service data interaction between the proxy device and the online banking server after the authentication is passed, and implement the online banking service, wherein the proxy device establishes a connection with the online banking server through wireless access to the Internet, and implements the online banking service.
  • the P0S device also includes:
  • a processing module configured to: after the proxy device passes the authentication, receive the user authentication information input by the user; forward the user authentication information to the proxy device; and the user authentication information is used by the proxy device according to the user authentication information sent by the POS device, and the user pre-stored by the proxy device Authentication information, authenticate the user.
  • the service module 704 further includes: a service authentication forwarding unit, configured to receive the service authentication information input by the user, and forward the service authentication information to the online banking server through the proxy device;
  • the service authentication information enables the online banking server to authenticate the user service according to the received service authentication information and the pre-stored service authentication information.
  • the POS device further includes: an encryption and decryption module, configured to encrypt the transmitted data according to the communication requirement with the proxy device; and decrypt the received data. Specifically, it is used to: according to the communication requirement with the proxy device, when the identification module and the proxy device identify, encrypt the data sent to the proxy device and decrypt the data returned by the received proxy device; and also be used according to the proxy device Communication requirements, when the authentication module and the proxy device perform authentication, encrypt data sent to the proxy device and decrypt data returned by the received proxy device; also used to communicate with the proxy device according to the request, when the service module passes the proxy device When the online banking server interacts with the online banking service data, the online banking service data sent to the proxy device is encrypted, and the online banking service data returned by the receiving proxy device is decrypted.
  • an encryption and decryption module configured to encrypt the transmitted data according to the communication requirement with the proxy device
  • decrypt the received data is used to: according to the communication requirement with the proxy device, when the identification module and the
  • the P0S device further includes:
  • the notification module is configured to send a notification to the proxy device, where the notification is used to instruct the proxy device to disconnect from the POS device, and disconnect the connection with the online banking server.
  • the POS device provided by the embodiment of the present invention, because the proxy device establishes a connection with the online banking server based on the wireless access Internet, thereby forwarding the POS device and the online banking service through the proxy device.
  • the online banking service data of the server is more convenient for users to use the online banking service, and the functions of the POS device are simplified, thereby reducing the manufacturing and maintenance costs of the POS device.
  • an embodiment of the present invention provides an online banking server, where the online banking server includes:
  • the service module 802 is configured to perform online banking service data interaction through the proxy device and the POS device to implement the online banking service.
  • the service module 802 includes:
  • a receiving unit configured to receive an online banking service request sent by the POS device forwarded by the proxy device
  • a sending unit configured to send the online banking service response to the POS device by using the proxy device
  • the service module 802 further includes: an encryption and decryption unit, configured to decrypt the online banking service request according to the requirements of the online banking data service, and encrypt the online banking service response.
  • the online banking server further includes: an encryption and decryption module for encrypting the transmitted data according to the communication requirements with the proxy device; and decrypting the received data. Specifically, it is used to: encrypt the online banking service data sent by the service module to the POS device through the proxy device according to the communication requirement with the proxy device, and decrypt the online banking service data sent by the service module through the POS device received by the proxy device.
  • the business module 802 of the online banking server further includes:
  • the service authentication unit is configured to receive the service authentication information input by the user that is forwarded by the POS device through the proxy device, and authenticate the user service according to the pre-stored service authentication information and the received service authentication information, for example, by determining the received service authentication. Whether the information and the pre-stored service authentication information match to implement authentication of the user service. If they match, the online banking server performs the user service. Certification passed.
  • the online banking server provided by the embodiment of the present invention is configured to facilitate the use of the online banking service by the user, by using the proxy device to forward the online banking service data of the online banking server and the POS device. Simplify the functionality of the POS device, thereby reducing manufacturing and maintenance costs for the POS device.
  • receiving in the embodiment of the present invention may be understood as actively acquiring information from other modules or receiving information sent by other modules.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Data Mining & Analysis (AREA)
  • Operations Research (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Child & Adolescent Psychology (AREA)
  • General Health & Medical Sciences (AREA)
  • Primary Health Care (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Description

