WO2015161691A1 - Secure data interaction method and system - Google Patents

Secure data interaction method and system Download PDF

Info

Publication number
WO2015161691A1
WO2015161691A1 PCT/CN2015/071354 CN2015071354W WO2015161691A1 WO 2015161691 A1 WO2015161691 A1 WO 2015161691A1 CN 2015071354 W CN2015071354 W CN 2015071354W WO 2015161691 A1 WO2015161691 A1 WO 2015161691A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
terminal
cryptographic device
smart
smart cryptographic
Prior art date
Application number
PCT/CN2015/071354
Other languages
French (fr)
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201410171806.7A external-priority patent/CN103944729A/en
Priority claimed from CN201410171461.5A external-priority patent/CN103942687A/en
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of WO2015161691A1 publication Critical patent/WO2015161691A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials

Definitions

  • the present invention relates to the field of information security, and in particular, to a data security interaction method and system.
  • Mobile payment is a service that allows users to use their mobile terminals (such as smart phones, PDAs, tablets, laptops, etc.) to pay for goods or services they consume.
  • the unit or individual sends the payment instruction directly or indirectly to the banking financial institution through the mobile terminal, the Internet or proximity sensing to generate the behavior of money payment and capital circulation, thereby realizing the mobile payment function.
  • Mobile payment combines mobile terminals, the Internet, application providers, and financial institutions to provide users with financial services such as money payment and payment.
  • Mobile payment mainly includes remote payment and near-field payment.
  • Remote payment refers to the user logging in to the bank's webpage through the mobile terminal for payment, account operation, etc., which is mainly applied to the shopping and consumption of online e-commerce websites;
  • near-field payment refers to the instant payment to the merchant through the mobile terminal when the consumer purchases the goods or services.
  • the payment is made, the processing of the payment is performed on site, and the offline operation of the mobile network is not required, and the local communication with the vending machine and the POS machine is realized by using the radio frequency (NFC), infrared, Bluetooth, and the like of the mobile terminal.
  • NFC radio frequency
  • the participants involved in the payment include: consumer users, merchants, mobile operators, third-party service providers, banks.
  • Consumer users and merchants are the service objects of the system, mobile operators provide network support, banks provide bank-related services, and third-party service providers provide payment platform services to achieve business through the combination of all parties.
  • the electronic and mobileization of payment methods has become an inevitable development trend, and the security issue of mobile payment systems is the core issue of mobile e-commerce security.
  • the present invention is directed to solving one of the above problems.
  • a primary object of the present invention is to provide a data security interaction method.
  • Another main object of the present invention is to provide a data security interaction system.
  • An aspect of the present invention provides a data security interaction method, including: a terminal scanning a smart cryptographic device within a signal coverage area, and obtaining identification information of the scanned smart cryptographic device; the terminal according to the scanned smart The identification information of the cryptographic device acquires user information corresponding to the smart cryptographic device; the terminal uses the user information Stored in a pre-established current user list; the terminal generates transaction information according to user information corresponding to the smart cryptographic device to be traded, and obtains transaction request information according to the transaction information; the terminal sends the location to the smart cryptographic device Transmitting the transaction request information; after receiving the transaction request information, the smart cryptographic device obtains the transaction information according to the transaction request information; the smart cryptographic device prompts the transaction information; and the smart cryptographic device receives the confirmation instruction And generating transaction confirmation information; the terminal receiving the transaction confirmation information; the terminal obtaining a transaction data packet according to the transaction confirmation information, and transmitting the transaction data packet to the background system server; the background system server After receiving the transaction data packet, the transaction confirmation information is
  • the acquiring, by the terminal, the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device includes: sending, by the terminal, identification information and user information of the smart cryptographic device to the background system server After the background system server receives the identification information of the smart cryptographic device and the user information reading request, the user information corresponding to the smart cryptographic device is obtained according to the identification information of the smart cryptographic device; The background system server obtains response information of the user information read request according to the user information, and sends response information of the user information read request to the terminal; the terminal receives the user information read After the requested response information, the user information is obtained according to the response information of the user information read request.
  • the acquiring, by the terminal, the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device includes: the terminal, according to the scanned information of the smart cryptographic device, to the smart cryptographic device Sending a user information read request; the smart cryptographic device obtains pre-stored user information, and obtains response information of the user information read request according to the user information, and sends the user information read request to the terminal Response information: after receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request.
  • the method further includes: obtaining, by the terminal, signal coverage at the terminal And generating, by the identifier information of all the smart cryptographic devices, the real-time identification list; the terminal, according to the preset time interval, the identification information of the smart cryptographic device in the real-time identification list and the smart cryptographic device in the current user list The identification information is compared; if the identification information of the smart cryptographic device in the real-time identification list is not in the current user list, the terminal is configured to acquire the smart password according to the scanned identification information of the smart cryptographic device.
  • the terminal scans the smart cryptographic device within the signal coverage range, and obtains the scanned smart password.
  • the method further includes: obtaining, by the terminal, identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generating a real-time identification list; the terminal according to the preset time interval Comparing the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list; if the identification information of the smart cryptographic device in the real-time identification list is not in the current In the user list, the step of acquiring, by the terminal, the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device, and obtaining the user information after the terminal obtains the user information Information is stored in the real-time identification list; and if the identification information of the smart cryptographic device in the real-time identification list is in the current user list, the user of the smart cryptographic device in the current user list is Information is stored in the real-time identification list; and if the identification information of
  • the method further includes: the background system server determining the identifier information of the smart cryptographic device Whether it is included in the abnormal list of the smart password device pre-stored in the background system server; the background system server obtains the locked smart password device after determining that the identification information of the smart password device is in the abnormal list of the smart password device And acquiring, by using the private key of the background system server, the locked smart password device instruction to obtain a fifth signature information, and sending, by the terminal, the locked smart password device instruction and the fifth to the smart password device Signing information; after receiving the locked smart cryptographic device command and the fifth signature information, the smart cryptographic device verifies the fifth signature information by using a public key in the pre-stored background system server certificate; The smart cryptographic device is verifying the fifth signature letter Passed, according to the apparatus instructions smart password lock locking operation is performed.
  • the method further includes: the background system server receiving the terminal registration application, and reviewing the terminal registration application; the background system server sending the terminal password to the terminal after reviewing the terminal registration application
  • the key pair generates an instruction; after receiving the terminal key pair generation instruction, the terminal generates a terminal key pair; the terminal sends the public key in the terminal key pair to the background system server; After receiving the public key in the terminal key pair, the system server generates the terminal certificate, and sends the terminal certificate to the terminal; the terminal stores the terminal certificate; and the background system server receives the smart
  • the password device registration application is performed, and the smart password device registration application is reviewed; the background system server sends a smart password device key pair generation instruction to the smart password device after reviewing the smart password device registration application; After the smart cryptographic device receives the smart cryptographic device key pair generation instruction, generating a smart password a backup key pair; the smart cryptographic device sends a public key in the smart cryptographic device key pair to the background system server; after the background system server receives the public key in the smart cryptographic device key pair
  • the method further includes: the terminal acquiring a terminal account cancellation application, signing the account cancellation application with the private key of the terminal to obtain a sixth signature information, and transmitting the terminal pin to the background system server. a user application and the sixth signature information; the background system server, after receiving the terminal account cancellation application and the sixth signature information, using the public key in the pre-stored terminal certificate to the sixth signature information Performing verification; after verifying that the sixth signature information is passed, the background system server deletes the pre-stored terminal certificate, and generates terminal account completion information, and sends the terminal account completion information to the terminal; After receiving the information about the completion of the terminal, the terminal deletes the private key of the terminal; and/or the smart cryptographic device obtains a smart PIN device account cancellation application, and uses the private key of the smart cryptographic device to Applying for signature to obtain the seventh signature information, and sending the smart password device account cancellation application and the seventh signature information to the background system server; After receiving the smart PIN device account cancellation application and the seventh signature information, the background system server uses the pre-store
  • the background system server after the background system server receives the identification information of the smart cryptographic device and the user information read request, the background system server sends the response information of the user information read request to the terminal.
  • the method further includes: the background system server sends the user authorization request information to the smart cryptographic device by using the terminal; the smart cryptographic device generates the authorization information after receiving the user authorization request information, and Sending, by the terminal, the authorization information to the background system server; after the background system server receives the authorization information, executing, by the background system server, sending the response information of the user information read request to the terminal A step of.
  • the step of generating the authorization information includes: after receiving the user authorization request information, the smart cryptographic device converts from a sleep state to an awake state; The smart cryptographic device generates authorization information in the awake state.
  • the step of obtaining the transaction information according to the transaction request information includes: after receiving the transaction request information, the smart cryptographic device converts from a sleep state to Awakening state; the smart cryptographic device obtains the transaction information according to the transaction request information in an awake state.
  • the step of generating the transaction confirmation information by the smart cryptographic device comprises: the smart cryptographic device signing the transaction information by using a private key of the smart cryptographic device, generating transaction signature information as transaction confirmation information; or the intelligence The cryptographic device generates a dynamic password as the transaction confirmation information.
  • the step of generating the transaction confirmation information by the smart cryptographic device comprises: generating a single time by the smart cryptographic device Transmitting the identifier, and signing the transaction information and the single transaction identifier by using a private key of the smart cryptographic device to generate transaction signature information as transaction confirmation information; or the smart cryptographic device generates a single transaction identifier, utilizing The private key of the smart cryptographic device signs the single transaction identifier to obtain signature information of the single transaction identifier, and generates a dynamic password, and the signature information of the single transaction identifier and the dynamic password are used as transaction confirmation information.
  • the step of the terminal receiving the transaction confirmation information includes: the terminal receiving an acoustic wave signal sent by the smart cryptographic device and decoding the acoustic wave signal to obtain transaction confirmation information; or the terminal collecting the smart password And the image information displayed by the device is decoded to obtain the transaction confirmation information; or the terminal receives the transaction confirmation information through a communication interface that the terminal matches with the smart cryptographic device; or the terminal passes The information input by the terminal obtains the transaction confirmation information.
  • the background system server verifies the transaction confirmation information, and after the step of performing the transaction after the verification is passed, the method further includes: the background system server sending the transaction success receipt information to the terminal; The background system server sends a transaction success receipt information to the smart cryptographic device through the terminal; after receiving the transaction success receipt information, the smart cryptographic device prompts the transaction success receipt information.
  • the method further includes: the terminal sending the refund information to the smart password device; After receiving the refund information, the cryptographic device prompts the refund information; the smart cryptographic device receives the refund confirmation instruction, and signs the refund information by using the private key of the smart cryptographic device to generate a refund Confirmation information; the terminal receives the refund confirmation information, verifies the refund confirmation information, and after the verification is passed, uses the private key of the terminal to sign the refund confirmation information to generate a refund Confirming the package; the terminal sending the refund confirmation package and the refund confirmation information to the background system server; after the background system server receives the refund confirmation package and the refund confirmation information, respectively The refund confirmation package and the refund confirmation information are verified, and after all verification is passed, the refund operation is performed.
  • the method further includes: the smart password device sending a refund request to the terminal; the terminal Generating a refund information, and sending the refund information to the smart password device; after receiving the refund information, the smart password device prompts the refund information; the smart password device receives a refund confirmation instruction And signing the refund information by using a private key of the smart cryptographic device to generate refund confirmation information; the terminal receiving the refund confirmation information, verifying the refund confirmation information, and verifying After passing, the refund confirmation information is signed by using the private key of the terminal to generate a refund confirmation package; the terminal sends the refund confirmation package and the refund confirmation information to the background system server; After receiving the refund confirmation package and the refund confirmation information, the background system server separately checks the refund confirmation package and the refund confirmation information After, and all verified, perform the refund operation Work.
  • the method further includes: the smart password device sending a refund request to the terminal; the terminal Generating a refund request identifier, and sending the refund request identifier to the smart password device; after receiving the refund request identifier, the smart password device generates refund information and utilizes the private password device Keys sign the refund information, obtain refund confirmation information, and send the refund confirmation information to the terminal; the terminal receives the refund confirmation information, and verify the refund confirmation information.
  • the refund confirmation information is signed by using the private key of the terminal to generate a refund confirmation package; the terminal sends the refund confirmation package and the refund confirmation to the background system server.
  • Information after the background system server receives the refund confirmation package and the refund confirmation information, respectively, the refund confirmation package and the refund confirmation letter Verified and validated after all, perform the refund operation.
  • the refund information also includes an electronic statement.
  • the transaction success receipt information also includes an electronic statement.
  • the transaction information also includes an electronic statement.
  • the method further includes: the smart cryptographic device enters a scanable state.
  • the method further includes: the terminal and the background system server performing mutual authentication.
  • the mutual authentication between the terminal and the background system server includes: the terminal generates first to-be-signed information; the terminal sends the first to-be-signed information and the first authentication request information to the background system server; After receiving the first to-be-signed information and the first authentication request information, the server generates second to-be-signed information; the background system server sends the second to-be-signed information and the background system server certificate to the terminal; After receiving the second to-be-signed information and the background system server certificate, the terminal uses the root certificate corresponding to the pre-stored background system server certificate to verify whether the background system server certificate is legal; the terminal is verifying the background.
  • the first signature information and the second signature information are signed by the private key of the terminal to generate first signature information;
  • the terminal sends the first to the background system server a signature information and a terminal certificate;
  • the background system server utilizes the pre-stored end
  • the root certificate corresponding to the certificate verifies whether the terminal certificate is legal;
  • the background system server verifies the first signature information by using a public key in the terminal certificate after verifying that the terminal certificate is legal;
  • the background system server is After the first signature information is verified, the background authentication completion message is generated, and the background authentication completion message is sent to the terminal; after receiving the background authentication completion message, the terminal verifies the background authentication completion message;
  • the terminal After verifying that the background authentication completion message is passed, the terminal passes the Generating a terminal authentication first completion message, and sending the terminal authentication first completion message to the background system server; after the background system server receives the terminal authentication first completion message, verifying the terminal authentication first completion message After the background system server verifies that the terminal authentication first completion message passes, the terminal and the background system
  • the first authentication request information includes the identifier information of the terminal; after the background system server receives the first to-be-signed information and the first authentication request information, it is determined whether the identifier information of the terminal includes And determining, by the backend system server, the terminal abnormality list pre-stored in the background system server; after determining that the identification information of the terminal is in the abnormal list of the terminal, the background system server acquires a lock terminal instruction, and uses the background system server The private key signs the locked terminal instruction to obtain the fourth signature information, and sends the locked terminal instruction and the fourth signature information to the terminal; the terminal receives the locked terminal instruction and the fourth signature information Then, the fourth signature information is verified by using a public key in the pre-stored background system server certificate; after verifying that the fourth signature information is passed, the terminal performs a locking operation according to the locked terminal instruction.
  • the method further includes: the terminal and the smart cryptographic device perform mutual authentication.
  • the mutual authentication of the terminal and the smart cryptographic device includes: the terminal generates third to-be-signed information; the terminal sends the third to-be-signed information and the second authentication request information to the smart cryptographic device; After receiving the third to-be-signed information and the second authentication request information, the smart cryptographic device generates fourth to-be-signed information; the smart cryptographic device uses the private key of the smart cryptographic device to the third The information to be signed is signed to obtain the second signature information, and the fourth to-be-signed information, the second signature information, and the smart cryptographic device certificate are sent to the terminal; the terminal receives the fourth to-be-signed information, After the second signature information and the smart cryptographic device certificate, the root certificate corresponding to the pre-stored smart cryptographic device certificate is used to verify whether the smart cryptographic device certificate is legal; after the terminal verifies that the smart cryptographic device certificate is legal, Verifying the second signature information by using a public key in the smart cryptographic device certificate; the terminal is at the verification office After the second signature information is passed, the third signature
  • a third signature information and the terminal certificate after receiving the third signature information and the terminal certificate, the smart cryptographic device verifies whether the terminal certificate is legal by using a pre-stored root certificate corresponding to the terminal certificate; After verifying that the terminal certificate is legal, the smart cryptographic device uses the public key in the terminal certificate to verify the third signature information; after the smart cryptographic device verifies the third signature information, the smart cryptographic device generates intelligence.
  • a cryptographic device authentication completion message the smart cryptographic device sends the smart cryptographic device authentication completion message to the terminal; after receiving the smart cryptographic device authentication completion message, the terminal verifies the smart cryptographic device authentication completion message; After the terminal verifies that the smart cryptographic device authentication completion message is passed, the terminal generates a terminal.
  • the second second completion message is sent to the smart cryptographic device, and the smart cryptographic device verifies the second authentication completion message after receiving the terminal authentication second completion message; After the smart cryptographic device verifies the terminal authentication second completion message, the terminal and the smart cryptographic device complete mutual authentication.
  • the step of generating the fourth to-be-signed information includes: the smart cryptographic device receiving the second authentication request After the information, the sleep state is converted to the awake state; the smart cryptographic device generates the fourth to-be-signed information in the awake state.
  • the information transmitted between the background system server and the terminal is transmitted through the first session key encryption calculation and/or the verification calculation, wherein the first session key is pre-existing in the background system server.
  • the first session key in the terminal or the first session key is negotiated and generated by the background system server and the terminal; and/or the information transmitted between the terminal and the smart cryptographic device passes the second session key Encrypted computing and/or verifying post-calculation transmission, wherein the second session key is pre-existing in the terminal and the smart cryptographic device or the second session key passes through the terminal and the smart cryptographic device Negotiate generation.
  • a data security interaction system including: a terminal configured to scan a smart cryptographic device within a signal coverage area, and obtain the scanned identification information of the smart cryptographic device; according to the scanned The identification information of the smart cryptographic device acquires the user information corresponding to the smart cryptographic device; stores the user information in a pre-established current user list; generates transaction information according to the user information corresponding to the smart cryptographic device to be traded, and generates the transaction information according to the Transmitting transaction information to obtain transaction request information; transmitting the transaction request information to the smart cryptographic device; receiving transaction confirmation information, wherein the transaction confirmation information is generated by the smart cryptographic device; obtaining transaction data according to the transaction confirmation information And sending the transaction data packet to the background system server; the smart cryptographic device is configured to receive the transaction request information sent by the terminal, and obtain the transaction information according to the transaction request information; Transaction information; receiving confirmation instructions and generating transactions
  • the background system server is configured to receive the transaction data packet sent by the terminal, obtain the transaction confirmation information according to the transaction data packet
  • the terminal is further configured to send the identification information of the smart cryptographic device and the user information read request to the background system server, and receive the response information of the user information read request sent by the background system server, according to the The response information of the user information read request obtains the user information;
  • the background system server is further configured to receive the identification information of the smart cryptographic device and the user information read request sent by the terminal, according to the The identification information of the smart cryptographic device acquires user information corresponding to the smart cryptographic device; obtains response information of the user information read request according to the user information, and sends a response to the user information read request to the terminal information.
  • the terminal is further configured to send the smart password according to the scanned identifier information of the smart cryptographic device.
  • the code device sends a user information read request; receives response information of the user information read request sent by the smart cryptographic device, and obtains the user information according to the response information of the user information read request; the smart cryptographic device further And configured to obtain pre-stored user information, obtain response information of the user information read request according to the user information, and send response information of the user information read request to the terminal.
  • the terminal is further configured to scan the smart cryptographic device within the signal coverage range, and obtain the scanned identification information of the smart cryptographic device, and obtain all the smart cryptographic devices within the signal coverage range of the terminal. Identifying the information, generating a real-time identification list; comparing the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval; If the identification information of the smart cryptographic device in the identification list is not in the current user list, the user information corresponding to the smart cryptographic device is obtained according to the scanned identification information of the smart cryptographic device; and if the current user list is in the current user list If the identification information of the smart cryptographic device is not in the real-time identifier list, the user information of the smart cryptographic device that is not in the real-time identifier list in the current user list is deleted.
  • the terminal is further configured to scan the smart cryptographic device within the signal coverage range, and obtain the scanned identification information of the smart cryptographic device, and obtain all the smart cryptographic devices within the signal coverage range of the terminal. Identifying the information, generating a real-time identification list; comparing the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval; If the identification information of the smart cryptographic device in the identifier list is not in the current user list, the user information corresponding to the smart cryptographic device is obtained according to the scanned information of the smart cryptographic device, and the terminal obtains the After the user information is stored, the user information is stored in the real-time identification list; and if the identification information of the smart cryptographic device in the real-time identification list is in the current user list, the current user is User information of the smart cryptographic device in the list is stored in the real-time identification list; Said real-time identification list as the updated list of current users.
  • the background system server is further configured to: after the terminal sends the identifier information of the smart cryptographic device and the user information read request to the background system server, determine whether the identifier information of the smart cryptographic device is included in the background The smart password device exception list pre-stored in the system server; after determining that the smart password device identification information is in the smart password device abnormal list, acquiring the lock smart password device instruction, and using the background system server private
  • the key pair locks the smart cryptographic device command to obtain a fifth signature information, and sends the locked smart cryptographic device command and the fifth signature information to the smart cryptographic device through the terminal;
  • the smart cryptographic device is further configured Receiving the locked smart cryptographic device command and the fifth signature information, verifying the fifth signature information by using a pre-stored public key in the background system server certificate; after verifying that the fifth signature information is passed Actuating the lock according to the locked smart password device instruction Operation.
  • the background system server is further configured to receive a terminal registration application, and review the terminal registration application; after reviewing the terminal registration application, send a terminal key pair generation instruction to the terminal; Generating the terminal certificate by the public key in the terminal key pair sent by the terminal, and transmitting the terminal certificate to the terminal; and the background system server is further configured to receive the smart password device registration application, and The smart password device registration application is reviewed; after the verification of the smart password device registration application is passed, the smart password device key pair generation instruction is sent to the smart password device; and the smart password device sent by the smart password device is received.
  • the terminal is further configured to receive the terminal secret sent by the background system server
  • the key pair generates an instruction to generate a terminal key pair; and sends the terminal secret to the background system server a public key of the pair; storing the terminal certificate
  • the smart cryptographic device is further configured to receive the smart cryptographic device key pair generation instruction sent by the background system server, and generate a smart cryptographic device key pair
  • the background system server sends the public key in the smart cryptographic device key pair; and stores the smart cryptographic device certificate.
  • the terminal is further configured to acquire a terminal account cancellation application, use the private key of the terminal to sign the account cancellation application to obtain a sixth signature information, and send the terminal account cancellation application to the background system server.
  • the sixth signature information receiving the terminal account completion information sent by the background system server, deleting the private key of the terminal;
  • the background system server is further configured to receive the terminal account sent by the terminal After the application and the sixth signature information, verifying the sixth signature information by using the public key in the pre-stored terminal certificate; after verifying that the sixth signature information is passed, deleting the pre-stored terminal certificate, And generating a terminal account completion information, and sending the terminal account completion information to the terminal;
  • the smart password device is further configured to obtain a smart password device account cancellation application, and using the private key of the smart password device Signing the account application to obtain the seventh signature information, and sending the smart password device account cancellation application and the office to the background system server The seventh signature information is received; the smart password device account completion information sent by the background system server is received, and the private key of the sixth
  • Declaring the seventh signature information by using the pre-stored public key in the smart cryptographic device certificate; and verifying that the seventh signature information is deleted after the smart PIN device account cancellation application and the seventh signature information are described; Pre-storing the smart password device certificate, and generating a smart password device account completion information, and sending the smart password device account completion information to the smart password device.
  • the background system server is further configured to send user authorization request information to the smart cryptographic device by using the terminal, and after receiving the authorization information sent by the smart cryptographic device by using the terminal, send the The response information of the user information read request; the smart cryptographic device is further configured to receive the user authorization request information, generate authorization information, and send the authorization information to the background system server by using the terminal.
  • the smart cryptographic device is further configured to be in a dormant state after receiving the user authorization request information. Convert to wake-up state; generate authorization information in wake-up state.
  • the smart cryptographic device is further configured to receive the transaction request information, and switch from a sleep state to an awake state; and obtain the transaction information according to the transaction request information in an awake state.
  • the smart cryptographic device is further configured to sign the transaction information by using a private key of the smart cryptographic device, generate transaction signature information as transaction confirmation information or generate a dynamic password as transaction confirmation information.
  • the smart cryptographic device is further configured to generate a single transaction identifier, and use the private key of the smart cryptographic device to sign the transaction information and the single transaction identifier, and generate transaction signature information as transaction confirmation information.
  • the smart cryptographic device is further configured to generate a single transaction identifier, sign the single transaction identifier with the private key of the smart cryptographic device, obtain signature information of the single transaction identifier, and generate a dynamic password, and The signature information of the one-time transaction identifier and the dynamic password are used as transaction confirmation information.
  • the terminal is further configured to receive the sound wave signal sent by the smart cryptographic device and decode the sound wave signal to obtain transaction confirmation information; or collect image information displayed by the smart cryptographic device and perform the image information Decoding to obtain the transaction confirmation information; or receiving the transaction confirmation information by a communication interface that the terminal matches with the smart cryptographic device; or obtaining the transaction confirmation information by using information input by the terminal.
  • the background system server is further configured to: after verifying the transaction confirmation information, and after performing the transaction after the verification is passed, send the transaction success receipt information to the terminal; and/or
  • the smart cryptographic device sends a transaction success receipt information; the smart cryptographic device is further configured to receive the transaction success receipt information, and prompt the transaction success receipt information.
  • the terminal is further configured to verify the transaction confirmation information in the background system server, and send the refund information to the smart password device after performing the transaction after the verification is passed; receiving the refund confirmation information, Declaring the refund confirmation information, and after the verification is passed, signing the refund confirmation information by using the private key of the terminal to generate a refund confirmation package; and sending the refund confirmation package to the background system server and The refund confirmation information;
  • the smart password device is further configured to: after receiving the refund information sent by the terminal, prompting the refund information; receiving a refund confirmation instruction, and using the smart password device The private key signs the refund information to generate refund confirmation information;
  • the background system server is further configured to receive the refund confirmation package and the refund confirmation information sent by the terminal, respectively The refund confirmation package and the refund confirmation information are verified, and after all verification is passed, the refund operation is performed.
