WO2014048319A1 - Security information exchange system, apparatus, and method - Google Patents

Security information exchange system, apparatus, and method Download PDF

Info

Publication number
WO2014048319A1
WO2014048319A1 PCT/CN2013/084183 CN2013084183W WO2014048319A1 WO 2014048319 A1 WO2014048319 A1 WO 2014048319A1 CN 2013084183 W CN2013084183 W CN 2013084183W WO 2014048319 A1 WO2014048319 A1 WO 2014048319A1
Authority
WO
WIPO (PCT)
Prior art keywords
security information
information interaction
data
user terminal
processing server
Prior art date
Application number
PCT/CN2013/084183
Other languages
French (fr)
Chinese (zh)
Inventor
柴洪峰
鲁志军
何朔
郑建宾
刘国宝
万四爽
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2014048319A1 publication Critical patent/WO2014048319A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A security information exchange system, apparatus and method are provided. The system comprises at least one user terminal, a security information exchange device, a data processing server, and a smart card. Each user-originated security information exchange command in the at least one user terminal is transmitted via a network to a remote security information exchange device for further security information exchange processing. The disclosed security information exchange system, device and method are highly secure and can be used for offline remote information exchange.

Description

安全性信息交互系统、 设备及方法 技术领域  Security information interaction system, device and method
本发明涉及信息交互系统、 设备及方法, 更具体地, 涉及安全性信 息交互系统、 设备及方法。 背景技术  The present invention relates to information interaction systems, devices and methods, and more particularly to security information interaction systems, devices and methods. Background technique
目前, 随着网络应用的日益广泛以及不同领域的业务种类的日益丰 富, 通过网络(特别是移动网络)进行脱机方式的安全性信息 (即对安 全性要求较高的信息, 例如与金融交易相关的信息) 的交互变得越来越 重要。  At present, with the increasing use of network applications and the increasing variety of services in different fields, offline security information (that is, information requiring high security, such as financial transactions), is performed through a network (especially a mobile network). The related information) interaction becomes more and more important.
现有的脱机方式的安全性信息交互系统及方法通常应用于现场形式 的信息交互(例如电子现金的现场脱机支付)。 因此, 其存在如下问题: 难于在远程的信息交互 (例如电子现金的远程脱机支付) 中应用 (例如 由于用户的移动终端通常是不可信的, 故造成现有的信息交互机制和安 全机制不适用于基于移动网络的远程信息交互)。  Existing offline mode security information interaction systems and methods are typically applied to on-site form information interactions (e.g., on-line offline payments for electronic cash). Therefore, it has the following problems: It is difficult to apply in remote information interaction (such as remote offline payment of electronic cash) (for example, because the user's mobile terminal is usually untrustworthy, the existing information interaction mechanism and security mechanism are not Suitable for remote information interaction based on mobile networks).
因此, 存在如下需求: 提供具有高的安全性并且能够应用于脱机方 式的远程信息交互的安全性信息交互系统、 设备及方法。 发明内容  Therefore, there is a need to provide a security information interaction system, apparatus, and method that has high security and can be applied to offline information exchange. Summary of the invention
为了解决上述现有技术方案中所存在的问题, 本发明提出了具有高 的安全性并且能够应用于脱机方式的远程信息交互的安全性信息交互系 统、 设备及方法。  In order to solve the problems in the above prior art solutions, the present invention proposes a security information interaction system, apparatus and method that have high security and can be applied to offline information exchange.
本发明的目的是通过以下技术方案实现的:  The object of the invention is achieved by the following technical solutions:
一种安全性信息交互方法, 所述安全性信息交互方法包括下列步骤: A security information interaction method, the security information interaction method includes the following steps:
( A1 ) 用户终端将来自用户的安全性信息交互指令通过网络传送到 远程安全性信息交互装置; (A1) the user terminal transmits the security information interaction instruction from the user to the remote security information interaction device through the network;
( A2 ) 所述安全性信息交互装置接收来自所述用户终端的所述安全 性信息交互指令, 并基于所述安全性信息交互指令构造安全性信息交互 请求以及将所述安全性信息交互请求传送到数据处理服务器;(A2) the security information interaction device receives the security information interaction instruction from the user terminal, and constructs a security information interaction based on the security information interaction instruction Requesting and transmitting the security information interaction request to a data processing server;
( A3 ) 所述数据处理服务器接收并解析来自所述安全性信息交互装 置的所述安全性信息交互请求, 并基于所述安全性信息交互请求向所述 用户终端发送安全性信息交互确认请求; (A3) the data processing server receives and parses the security information interaction request from the security information interaction device, and sends a security information interaction confirmation request to the user terminal based on the security information interaction request;
( A4 ) 所述用户终端接收来自所述数据处理服务器的所述安全性信 息交互确认请求, 以及基于所述安全性信息交互确认请求从智能卡中的 脱机应用获取应用数据并将所述应用数据传送到所述数据处理服务器; (A4) the user terminal receives the security information interaction confirmation request from the data processing server, and acquires application data from an offline application in the smart card based on the security information interaction confirmation request and the application data Transferred to the data processing server;
( A5 ) 所述数据处理服务器接收所述用户终端传送回的所述应用数 据, 并基于所述应用数据执行认证操作以及将认证结果通知传送回所述 用户终端; (A5) the data processing server receives the application data transmitted by the user terminal, and performs an authentication operation based on the application data and transmits an authentication result notification back to the user terminal;
( A6 )所述用户终端接收来自所述数据处理服务器的认证结果通知, 并基于所述认证结果通知生成安全性信息交互数据以及将所述安全性信 息交互数据传送到所述数据处理服务器;  (A6) the user terminal receives an authentication result notification from the data processing server, and generates security information interaction data based on the authentication result notification and transmits the security information interaction data to the data processing server;
( A7 ) 所述数据处理服务器接收来自所述用户终端的所述安全性信 息交互数据, 并基于所述安全性信息交互数据执行验证操作以及将与验 证结果相关的消息传送到所述安全性信息交互装置。  (A7) the data processing server receives the security information interaction data from the user terminal, and performs a verification operation based on the security information interaction data and transmits a message related to the verification result to the security information Interactive device.
在上面所公开的方案中, 优选地, 所述步骤(A7 ) 进一步包括: 如 果所述验证结果是 "验证成功", 则所述数据处理服务器向所述用户终端 发送安全性信息交互成功应答。  In the solution disclosed above, preferably, the step (A7) further comprises: if the verification result is "verification successful", the data processing server sends a security information interaction success response to the user terminal.
在上面所公开的方案中, 优选地, 所述步骤(A7 ) 进一步包括: 如 果所述验证结果是 "验证成功", 则所述数据处理服务器将与验证结果相 关的通知发送到业务提供方服务器。  In the solution disclosed above, preferably, the step (A7) further comprises: if the verification result is "verification successful", the data processing server sends a notification related to the verification result to the service provider server .
在上面所公开的方案中, 优选地, 所述用户终端是移动终端中的客 户端, 并且所述网络是移动通信网络。  In the solution disclosed above, preferably, the user terminal is a client in the mobile terminal, and the network is a mobile communication network.
在上面所公开的方案中, 优选地, 所述应用数据包括脱机认证数据 和用于终端风险管理和行为分析的数据。  In the solution disclosed above, preferably, the application data includes offline authentication data and data for terminal risk management and behavior analysis.
在上面所公开的方案中, 优选地, 所述步骤(A5 ) 进一步包括: 在 接收到所述用户终端传送回的所述应用数据后, 所述数据处理服务器执 行如下操作: 解析所述应用数据以获得脱机认证数据和用于终端风险管 理和行为分析的数据; 基于所述脱机认证数据执行认证操作, 并且如果 认证结果为 "认证未通过", 则向所述用户终端传送回安全性信息交互拒 绝应答; 如果认证结果为 "认证通过", 则执行终端风险管理和行为分析 操作以确定是否进行后续的安全性信息交互过程, 并且如果确定进行后 续的安全性信息交互过程, 则向所述用户终端传送回安全性信息交互批 准应答, 以及如果确定不需进行后续的安全性信息交互过程, 则向所述 用户终端传送回安全性信息交互拒绝应答。 In the solution disclosed above, preferably, the step (A5) further includes: after receiving the application data transmitted back by the user terminal, the data processing server performs the following operations: parsing the application data To obtain offline authentication data and for terminal risk management And analyzing data of the behavior; performing an authentication operation based on the offline authentication data, and transmitting a security information interaction rejection response to the user terminal if the authentication result is "authentication failed"; if the authentication result is "authentication By performing a terminal risk management and behavior analysis operation to determine whether to perform a subsequent security information interaction process, and if it is determined that a subsequent security information interaction process is performed, transmitting a security information interaction approval response to the user terminal. And if it is determined that no subsequent security information interaction process is required, a security information interaction rejection response is transmitted back to the user terminal.
在上面所公开的方案中, 优选地, 所述步骤(A6 ) 进一步包括: 在 接收到来自所述数据处理服务器的认证结果通知后, 所述用户终端执行 如下操作: 如果所述认证结果通知是安全性信息交互拒绝应答, 则提示 用户安全性信息交互失败, 并且如果所述认证结果通知是安全性信息交 互批准应答, 则执行与当前进行的安全性信息交互过程相关联的数据处 理操作并生成所述安全性信息交互数据, 以及将所述安全性信息交互数 据传送到所述数据处理服务器。  In the solution disclosed above, preferably, the step (A6) further includes: after receiving the authentication result notification from the data processing server, the user terminal performs the following operations: if the authentication result notification is The security information interaction rejection response prompts the user security information interaction failure, and if the authentication result notification is a security information interaction approval response, performs a data processing operation associated with the currently performed security information interaction process and generates The security information exchanges data, and transmits the security information interaction data to the data processing server.