本申请要求 2009年 2月 9日提交中国专利局、 申请号为 200910008838. 4, 发明名称为 "一种实现网银业务的方法、 系统和设备" 的中国专利申请的优 先权, 其全部内容通过引用结合在本申请中。
技术领域
本发明涉及通信领域, 特别涉及一种实现网银业务的方法、 系统和设备。 背景技术
随着通信技术的快速发展, 网络银行给人们带来了越来越高效和便捷的 服务, 在日常的生活中, 人们通过使用商家提供的 POS (Point Of Sale,销售 终端)设备, 便可以实现与网银服务器的互联, 从而实现快捷而方便的网络银 行服务, 其中, 常见的 P0S设备包括: 有线连接和无线连接两类, 发明人在实 现本发明的过程中, 发现上述现有技术至少存在以下缺点和不足: 有线连接 是通过物理线路实现 P0S设备和网络银行专用网络的连接, 这种连接方式极大 的限制 P0S设备的使用场合和范围, 并且 P0S设备的制造、 部署和维护的成本 费用都比较高; 而无线连接是通过网银专用无线网络将 P0S设备接入到银行服 务器, 实现网络银行服务的, 这种无线连接的 P0S设备既需要具有银行业务的 功能又需要具有无线通信的功能, P0S设备的功能复杂,制造和维护成本更高。
发明内容
为了方便用户使用网银业务, 简化 P0S设备的功能从而降低对 P0S设备的 制造和维护成本, 本发明实施例提供了一种实现网银业务的方法、 系统和设 备。 所述技术方案如下:
一方面, 本发明实施例提供了一种实现网银业务的方法, 所述方法包括: 当代理设备建立和销售终端 P0S设备的连接后, 所述代理设备和所述 P0S 设备进行识别;
当识别通过后, 所述代理设备和所述 P0S设备进行认证;
当认证通过后, 所述代理设备通过无线接入互联网建立与网银服务器的 连接;
所述代理设备转发所述 P0S设备和所述网银服务器之间的网银业务数据, 实现网银业务。
另一方面, 本发明实施例提供了一种实现网银业务的系统, 所述系统包 括: 和网银服务器以及 P0S设备相连的代理设备,
所述代理设备, 用于建立和所述 P0S设备的连接后, 和所述 P0S设备进行 识别; 当识别通过后, 和所述 P0S设备进行认证; 当认证通过后, 还用于根据 预设的网银服务器的地址, 无线接入互联网建立与所述网银服务器的连接; 还用于转发所述 P0S设备和所述网银服务器之间的网银业务数据, 实现网银业 再一方面, 本发明实施例还提供了一种代理设备, 所述代理设备包括: 建立模块, 用于建立和 P0S设备的连接;
识别模块, 用于当建立和所述 P0S设备的连接后, 和所述 P0S设备进行识 别;
认证模块, 用于当识别通过后, 和所述 P0S设备进行认证;
连接模块, 用于当认证通过后, 通过无线接入互联网建立与所述网银服 务器的连接;
业务模块, 用于转发所述 P0S设备和所述网银服务器之间的网银业务数 据, 实现网银业务。 再一方面, 本发明实施例还提供了一种 POS设备, 所述 P0S设备包括: 建立模块, 用于和代理设备建立连接;
识别模块, 用于当建立和所述代理设备的连接后, 和所述代理设备进行 识别;
认证模块, 用于当识别通过后, 和所述代理设备进行认证;
业务模块, 用于当认证通过后, 通过所述代理设备和网银服务器进行网 银业务数据交互, 实现网银业务, 其中, 所述代理设备通过无线接入互联网, 建立和所述网银服务器的连接。
再一方面, 本发明实施例还提供了一种网银服务器, 所述网银服务器包 括:
建立模块, 用于和代理设备通过互联网建立连接;
业务模块, 用于通过所述代理设备和 P0S设备进行网银业务数据交互, 实 现网银业务。
本发明实施例提供的技术方案的有益效果是:
代理设备基于无线接入互联网建立与网银服务器连接后, 通过该代理设 备转发 P0S设备和网银服务器之间的网银业务数据, 更加方便用户使用网银业 务, 并且简化 P0S设备的功能, 从而降低对 P0S设备的制造和维护成本。 附图说明
此处所说明的附图用来提供对本发明的进一歩理解, 构成本申请的一部 分, 并不构成对本发明的限定。 在附图中:
图 1是本发明实施例 1提供的实现网银业务的方法的流程示意图。
图 2是本发明实施例 2提供的实现网银业务的组网示意图。
图 3是本发明实施例 2提供的实现网银业务的方法的流程示意图。
图 4是本发明实施例 2提供的实现网银业务的方法的信息交互示意图。 图 5是本发明实施例 3提供的实现网银业务的系统组成示意图。 图 6是本发明实施例 4提供的代理设备的结构示意图。
图 7是本发明实施例 5提供的 P0S设备的结构示意图。
图 8是本发明实施例 6提供的网银服务器的结构示意图。 具体实施方式
为使本发明的目的、 技术方案和优点更加清楚, 下面结合附图对本发明 的具体实施例进行详细说明。 在此, 本发明的示意性实施例及其说明用于解 释本发明, 但并不作为对本发明的限定。
实施例 1
为了方便用户使用网银业务, 简化 P0S设备的功能从而降低对 P0S设备 的制造和维护成本,本发明实施例提供了一种实现网银业务的方法,参见图 1, 该方法内容如下: 当用户需要进行网银业务时, 方法包括:
51:当代理设备建立和 P0S设备的连接后,代理设备和 P0S设备进行识别;
52:当识别通过后, 代理设备和 P0S设备进行认证;
S3 :当认证通过后, 代理设备通过无线接入互联网建立与网银服务器的连 接;
其中, 代理设备通过无线接入互联网建立与网银服务器的连接时, 具体 实现可以采用代理设备根据预设的网银服务器的地址, 通过无线接入互联网 建立与网银服务器的连接的方式。
S4 :代理设备转发 P0S设备和网银服务器之间的网银业务数据, 实现网银 业务。
其中, 歩骤 S1所涉及的代理设备和 P0S设备识别, 包括:
代理设备对 P0S设备识别, 和 /或, P0S设备对代理设备识别。 其中, 代 理设备对 P0S设备识别,包括: P0S设备向代理设备发送 P0S设备的设备标识, 代理设备根据接收的设备标识, 对 P0S设备进行识别; P0S设备对代理设备识 别, 包括: 代理设备向 P0S设备发送代理设备的设备标识, P0S设备根据接收 的设备标识, 对代理设备进行识别。
其中, 歩骤 S2所涉及的代理设备和 P0S设备进行认证, 包括:
代理设备对 P0S设备认证, 和 /或, P0S设备对代理设备认证。 其中, 代 理设备对 P0S设备认证, 包括:
代理设备接收 P0S 设备发送的认证信息, 根据自身预设的认证信息, 判 断接收的认证信息和自身预设的认证信息是否匹配, 如果是, 则代理设备对 P OS设备认证通过;
P0S设备对代理设备认证, 包括:
P0S设备接收代理设备发送的认证信息, 跟自身预存的认证信息, 判断接 收的认证信息和自身预存的认证信息是否匹配, 如果是, 则 P0S 设备对代理 设备认证通过。
进一歩地, 上述认证信息, 具体为: 加密后的认证信息, 相应地, 判断 接收的认证信息和自身预设的认证信息是否匹配之前, 还包括: 对加密后的 认证信息进行解密。
进一歩地, 当认证通过后,本发明实施例提供的方法还包括: P0S设备接 收用户发送的用户认证信息, 将用户认证信息发送给代理设备;
代理设备接收 P0S 设备发送的用户认证信息, 根据自身预存的用户认证 信息, 对用户进行认证; 相应地, 当代理设备对用户认证通过后, 代理设备 转发 P0S 设备和网银服务器之间的网银业务数据。 其中, 代理设备对用户认 证, 包括:
代理设备接收 P0S 设备发送的用户认证信息, 根据自身预存的用户认证 信息, 判断 P0S设备发送的用户认证信息和自身预存的用户认证信息是否匹 配, 如果是, 则代理设备对用户认证通过。
其中, 上述歩骤 S4所涉的代理设备转发 P0S设备和网银服务器之间的网 银业务数据, 包括:
代理设备接收 P0S设备根据代理设备和 P0S设备通信要求以及网银数据 要求加密后的网银业务请求, 根据代理设备和网银服务器通信要求, 对接收 的加密后的网银业务请求处理后, 发送给网银服务器;
代理设备接收网银服务器根据代理设备和网银服务器通信要求以及网银 数据要求加密后的网银业务响应, 根据代理设备和 P0S 设备通信要求, 对接 收的加密后的网银业务响应处理后, 发送给 P0S设备。
进一歩地, 当网银服务器收到网银业务请求后, 方法还包括:
P0S设备接收用户输入的业务认证信息,将业务认证信息通过代理设备转 发到网银服务器;
网银服务器根据接收的业务认证信息, 自身预存的业务认证信息, 判断 接收的业务认证信息和预存的业务认证信息是否匹配, 如果是, 则网银服务 器对用户业务认证通过, 执行后续完成网银业务的歩骤。