  • the smart cryptographic device is further configured to: after the background system server verifies the transaction confirmation information, and after performing the transaction after the verification is passed, send a refund request to the terminal; and receive the After the refund information, prompting the refund information; receiving a refund confirmation instruction, and signing the refund information by using a private key of the smart password device to generate refund confirmation information; the terminal is further configured to Generate a refund message and send it to the The cryptographic device sends the refund information; receives the refund confirmation information, verifies the refund confirmation information, and after the verification is passed, signs the refund confirmation information by using the private key of the terminal Generating a refund confirmation package; sending the refund confirmation package and the refund confirmation information to the background system server; the background system server is further configured to receive the refund confirmation package and the The refund confirmation information is verified, and the refund confirmation package and the refund confirmation information are respectively verified, and after all verification is passed, the refund operation is performed.
  • the smart cryptographic device is further configured to verify the transaction confirmation information in the background system server, and send a refund request to the terminal after performing the transaction after the verification is passed; and receive the refund sent by the terminal Requesting an identifier, generating refund information, and signing the refund information by using a private key of the smart cryptographic device, obtaining refund confirmation information, and transmitting the refund confirmation information to the terminal; the terminal, And configured to generate a refund request identifier, and send the refund request identifier to the smart password device; receive the refund confirmation information, verify the refund confirmation information, and after the verification is passed, use the Declaring, by the private key of the terminal, the refund confirmation information to generate a refund confirmation package; sending the refund confirmation package and the refund confirmation information to the background system server; the background system server is further configured to Receiving the refund confirmation package and the refund confirmation information sent by the terminal, respectively verifying the refund confirmation package and the refund confirmation information And, after all verified, perform the refund operation.
  • the refund information also includes an electronic statement.
  • the transaction success receipt information also includes an electronic statement.
  • the transaction information also includes an electronic statement.
  • the smart cryptographic device is further configured to enter a scannable state before being scanned by the terminal within the signal coverage.
  • the terminal further performs mutual authentication with the background system server.
  • the terminal is further configured to generate first to-be-signed information, send the first to-be-signed information and the first authentication request information to the background system server, and receive the second to-be-signed information and the information sent by the background system server.
  • the background system server certificate is used to verify whether the background system server certificate is legal by using the root certificate corresponding to the pre-stored background system server certificate; after verifying that the background system server certificate is legal, the first key of the terminal is used to the first
  • the signature information and the second signature information are signed to generate first signature information; the first signature information and the terminal certificate are sent to the background system server; after receiving the background authentication completion message sent by the background system server, And verifying the background authentication completion message; after verifying that the background authentication completion message is passed, generating a terminal authentication first completion message, and sending the terminal authentication first completion message to the background system server; Configuring to receive the first to be sent sent by the terminal And the first authentication request information, generating the second to-be-signed information; transmitting the second to-be-signed information and the background system
  • the background system server is further configured to receive the first to-be-signed information and the first authentication request information that are sent by the terminal, where the first authentication request information includes identifier information of the terminal; Determining whether the identification information of the terminal is included in a terminal abnormal list pre-stored in the background system server; after determining that the identification information of the terminal is in the terminal abnormal list, acquiring a locked terminal instruction, and using the The private key of the background system server signs the locked terminal instruction to obtain the fourth signature information, and sends the locked terminal instruction and the fourth signature information to the terminal; the terminal is further configured to receive the background system server Sending the locked terminal instruction and the fourth signature information, verifying the fourth signature information by using a public key in the pre-stored background system server certificate; after verifying that the fourth signature information is passed, according to The locking terminal instructs to perform a locking operation.
  • the terminal further performs mutual authentication with the smart cryptographic device.
  • the terminal is further configured to generate third to-be-signed information, and send the third to-be-signed information and the second authentication request information to the smart cryptographic device, and receive the fourth to-be-sent sent by the smart cryptographic device. And verifying, by the root certificate corresponding to the pre-stored smart cryptographic device certificate, whether the smart cryptographic device certificate is legal; and verifying that the smart cryptographic device certificate is legal, using the signature information, the second signature information, and the smart cryptographic device certificate; The public key in the smart cryptographic device certificate verifies the second signature information; after verifying that the second signature information is passed, using the private key of the terminal to the third to-be-signed information and the And signing the fourth signature information to obtain the third signature information; sending the third signature information and the terminal certificate to the smart cryptographic device; and receiving the smart cryptographic device authentication completion message sent by the smart cryptographic device, and verifying the The smart password device authentication completion message is generated; after verifying that the smart password device authentication completion message is passed, generating Ending the second completion message, and sending the terminal
  • the smart cryptographic device is further configured to: after receiving the second authentication request information, transition from a sleep state to an awake state; and generate a fourth to-be-signed information in the awake state.
  • the information transmitted between the background system server and the terminal is transmitted through the first session key encryption calculation and/or the verification calculation, wherein the first session key is pre-existing in the background system server.
  • the first session key in the terminal or the first session key is negotiated and generated by the background system server and the terminal; and/or the information transmitted between the terminal and the smart cryptographic device passes the second session key Encrypted computing and/or verifying post-calculation transmission, wherein the second session key is pre-existing in the terminal and the smart cryptographic device or the second session key passes through the terminal and the smart cryptographic device Negotiate generation.
  • the customer can complete the payment without using a wallet, a credit card, a mobile phone, etc., thereby simplifying the interaction between the customer and the merchant in the payment process, improving the payment efficiency, and improving the customer's The experience in the near-field payment process; at the same time, the security features of the smart cryptographic device are used to ensure the security of the customer payment process.
  • the terminal After the customer purchases the goods, the terminal does not need to obtain the user information by manually swiping the card or swiping the mobile phone.
  • the customer When the customer settles the account, the customer only needs to report his/her name, and the terminal can directly report the transaction amount after the settlement.
  • the smart password device is sent to the customer and displayed. At this time, the customer only needs to confirm with the smart password device and output the transaction confirmation information, and the terminal generates the transaction data packet and sends it to the background system server, and the background system server verifies that the transaction data packet is accurate. After the transfer process, the payment process can be completed.
  • the network connection between the smart cryptographic device and the terminal is automatically interrupted, and the user information disappears from the current user list of the store. If the customer enters another store again, he will automatically enter the current user list of the other store and start another shopping. This allows the customer to have a seamless experience without requiring the customer to perform any operations.
  • FIG. 1 is a schematic structural diagram of a data security interaction system provided by the present invention.
  • FIG. 2 is a flow chart of a data security interaction method provided by the present invention.
  • connection In the description of the present invention, it should be noted that the terms “installation”, “connected”, and “connected” are to be understood broadly, and may be fixed or detachable, for example, unless otherwise explicitly defined and defined. Connected, or integrally connected; can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
  • Connected, or integrally connected can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components.
  • first and second are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
  • the data security interaction method provided by the present invention is applicable to the system architecture shown in FIG. 1, and includes: a background system server, a terminal, and a smart cryptographic device. among them:
  • the background system server can complete the management of the terminal and the smart cryptographic device and the storage and delivery management of the user information, for example, including registration, account cancellation, locking, authentication, etc. of the terminal and the smart cryptographic device, which can provide bank related services.
  • Financial services such as payment platform services; may include a combination of one or more servers such as a payment server, an authentication server, and a management server.
  • the terminal can be a terminal of the merchant terminal to complete the initiation of the mobile payment, the authentication of the smart cryptographic device and the background system server, the maintenance of the user information, etc., and the terminal can automatically scan the smart cryptographic device within the coverage of the signal, and establish and The communication connection of the smart cryptographic device acquires the user information corresponding to the smart cryptographic device.
  • the smart cryptographic device has a function of secure payment (for example, electronic signature, dynamic password generation) and authentication of the terminal, and the smart cryptographic device has a wireless communication module (for example: Bluetooth, infrared, RFID, NFC, light, sound wave, heat, vibration) , WIFI, etc., can communicate with the terminal through the wireless communication module, of course, the smart password device can also include a wired interface (eg, audio interface, USB interface, serial port, etc.), and communicate with the terminal through the wired interface . In addition, the smart password device can also have a connection option function. If the user does not enable the function, the terminal cannot obtain the identification information of the smart password device and the corresponding user information.
  • a wireless communication module for example: Bluetooth, infrared, RFID, NFC, light, sound wave, heat, vibration
  • WIFI wireless communication module
  • the smart password device can also include a wired interface (eg, audio interface, USB interface, serial port, etc.), and communicate with the terminal through the wired interface .
  • a smart cryptographic device can enter a state that can be scanned for the terminal to scan to the smart cryptographic device.
  • the connection option function of the smart password device can be implemented for the hardware switch set on the smart password device, or can be opened by the software for the smart password device. Enlightened.
  • the data security interaction method provided by the present invention includes the following steps 1 to 6.
  • Step 1 The terminal and the smart password device register with the background system server.
  • the terminal registers with the background system server and the smart password device registers with the background system server. These two aspects are described in detail below.
  • the terminal registers with the background system server, where:
  • the background system server receives the terminal registration application and reviews the terminal registration application; specifically, the merchant can go to the bank counter to apply for registration of the terminal, or apply for registration of the terminal through the Internet, and the background system server receives the registration application. After that, the legality of the identity of the merchant is reviewed.
  • the background system server After the auditing terminal registration application is approved, the background system server sends a terminal key pair generation instruction to the terminal. Specifically, after the background system server verifies the legality of the merchant identity, the server system agrees to register the terminal of the merchant and sends the terminal to the terminal.
  • the key pair generation instruction is configured to instruct the terminal to generate a terminal key pair, the terminal key pair including a pair of public and private keys.
  • the terminal After receiving the terminal key pair generation instruction, the terminal generates a terminal key pair. Specifically, the terminal may preset a key pair generation manner, and after the terminal receives the terminal key pair generation instruction, according to the preset The key pair generation method generates a terminal key pair, that is, generates a pair of public and private keys.
  • the terminal sends the public key in the terminal key pair to the background system server; specifically, the terminal can send the public key in the generated terminal key pair to the background system server through the trusted communication link to ensure the terminal
  • the security of public key transmission; the public key in the terminal key pair generated by the public key can also be sent to the background system server through the Internet, so as to improve the convenience of the public key transmission of the terminal.
  • the background system server After receiving the public key in the terminal key pair, the background system server generates a terminal certificate and sends the terminal certificate to the terminal.
  • the background system server may perform the information of the merchant and the public key of the terminal by using the private key of the background system server. Calculating and generating a terminal certificate; the background system server may further include a CA server, and the terminal certificate is generated by calculating the information of the merchant and the public key of the terminal by using the private key of the CA server; the background system server may also use the information of the merchant and the public of the terminal.
  • the key is sent to the CA.
  • the CA calculates the terminal certificate based on the private key of the CA and the public key of the terminal, and sends the terminal certificate to the terminal through the background system server.
  • the terminal stores the terminal certificate. Specifically, after receiving the terminal certificate sent by the background system server, the terminal stores the terminal certificate in a storage area where the security function is executed. Of course, for different back-end system servers, the terminal can also store different terminal certificates sent by different back-end system servers.
  • the smart password device registers with the background system server, where:
  • the background system server receives the smart password device registration application and audits the smart password device registration application; specifically, the user holding the smart password device can apply for the registration of the smart password device at the bank counter, or can handle the smart through the Internet. After the registration request of the cryptographic device, the background system server receives the registration application and reviews the legality of the identity of the user.
  • the background system server sends a smart password device key pair generation instruction to the smart password device; specifically, the background system server approves the legality of the user identity, and then agrees to the user's smart password.
  • the device performs registration, and sends a key pair generation instruction to the smart cryptographic device, and is configured to instruct the smart cryptographic device to generate a smart cryptographic device key pair, the smart cryptographic device key pair including a pair of public and private keys.
  • the smart cryptographic device After receiving the instruction of the smart cryptographic device key pair, the smart cryptographic device generates a smart cryptographic device key pair. Specifically, a smart key device may preset a key pair generation manner, and the smart cryptographic device receives the smart password. After the device key pair generates an instruction, the smart cipher device key pair is generated according to the preset key pair generation manner, that is, a pair of public and private keys are generated.
  • the smart cryptographic device sends the public key in the smart cryptographic device key pair to the background system server; specifically, the smart cryptographic device can forward the public key in the smart cryptographic device key pair generated by the smart cryptographic device to the background system through the trusted communication link
  • the server sends the key to ensure the security of the public key of the smart cryptographic device.
  • the public key of the smart cryptographic device key pair generated by the server can also be sent to the background system server through the Internet to improve the public key of the smart cryptographic device. Convenience of transmission.
  • the background system server After receiving the public key in the smart cryptographic device key pair, the background system server generates a smart cryptographic device certificate and sends the smart cryptographic device certificate to the smart cryptographic device; specifically, the background system server can use the private key of the background system server to the user.
  • the information and the public key of the smart cryptographic device are calculated to generate a smart cryptographic device certificate; the backend system server may further include a CA server, and the user's information and the public key of the smart cryptographic device are calculated by the private key of the CA server to generate a smart password.
  • the device certificate can also send the user's information and the public key of the smart cryptographic device to the CA.
  • the CA calculates the smart cryptographic device certificate by calculating the user's information and the public key of the smart cryptographic device according to the private key of the CA.
  • the background system server sends the smart password device.
  • the smart password device stores the smart password device certificate. Specifically, after receiving the smart password device certificate sent by the background system server, the smart password device stores the smart password device certificate in a storage area where the security function is executed.
  • the smart cryptographic device can also store different smart cryptographic device certificates sent by different background system servers.
  • Step 2 The terminal scans the smart cryptographic device within the signal coverage area, and obtains the identification information of the scanned smart cryptographic device.
  • the terminal may send the query signal (for example, the serial number of the terminal) according to a certain time interval to query a smart cryptographic device within the coverage of the wireless signal;
  • the query signal for example, the serial number of the terminal
  • the smart cryptographic device listens to the query of the terminal (query scan). After the smart cryptographic device enters the signal coverage of the terminal, the smart cryptographic device sends the identification information of the smart cryptographic device to the terminal, and the terminal scans the identification information of the smart cryptographic device. .
  • the terminal can use the IAC (Inquiry Access Code) to query the smart cryptographic device within the coverage of a certain wireless signal;
  • IAC Inquiry Access Code
  • the smart cryptographic device listens (query scans) the query of the terminal, and sends the address and clock information of the smart cryptographic device to the terminal after the smart cryptographic device enters the signal coverage of the terminal;
  • the smart cryptographic device listens to paging information from the terminal and performs paging scanning
  • the terminal pages the smart cryptographic device that has been queried
  • the smart cryptographic device After receiving the paging information, the smart cryptographic device sends a DAC (Device Access Code) of the smart cryptographic device to the terminal.
  • DAC Device Access Code
  • the terminal sends an inquiry signal to query a smart cryptographic device within a certain wireless signal coverage range
  • the smart cryptographic device listens (query scans) the query signal of the terminal, and sends the address of the smart cryptographic device to the terminal after the smart cryptographic device enters the signal coverage of the terminal.
  • the present invention only uses the above two examples to describe how the terminal obtains the identification information of the smart cryptographic device, but the present invention is not limited thereto.
  • the smart cryptographic device may receive When any information is sent to the terminal, the information sent by the terminal can be used as a sleep wake-up signal, and the smart cryptographic device switches the sleep state to the awake state (ie, the normal working mode) according to the sleep wake-up signal. At the same time, the smart cryptographic device can automatically reply to the sleep state after any command execution ends. The smart cryptographic device enters a sleep state to save power of the smart cryptographic device and prolong its service life.
  • the smart password device Before the terminal scans the smart password device, the smart password device also needs to enter a state that can be scanned, so that the terminal can scan the smart password device, wherein the smart password device enters the scanable state and can pass the smart password device.
  • the set hardware switch is enabled, and can also be implemented by the smart password device software.
  • the terminal can perform mutual authentication with the background system server, and/or the terminal can also perform mutual authentication with the smart cryptographic device.
  • the terminal and the backend system server perform mutual authentication, wherein:
  • the terminal generates the first to-be-signed information.
  • the terminal may generate the random number as the first to-be-signed information by using the random number generator, or may use its own serial number, MAC address, or other identification information as the first to-be-signed information. It may also be a combination of a random number and identification information as the first to-be-signed information. Among them, as long as they can be backstage system
  • the information signed by the server can be used as the first to-be-signed information, so that the background system server returns the signature information and then authenticates the background system server.
  • the random number can be one of a combination of numbers, letters, special characters, or the like.
  • the terminal sends the first to-be-signed information and the first authentication request information to the background system server.
  • the terminal may send the first to-be-signed information and the first authentication request information to the background system server through the trusted communication link, to The security of information transmission is guaranteed; the first to-be-signed information and the first authentication request information may also be sent to the background system server through the Internet to improve the convenience of information transmission.
  • the background system server may further determine whether the identification information of the terminal is included in the background system server after receiving the first to-be-signed information and the first authentication request information.
  • the first authentication request information includes the identification information of the terminal; the background system server obtains the locked terminal instruction after determining that the terminal identification information is in the terminal abnormal list, and uses the private of the background system server.
  • the key pair locks the terminal instruction to obtain the fourth signature information, and sends the locked terminal instruction and the fourth signature information to the terminal; after receiving the locked terminal instruction and the fourth signature information, the terminal uses the public key in the pre-stored background system server certificate.
  • the fourth signature information is verified; after verifying that the fourth signature information is passed, the terminal performs a locking operation according to the locked terminal instruction.
  • the terminal abnormal list may be a blacklist, a loss list, an invalidation list, or the like, which is an illegal list of the terminal identity. If the terminal identification information is in the terminal abnormal list, the terminal is an illegal terminal. Security, the background system server sends a lock instruction to the illegal terminal to lock the illegal terminal. At the same time, the background system server also signs the lock instruction to ensure the legal source of the lock instruction and avoid malicious operation of illegally locking the terminal.
  • the background system server may not sign the lock instruction and only send the lock command to the illegal terminal to lock the illegal terminal.
  • the terminal performing the locking operation according to the locking terminal instruction may include: the terminal rejects any request, destroys the stored certificate, and the like.
  • the background system server can also perform any request to reject the illegal terminal after sending the lock instruction.
  • the identification information of the terminal will be entered into the abnormal list such as the loss list or blacklist of the background system server. Thereafter, if another person attempts to use the terminal.
  • the system server compares the terminal identification information in the abnormal list. If the identification information of the terminal is found in the abnormal list, the background system server locks the terminal, thereby protecting the user account security.
  • the background system server After receiving the first to-be-signed information and the first authentication request information, the background system server generates the second to-be-signed information. Specifically, the background system server may generate the second to-be-signed information after receiving the first authentication request information.
  • the random number generator generates the random number as the second to-be-signed information, and may also use its own serial number, MAC address or other identification information as the second to-be-signed information, or may be a combination of the random number and the identification information as the second.
  • Information to be signed The information that can be signed by the terminal can be used as the second information to be signed, so that the terminal can authenticate the terminal after returning the signature information.
  • the random number can be one of a combination of numbers, letters, special characters, or the like.
  • the background system server sends the second to-be-signed information and the background system server certificate to the terminal; specifically, the background system server can send the second to-be-signed information and the background system server certificate to the terminal through the trusted communication link to ensure the information.
  • the security of the transmission; the second signature information and the background system server certificate can also be sent to the terminal through the Internet to improve the convenience of information transmission.
  • the terminal After receiving the second to-be-signed information and the background system server certificate, the terminal uses the root certificate corresponding to the pre-stored background system server certificate to verify whether the background system server certificate is legal. Specifically, the terminal needs to obtain the background system server certificate during the registration process. Corresponding root certificate for legality verification of the background system server certificate.
  • the terminal After verifying that the background system server certificate is valid, the terminal uses the private key of the terminal to sign the first to-be-signed information and the second to-be-signed information to generate the first signature information. Specifically, the terminal signs the first to-be-signed information and the second to-be-signed. The information is signed, whereby the terminal transmits the signature information to the background system server, that is, the legal source of the data can be ensured, and the security of the important information in the data is also ensured.
  • the first signature information in the present invention may be the first
  • the information obtained by signing the information to be signed and the information to be signed by the second signature information may be obtained by signing the information of the first to-be-signed information and the second to-be-signed information according to the pre-negotiated adjustment scheme.
  • the terminal may also generate a shared master key, and the shared master key may be configured to generate a first session key.
  • the terminal also uses the public key in the background system server certificate. Encrypting the shared master key generates first encrypted information; thereby, the shared master key can be securely transmitted.
  • the terminal sends the first signature information and the terminal certificate to the background system server; of course, if the terminal further generates the shared master key and encrypts the shared master key to obtain the first encrypted information, in this step, the terminal goes to the background.
  • the system server sends the first signature information and the terminal certificate, and also sends the first encrypted information to the background system server.
  • the background system server uses the root certificate corresponding to the pre-stored terminal certificate to verify whether the terminal certificate is legal. Specifically, the background system server obtains the root certificate corresponding to the terminal certificate during the registration process of the terminal, so as to verify the validity of the terminal certificate.
  • the background system server After verifying that the terminal certificate is legal, the background system server verifies the first signature information by using the public key in the terminal certificate;
  • the background system server After verifying that the first signature information is passed, the background system server generates a background authentication completion message, and sends a background authentication completion message to the terminal; of course, if the background system server further receives the first encrypted information, in this step, the background system server further The first encrypted information is decrypted by using the private key of the background system server to obtain a shared master key.
  • the terminal After receiving the background authentication completion message, the terminal verifies the background authentication completion message; specifically, the terminal performs legality verification on the background authentication completion message.
  • the terminal After the terminal verifies that the background authentication completion message is passed, the terminal generates a terminal completion first completion message, and sends a terminal authentication first completion message to the background system server; of course, if the terminal generates the shared master key, the terminal may further Calculating the first session key by sharing the master key;
  • the background system server After receiving the terminal completion first completion message, the background system server verifies that the terminal authenticates the first completion message; the specific background system server performs legality verification on the terminal authentication first completion message.
  • the background system server After the background system server verifies that the terminal completion first completion message is passed, the terminal and the background system server complete mutual authentication. Of course, if the background system server also decrypts and obtains the shared master key, in this step, the background system server may further calculate the first session key according to the shared master key.
  • the background system server also opens the corresponding authority to the terminal.
  • the terminal can obtain the user information corresponding to the smart password device from the background system server, so as to implement the management of the background system server to the terminal. .
  • the first session key may include an encryption key and/or a verification key, and the verification key may be a MAC check calculation key or a HASH check calculation key, and the encryption key is a symmetric encryption calculation key, and the encryption key is a symmetric encryption calculation key.
  • the encryption key and/or the verification key included in the first session key may be obtained by decomposing by sharing the master key.
  • the present invention is not limited to such a first session key generation process initiated by the terminal, and may also be initiated by the background system server.
  • the locking of the terminal may be determined by the background system server after the background system server receives the identification information of the terminal.
  • the first session key may be generated by any one of the terminal or the background system server, and encrypted by the public key of the other party and then sent to the other party, thereby reducing the computational complexity of one party.
  • the process of generating the first session key between the terminal and the background system server can be combined with the following terminal and smart cryptographic device.
  • the process of generating a second session key is the same.
  • the terminal at the merchant end sends the random number R1 to the background system server, and sends an authentication request to the background system server;
  • the background system server receives the authentication request from the terminal, and generates a random number R2;
  • the background system server sends the random number R2 and the background system server certificate to the terminal;
  • the terminal verifies the received background system server certificate by using the root certificate corresponding to the background system server certificate pre-stored in the terminal;
  • the terminal If the verification is passed, the terminal generates the shared master key MKey, and encrypts the MKey with the public key in the background system server certificate to obtain E1;
  • the terminal connects R1 and R2 to obtain R3, performs a digest calculation on R3 to obtain H1, and then uses the private key of the terminal to sign H1 to obtain S1;
  • the terminal sends the S1, E1 and the terminal certificate to the background system server;
  • the background system server verifies the validity of the terminal certificate by using the root certificate corresponding to the terminal certificate
  • the terminal certificate is used to verify S1;
  • the shared master key MKey is obtained by decrypting from E1;
  • the background system server performs a summary calculation on the background system server certificate to obtain H2, and performs a digest calculation on the terminal certificate to obtain H3, and connects R1, R2, H2, H3, S1, and E1 to obtain T1, and performs a digest calculation on T1.
  • HMAC calculates the "Background System Server Authentication Complete Message";
  • the background system server sends a "background system server authentication completion message" to the terminal;
  • the terminal verifies the "background system server authentication completion message" sent by the background system server received;
  • the terminal sends a "terminal authentication completion message" to the background system server;
  • the background system server verifies the received "terminal authentication completion message"
  • the two parties calculate the session key, and the encryption key K1 decomposed from the session key is configured as encryption and decryption of data transmission between the background system server and the terminal, and/or
  • the calculated verification key MACKEY is configured to generate and verify the check value.
  • the merchant's terminal and the back-end system server perform two-way identity authentication to ensure that the other party is legitimate, and negotiate a public session key (including encryption key and/or verification key), which can be configured. Data encryption and/or check value generation for data transfer between the terminal and the backend system server.
  • the merchant's terminal also completes the "check-in" at the background system server, that is, the subsequent operation request for reading the user information and the transaction request.
  • the check value generated when the background system server and the terminal transmit data is in the form of MAC.
  • the check value is not necessarily the MAC value generated by using the MAC key, and the check value may be generated by generating a digest re-signature.