在上面所公开的方案中, 优选地, 所述安全性信息交互数据包括安 全性信息交互凭证和其他与当前进行的安全性信息交互过程相关联的信 台  In the solution disclosed above, preferably, the security information interaction data includes a security information interaction credential and other information associated with the currently performed security information interaction process.
在上面所公开的方案中, 优选地, 所述步骤(A7 ) 进一步包括: 所 述数据处理服务器验证所述安全性信息交互凭证。  In the solution disclosed above, preferably, the step (A7) further comprises: the data processing server verifying the security information interaction credential.
在上面所公开的方案中, 优选地, 通过 SSL协议实现所述安全性信 息交互装置与所述数据处理服务器之间的数据通信。  In the solution disclosed above, preferably, data communication between the security information interaction device and the data processing server is implemented by an SSL protocol.
在上面所公开的方案中, 优选地, 通过 SSL协议实现所述用户终端 与所述数据处理服务器之间的数据通信。  In the solution disclosed above, preferably, data communication between the user terminal and the data processing server is implemented by an SSL protocol.
在上面所公开的方案中, 优选地, 所述步骤(A6 ) 进一步包括: 以 加密的方式传送所述安全性信息交互数据, 其中, 将安全性信息交互标 识符作为加密密钥的生成因子。  In the solution disclosed above, preferably, the step (A6) further comprises: transmitting the security information interaction data in an encrypted manner, wherein the security information interaction identifier is used as a generation factor of the encryption key.
在上面所公开的方案中, 优选地, 所述步骤(A4 ) 进一步包括: 所 述用户终端以如下方式从脱机应用获取所述应用数据: U ) 向所述智能 卡发送选择脱机应用的指令以选择脱机应用; ( 1 )初始化所述脱机应用; 如果验证通过, 则执行后续操作, 而如果验证未通过, 则提示重新输入 所述针对所述脱机应用的 PIN, 并重复 3 证过程, 以及如果输入次数超过 预定的阈值则提示用户身份验证失败; 向所述脱机应用发送读取应用数 据指令以获取所述应用数据。 In the solution disclosed above, preferably, the step (A4) further comprises: the user terminal acquiring the application data from an offline application in the following manner: U) transmitting an instruction for selecting an offline application to the smart card To select an offline application; (1) initialize the offline application; If the verification passes, the subsequent operation is performed, and if the verification fails, the prompt prompts to re-enter the PIN for the offline application, and repeats the 3 certificate process, and prompts the user authentication failure if the number of inputs exceeds a predetermined threshold. Sending a read application data instruction to the offline application to obtain the application data.
本发明的目的还可以通过以下技术方案实现:  The object of the present invention can also be achieved by the following technical solutions:
一种安全性信息交互系统, 所述安全性信息交互系统包括: 至少一个用户终端, 所述至少一个用户终端中的每个用于将来自用 户的安全性信息交互指令通过网络传送到远程安全性信息交互装置, 并 接收来自数据处理服务器的安全性信息交互确认请求, 以及基于所述安 到所述数据处理服务器, 所述至少一个用户终端中的每个进一步用于接 收来自所述数据处理服务器的认证结果通知, 并基于所述认证结果通知 生成安全性信息交互数据以及将所述安全性信息交互数据传送到所述数 据处理服务器;  A security information interaction system, the security information interaction system comprising: at least one user terminal, each of the at least one user terminal for transmitting security information interaction instructions from a user to a remote security through a network An information interaction device, and receiving a security information interaction confirmation request from the data processing server, and each of the at least one user terminal is further configured to receive from the data processing server based on the access to the data processing server The authentication result notification, and generating security information interaction data based on the authentication result notification and transmitting the security information interaction data to the data processing server;
安全性信息交互装置, 所述安全性信息交互装置用于接收来自所述 用户终端的所述安全性信息交互指令, 并基于所述安全性信息交互指令 构造安全性信息交互请求以及将所述安全性信息交互请求传送到所述数 据处理服务器;  a security information interaction device, configured to receive the security information interaction instruction from the user terminal, and construct a security information interaction request based on the security information interaction instruction and to perform the security a sexual information interaction request is transmitted to the data processing server;
数据处理服务器, 所述数据处理服务器用于接收并解析来自所述安 全性信息交互装置的所述安全性信息交互请求, 并基于所述安全性信息 交互请求向相应的用户终端发送所述安全性信息交互确认请求, 所述数 据处理服务器进一步用于接收所述用户终端传送回的应用数据, 并基于 所述应用数据执行认证操作以及将认证结果通知传送回相应的用户终 端, 所述数据处理服务器进一步用于接收来自所述用户终端的所述安全 性信息交互数据, 并基于所述安全性信息交互数据执行验证操作以及将 与 证结果相关的消息传送到所述安全性信息交互装置;  a data processing server, configured to receive and parse the security information interaction request from the security information interaction device, and send the security to a corresponding user terminal based on the security information interaction request An information exchange confirmation request, the data processing server is further configured to receive application data transmitted by the user terminal, perform an authentication operation based on the application data, and transmit an authentication result notification back to the corresponding user terminal, where the data processing server Further for receiving the security information interaction data from the user terminal, and performing a verification operation based on the security information interaction data and transmitting a message related to the certificate result to the security information interaction device;
智能卡, 所述智能卡用于存储至少一个脱机应用。  A smart card, the smart card is used to store at least one offline application.
本发明的目的还可以通过以下技术方案实现: 一种用户终端, 所述用户终端将来自用户的安全性信息交互指令通 过网络传送到远程安全性信息交互装置, 并接收来自数据处理服务器的 安全性信息交互确认请求, 以及基于所述安全性信息交互确认请求从智 服务器, 所述用户终端进一步用于接收来自所述数据处理服务器的认证 结果通知, 并基于所述认证结果通知生成安全性信息交互数据以及将所 述安全性信息交互数据传送到所述数据处理服务器。 The object of the present invention can also be achieved by the following technical solutions: a user terminal, the user terminal transmits a security information interaction instruction from the user to the remote security information interaction device through the network, and receives a security information interaction confirmation request from the data processing server, and based on the security information An interaction confirmation request from the smart server, the user terminal further configured to receive an authentication result notification from the data processing server, and generate security information interaction data based on the authentication result notification and transmit the security information interaction data to The data processing server.
本发明的目的还可以通过以下技术方案实现:  The object of the present invention can also be achieved by the following technical solutions:
一种数据处理服务器, 所述数据处理服务器接收并解析来自安全性 信息交互装置的安全性信息交互请求, 并基于所述安全性信息交互请求 向相应的用户终端发送安全性信息交互确认请求, 所述数据处理服务器 进一步用于接收所述用户终端传送回的应用数据, 并基于所述应用数据 执行认证操作以及将认证结果通知传送回相应的用户终端, 所述数据处 理服务器进一步用于接收来自所述用户终端的安全性信息交互数据, 并 基于所述安全性信息交互数据执行验证操作以及将与验证结果相关的消 息传送到所述安全性信息交互装置。  a data processing server, the data processing server receives and parses a security information interaction request from the security information interaction device, and sends a security information interaction confirmation request to the corresponding user terminal based on the security information interaction request, The data processing server is further configured to receive application data transmitted by the user terminal, and perform an authentication operation based on the application data and transmit an authentication result notification back to the corresponding user terminal, where the data processing server is further configured to receive the Determining security information interaction data of the user terminal, and performing a verification operation based on the security information interaction data and transmitting a message related to the verification result to the security information interaction device.
本发明所公开的安全性信息交互系统、 设备及方法具有如下优点: The security information interaction system, device and method disclosed by the present invention have the following advantages:
( 1 )能够应用于脱机方式的远程信息交互; (2 ) 由于使用了多种安全措 施(例如, 以加密的方式传送安全性信息交互数据, 其中, 将安全性信 息交互标识符(诸如订单号)作为加密密钥的生成因子), 故具有高的安 全性。 附图说明 (1) can be applied to offline information exchange; (2) due to the use of multiple security measures (for example, the transmission of security information interaction data in an encrypted manner, where the security information interaction identifier (such as an order) No.) is a generation factor of the encryption key, so it has high security. DRAWINGS
结合附图, 本发明的技术特征以及优点将会被本领域技术人员更好 地理解, 其中:  The technical features and advantages of the present invention will be better understood by those skilled in the art from the drawings, wherein:
图 1是才 据本发明的实施例的安全性信息交互系统的示意性结构图; 图 2是才 据本发明的实施例的安全性信息交互方法的流程图。 具体实施方式 图 1是才 据本发明的实施例的安全性信息交互系统的示意性结构图。 如图 1所示, 本发明所公开的安全性信息交互系统包括至少一个用户终端 1、 安全性信息交互装置 2 (例如 P0S机), 数据处理服务器 3和智能卡 4。 其中, 所述至少一个用户终端 1中的每个用于将来自用户的安全性信息交 互指令(例如购买请求)通过网络传送到远程安全性信息交互装置 2, 并 接收来自数据处理服务器 3的安全性信息交互确认请求(例如订单支付请 求;), 以及基于所述安全性信息交互确认请求从脱机应用获取应用数据并 将所述应用数据传送到所述数据处理服务器 3, 所述至少一个用户终端 1 中的每个进一步用于接收来自所述数据处理服务器 3的认证结果通知, 并 基于所述认证结果通知生成安全性信息交互数据以及将所述安全性信息 交互数据传送到所述数据处理服务器 3。 所述安全性信息交互装置 2用于 接收来自所述用户终端 1的所述安全性信息交互指令, 并基于所述安全性 信息交互指令构造安全性信息交互请求(例如订单) 以及将所述安全性 信息交互请求传送到所述数据处理服务器 3。 所述数据处理服务器 3用于 接收并解析来自所述安全性信息交互装置 2的所述安全性信息交互请求, 并基于所述安全性信息交互请求向相应的用户终端 1发送所述安全性信 息交互确认请求, 所述数据处理服务器 3进一步用于接收所述用户终端 1 传送回的应用数据, 并基于所述应用数据执行认证操作以及将认证结果 通知传送回相应的用户终端 1, 所述数据处理服务器 3进一步用于接收来 自所述用户终端 1的所述安全性信息交互数据, 并基于所述安全性信息交 互数据执行验证操作以及将与验证结果相关的消息 (例如支付成功确认 通知)传送到所述安全性信息交互装置 2 (例如用于提醒商户开始发货)。 所述智能卡 4用于存储至少一个脱机应用。 1 is a schematic structural diagram of a security information interaction system according to an embodiment of the present invention; and FIG. 2 is a flowchart of a security information interaction method according to an embodiment of the present invention. detailed description 1 is a schematic structural diagram of a security information interaction system according to an embodiment of the present invention. As shown in FIG. 1, the security information interaction system disclosed by the present invention includes at least one user terminal 1, a security information interaction device 2 (for example, a POS machine), a data processing server 3, and a smart card 4. Each of the at least one user terminal 1 is configured to transmit a security information interaction instruction (eg, a purchase request) from the user to the remote security information interaction device 2 through the network, and receive security from the data processing server 3. a sexual information interaction confirmation request (eg, an order payment request;), and acquiring application data from the offline application based on the security information interaction confirmation request and transmitting the application data to the data processing server 3, the at least one user Each of the terminals 1 is further configured to receive an authentication result notification from the data processing server 3, and generate security information interaction data based on the authentication result notification and transmit the security information interaction data to the data processing Server 3. The security information interaction device 2 is configured to receive the security information interaction instruction from the user terminal 1, and construct a security information interaction request (such as an order) based on the security information interaction instruction, and the security The sexual information exchange request is transmitted to the data processing server 3. The data processing server 3 is configured to receive and parse the security information interaction request from the security information interaction device 2, and send the security information to the corresponding user terminal 1 based on the security information interaction request. An interaction confirmation request, the data processing server 3 is further configured to receive application data transmitted by the user terminal 1, and perform an authentication operation based on the application data and transmit an authentication result notification back to the corresponding user terminal 1, the data The processing server 3 is further configured to receive the security information interaction data from the user terminal 1, and perform a verification operation based on the security information interaction data and transmit a message related to the verification result (eg, a payment success confirmation notification) To the security information interaction device 2 (for example, to remind the merchant to start shipping). The smart card 4 is used to store at least one offline application.
优选地, 在本发明所公开的安全性信息交互系统中, 所述数据处理 服务器 3进一步用于执行如下操作: 如果所述验证结果是 "验证成功", 则向相应的用户终端 1发送安全性信息交互成功应答(例如支付成功应 答, 用于提示用户已经支付完成)。  Preferably, in the security information interaction system disclosed by the present invention, the data processing server 3 is further configured to perform the following operations: if the verification result is "verification successful", send security to the corresponding user terminal 1. The information interaction is successfully answered (for example, a payment success response is used to prompt the user that the payment has been completed).
优选地, 在本发明所公开的安全性信息交互系统中, 所述数据处理 服务器 3进一步用于执行如下操作: 如果所述验证结果是 "验证成功", 则将与验证结果相关的通知 (例如支付结果通知)发送到业务提供方服 务器 (例如发卡行的相关服务器)。 Preferably, in the security information interaction system disclosed by the present invention, the data processing server 3 is further configured to perform the following operations: if the verification result is "verification successful", A notification related to the verification result (eg, a payment result notification) is sent to the service provider server (eg, the relevant server of the issuer).
优选地, 在本发明所公开的安全性信息交互系统中, 所述用户终端 1 是移动终端中的客户端, 并且所述网络是移动通信网络。  Preferably, in the security information interaction system disclosed in the present invention, the user terminal 1 is a client in the mobile terminal, and the network is a mobile communication network.
优选地, 在本发明所公开的安全性信息交互系统中, 所述应用数据 包括脱机认证数据和用于终端风险管理和行为分析的数据。  Preferably, in the security information interaction system disclosed by the present invention, the application data includes offline authentication data and data for terminal risk management and behavior analysis.
优选地, 在本发明所公开的安全性信息交互系统中, 在接收到所述 用户终端 1传送回的所述应用数据后, 所述数据处理服务器 3执行如下操 作: 解析所述应用数据以获得脱机认证数据和用于终端风险管理和行为 分析的数据; 基于所述脱机认证数据执行认证操作, 并且如果认证结果 为 "认证未通过", 则向相应的用户终端 1传送回安全性信息交互拒绝应 答; 如果认证结果为 "认证通过", 则执行终端风险管理和行为分析操作 (例如判断电子现金可用余额减去授权金额是否小于电子现金重置阈 值) 以确定是否进行后续的安全性信息交互过程, 并且如果确定进行后 续的安全性信息交互过程, 则向相应的用户终端 1传送回安全性信息交互 批准应答, 以及如果确定不需进行后续的安全性信息交互过程, 则向相 应的用户终端 1传送回安全性信息交互拒绝应答。  Preferably, in the security information interaction system disclosed by the present invention, after receiving the application data transmitted back by the user terminal 1, the data processing server 3 performs the following operations: parsing the application data to obtain Offline authentication data and data for terminal risk management and behavior analysis; performing an authentication operation based on the offline authentication data, and transmitting security information to the corresponding user terminal 1 if the authentication result is "authentication failed" Interactive rejection response; if the authentication result is "authentication pass", perform terminal risk management and behavior analysis operations (eg, determine whether the electronic cash available balance minus the authorized amount is less than the electronic cash reset threshold) to determine whether to perform subsequent security information The interaction process, and if it is determined that the subsequent security information interaction process is performed, the security information interaction approval response is transmitted back to the corresponding user terminal 1, and if it is determined that the subsequent security information interaction process is not required, the corresponding user is Terminal 1 transmits back security information interaction rejection Response.
优选地, 在本发明所公开的安全性信息交互系统中, 在接收到来自 所述数据处理服务器 3的认证结果通知后, 所述用户终端 1执行如下操作: 如果所述认证结果通知是安全性信息交互拒绝应答, 则提示用户安全性 信息交互失败, 并且如果所述认证结果通知是安全性信息交互批准应答, 则执行与当前进行的安全性信息交互过程相关联的数据处理操作 (例如 对电子现金进行扣款) 并生成所述安全性信息交互数据, 以及将所述安 全性信息交互数据传送到所述数据处理服务器 3。  Preferably, in the security information interaction system disclosed in the present invention, after receiving the authentication result notification from the data processing server 3, the user terminal 1 performs the following operations: if the authentication result notification is security The information interaction rejects the response, prompting the user to fail the security information interaction, and if the authentication result notification is a security information interaction approval response, performing a data processing operation associated with the currently performed security information interaction process (eg, for electronic Cash is debited) and the security information interaction data is generated, and the security information interaction data is transmitted to the data processing server 3.
优选地, 在本发明所公开的安全性信息交互系统中, 所述安全性信 息交互数据包括安全性信息交互凭证(例如交易扣款凭证)和其他与当 前进行的安全性信息交互过程相关联的信息 (例如安全性信息交互标识 符, 诸如订单号)。  Preferably, in the security information interaction system disclosed by the present invention, the security information interaction data includes a security information interaction credential (such as a transaction debit memo) and other related to the currently performed security information interaction process. Information (such as security information interaction identifiers, such as order numbers).
优选地, 在本发明所公开的安全性信息交互系统中, 所述数据处理 服务器 3执行的所述验证操作包括验证所述安全性信息交互凭证。 Preferably, in the security information interaction system disclosed by the present invention, the data processing The verification operation performed by the server 3 includes verifying the security information interaction credentials.
优选地, 在本发明所公开的安全性信息交互系统中, 所述安全性信 息交互装置 2是所述网络中的节点(即可以通过所述网络与外部设备进行 数据通信)。  Preferably, in the security information interaction system disclosed in the present invention, the security information interaction device 2 is a node in the network (i.e., data communication with an external device can be performed through the network).
优选地, 在本发明所公开的安全性信息交互系统中, 通过 SSL协议 实现所述安全性信息交互装置 2与所述数据处理服务器 3之间的数据通 信。  Preferably, in the security information interaction system disclosed in the present invention, data communication between the security information interaction device 2 and the data processing server 3 is implemented by the SSL protocol.
优选地, 在本发明所公开的安全性信息交互系统中, 通过 SSL协议 优选地, 在本发明所公开的安全性信息交互系统中, 通过对称密钥 体系实现所述认证过程。  Preferably, in the security information interaction system disclosed by the present invention, the authentication process is preferably implemented by a symmetric key system in the security information interaction system disclosed by the present invention through the SSL protocol.