进一歩, 当网银业务完成后, 本发明实施例提供的方法还包括: 代理设备接收 P0S设备的通知, 断开与 P0S设备的连接, 且断开与网银 服务器的连接。
本发明实施例提供的实现网银业务的方法, 通过本发明实施例提供的代 理设备, 更加方便用户使用网银业务, 并且简化 P0S 设备的功能, 从而降低 对 P0S设备的制造和维护成本。
为了对上述本发明实施例提供的方法进行详细说明, 请参见如下实施例: 实施例 2
参见图 2, 为本发明实施例提供的实现网银业务的组网示意图, 如图 2所 示, 包括 P0S设备、 代理设备、 网银服务器; 首先对各设备所具有的功能进 行说明:
一、 P0S设备
1、 可与代理设备相连, 其中, P0S设备与代理设备建立连接的方式包括 但不限于 USB (Universal Serial Bus,通用串行总线接口)连接、蓝牙连接、 红外连接。
2、 可为用户提供网银业务的相关操作, 其中, 相关操作包括但不限于存 入、 支出、 转账等。
3、 可支持认证功能, 用于进行安全认证, 其中, 认证包括但不限于对代 理设备认证、 对用户认证; 认证方式包括但不限于: 密码认证、 指紋认证; 认证算法包括但不限于 SHA1、 SHA2、 MD5、 HMAC、 CMAC、 数字签名。
4、 可支持数据加解密功能, 用于对数据的加解密。 数据加解密具体包括 但不限于对 P0S设备和代理设备之间的通信数据进行加解密; 对 P0S设备和 网银服务器之间的业务数据进行加解密。 其中, 加解密算法包括但不限于: 对称加密算法: DES、 3DES、 RC2、 RC5、 RC6、 AES; 非对称加密算法: Diff ie-Hellman RSA禾口 Elliptic Curve Cryptography (ECC)。
5、 支持提示、 输入、 打印等基本功能, 其中, 提示功能用于向 P0S设备 的使用者提供网银业务的相应信息, 提示的方式包括但不限于显示如 LCD (Li quid Crystal Display, 液晶显示器)显示界面、 CRT (Cathode Ray Tube, 阴 极射线管的显示器)显示界面等、 或语音提示。 其中, 输入功能用于支持用户 输入与实现网银业务相关的信息, 输入的方式包括但不限于键盘输入、 触摸 屏输入、 指紋输入。 其中, 打印功能用于为用户打印输出所进行的网银业务 的相关信息, 打印方式包括但不限于 P0S设备自带打印模块、 P0S设备外接打 印机。
二、 代理设备
1、 可与 P0S设备相连, 其中, 代理设备与 P0S设备建立连接的方式包括 但不限于 USB连接、 蓝牙连接、 红外连接。
2、 支持无线接入互联网 Internet , 支持网络通信, 其中, 无线接入互联 网的方式包括但不限于基于无线局域网(Wireless LAN, 简称 WLAN)接入互联 网,基于移动通信移动(如 3G (3rd Generation,第三代数字通信)系统)实现。
3、 支持存储网银相关信息, 即设备中存储有用户的网银的相关信息、 个 人身份信息等。
4、 可支持认证功能, 具有智能密钥 USBKEY功能, 用于进行安全认证, 其中, 认证包括但不限于对 P0S 设备认证、 对用户认证; 认证方式包括但不 限于: 密码认证、 指紋认证; 认证算法包括但不限于 SHA1、 SHA2、 MD5、 HMA C、 CMAC、 数字签名。
5、 可支持数据加解密功能, 用于对数据的加解密。 数据加解密具体包括 但不限于对代理设备和 P0S 设备之间的通信数据进行加解密; 对代理设备和 网银服务器之间的通信数据进行加解密。 其中, 加解密算法包括但不限于: 对称加密算法: DES、 3DES、 RC2、 RC5、 RC6、 AES; 非对称加密算法: Diff ie-Hel lman RSA禾口 El l iptic Curve Cryptography (ECC)。
三、 网银服务器
为用户提供网银业务服务。
基于上述图 2所示场景, 本发明实施例为了便于描述, 以上述代理设备 具体为支持无线互联网的接入且支持 USB KEY的 USB设备为例, 相应地, P0S 设备与该 USB设备通过 USB接口实现连接的建立, 参见图 3和图 4, 分别为本 发明实施例提供的实现网银业务的方法流程图和信息交互示意图, 具体内容 如下:
歩骤 101 : 当用户需要进行网银业务时, 将 USB设备通过 USB接口连接到 P0S设备。
歩骤 102: P0S设备对连接的 USB设备进行识别, 判断 USB设备是否为支 持网银业务设备, 如果是, 则执行歩骤 103; 否则, 执行歩骤 115。
其中, 当 USB设备通过 USB接口插入到 P0S设备后, USB设备会向该 P0S 设备发送设备标识, 相应地, P0S设备根据 USB设备发送的设备标识, 判定该 USB设备是否为支持网银业务设备,如果是,则对该 USB设备识别成功,否则, 识别失败。
其中, 该识别过程, P0S设备和 USB设备之间的通信数据可以不进行加密 处理, 为了确保网银服务的安全性和可靠性, P0S设备和 USB设备之间的通信 数据可以进行加密处理, 如前文所述, 加密算法包括但不限于对称加密算法: DES、 3DES、 RC2、 RC5、 RC6、 AES; 非对称加密算法: Diff ie-Hel lman, RSA 禾口 El l iptic Curve Cryptography (ECC)。
歩骤 103: POS设备对 USB设备进行合法性认证,判断 USB设备是否合法, 如果是, 则执行歩骤 104; 否则, 执行歩骤 115。
其中, 当 P0S设备对 USB设备识别成功后, 向 USB设备发起认证请求, 接收 USB设备返回的认证响应, 该认证响应中携带的该 USB设备的认证信息; 判断接收的 USB设备的认证信息和 P0S设备自身预存的认证信息是否匹配, 如果是, 则判定该 USB设备认证通过, 是合法的 USB设备; 否则, 判定该 US B设备认证失败, 是非法的 USB设备。 其中, 如前文所述, 用于进行认证所使 用的算法包括但不限于 SHA1、 SHA2、 MD5、 HMAC、 CMAC、 数字签名, 本实施例 对此不做任何限制。
歩骤 104: USB设备对 P0S设备进行合法性认证, 判断 P0S设备是否合 法, 如果是, 则执行歩骤 105; 否则, 执行歩骤 115。
其中, 当 P0S设备对 USB设备认证通过后, 为了进一歩确保网银服务的 安全性和可靠性, USB设备需要对 P0S设备进行认证, 内容如下: USB设备向 P0S设备进行发起认证请求, 接收 P0S设备返回的认证响应, 该认证响应中携 带的该 P0S设备的认证信息; 判断接收的 P0S设备的认证信息和 USB设备自 身预存的认证信息是否匹配, 如果是, 则判定该 P0S 设备认证通过, 是合法 的 P0S设备; 否则, 判定该 P0S设备认证失败, 是非法的 P0S设备。 其中, 如前文所述, 用于进行认证所使用的算法包括但不限于 SHA1、 SHA2、 MD5、 H MAC, CMAC、 数字签名, 本实施例对此不做任何限制。
其中, 上述歩骤 103和歩骤 104执行的先后顺序也可以为先执行歩骤 10 4, 再执行歩骤 103, 即 USB设备先对 P0S设备进行认证, 然后 P0S设备再对 USB设备进行认证, 本实施例对此不做任何限制。 其中, 在实际应用中, 对网银服务的安全性和可靠性要求不是很高的场 合, 上述歩骤 103和歩骤 104, 也可以任选其一执行, 例如, 只需要 USB设备 先对 P0S设备进行认证, 或, 只需要 P0S设备对 USB设备进行认证, 本实施 例对此不做任何限制。
其中, 上述歩骤 103和歩骤 104所涉及的认证过程中, USB设备和 P0S设 备通信时对所交互的用于进行认证的数据可以进行不加密, 但为了确保网银 服务的安全性和可靠性, P0S设备和 USB设备之间的通信数据可以进行加密处 理, 如前文所述, 加密算法包括但不限于对称加密算法: DES、 3DES、 RC2、 R C5、 RC6、 AES; 非对称加密算法: Diffie-Hel lman, RSA和 El liptic Curve Cryptography (ECC)。
歩骤 105: POS设备接收用户输入的用户信息, 将该用户信息转发给 USB 设备, USB设备根据接收的 P0S设备转发的用户输入的用户信息, 以及自身预 存的用户信息, 对用户进行身份认证, 判断该用户是否合法, 如果是, 则执 行歩骤 106; 否则, 执行歩骤 115。