  • a secure channel is established through mutual authentication between the terminal and the background system server, and the "check-in" of the merchant holding the terminal in the background system server is completed after the authentication is passed, that is, the back-end system server identifies the merchant holding the terminal.
  • the validity of the first session key is negotiated with the terminal, so that the first session key is used to implement the encrypted transmission when the transaction data of the background system server interacts with the terminal, and the subsequent transmission of the user information corresponding to the smart cryptographic device is performed. And the preparation of operations such as transaction data transmission.
  • the terminal authenticated by the background system server can verify the legality of the smart cryptographic device through the background system server, and obtain related user information of the legal smart cryptographic device.
  • the terminal and the smart cryptographic device perform mutual authentication, wherein:
  • the terminal generates the third to-be-signed information.
  • the terminal may generate the random number as the third to-be-signed information by using the random number generator, or may use the serial number, the MAC address, or other identification information as the third to-be-signed information. It may also be a combination of a random number and identification information as the third to-be-signed information.
  • the information that can be signed by the smart cryptographic device can be used as the third to-be-signed information, so that the smart cryptographic device can authenticate the smart cryptographic device after returning the signature information.
  • the random number can be one of a combination of numbers, letters, special characters, or the like.
  • the terminal sends the third to-be-signed information and the second authentication request information to the smart cryptographic device.
  • the terminal may send the third to-be-signed information and the second authentication request information to the smart cryptographic device through the wireless communication link to ensure the information.
  • Convenience of sending; the third to-be-signed information and the second authentication request information may also be sent to the smart cryptographic device through a wired interface to improve the security of information transmission.
  • the smart cryptographic device After receiving the third to-be-signed information and the second authentication request information, the smart cryptographic device generates the fourth to-be-signed information. Specifically, the smart cryptographic device may generate the fourth to-be-signed information after receiving the second authentication request information. Pass The random number generator generates the random number as the fourth information to be signed, and may also use its own serial number, MAC address or other identification information (such as device access code DAC) as the fourth to-be-signed information, or may be a random number and The combination of the identification information is used as the fourth to-be-signed information.
  • the information that can be signed by the terminal can be used as the fourth information to be signed, so that the terminal can authenticate the terminal after returning the signature information.
  • the random number can be one of a combination of numbers, letters, special characters, or the like.
  • the smart cryptographic device may further switch from the sleep state after receiving the second authentication request information.
  • the awake state is generated; the smart cryptographic device generates the fourth to-be-signed information in the awake state.
  • the sleep state is changed to the awake state to complete the normal work, and after the smart cryptographic device completes the work, it is switched to the sleep state again to reduce the power loss and prolong the service life.
  • the smart cryptographic device uses the private key of the smart cryptographic device to sign the third to-be-signed information to obtain the second signature information, and sends the fourth to-be-signed information, the second signature information, and the smart cryptographic device certificate to the terminal;
  • the terminal After receiving the fourth to-be-signed information, the second signature information, and the smart cryptographic device certificate, the terminal uses the root certificate corresponding to the pre-stored smart cryptographic device certificate to verify whether the smart cryptographic device certificate is legal. Specifically, the terminal also needs to obtain the smart cryptographic device certificate. Corresponding root certificate for legality verification of smart cryptographic device certificates.
  • the terminal After verifying that the smart cryptographic device certificate is legal, the terminal uses the public key in the smart cryptographic device certificate to verify the second signature information;
  • the terminal After verifying that the second signature information is passed, the terminal signs the third signature information and the fourth signature information by using the private key of the terminal to obtain the third signature information. Specifically, after verifying that the second signature information is passed, the terminal is still The third to-be-signed information and the fourth to-be-signed information are signed to ensure the security and non-repudiation of the third to-be-signed information and the fourth to-be-signed information transmission, and ensure a legal source of information transmission.
  • the terminal may further generate a first session key generation factor, encrypt the first session key generation factor by using a public key in the smart password device certificate to obtain second encrypted information, and the terminal is verifying the smart password device certificate and the smart password device.
  • a generation factor of a session key for data interaction between the terminal and the smart cryptographic device is generated (ie, a first session key generation factor, and the first session key generation factor is configured to generate a terminal and a smart cryptographic device)
  • the first session key generation factor is encrypted by using the public key in the smart cryptographic device certificate to ensure the security of the first session key generation factor transmission.
  • the terminal sends the third signature information and the terminal certificate to the smart cryptographic device; of course, if the terminal further generates the first session key generation factor, and encrypts the first session key generation factor by using the public key in the smart cryptographic device certificate
  • the second encrypted information in this step, the terminal sends the second encrypted information to the background system server in addition to the third signature information and the terminal certificate to the background system server.
  • the smart cryptographic device After receiving the third signature information and the terminal certificate, the smart cryptographic device uses the root certificate corresponding to the pre-stored terminal certificate to verify whether the terminal certificate is legal. Specifically, the smart cryptographic device also needs to obtain the root certificate corresponding to the terminal certificate, so as to obtain the terminal certificate. Perform legality verification. Of course, if the terminal further sends the second encrypted information to the smart cryptographic device, in this step, the smart cryptographic device further receives the second encrypted information sent by the terminal.
  • the smart cryptographic device After verifying that the terminal certificate is legal, the smart cryptographic device uses the public key in the terminal certificate to verify the third signature information;
  • the smart cryptographic device After verifying that the third signature information is passed, the smart cryptographic device generates a smart cryptographic device authentication completion message; specifically, after verifying the terminal certificate and the signature information of the terminal, the smart cryptographic device also generates a smart cryptographic device authentication completion message, so as to notify The terminal smart password device authentication is completed.
  • the smart cryptographic device further receives the second encrypted information, in this step, the smart cryptographic device further generates a second session key generation factor, and encrypts the second session key generation factor by using the public key in the terminal certificate.
  • the third encryption information wherein the smart cryptographic device generates a session key generation factor (ie, a second session key generation factor) for data interaction between the terminal and the smart cryptographic device after the verification of the terminal certificate and the signature information of the terminal are all passed.
  • the second session key generation factor is configured to generate a session key for data interaction between the terminal and the smart cryptographic device, and the second session key generation factor is encrypted by using the public key in the terminal certificate to ensure The security of the second session key generation factor transmission.
  • the smart cryptographic device sends a smart cryptographic device authentication completion message to the terminal; of course, if the smart cryptographic device further generates the second session key generation factor and encrypts the second session key generation factor to obtain the third encrypted information, this step The smart cryptographic device sends a third encrypted information to the terminal in addition to sending the smart cryptographic device authentication completion message to the terminal.
  • the terminal After receiving the smart password device authentication completion message, the terminal verifies the smart password device authentication completion message; specifically, the terminal also authenticates the smart password device authentication completion message to ensure the legal source of the authentication completion message. Of course, if the smart cryptographic device also sends the third encrypted information to the terminal, the terminal further receives the third encrypted information in this step.
  • the terminal After the verification of the smart cryptographic device authentication completion message, the terminal generates a terminal authentication second completion message, and sends a terminal authentication second completion message to the smart cryptographic device. Specifically, after the terminal passes the authentication smart cryptosystem authentication completion message, the terminal generates the terminal authentication. The second completion message is to inform the smart cryptographic device that the terminal authentication is completed.
  • the terminal further receives the third encrypted information, in this step, the terminal further generates a second session key according to the first session key generation factor and the second session key generation factor obtained by decrypting the third encrypted information, so that Data interaction is performed with the smart cryptographic device through the second session key.
  • the smart cryptographic device After receiving the terminal completion second completion message, the smart cryptographic device verifies the terminal to authenticate the second completion message. Specifically, the smart cryptographic device also authenticates the terminal to authenticate the second completion message to ensure the legal source of the authentication completion message.
  • the terminal and the smart cryptographic device complete mutual authentication.
  • the smart cryptographic device further generates the second session key generation factor and receives the second encrypted information, in this step, the smart cryptographic device further obtains the factor according to the second session key generation factor and the second encrypted information.
  • a session key generation factor generates a second session key for data interaction with the terminal through the second session key.
  • the present invention is not limited to such a second session key generation process initiated by the terminal, and the second session key generation process may also be initiated by the smart cryptographic device.
  • the second session key may be generated by one of the terminal or the smart cryptographic device, and encrypted by the public key of the other party and then sent to the other party, thereby reducing the computational complexity of one party.
  • the process of generating the second session key between the terminal of the present invention and the smart cryptographic device may be the same as the process of generating the first session key between the terminal and the background system server. That is, the second session key can also be obtained by decomposing the shared master key.
  • the terminal sends an authentication request to the smart cryptographic device, and sends a random number R01;
  • the smart cryptographic device in the dormant state is woken up after receiving the authentication request sent by the terminal;
  • the smart cryptographic device generates a random number R02, performs a digest calculation on the R01, and uses the private key to encrypt the digest to generate the signature S01, and the smart cryptographic device sends the random number R02, the signature S01, and the smart cryptographic device certificate to the terminal;
  • the terminal verifies the legality of the smart cryptographic device certificate by using the root certificate corresponding to the smart cryptographic device certificate pre-stored in the terminal;
  • step 5 If the verification of the smart cryptographic device certificate is legal, perform step 5);
  • step 6 If the verification signature S01 is correct, step 6) is performed;
  • the terminal connects R01 and R02 to form R01
  • the smart cryptographic device verifies the legality of the terminal certificate by using the root certificate corresponding to the terminal certificate pre-stored by the smart cryptographic device;
  • step 8 If the verification terminal certificate is legal, perform step 8);
  • step 9 is performed;
  • the intelligent cryptographic device generates a random number R04, encrypts R04 with the public key of the terminal to generate ciphertext E02, and sends the ciphertext E02 to the terminal;
  • the terminal generates an authentication completion message, the terminal performs a digest operation on the terminal certificate to obtain H01, performs a digest operation on the smart cryptographic device certificate to obtain H02, and connects R01, R02, E01, E02, H01, H02, S01, and S02 to obtain T01. Then, T01 is digested and signed, and a "background authentication completion message" F01 is obtained, and F01 is sent to the smart cryptographic device;
  • the smart cryptographic device receives F01 and verifies F01;
  • step 12 If the verification F01 is passed, step 12) is performed;
  • the smart cryptographic device generates an authentication completion message F02 in the same manner, and sends the generated authentication completion information to the terminal;
  • step 14 If the verification F02 is passed, step 14) is performed;
  • the smart cryptographic device and the terminal are respectively connected to R03 and R04 to obtain R03
  • Process 1 generates an encryption key and a verification key (such as MACKEY).
  • Process 2 only generates an encryption key, and does not generate a verification key (of course, a verification key can also be generated).
  • the function of the verification key is to generate a check value, which is used to verify whether the data has been tampered with during transmission.
  • the data sender uses a specific algorithm to generate a check value using the check key
  • the data receiver uses the check value and the check key to verify whether the received data has been tampered with.
  • the user can manually determine whether the data is correct through the information displayed on the smart cryptographic device, so no need to introduce a check value.
  • the terminal can also determine whether the information has been tampered with by verifying the signature sent by the smart cryptographic device, and does not need to introduce a check value. Therefore, in order to simplify the processing flow and improve communication efficiency, when generating the second session key, it may not A verification key needs to be generated. Of course, in order to further improve Security, you can also generate a verification key.
  • the background system server does not know the specific content of the transaction, in order to ensure security, it is necessary to determine whether the data has been tampered with by introducing a check value.
  • the process first generates a shared master key through one party, and then uses a special algorithm to process the shared master key, and decomposes to obtain an encryption key and a verification key; the second process is that each side of the authentication generates an encryption key. The constituent factor of the key, and finally the encryption key.
  • the session key generation method used in the process 1 and the session key generation method used in the process 2 can be configured as a session key between the terminal and the background system server, or configured as a terminal and a smart cryptographic device. The generation of a session key.
  • the phishing risk can be prevented, the transaction risk such as tampering of the transmission information, remote hijacking and man-in-the-middle attack can be prevented, thereby effectively securing the funds of the terminal and the smart cryptographic device.
  • a secure channel between the two may be established; or only a method system for mutual authentication between the terminal and the smart cryptographic device may be constructed.
  • a secure channel between the two; a method system for mutual authentication between the background system server, the terminal, and the smart cryptographic device can be constructed to establish a secure channel between the three. Based on the method of mutual authentication of any of the above three types, it can prevent phishing risks and prevent transaction risks such as transaction information tampering, remote hijacking and man-in-the-middle attacks, thereby effectively protecting users holding smart cryptographic devices and merchants holding terminals.
  • the account funds are safe.
  • the present invention is not limited to the completion of step 3 after step two, and may be completed before step two or simultaneously with step two, as long as the authentication is completed before step four.
  • the first session key in the present invention may be pre-stored in the background system server and the terminal, or may be generated through negotiation between the background system server and the terminal, and may be performed on the terminal and the background system server when the first session key is generated by negotiation.
  • Negotiation is generated during the authentication process (see the above process of mutual authentication between the terminal and the backend system server).
  • the second session key in the present invention may be pre-stored in the terminal and the smart cryptographic device, or may be generated through negotiation between the terminal and the smart cryptographic device.
  • the terminal and the smart cryptographic device may be authenticated.
  • Negotiation generation in the process (refer to the above process of mutual authentication between the terminal and the smart cryptographic device).
  • Step 3 The terminal obtains user information.
  • the terminal acquires a pair of smart password devices according to the identifier information of the scanned smart password device.
  • the user information (for example, the user's photo, name, account, and the like) may be obtained, and the user information corresponding to the smart password device may be obtained by, but not limited to, the following manner:
  • Method 1 The terminal obtains user information corresponding to the smart password device from the background system server:
  • the terminal sends the identification information of the smart cryptographic device and the user information read request to the background system server; specifically, when the terminal sends the identification information of the smart cryptographic device and the user information read request to the background system server, the terminal may directly send the request to the background system server.
  • the identification information of the smart cryptographic device and the user information reading request may also use the first session key to perform encryption calculation and/or verification calculation on the identification information of the smart cryptographic device and/or the user information read request, and then send the Guarantee the security and integrity of information transmission.
  • the background system server After receiving the identification information of the smart cryptographic device and the user information reading request, the background system server obtains the user information corresponding to the smart cryptographic device according to the identification information of the smart cryptographic device; specifically, the background system server prestores each registered smart device.
  • the user information corresponding to the cryptographic device is used to obtain the user information corresponding to the smart cryptographic device according to the received identification information of the smart cryptographic device.
  • the background system server also needs to decrypt and/or verify the received information by using the first session key. After the verification calculation is correct, the identification information of the complete smart cryptographic device and/or the user information read request are obtained.
  • the background system server determines whether the identification information of the smart cryptographic device is included in the background system after receiving the identification information of the smart cryptographic device and the user information reading request.
  • the cryptographic device instructs the signature to obtain the fifth signature information, and sends the locked smart cryptographic device command and the fifth signature information to the smart cryptographic device through the terminal; after receiving the locked smart cryptographic device command and the fifth signature information, the smart cryptographic device uses the pre-stored
  • the public key in the background system server certificate verifies the fifth signature information; after verifying that the fifth signature information is passed, the smart cryptographic device performs a locking operation according to the instruction of the locked smart cryptographic device.
  • the smart password device abnormal list may be a blacklist, a loss list, an invalidation list, or the like, which is an illegal list of the smart password device identity; if the smart password device identification information is in the smart password device abnormal list, the smart password device is specified. It is an illegal smart password device.
  • the background system server sends a lock instruction to the illegal smart password device through the terminal to lock the illegal smart password device, and the background system server also signs the lock command. To ensure the legal source of the lock instruction, to avoid malicious operations that illegally lock the smart password device.
  • the code device can be.
  • the background system server may not sign the lock instruction and only send the lock command to the illegal terminal to lock the illegal terminal.
  • the smart cryptographic device may perform the locking operation according to the instruction of the locked smart cryptographic device, and may include any manner in which the smart cryptographic device refuses to execute any request, destroys the certificate stored by itself, and the like.
  • the background system server can also perform any request to reject the illegal smart cryptographic device after sending the lock instruction.
  • the backend system server can report the loss, and the background system server registers the device identification code of the smart password device on the loss list; or the account is abnormally reported. In some cases, the backend system server will also register these smart password devices in the blacklist. Devices in these exception lists are registered as exception devices on the exception list.
  • the background system server authenticates the smart password device. During the authentication process, the device identifier is compared with the abnormal list. If the smart password device is locked on the list.
  • the background system server can remotely authenticate the smart password device before each transaction.
  • the smart password device is locked, so that even if the smart password device is illegally stolen by others, the user account can be protected from loss.
  • the backend system server may further perform encryption calculation on the locked smart cryptographic device command and the fifth signature information by using the first session key. And/or verifying the calculation to ensure the security and/or integrity of the locked smart cryptographic device command and the fifth signature information transmission, and the terminal uses the first session after receiving the encrypted calculated and/or verified calculated information. After the key performs the decryption calculation and/or the verification verification calculation, the locked smart password device instruction and the fifth signature information are obtained.
  • the terminal may further perform encryption calculation and/or check calculation on the locked smart cryptographic device command and the fifth signature information by using the second session key, and then perform the cryptographic calculation. And/or verifying the calculated information and sending it to the smart cryptographic device to ensure the security and/or integrity of the information transmission.
  • the smart cryptographic device After receiving the information sent by the terminal, the smart cryptographic device performs decryption calculation and/or verification verification calculation. To obtain the lock smart cryptographic device command and the fifth signature information.
  • the background system server also needs to authorize the smart password device holder to send the user information corresponding to the smart password device to the terminal.
  • the background system server sends the user authorization request information to the smart cryptographic device through the terminal (for example, the user authorization request information may be a random number); after receiving the user authorization request information, the smart cryptographic device generates authorization information (for example, the authorization information may be The information obtained by signing the random number is transmitted, and the authorization information is sent to the background system server by the terminal; after the background system server receives the authorization information, the background system server sends the response information of the user information read request to the terminal. step.
  • the background system server may also use the private key of the background system server to sign the user authorization request information, and then send the information to the smart cryptographic device through the terminal.
  • the smart cryptographic device After receiving the signed information, the smart cryptographic device verifies the signature, and after the verification is passed.
  • the user authorization request information is considered to be from a legitimate background system server, and the request is confirmed to authorize the background system server; the smart cryptographic device can also use the private key of the smart cryptographic device to sign the authorization information and then send it to the background through the terminal. After receiving the signed information, the system server verifies the signature.
  • the authorization information is considered to be from the correct smart password device to perform subsequent operations according to the authorization information; the background system server may also utilize the first The session key performs encryption calculation and/or verification calculation on the user authorization request information, and then sends the data to the terminal, and the terminal uses the first session key to perform decryption calculation and/or verification verification calculation on the received information; the terminal uses the second session.
  • the right request information is sent to the smart cryptographic device after the encryption calculation and/or the check calculation, and the smart cryptographic device uses the second session key to perform decryption calculation and/or verification verification calculation on the received information;
  • the background system server may also utilize The private key of the background system server signs the user authorization request information, and then uses the first session key to perform encryption calculation and/or verification calculation, and the terminal uses the first session key to decrypt the received information and/or the school. Verifying the verification calculation; the terminal uses the second session key to perform encryption calculation and/or verification calculation on the information signed by the background system server, and then sends the information to the smart password device, and the smart password device uses the second session key to perform the received information. Decrypt the calculation and/or verify the verification calculation and check the signature.
  • the above is only a few ways for the background system server to request authorization from the smart cryptographic device. The present invention is not limited thereto, and the above various combinations of variants should also fall within the protection scope of the present invention.
  • the smart cryptographic device can also be converted from the sleep state to the awake state; the smart cryptographic device generates the authorization information in the awake state. In order to save energy and extend the life of smart password devices.
  • the background system server obtains the response information of the user information read request according to the user information, and sends the response information of the user information read request to the terminal; of course, the user information may be encrypted and/or verified by using the first session key. Calculated to ensure the security and/or integrity of user information transmission.
  • the terminal After receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request; of course, if the terminal receives the information obtained by performing encryption calculation and/or verification calculation on the user information In this step, the terminal further obtains user information by performing decryption calculation and/or verification verification calculation on the response information of the user information read request by using the first session key.
  • Manner 2 The terminal obtains user information corresponding to the smart password device from the smart password device:
  • the terminal sends a user information read request to the smart cryptographic device according to the identifier information of the scanned smart cryptographic device; specifically, the terminal may directly send the user information read request to the smart cryptographic device, or may use the second session key to the user information.
  • the read request is sent after the encryption calculation and/or the check calculation to ensure the security and integrity of the information transmission.
  • the smart cryptographic device obtains the pre-stored user information, and obtains the response information of the user information read request according to the user information, and sends the response information of the user information read request to the terminal; specifically, the smart cryptographic device can directly obtain the obtained user.
  • the information is sent to the terminal, and the response information obtained by performing the encryption calculation and/or the verification calculation on the acquired user information by using the second session key may be sent to the terminal.
  • the terminal After receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request.
  • the terminal receives the information obtained by performing encryption calculation and/or verification calculation on the user information, in this step, the terminal further uses the second session key to decrypt the response information of the user information read request and / or verify the verification calculation to obtain user information.
  • the refusal information may be sent to the terminal through a button set on the smart cryptographic device or through software control to ensure the security of the user information.
  • the rejection information can also be sent after the second session key encryption calculation and/or verification calculation.
  • the terminal stores the user information in the pre-established current user list.
  • the detected smart password device is constantly changing due to the change of the passenger flow in the store where the terminal is located and the flow of the personnel.
  • the current user list may be Update by, but not limited to, the following:
  • the terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;
  • the terminal compares the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval;
  • the current user list is updated in this manner to ensure that the user information corresponding to the smart cryptographic device in the coverage of the terminal signal can be updated to the current user list in time, and the user information corresponding to the smart cryptographic device within the coverage of the terminal signal is removed. It can be deleted from the current user list in time to ensure security.
  • the terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;
  • the terminal compares the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval;
  • the step of obtaining the user information corresponding to the smart cryptographic device according to the identification information of the scanned smart cryptographic device is performed, and after the terminal obtains the user information, The user information is stored in the real-time identification list; and if the identification information of the smart cryptographic device in the real-time identification list is in the current user list, the user information of the smart cryptographic device in the current user list is stored in the real-time identification list;
  • the real-time identification list is taken as the updated current user list.
  • the terminal can copy the user information corresponding to the original smart password device in the store directly from the original current user list to the real-time identification list, and the user information corresponding to the customer of the newly entered store can pass.
  • a user information read request is obtained from the background system server or the smart cryptographic device to obtain.
  • the current user list can be automatically updated, which facilitates the management and maintenance of the information of the merchant's store staff.
  • the terminal may display the user information corresponding to the user in the stored current user list, so that the holder of the smart password device can view the user information to ensure the correctness of the transaction.
  • the transaction process requires a device with an account storage function such as a SIM card or a smart card, and the user needs to perform operations such as swiping the mobile phone, so that the merchant can obtain the account information of the user.
  • an account storage function such as a SIM card or a smart card
  • the terminal of the merchant can obtain the user information corresponding to the smart cryptographic device by first reading the identification information of the smart cryptographic device and then using the identification information of the smart cryptographic device. Therefore, the customer can pay for the product without using a wallet, a credit card, a mobile phone, etc., thereby simplifying the interaction between the customer and the merchant, and improving the user experience.
  • Step 4 Transaction information processing.
  • the terminal generates transaction information according to the user information corresponding to the smart cryptographic device to be traded, and obtains the transaction request information according to the transaction information; specifically, the transaction information may include information such as the transaction amount, the account information of both parties of the payment and payment, and the identification information of both parties of the payment and payment.
  • the transaction information may also include an electronic statement, and the user may review the transaction details according to the electronic statement, such as the specific transaction time, the transaction number, the transaction amount, the purchased item, and the like.
  • the terminal can also perform encryption calculation and/or check calculation on the transaction information by using the second session key to ensure the security and/or integrity of the transaction information transmission.
  • the terminal sends the transaction request information to the smart cryptographic device.
  • the terminal may send the transaction request information by using, but not limited to, the following: the terminal encodes the transaction request information and sends the signal through the sound wave; or the terminal performs graphic coding on the transaction request information. Displayed for the smart cryptographic device to perform image acquisition; or the terminal transmits the transaction request information through a communication interface that the terminal matches with the smart cryptographic device.
  • the smart cryptographic device After receiving the transaction request information, the smart cryptographic device obtains the transaction information according to the transaction request information; of course, if the smart cryptographic device receives the transaction obtained by the terminal encrypting and/or verifying the transaction information through the second session key. Requesting information, in this step, the smart cryptographic device also uses the second session key to perform decryption calculation and/or verification verification calculation on the transaction request information to obtain transaction information to ensure the security and/or integrity of the transaction information transmission. .
  • the smart cryptographic device can also change from the sleep state to the awake state after receiving the transaction request information; the smart cryptographic device obtains the transaction information according to the transaction request information in the awake state, of course, The smart cryptographic device can also obtain the transaction information by performing decryption calculation and/or verification verification calculation on the transaction request information by using the second session key in the awake state.
  • the smart password device prompts the transaction information; specifically, the smart password device can display the transaction information through the display screen, and can also play the transaction information in a voice manner through a speaker or the like.
  • the smart cryptographic device can also prompt the user to know the real transaction information by other means to ensure the security of the transaction.
  • the key information can be extracted from the transaction information, and the smart cryptographic device only prompts the key information.
  • the specific prompting manner refer to the prompting manner of the smart cryptographic device for the transaction information.
  • the smart cryptographic device receives the confirmation command and generates the transaction confirmation information; specifically, the smart cryptographic device can receive the confirmation command by detecting the information sent when the confirmation button set on the smart cryptographic device is pressed, or can detect the touch screen by detecting The information confirmation confirmation command sent when the virtual confirmation key is displayed is clicked, and the biometric information such as the detected voice, fingerprint, and iris may be used as a confirmation command or the like. Further, the smart cryptographic device may generate the transaction confirmation information by, but not limited to, the smart cryptographic device signing the transaction information by using the private key of the smart cryptographic device, generating the transaction signature information as the transaction confirmation information; or generating the dynamic password as the smart cryptographic device.