优选地, 在本发明所公开的安全性信息交互系统中, 以加密的方式 传送所述安全性信息交互数据(其包括安全性信息交互凭证), 其中, 将 安全性信息交互标识符 (诸如订单号)作为加密密钥的生成因子。  Preferably, in the security information interaction system disclosed in the present invention, the security information interaction data (which includes a security information interaction credential) is transmitted in an encrypted manner, wherein the security information interaction identifier (such as an order) No.) as a generation factor of the encryption key.
示例性地, 在本发明所公开的安全性信息交互系统中, 所述智能卡 4 可以是 SIM卡, 或智能 SD卡, 或终端附件等。  Illustratively, in the security information interaction system disclosed by the present invention, the smart card 4 may be a SIM card, or a smart SD card, or a terminal accessory or the like.
优选地, 在本发明所公开的安全性信息交互系统中, 所述用户终端 1 以如下方式从脱机应用获取所述应用数据: (1 )向所述智能卡 4发送选择 脱机应用的指令以选择脱机应用; ( 2 )初始化所述脱机应用; ( 3 )提示 用户输入针对所述脱机应用的 PIN (个人识别码)从而验证用户的身份, 并且如果验证通过, 则执行后续操作, 而如果验证未通过, 则提示重新 输入所述针对所述脱机应用的 PIN, 并重复 3 证过程, 以及如果输入次数 超过预定的阈值则提示用户身份验证失败; 向所述脱机应用发送读取应 用数据指令以获取所述应用数据。  Preferably, in the security information interaction system disclosed by the present invention, the user terminal 1 acquires the application data from an offline application in the following manner: (1) transmitting an instruction to select the offline application to the smart card 4 to Selecting an offline application; (2) initializing the offline application; (3) prompting the user to input a PIN (Personal Identification Number) for the offline application to verify the identity of the user, and if the verification passes, performing a subsequent operation, And if the verification fails, prompting to re-enter the PIN for the offline application, and repeating the 3 certificate process, and prompting the user for authentication failure if the number of inputs exceeds a predetermined threshold; sending a read to the offline application An application data instruction is fetched to obtain the application data.
示例性地, 在金融领域中, 所述与当前进行的安全性信息交互过程 相关联的数据处理操作可以是为了完成交易而对电子现金进行的扣款操 作, 并且具体的操作过程可以如下: 所述用户终端 1向所述智能卡 4发 送扣款请求; 收到扣款请求后, 所述智能卡 4执行卡片风险分析以决定 是否批准该交易请求; 如果批准, 则返回脱机交易批准密文 TC, 此时卡 内的电子现金金额已经进行了更新; 如果不批准, 则返回拒绝响应 (例 如密文 AAC );用户终端 1判断是否为脱机交易批准 TC密文,并且如果是, 则组装脱机交易扣款凭证, 并将该凭证发送给所述智能卡 4进行加密和 MAC计算;所述智能卡 4确认该脱机交易扣款凭证确实属于本帐户的有效 脱机交易数据(即未经处理过的属于本帐户的脱机交易数据), 则完成相 关的安全操作, 而如果确认不是, 则返回错误指示。 Exemplarily, in the financial field, the data processing operation associated with the currently performed security information interaction process may be a debit operation for electronic cash in order to complete the transaction, and the specific operation process may be as follows: The user terminal 1 sends a debit request to the smart card 4; after receiving the debit request, the smart card 4 performs card risk analysis to decide whether to approve the transaction request; if approved, returns the offline transaction approval ciphertext TC, Card at this time The electronic cash amount has been updated; if not approved, a rejection response (for example, ciphertext AAC) is returned; the user terminal 1 determines whether the TC ciphertext is approved for the offline transaction, and if so, the offline transaction deduction is assembled. Voucher, and sending the voucher to the smart card 4 for encryption and MAC calculation; the smart card 4 confirms that the offline transaction debit voucher does belong to the valid offline transaction data of the account (ie, the unprocessed account belongs to the account The offline transaction data) completes the relevant security operation, and if the confirmation is not, an error indication is returned.
由上可见, 本发明所公开的安全性信息交互系统具有如下优点: (1 ) 能够应用于脱机方式的远程信息交互;( 1 )由于使用了多种安全措施 (例 如, 以加密的方式传送安全性信息交互数据, 其中, 将安全性信息交互 标识符(诸如订单号)作为加密密钥的生成因子), 故具有高的安全性。  It can be seen from the above that the security information interaction system disclosed by the present invention has the following advantages: (1) can be applied to remote information interaction in an offline mode; (1) due to the use of multiple security measures (for example, transmission in an encrypted manner) Security information interaction data, in which a security information interaction identifier (such as an order number) is used as a generation factor of an encryption key, so that it has high security.
如图 1所示, 本发明公开了一种用户终端 1, 所述用户终端 1将来自用 户的安全性信息交互指令(例如购买请求)通过网络传送到远程安全性 信息交互装置 2, 并接收来自数据处理服务器 3的安全性信息交互确认请 求(例如订单支付请求), 以及基于所述安全性信息交互确认请求从智能 服务器 3, 所述用户终端 1进一步用于接收来自所述数据处理服务器 3的认 证结果通知, 并基于所述认证结果通知生成安全性信息交互数据以及将 所述安全性信息交互数据传送到所述数据处理服务器 3。  As shown in FIG. 1, the present invention discloses a user terminal 1 that transmits a security information interaction instruction (for example, a purchase request) from a user to a remote security information interaction device 2 through a network, and receives from a security information interaction confirmation request (for example, an order payment request) of the data processing server 3, and an interaction confirmation request from the intelligent server 3 based on the security information, the user terminal 1 further for receiving the data processing server 3 The authentication result is notified, and the security information interaction data is generated based on the authentication result notification and the security information interaction data is transmitted to the data processing server 3.
优选地, 本发明所公开的用户终端 1是移动终端中的客户端, 并且所 述网络是移动通信网络。  Preferably, the user terminal 1 disclosed in the present invention is a client in a mobile terminal, and the network is a mobile communication network.
优选地, 在本发明所公开的用户终端 1中, 所述应用数据包括脱机认 证数据和用于终端风险管理和行为分析的数据。  Preferably, in the user terminal 1 disclosed in the present invention, the application data includes offline authentication data and data for terminal risk management and behavior analysis.
优选地, 在接收到来自所述数据处理服务器 3的认证结果通知后, 所 述用户终端 1执行如下操作: 如果所述认证结果通知是安全性信息交互拒 绝应答, 则提示用户安全性信息交互失败, 并且如果所述认证结果通知 是安全性信息交互批准应答, 则执行与当前进行的安全性信息交互过程 相关联的数据处理操作 (例如对电子现金进行扣款) 并生成所述安全性 信息交互数据, 以及将所述安全性信息交互数据传送到所述数据处理服 务器 3。 优选地, 在本发明所公开的用户终端 1中, 所述安全性信息交互数据 包括安全性信息交互凭证(例如交易扣款凭证) 和其他与当前进行的安 全性信息交互过程相关联的信息 (例如安全性信息交互标识符, 诸如订 单号)。 Preferably, after receiving the authentication result notification from the data processing server 3, the user terminal 1 performs the following operations: if the authentication result notification is a security information interaction rejection response, prompting the user that the security information interaction fails And if the authentication result notification is a security information interaction approval response, performing a data processing operation associated with the currently performed security information interaction process (eg, debiting electronic cash) and generating the security information interaction Data, and transferring the security information interaction data to the data processing server 3. Preferably, in the user terminal 1 disclosed in the present invention, the security information interaction data includes a security information interaction credential (such as a transaction debit memo) and other information associated with the currently performed security information interaction process ( For example, a security information interaction identifier, such as an order number).
优选地, 本发明所公开的用户终端 1通过 SSL协议与所述数据处理服 务器 3进行数据通信。  Preferably, the user terminal 1 disclosed by the present invention performs data communication with the data processing server 3 via the SSL protocol.
优选地, 本发明所公开的用户终端 1以加密的方式传送所述安全性信 息交互数据(其包括安全性信息交互凭证), 其中, 将安全性信息交互标 识符 (诸如订单号)作为加密密钥的生成因子。  Preferably, the user terminal 1 disclosed by the present invention transmits the security information interaction data (which includes a security information interaction credential) in an encrypted manner, wherein the security information interaction identifier (such as an order number) is used as an encryption key. The generation factor of the key.
优选地, 本发明所公开的用户终端 1以如下方式从脱机应用获取所述 应用数据: ( 1 )向所述智能卡 4发送选择脱机应用的指令以选择脱机应用; ( 2 )初始化所述脱机应用; ( 3 )提示用户输入针对所述脱机应用的 PIN (个人识别码)从而验证用户的身份, 并且如果验证通过, 则执行后续 操作,而如果验证未通过,则提示重新输入所述针对所述脱机应用的 PIN, 并重复验证过程, 以及如果输入次数超过预定的阈值则提示用户身份验 证失败; 向所述脱机应用发送读取应用数据指令以获取所述应用数据。  Preferably, the user terminal 1 disclosed by the present invention acquires the application data from an offline application in the following manner: (1) transmitting an instruction to select an offline application to the smart card 4 to select an offline application; (2) an initialization station (3) prompting the user to input a PIN (Personal Identification Number) for the offline application to verify the identity of the user, and if the verification passes, perform a subsequent operation, and if the verification fails, prompt to re-enter The PIN for the offline application, and repeating the verification process, and prompting the user for authentication failure if the number of inputs exceeds a predetermined threshold; sending a read application data instruction to the offline application to obtain the application data.