其中, 当上述 P0S设备和 USB设备相互认证成功后, USB设备向 P0S设 备向发送请求, 该请求用于要求 P0S设备提供用户信息, 相应地, 用户根据 P OS设备的提示(如显示、 语音提示等) , 将自身的用户信息提供给 P0S设备, 其中, 用户信息包括但不限于指紋数据信息、 密码数据信息、 虹膜数据信息 等用户身份信息; 本实施例优选以密码数据信息为例: P0S设备接收用户输入 的密码数据, P0S设备将该密码数据转发给 USB设备, USB设备根据自身预存 的用户的密码数据, 判断接收的密码数据和自身预存的密码数据是否匹配, 如果是, 则判定该用户是合法用户; 否则, 该用户为非法用户。
其中, 该歩骤 105为可选歩骤, 在实际应用中, 该 USB设备还可以不对 用户进行身份认证, 以减少用户操作的复杂度, 节省用户进行网银业务的时 间, 提供网银业务的效率。
歩骤 106: USB设备通过无线连接, 接入互联网中, 根据预设在 USB设备 中的网银服务器的地址, 建立 USB设备与网银服务器的连接。
歩骤 107: P0S设备根据网银要求, 对待发送到网银服务器的业务请求进 行第一加密, 再根据 P0S设备和 USB设备之间的通信要求, 对得到的加密后 的业务请求再进行第二加密, 并发送第二加密后的业务请求。
其中, 为了进行网银业务, P0S设备侧需要向网银服务器发送业务请求, 其中, 该业务请求中携带网银业务类型信息 (例如交款、 查询、 转账等) 、 用户帐号信息、 P0S设备的标识(如编号等)信息等等。 由于在进行网银业务 时, 为了确保网银服务的安全性和可靠性, 网银服务器对传输的数据有自身 的加密要求, 此时, 需要 P0S设备根据该网银要求, 对待发送到业务请求进 行加密(称为第一次加密) ; 为了确保网银服务的安全性和可靠性, P0S设备 和 USB设备之间的通信要需要进行加密, 则需要对上述经过第一加密后的数 据再次加密 (称为第二次加密) 。 其中, 如前文所述, 加密算法包括但不限 于对称加密算法: DES、 3DES、 RC2、 RC5、 RC6、 AES; 非对称加密算法: Diff ie-Hellman, RSA和 Elliptic Curve Cryptography (ECC)。 第一次加密算法 和第二次加密算法可以相同, 可以不同, 本实施例对此不做任何限制。 例如, P0S设备待发送到网银服务器的业务请求的数据为 A, 利用 DES作为第一次加 密算法, 第一次加密后得到数据 A1 ; 再对数据 A1进行第二次加密(假设第二 次加密算法为 RSA) , 则得到数据 A2, 将数据 A2发送到 USB设备。
歩骤 108: USB设备接收 P0S设备发送的业务请求, 进行第二解密得到经 过第二解密后的业务请求。
其中, 仍以上述示例, USB设备接收到数据 A2后, 利用 RSA算法, 对该 数据 A2进行解密, 得到数据 A1 (即经过第二解密后的数据, 也即经过第一加 密后的数据) 。
歩骤 109: USB设备将上述经过第二解密后的业务请求, 根据 USB设备与 网银服务器的通信要求, 进行第三加密, 然后将经过第三加密后的业务请求 经过互联网, 发送到网银服务器。 其中, 仍以上述示例, USB设备接收到数据 A1后, 利用 Diffie-Hellman 算法, 进行第三加密, 得到 A3,发送 A3。
其中, 在歩骤 106中 USB设备已经通过无线连接, 接入互联网中, 并根 据预设在 USB设备中的网银服务器的地址, 建立 USB设备与网银服务器的连 接, 所以, 该歩骤 109中, USB设备将上述经过传输解密后的业务请求经过互 联网, 发送到网银服务器。
进一歩地, 如果 USB设备与网银服务器不存在传输加密的需求时, 则将 得到的传输解密后的业务请求, 直接通过互联网发送到网银服务器。
歩骤 110: 网银服务器接收 USB设备发送的经过第三加密的业务请求, 对 该业务请求进行第三解密, 再对进行了第三解密后的数据进行第一解密。
其中, 仍以上述示例, 网银服务器收到 A3后, 利用 Diffie-Hellman算 法, 进行第三解密, 得到 Al。
歩骤 111 : 网银服务器收到业务请求后, 向 P0S终端返回业务响应。
其中, 本实施例为了进一歩提高网银业务的安全性和可靠性, 网银服务 器收到业务请求后, 根据业务请求中携带的业务类型、 用户帐号等信息, 进 行网银业务处理, 例如记录用户的业务类型, 根据业务类型要求用户提供进 行该业务类型的实时业务认证数据, 以确保用户所进行的网银业务的安全性, 则相应地, 网银服务器向 P0S 终端返回业务响应, 该业务响应用于通知 P0S 终端将用户的实时业务认证数据提供给网银服务器。
其中, 上述网银服务器向 P0S终端返回业务响应时, 如图 4所示, 网银 服务器和 USB设备之间、 以及 USB设备与 P0S设备之间仍分别需要进行数据 加解密处理, 方法与上述类似, 不再赘述。
歩骤 112: P0S终端接收用户提供的业务认证数据, 通过 USB设备将该业 务认证数据转发给网银服务器, 网银服务器根据自身预存的业务认证数据, 判断接收的该用户的业务认证数据是否合法,如果是,则执行歩骤 113;否则, 执行歩骤 115。 其中, 用户所提供的业务认证数据, 可以为实时业务认证数据, 例如, 网络以通过短信的形式下发的, 或者, 还可以为动态业务认证数据, 本实施 例对此不做任何限制。
其中, P0S设备和 USB设备之间、 USB设备和网银服务器之间的数据通信 仍分别采用数据加解密处理, 方法与上述类似, 不再赘述。
歩骤 113: 为该用户提供网银服务, 处理该用户的网银业务。
其中, 执行到该歩骤 1 13表示网银服务器已经对该用户所期望进行的网 银业务认证通过, 则相应地, 网银服务器对该用户所希望执行的业务 (如消 费、 转账等) 进行处理, 执行相应的处理, 其中, 网银服务器对业务执行处 理可以与现有技术所支持方式和方法类似, 本实施例不做赘述。
歩骤 114; 当该用户的网银业务处理完毕后, P0S设备通知 USB设备断开 与 P0S设备的连接, 且断开与互联网的连接。
至此, 用户实现本次网银业务。
歩骤 115: 拒绝为用户提供网银服务, 结束。
综上所述, 本发明实施例提供的实现网银业务的方法, 简化了 P0S设备 的功能, P0S设备只需要支持网银即可, 可以非常方便的在任何有无线网络覆 盖地方使用, 可以是市电供电也可以是电池供电。
通过将本发明实施例提供的 USB设备, 在该 USB设备中将 USB KEY和无 线接入功能结合起来, 更加方便人们在日常生活中对网银的使用。
在实际应用中, 由于移动终端 (如手机) 使用的便捷性, 以及随着移动 终端的 3G时代的到来, 上述 USB设备所具有的功能, 还可以通过移动终端来 实现, 从而更加提高人们的使用网银的高效性和便捷性, 方法类似, 不再赘 述。
本发明实施例提供的实现网银业务的方法, 通过本发明实施例提供的代 理设备, 更加方便用户使用网银业务, 并且简化 P0S 设备的功能, 从而降低 对 P0S设备的制造和维护成本。 实施例 3
参见图 5, 与上述方法的实施例相应, 本发明实施例提供了一种实现网银 业务的系统, 系统包括: 和网银服务器 503以及 P0S设备 502相连的代理设 备 501, 其中, 代理设备 501, 用于建立和 P0S设备 502的连接后, 和 P0S设 备 502进行识别; 当识别通过后, 和 P0S设备 502进行认证; 当认证通过后, 还用于根据预设的网银服务器 503 的地址, 无线接入互联网建立与网银服务 器 503的连接; 还用于转发 P0S设备 502和网银服务器 503之间的网银业务 数据, 实现网银业务。
其中, 该系统还包括 P0S设备 502, 用于和代理设备 501建立连接, 和代 理设备 501进行识别, 当识别通过后, 和代理设备 501进行认证, 当认证通 过后, 通过代理设备 501和网银服务器 503进行网银业务数据交互, 实现网 银业务;
其中, 该系统还包括网银服务器 503, 用于和代理设备 501建立连接, 通 过代理设备 501和 P0S设备 502进行网银业务数据交互, 实现网银业务。
进一歩地, 当代理设备 501和 P0S设备 502认证通过后, P0S设备 502还 用于接收用户发送的用户认证信息, 将信息发送给代理设备 501 ;
代理设备 501还用于接收 P0S设备 502发送的用户认证信息, 根据自身 预存的用户认证信息以及接收的用户认证信息, 对用户进行认证。