  • the transaction confirmation information may also be information calculated by using the second session key encryption calculation and/or verification.
  • the smart cryptographic device each time the smart cryptographic device generates the transaction confirmation information, the smart cryptographic device also generates a single transaction identifier, and uses the private key of the smart cryptographic device to transaction information and a single transaction.
  • the identifier is signed, the transaction signature information is generated as the transaction confirmation information; or the smart cryptographic device generates a single transaction identifier, and the single transaction identifier is signed by the private key of the smart cryptographic device to obtain the signature information of the single transaction identifier, and the dynamic password is generated.
  • the signature information of the single transaction identifier and the dynamic password are used as transaction confirmation information to ensure that a transaction is successfully executed only once, wherein the single transaction identifier can be a random number, etc.
  • the transaction confirmation information may also be information calculated using the second session key encryption calculation and/or verification. Due to the unstable transmission line of the wireless network, the smart password device may not receive the receipt. If the single transaction identifier is not set, the terminal may need to hold the smart password device when it does not receive the signature information of the smart password device.
  • the user performs the confirmation signature operation multiple times, that is, the smart cryptographic device sends the signature information to the terminal multiple times, so that the terminal may use the multiple signature values to generate multiple transaction data packets and send them to the background system server, thereby The account corresponding to the device is repeatedly debited. If a single transaction identifier is set, when the line is unstable, the smart cryptographic device will continue to sign the transaction information and the same single transaction identifier and then send it to the terminal until the receipt is received.
  • the terminal generates a transaction data packet by using the signature value sent by the smart cryptographic device, and the background system server receives the transaction data packet to determine the single transaction identifier inside, if the single transaction identifier is already saved in the transaction log, that is, Once the transaction has been made, the transaction data packet will no longer be processed, and no multiple or repeated debits will be incurred, thus protecting the account funds of the smart password device user.
  • the terminal receives the transaction confirmation information.
  • the terminal may receive the transaction confirmation information by using, but not limited to, the following manner: the terminal receives the sound wave signal sent by the smart password device and decodes the sound wave signal to obtain the transaction confirmation information (for example, the sound wave identification device may be used. The sound wave signal is recognized, the sound wave signal is decoded by the sound wave decoder to obtain the transaction confirmation information); or the terminal collects the image information displayed by the smart password device and decodes the image information (for example, the two-dimensional code, the barcode, etc.) to obtain the transaction confirmation information.
  • the terminal receives the sound wave signal sent by the smart password device and decodes the sound wave signal to obtain the transaction confirmation information (for example, the sound wave identification device may be used.
  • the sound wave signal is recognized, the sound wave signal is decoded by the sound wave decoder to obtain the transaction confirmation information
  • the terminal collects the image information displayed by the smart password device and decodes the image information (for example, the two-dimensional code, the barcode
  • the image acquisition device is used to collect the image information
  • the decoder is used to decode the image information to obtain the transaction confirmation information
  • the terminal receives the transaction confirmation information through the communication interface matched by the terminal and the smart cryptographic device; or the terminal inputs through the terminal.
  • the information is obtained by confirming the transaction. If the transaction confirmation information is obtained by using the second session key encryption calculation and/or verification calculation, then in this step, the calculated information is also subjected to decryption calculation and/or verification verification calculation using the second session key.
  • the terminal obtains the transaction data packet according to the transaction confirmation information, and sends the transaction data packet to the background system server; specifically, the transaction data package may also include other information such as transaction information.
  • the transaction information may include information such as the transaction amount, the account information of the parties to the payment, and the identification information of both parties.
  • the transaction information may also include an electronic statement, and the user may review the transaction details according to the electronic statement, for example, the specific transaction time, the transaction. Single number, transaction amount, purchased items, etc.
  • the terminal may further perform encryption calculation and/or verification calculation on the transaction confirmation information or the information decrypted by the transaction confirmation information by using the first session key to ensure the security and/or integrity of the information transmission.
  • the background system server After receiving the transaction data packet, the background system server obtains the transaction confirmation information according to the transaction data packet; of course, the background system server may further perform the decryption calculation and/or the verification verification calculation on the transaction data packet by using the first session key to obtain the transaction confirmation information. .
  • the background system server verifies the transaction confirmation information and executes the transaction after the verification is passed; specifically, the background system server only indicates that the transaction has passed the legal smart password after the verification transaction verification information is verified. Confirmation of the equipment and execution of the transaction based on the confirmed results.
  • the background system server may also send the transaction success receipt information to the smart cryptographic device through the terminal; after receiving the transaction success receipt information, the smart cryptographic device prompts the transaction success receipt information.
  • the transaction success receipt information may also include an electronic statement, and the user may review the transaction details according to the electronic statement, for example, specific transaction time, transaction number, transaction amount, purchased items, etc.
  • the background system server may also send the terminal to the terminal.
  • the transaction successfully returns the information so that the terminal knows that the transaction is completed.
  • the transaction success receipt information can be sent to the terminal by using the first session key encryption calculation and/or verification calculation, and the terminal decryption calculation and/or verification verification calculation uses the second session key for encryption calculation and/or calibration. After the calculation is performed, it is sent to the smart cryptographic device, and the smart cryptographic device decrypts the calculation and/or verifies the verification calculation and prompts the user to know; the transaction success receipt information may also be that the background system server uses the private key of the background system server to sign and then sends the message through the terminal.
  • the smart cryptographic device prompts the user to know the signature information, and may also be prompted by the background system server to use the first session key to encrypt and calculate and/or verify the calculation and then send it to the terminal.
  • the second session key is used to encrypt the calculation and/or the verification calculation, and then sent to the smart cryptographic device, and the smart cryptographic device decrypts the calculation and/or verifies the verification calculation, and then prompts the verification after the verification is passed.
  • Step 5 Refund.
  • Method 1 The terminal sends the refund information to the smart password device; specifically, the refund information may include: any combination of the account number of the refund, the refund amount, the refund transaction ticket number, and the identification information of both parties of the refund, and the refund
  • the information can also include an electronic statement, and the user can review the refund details based on the electronic statement, such as the specific refund time, the refund transaction number, the refund amount, and the returned item.
  • the refund information can also be sent to the smart cryptographic device through the second session key for encryption calculation and/or verification calculation to ensure the security and/or integrity of the information transmission.
  • the terminal may also send the refund information by, but not limited to, the following: the terminal encodes the refund information and sends the sound signal through the sound wave signal; or the terminal graphically encodes the refund information and displays it for the smart password device to perform image collection; or the terminal passes The communication interface that the terminal matches with the smart cryptographic device sends a refund information.
  • the smart password device After receiving the refund information, the smart password device prompts the refund information; specifically, after receiving the refund information, the smart password device prompts the user to know the refund information by any means such as voice play or display display, so that The user determines that the refund information is a true refund information.
  • the terminal After the terminal performs the encryption calculation and/or the verification calculation on the refund information by using the second session key, the step further needs to perform the decryption calculation and/or the verification verification calculation on the received information by using the second session key.
  • the smart cryptographic device can also switch from the sleep state to the awake state after receiving the refund information; the smart cryptographic device prompts the refund information in the awake state.
  • the smart cryptographic device receives the refund confirmation instruction and signs the refund information by using the private key of the smart cryptographic device to generate a refund confirmation information; specifically, the user passes the smart after determining that the refund information is true refund information. Confirm the physical button or virtual button set on the password device. After the smart cryptographic device sends the refund confirmation information to the terminal (for example, after transmitting the sound wave signal corresponding to the refund confirmation information, or after displaying the image information corresponding to the refund confirmation information for a predetermined time), the awake state is changed to the sleep state. .
  • the terminal receives the refund confirmation information, and verifies the refund confirmation information, and after the verification is passed, uses the private key of the terminal to sign the refund confirmation information to generate a refund confirmation package; specifically, the terminal may pass but is not limited to the following manner Receiving the refund confirmation information: the terminal receives the sound wave signal sent by the smart password device and decodes the sound wave signal to obtain the refund confirmation information (for example, the sound wave identification device can be used to identify the sound wave signal, and the sound wave signal is decoded by the sound wave decoder to obtain the sound wave signal.
  • the sound wave identification device can be used to identify the sound wave signal
  • the sound wave signal is decoded by the sound wave decoder to obtain the sound wave signal.
  • Refund confirmation information or the terminal collects image information displayed by the smart cryptographic device and decodes the image information (for example, two-dimensional code, barcode, etc.) to obtain refund confirmation information (for example, image acquisition device is used to collect image information, The decoder obtains the refund confirmation information after decoding the image information; or the terminal receives the refund confirmation information through the communication interface matched by the terminal and the smart password device. In addition, the terminal authenticates the refund confirmation information using the public key of the smart cryptographic device.
  • image information displayed by the smart cryptographic device decodes the image information (for example, two-dimensional code, barcode, etc.) to obtain refund confirmation information (for example, image acquisition device is used to collect image information,
  • the decoder obtains the refund confirmation information after decoding the image information; or the terminal receives the refund confirmation information through the communication interface matched by the terminal and the smart password device.
  • the terminal authenticates the refund confirmation information using the public key of the smart cryptographic device.
  • the terminal sends a refund confirmation packet and a refund confirmation information to the background system server; specifically, the terminal may directly send the refund confirmation package and the refund confirmation information to the background system server, and the terminal may also use the first session key to confirm the refund.
  • the package and refund confirmation information is sent to the backend system server after encryption calculation and/or verification calculation to ensure the security and/or integrity of the information transmission.
  • the background system server After receiving the refund confirmation package and the refund confirmation information, the background system server verifies the refund confirmation package and the refund confirmation information separately, and performs the refund operation after all the verifications are passed. Specifically, if the terminal performs the encryption calculation and/or the check calculation on the refund confirmation package and the refund confirmation information by using the first session key, in this step, the background system server further receives the first session key pair. The obtained information is subjected to decryption calculation and/or verification verification calculation. In addition, the backend system server also uses the public key of the terminal to verify the refund confirmation package, and uses the public key of the smart cryptographic device to verify the refund confirmation information.
  • the store generates refund information according to the customer's refund intention (the refund information may be obtained by searching for the recorded transaction information, or may be a regenerated refund information or other forms of refund information), and
  • the refund information is encrypted using a second session key between the terminal and the smart cryptographic device and sent to the smart cryptographic device;
  • the smart cryptographic device After receiving the encrypted refund information, the smart cryptographic device converts from the sleep state to the awake state, and decrypts the encrypted refund information by using the second session key, obtains the refund information, and displays the refund information. For customer confirmation;
  • the terminal After receiving the encrypted refund confirmation information, the terminal decrypts the information by using the second session key, obtains the refund confirmation information, and verifies the correctness of the refund confirmation information by using the public key of the smart password device. If correct, the terminal utilizes The private key of the terminal re-signs the refund confirmation information to obtain a refund confirmation package. Of course, the terminal can also directly sign the refund information to obtain a refund confirmation package;
  • the terminal encrypts the refund confirmation package and the refund confirmation information by using the first session key, and sends the confirmation to the background system server;
  • the background system server After receiving the encrypted information, the background system server decrypts the received information by using the first session key, and uses the public key of the terminal to verify the refund confirmation package, and uses the public key of the smart password device to confirm the refund. The information is verified and, after both verifications have been passed, a refund operation is performed and a refund success receipt information is sent to the terminal and/or smart cryptographic device.
  • Mode 2 The difference between the second mode and the first mode is that before the terminal sends the refund information to the smart cryptographic device, the terminal further receives the refund request sent by the smart cryptographic device, and generates the refund information according to the refund request.
  • the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request to the terminal after receiving the refund request.
  • the refund information can also include an electronic statement, and the user can review the refund details based on the electronic statement, such as the specific refund time, the refund transaction number, the refund amount, and the returned item.
  • any implementation that can trigger a smart cryptographic device to generate a refund request is within the scope of the present invention.
  • the smart cryptographic device can also switch from the sleep state to the awake state before sending the refund request to the terminal; the smart cryptographic device sends a refund request to the terminal in the awake state. After the smart cryptographic device sends a refund request, it transitions from the awake state to the sleep state. When the smart cryptographic device receives the refund information sent by the terminal, it changes from the sleep state to the awake state, and performs an operation of prompting the refund information and generating the refund confirmation information in the awake state.
  • the awake state is changed to the sleep state.
  • Method 3 The smart password device sends a refund request to the terminal; specifically, the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request after receiving the refund request. Give the terminal.
  • the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request after receiving the refund request.
  • the terminal can trigger a smart cryptographic device to generate a refund request.
  • the smart password device can also be sent to the terminal.
  • the sleep state is switched to the awake state; the smart cryptographic device sends a refund request to the terminal in the awake state.
  • the terminal generates a refund request identifier, and sends a refund request identifier to the smart password device.
  • the terminal may generate a random number, and the random number is used as a refund request identifier, and the random number is configured to be provided to the smart password device to generate a refund. Information.
  • the smart password device After receiving the refund request identifier, the smart password device generates a refund information, and uses the private key of the smart password device to sign the refund information, obtains the refund confirmation information, and sends a refund confirmation information to the terminal; specific, intelligent The password device generates the refund information by using the refund request identifier, the refund amount, the refund account and the like, and the refund information may further include any combination of the refund transaction ticket number and the identification information of both parties of the refund;
  • the amount can be input through the keys on the smart password device. Of course, it can also be input by other means (for example, voice input).
  • the refund account can be input through the keys on the smart password device, and can also be pre-stored in the smart by reading.
  • the refund account in the password device is input; of course, after the transaction is completed, the transaction information is saved on the smart password device, and the transaction information is inquired to obtain information such as the refund amount and the refund account; of course, the refund information It can also perform encryption calculation and/or verification calculation through the second session key and send it to the terminal to ensure the letter. Security and / or integrity of transmission.
  • the smart cryptographic device may also send the refund information by, but not limited to, the following: the smart cryptographic device encodes the refund information and transmits the sound signal; or the smart cryptographic device graphically encodes the refund information and displays it for the terminal to perform image collection. Or the smart cryptographic device sends a refund message via the communication interface that the smart cryptographic device matches the terminal.
  • the smart cryptographic device can also send the refund confirmation information to the terminal (for example, after transmitting the sound wave signal corresponding to the refund confirmation information, or displaying the image information corresponding to the refund confirmation information) After the predetermined time has elapsed, the state transitions from the awake state to the sleep state.
  • the terminal receives the refund confirmation information, verifies the refund confirmation information, and after the verification is passed, uses the private key of the terminal to sign the refund confirmation information to generate a refund confirmation package; specifically, when the smart password device utilizes the second session After the key performs encryption calculation and/or verification calculation on the refund information, this step also needs to use the second session key to perform decryption calculation and/or verification verification calculation on the received information; the terminal may pass but not be limited to the following
  • the method receives the refund confirmation information: the terminal receives the sound wave signal sent by the smart password device and decodes the sound wave signal to obtain the refund confirmation information (for example, the sound wave recognition device can be used to identify the sound wave signal, and the sound wave decoder is used to decode the sound wave signal.
  • the terminal collects the image information displayed by the smart password device and decodes the image information (for example, the two-dimensional code, the barcode, etc.) to obtain the refund confirmation information (for example, the image collection device is used to collect the image information, Decoding the image information using a decoder to obtain a refund confirmation message); or Receiving an acknowledgment message through the interface with the smart communication terminal refund password matches the device.
  • the terminal authenticates the refund confirmation information using the public key of the smart cryptographic device.
  • the terminal sends a refund confirmation packet and a refund confirmation information to the background system server; specifically, the terminal directly sends a refund confirmation packet and a refund confirmation message to the background system server, and the terminal can also use the first session key to confirm the refund confirmation package.
  • the refund confirmation information is sent to the background system server after encryption calculation and/or verification calculation to ensure the security and/or integrity of the information transmission.
  • the background system server After receiving the refund confirmation package and the refund confirmation information, the background system server verifies the refund confirmation package and the refund confirmation information separately, and performs the refund operation after all the verifications are passed. Specifically, if the terminal performs the encryption calculation and/or the check calculation on the refund confirmation package and the refund confirmation information by using the first session key, in this step, the background system server further receives the first session key pair. The obtained information is subjected to decryption calculation and/or verification verification calculation. In addition, the backend system server also uses the public key of the terminal to verify the refund confirmation package, and uses the public key of the smart cryptographic device to verify the refund confirmation information.
  • the smart cryptographic device is switched from a sleep state to an awake state; for example, the smart cryptographic device can be brought into an awake state by a key operation of a customer holding the smart cryptographic device;
  • the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request to the terminal after receiving the refund request;
  • the terminal may generate a random number R, and the random number is R as a refund request identifier, and send a refund request identifier to the smart password device;
  • the smart password device generates the refund information, and uses the private key of the smart password device to sign the refund information, obtain the refund confirmation information, and send the refund confirmation information to the terminal; wherein the refund information includes at least: a refund request Information such as identification, refund amount, refund account, etc., wherein the refund amount, refund account and other information can be input by the customer through the button on the smart password device, or the refund amount can be passed by the customer through the button on the smart password device Input, the refund account is read from the information pre-stored by the smart password device, or the refund amount, refund account and other information can be read from the information pre-stored by the smart password device, and the smart password device uses the terminal and the smart password device.
  • the second session key is encrypted with the refund confirmation information and sent to the terminal;
  • the terminal After receiving the encrypted refund confirmation information, the terminal decrypts the information by using the second session key, obtains the refund confirmation information, and verifies the correctness of the refund confirmation information by using the public key of the smart password device. If correct, the terminal utilizes The private key of the terminal re-signs the refund confirmation information to obtain a refund confirmation package. Of course, the terminal can also directly sign the refund information to obtain a refund confirmation package;
  • the terminal encrypts the refund confirmation package and the refund confirmation information by using the first session key, and sends the confirmation to the background system server;
  • the background system server After receiving the encrypted information, the background system server decrypts the received information by using the first session key.
  • the refund confirmation packet is verified by the public key of the terminal, and the refund confirmation information is verified by the public key of the smart password device, and after both verifications are passed, the refund operation is performed, and the refund success receipt information is sent.
  • the terminal and / or smart cryptographic device After receiving the encrypted information, the background system server decrypts the received information by using the first session key.
  • the refund confirmation packet is verified by the public key of the terminal, and the refund confirmation information is verified by the public key of the smart password device, and after both verifications are passed, the refund operation is performed, and the refund success receipt information is sent.
  • the refund confirmation package or the refund confirmation information may also include a single refund identifier, and the single refund identifier may be a random number to ensure that one refund is successfully executed only once.
  • the single refund identifier may be generated by the terminal, or may be generated by the smart password device, may be signed by the terminal in the refund confirmation packet, or may be signed by the smart password device in the refund confirmation information.
  • the background system server may also send a refund success receipt information to the terminal and/or the smart password device, so that the store and/or the customer can know that the refund is successful.
  • Step 6 Sell out.
  • terminal's account cancellation and smart password device sales the following describes the terminal's account:
  • the terminal acquires the terminal account cancellation application, uses the private key of the terminal to sign the account cancellation application to obtain the sixth signature information, and sends the terminal account cancellation application and the sixth signature information to the background system server; specifically, the terminal can directly go to the background system server.
  • Sending the account cancellation application and the sixth signature information the terminal may also perform encryption calculation and/or verification calculation on the sixth signature information by using the first session key, and send the calculated information to the background system server to ensure information transmission. Safety and / or integrity.
  • the background system server After receiving the terminal account cancellation application and the sixth signature information, the background system server uses the public key in the pre-stored terminal certificate to verify the sixth signature information; specifically, if the terminal further performs encryption calculation using the first session key and / or check calculation, in this step, the background system server also uses the first session key to perform decryption calculation and/or verification verification calculation on the received information.
  • the background system server After verifying that the sixth signature information is passed, the background system server deletes the pre-stored terminal certificate, and generates terminal completion information, and sends the terminal completion information to the terminal; specifically, the background system server deletes the pre-stored when performing the account cancellation.
  • the information corresponding to the terminal can be placed in the default account list of the background system server and other other account operations.
  • the account completion information may also be obtained by using the first session key for encryption calculation and/or verification calculation, or by using the private key of the background system server for signature, or by using the private key of the background system server. After the signature is performed, the first session key is used for the encryption calculation and/or the check calculation.
  • the terminal After receiving the terminal completion information, the terminal deletes the private key of the terminal. Specifically, after receiving the terminal completion information, the terminal deletes the private key.
  • the terminal may also refuse to perform any transaction operation related to the background system server that sends the terminal to complete the information.
  • the terminal can also perform decryption calculation and/or verification verification using the first session key. Calculation and / or check operation, etc.
  • the smart password device obtains the application for the smart password device to cancel the account, uses the private key of the smart password device to sign the account cancellation application to obtain the seventh signature information, and sends the smart password device account cancellation application and the seventh signature information to the background system server;
  • the seventh signature information may be sent by the terminal, or may be manually processed.
  • the first session key and the second session key may be used to perform calculations such as encryption calculation and/or verification calculation. To ensure the security of information transmission.
  • the background system server After receiving the smart PIN device account cancellation application and the seventh signature information, the background system server uses the public key in the pre-stored smart cryptographic device certificate to verify the seventh signature information; specifically, if the terminal further uses the first session key The encryption calculation and/or the verification calculation, in this step, the background system server also performs decryption calculation and/or verification verification calculation on the received information by using the first session key.
  • the background system server After verifying the seventh signature information, the background system server deletes the pre-stored smart password device certificate, generates a smart password device account completion information, and sends the smart password device to the smart password device to complete the information; specifically, the background system server is When the account is cancelled, in addition to deleting the pre-stored smart password device certificate, the information corresponding to the smart password device can be placed in the default account list of the background system server and other other account operations.
  • the account completion information can also be sent to the smart cryptographic device through the terminal.
  • the first session key can be used for the encryption calculation and/or the check calculation, or the signature of the backend system server can be used to obtain the signature. Or use the private key of the background system server to sign and then use the first session key for encryption calculation and/or check calculation.
  • the smart cryptographic device After receiving the information about the completion of the smart cryptographic device, the smart cryptographic device deletes the private key of the smart cryptographic device. Specifically, the smart cryptographic device may perform verification on the signature information, and after the verification is passed, perform a deletion operation, and may also use the second session key to decrypt and/or verify the obtained information, and of course, may also utilize the After the second session key is decrypted and/or verified, the signature information is checked, as long as the security and/or integrity of the information transmission is included in the scope of the present invention.
  • the back-end system server ensures the legitimacy of the terminal and the smart password device through the registration, the account cancellation, the authentication and the locking of the management terminal and the smart password device, and the property loss caused by the illegal use of the terminal or the smart password device is eliminated.
  • steps 1 to 6 are not performed in sequence, and only a few steps may be completed.
  • steps 1 to 6 are not limited to the same application scenario, regardless of the application scenario. It is within the scope of the present invention to use any of the steps of the present invention and to perform the transaction safely.
  • a wireless communication module is integrated on the smart cryptographic device, and the state control module forms a novel smart cryptographic device configurable as a secure payment of the present invention.
  • the smart cryptographic device includes a wireless communication module, which may be a Bluetooth communication module or a WIFI communication module, etc., and the wireless communication module may perform inquiry scanning and page scanning on other devices, and may perform signal and data interaction with other wireless devices.
  • the smart cryptographic device further includes a state control module, which can control the working state of the wireless communication module of the smart cryptographic device and the host.
  • the smart cryptographic device of the present invention has two states: a sleep state and an awake state.
  • the state control module can identify these signals, generate a wake-up signal, wake up the CPU to the awake state, and start executing the application command.
  • the CPU will go to sleep again.
  • the smart cryptographic device is in a dormant state, and the user enters the wireless signal coverage of the terminal with the smart cryptographic device, and the smart cryptographic device and the terminal complete the interactive identification of the wireless device, that is, the terminal can know that the smart cryptographic device enters the store where the terminal is located and A smart cryptographic device establishes a connection.
  • the terminal After the terminal establishes a connection with the smart cryptographic device, the terminal sends a request for the authentication device to the smart cryptographic device.
  • the state control module sends a wakeup signal, and the CPU is woken up, and the smart cryptographic device enters the wakeup. Status and perform the appropriate action.
  • the smart cryptographic device After completing the corresponding instruction, the smart cryptographic device returns to the sleep state, and continues to maintain the device interaction identification with the terminal, so that the terminal can determine whether the holder of the smart cryptographic device leaves the store.
  • the terminal After the terminal and the smart cryptographic device authenticate each other, the terminal requests the background system server to read the user information, and the background system server requests the user authorization information, and the terminal sends a user authorization request to the smart cryptographic device.
  • the smart cryptographic device in the sleep state receives the user authorization request sent from the terminal, and enters the awake state.
  • the smart cryptographic device will display the request from the terminal, prompting the user to judge whether it is authorized.
  • the user determines whether to authorize according to the request sent by the displayed terminal. If authorized, press the confirmation button on the smart password device to cause the smart password device to generate authorization information and send it to the terminal, and then enter the sleep state. Otherwise, the smart password device ends execution. Command, go directly to sleep state.
  • the terminal sends a user transaction confirmation request command to the sleepy smart cryptographic device, and the smart cryptographic device in the sleep state receives the command to enter the awake state, and the smart cryptographic device displays the received transaction information, and the user confirms. If the transaction information is correct, press the enter key to cause the smart password device to sign the transaction information, and Return to the terminal; otherwise, the execution of the operation ends, and the smart cryptographic device goes to sleep.