如图 1所示, 本发明公开了一种数据处理服务器 3, 所述数据处理服 务器 3接收并解析来自安全性信息交互装置 2的安全性信息交互请求, 并 基于所述安全性信息交互请求向相应的用户终端 1发送安全性信息交互 确认请求, 所述数据处理服务器 3进一步用于接收所述用户终端 1传送回 的应用数据, 并基于所述应用数据执行认证操作以及将认证结果通知传 送回相应的用户终端 1, 所述数据处理服务器 3进一步用于接收来自所述 用户终端 1的安全性信息交互数据, 并基于所述安全性信息交互数据执行 验证操作以及将与验证结果相关的消息 (例如支付成功确认通知)传送 到所述安全性信息交互装置 2 (例如用于提醒商户开始发货)。  As shown in FIG. 1, the present invention discloses a data processing server 3 that receives and parses a security information interaction request from the security information interaction device 2, and based on the security information interaction request The corresponding user terminal 1 sends a security information interaction confirmation request, and the data processing server 3 is further configured to receive the application data transmitted by the user terminal 1 and perform an authentication operation based on the application data and transmit the authentication result notification back. Corresponding user terminal 1, the data processing server 3 is further configured to receive security information interaction data from the user terminal 1, and perform a verification operation and a message related to the verification result based on the security information interaction data ( For example, a payment success confirmation notification is transmitted to the security information interaction device 2 (for example, to remind the merchant to start shipping).
优选地, 本发明所公开的数据处理服务器 3进一步用于执行如下操 作: 如果所述验证结果是 "验证成功", 则向相应的用户终端 1发送安全 性信息交互成功应答(例如支付成功应答,用于提示用户已经支付完成)。  Preferably, the data processing server 3 disclosed by the present invention is further configured to: if the verification result is "verification successful", send a security information interaction success response (for example, a payment success response) to the corresponding user terminal 1, Used to prompt the user that the payment has been completed).
优选地, 本发明所公开的数据处理服务器 3进一步用于执行如下操 作: 如果所述验证结果是 "验证成功", 则将与验证结果相关的通知(例 如支付结果通知)发送到业务提供方服务器(例如发卡行的相关服务器)。 Preferably, the data processing server 3 disclosed by the present invention is further configured to perform the following operations. If the verification result is "verification successful", a notification related to the verification result (for example, a payment result notification) is sent to the service provider server (for example, the relevant server of the issuing bank).
优选地, 在本发明所公开的数据处理服务器 3中, 所述应用数据包括 脱机认证数据和用于终端风险管理和行为分析的数据。  Preferably, in the data processing server 3 disclosed in the present invention, the application data includes offline authentication data and data for terminal risk management and behavior analysis.
优选地, 在接收到所述用户终端 1传送回的所述应用数据后, 所述数 据处理服务器 3执行如下操作: 解析所述应用数据以获得脱机认证数据和 用于终端风险管理和行为分析的数据; 基于所述脱机认证数据执行认证 操作, 并且如果认证结果为 "认证未通过", 则向相应的用户终端 1传送 回安全性信息交互拒绝应答; 如果认证结果为 "认证通过", 则执行终端 风险管理和行为分析操作 (例如判断电子现金可用余额减去授权金额是 否小于电子现金重置阈值)以确定是否进行后续的安全性信息交互过程, 并且如果确定进行后续的安全性信息交互过程, 则向相应的用户终端 1传 送回安全性信息交互批准应答, 以及如果确定不需进行后续的安全性信 息交互过程, 则向相应的用户终端 1传送回安全性信息交互拒绝应答。  Preferably, after receiving the application data transmitted back by the user terminal 1, the data processing server 3 performs the following operations: parsing the application data to obtain offline authentication data and for terminal risk management and behavior analysis. Data; performing an authentication operation based on the offline authentication data, and if the authentication result is "authentication failed", transmitting a security information interaction rejection response to the corresponding user terminal 1; if the authentication result is "authentication passed", Then performing terminal risk management and behavior analysis operations (eg, determining whether the electronic cash available balance minus the authorized amount is less than an electronic cash reset threshold) to determine whether to perform a subsequent security information interaction process, and if it is determined to perform subsequent security information interaction In the process, the security information interaction approval response is transmitted back to the corresponding user terminal 1, and if it is determined that the subsequent security information interaction process is not required, the security information interaction rejection response is transmitted back to the corresponding user terminal 1.
优选地, 在本发明所公开的数据处理服务器 3中, 所述安全性信息交 互数据包括安全性信息交互凭证(例如交易扣款凭证)和其他与当前进 行的安全性信息交互过程相关联的信息 (例如安全性信息交互标识符, 诸如订单号)。  Preferably, in the data processing server 3 disclosed in the present invention, the security information interaction data includes security information interaction credentials (such as transaction debit memos) and other information associated with the currently performed security information interaction process. (eg security information interaction identifier, such as order number).
优选地, 本发明所公开的数据处理服务器 3执行的所述验证操作包括 验证所述安全性信息交互凭证。  Preferably, the verifying operation performed by the data processing server 3 disclosed by the present invention includes verifying the security information interaction credential.
优选地, 本发明所公开的数据处理服务器 3通过 SSL协议与所述安全 性信息交互装置 2进行数据通信。  Preferably, the data processing server 3 disclosed by the present invention performs data communication with the security information interaction device 2 via the SSL protocol.
优选地, 本发明所公开的数据处理服务器 3通过 SSL协议与所述用户 终端 1进行数据通信。  Preferably, the data processing server 3 disclosed by the present invention performs data communication with the user terminal 1 via the SSL protocol.
优选地, 在本发明所公开的数据处理服务器 3中, 通过对称密钥体系 实现所述认证过程。  Preferably, in the data processing server 3 disclosed in the present invention, the authentication process is implemented by a symmetric key system.
图 2是才 据本发明的实施例的安全性信息交互方法的流程图。 如图 2 所示, 本发明所公开的安全性信息交互方法包括下列步骤: (A1 )用户终 端将来自用户的安全性信息交互指令(例如购买请求)通过网络传送到 远程安全性信息交互装置; (A2 )所述安全性信息交互装置接收来自所述 用户终端的所述安全性信息交互指令, 并基于所述安全性信息交互指令 构造安全性信息交互请求(例如订单) 以及将所述安全性信息交互请求 传送到数据处理服务器; ( A3 )所述数据处理服务器接收并解析来自所述 安全性信息交互装置的所述安全性信息交互请求, 并基于所述安全性信 息交互请求向所述用户终端发送安全性信息交互确认请求; 4 )所述用 户终端接收来自所述数据处理服务器的所述安全性信息交互确认请求 (例如订单支付请求;), 以及基于所述安全性信息交互确认请求从智能卡 器; ( A5 )所述数据处理服务器接收所述用户终端传送回的所述应用数据, 并基于所述应用数据执行认证操作以及将认证结果通知传送回所述用户 终端;( A6 )所述用户终端接收来自所述数据处理服务器的认证结果通知, 并基于所述认证结果通知生成安全性信息交互数据以及将所述安全性信 息交互数据传送到所述数据处理服务器; 7 )所述数据处理服务器接收 来自所述用户终端的所述安全性信息交互数据, 并基于所述安全性信息 交互数据执行验证操作以及将与验证结果相关的消息 (例如支付成功确 认通知)传送到所述安全性信息交互装置(例如用于提醒商户开始发货)。 2 is a flow chart of a method of security information interaction in accordance with an embodiment of the present invention. As shown in FIG. 2, the security information interaction method disclosed by the present invention includes the following steps: (A1) The user terminal transmits a security information interaction instruction (such as a purchase request) from the user to the network to a remote security information interaction device; (A2) the security information interaction device receives the security information interaction instruction from the user terminal, and constructs a security information interaction request (eg, an order based on the security information interaction instruction) And transmitting the security information interaction request to the data processing server; (A3) the data processing server receives and parses the security information interaction request from the security information interaction device, and based on the security The information exchange request sends a security information interaction confirmation request to the user terminal; 4) the user terminal receives the security information interaction confirmation request (eg, an order payment request;) from the data processing server, and based on the The security information interaction confirmation request is received from the smart card device; (A5) the data processing server receives the application data transmitted by the user terminal, and performs an authentication operation based on the application data and transmits an authentication result notification back to the user a terminal (A6) receiving the number from the user terminal Processing an authentication result notification of the server, and generating security information interaction data based on the authentication result notification and transmitting the security information interaction data to the data processing server; 7) receiving, by the data processing server, the user terminal The security information exchanges data, and performs a verification operation based on the security information interaction data and transmits a message related to the verification result (eg, a payment success confirmation notification) to the security information interaction device (eg, for reminding Merchants start shipping).
优选地, 在本发明所公开的安全性信息交互方法中, 所述步骤(A7 ) 进一步包括: 如果所述验证结果是 "验证成功", 则所述数据处理服务器 向所述用户终端发送安全性信息交互成功应答(例如支付成功应答, 用 于提示用户已经支付完成)。  Preferably, in the security information interaction method disclosed in the present invention, the step (A7) further includes: if the verification result is "verification successful", the data processing server sends security to the user terminal The information interaction is successfully answered (for example, a payment success response is used to prompt the user that the payment has been completed).
优选地, 在本发明所公开的安全性信息交互方法中, 所述步骤(A7 ) 进一步包括: 如果所述验证结果是 "验证成功", 则所述数据处理服务器 将与验证结果相关的通知 (例如支付结果通知)发送到业务提供方服务 器(例如发卡行的相关服务器)。  Preferably, in the security information interaction method disclosed in the present disclosure, the step (A7) further includes: if the verification result is "verification successful", the data processing server will notify the verification result ( For example, payment result notifications are sent to the service provider server (for example, the relevant server of the issuer).
优选地, 在本发明所公开的安全性信息交互方法中, 所述用户终端 是移动终端中的客户端, 并且所述网络是移动通信网络。  Preferably, in the security information interaction method disclosed in the present invention, the user terminal is a client in a mobile terminal, and the network is a mobile communication network.