其中, 网银服务器 503具体用于和代理设备 501建立连接; 接收代理设 备 501转发的 P0S设备 502发送的网银业务请求; 并通过代理设备 501向 P0 S设备 502发送网银业务响应。
进一歩地, P0S设备 502还用于接收用户输入的业务认证信息, 将业务认 证信息通过代理设备 501转发到网银服务器 503 ;
网银服务器 503还用于接收代理设备 501转发的业务认证信息, 根据接 收的业务认证信息, 自身预存的业务认证信息, 对用户业务进行认证, 例如, 通过判断接收的业务认证信息和预存的业务认证信息是否匹配为实现对用户 业务的认证, 其中, 如果匹配, 则网银服务器 503对用户业务认证通过。
进一歩地, 当网银业务实现后, P0S设备 502还用于向代理设备 501发送 通知消息;
代理设备 501还用于根据通知消息断开与 P0S设备 502的连接, 且断开 与网银服务器 503的连接。
本发明实施例提供的实现网银业务的系统, 通过本发明实施例提供的代 理设备, 更加方便用户使用网银业务, 并且简化 P0S 设备的功能, 从而降低 对 P0S设备的制造和维护成本。 实施例 4
参见图 6, 与上述方法实施例以及系统实施例相应, 本发明实施例提供了 一种代理设备, 代理设备包括:
建立模块 601, 用于建立和 P0S设备的连接;
识别模块 602, 用于当建立和 P0S设备的连接后, 和 P0S设备进行识别; 认证模块 603, 用于当识别通过后, 和 P0S设备进行认证;
连接模块 604, 用于当认证通过后, 通过无线接入互联网建立与网银服务 器的连接;
其中, 在通过无线接入互联网建立与网银服务器的连接时, 具体实现可 以才为代理设备根据预设的网银服务器的地址, 通过无线接入互联网建立与 网银服务器的连接。
业务模块 605, 用于转发 P0S设备和网银服务器之间的网银业务数据, 实 现网银业务。
进一歩地, 当和 P0S设备认证通过, 代理设备还包括:
用户认证模块, 用于接收所述 P0S设备发送的用户认证信息, 根据自身 预存的用户认证信息, 对所述用户进行认证。 其中, 业务模块 605包括:
接收单元, 用于接收 P0S设备发送的网银业务请求, 还用于接收网银服 务器发送的网银业务响应;
发送单元, 用于将网银业务请求发送给网银服务器, 还用于将网银业务 响应发送给 P0S设备。
进一歩地,为了增加网银业务的安全性和可靠性,业务模块 605,还包括: 加解密单元, 用于根据通信要求, 对接收单元接收的数据进行解密后, 再进行加密;
相应地, 发送单元, 用于发送加解密单元加密后的数据。
进一歩地, 当网银业务完成后, 代理设备还包括:
断开模块, 用于接收 P0S设备的通知, 根据通知, 断开与 P0S设备的连 接, , 且断开与网银服务器的连接。
本发明实施例提供的代理设备, 该代理设备通过无线接入互联网与网银 服务器建立连接, 从而实现转发网银服务器和 P0S设备的网银业务数据, 更 加方便用户使用网银业务, 并且简化 P0S设备的功能, 从而降低对 P0S设备 的制造和维护成本。 实施例 5
参见图 7, 与上述方法实施例以及系统实施例相应, 本发明实施例提供了 一种 P0S设备, P0S设备包括:
建立模块 701, 用于和代理设备建立连接;
识别模块 702, 用于当建立和代理设备的连接后, 和代理设备进行识别; 认证模块 703, 用于当识别通过后, 和代理设备进行认证;
业务模块 704, 用于当认证通过后, 通过代理设备和网银服务器进行网银 业务数据交互, 实现网银业务, 其中, 代理设备通过无线接入互联网, 建立 和网银服务器的连接, 实现网银业务。 进一歩地, P0S设备还包括:
处理模块, 用于当和代理设备认证通过后, 接收用户输入的用户认证信 息; 将用户认证信息转发给代理设备; 用户认证信息用于代理设备根据 P0S 设备发送的用户认证信息, 自身预存的用户认证信息, 对用户进行认证。
进一歩地, 为了提高网银业务的安全性和可靠性, 业务模块 704还包括: 业务认证转发单元, 用于接收用户输入的业务认证信息, 将业务认证信 息通过代理设备转发到网银服务器; 其中, 该业务认证信息使得网银服务器 根据接收的业务认证信息、 自身预存的业务认证信息, 对用户业务进行认证。
进一歩地, 为了提高网银业务的安全性和可靠性, 业务模块 704还包括: 加解密单元, 用于根据网银数据业务的要求, 对网银业务请求进行加密, 对网银业务响应进行解密。
进一歩地, 为了提高网银业务的安全性和可靠性, P0S设备还包括: 加解密模块, 用于根据和代理设备通信要求, 对发送的数据进行加密; 并对接收的数据进行解密。 具体为: 用于根据和代理设备通信要求, 当识别 模块和代理设备进行识别时, 对向代理设备发送的数据进行加密以及对接收 的代理设备返回的数据进行解密; 还用于根据和代理设备通信要求, 当认证 模块和代理设备进行认证时, 对向代理设备发送的数据进行加密以及对接收 的代理设备返回的数据进行解密; 还用于根据和代理设备通信要求, 当业务 模块通过代理设备和网银服务器进行网银业务数据交互时, 对向代理设备发 送的网银业务数据进行加密以及对接收的代理设备返回的网银业务数据进行 解密。
进一歩地, 当网银业务实现后, P0S设备还包括:
通知模块, 用于向代理设备发送通知, 通知用于指示代理设备断开与 P0 S设备的连接, 且断开与网银服务器的连接。
本发明实施例提供的 P0S设备, 由于通过代理设备基于无线接入互联网 与网银服务器建立连接, 从而实现通过该代理设备转发该 P0S 设备和网银服 务器的网银业务数据, 更加方便用户使用网银业务, 并且简化 P0S设备的功 能, 从而降低对 P0S设备的制造和维护成本。 实施例 6
参见图 8, 与上述方法实施例以及系统实施例相应, 本发明实施例提供了 一种网银服务器, 该网银服务器包括:
建立模块 801, 和代理设备通过互联网建立连接;
业务模块 802, 用于通过代理设备和 P0S设备进行网银业务数据交互, 实 现网银业务。
其中, 业务模块 802包括:
接收单元, 用于接收通过代理设备转发的 P0S设备发送的网银业务请求; 发送单元, 用于通过代理设备向 P0S设备发送网银业务响应。
进一歩地, 为了提高网银业务的安全性和可靠性, 业务模块 802还包括: 加解密单元, 用于根据网银数据业务的要求, 对网银业务请求进行解密, 对网银业务响应进行加密。
进一歩地, 为了提高网银业务的安全性和可靠性, 网银服务器还包括: 加解密模块, 用于根据和代理设备通信要求, 对发送的数据进行加密; 并对接收的数据进行解密。 具体为: 用于根据和代理设备通信要求, 对业务 模块通过代理设备向 P0S 设备发送的网银业务数据进行加密, 对业务模块通 过代理设备接收的 P0S设备发送的网银业务数据行解密。
进一歩地, 为了提高网银业务的安全性和可靠性, 网银服务器的业务模 块 802还包括:
业务认证单元, 用于接收 P0S 设备通过代理设备转发的用户输入的业务 认证信息, 根据自身预存的业务认证信息, 以及接收的业务认证信息, 对用 户业务进行认证, 例如, 通过判断接收的业务认证信息和预存的业务认证信 息是否匹配来实现对用户业务的认证, 如果匹配, 则网银服务器对用户业务 认证通过。
本发明实施例提供的网银服务器, 由于建立了与基于无线接入互联网的 代理设备的连接, 从而实现通过该代理设备转发自身网银服务器和 P0S设备 的网银业务数据, 更加方便用户使用网银业务, 并且简化 P0S 设备的功能, 从而降低对 P0S设备的制造和维护成本。
本发明实施例中的 "接收"一词可以理解为主动从其他模块获取也可以 是接收其他模块发送来的信息。
本领域技术人员可以理解附图只是一个优选实施例的示意图, 附图中的 模块或流程并不一定是实施本发明所必须的。
上述本发明实施例序号仅仅为了描述, 不代表实施例的优劣。
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分歩骤 可以通过程序来指令相关的硬件来完成, 该程序可以存储于一计算机可读取 存储介质中, 比如 ROM/RAM、 磁碟、 光盘等。
以上所述的具体实施例, 对本发明的目的、 技术方案和有益效果进行了 进一歩详细说明, 所应理解的是, 以上所述仅为本发明的具体实施例而已, 并不用于限定本发明的保护范围, 凡在本发明的精神和原则之内, 所做的任 何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。