  • the background system server and the terminal perform mutual authentication, and establish a secure channel to negotiate a common session key K1;
  • the terminal establishes a current user list on the local server, where the current user list can be used to store user information corresponding to the smart password device held by the customer in the current store;
  • the terminal local server monitors the smart cryptographic device in the wireless signal coverage of the terminal by using a wireless method (for example, using a wireless detecting device);
  • the customer carries a smart cryptographic device with wireless communication function (sleeping state) to shop, and when the customer enters the wireless signal coverage of the terminal, the smart cryptographic device can be searched by the terminal and establish a wireless connection with the terminal;
  • the terminal and the smart cryptographic device perform mutual authentication, and establish a secure channel to negotiate a common session key K2;
  • the terminal sends a request for reading the user information corresponding to the smart password device to the background system server;
  • the background system server generates a random number (single authorization identifier) as a parameter for generating user authorization information, and the background system server encrypts the random number by using the session key K1;
  • the background system server sends the user authorization request information to the terminal, and sends the random number ciphertext to the terminal;
  • the terminal decrypts the ciphertext, and then encrypts the random number by using the session key K2 negotiated between the terminal and the smart cryptographic device;
  • the terminal sends the user authorization request information to the smart cryptographic device, and sends the random ciphertext to the smart cryptographic device;
  • the smart cryptographic device After receiving the authorization request information, the smart cryptographic device converts to the awake state, and decrypts the received random ciphertext by using the session key K2, and then displays the user authorization request information on the display screen of the smart cryptographic device. Waiting for the user to confirm;
  • the user judges the information, and if not allowed, the smart password device goes to sleep state;
  • the smart password device summarizes and signs the random number (single authorization identifier), and uses the signature value as the user authorization information to send the signature value using the session key K2. Go to the terminal and then go to sleep;
  • the terminal receives the signature value and decrypts it with the session key K2, and then encrypts it with the session key K1 and transmits it to the background system server;
  • the background system server decrypts the signature by using the session key K1, and then decrypts the signature by using the public key of the smart cryptographic device, and compares the digest generated by the self-generated random number with the value obtained by decrypting the signature, and if not, returns an error. End of information operation;
  • the background system server encrypts the user information with the session key K1 and generates a user authorization.
  • the information check value (the first check value), the check value may be in the form of a MAC or a hash function plus a signature, etc., and the ciphertext and the check value are sent to the terminal;
  • the terminal After receiving the user information, the terminal stores the user information in the current user list.
  • the terminal settles the amount, and selects an account corresponding to the smart password device held by the customer in the current user list;
  • the terminal generates transaction information by using the transaction amount, the account of the payment and payment parties, and the identification information of the payment and payment parties, and encrypts the transaction information by using the session key K2;
  • the terminal sends the transaction request information to the smart cryptographic device, and sends the transaction ciphertext to the smart cryptographic device;
  • the smart cryptographic device After receiving the transaction request information of the terminal, the smart cryptographic device transfers to the awake state, decrypts the transaction information into plaintext and displays it on the screen;
  • the customer confirms the transaction information, if there is a problem, press cancel, the transaction is aborted, and the smart password device goes to sleep state;
  • the smart cryptographic device summarizes and signs the transaction information and the random number, encrypts the signature by using the session key K2, obtains the user transaction confirmation information, and sends the information to the terminal;
  • the terminal decrypts the user transaction confirmation information, and generates a transaction data packet (including the transaction amount, the payment and payment account number, and the respective unique identification information, etc.), encrypts the transaction data packet by using the session key K1, and generates a transaction data packet verification.
  • Value (second check value);
  • the terminal sends a transfer request to the background system server and sends the transaction data packet ciphertext and the second check value;
  • the background system server performs the transfer processing, and sends the payment completion information to the terminal successfully.
  • the background system server can also send the payment completion information to the smart cryptographic device through the terminal, so that the customer knows that the transaction is completed;
  • the terminal receives the payment completion information, delivers the goods to the customer, and the settlement is completed.
  • the trusted background system server can be used to authenticate the legality of the smart cryptographic device. In the case where it is determined that the background system server and the smart cryptographic device are trusted, this ensures the security of the terminal transaction. At the same time, the legality authentication of the terminal by the background system server and the manual confirmation of the display information by the smart cryptographic device during the transaction are also ensured, and the transaction security of the smart cryptographic device holder is also ensured.
  • a customer when a customer enters a store to conduct a transaction, it is not necessary to complete payment with a related account carrier device such as a mobile phone, a bank card or a financial IC card, and the payment process of the original technology needs to be borrowed.
  • a related account carrier device such as a mobile phone, a bank card or a financial IC card
  • the payment process of the original technology needs to be borrowed.
  • the user For devices that have an account storage function such as a SIM card or a smart card, the user also needs to perform operations such as swiping a card or swiping a mobile phone to complete the transaction.
  • the customer can complete the payment without using the wallet, the credit card, the mobile phone, etc., thereby simplifying the interaction between the customer and the merchant in the payment process, improving the payment efficiency, and improving the customer in the near field payment process.
  • the experience while using the security features of smart cryptographic devices to ensure the security of the customer payment process.
  • the terminal After the customer purchases the good product, the terminal does not need to obtain the user information by manually swiping the card or swiping the mobile phone, because the user information is already stored in the current user list of the terminal when entering the store, and at the time of checkout
  • the customer only needs to report his/her name, and the terminal can directly send the transaction information such as the amount after settlement to the customer's smart password device and display it.
  • the customer only needs to confirm with the smart password device and output the transaction confirmation information.
  • the terminal generates a transaction data packet and sends it to the background system server. After the background system server verifies that the transaction data packet is accurate and then performs the transfer processing, the payment process can be completed.
  • the network connection between the smart cryptographic device and the terminal is automatically interrupted, and the user information disappears from the current user list of the store. If the customer enters another store again, he will automatically enter the current user list of the other store and start another shopping. This eliminates the need for the customer to perform any operations, and only requires the customer to put a small smart password device into the pocket while shopping, and the invention can provide a seamless user experience.
  • portions of the invention may be implemented in hardware, software, firmware or a combination thereof.
  • multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
  • a suitable instruction execution system For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
  • each functional unit in each embodiment of the present invention may be integrated into one processing module, or may be each Units exist physically separately, or two or more units can be integrated into one module.
  • the above integrated modules can be implemented in the form of hardware or in the form of software functional modules.
  • the integrated modules, if implemented in the form of software functional modules and sold or used as stand-alone products, may also be stored in a computer readable storage medium.
  • the above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.

Abstract

Provided are a secure data interaction method and system, the method comprising: a terminal acquires the identifier information of a scanned intelligent cryptographic device, acquires the corresponding user information, stores the user information into a pre-established current user list, generates transaction information, acquires transaction request information, and transmits to the intelligent cryptographic device the transaction request information; the intelligent cryptographic device acquires and prompts the transaction information, and generates the transaction confirmation information; the terminal acquires a transaction data packet according to the transaction confirmation information, and transmits the transaction data packet to a background system server; and the background system server acquires the transaction confirmation information according to the transaction data packet, authenticates the transaction confirmation information, and executes the transaction after the transaction confirmation information passes the authentication. Thus, a customer makes payment without the use of a wallet, a credit card, a mobile phone or other methods, thus simplifying the interactive operation in the payment process between the customer and a merchant, increasing payment efficiency, improving customer experience in a near-field payment process, and ensuring the payment security of the customer.

Description

数据安全交互方法和系统Data security interaction method and system 技术领域Technical field
本发明涉及一种信息安全领域,尤其涉及一种数据安全交互方法和系统。The present invention relates to the field of information security, and in particular, to a data security interaction method and system.
背景技术Background technique
移动支付就是允许用户使用其移动终端(例如智能手机、PDA、平板电脑、笔记本电脑等终端)对所消费的商品或服务进行账务支付的一种服务方式。单位或个人通过移动终端、互联网或者近距离传感直接或间接向银行金融机构发送支付指令产生货币支付与资金流转的行为,从而实现移动支付功能。移动支付将移动终端、互联网、应用提供商以及金融机构相融合,为用户提供货币支付、缴费等金融业务。Mobile payment is a service that allows users to use their mobile terminals (such as smart phones, PDAs, tablets, laptops, etc.) to pay for goods or services they consume. The unit or individual sends the payment instruction directly or indirectly to the banking financial institution through the mobile terminal, the Internet or proximity sensing to generate the behavior of money payment and capital circulation, thereby realizing the mobile payment function. Mobile payment combines mobile terminals, the Internet, application providers, and financial institutions to provide users with financial services such as money payment and payment.
移动支付主要包括远程支付和近场支付两种。远程支付指用户通过移动终端登录银行网页进行支付、账户操作等,主要应用于线上电子商务网站的购物与消费;近场支付是指消费者在购买商品或服务时,即时通过移动终端向商家进行支付,支付的处理在现场进行,并且是不需要使用移动网络的线下操作,通过使用移动终端的射频(NFC)、红外、蓝牙等通道,实现与自动售货机以及POS机的本地通讯。Mobile payment mainly includes remote payment and near-field payment. Remote payment refers to the user logging in to the bank's webpage through the mobile terminal for payment, account operation, etc., which is mainly applied to the shopping and consumption of online e-commerce websites; near-field payment refers to the instant payment to the merchant through the mobile terminal when the consumer purchases the goods or services. The payment is made, the processing of the payment is performed on site, and the offline operation of the mobile network is not required, and the local communication with the vending machine and the POS machine is realized by using the radio frequency (NFC), infrared, Bluetooth, and the like of the mobile terminal.
在整个移动支付的过程中,涉及到支付的参与者包括:消费用户、商户、移动运营商、第三方服务提供商、银行。消费用户和商户是系统的服务对象,移动运营商提供网络支持,银行方提供银行相关服务,第三方服务提供商提供支付平台服务,通过各方的结合以实现业务。支付手段的电子化和移动化已经成为了不可避免的发展趋势,而移动支付系统的安全性问题又是移动电子商务安全的核心问题。In the entire mobile payment process, the participants involved in the payment include: consumer users, merchants, mobile operators, third-party service providers, banks. Consumer users and merchants are the service objects of the system, mobile operators provide network support, banks provide bank-related services, and third-party service providers provide payment platform services to achieve business through the combination of all parties. The electronic and mobileization of payment methods has become an inevitable development trend, and the security issue of mobile payment systems is the core issue of mobile e-commerce security.
如何在移动支付的过程中保证数据交互的安全性是亟待解决的问题。How to ensure the security of data interaction in the process of mobile payment is an urgent problem to be solved.
发明内容Summary of the invention
本发明旨在解决上述问题之一。The present invention is directed to solving one of the above problems.
本发明的一个主要目的在于提供一种数据安全交互方法。A primary object of the present invention is to provide a data security interaction method.
本发明的另一个主要目的在于提供一种数据安全交互系统。Another main object of the present invention is to provide a data security interaction system.
为达到上述目的,本发明的技术方案具体是这样实现的:In order to achieve the above object, the technical solution of the present invention is specifically implemented as follows:
本发明一方面提供了一种数据安全交互方法,包括:终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息;所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息;所述终端将所述用户信息 存储到预先建立的当前用户列表中;所述终端根据待交易的智能密码设备对应的用户信息生成交易信息,并根据所述交易信息获得交易请求信息;所述终端向所述智能密码设备发送所述交易请求信息;所述智能密码设备接收到所述交易请求信息后,根据所述交易请求信息获得所述交易信息;所述智能密码设备提示所述交易信息;所述智能密码设备接收确认指令,并生成交易确认信息;所述终端接收所述交易确认信息;所述终端根据所述交易确认信息获得交易数据包,并向所述后台系统服务器发送所述交易数据包;所述后台系统服务器接收到所述交易数据包后,根据所述交易数据包获得所述交易确认信息;所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易。An aspect of the present invention provides a data security interaction method, including: a terminal scanning a smart cryptographic device within a signal coverage area, and obtaining identification information of the scanned smart cryptographic device; the terminal according to the scanned smart The identification information of the cryptographic device acquires user information corresponding to the smart cryptographic device; the terminal uses the user information Stored in a pre-established current user list; the terminal generates transaction information according to user information corresponding to the smart cryptographic device to be traded, and obtains transaction request information according to the transaction information; the terminal sends the location to the smart cryptographic device Transmitting the transaction request information; after receiving the transaction request information, the smart cryptographic device obtains the transaction information according to the transaction request information; the smart cryptographic device prompts the transaction information; and the smart cryptographic device receives the confirmation instruction And generating transaction confirmation information; the terminal receiving the transaction confirmation information; the terminal obtaining a transaction data packet according to the transaction confirmation information, and transmitting the transaction data packet to the background system server; the background system server After receiving the transaction data packet, the transaction confirmation information is obtained according to the transaction data package; the background system server verifies the transaction confirmation information, and executes the transaction after the verification is passed.
此外,所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息包括:所述终端向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求;所述后台系统服务器接收到所述智能密码设备的标识信息以及所述用户信息读取请求后,根据所述智能密码设备的标识信息获取与所述智能密码设备对应的用户信息;所述后台系统服务器根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息;所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的响应信息获得所述用户信息。In addition, the acquiring, by the terminal, the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device includes: sending, by the terminal, identification information and user information of the smart cryptographic device to the background system server After the background system server receives the identification information of the smart cryptographic device and the user information reading request, the user information corresponding to the smart cryptographic device is obtained according to the identification information of the smart cryptographic device; The background system server obtains response information of the user information read request according to the user information, and sends response information of the user information read request to the terminal; the terminal receives the user information read After the requested response information, the user information is obtained according to the response information of the user information read request.
此外,所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息包括:所述终端根据扫描到的所述智能密码设备的标识信息向所述智能密码设备发送用户信息读取请求;所述智能密码设备获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息;所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的响应信息获得所述用户信息。In addition, the acquiring, by the terminal, the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device includes: the terminal, according to the scanned information of the smart cryptographic device, to the smart cryptographic device Sending a user information read request; the smart cryptographic device obtains pre-stored user information, and obtains response information of the user information read request according to the user information, and sends the user information read request to the terminal Response information: after receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request.
此外,所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息的步骤之后,所述方法还包括:所述终端获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;所述终端根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则执行所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息的步骤;且如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息。In addition, after the step of scanning the smart cryptographic device in the signal coverage and obtaining the scanned identification information of the smart cryptographic device, the method further includes: obtaining, by the terminal, signal coverage at the terminal And generating, by the identifier information of all the smart cryptographic devices, the real-time identification list; the terminal, according to the preset time interval, the identification information of the smart cryptographic device in the real-time identification list and the smart cryptographic device in the current user list The identification information is compared; if the identification information of the smart cryptographic device in the real-time identification list is not in the current user list, the terminal is configured to acquire the smart password according to the scanned identification information of the smart cryptographic device. a step of the user information corresponding to the device; and if the identification information of the smart cryptographic device in the current user list is not in the real-time identification list, deleting the smart cryptographic device in the current user list that is not in the real-time identification list User information.
此外,所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码 设备的标识信息的步骤之后,所述方法还包括:所述终端获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;所述终端根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则执行所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息的步骤,并在所述终端获得所述用户信息后,将所述用户信息存储至所述实时标识列表中;且如果所述实时标识列表中的智能密码设备的标识信息在所述当前用户列表中,则将所述在所述当前用户列表中的智能密码设备的用户信息存储至所述实时标识列表中;将所述实时标识列表作为更新后的所述当前用户列表。In addition, the terminal scans the smart cryptographic device within the signal coverage range, and obtains the scanned smart password. After the step of the identification information of the device, the method further includes: obtaining, by the terminal, identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generating a real-time identification list; the terminal according to the preset time interval Comparing the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list; if the identification information of the smart cryptographic device in the real-time identification list is not in the current In the user list, the step of acquiring, by the terminal, the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device, and obtaining the user information after the terminal obtains the user information Information is stored in the real-time identification list; and if the identification information of the smart cryptographic device in the real-time identification list is in the current user list, the user of the smart cryptographic device in the current user list is Information is stored in the real-time identification list; the real-time identification list is used as an updated Said list of current users.
此外,所述终端向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求的步骤之后,所述方法还包括:所述后台系统服务器判断所述智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中;所述后台系统服务器在判断出所述智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,以及利用所述后台系统服务器的私钥对锁定智能密码设备指令进行签名获得第五签名信息,并通过所述终端向所述智能密码设备发送所述锁定智能密码设备指令以及所述第五签名信息;所述智能密码设备接收到所述锁定智能密码设备指令以及所述第五签名信息后,利用预存的所述后台系统服务器证书中的公钥对所述第五签名信息进行验证;所述智能密码设备在验证所述第五签名信息通过后,根据所述锁定智能密码设备指令执行锁定操作。In addition, after the terminal sends the identifier information of the smart cryptographic device and the user information read request to the background system server, the method further includes: the background system server determining the identifier information of the smart cryptographic device Whether it is included in the abnormal list of the smart password device pre-stored in the background system server; the background system server obtains the locked smart password device after determining that the identification information of the smart password device is in the abnormal list of the smart password device And acquiring, by using the private key of the background system server, the locked smart password device instruction to obtain a fifth signature information, and sending, by the terminal, the locked smart password device instruction and the fifth to the smart password device Signing information; after receiving the locked smart cryptographic device command and the fifth signature information, the smart cryptographic device verifies the fifth signature information by using a public key in the pre-stored background system server certificate; The smart cryptographic device is verifying the fifth signature letter Passed, according to the apparatus instructions smart password lock locking operation is performed.
此外,所述方法还包括:所述后台系统服务器接收终端注册申请,并对所述终端注册申请进行审核;所述后台系统服务器在审核所述终端注册申请通过后,向所述终端发送终端密钥对生成指令;所述终端接收到所述终端密钥对生成指令后,生成终端密钥对;所述终端向所述后台系统服务器发送所述终端密钥对中的公钥;所述后台系统服务器接收到所述终端密钥对中的公钥后,生成所述终端证书,并向所述终端发送所述终端证书;所述终端存储所述终端证书;以及所述后台系统服务器接收智能密码设备注册申请,并对所述智能密码设备注册申请进行审核;所述后台系统服务器在审核所述智能密码设备注册申请通过后,向所述智能密码设备发送智能密码设备密钥对生成指令;所述智能密码设备接收到所述智能密码设备密钥对生成指令后,生成智能密码设备密钥对;所述智能密码设备向所述后台系统服务器发送所述智能密码设备密钥对中的公钥;所述后台系统服务器接收到所述智能密码设备密钥对中的公钥后,生成所述智能密码设备证书,并向所述智能密码设备发送所述智能密码设备证书;所述智能密码设备存储所述智能密码设备证书。 In addition, the method further includes: the background system server receiving the terminal registration application, and reviewing the terminal registration application; the background system server sending the terminal password to the terminal after reviewing the terminal registration application The key pair generates an instruction; after receiving the terminal key pair generation instruction, the terminal generates a terminal key pair; the terminal sends the public key in the terminal key pair to the background system server; After receiving the public key in the terminal key pair, the system server generates the terminal certificate, and sends the terminal certificate to the terminal; the terminal stores the terminal certificate; and the background system server receives the smart The password device registration application is performed, and the smart password device registration application is reviewed; the background system server sends a smart password device key pair generation instruction to the smart password device after reviewing the smart password device registration application; After the smart cryptographic device receives the smart cryptographic device key pair generation instruction, generating a smart password a backup key pair; the smart cryptographic device sends a public key in the smart cryptographic device key pair to the background system server; after the background system server receives the public key in the smart cryptographic device key pair Generating the smart cryptographic device certificate and transmitting the smart cryptographic device certificate to the smart cryptographic device; the smart cryptographic device storing the smart cryptographic device certificate.
此外,所述方法还包括:所述终端获取终端销户申请,利用所述终端的私钥对所述销户申请进行签名获得第六签名信息,并向所述后台系统服务器发送所述终端销户申请以及所述第六签名信息;所述后台系统服务器接收到所述终端销户申请以及所述第六签名信息后,利用预存的所述终端证书中的公钥对所述第六签名信息进行验证;所述后台系统服务器在验证所述第六签名信息通过后,删除预存的所述终端证书,并生成终端销户完成信息,向所述终端发送所述终端销户完成信息;所述终端接收到所述终端销户完成信息后,删除所述终端的私钥;和/或所述智能密码设备获取智能密码设备销户申请,利用所述智能密码设备的私钥对所述销户申请进行签名获得第七签名信息,并向所述后台系统服务器发送所述智能密码设备销户申请以及所述第七签名信息;所述后台系统服务器接收到所述智能密码设备销户申请以及所述第七签名信息后,利用预存的所述智能密码设备证书中的公钥对所述第七签名信息进行验证;所述后台系统服务器在验证所述第七签名信息通过后,删除预存的所述智能密码设备证书,并生成智能密码设备销户完成信息,向所述智能密码设备发送所述智能密码设备销户完成信息;所述智能密码设备接收到所述智能密码设备销户完成信息后,删除所述智能密码设备的私钥。In addition, the method further includes: the terminal acquiring a terminal account cancellation application, signing the account cancellation application with the private key of the terminal to obtain a sixth signature information, and transmitting the terminal pin to the background system server. a user application and the sixth signature information; the background system server, after receiving the terminal account cancellation application and the sixth signature information, using the public key in the pre-stored terminal certificate to the sixth signature information Performing verification; after verifying that the sixth signature information is passed, the background system server deletes the pre-stored terminal certificate, and generates terminal account completion information, and sends the terminal account completion information to the terminal; After receiving the information about the completion of the terminal, the terminal deletes the private key of the terminal; and/or the smart cryptographic device obtains a smart PIN device account cancellation application, and uses the private key of the smart cryptographic device to Applying for signature to obtain the seventh signature information, and sending the smart password device account cancellation application and the seventh signature information to the background system server; After receiving the smart PIN device account cancellation application and the seventh signature information, the background system server uses the pre-stored public key in the smart cryptographic device certificate to verify the seventh signature information; After verifying that the seventh signature information is passed, the system server deletes the pre-stored smart password device certificate, and generates a smart password device account completion information, and sends the smart password device account completion information to the smart password device; After receiving the information about the completion of the smart cryptographic device, the smart cryptographic device deletes the private key of the smart cryptographic device.
此外,所述后台系统服务器接收到所述智能密码设备的标识信息以及所述用户信息读取请求的步骤之后,所述后台系统服务器向所述终端发送所述用户信息读取请求的响应信息的步骤之前,所述方法还包括:所述后台系统服务器通过所述终端向所述智能密码设备发送用户授权请求信息;所述智能密码设备接收到所述用户授权请求信息后,生成授权信息,并通过所述终端向所述后台系统服务器发送所述授权信息;所述后台系统服务器接收到所述授权信息后,执行所述后台系统服务器向所述终端发送所述用户信息读取请求的响应信息的步骤。In addition, after the background system server receives the identification information of the smart cryptographic device and the user information read request, the background system server sends the response information of the user information read request to the terminal. Before the step, the method further includes: the background system server sends the user authorization request information to the smart cryptographic device by using the terminal; the smart cryptographic device generates the authorization information after receiving the user authorization request information, and Sending, by the terminal, the authorization information to the background system server; after the background system server receives the authorization information, executing, by the background system server, sending the response information of the user information read request to the terminal A step of.
此外,所述智能密码设备接收到所述用户授权请求信息后,生成授权信息的步骤包括:所述智能密码设备在接收到所述用户授权请求信息后,由休眠状态转换为唤醒状态;所述智能密码设备在唤醒状态下生成授权信息。In addition, after the smart cryptographic device receives the user authorization request information, the step of generating the authorization information includes: after receiving the user authorization request information, the smart cryptographic device converts from a sleep state to an awake state; The smart cryptographic device generates authorization information in the awake state.
此外,所述智能密码设备接收到所述交易请求信息后,根据所述交易请求信息获得所述交易信息的步骤包括:所述智能密码设备接收到所述交易请求信息后,由休眠状态转换为唤醒状态;所述智能密码设备在唤醒状态下根据所述交易请求信息获得所述交易信息。In addition, after the smart cryptographic device receives the transaction request information, the step of obtaining the transaction information according to the transaction request information includes: after receiving the transaction request information, the smart cryptographic device converts from a sleep state to Awakening state; the smart cryptographic device obtains the transaction information according to the transaction request information in an awake state.
此外,所述智能密码设备生成交易确认信息的步骤包括:所述智能密码设备利用所述智能密码设备的私钥对所述交易信息进行签名,生成交易签名信息作为交易确认信息;或者所述智能密码设备生成动态口令作为交易确认信息。In addition, the step of generating the transaction confirmation information by the smart cryptographic device comprises: the smart cryptographic device signing the transaction information by using a private key of the smart cryptographic device, generating transaction signature information as transaction confirmation information; or the intelligence The cryptographic device generates a dynamic password as the transaction confirmation information.
此外,所述智能密码设备生成交易确认信息的步骤包括:所述智能密码设备生成单次 交易标识,并利用所述智能密码设备的私钥对所述交易信息以及所述单次交易标识进行签名,生成交易签名信息作为交易确认信息;或者所述智能密码设备生成单次交易标识,利用所述智能密码设备的私钥对所述单次交易标识进行签名获得单次交易标识的签名信息,并生成动态口令,将单次交易标识的签名信息以及所述动态口令作为交易确认信息。In addition, the step of generating the transaction confirmation information by the smart cryptographic device comprises: generating a single time by the smart cryptographic device Transmitting the identifier, and signing the transaction information and the single transaction identifier by using a private key of the smart cryptographic device to generate transaction signature information as transaction confirmation information; or the smart cryptographic device generates a single transaction identifier, utilizing The private key of the smart cryptographic device signs the single transaction identifier to obtain signature information of the single transaction identifier, and generates a dynamic password, and the signature information of the single transaction identifier and the dynamic password are used as transaction confirmation information.