优选地, 在本发明所公开的安全性信息交互方法中, 所述应用数据 包括脱机认证数据和用于终端风险管理和行为分析的数据。 优选地, 在本发明所公开的安全性信息交互方法中, 所述步骤(A5 ) 进一步包括: 在接收到所述用户终端传送回的所述应用数据后, 所述数 据处理服务器执行如下操作: 解析所述应用数据以获得脱机认证数据和 用于终端风险管理和行为分析的数据; 基于所述脱机认证数据执行认证 操作, 并且如果认证结果为 "认证未通过", 则向所述用户终端传送回安 全性信息交互拒绝应答; 如果认证结果为 "认证通过", 则执行终端风险 管理和行为分析操作 (例如判断电子现金可用余额减去授权金额是否小 于电子现金重置阈值) 以确定是否进行后续的安全性信息交互过程, 并 且如果确定进行后续的安全性信息交互过程, 则向所述用户终端传送回 安全性信息交互批准应答, 以及如果确定不需进行后续的安全性信息交 互过程, 则向所述用户终端传送回安全性信息交互拒绝应答。 Preferably, in the security information interaction method disclosed by the present invention, the application data includes offline authentication data and data for terminal risk management and behavior analysis. Preferably, in the security information interaction method disclosed by the present invention, the step (A5) further includes: after receiving the application data transmitted back by the user terminal, the data processing server performs the following operations: Parsing the application data to obtain offline authentication data and data for terminal risk management and behavior analysis; performing an authentication operation based on the offline authentication data, and if the authentication result is "authentication failed", to the user The terminal transmits back the security information interaction rejection response; if the authentication result is "authentication passed", the terminal risk management and behavior analysis operations are performed (for example, determining whether the electronic cash available balance minus the authorized amount is less than the electronic cash reset threshold) to determine whether Performing a subsequent security information interaction process, and if it is determined to perform a subsequent security information interaction process, transmitting a security information interaction approval response to the user terminal, and if it is determined that a subsequent security information interaction process is not required, Transmitting back security information to the user terminal Mutual rejection of the response.
优选地, 在本发明所公开的安全性信息交互方法中, 所述步骤(A6 ) 进一步包括: 在接收到来自所述数据处理服务器的认证结果通知后, 所 述用户终端执行如下操作: 如果所述认证结果通知是安全性信息交互拒 绝应答, 则提示用户安全性信息交互失败, 并且如果所述认证结果通知 是安全性信息交互批准应答, 则执行与当前进行的安全性信息交互过程 相关联的数据处理操作 (例如对电子现金进行扣款) 并生成所述安全性 信息交互数据, 以及将所述安全性信息交互数据传送到所述数据处理服 务器。  Preferably, in the security information interaction method disclosed in the present disclosure, the step (A6) further includes: after receiving the authentication result notification from the data processing server, the user terminal performs the following operations: If the authentication result notification is a security information interaction rejection response, the user security information interaction failure is prompted, and if the authentication result notification is a security information interaction approval response, performing a security information interaction process that is currently performed. Data processing operations (e.g., debiting electronic cash) and generating the security information interaction data, and transmitting the security information interaction data to the data processing server.
优选地, 在本发明所公开的安全性信息交互方法中, 所述安全性信 息交互数据包括安全性信息交互凭证(例如交易扣款凭证)和其他与当 前进行的安全性信息交互过程相关联的信息 (例如安全性信息交互标识 符, 诸如订单号)。  Preferably, in the security information interaction method disclosed by the present invention, the security information interaction data includes a security information interaction credential (such as a transaction debit memo) and other related to the currently performed security information interaction process. Information (such as security information interaction identifiers, such as order numbers).
优选地, 在本发明所公开的安全性信息交互方法中, 所述步骤(A7 ) 进一步包括: 所述数据处理服务器验证所述安全性信息交互凭证。  Preferably, in the security information interaction method disclosed in the present disclosure, the step (A7) further includes: the data processing server verifying the security information interaction credential.
优选地, 在本发明所公开的安全性信息交互方法中, 所述安全性信 息交互装置是所述网络中的节点 (即可以通过所述网络与外部设备进行 数据通信)。  Preferably, in the security information interaction method disclosed in the present invention, the security information interaction device is a node in the network (i.e., data communication with an external device can be performed through the network).
优选地, 在本发明所公开的安全性信息交互方法中, 通过 SSL协议 实现所述安全性信息交互装置与所述数据处理服务器之间的数据通信。 优选地, 在本发明所公开的安全性信息交互方法中, 通过 SSL协议 实现所述用户终端与所述数据处理服务器之间的数据通信。 Preferably, in the security information interaction method disclosed by the present invention, the SSL protocol is adopted. A data communication between the security information interaction device and the data processing server is implemented. Preferably, in the security information interaction method disclosed in the present invention, data communication between the user terminal and the data processing server is implemented by using an SSL protocol.
优选地, 在本发明所公开的安全性信息交互方法中, 通过对称密钥 体系实现所述认证过程。  Preferably, in the security information interaction method disclosed in the present invention, the authentication process is implemented by a symmetric key system.
优选地, 在本发明所公开的安全性信息交互方法中, 所述步骤(A6 ) 进一步包括: 以加密的方式传送所述安全性信息交互数据 (其包括安全 性信息交互凭证), 其中, 将安全性信息交互标识符(诸如订单号)作为 加密密钥的生成因子。  Preferably, in the security information interaction method disclosed in the present disclosure, the step (A6) further includes: transmitting the security information interaction data (including a security information interaction credential) in an encrypted manner, where A security information interaction identifier (such as an order number) is used as a generation factor of the encryption key.
示例性地, 在本发明所公开的安全性信息交互方法中, 所述智能卡 可以是 SIM卡, 或智能 SD卡, 或终端附件等。  Illustratively, in the security information interaction method disclosed by the present invention, the smart card may be a SIM card, or a smart SD card, or a terminal accessory or the like.
优选地, 在本发明所公开的安全性信息交互方法中, 所述步骤(A4 ) 进一步包括: 所述用户终端以如下方式从脱机应用获取所述应用数据: ( 1 )向所述智能卡发送选择脱机应用的指令以选择脱机应用; ( 2 )初始 化所述脱机应用; ( 3 )提示用户输入针对所述脱机应用的 PIN (个人识别 码)从而验证用户的身份, 并且如果验证通过, 则执行后续操作, 而如 果验证未通过, 则提示重新输入所述针对所述脱机应用的 PIN, 并重复验 证过程, 以及如果输入次数超过预定的阈值则提示用户身份验证失败; 向所述脱机应用发送读取应用数据指令以获取所述应用数据。  Preferably, in the security information interaction method disclosed by the present invention, the step (A4) further includes: the user terminal acquiring the application data from an offline application in the following manner: (1) sending the smart card to the smart card Selecting an offline application's instructions to select an offline application; (2) initializing the offline application; (3) prompting the user to enter a PIN (Personal Identification Number) for the offline application to verify the identity of the user, and if verified Passing, then performing a subsequent operation, and if the verification fails, prompting to re-enter the PIN for the offline application, and repeating the verification process, and prompting the user for authentication failure if the number of inputs exceeds a predetermined threshold; The offline application sends a read application data instruction to obtain the application data.
示例性地, 在金融领域中, 所述与当前进行的安全性信息交互过程 相关联的数据处理操作可以是为了完成交易而对电子现金进行的扣款操 作, 并且具体的操作过程可以如下: 所述用户终端向所述智能卡发送扣 款请求; 收到扣款请求后, 所述智能卡执行卡片风险分析以决定是否批 准该交易请求; 如果批准, 则返回脱机交易批准密文 TC, 此时卡内的电 子现金金额已经进行了更新; 如果不批准, 则返回拒绝响应 (例如密文 AAC ); 用户终端判断是否为脱机交易批准 TC密文, 并且如果是, 则组装 脱机交易扣款凭证, 并将该凭证发送给所述智能卡进行加密和 MAC计算; 所述智能卡确认该脱机交易扣款凭证确实属于本帐户的有效脱机交易数 据(即未经处理过的属于本帐户的脱机交易数据), 则完成相关的安全操 作, 而如果确认不是, 则返回错误指示。 Exemplarily, in the financial field, the data processing operation associated with the currently performed security information interaction process may be a debit operation for electronic cash in order to complete the transaction, and the specific operation process may be as follows: The user terminal sends a debit request to the smart card; after receiving the debit request, the smart card performs card risk analysis to decide whether to approve the transaction request; if approved, returns an offline transaction approval ciphertext TC, at this time, the card The electronic cash amount has been updated; if not approved, a rejection response is returned (eg ciphertext AAC); the user terminal determines whether the TC ciphertext is approved for offline transactions, and if so, the offline transaction debit memo is assembled And sending the voucher to the smart card for encryption and MAC calculation; the smart card confirms that the offline transaction debit voucher does belong to the valid offline transaction data of the account (ie, the unprocessed offline belonging to the account) Transaction data), complete the relevant security operations Yes, and if the confirmation is not, an error indication is returned.
由上可见, 本发明所公开的安全性信息交互方法具有如下优点: (1 ) 能够应用于脱机方式的远程信息交互;( 1 )由于使用了多种安全措施 (例 如, 以加密的方式传送安全性信息交互数据, 其中, 将安全性信息交互 标识符(诸如订单号)作为加密密钥的生成因子), 故具有高的安全性。 式并不局限于上述的实施方式。 应该认识到: 在不脱离本发明主旨和范  It can be seen from the above that the security information interaction method disclosed by the present invention has the following advantages: (1) can be applied to remote information interaction in an offline mode; (1) due to the use of multiple security measures (for example, transmission in an encrypted manner) Security information interaction data, in which a security information interaction identifier (such as an order number) is used as a generation factor of an encryption key, so that it has high security. The formula is not limited to the above embodiment. It should be recognized that: without departing from the spirit and scope of the present invention