Claims

权 利 要 求 书
1、 一种实现网银业务的方法, 其特征在于, 所述方法包括:
当代理设备建立和销售终端 P0S设备的连接后, 所述代理设备和所述 P0S 设备进行识别;
当识别通过后, 所述代理设备和所述 P0S设备进行认证;
当认证通过后, 所述代理设备通过无线接入互联网建立与网银服务器的 连接;
所述代理设备转发所述 P0S设备和所述网银服务器之间的网银业务数据, 实现网银业务。
2、如权利要求 1所述的方法, 其特征在于,所述代理设备和 P0S设备识别, 包括:
所述代理设备对所述 P0S设备识别, 和 /或, 所述 P0S设备对所述代理设备 识别。
3、 如权利要求 2所述的方法, 其特征在于, 所述代理设备对所述 P0S设备 识别, 包括: 所述 P0S设备向所述代理设备发送所述 P0S设备的设备标识, 所 述代理设备根据所述设备标识, 对所述 P0S设备进行识别;
所述 P0S设备对所述代理设备识别, 包括: 所述代理设备向所述 P0S设备 发送所述代理设备的设备标识, 所述 P0S设备根据所述设备标识, 对所述代理 设备进行识别。
4、 如权利要求 1所述的方法, 其特征在于, 所述代理设备和所述 P0S设备 进行认证, 包括:
所述代理设备对所述 P0S设备认证, 和 /或, 所述 P0S设备对所述代理设备 认证。
5、 如权利要求 4所述的方法, 其特征在于, 所述代理设备对所述 P0S设备 认证, 包括:
所述代理设备接收所述 P0S设备发送的认证信息, 根据自身预设的认证信 息, 判断所述接收的认证信息和所述自身预设的认证信息是否匹配, 如果是, 则所述代理设备对所述 P0S设备认证通过;
所述 P0S设备对所述代理设备认证, 包括:
所述 P0S设备接收所述代理设备发送的认证信息, 根据自身预存的认证信 息, 判断所述接收的认证信息和所述自身预存的认证信息是否匹配, 如果是, 则所述 P0S设备对所述代理设备认证通过。
6、 如权利要求 5所述的方法, 其特征在于, 所述认证信息, 具体为: 加 密后的认证信息, 相应地, 所述判断所述接收的认证信息和所述自身预设的 认证信息是否匹配之前, 还包括: 对加密后的认证信息进行解密。
7、 如权利要求 1所述的方法, 其特征在于, 当认证通过后,所述方法还包 括: 所述 P0S设备接收用户发送的用户认证信息, 将所述用户认证信息发送给 所述代理设备;
所述代理设备接收所述 P0S设备发送的用户认证信息, 根据自身预存的用 户认证信息, 对所述用户进行认证;
相应地, 当所述代理设备对所述用户认证通过后, 所述代理设备转发所 述 P0S设备和所述网银服务器之间的网银业务数据。
8、 如权利要求 7所述的方法, 其特征在于, 所述代理设备对所述用户认 证, 包括: 判断所述 POS设备发送的用户认证信息和所述自身预存的用户认证信息 是否匹配, 如果是, 则所述代理设备对所述用户认证通过。
9、 如权利要求 1或 7所述的方法, 其特征在于, 所述代理设备转发所述 P0 S设备和所述网银服务器之间的网银业务数据, 包括:
所述代理设备接收所述 P0S设备根据所述代理设备和所述 P0S设备通信要 求以及网银数据要求加密后的网银业务请求, 根据所述代理设备和所述网银 服务器通信要求, 对所述接收的加密后的网银业务请求处理后, 发送给网银 服务器;
所述代理设备接收所述网银服务器根据所述代理设备和所述网银服务器 通信要求以及网银数据要求加密后的网银业务响应, 根据所述代理设备和所 述 P0S设备通信要求, 对所述接收的加密后的网银业务响应处理后, 发送给所 述 P0S设备。
10、 如权利要求 9所述的方法, 其特征在于, 所述代理设备转发所述 P0S 设备和所述网银服务器之间的网银业务数据, 包括:
所述 P0S设备根据网银数据要求, 对网银业务请求进行第一加密, 再根据 所述代理设备和所述 P0S设备的通信要求, 对第一加密后的网银业务请求进行 第二加密, 发送所述第二加密后的网银业务请求;
所述代理设备接收所述 P0S设备发送的第二加密后的网银业务请求, 对所 述接收的第二加密后的网银业务请求, 进行第二解密, 再根据所述代理设备 和所述网银服务器通信要求, 对第二解密后的网银业务请求进行第三加密, 发送所述第三加密后的网银业务请求;
所述网银服务器接收所述代理设备发送的第三加密后的网银业务请求, 对所述接收的第三加密后的网银业务请求, 进行第三解密, 再进行第一解密, 得到第一解密后的网银业务请求, 根据所述网银业务请求, 执行所述用户的 网银业务处理, 得到网银业务响应; 根据网银数据要求, 对所述网银业务响 应进行第四加密, 再根据所述网银服务器和所述代理设备通信要求, 对第四 加密后的网银业务响应进行第五加密, 发送所述第五加密后的网银业务响应; 所述代理设备收到所述网银服务器发送的第五加密后的网银业务响应, 对所述接收的第五加密后的网银业务响应, 进行第五解密, 再根据所述代理 设备和所述 P0S设备通信要求, 对第五解密后的网银业务响应进行第六加密, 发送所述第六加密后的网银业务响应;
所述 P0S 设备接收所述代理设备发送的第六加密后的网银业务响应。
11、 如权利要求 9或 10所述的方法, 其特征在于, 所述网银服务器收到所 述网银业务请求后, 所述方法还包括:
所述 P0S设备接收所述用户输入的业务认证信息, 将所述业务认证信息通 过所述代理设备转发到所述网银服务器;
所述网银服务器根据接收的业务认证信息和自身预存的业务认证信息, 判断所述接收的业务认证信息和所述预存的业务认证信息是否匹配, 如果是, 则所述网银服务器对所述用户业务认证通过, 执行后续完成网银业务的歩骤。
12、 如权利要求 1所述的方法, 其特征在于, 当网银业务完成后, 所述方 法还包括:
所述代理设备接收所述 P0S设备的通知, 断开与所述 P0S设备的连接, 且 断开与所述网银服务器的连接。
13、 一种实现网银业务的系统, 其特征在于, 所述系统包括: 和网银服 务器以及 P0S设备相连的代理设备,
所述代理设备, 用于建立和所述 P0S设备的连接后, 和所述 P0S设备进行 识别; 当识别通过后, 和所述 P0S设备进行认证; 当认证通过后, 还用于根据 预设的网银服务器的地址, 无线接入互联网建立与所述网银服务器的连接; 还用于转发所述 P0S设备和所述网银服务器之间的网银业务数据, 实现网银业
14、 如权利要求 13所述的系统, 其特征在于, 所述系统进一歩包括: 所 述 P0S设备, 用于和所述代理设备建立连接, 和所述代理设备进行识别, 当识 别通过后, 和所述代理设备进行认证, 当认证通过后, 通过所述代理设备和 所述网银服务器进行网银业务数据交互, 实现网银业务;
所述网银服务器, 用于和所述代理设备建立连接, 通过所述代理设备和 所述 P0S设备进行网银业务数据交互, 实现网银业务。
15、 如权利要求 13或 14所述的系统, 其特征在于, 当所述代理设备和所 述 P0S设备认证通过后,
所述 P0S设备还用于接收所述用户发送的用户认证信息, 将所述信息发送 给所述代理设备;
所述代理设备还用于接收所述 P0S设备发送的用户认证信息, 根据自身预 存的用户认证信息和所述接收的用户认证信息, 对所述用户进行认证。
16、 如权利要求 14或 15所述的系统, 其特征在于, 所述 P0S设备还用于接 收所述用户输入的业务认证信息, 将所述业务认证信息通过所述代理设备转 发到所述网银服务器;
所述网银服务器还用于接收所述代理设备转发的业务认证信息, 根据所 述接收的业务认证信息、 自身预存的业务认证信息, 对所述用户业务进行认 证。
17、 一种代理设备, 其特征在于, 所述代理设备包括:
建立模块, 用于建立和 P0S设备的连接; 识别模块, 用于当建立和所述 POS设备的连接后, 和所述 P0S设备进行识 别;
认证模块, 用于当识别通过后, 和所述 P0S设备进行认证;
连接模块, 用于当认证通过后, 通过无线接入互联网建立与所述网银服 务器的连接;
业务模块, 用于转发所述 P0S设备和所述网银服务器之间的网银业务数 据, 实现网银业务。
18、 如权利要求 17所述的代理设备, 其特征在于, 所述代理设备还包括: 用户认证模块, 用于当和所述 P0S设备认证通过后, 接收所述 P0S设备发 送的用户认证信息, 根据自身预存的用户认证信息, 对所述用户进行认证。
19、 如权利要求 17所述的代理设备, 其特征在于, 所述业务模块包括: 接收单元, 用于接收所述 P0S设备发送的网银业务请求, 还用于接收所述 网银服务器发送的网银业务响应;
发送单元, 用于将所述网银业务请求发送给所述网银服务器, 还用于将 所述网银业务响应发送给 P0S设备。
20、 如权利要求 19所述的代理设备, 其特征在于, 所述业务模块, 还包 括:
加解密单元, 用于根据通信要求, 对所述接收单元接收的数据进行解密 后, 再进行加密;
相应地, 所述发送单元, 用于发送所述加解密单元加密后的数据。
21、 一种 P0S设备, 其特征在于, 所述 P0S设备包括:
建立模块, 用于和代理设备建立连接;
识别模块, 用于当建立和所述代理设备的连接后, 和所述代理设备进行 识别;
认证模块, 用于当识别通过后, 和所述代理设备进行认证;
业务模块, 用于当认证通过后, 通过所述代理设备和网银服务器进行网 银业务数据交互, 实现网银业务, 其中, 所述代理设备通过无线接入互联网, 建立和所述网银服务器的连接。
22、 如权利要求 21所述的 P0S设备, 其特征在于, 所述 P0S设备还包括: 处理模块, 用于当和所述代理设备认证通过后, 接收所述用户输入的用 户认证信息; 将所述用户认证信息转发给所述代理设备; 所述用户认证信息 用于使得所述代理设备根据所述 P0S设备发送的用户认证信息、 自身预存的用 户认证信息, 对所述用户进行认证。
23、 如权利要求 22所述的 P0S设备, 其特征在于, 所述业务模块还包括: 业务认证转发单元, 用于接收所述用户输入的业务认证信息, 将所述业 务认证信息通过所述代理设备转发到所述网银服务器; 其中, 所述业务认证 信息使得所述网银服务器根据接收的所述业务认证信息、 自身预存的业务认 证信息, 对所述用户业务进行认证。
24、 如权利要求 22所述的设备, 其特征在于, 所述业务模块还包括: 加解密单元, 用于根据网银数据业务的要求, 对网银业务请求进行加密, 对网银业务响应进行解密。
25、 如权利要求 22所述的设备, 其特征在于, 所述 P0S设备还包括: 加解密模块, 用于根据和所述代理设备通信要求, 当所述识别模块和所 述代理设备进行识别时, 对向所述代理设备发送的数据进行加密以及对接收 的所述代理设备返回的数据进行解密; 还用于根据和所述代理设备通信要求, 当所述认证模块和所述代理设备进行认证时, 对向所述代理设备发送的数据 进行加密以及对接收的所述代理设备返回的数据进行解密; 还用于根据和所 述代理设备通信要求, 当所述业务模块通过所述代理设备和网银服务器进行 网银业务数据交互时, 对向所述代理设备发送的网银业务数据进行加密以及 对接收的所述代理设备返回的网银业务数据进行解密。
26、 一种网银服务器, 其特征在于, 所述网银服务器包括:
建立模块, 用于和代理设备通过互联网建立连接;
业务模块, 用于通过所述代理设备和 P0S设备进行网银业务数据交互, 实 现网银业务。
27、 如权利要求 26所述的网银服务器, 其特征在于, 所述业务模块包括: 接收单元, 用于接收通过所述代理设备转发的所述 P0S设备发送的网银业 务请求;
发送单元, 用于通过所述代理设备向所述 P0S设备发送网银业务响应。
28、 如权利要求 27所述的网银服务器, 其特征在于, 所述业务模块还包 括:
加解密单元, 用于根据网银数据业务的要求, 对网银业务请求进行解密, 对网银业务响应进行加密。
29、 如权利要求 26所述的网银服务器, 其特征在于, 所述网银服务器还 包括:
加解密模块, 用于根据和所述代理设备通信要求, 对所述业务模块通过 所述代理设备向所述 P0S设备发送的网银业务数据进行加密, 对所述业务模块 通过所述代理设备接收的 P0S设备发送的网银业务数据行解密。
30、 如权利要求 26所述的网银服务器, 其特征在于, 所述网银服务器的 业务模块还包括:
业务认证单元, 用于接收 P0S设备通过代理设备转发的用户输入的业务认 证信息, 根据自身预存的业务认证信息、 所述接收的业务认证信息, 对所述 用户业务进行认证。
PCT/CN2009/073637 2009-02-09 2009-08-31 一种实现网银业务的方法、系统和设备 WO2010088818A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP20090839535 EP2395464A4 (en) 2009-02-09 2009-08-31 METHOD, SYSTEM AND EQUIPMENT FOR IMPLEMENTING INTERNET BANKING SERVICE
US13/206,233 US9015065B2 (en) 2009-02-09 2011-08-09 Method, system, and device for implementing network banking service