此外,所述终端接收所述交易确认信息的步骤包括:所述终端接收所述智能密码设备发送的声波信号并对所述声波信号进行解码获得交易确认信息;或者所述终端采集所述智能密码设备显示的图像信息并对所述图像信息进行解码获得所述交易确认信息;或者所述终端通过所述终端与所述智能密码设备匹配的通信接口接收所述交易确认信息;或者所述终端通过所述终端输入的信息获得所述交易确认信息。In addition, the step of the terminal receiving the transaction confirmation information includes: the terminal receiving an acoustic wave signal sent by the smart cryptographic device and decoding the acoustic wave signal to obtain transaction confirmation information; or the terminal collecting the smart password And the image information displayed by the device is decoded to obtain the transaction confirmation information; or the terminal receives the transaction confirmation information through a communication interface that the terminal matches with the smart cryptographic device; or the terminal passes The information input by the terminal obtains the transaction confirmation information.
此外,所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易的步骤之后,所述方法还包括:所述后台系统服务器向所述终端发送交易成功回执信息;或者所述后台系统服务器通过所述终端向所述智能密码设备发送交易成功回执信息;所述智能密码设备接收到所述交易成功回执信息后,提示所述交易成功回执信息。In addition, the background system server verifies the transaction confirmation information, and after the step of performing the transaction after the verification is passed, the method further includes: the background system server sending the transaction success receipt information to the terminal; The background system server sends a transaction success receipt information to the smart cryptographic device through the terminal; after receiving the transaction success receipt information, the smart cryptographic device prompts the transaction success receipt information.
此外,所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易的步骤之后,所述方法还包括:所述终端向所述智能密码设备发送退款信息;所述智能密码设备接收到所述退款信息后,提示所述退款信息;所述智能密码设备接收退款确认指令,并利用所述智能密码设备的私钥对所述退款信息进行签名,生成退款确认信息;所述终端接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;所述终端向所述后台系统服务器发送所述退款确认包和所述退款确认信息;所述后台系统服务器接收到所述退款确认包和所述退款确认信息后,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。In addition, after the background system server verifies the transaction confirmation information and performs the transaction after the verification is passed, the method further includes: the terminal sending the refund information to the smart password device; After receiving the refund information, the cryptographic device prompts the refund information; the smart cryptographic device receives the refund confirmation instruction, and signs the refund information by using the private key of the smart cryptographic device to generate a refund Confirmation information; the terminal receives the refund confirmation information, verifies the refund confirmation information, and after the verification is passed, uses the private key of the terminal to sign the refund confirmation information to generate a refund Confirming the package; the terminal sending the refund confirmation package and the refund confirmation information to the background system server; after the background system server receives the refund confirmation package and the refund confirmation information, respectively The refund confirmation package and the refund confirmation information are verified, and after all verification is passed, the refund operation is performed.
此外,所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易的步骤之后,所述方法还包括:所述智能密码设备向所述终端发送退款请求;所述终端生成退款信息,并向所述智能密码设备发送所述退款信息;所述智能密码设备接收到所述退款信息后,提示所述退款信息;所述智能密码设备接收退款确认指令,并利用所述智能密码设备的私钥对所述退款信息进行签名,生成退款确认信息;所述终端接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;所述终端向所述后台系统服务器发送所述退款确认包和所述退款确认信息;所述后台系统服务器接收到所述退款确认包和所述退款确认信息后,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操 作。In addition, after the background system server verifies the transaction confirmation information and performs the transaction after the verification is passed, the method further includes: the smart password device sending a refund request to the terminal; the terminal Generating a refund information, and sending the refund information to the smart password device; after receiving the refund information, the smart password device prompts the refund information; the smart password device receives a refund confirmation instruction And signing the refund information by using a private key of the smart cryptographic device to generate refund confirmation information; the terminal receiving the refund confirmation information, verifying the refund confirmation information, and verifying After passing, the refund confirmation information is signed by using the private key of the terminal to generate a refund confirmation package; the terminal sends the refund confirmation package and the refund confirmation information to the background system server; After receiving the refund confirmation package and the refund confirmation information, the background system server separately checks the refund confirmation package and the refund confirmation information After, and all verified, perform the refund operation Work.
此外,所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易的步骤之后,所述方法还包括:所述智能密码设备向所述终端发送退款请求;所述终端生成退款请求标识,并向所述智能密码设备发送所述退款请求标识;所述智能密码设备接收到所述退款请求标识后,生成退款信息,并利用所述智能密码设备的私钥对所述退款信息进行签名,得到退款确认信息,并向所述终端发送所述退款确认信息;所述终端接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;所述终端向所述后台系统服务器发送所述退款确认包和所述退款确认信息;所述后台系统服务器接收到所述退款确认包和所述退款确认信息后,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。In addition, after the background system server verifies the transaction confirmation information and performs the transaction after the verification is passed, the method further includes: the smart password device sending a refund request to the terminal; the terminal Generating a refund request identifier, and sending the refund request identifier to the smart password device; after receiving the refund request identifier, the smart password device generates refund information and utilizes the private password device Keys sign the refund information, obtain refund confirmation information, and send the refund confirmation information to the terminal; the terminal receives the refund confirmation information, and verify the refund confirmation information. And after the verification is passed, the refund confirmation information is signed by using the private key of the terminal to generate a refund confirmation package; the terminal sends the refund confirmation package and the refund confirmation to the background system server. Information; after the background system server receives the refund confirmation package and the refund confirmation information, respectively, the refund confirmation package and the refund confirmation letter Verified and validated after all, perform the refund operation.
此外,所述退款信息中还包含电子对账单。In addition, the refund information also includes an electronic statement.
此外,所述交易成功回执信息还包含电子对账单。In addition, the transaction success receipt information also includes an electronic statement.
此外,所述交易信息中还包含电子对账单。In addition, the transaction information also includes an electronic statement.
此外,所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息之前,所述方法还包括:所述智能密码设备进入可被扫描状态。In addition, before the terminal scans the smart cryptographic device within the signal coverage area and obtains the scanned identification information of the smart cryptographic device, the method further includes: the smart cryptographic device enters a scanable state.
此外,在所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息之前,所述方法还包括:所述终端与所述后台系统服务器进行相互认证。In addition, before the terminal acquires the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device, the method further includes: the terminal and the background system server performing mutual authentication.
此外,所述终端与后台系统服务器进行相互认证包括:所述终端生成第一待签名信息;所述终端向后台系统服务器发送所述第一待签名信息以及第一认证请求信息;所述后台系统服务器接收到所述第一待签名信息以及所述第一认证请求信息后,生成第二待签名信息;所述后台系统服务器向所述终端发送所述第二待签名信息以及后台系统服务器证书;所述终端接收到所述第二待签名信息以及所述后台系统服务器证书后,利用预存的后台系统服务器证书对应的根证书验证所述后台系统服务器证书是否合法;所述终端在验证所述后台系统服务器证书合法后,利用所述终端的私钥对所述第一待签名信息和所述第二待签名信息进行签名生成第一签名信息;所述终端向所述后台系统服务器发送所述第一签名信息以及终端证书;所述后台系统服务器利用预存的终端证书对应的根证书验证所述终端证书是否合法;所述后台系统服务器在验证所述终端证书合法后,利用所述终端证书中的公钥验证所述第一签名信息;所述后台系统服务器在验证所述第一签名信息通过后,生成后台认证完成消息,并向所述终端发送所述后台认证完成消息;所述终端接收到所述后台认证完成消息后,验证所述后台认证完成消息;所述终端在验证所述后台认证完成消息通过后, 生成终端认证第一完成消息,向所述后台系统服务器发送所述终端认证第一完成消息;所述后台系统服务器接收到所述终端认证第一完成消息后,验证所述终端认证第一完成消息;所述后台系统服务器在验证所述终端认证第一完成消息通过后,所述终端与所述后台系统服务器完成相互认证。In addition, the mutual authentication between the terminal and the background system server includes: the terminal generates first to-be-signed information; the terminal sends the first to-be-signed information and the first authentication request information to the background system server; After receiving the first to-be-signed information and the first authentication request information, the server generates second to-be-signed information; the background system server sends the second to-be-signed information and the background system server certificate to the terminal; After receiving the second to-be-signed information and the background system server certificate, the terminal uses the root certificate corresponding to the pre-stored background system server certificate to verify whether the background system server certificate is legal; the terminal is verifying the background. After the system server certificate is legal, the first signature information and the second signature information are signed by the private key of the terminal to generate first signature information; the terminal sends the first to the background system server a signature information and a terminal certificate; the background system server utilizes the pre-stored end The root certificate corresponding to the certificate verifies whether the terminal certificate is legal; the background system server verifies the first signature information by using a public key in the terminal certificate after verifying that the terminal certificate is legal; the background system server is After the first signature information is verified, the background authentication completion message is generated, and the background authentication completion message is sent to the terminal; after receiving the background authentication completion message, the terminal verifies the background authentication completion message; After verifying that the background authentication completion message is passed, the terminal passes the Generating a terminal authentication first completion message, and sending the terminal authentication first completion message to the background system server; after the background system server receives the terminal authentication first completion message, verifying the terminal authentication first completion message After the background system server verifies that the terminal authentication first completion message passes, the terminal and the background system server complete mutual authentication.
此外,所述第一认证请求信息包括所述终端的标识信息;所述后台系统服务器接收到所述第一待签名信息以及所述第一认证请求信息后,判断所述终端的标识信息是否包含在所述后台系统服务器中预存的终端异常名单中;所述后台系统服务器在判断出所述终端的标识信息在所述终端异常名单中后,获取锁定终端指令,以及利用所述后台系统服务器的私钥对锁定终端指令进行签名获得第四签名信息,并向所述终端发送所述锁定终端指令以及所述第四签名信息;所述终端接收到所述锁定终端指令以及所述第四签名信息后,利用预存的所述后台系统服务器证书中的公钥对所述第四签名信息进行验证;所述终端在验证所述第四签名信息通过后,根据所述锁定终端指令执行锁定操作。In addition, the first authentication request information includes the identifier information of the terminal; after the background system server receives the first to-be-signed information and the first authentication request information, it is determined whether the identifier information of the terminal includes And determining, by the backend system server, the terminal abnormality list pre-stored in the background system server; after determining that the identification information of the terminal is in the abnormal list of the terminal, the background system server acquires a lock terminal instruction, and uses the background system server The private key signs the locked terminal instruction to obtain the fourth signature information, and sends the locked terminal instruction and the fourth signature information to the terminal; the terminal receives the locked terminal instruction and the fourth signature information Then, the fourth signature information is verified by using a public key in the pre-stored background system server certificate; after verifying that the fourth signature information is passed, the terminal performs a locking operation according to the locked terminal instruction.
此外,在所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息之前,所述方法还包括:所述终端与所述智能密码设备进行相互认证。In addition, before the terminal acquires the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device, the method further includes: the terminal and the smart cryptographic device perform mutual authentication.
此外,所述终端与所述智能密码设备进行相互认证包括:所述终端生成第三待签名信息;所述终端向所述智能密码设备发送所述第三待签名信息以及第二认证请求信息;所述智能密码设备接收到所述第三待签名信息以及所述第二认证请求信息后,生成第四待签名信息;所述智能密码设备利用所述智能密码设备的私钥对所述第三待签名信息进行签名获得第二签名信息,并向所述终端发送所述第四待签名信息、所述第二签名信息以及智能密码设备证书;所述终端接收到所述第四待签名信息、所述第二签名信息以及所述智能密码设备证书后,利用预存的智能密码设备证书对应的根证书验证所述智能密码设备证书是否合法;所述终端在验证所述智能密码设备证书合法后,利用所述智能密码设备证书中的公钥对所述第二签名信息进行验证;所述终端在验证所述第二签名信息通过后,利用所述终端的私钥对所述第三待签名信息和所述第四待签名信息进行签名获得第三签名信息;所述终端向所述智能密码设备发送所述第三签名信息以及所述终端证书;所述智能密码设备接收到所述第三签名信息以及所述终端证书后,利用预存的所述终端证书对应的根证书验证所述终端证书是否合法;所述智能密码设备在验证所述终端证书合法后,利用所述终端证书中的公钥对所述第三签名信息进行验证;所述智能密码设备在验证所述第三签名信息通过后,生成智能密码设备认证完成消息;所述智能密码设备向所述终端发送所述智能密码设备认证完成消息;所述终端接收到所述智能密码设备认证完成消息后,验证所述智能密码设备认证完成消息;所述终端在验证所述智能密码设备认证完成消息通过后,生成终端 认证第二完成消息,向所述智能密码设备发送所述终端认证第二完成消息;所述智能密码设备接收到所述终端认证第二完成消息后,验证所述终端认证第二完成消息;所述智能密码设备验证所述终端认证第二完成消息后,所述终端与所述智能密码设备完成相互认证。In addition, the mutual authentication of the terminal and the smart cryptographic device includes: the terminal generates third to-be-signed information; the terminal sends the third to-be-signed information and the second authentication request information to the smart cryptographic device; After receiving the third to-be-signed information and the second authentication request information, the smart cryptographic device generates fourth to-be-signed information; the smart cryptographic device uses the private key of the smart cryptographic device to the third The information to be signed is signed to obtain the second signature information, and the fourth to-be-signed information, the second signature information, and the smart cryptographic device certificate are sent to the terminal; the terminal receives the fourth to-be-signed information, After the second signature information and the smart cryptographic device certificate, the root certificate corresponding to the pre-stored smart cryptographic device certificate is used to verify whether the smart cryptographic device certificate is legal; after the terminal verifies that the smart cryptographic device certificate is legal, Verifying the second signature information by using a public key in the smart cryptographic device certificate; the terminal is at the verification office After the second signature information is passed, the third signature information and the fourth signature information to be signed are obtained by using the private key of the terminal to obtain third signature information; the terminal sends the identifier to the smart cryptographic device. a third signature information and the terminal certificate; after receiving the third signature information and the terminal certificate, the smart cryptographic device verifies whether the terminal certificate is legal by using a pre-stored root certificate corresponding to the terminal certificate; After verifying that the terminal certificate is legal, the smart cryptographic device uses the public key in the terminal certificate to verify the third signature information; after the smart cryptographic device verifies the third signature information, the smart cryptographic device generates intelligence. a cryptographic device authentication completion message; the smart cryptographic device sends the smart cryptographic device authentication completion message to the terminal; after receiving the smart cryptographic device authentication completion message, the terminal verifies the smart cryptographic device authentication completion message; After the terminal verifies that the smart cryptographic device authentication completion message is passed, the terminal generates a terminal. And the second second completion message is sent to the smart cryptographic device, and the smart cryptographic device verifies the second authentication completion message after receiving the terminal authentication second completion message; After the smart cryptographic device verifies the terminal authentication second completion message, the terminal and the smart cryptographic device complete mutual authentication.
此外,所述智能密码设备接收到所述第三待签名信息以及所述第二认证请求信息后,生成第四待签名信息的步骤包括:所述智能密码设备在接收到所述第二认证请求信息后,由休眠状态转换为唤醒状态;所述智能密码设备在唤醒状态下生成第四待签名信息。In addition, after the smart cryptographic device receives the third to-be-signed information and the second authentication request information, the step of generating the fourth to-be-signed information includes: the smart cryptographic device receiving the second authentication request After the information, the sleep state is converted to the awake state; the smart cryptographic device generates the fourth to-be-signed information in the awake state.
此外,所述后台系统服务器与所述终端之间传输的信息均通过第一会话密钥加密计算和/或校验计算后传输,其中,所述第一会话密钥预存在所述后台系统服务器和所述终端中或者所述第一会话密钥通过所述后台系统服务器和所述终端协商生成;和/或所述终端与所述智能密码设备之间传输的信息均通过第二会话密钥加密计算和/或校验计算后传输,其中,所述第二会话密钥预存在所述终端和所述智能密码设备中或者所述第二会话密钥通过所述终端和所述智能密码设备协商生成。In addition, the information transmitted between the background system server and the terminal is transmitted through the first session key encryption calculation and/or the verification calculation, wherein the first session key is pre-existing in the background system server. And the first session key in the terminal or the first session key is negotiated and generated by the background system server and the terminal; and/or the information transmitted between the terminal and the smart cryptographic device passes the second session key Encrypted computing and/or verifying post-calculation transmission, wherein the second session key is pre-existing in the terminal and the smart cryptographic device or the second session key passes through the terminal and the smart cryptographic device Negotiate generation.
本发明另一方面提供了一种数据安全交互系统,包括:终端,配置为在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息;根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息;将所述用户信息存储到预先建立的当前用户列表中;根据待交易的智能密码设备对应的用户信息生成交易信息,并根据所述交易信息获得交易请求信息;向所述智能密码设备发送所述交易请求信息;接收交易确认信息,其中,所述交易确认信息由所述智能密码设备生成;根据所述交易确认信息获得交易数据包,并向所述后台系统服务器发送所述交易数据包;所述智能密码设备,配置为接收所述终端发送的所述交易请求信息,根据所述交易请求信息获得所述交易信息;提示所述交易信息;接收确认指令,并生成交易确认信息;所述后台系统服务器,配置为接收所述终端发送的所述交易数据包,根据所述交易数据包获得所述交易确认信息;对所述交易确认信息进行验证,并在验证通过后执行交易。Another aspect of the present invention provides a data security interaction system, including: a terminal configured to scan a smart cryptographic device within a signal coverage area, and obtain the scanned identification information of the smart cryptographic device; according to the scanned The identification information of the smart cryptographic device acquires the user information corresponding to the smart cryptographic device; stores the user information in a pre-established current user list; generates transaction information according to the user information corresponding to the smart cryptographic device to be traded, and generates the transaction information according to the Transmitting transaction information to obtain transaction request information; transmitting the transaction request information to the smart cryptographic device; receiving transaction confirmation information, wherein the transaction confirmation information is generated by the smart cryptographic device; obtaining transaction data according to the transaction confirmation information And sending the transaction data packet to the background system server; the smart cryptographic device is configured to receive the transaction request information sent by the terminal, and obtain the transaction information according to the transaction request information; Transaction information; receiving confirmation instructions and generating transactions The background system server is configured to receive the transaction data packet sent by the terminal, obtain the transaction confirmation information according to the transaction data packet, verify the transaction confirmation information, and after verification Execute the transaction.
此外,所述终端,还配置为向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求;接收所述后台系统服务器发送的用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息;所述后台系统服务器,还配置为接收所述终端发送的所述智能密码设备的标识信息以及所述用户信息读取请求,根据所述智能密码设备的标识信息获取与所述智能密码设备对应的用户信息;根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息。In addition, the terminal is further configured to send the identification information of the smart cryptographic device and the user information read request to the background system server, and receive the response information of the user information read request sent by the background system server, according to the The response information of the user information read request obtains the user information; the background system server is further configured to receive the identification information of the smart cryptographic device and the user information read request sent by the terminal, according to the The identification information of the smart cryptographic device acquires user information corresponding to the smart cryptographic device; obtains response information of the user information read request according to the user information, and sends a response to the user information read request to the terminal information.
此外,所述终端,还配置为根据扫描到的所述智能密码设备的标识信息向所述智能密 码设备发送用户信息读取请求;接收所述智能密码设备发送的用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息;所述智能密码设备,还配置为获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息。In addition, the terminal is further configured to send the smart password according to the scanned identifier information of the smart cryptographic device. The code device sends a user information read request; receives response information of the user information read request sent by the smart cryptographic device, and obtains the user information according to the response information of the user information read request; the smart cryptographic device further And configured to obtain pre-stored user information, obtain response information of the user information read request according to the user information, and send response information of the user information read request to the terminal.
此外,所述终端,还配置为在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息之后,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息;且如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息。In addition, the terminal is further configured to scan the smart cryptographic device within the signal coverage range, and obtain the scanned identification information of the smart cryptographic device, and obtain all the smart cryptographic devices within the signal coverage range of the terminal. Identifying the information, generating a real-time identification list; comparing the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval; If the identification information of the smart cryptographic device in the identification list is not in the current user list, the user information corresponding to the smart cryptographic device is obtained according to the scanned identification information of the smart cryptographic device; and if the current user list is in the current user list If the identification information of the smart cryptographic device is not in the real-time identifier list, the user information of the smart cryptographic device that is not in the real-time identifier list in the current user list is deleted.
此外,所述终端,还配置为在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息之后,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息,并在所述终端获得所述用户信息后,将所述用户信息存储至所述实时标识列表中;且如果所述实时标识列表中的智能密码设备的标识信息在所述当前用户列表中,则将所述在所述当前用户列表中的智能密码设备的用户信息存储至所述实时标识列表中;将所述实时标识列表作为更新后的所述当前用户列表。In addition, the terminal is further configured to scan the smart cryptographic device within the signal coverage range, and obtain the scanned identification information of the smart cryptographic device, and obtain all the smart cryptographic devices within the signal coverage range of the terminal. Identifying the information, generating a real-time identification list; comparing the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval; If the identification information of the smart cryptographic device in the identifier list is not in the current user list, the user information corresponding to the smart cryptographic device is obtained according to the scanned information of the smart cryptographic device, and the terminal obtains the After the user information is stored, the user information is stored in the real-time identification list; and if the identification information of the smart cryptographic device in the real-time identification list is in the current user list, the current user is User information of the smart cryptographic device in the list is stored in the real-time identification list; Said real-time identification list as the updated list of current users.
此外,所述后台系统服务器,还配置为终端向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求之后,判断所述智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中;在判断出所述智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,以及利用所述后台系统服务器的私钥对锁定智能密码设备指令进行签名获得第五签名信息,并通过所述终端向所述智能密码设备发送所述锁定智能密码设备指令以及所述第五签名信息;所述智能密码设备,还配置为接收所述锁定智能密码设备指令以及所述第五签名信息,利用预存的所述后台系统服务器证书中的公钥对所述第五签名信息进行验证;在验证所述第五签名信息通过后,根据所述锁定智能密码设备指令执行锁定操作。 In addition, the background system server is further configured to: after the terminal sends the identifier information of the smart cryptographic device and the user information read request to the background system server, determine whether the identifier information of the smart cryptographic device is included in the background The smart password device exception list pre-stored in the system server; after determining that the smart password device identification information is in the smart password device abnormal list, acquiring the lock smart password device instruction, and using the background system server private The key pair locks the smart cryptographic device command to obtain a fifth signature information, and sends the locked smart cryptographic device command and the fifth signature information to the smart cryptographic device through the terminal; the smart cryptographic device is further configured Receiving the locked smart cryptographic device command and the fifth signature information, verifying the fifth signature information by using a pre-stored public key in the background system server certificate; after verifying that the fifth signature information is passed Actuating the lock according to the locked smart password device instruction Operation.
此外,所述后台系统服务器,还配置为接收终端注册申请,并对所述终端注册申请进行审核;在审核所述终端注册申请通过后,向所述终端发送终端密钥对生成指令;接收所述终端发送的终端密钥对中的公钥,生成所述终端证书,并向所述终端发送所述终端证书;以及所述后台系统服务器,还配置为接收智能密码设备注册申请,并对所述智能密码设备注册申请进行审核;在审核所述智能密码设备注册申请通过后,向所述智能密码设备发送智能密码设备密钥对生成指令;接收所述智能密码设备发送的所述智能密码设备密钥对中的公钥,生成所述智能密码设备证书,并向所述智能密码设备发送所述智能密码设备证书;所述终端,还配置为接收所述后台系统服务器发送的所述终端密钥对生成指令,生成终端密钥对;向所述后台系统服务器发送所述终端密钥对中的公钥;存储所述终端证书;所述智能密码设备,还配置为接收所述后台系统服务器发送的所述智能密码设备密钥对生成指令,生成智能密码设备密钥对;向所述后台系统服务器发送所述智能密码设备密钥对中的公钥;存储所述智能密码设备证书。In addition, the background system server is further configured to receive a terminal registration application, and review the terminal registration application; after reviewing the terminal registration application, send a terminal key pair generation instruction to the terminal; Generating the terminal certificate by the public key in the terminal key pair sent by the terminal, and transmitting the terminal certificate to the terminal; and the background system server is further configured to receive the smart password device registration application, and The smart password device registration application is reviewed; after the verification of the smart password device registration application is passed, the smart password device key pair generation instruction is sent to the smart password device; and the smart password device sent by the smart password device is received. Generating, by the public key in the key pair, the smart cryptographic device certificate, and transmitting the smart cryptographic device certificate to the smart cryptographic device; the terminal is further configured to receive the terminal secret sent by the background system server The key pair generates an instruction to generate a terminal key pair; and sends the terminal secret to the background system server a public key of the pair; storing the terminal certificate; the smart cryptographic device is further configured to receive the smart cryptographic device key pair generation instruction sent by the background system server, and generate a smart cryptographic device key pair; The background system server sends the public key in the smart cryptographic device key pair; and stores the smart cryptographic device certificate.