Claims

1. 一种安全性信息交互方法, 所述安全性信息交互方法包括下列步 骤: A security information interaction method, the security information interaction method comprising the following steps:
( A1 ) 用户终端将来自用户的安全性信息交互指令通过网络传送到 远程安全性信息交互装置;  (A1) the user terminal transmits the security information interaction instruction from the user to the remote security information interaction device through the network;
( A2 ) 所述安全性信息交互装置接收来自所述用户终端的所述安全 性信息交互指令, 并基于所述安全性信息交互指令构造安全性信息交互 请求以及将所述安全性信息交互请求传送到数据处理服务器;  (A2) the security information interaction device receives the security information interaction instruction from the user terminal, and constructs a security information interaction request based on the security information interaction instruction and transmits the security information interaction request To the data processing server;
( A3 ) 所述数据处理服务器接收并解析来自所述安全性信息交互装 置的所述安全性信息交互请求, 并基于所述安全性信息交互请求向所述 用户终端发送安全性信息交互确认请求;  (A3) the data processing server receives and parses the security information interaction request from the security information interaction device, and sends a security information interaction confirmation request to the user terminal based on the security information interaction request;
( A4 ) 所述用户终端接收来自所述数据处理服务器的所述安全性信 息交互确认请求, 以及基于所述安全性信息交互确认请求从智能卡中的 脱机应用获取应用数据并将所述应用数据传送到所述数据处理服务器; (A4) the user terminal receives the security information interaction confirmation request from the data processing server, and acquires application data from an offline application in the smart card based on the security information interaction confirmation request and the application data Transferred to the data processing server;
( A5 ) 所述数据处理服务器接收所述用户终端传送回的所述应用数 据, 并基于所述应用数据执行认证操作以及将认证结果通知传送回所述 用户终端; (A5) the data processing server receives the application data transmitted by the user terminal, and performs an authentication operation based on the application data and transmits an authentication result notification back to the user terminal;
( A6 )所述用户终端接收来自所述数据处理服务器的认证结果通知, 并基于所述认证结果通知生成安全性信息交互数据以及将所述安全性信 息交互数据传送到所述数据处理服务器;  (A6) the user terminal receives an authentication result notification from the data processing server, and generates security information interaction data based on the authentication result notification and transmits the security information interaction data to the data processing server;
( A7 ) 所述数据处理服务器接收来自所述用户终端的所述安全性信 息交互数据, 并基于所述安全性信息交互数据执行验证操作以及将与验 证结果相关的消息传送到所述安全性信息交互装置。  (A7) the data processing server receives the security information interaction data from the user terminal, and performs a verification operation based on the security information interaction data and transmits a message related to the verification result to the security information Interactive device.
2. 根据权利要求 1所述的安全性信息交互方法, 其特征在于, 所述 步骤(A7 )进一步包括: 如果所述验证结果是 "验证成功", 则所述数据 处理服务器向所述用户终端发送安全性信息交互成功应答。  The security information interaction method according to claim 1, wherein the step (A7) further comprises: if the verification result is "verification successful", the data processing server to the user terminal The sending security information is successfully answered.
3. 根据权利要求 2所述的安全性信息交互方法, 其特征在于, 所述 步骤(A7 )进一步包括: 如果所述验证结果是 "验证成功", 则所述数据 处理服务器将与验证结果相关的通知发送到业务提供方服务器。 The security information interaction method according to claim 2, wherein the step (A7) further comprises: if the verification result is "verification successful", the data The processing server sends a notification related to the verification result to the service provider server.
4. 根据权利要求 3所述的安全性信息交互方法, 其特征在于, 所述 用户终端是移动终端中的客户端, 并且所述网络是移动通信网络。  The security information interaction method according to claim 3, wherein the user terminal is a client in a mobile terminal, and the network is a mobile communication network.
5. 根据权利要求 4所述的安全性信息交互方法, 其特征在于, 所述 应用数据包括脱机认证数据和用于终端风险管理和行为分析的数据。  The security information interaction method according to claim 4, wherein the application data comprises offline authentication data and data for terminal risk management and behavior analysis.
6. 根据权利要求 5所述的安全性信息交互方法, 其特征在于, 所述 步骤(A5 )进一步包括: 在接收到所述用户终端传送回的所述应用数据 后, 所述数据处理服务器执行如下操作: 解析所述应用数据以获得脱机 认证数据和用于终端风险管理和行为分析的数据; 基于所述脱机认证数 据执行认证操作, 并且如果认证结果为 "认证未通过", 则向所述用户终 端传送回安全性信息交互拒绝应答; 如果认证结果为 "认证通过", 则执 行终端风险管理和行为分析操作以确定是否进行后续的安全性信息交互 过程, 并且如果确定进行后续的安全性信息交互过程, 则向所述用户终 端传送回安全性信息交互批准应答, 以及如果确定不需进行后续的安全 性信息交互过程, 则向所述用户终端传送回安全性信息交互拒绝应答。  The security information interaction method according to claim 5, wherein the step (A5) further comprises: after receiving the application data transmitted back by the user terminal, the data processing server performs The following operations: parsing the application data to obtain offline authentication data and data for terminal risk management and behavior analysis; performing an authentication operation based on the offline authentication data, and if the authentication result is "authentication failed", Transmitting, by the user terminal, a security information interaction rejection response; if the authentication result is "authentication pass", performing terminal risk management and behavior analysis operations to determine whether to perform a subsequent security information interaction process, and if it is determined to perform subsequent security The sexual information interaction process transmits a security information interaction approval response to the user terminal, and if it is determined that the subsequent security information interaction process is not required, the security information interaction rejection response is transmitted back to the user terminal.
7. 根据权利要求 6所述的安全性信息交互方法, 其特征在于, 所述 步骤(A6 )进一步包括: 在接收到来自所述数据处理服务器的认证结果 通知后, 所述用户终端执行如下操作: 如果所述认证结果通知是安全性 信息交互拒绝应答, 则提示用户安全性信息交互失败, 并且如果所述认 证结果通知是安全性信息交互批准应答, 则执行与当前进行的安全性信 息交互过程相关联的数据处理操作并生成所述安全性信息交互数据, 以 及将所述安全性信息交互数据传送到所述数据处理服务器。  The security information interaction method according to claim 6, wherein the step (A6) further comprises: after receiving the authentication result notification from the data processing server, the user terminal performs the following operations And: if the authentication result notification is a security information interaction rejection response, prompting the user security information interaction failure, and if the authentication result notification is a security information interaction approval response, performing a security information interaction process with the current security information Associated data processing operations and generate the security information interaction data, and communicate the security information interaction data to the data processing server.
8. 根据权利要求 7所述的安全性信息交互方法, 其特征在于, 所述 安全性信息交互数据包括安全性信息交互凭证和其他与当前进行的安全 性信息交互过程相关联的信息。  The security information interaction method according to claim 7, wherein the security information interaction data comprises security information interaction credentials and other information associated with the currently performed security information interaction process.
9. 根据权利要求 8所述的安全性信息交互方法, 其特征在于, 所述 步骤(A7 )进一步包括: 所述数据处理服务器验证所述安全性信息交互 凭证。  The security information interaction method according to claim 8, wherein the step (A7) further comprises: the data processing server verifying the security information interaction credential.
10. 根据权利要求 9所述的安全性信息交互方法, 其特征在于, 通过 SSL 协议实现所述安全性信息交互装置与所述数据处理服务器之间的数 据通信。 10. The security information interaction method according to claim 9, wherein The SSL protocol implements data communication between the security information interaction device and the data processing server.
11. 根据权利要求 10所述的安全性信息交互方法, 其特征在于, 通 过 SSL协议实现所述用户终端与所述数据处理服务器之间的数据通信。  The security information interaction method according to claim 10, wherein data communication between the user terminal and the data processing server is implemented by using an SSL protocol.
12. 根据权利要求 11所述的安全性信息交互方法, 其特征在于, 所 述步骤(A6 )进一步包括: 以加密的方式传送所述安全性信息交互数据, 其中, 将安全性信息交互标识符作为加密密钥的生成因子。  The security information interaction method according to claim 11, wherein the step (A6) further comprises: transmitting the security information interaction data in an encrypted manner, wherein the security information interaction identifier As a generation factor of the encryption key.
13. 根据权利要求 12所述的安全性信息交互方法, 其特征在于, 所 述步骤(A4 ) 进一步包括: 所述用户终端以如下方式从脱机应用获取所 述应用数据: (1 ) 向所述智能卡发送选择脱机应用的指令以选择脱机应 用; ( 2 )初始化所述脱机应用; ( 3 )提示用户输入针对所述脱机应用的 PIN从而验证用户的身份, 并且如果验证通过, 则执行后续操作, 而如果 验证未通过, 则提示重新输入所述针对所述脱机应用的 PIN, 并重复验证 过程, 以及如果输入次数超过预定的阈值则提示用户身份验证失败; 向 所述脱机应用发送读取应用数据指令以获取所述应用数据。  The security information interaction method according to claim 12, wherein the step (A4) further comprises: the user terminal acquiring the application data from an offline application in the following manner: (1) The smart card sends an instruction to select an offline application to select an offline application; (2) initialize the offline application; (3) prompt the user to input a PIN for the offline application to verify the identity of the user, and if the verification passes, Then performing a subsequent operation, and if the verification fails, prompting to re-enter the PIN for the offline application, and repeating the verification process, and prompting the user for authentication failure if the number of inputs exceeds a predetermined threshold; The machine application sends a read application data instruction to obtain the application data.
14. 一种安全性信息交互系统, 所述安全性信息交互系统包括: 至少一个用户终端, 所述至少一个用户终端中的每个用于将来自用 户的安全性信息交互指令通过网络传送到远程安全性信息交互装置, 并 接收来自数据处理服务器的安全性信息交互确认请求, 以及基于所述安 到所述数据处理服务器, 所述至少一个用户终端中的每个进一步用于接 收来自所述数据处理服务器的认证结果通知, 并基于所述认证结果通知 生成安全性信息交互数据以及将所述安全性信息交互数据传送到所述数 据处理服务器;  A security information interaction system, the security information interaction system comprising: at least one user terminal, each of the at least one user terminal for transmitting security information interaction instructions from a user to a remote network a security information interaction device, and receiving a security information interaction confirmation request from the data processing server, and each of the at least one user terminal is further configured to receive the data from the data processing server based on the security information Processing an authentication result notification of the server, and generating security information interaction data based on the authentication result notification and transmitting the security information interaction data to the data processing server;
安全性信息交互装置, 所述安全性信息交互装置用于接收来自所述 用户终端的所述安全性信息交互指令, 并基于所述安全性信息交互指令 构造安全性信息交互请求以及将所述安全性信息交互请求传送到所述数 据处理服务器;  a security information interaction device, configured to receive the security information interaction instruction from the user terminal, and construct a security information interaction request based on the security information interaction instruction and to perform the security a sexual information interaction request is transmitted to the data processing server;
数据处理服务器, 所述数据处理服务器用于接收并解析来自所述安 全性信息交互装置的所述安全性信息交互请求, 并基于所述安全性信息 交互请求向相应的用户终端发送所述安全性信息交互确认请求, 所述数 据处理服务器进一步用于接收所述用户终端传送回的应用数据, 并基于 所述应用数据执行认证操作以及将认证结果通知传送回相应的用户终 端, 所述数据处理服务器进一步用于接收来自所述用户终端的所述安全 性信息交互数据, 并基于所述安全性信息交互数据执行验证操作以及将 与 证结果相关的消息传送到所述安全性信息交互装置; a data processing server, the data processing server for receiving and parsing from the security And the security information interaction confirmation request is sent to the corresponding user terminal, where the data processing server is further configured to receive the user Transmitting back the application data, and performing an authentication operation based on the application data and transmitting the authentication result notification back to the corresponding user terminal, the data processing server further configured to receive the security information interaction data from the user terminal And performing a verification operation based on the security information interaction data and transmitting a message related to the certificate result to the security information interaction device;
智能卡, 所述智能卡用于存储至少一个脱机应用。  A smart card, the smart card is used to store at least one offline application.
15. —种用户终端, 所述用户终端将来自用户的安全性信息交互指 令通过网络传送到远程安全性信息交互装置, 并接收来自数据处理服务 器的安全性信息交互确认请求, 以及基于所述安全性信息交互确认请求 处理服务器, 所述用户终端进一步用于接收来自所述数据处理服务器的 认证结果通知, 并基于所述认证结果通知生成安全性信息交互数据以及 将所述安全性信息交互数据传送到所述数据处理服务器。  15. A user terminal, the user terminal transmits a security information interaction instruction from the user to the remote security information interaction device via the network, and receives a security information interaction confirmation request from the data processing server, and based on the security a sexual information interaction confirmation request processing server, wherein the user terminal is further configured to receive an authentication result notification from the data processing server, and generate security information interaction data based on the authentication result notification and transmit the security information interaction data Go to the data processing server.
16. —种数据处理服务器, 所述数据处理服务器接收并解析来自安 全性信息交互装置的安全性信息交互请求, 并基于所述安全性信息交互 请求向相应的用户终端发送安全性信息交互确认请求, 所述数据处理服 务器进一步用于接收所述用户终端传送回的应用数据, 并基于所述应用 数据执行认证操作以及将认证结果通知传送回相应的用户终端, 所述数 据处理服务器进一步用于接收来自所述用户终端的安全性信息交互数 据, 并基于所述安全性信息交互数据执行验证操作以及将与验证结果相 关的消息传送到所述安全性信息交互装置。  16. A data processing server, the data processing server receiving and parsing a security information interaction request from a security information interaction device, and transmitting a security information interaction confirmation request to a corresponding user terminal based on the security information interaction request The data processing server is further configured to receive application data transmitted by the user terminal, perform an authentication operation based on the application data, and transmit an authentication result notification back to the corresponding user terminal, where the data processing server is further configured to receive Security information exchange data from the user terminal, and performing a verification operation based on the security information interaction data and transmitting a message related to the verification result to the security information interaction device.
PCT/CN2013/084183 2012-09-28 2013-09-25 Security information exchange system, apparatus, and method WO2014048319A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210368401.3 2012-09-28
CN201210368401.3A CN103701762B (en) 2012-09-28 2012-09-28 Security information interaction system, equipment and method