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910008838A CN101800639A (zh) 2009-02-09 2009-02-09 一种实现网银业务的方法、系统和设备
CN200910008838.4 2009-02-09

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/206,233 Continuation US9015065B2 (en) 2009-02-09 2011-08-09 Method, system, and device for implementing network banking service

Publications (1)

Publication Number Publication Date
WO2010088818A1 true WO2010088818A1 (zh) 2010-08-12

Family

ID=42541659

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/073637 WO2010088818A1 (zh) 2009-02-09 2009-08-31 一种实现网银业务的方法、系统和设备

Country Status (4)

Country Link
US (1) US9015065B2 (zh)
EP (1) EP2395464A4 (zh)
CN (1) CN101800639A (zh)
WO (1) WO2010088818A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108550035A (zh) * 2018-03-20 2018-09-18 中国银行股份有限公司 一种跨境网银交易方法及跨境网银系统

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101800639A (zh) * 2009-02-09 2010-08-11 华为终端有限公司 一种实现网银业务的方法、系统和设备
CN102446321B (zh) * 2010-09-30 2014-08-06 中国移动通信集团公司 一种交易方法和系统以及一种销售点终端
CN102013982B (zh) * 2010-12-01 2012-07-25 银联商务有限公司 远程加密方法、管理方法、加密管理方法及装置和系统
US9055101B2 (en) * 2011-10-12 2015-06-09 F-Secure Corporation Near field communication security
JP5747005B2 (ja) * 2012-08-31 2015-07-08 東芝テック株式会社 機器接続ユニットと商品販売処理システムおよびプログラム
CN103684768A (zh) * 2012-09-10 2014-03-26 中国银联股份有限公司 一种pos系统以及在pos系统内进行双向认证的方法
WO2014119290A1 (ja) * 2013-01-30 2014-08-07 セイコーエプソン株式会社 制御システム、制御システムの制御方法、及び、制御装置
CN103280029A (zh) * 2013-05-15 2013-09-04 江苏奇异点网络有限公司 一种银行自动取款机无线接入的方法
KR102398221B1 (ko) * 2013-10-30 2022-05-16 삼성전자주식회사 무선 직접통신 네트워크에서 비대칭 키를 사용하여 아이덴티티를 검증하기 위한 방법 및 장치
CN103795549B (zh) * 2014-02-28 2017-02-22 成都卫士通信息产业股份有限公司 通信内容加密解密方法以及基于cs模式的加密管理方法
FR3019357B1 (fr) * 2014-03-31 2020-09-04 Compagnie Ind Et Financiere Dingenierie Ingenico Methode de verification d'authenticite d'un terminal, dispositif et programme correspondant
CN104063323B (zh) * 2014-07-03 2017-09-15 南昌欧菲生物识别技术有限公司 移动终端及其控制设备的方法及系统
US9652759B2 (en) 2014-07-11 2017-05-16 Google Inc. Hands-free transactions
US20160012422A1 (en) 2014-07-11 2016-01-14 Google Inc. Hands-free transactions with a transaction confirmation request
CN105279862B (zh) * 2015-09-29 2019-01-01 北京京东尚科信息技术有限公司 Pos机、工控机、具备pos机和工控机的系统及其方法
CN107123207A (zh) * 2016-02-25 2017-09-01 杭州健培科技有限公司 一种自助取片系统中的远程辅助识别的方法
EP4310704A3 (en) 2016-03-01 2024-04-03 Google LLC Facial profile modification for hands free transactions
KR102314098B1 (ko) 2016-07-31 2021-10-18 구글 엘엘씨 자동 핸즈프리 서비스 요청
CN106790194B (zh) * 2016-12-30 2020-06-19 中国银联股份有限公司 一种基于ssl协议的访问控制方法及装置
US10650367B2 (en) * 2017-07-28 2020-05-12 Ncr Corporation Peer-to-peer (P2P) peripheral communication control
CN107465514B (zh) * 2017-09-14 2020-06-26 北京信安世纪科技股份有限公司 在移动平台上快速打开信息安全设备应用的方法及系统
KR102348078B1 (ko) * 2018-01-12 2022-01-10 삼성전자주식회사 사용자 단말 장치, 전자 장치, 이를 포함하는 시스템 및 제어 방법
EP3663947B1 (en) * 2018-12-06 2021-11-24 Hewlett-Packard Development Company, L.P. Protected peripheral ports
US11829976B1 (en) 2020-11-06 2023-11-28 Wells Fargo Bank, N.A. Apparatuses, computer-implemented methods, and computer program products for currency control
US11681995B1 (en) 2020-11-06 2023-06-20 Wells Fargo Bank, N.A. Point of sale (POS) device for currency control
CN117176775B (zh) * 2023-11-02 2023-12-29 上海银行股份有限公司 一种基于远程服务的银行数据处理方法及系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1334541A (zh) * 2001-09-03 2002-02-06 何长杰 一种受理多种银行卡的方法和系统
US6769605B1 (en) * 2000-07-21 2004-08-03 Jason P. Magness Money transfer system
CN101136123A (zh) * 2006-08-30 2008-03-05 黄金富 智能卡pos机系统及相应在商户进行取现及汇款的方法