此外,所述终端,还配置为获取终端销户申请,利用所述终端的私钥对所述销户申请进行签名获得第六签名信息,并向所述后台系统服务器发送所述终端销户申请以及所述第六签名信息;接收所述后台系统服务器发送的终端销户完成信息,删除所述终端的私钥;所述后台系统服务器,还配置为接收所述终端发送的所述终端销户申请以及所述第六签名信息后,利用预存的所述终端证书中的公钥对所述第六签名信息进行验证;在验证所述第六签名信息通过后,删除预存的所述终端证书,并生成终端销户完成信息,向所述终端发送所述终端销户完成信息;和/或所述智能密码设备,还配置为获取智能密码设备销户申请,利用所述智能密码设备的私钥对所述销户申请进行签名获得第七签名信息,并向所述后台系统服务器发送所述智能密码设备销户申请以及所述第七签名信息;接收所述后台系统服务器发送的智能密码设备销户完成信息,删除所述智能密码设备的私钥;所述后台系统服务器,还配置为接收所述智能密码设备发送的所述智能密码设备销户申请以及所述第七签名信息,利用预存的所述智能密码设备证书中的公钥对所述第七签名信息进行验证;在验证所述第七签名信息通过后,删除预存的所述智能密码设备证书,并生成智能密码设备销户完成信息,向所述智能密码设备发送所述智能密码设备销户完成信息。In addition, the terminal is further configured to acquire a terminal account cancellation application, use the private key of the terminal to sign the account cancellation application to obtain a sixth signature information, and send the terminal account cancellation application to the background system server. And the sixth signature information; receiving the terminal account completion information sent by the background system server, deleting the private key of the terminal; the background system server is further configured to receive the terminal account sent by the terminal After the application and the sixth signature information, verifying the sixth signature information by using the public key in the pre-stored terminal certificate; after verifying that the sixth signature information is passed, deleting the pre-stored terminal certificate, And generating a terminal account completion information, and sending the terminal account completion information to the terminal; and/or the smart password device is further configured to obtain a smart password device account cancellation application, and using the private key of the smart password device Signing the account application to obtain the seventh signature information, and sending the smart password device account cancellation application and the office to the background system server The seventh signature information is received; the smart password device account completion information sent by the background system server is received, and the private key of the smart password device is deleted; the background system server is further configured to receive the information sent by the smart password device. Declaring the seventh signature information by using the pre-stored public key in the smart cryptographic device certificate; and verifying that the seventh signature information is deleted after the smart PIN device account cancellation application and the seventh signature information are described; Pre-storing the smart password device certificate, and generating a smart password device account completion information, and sending the smart password device account completion information to the smart password device.
此外,所述后台系统服务器,还配置为通过所述终端向所述智能密码设备发送用户授权请求信息;接收所述智能密码设备通过所述终端发送的授权信息后,向所述终端发送所述用户信息读取请求的响应信息;所述智能密码设备,还配置为接收所述用户授权请求信息,生成授权信息,并通过所述终端向所述后台系统服务器发送所述授权信息。In addition, the background system server is further configured to send user authorization request information to the smart cryptographic device by using the terminal, and after receiving the authorization information sent by the smart cryptographic device by using the terminal, send the The response information of the user information read request; the smart cryptographic device is further configured to receive the user authorization request information, generate authorization information, and send the authorization information to the background system server by using the terminal.
此外,所述智能密码设备,还配置为在接收到所述用户授权请求信息后,由休眠状态 转换为唤醒状态;在唤醒状态下生成授权信息。In addition, the smart cryptographic device is further configured to be in a dormant state after receiving the user authorization request information. Convert to wake-up state; generate authorization information in wake-up state.
此外,所述智能密码设备,还配置为接收所述交易请求信息,由休眠状态转换为唤醒状态;在唤醒状态下根据所述交易请求信息获得所述交易信息。In addition, the smart cryptographic device is further configured to receive the transaction request information, and switch from a sleep state to an awake state; and obtain the transaction information according to the transaction request information in an awake state.
此外,所述智能密码设备,还配置为利用所述智能密码设备的私钥对所述交易信息进行签名,生成交易签名信息作为交易确认信息或者生成动态口令作为交易确认信息。In addition, the smart cryptographic device is further configured to sign the transaction information by using a private key of the smart cryptographic device, generate transaction signature information as transaction confirmation information or generate a dynamic password as transaction confirmation information.
此外,所述智能密码设备,还配置为生成单次交易标识,并利用所述智能密码设备的私钥对所述交易信息以及所述单次交易标识进行签名,生成交易签名信息作为交易确认信息;或者所述智能密码设备,还配置为生成单次交易标识,利用所述智能密码设备的私钥对所述单次交易标识进行签名获得单次交易标识的签名信息,并生成动态口令,将单次交易标识的签名信息以及所述动态口令作为交易确认信息。In addition, the smart cryptographic device is further configured to generate a single transaction identifier, and use the private key of the smart cryptographic device to sign the transaction information and the single transaction identifier, and generate transaction signature information as transaction confirmation information. Or the smart cryptographic device is further configured to generate a single transaction identifier, sign the single transaction identifier with the private key of the smart cryptographic device, obtain signature information of the single transaction identifier, and generate a dynamic password, and The signature information of the one-time transaction identifier and the dynamic password are used as transaction confirmation information.
此外,所述终端,还配置为接收所述智能密码设备发送的声波信号并对所述声波信号进行解码获得交易确认信息;或者采集所述智能密码设备显示的图像信息并对所述图像信息进行解码获得所述交易确认信息;或者通过所述终端与所述智能密码设备匹配的通信接口接收所述交易确认信息;或者通过所述终端输入的信息获得所述交易确认信息。In addition, the terminal is further configured to receive the sound wave signal sent by the smart cryptographic device and decode the sound wave signal to obtain transaction confirmation information; or collect image information displayed by the smart cryptographic device and perform the image information Decoding to obtain the transaction confirmation information; or receiving the transaction confirmation information by a communication interface that the terminal matches with the smart cryptographic device; or obtaining the transaction confirmation information by using information input by the terminal.
此外,所述后台系统服务器,还配置为在对所述交易确认信息进行验证,并在验证通过后执行交易之后,向所述终端发送交易成功回执信息;和/或通过所述终端向所述智能密码设备发送交易成功回执信息;所述智能密码设备,还配置为接收所述交易成功回执信息,提示所述交易成功回执信息。Further, the background system server is further configured to: after verifying the transaction confirmation information, and after performing the transaction after the verification is passed, send the transaction success receipt information to the terminal; and/or The smart cryptographic device sends a transaction success receipt information; the smart cryptographic device is further configured to receive the transaction success receipt information, and prompt the transaction success receipt information.
此外,所述终端,还配置为在后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易之后,向所述智能密码设备发送退款信息;接收退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;向所述后台系统服务器发送所述退款确认包和所述退款确认信息;所述智能密码设备,还配置为接收所述终端发送的所述退款信息后,提示所述退款信息;接收退款确认指令,并利用所述智能密码设备的私钥对所述退款信息进行签名,生成退款确认信息;所述后台系统服务器,还配置为接收所述终端发送的所述退款确认包和所述退款确认信息后,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。In addition, the terminal is further configured to verify the transaction confirmation information in the background system server, and send the refund information to the smart password device after performing the transaction after the verification is passed; receiving the refund confirmation information, Declaring the refund confirmation information, and after the verification is passed, signing the refund confirmation information by using the private key of the terminal to generate a refund confirmation package; and sending the refund confirmation package to the background system server and The refund confirmation information; the smart password device is further configured to: after receiving the refund information sent by the terminal, prompting the refund information; receiving a refund confirmation instruction, and using the smart password device The private key signs the refund information to generate refund confirmation information; the background system server is further configured to receive the refund confirmation package and the refund confirmation information sent by the terminal, respectively The refund confirmation package and the refund confirmation information are verified, and after all verification is passed, the refund operation is performed.
此外,所述智能密码设备,还配置为在后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易之后,向所述终端发送退款请求;接收所述终端发送的所述退款信息后,提示所述退款信息;接收退款确认指令,并利用所述智能密码设备的私钥对所述退款信息进行签名,生成退款确认信息;所述终端,还配置为生成退款信息,并向所述智 能密码设备发送所述退款信息;接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;向所述后台系统服务器发送所述退款确认包和所述退款确认信息;所述后台系统服务器,还配置为接收所述终端发送的所述退款确认包和所述退款确认信息,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。In addition, the smart cryptographic device is further configured to: after the background system server verifies the transaction confirmation information, and after performing the transaction after the verification is passed, send a refund request to the terminal; and receive the After the refund information, prompting the refund information; receiving a refund confirmation instruction, and signing the refund information by using a private key of the smart password device to generate refund confirmation information; the terminal is further configured to Generate a refund message and send it to the The cryptographic device sends the refund information; receives the refund confirmation information, verifies the refund confirmation information, and after the verification is passed, signs the refund confirmation information by using the private key of the terminal Generating a refund confirmation package; sending the refund confirmation package and the refund confirmation information to the background system server; the background system server is further configured to receive the refund confirmation package and the The refund confirmation information is verified, and the refund confirmation package and the refund confirmation information are respectively verified, and after all verification is passed, the refund operation is performed.
此外,所述智能密码设备,还配置为在后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易之后,向所述终端发送退款请求;接收所述终端发送的退款请求标识,生成退款信息,并利用所述智能密码设备的私钥对所述退款信息进行签名,得到退款确认信息,并向所述终端发送所述退款确认信息;所述终端,还配置为生成退款请求标识,并向所述智能密码设备发送所述退款请求标识;接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;向所述后台系统服务器发送所述退款确认包和所述退款确认信息;所述后台系统服务器,还配置为接收所述终端发送的所述退款确认包和所述退款确认信息,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。In addition, the smart cryptographic device is further configured to verify the transaction confirmation information in the background system server, and send a refund request to the terminal after performing the transaction after the verification is passed; and receive the refund sent by the terminal Requesting an identifier, generating refund information, and signing the refund information by using a private key of the smart cryptographic device, obtaining refund confirmation information, and transmitting the refund confirmation information to the terminal; the terminal, And configured to generate a refund request identifier, and send the refund request identifier to the smart password device; receive the refund confirmation information, verify the refund confirmation information, and after the verification is passed, use the Declaring, by the private key of the terminal, the refund confirmation information to generate a refund confirmation package; sending the refund confirmation package and the refund confirmation information to the background system server; the background system server is further configured to Receiving the refund confirmation package and the refund confirmation information sent by the terminal, respectively verifying the refund confirmation package and the refund confirmation information And, after all verified, perform the refund operation.
此外,所述退款信息中还包含电子对账单。In addition, the refund information also includes an electronic statement.
此外,所述交易成功回执信息还包含电子对账单。In addition, the transaction success receipt information also includes an electronic statement.
此外,所述交易信息中还包含电子对账单。In addition, the transaction information also includes an electronic statement.
此外,所述智能密码设备,还配置为在被终端在信号覆盖范围内扫描到之前,进入可被扫描状态。Furthermore, the smart cryptographic device is further configured to enter a scannable state before being scanned by the terminal within the signal coverage.
此外,所述终端还与所述后台系统服务器进行相互认证。In addition, the terminal further performs mutual authentication with the background system server.
此外,所述终端,还配置为生成第一待签名信息;向后台系统服务器发送所述第一待签名信息以及第一认证请求信息;接收所述后台系统服务器发送的第二待签名信息以及所述后台系统服务器证书,利用预存的后台系统服务器证书对应的根证书验证所述后台系统服务器证书是否合法;在验证所述后台系统服务器证书合法后,利用所述终端的私钥对所述第一待签名信息和所述第二待签名信息进行签名生成第一签名信息;向所述后台系统服务器发送所述第一签名信息以及终端证书;接收所述后台系统服务器发送的后台认证完成消息后,验证所述后台认证完成消息;在验证所述后台认证完成消息通过后,生成终端认证第一完成消息,向所述后台系统服务器发送所述终端认证第一完成消息;所述后台系统服务器,还配置为接收所述终端发送的所述第一待签名信息以及所述第一认证请求信息,生成第二待签名信息;向所述终端发送所述第二待签名信息以及后台系统服务器证书;利用预存的终端证书对应的根证书验证所述终端证书是否合法;在验证所述终端证书合法后, 利用所述终端证书中的公钥验证所述第一签名信息;在验证所述第一签名信息通过后,生成后台认证完成消息,并向所述终端发送所述后台认证完成消息;接收所述终端发送的所述终端认证第一完成消息,验证所述终端认证第一完成消息;在验证所述终端认证第一完成消息通过后,所述终端与所述后台系统服务器完成相互认证。In addition, the terminal is further configured to generate first to-be-signed information, send the first to-be-signed information and the first authentication request information to the background system server, and receive the second to-be-signed information and the information sent by the background system server. The background system server certificate is used to verify whether the background system server certificate is legal by using the root certificate corresponding to the pre-stored background system server certificate; after verifying that the background system server certificate is legal, the first key of the terminal is used to the first The signature information and the second signature information are signed to generate first signature information; the first signature information and the terminal certificate are sent to the background system server; after receiving the background authentication completion message sent by the background system server, And verifying the background authentication completion message; after verifying that the background authentication completion message is passed, generating a terminal authentication first completion message, and sending the terminal authentication first completion message to the background system server; Configuring to receive the first to be sent sent by the terminal And the first authentication request information, generating the second to-be-signed information; transmitting the second to-be-signed information and the background system server certificate to the terminal; verifying whether the terminal certificate is verified by using a root certificate corresponding to the pre-stored terminal certificate Legal; after verifying that the terminal certificate is legal, And verifying the first signature information by using a public key in the terminal certificate; after verifying that the first signature information is passed, generating a background authentication completion message, and sending the background authentication completion message to the terminal; And the terminal authentication first completion message is sent by the terminal, and the terminal authenticates the first completion message; after verifying that the terminal authentication first completion message is passed, the terminal and the background system server complete mutual authentication.
此外,所述后台系统服务器,还配置为接收所述终端发送的所述第一待签名信息以及所述第一认证请求信息,其中,所述第一认证请求信息包括所述终端的标识信息;判断所述终端的标识信息是否包含在所述后台系统服务器中预存的终端异常名单中;在判断出所述终端的标识信息在所述终端异常名单中后,获取锁定终端指令,以及利用所述后台系统服务器的私钥对锁定终端指令进行签名获得第四签名信息,并向所述终端发送所述锁定终端指令以及所述第四签名信息;所述终端,还配置为接收所述后台系统服务器发送的所述锁定终端指令以及所述第四签名信息,利用预存的所述后台系统服务器证书中的公钥对所述第四签名信息进行验证;在验证所述第四签名信息通过后,根据所述锁定终端指令执行锁定操作。In addition, the background system server is further configured to receive the first to-be-signed information and the first authentication request information that are sent by the terminal, where the first authentication request information includes identifier information of the terminal; Determining whether the identification information of the terminal is included in a terminal abnormal list pre-stored in the background system server; after determining that the identification information of the terminal is in the terminal abnormal list, acquiring a locked terminal instruction, and using the The private key of the background system server signs the locked terminal instruction to obtain the fourth signature information, and sends the locked terminal instruction and the fourth signature information to the terminal; the terminal is further configured to receive the background system server Sending the locked terminal instruction and the fourth signature information, verifying the fourth signature information by using a public key in the pre-stored background system server certificate; after verifying that the fourth signature information is passed, according to The locking terminal instructs to perform a locking operation.
此外,所述终端还与所述智能密码设备进行相互认证。In addition, the terminal further performs mutual authentication with the smart cryptographic device.
此外,所述终端,还配置为生成第三待签名信息;向所述智能密码设备发送所述第三待签名信息以及第二认证请求信息;接收所述智能密码设备发送的所述第四待签名信息、所述第二签名信息以及所述智能密码设备证书,利用预存的智能密码设备证书对应的根证书验证所述智能密码设备证书是否合法;在验证所述智能密码设备证书合法后,利用所述智能密码设备证书中的公钥对所述第二签名信息进行验证;在验证所述第二签名信息通过后,利用所述终端的私钥对所述第三待签名信息和所述第四待签名信息进行签名获得第三签名信息;向所述智能密码设备发送所述第三签名信息以及所述终端证书;接收所述智能密码设备发送的所述智能密码设备认证完成消息,验证所述智能密码设备认证完成消息;在验证所述智能密码设备认证完成消息通过后,生成终端认证第二完成消息,向所述智能密码设备发送所述终端认证第二完成消息;所述智能密码设备,还配置为接收所述终端发送的所述第三待签名信息以及所述第二认证请求信息,生成第四待签名信息;利用所述智能密码设备的私钥对所述第三待签名信息进行签名获得第二签名信息,并向所述终端发送所述第四待签名信息、所述第二签名信息以及智能密码设备证书;接收所述终端发送的所述第三签名信息以及所述终端证书后,利用预存的所述终端证书对应的根证书验证所述终端证书是否合法;在验证所述终端证书合法后,利用所述终端证书中的公钥对所述第三签名信息进行验证;在验证所述第三签名信息通过后,生成智能密码设备认证完成消息;向所述终端发送所述智能密码设备认证完成消息;接收所述终端发送的所述终端认证第二完 成消息后,验证所述终端认证第二完成消息;验证所述终端认证第二完成消息后,所述终端与所述智能密码设备完成相互认证。In addition, the terminal is further configured to generate third to-be-signed information, and send the third to-be-signed information and the second authentication request information to the smart cryptographic device, and receive the fourth to-be-sent sent by the smart cryptographic device. And verifying, by the root certificate corresponding to the pre-stored smart cryptographic device certificate, whether the smart cryptographic device certificate is legal; and verifying that the smart cryptographic device certificate is legal, using the signature information, the second signature information, and the smart cryptographic device certificate; The public key in the smart cryptographic device certificate verifies the second signature information; after verifying that the second signature information is passed, using the private key of the terminal to the third to-be-signed information and the And signing the fourth signature information to obtain the third signature information; sending the third signature information and the terminal certificate to the smart cryptographic device; and receiving the smart cryptographic device authentication completion message sent by the smart cryptographic device, and verifying the The smart password device authentication completion message is generated; after verifying that the smart password device authentication completion message is passed, generating Ending the second completion message, and sending the terminal authentication second completion message to the smart cryptographic device; the smart cryptographic device is further configured to receive the third to-be-signed information sent by the terminal, and the second And authenticating the request information, generating the fourth to-be-signed information; using the private key of the smart cryptographic device to sign the third to-be-signed information to obtain the second signature information, and sending the fourth to-be-signed information to the terminal, And the second signature information and the smart cryptographic device certificate; after receiving the third signature information and the terminal certificate sent by the terminal, verifying whether the terminal certificate is legal by using a pre-stored root certificate corresponding to the terminal certificate; After verifying that the terminal certificate is legal, the third signature information is verified by using a public key in the terminal certificate; after verifying that the third signature information is passed, a smart cryptographic device authentication completion message is generated; The terminal sends the smart cryptographic device authentication completion message; receiving the terminal authentication sent by the terminal is finished second After the message is obtained, the terminal authenticates the second completion message; after the terminal authenticates the second completion message, the terminal and the smart cryptographic device complete mutual authentication.
此外,所述智能密码设备,还配置为在接收到所述第二认证请求信息后,由休眠状态转换为唤醒状态;在唤醒状态下生成第四待签名信息。In addition, the smart cryptographic device is further configured to: after receiving the second authentication request information, transition from a sleep state to an awake state; and generate a fourth to-be-signed information in the awake state.
此外,所述后台系统服务器与所述终端之间传输的信息均通过第一会话密钥加密计算和/或校验计算后传输,其中,所述第一会话密钥预存在所述后台系统服务器和所述终端中或者所述第一会话密钥通过所述后台系统服务器和所述终端协商生成;和/或所述终端与所述智能密码设备之间传输的信息均通过第二会话密钥加密计算和/或校验计算后传输,其中,所述第二会话密钥预存在所述终端和所述智能密码设备中或者所述第二会话密钥通过所述终端和所述智能密码设备协商生成。In addition, the information transmitted between the background system server and the terminal is transmitted through the first session key encryption calculation and/or the verification calculation, wherein the first session key is pre-existing in the background system server. And the first session key in the terminal or the first session key is negotiated and generated by the background system server and the terminal; and/or the information transmitted between the terminal and the smart cryptographic device passes the second session key Encrypted computing and/or verifying post-calculation transmission, wherein the second session key is pre-existing in the terminal and the smart cryptographic device or the second session key passes through the terminal and the smart cryptographic device Negotiate generation.
由上述本发明提供的技术方案可以看出,顾客可以无需借助钱包、信用卡、手机等方式来完成支付,从而简化了顾客与商户在支付过程中的交互操作,提高了支付效率,提升了顾客在近场支付过程中的体验;同时利用智能密码设备的安全性特点保证顾客支付过程的安全性。It can be seen from the technical solution provided by the above invention that the customer can complete the payment without using a wallet, a credit card, a mobile phone, etc., thereby simplifying the interaction between the customer and the merchant in the payment process, improving the payment efficiency, and improving the customer's The experience in the near-field payment process; at the same time, the security features of the smart cryptographic device are used to ensure the security of the customer payment process.
顾客选购好商品以后在结账时,终端无需再通过让顾客手动刷卡或刷手机的方式获得用户信息,结账时顾客只需报出自己的姓名,终端即可直接将结算后的金额等交易信息发送至顾客的智能密码设备并显示,此时,顾客只需利用智能密码设备进行确认,并输出交易确认信息,终端生成交易数据包发送给后台系统服务器,后台系统服务器验证该交易数据包准确无误后进行转账处理,即可完成支付过程。After the customer purchases the goods, the terminal does not need to obtain the user information by manually swiping the card or swiping the mobile phone. When the customer settles the account, the customer only needs to report his/her name, and the terminal can directly report the transaction amount after the settlement. The smart password device is sent to the customer and displayed. At this time, the customer only needs to confirm with the smart password device and output the transaction confirmation information, and the terminal generates the transaction data packet and sends it to the background system server, and the background system server verifies that the transaction data packet is accurate. After the transfer process, the payment process can be completed.
当顾客走出这家店铺的信号覆盖范围时,智能密码设备与终端之间的网络连接就会自动中断,用户信息从该店铺的当前用户列表中消失。若顾客又进入另一家店铺时,将会自动进入该另一家店铺的当前用户列表中,开始另一次购物。这样不需要顾客执行任何操作,就可以为顾客带来无缝使用体验。When the customer leaves the signal coverage of the store, the network connection between the smart cryptographic device and the terminal is automatically interrupted, and the user information disappears from the current user list of the store. If the customer enters another store again, he will automatically enter the current user list of the other store and start another shopping. This allows the customer to have a seamless experience without requiring the customer to perform any operations.
附图说明DRAWINGS
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, Those of ordinary skill in the art will be able to obtain other figures from these drawings without the inventive effort.
图1为本发明提供的数据安全交互系统结构示意图;1 is a schematic structural diagram of a data security interaction system provided by the present invention;
图2为本发明提供的数据安全交互方法的流程图。 2 is a flow chart of a data security interaction method provided by the present invention.
具体实施方式detailed description
下面结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明的保护范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
在本发明的描述中,需要说明的是,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或一体地连接;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通。对于本领域的普通技术人员而言,可以具体情况理解上述术语在本发明中的具体含义。此外,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或数量或位置。In the description of the present invention, it should be noted that the terms "installation", "connected", and "connected" are to be understood broadly, and may be fixed or detachable, for example, unless otherwise explicitly defined and defined. Connected, or integrally connected; can be mechanical or electrical; can be directly connected, or indirectly connected through an intermediate medium, can be the internal communication of the two components. The specific meaning of the above terms in the present invention can be understood in a specific case by those skilled in the art. Moreover, the terms "first" and "second" are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or quantity or location.
下面将结合附图对本发明实施例作进一步地详细描述。The embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.
本发明提供的数据安全交互方法,可适用的系统架构如图1所示,包括:后台系统服务器、终端以及智能密码设备。其中:The data security interaction method provided by the present invention is applicable to the system architecture shown in FIG. 1, and includes: a background system server, a terminal, and a smart cryptographic device. among them:
后台系统服务器可以完成对终端和智能密码设备的管理以及对用户信息的存储和下发管理,例如包括对终端和智能密码设备的注册、销户、锁定、认证等管理,其可以提供银行相关服务、支付平台服务等金融服务;可以包括支付服务器、认证服务器、管理服务器等一个或多个服务器的组合。The background system server can complete the management of the terminal and the smart cryptographic device and the storage and delivery management of the user information, for example, including registration, account cancellation, locking, authentication, etc. of the terminal and the smart cryptographic device, which can provide bank related services. Financial services such as payment platform services; may include a combination of one or more servers such as a payment server, an authentication server, and a management server.
终端可以为商户端的终端,以完成移动支付的发起,对智能密码设备和后台系统服务器的认证,用户信息的维护等,该终端可以自动扫描到其信号覆盖范围内的智能密码设备,并建立与智能密码设备的通信连接,获取智能密码设备对应的用户信息。The terminal can be a terminal of the merchant terminal to complete the initiation of the mobile payment, the authentication of the smart cryptographic device and the background system server, the maintenance of the user information, etc., and the terminal can automatically scan the smart cryptographic device within the coverage of the signal, and establish and The communication connection of the smart cryptographic device acquires the user information corresponding to the smart cryptographic device.
智能密码设备具备安全支付(例如:电子签名、动态口令生成)功能,以及对终端的认证,该智能密码设备具备无线通信模块(例如:蓝牙、红外线、RFID、NFC、光、声波、热能、振动、WIFI等),可以与终端之间通过该无线通信模块进行通信,当然,该智能密码设备还可以包括有线接口(例如:音频接口、USB接口、串口等),并通过有线接口与终端进行通信。另外,智能密码设备还可以具备连接选项功能,如果用户不开启该功能,则终端无法获取智能密码设备的标识信息和对应的用户信息。例如:智能密码设备可以进入可被扫描的状态,以便终端扫描到该智能密码设备。智能密码设备具备的连接选项功能,可以为在智能密码设备上设置的硬件开关开启实现的,也可以为智能密码设备通过软件开 启实现的。The smart cryptographic device has a function of secure payment (for example, electronic signature, dynamic password generation) and authentication of the terminal, and the smart cryptographic device has a wireless communication module (for example: Bluetooth, infrared, RFID, NFC, light, sound wave, heat, vibration) , WIFI, etc., can communicate with the terminal through the wireless communication module, of course, the smart password device can also include a wired interface (eg, audio interface, USB interface, serial port, etc.), and communicate with the terminal through the wired interface . In addition, the smart password device can also have a connection option function. If the user does not enable the function, the terminal cannot obtain the identification information of the smart password device and the corresponding user information. For example, a smart cryptographic device can enter a state that can be scanned for the terminal to scan to the smart cryptographic device. The connection option function of the smart password device can be implemented for the hardware switch set on the smart password device, or can be opened by the software for the smart password device. Enlightened.