Publications (1)

Publication Number Publication Date
WO2014048319A1 true WO2014048319A1 (en) 2014-04-03

Family

ID=50363161

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/084183 WO2014048319A1 (en) 2012-09-28 2013-09-25 Security information exchange system, apparatus, and method

Country Status (2)

Country Link
CN (1) CN103701762B (en)
WO (1) WO2014048319A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411522A (en) * 2015-08-03 2017-02-15 中兴通讯股份有限公司 Online authentication method based on intelligent card, the intelligent card and authentication server
CN106330883B (en) * 2016-08-19 2019-11-22 中国银联股份有限公司 Safety information interaction method based on quick identifying code
CN107871266B (en) * 2016-09-28 2022-05-27 菜鸟智能物流控股有限公司 Method for acquiring interactive certificate and related device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020038287A1 (en) * 2000-08-30 2002-03-28 Jean-Marc Villaret EMV card-based identification, authentication, and access control for remote access
CN101394615A (en) * 2007-09-20 2009-03-25 中国银联股份有限公司 Mobile payment terminal and payment method based on PKI technique
CN101923757A (en) * 2010-08-05 2010-12-22 中国科学院深圳先进技术研究院 Mobile payment management system
CN102419846A (en) * 2011-12-30 2012-04-18 快钱支付清算信息有限公司 Point of sale (POS) network-based non-near-field payment system and method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2443489B (en) * 2006-11-06 2008-10-15 Visa Europe Ltd Electronic purchasing of tickets
CN101593387B (en) * 2008-05-27 2012-06-27 中国移动通信集团公司 Method, system and equipment for remote payment with local account
AU2009293439B2 (en) * 2008-09-17 2013-01-17 Mastercard International, Inc. Off-line activation/loading of pre-authorized and cleared payment cards
CN102469081B (en) * 2010-11-11 2014-10-08 中国移动通信集团公司 Method, equipment and system for operating smart card
CN102169613B (en) * 2010-12-03 2013-03-13 北京握奇数据系统有限公司 Method and apparatus for dealing with remote business of electronic purse

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020038287A1 (en) * 2000-08-30 2002-03-28 Jean-Marc Villaret EMV card-based identification, authentication, and access control for remote access
CN101394615A (en) * 2007-09-20 2009-03-25 中国银联股份有限公司 Mobile payment terminal and payment method based on PKI technique
CN101923757A (en) * 2010-08-05 2010-12-22 中国科学院深圳先进技术研究院 Mobile payment management system
CN102419846A (en) * 2011-12-30 2012-04-18 快钱支付清算信息有限公司 Point of sale (POS) network-based non-near-field payment system and method

Also Published As

Publication number Publication date
CN103701762A (en) 2014-04-02
CN103701762B (en) 2017-04-19

Similar Documents

Publication Publication Date Title
AU2018202542B2 (en) Automated account provisioning
US10826702B2 (en) Secure authentication of user and mobile device
US10140607B2 (en) Mutual mobile authentication using a key management center
US11620647B2 (en) Provisioning of access credentials using device codes
JP6497834B2 (en) Payment methods and associated payment gateway servers, mobile terminals, and time certificate issuing servers
US20140207682A1 (en) Systems and methods for contactless transaction processing
CN115907763A (en) Providing payment credentials to a consumer
WO2020072340A1 (en) Systems and methods for cryptographic authentication of contactless cards
WO2015000365A1 (en) Quick payment method and system based on location information
JP2015537399A (en) Application system for mobile payment and method for providing and using mobile payment means
KR20100074735A (en) Mobile card payment system and method thereof
KR20180123151A (en) Systems and methods with reduced device processing time
WO2014048319A1 (en) Security information exchange system, apparatus, and method
TW201830917A (en) Safety information interaction method and equipment
US11915221B2 (en) Systems and methods for direct electronic communication of consumer information
EP4250208A1 (en) Devices, methods and a system for secure electronic payment transactions
TW201804407A (en) Host equipment for bank transaction system converting a unique format of the transaction input into a general format which can be identified by a core processing unit

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13841440

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 24-07-2015)

122 Ep: pct application non-entry in european phase

Ref document number: 13841440

Country of ref document: EP

Kind code of ref document: A1