Family Cites Families (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6327570B1 (en) * 1998-11-06 2001-12-04 Dian Stevens Personal business service system and method
US8494878B2 (en) * 1998-11-06 2013-07-23 Dian Stevens Personal business service system and method
US20050075908A1 (en) * 1998-11-06 2005-04-07 Dian Stevens Personal business service system and method
WO2001029776A1 (en) * 1999-10-18 2001-04-26 Stamps.Com Cryptographic module for secure processing of value-bearing items
US7000001B2 (en) * 2000-09-12 2006-02-14 Research In Motion Limited Bookmark beacon system and method
US7003497B2 (en) * 2001-05-23 2006-02-21 International Business Machines Corporation System and method for confirming electronic transactions
US20020178295A1 (en) * 2001-05-23 2002-11-28 Joseph Buczek Distributed gateways for remote management of USB-compatible devices
CN2482772Y (zh) 2001-06-22 2002-03-20 北京移舟启程信息技术有限公司 无线pos机
CN2488239Y (zh) 2001-07-09 2002-04-24 福建实达电脑设备有限公司 无线pos通信连接系统
US7996324B2 (en) * 2001-07-10 2011-08-09 American Express Travel Related Services Company, Inc. Systems and methods for managing multiple accounts on a RF transaction device using secondary identification indicia
US20050182720A1 (en) * 2003-02-24 2005-08-18 Wow! Technologies, Inc. Online payment system and method
US20050192892A1 (en) * 2002-02-23 2005-09-01 Wow! Technologies Automated clearing house compatible loadable debit card system and method
US20060032905A1 (en) * 2002-06-19 2006-02-16 Alon Bear Smart card network interface device
US20040019564A1 (en) * 2002-07-26 2004-01-29 Scott Goldthwaite System and method for payment transaction authentication
CN100539581C (zh) * 2002-11-06 2009-09-09 国际商业机器公司 向用户设备提供一组访问码
US20040128256A1 (en) * 2002-12-04 2004-07-01 Krouse Wayne F. Remote location credit card transaction system with card present security system
US8352360B2 (en) * 2003-06-30 2013-01-08 Toshiba Global Commerce Solutions Holdings Corporation Method and system for secured transactions over a wireless network
US7506812B2 (en) * 2004-09-07 2009-03-24 Semtek Innovative Solutions Corporation Transparently securing data for transmission on financial networks
US20110071949A1 (en) * 2004-09-20 2011-03-24 Andrew Petrov Secure pin entry device for mobile phones
CA2542068C (en) * 2005-04-05 2016-01-26 Dxstorm.Com Inc. Electronic balance checking and credit approval system for use in conducting electronic transactions
CN101018130B (zh) * 2007-02-15 2010-09-08 物方恒德(北京)投资咨询有限公司 金融业务系统及金融业务处理方法
US8355982B2 (en) * 2007-08-16 2013-01-15 Verifone, Inc. Metrics systems and methods for token transactions
US20090055319A1 (en) * 2007-08-21 2009-02-26 Fazal Raheman Novel card-less, name-less, number-less, and paper-less method and system of highly secure completely anonymous customer-merchant transactions
ITTO20070877A1 (it) * 2007-12-04 2009-06-05 Farimex S A Authentication device and payment system
CN101340341A (zh) * 2008-07-18 2009-01-07 成都市华为赛门铁克科技有限公司 一种pos无线接入方法、设备和系统
CN101800639A (zh) * 2009-02-09 2010-08-11 华为终端有限公司 一种实现网银业务的方法、系统和设备

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6769605B1 (en) * 2000-07-21 2004-08-03 Jason P. Magness Money transfer system
CN1334541A (zh) * 2001-09-03 2002-02-06 何长杰 一种受理多种银行卡的方法和系统
CN101136123A (zh) * 2006-08-30 2008-03-05 黄金富 智能卡pos机系统及相应在商户进行取现及汇款的方法

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2395464A4 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108550035A (zh) * 2018-03-20 2018-09-18 中国银行股份有限公司 一种跨境网银交易方法及跨境网银系统

Also Published As

Publication number Publication date
US9015065B2 (en) 2015-04-21
EP2395464A1 (en) 2011-12-14
CN101800639A (zh) 2010-08-11
EP2395464A4 (en) 2011-12-21
US20110295707A1 (en) 2011-12-01

Similar Documents

Publication Publication Date Title
WO2010088818A1 (zh) 一种实现网银业务的方法、系统和设备
WO2017190616A1 (zh) 无线网络连接方法、无线接入点、服务器及系统
CN109347809A (zh) 一种面向自主可控环境下的应用虚拟化安全通信方法
JP5123209B2 (ja) モバイルネットワークに基づくエンドツーエンド通信での認証の方法、システム、および認証センタ
US8909556B2 (en) Security gateway communication
EP3700124B1 (en) Security authentication method, configuration method, and related device
US11736304B2 (en) Secure authentication of remote equipment
WO2014180296A1 (zh) 一种设备之间建立连接的方法、配置设备和无线设备
WO2007028328A1 (fr) Procede, systeme et dispositif de negociation a propos d'une cle de chiffrement partagee par equipement utilisateur et equipement externe
WO2013134927A1 (zh) 基于传输层安全的密钥传递方法、智能抄表终端及服务器
US10404475B2 (en) Method and system for establishing a secure communication tunnel
WO2009089764A1 (fr) Système et procédé d'authentification de réseau sécurisé
WO2014201907A1 (zh) 电子签名方法及系统
WO2015100675A1 (zh) 一种网络配置方法、相关装置及系统
WO2021208549A1 (zh) 充电认证的方法和装置
WO2014161277A1 (zh) 便携式wlan热点的连接方法及系统
WO2023083170A1 (zh) 密钥生成方法、装置、终端设备及服务器
TWI430674B (zh) 用於具有中繼節點之無線通訊系統的安全性方法
JP2003143128A (ja) 通信システム及び通信方法
WO2010088812A1 (zh) 即时消息的传送方法、系统及wapi终端
CN201479154U (zh) Bgp路由系统和设备
KR101172876B1 (ko) 사용자 단말기와 서버 간의 상호 인증 방법 및 시스템
WO2014117524A1 (zh) Wlan接入网络中传递成对主密钥的方法和系统
WO2013152653A1 (zh) 空中接口安全方法及设备
JP6767903B2 (ja) デバイス、情報端末、認証管理サーバおよびデバイス認証システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09839535

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2009839535

Country of ref document: EP