如图2所示,本发明提供的数据安全交互方法,包括下述步骤一至步骤六。As shown in FIG. 2, the data security interaction method provided by the present invention includes the following steps 1 to 6.
步骤一:终端和智能密码设备向后台系统服务器进行注册。Step 1: The terminal and the smart password device register with the background system server.
包括以下两个方面:终端向后台系统服务器进行注册和智能密码设备向后台系统服务器进行注册,下面详细说明这两个方面。It includes the following two aspects: the terminal registers with the background system server and the smart password device registers with the background system server. These two aspects are described in detail below.
1、终端向后台系统服务器进行注册,其中:1. The terminal registers with the background system server, where:
后台系统服务器接收终端注册申请,并对终端注册申请进行审核;具体的,商户可以到银行柜台办理该终端的注册申请,也可以通过互联网办理该终端的注册申请,后台系统服务器接收到该注册申请后,对该商户的身份的合法性进行审核。The background system server receives the terminal registration application and reviews the terminal registration application; specifically, the merchant can go to the bank counter to apply for registration of the terminal, or apply for registration of the terminal through the Internet, and the background system server receives the registration application. After that, the legality of the identity of the merchant is reviewed.
后台系统服务器在审核终端注册申请通过后,向终端发送终端密钥对生成指令;具体的,后台系统服务器审核商户身份的合法性等通过后,予以同意对商户的终端进行注册,同时向终端发送密钥对生成指令,配置为指示终端生成终端密钥对,该终端密钥对包括一对公私钥。After the auditing terminal registration application is approved, the background system server sends a terminal key pair generation instruction to the terminal. Specifically, after the background system server verifies the legality of the merchant identity, the server system agrees to register the terminal of the merchant and sends the terminal to the terminal. The key pair generation instruction is configured to instruct the terminal to generate a terminal key pair, the terminal key pair including a pair of public and private keys.
终端接收到终端密钥对生成指令后,生成终端密钥对;具体的,在终端中可以预设一个密钥对的生成方式,在终端接收到终端密钥对生成指令后,根据预设的密钥对生成方式生成终端密钥对,即生成一对公私钥。After receiving the terminal key pair generation instruction, the terminal generates a terminal key pair. Specifically, the terminal may preset a key pair generation manner, and after the terminal receives the terminal key pair generation instruction, according to the preset The key pair generation method generates a terminal key pair, that is, generates a pair of public and private keys.
终端向后台系统服务器发送终端密钥对中的公钥;具体的,终端可以通过可信的通信链路将其生成的终端密钥对中的公钥向后台系统服务器进行发送,以保证终端的公钥发送的安全性;也可以通过互联网将其生成的终端密钥对中的公钥向后台系统服务器进行发送,以提高终端的公钥传输的便捷性。The terminal sends the public key in the terminal key pair to the background system server; specifically, the terminal can send the public key in the generated terminal key pair to the background system server through the trusted communication link to ensure the terminal The security of public key transmission; the public key in the terminal key pair generated by the public key can also be sent to the background system server through the Internet, so as to improve the convenience of the public key transmission of the terminal.
后台系统服务器接收到终端密钥对中的公钥后,生成终端证书,并向终端发送终端证书;具体的,后台系统服务器可以以后台系统服务器的私钥对商户的信息以及终端的公钥进行计算生成终端证书;后台系统服务器中还可以包含CA服务器,通过该CA服务器的私钥对商户的信息以及终端的公钥进行计算生成终端证书;后台系统服务器还可以将商户的信息以及终端的公钥发送至CA,CA根据CA的私钥对商户的信息以及终端的公钥进行计算生成终端证书,并通过后台系统服务器发送给终端。After receiving the public key in the terminal key pair, the background system server generates a terminal certificate and sends the terminal certificate to the terminal. Specifically, the background system server may perform the information of the merchant and the public key of the terminal by using the private key of the background system server. Calculating and generating a terminal certificate; the background system server may further include a CA server, and the terminal certificate is generated by calculating the information of the merchant and the public key of the terminal by using the private key of the CA server; the background system server may also use the information of the merchant and the public of the terminal. The key is sent to the CA. The CA calculates the terminal certificate based on the private key of the CA and the public key of the terminal, and sends the terminal certificate to the terminal through the background system server.
终端存储终端证书;具体的,终端在接收到后台系统服务器发送的终端证书后,将该终端证书存储在执行安全功能的存储区中。当然,针对不同的后台系统服务器,终端还可以存储不同的后台系统服务器发送的不同的终端证书。The terminal stores the terminal certificate. Specifically, after receiving the terminal certificate sent by the background system server, the terminal stores the terminal certificate in a storage area where the security function is executed. Of course, for different back-end system servers, the terminal can also store different terminal certificates sent by different back-end system servers.
2、智能密码设备向后台系统服务器进行注册,其中: 2. The smart password device registers with the background system server, where:
后台系统服务器接收智能密码设备注册申请,并对智能密码设备注册申请进行审核;具体的,持有智能密码设备的用户可以到银行柜台办理该智能密码设备的注册申请,也可以通过互联网办理该智能密码设备的注册申请,后台系统服务器接收到该注册申请后,对该用户的身份的合法性进行审核。The background system server receives the smart password device registration application and audits the smart password device registration application; specifically, the user holding the smart password device can apply for the registration of the smart password device at the bank counter, or can handle the smart through the Internet. After the registration request of the cryptographic device, the background system server receives the registration application and reviews the legality of the identity of the user.
后台系统服务器在审核智能密码设备注册申请通过后,向智能密码设备发送智能密码设备密钥对生成指令;具体的,后台系统服务器审核用户身份的合法性等通过后,予以同意对用户的智能密码设备进行注册,同时向智能密码设备发送密钥对生成指令,配置为指示智能密码设备生成智能密码设备密钥对,该智能密码设备密钥对包括一对公私钥。After the auditing of the smart password device registration application, the background system server sends a smart password device key pair generation instruction to the smart password device; specifically, the background system server approves the legality of the user identity, and then agrees to the user's smart password. The device performs registration, and sends a key pair generation instruction to the smart cryptographic device, and is configured to instruct the smart cryptographic device to generate a smart cryptographic device key pair, the smart cryptographic device key pair including a pair of public and private keys.
智能密码设备接收到智能密码设备密钥对生成指令后,生成智能密码设备密钥对;具体的,在智能密码设备中可以预设一个密钥对的生成方式,在智能密码设备接收到智能密码设备密钥对生成指令后,根据预设的密钥对生成方式生成智能密码设备密钥对,即生成一对公私钥。After receiving the instruction of the smart cryptographic device key pair, the smart cryptographic device generates a smart cryptographic device key pair. Specifically, a smart key device may preset a key pair generation manner, and the smart cryptographic device receives the smart password. After the device key pair generates an instruction, the smart cipher device key pair is generated according to the preset key pair generation manner, that is, a pair of public and private keys are generated.
智能密码设备向后台系统服务器发送智能密码设备密钥对中的公钥;具体的,智能密码设备可以通过可信的通信链路将其生成的智能密码设备密钥对中的公钥向后台系统服务器进行发送,以保证智能密码设备的公钥发送的安全性;也可以通过互联网将其生成的智能密码设备密钥对中的公钥向后台系统服务器进行发送,以提高智能密码设备的公钥传输的便捷性。The smart cryptographic device sends the public key in the smart cryptographic device key pair to the background system server; specifically, the smart cryptographic device can forward the public key in the smart cryptographic device key pair generated by the smart cryptographic device to the background system through the trusted communication link The server sends the key to ensure the security of the public key of the smart cryptographic device. The public key of the smart cryptographic device key pair generated by the server can also be sent to the background system server through the Internet to improve the public key of the smart cryptographic device. Convenience of transmission.
后台系统服务器接收到智能密码设备密钥对中的公钥后,生成智能密码设备证书,并向智能密码设备发送智能密码设备证书;具体的,后台系统服务器可以以后台系统服务器的私钥对用户的信息以及智能密码设备的公钥进行计算生成智能密码设备证书;后台系统服务器中还可以包含CA服务器,通过该CA服务器的私钥对用户的信息以及智能密码设备的公钥进行计算生成智能密码设备证书;后台系统服务器还可以将用户的信息以及智能密码设备的公钥发送至CA,CA根据CA的私钥对用户的信息以及智能密码设备的公钥进行计算生成智能密码设备证书,并通过后台系统服务器发送给智能密码设备。After receiving the public key in the smart cryptographic device key pair, the background system server generates a smart cryptographic device certificate and sends the smart cryptographic device certificate to the smart cryptographic device; specifically, the background system server can use the private key of the background system server to the user. The information and the public key of the smart cryptographic device are calculated to generate a smart cryptographic device certificate; the backend system server may further include a CA server, and the user's information and the public key of the smart cryptographic device are calculated by the private key of the CA server to generate a smart password. The device certificate can also send the user's information and the public key of the smart cryptographic device to the CA. The CA calculates the smart cryptographic device certificate by calculating the user's information and the public key of the smart cryptographic device according to the private key of the CA. The background system server sends the smart password device.
智能密码设备存储智能密码设备证书;具体的,智能密码设备在接收到后台系统服务器发送的智能密码设备证书后,将该智能密码设备证书存储在执行安全功能的存储区中。当然,针对不同的后台系统服务器,智能密码设备还可以存储不同的后台系统服务器发送的不同的智能密码设备证书。The smart password device stores the smart password device certificate. Specifically, after receiving the smart password device certificate sent by the background system server, the smart password device stores the smart password device certificate in a storage area where the security function is executed. Of course, for different background system servers, the smart cryptographic device can also store different smart cryptographic device certificates sent by different background system servers.
步骤二:终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的智能密码设备的标识信息。Step 2: The terminal scans the smart cryptographic device within the signal coverage area, and obtains the identification information of the scanned smart cryptographic device.
具体的,终端可以按照一定的时间间隔发送查询信号(例如终端的序列号)查询一定 无线信号覆盖范围内的智能密码设备;Specifically, the terminal may send the query signal (for example, the serial number of the terminal) according to a certain time interval to query a smart cryptographic device within the coverage of the wireless signal;
智能密码设备对终端的查询进行侦听(查询扫描),当智能密码设备进入终端的信号覆盖范围内后,向终端发送智能密码设备的标识信息,由此,终端扫描到了智能密码设备的标识信息。The smart cryptographic device listens to the query of the terminal (query scan). After the smart cryptographic device enters the signal coverage of the terminal, the smart cryptographic device sends the identification information of the smart cryptographic device to the terminal, and the terminal scans the identification information of the smart cryptographic device. .
以下,提供两种实现终端扫描得到智能密码设备的标识信息的方法:In the following, two methods for implementing terminal scanning to obtain identification information of a smart cryptographic device are provided:
(1)终端可以使用IAC(Inquiry Access Code,查询访问码)查询一定无线信号覆盖范围内的智能密码设备;(1) The terminal can use the IAC (Inquiry Access Code) to query the smart cryptographic device within the coverage of a certain wireless signal;
智能密码设备对终端的查询进行侦听(查询扫描),当智能密码设备进入终端的信号覆盖范围内后,向终端发送智能密码设备的地址和时钟信息;The smart cryptographic device listens (query scans) the query of the terminal, and sends the address and clock information of the smart cryptographic device to the terminal after the smart cryptographic device enters the signal coverage of the terminal;
智能密码设备侦听来自终端的寻呼信息,进行寻呼扫描;The smart cryptographic device listens to paging information from the terminal and performs paging scanning;
终端寻呼已经查询到的智能密码设备;The terminal pages the smart cryptographic device that has been queried;
智能密码设备接收到寻呼信息后,向终端发送智能密码设备的DAC(Device Access Code,设备访问码)。After receiving the paging information, the smart cryptographic device sends a DAC (Device Access Code) of the smart cryptographic device to the terminal.
(2)终端发送查询信号查询一定无线信号覆盖范围内的智能密码设备;(2) The terminal sends an inquiry signal to query a smart cryptographic device within a certain wireless signal coverage range;
智能密码设备对终端的查询信号进行侦听(查询扫描),当智能密码设备进入终端的信号覆盖范围内后,向终端发送智能密码设备的地址。The smart cryptographic device listens (query scans) the query signal of the terminal, and sends the address of the smart cryptographic device to the terminal after the smart cryptographic device enters the signal coverage of the terminal.
当然,本发明仅以以上两个示例说明终端如何获得智能密码设备的标识信息,但本发明并不局限于此,基于上述两个获得智能密码设备的标识信息的方法,智能密码设备可以在接收到终端发送的任何信息时,均可以将终端发送的信息作为休眠唤醒信号,智能密码设备根据休眠唤醒信号,将休眠状态切换为唤醒状态(即正常工作模式)。同时,智能密码设备在任何命令执行结束以后,均可以自动回复休眠状态。智能密码设备进入休眠状态以节省智能密码设备的电能,延长使用寿命。Of course, the present invention only uses the above two examples to describe how the terminal obtains the identification information of the smart cryptographic device, but the present invention is not limited thereto. Based on the above two methods for obtaining the identification information of the smart cryptographic device, the smart cryptographic device may receive When any information is sent to the terminal, the information sent by the terminal can be used as a sleep wake-up signal, and the smart cryptographic device switches the sleep state to the awake state (ie, the normal working mode) according to the sleep wake-up signal. At the same time, the smart cryptographic device can automatically reply to the sleep state after any command execution ends. The smart cryptographic device enters a sleep state to save power of the smart cryptographic device and prolong its service life.
在本步骤终端扫描智能密码设备之前,智能密码设备还需要进入可被扫描的状态,以便终端可以扫描到该智能密码设备,其中,智能密码设备进入可被扫描的状态可以通过在智能密码设备上设置的硬件开关开启实现,也可以通过智能密码设备软件开启实现。Before the terminal scans the smart password device, the smart password device also needs to enter a state that can be scanned, so that the terminal can scan the smart password device, wherein the smart password device enters the scanable state and can pass the smart password device. The set hardware switch is enabled, and can also be implemented by the smart password device software.
本发明中,终端可以与后台系统服务器进行相互认证,和/或终端还可以与智能密码设备进行相互认证。In the present invention, the terminal can perform mutual authentication with the background system server, and/or the terminal can also perform mutual authentication with the smart cryptographic device.
1、终端与后台系统服务器进行相互认证,其中:1. The terminal and the backend system server perform mutual authentication, wherein:
终端生成第一待签名信息;具体的,终端可以通过随机数生成器生成随机数作为第一待签名信息,也可以采用自身的序列号、MAC地址或者其他的标识信息作为第一待签名信息,也可以是随机数和标识信息的组合作为第一待签名信息。其中,只要可以被后台系统 服务器进行签名的信息均可以作为第一待签名信息,以便后台系统服务器返回签名信息后对后台系统服务器进行认证。随机数可以为数字、字母、特殊字符等字符中的一种或任意几种的组合。The terminal generates the first to-be-signed information. Specifically, the terminal may generate the random number as the first to-be-signed information by using the random number generator, or may use its own serial number, MAC address, or other identification information as the first to-be-signed information. It may also be a combination of a random number and identification information as the first to-be-signed information. Among them, as long as they can be backstage system The information signed by the server can be used as the first to-be-signed information, so that the background system server returns the signature information and then authenticates the background system server. The random number can be one of a combination of numbers, letters, special characters, or the like.
终端向后台系统服务器发送第一待签名信息以及第一认证请求信息;具体的,终端可以通过可信的通信链路将第一待签名信息以及第一认证请求信息向后台系统服务器进行发送,以保证信息发送的安全性;也可以通过互联网将第一待签名信息以及第一认证请求信息向后台系统服务器进行发送,以提高信息传输的便捷性。The terminal sends the first to-be-signed information and the first authentication request information to the background system server. Specifically, the terminal may send the first to-be-signed information and the first authentication request information to the background system server through the trusted communication link, to The security of information transmission is guaranteed; the first to-be-signed information and the first authentication request information may also be sent to the background system server through the Internet to improve the convenience of information transmission.
此外,后台系统服务器为了确保数据交互的安全性以及终端的合法性,后台系统服务器还可以在接收到第一待签名信息以及第一认证请求信息后,判断终端的标识信息是否包含在后台系统服务器中预存的终端异常名单中,其中,第一认证请求信息包括终端的标识信息;后台系统服务器在判断出终端的标识信息在终端异常名单中后,获取锁定终端指令,以及利用后台系统服务器的私钥对锁定终端指令进行签名获得第四签名信息,并向终端发送锁定终端指令以及第四签名信息;端接收到锁定终端指令以及第四签名信息后,利用预存的后台系统服务器证书中的公钥对第四签名信息进行验证;终端在验证第四签名信息通过后,根据锁定终端指令执行锁定操作。In addition, in order to ensure the security of the data interaction and the legitimacy of the terminal, the background system server may further determine whether the identification information of the terminal is included in the background system server after receiving the first to-be-signed information and the first authentication request information. In the terminal abnormal list that is pre-stored, the first authentication request information includes the identification information of the terminal; the background system server obtains the locked terminal instruction after determining that the terminal identification information is in the terminal abnormal list, and uses the private of the background system server. The key pair locks the terminal instruction to obtain the fourth signature information, and sends the locked terminal instruction and the fourth signature information to the terminal; after receiving the locked terminal instruction and the fourth signature information, the terminal uses the public key in the pre-stored background system server certificate. The fourth signature information is verified; after verifying that the fourth signature information is passed, the terminal performs a locking operation according to the locked terminal instruction.
具体的,终端异常名单可以为黑名单、挂失名单、失效名单等任意表示终端身份非法的名单;如果终端的标识信息在终端异常名单中,则说明该终端是非法的终端,此时,为了确保安全性,后台系统服务器向该非法终端发送锁定指令以锁定该非法终端,同时,后台系统服务器还对该锁定指令进行签名,以确保锁定指令的合法来源,避免非法锁定终端的恶意操作。Specifically, the terminal abnormal list may be a blacklist, a loss list, an invalidation list, or the like, which is an illegal list of the terminal identity. If the terminal identification information is in the terminal abnormal list, the terminal is an illegal terminal. Security, the background system server sends a lock instruction to the illegal terminal to lock the illegal terminal. At the same time, the background system server also signs the lock instruction to ensure the legal source of the lock instruction and avoid malicious operation of illegally locking the terminal.
当然,本发明并不局限于此,对于实际应用来说,只要可以合法锁定非法终端即可。Of course, the present invention is not limited to this, and for practical applications, as long as the illegal terminal can be legally locked.
另外,后台系统服务器也可以不对锁定指令进行签名,仅发送锁定指令至非法终端以锁定该非法终端。In addition, the background system server may not sign the lock instruction and only send the lock command to the illegal terminal to lock the illegal terminal.
终端根据锁定终端指令执行锁定操作可以包括:终端拒绝执行任何请求,销毁自身存储的证书等任意方式。The terminal performing the locking operation according to the locking terminal instruction may include: the terminal rejects any request, destroys the stored certificate, and the like.
当然,后台系统服务器在发送锁定指令后,还可以执行拒绝该非法终端的任何请求。Of course, the background system server can also perform any request to reject the illegal terminal after sending the lock instruction.
由此可见,当终端出现遗失或遭到非法举报等异常情况时,该终端的标识信息将被录入到后台系统服务器的挂失名单或黑名单等异常名单中,此后,若再有人企图使用该终端进行交易以非法转账盗取资金时,在终端与后台系统服务器进行认证时,后 台系统服务器会将终端标识信息在异常名单进行比对,若发现该终端的标识信息在异常名单中,后台系统服务器就会对终端进行锁定,从而保护用户账户安全。It can be seen that when the terminal has an abnormal situation such as loss or illegal reporting, the identification information of the terminal will be entered into the abnormal list such as the loss list or blacklist of the background system server. Thereafter, if another person attempts to use the terminal. When a transaction is made to illegally transfer funds to steal funds, when the terminal and the background system server are authenticated, The system server compares the terminal identification information in the abnormal list. If the identification information of the terminal is found in the abnormal list, the background system server locks the terminal, thereby protecting the user account security.
后台系统服务器接收到第一待签名信息以及第一认证请求信息后,生成第二待签名信息;具体的,后台系统服务器可以在接收到第一认证请求信息后,生成第二待签名信息,可以通过随机数生成器生成随机数作为第二待签名信息,也可以采用自身的序列号、MAC地址或者其他的标识信息作为第二待签名信息,也可以是随机数和标识信息的组合作为第二待签名信息。其中,只要可以被终端进行签名的信息均可以作为第二待签名信息,以便终端返回签名信息后对终端进行认证。随机数可以为数字、字母、特殊字符等字符中的一种或任意几种的组合。After receiving the first to-be-signed information and the first authentication request information, the background system server generates the second to-be-signed information. Specifically, the background system server may generate the second to-be-signed information after receiving the first authentication request information. The random number generator generates the random number as the second to-be-signed information, and may also use its own serial number, MAC address or other identification information as the second to-be-signed information, or may be a combination of the random number and the identification information as the second. Information to be signed. The information that can be signed by the terminal can be used as the second information to be signed, so that the terminal can authenticate the terminal after returning the signature information. The random number can be one of a combination of numbers, letters, special characters, or the like.
后台系统服务器向终端发送第二待签名信息以及后台系统服务器证书;具体的,后台系统服务器可以通过可信的通信链路将第二待签名信息以及后台系统服务器证书向终端进行发送,以保证信息发送的安全性;也可以通过互联网将第二待签名信息以及后台系统服务器证书向终端进行发送,以提高信息传输的便捷性。The background system server sends the second to-be-signed information and the background system server certificate to the terminal; specifically, the background system server can send the second to-be-signed information and the background system server certificate to the terminal through the trusted communication link to ensure the information. The security of the transmission; the second signature information and the background system server certificate can also be sent to the terminal through the Internet to improve the convenience of information transmission.
终端接收到第二待签名信息以及后台系统服务器证书后,利用预存的后台系统服务器证书对应的根证书验证后台系统服务器证书是否合法;具体的,终端在注册过程中还需获取到后台系统服务器证书对应的根证书,以便对后台系统服务器证书进行合法性验证。After receiving the second to-be-signed information and the background system server certificate, the terminal uses the root certificate corresponding to the pre-stored background system server certificate to verify whether the background system server certificate is legal. Specifically, the terminal needs to obtain the background system server certificate during the registration process. Corresponding root certificate for legality verification of the background system server certificate.
终端在验证后台系统服务器证书合法后,利用终端的私钥对第一待签名信息和第二待签名信息进行签名生成第一签名信息;具体的,终端对第一待签名信息和第二待签名信息进行签名,由此,终端将签名信息传输至后台系统服务器,即可以保证该数据的合法来源,也保证了数据中重要信息的安全性,本发明中的第一签名信息可以是将第一待签名信息和第二待签名信息连接后的信息进行签名获得的,也可以是将第一待签名信息和第二待签名信息按照预先协商的调整方案进行调整后的信息进行签名获得的。当然,终端在验证后台系统服务器证书合法后,还可以生成共享主密钥,该共享主密钥具体可以配置为生成第一会话密钥,此时,终端还利用后台系统服务器证书中的公钥对共享主密钥进行加密生成第一加密信息;由此可以安全传输共享主密钥。After verifying that the background system server certificate is valid, the terminal uses the private key of the terminal to sign the first to-be-signed information and the second to-be-signed information to generate the first signature information. Specifically, the terminal signs the first to-be-signed information and the second to-be-signed. The information is signed, whereby the terminal transmits the signature information to the background system server, that is, the legal source of the data can be ensured, and the security of the important information in the data is also ensured. The first signature information in the present invention may be the first The information obtained by signing the information to be signed and the information to be signed by the second signature information may be obtained by signing the information of the first to-be-signed information and the second to-be-signed information according to the pre-negotiated adjustment scheme. Of course, after verifying that the background system server certificate is legal, the terminal may also generate a shared master key, and the shared master key may be configured to generate a first session key. At this time, the terminal also uses the public key in the background system server certificate. Encrypting the shared master key generates first encrypted information; thereby, the shared master key can be securely transmitted.
终端向后台系统服务器发送第一签名信息以及终端证书;当然,如果终端还生成了共享主密钥,并对共享主密钥进行加密获得第一加密信息,则在本步骤中,终端除了向后台系统服务器发送第一签名信息以及终端证书外,还向后台系统服务器发送第一加密信息。The terminal sends the first signature information and the terminal certificate to the background system server; of course, if the terminal further generates the shared master key and encrypts the shared master key to obtain the first encrypted information, in this step, the terminal goes to the background. The system server sends the first signature information and the terminal certificate, and also sends the first encrypted information to the background system server.
后台系统服务器利用预存的终端证书对应的根证书验证终端证书是否合法;具体的,后台系统服务器在终端的注册过程中还获取到终端证书对应的根证书,以便对终端证书进行合法性验证。 The background system server uses the root certificate corresponding to the pre-stored terminal certificate to verify whether the terminal certificate is legal. Specifically, the background system server obtains the root certificate corresponding to the terminal certificate during the registration process of the terminal, so as to verify the validity of the terminal certificate.
后台系统服务器在验证终端证书合法后,利用终端证书中的公钥验证第一签名信息;After verifying that the terminal certificate is legal, the background system server verifies the first signature information by using the public key in the terminal certificate;
后台系统服务器在验证第一签名信息通过后,生成后台认证完成消息,并向终端发送后台认证完成消息;当然,如果后台系统服务器还接收到第一加密信息,则本步骤中,后台系统服务器还利用后台系统服务器的私钥解密第一加密信息,获得共享主密钥。After verifying that the first signature information is passed, the background system server generates a background authentication completion message, and sends a background authentication completion message to the terminal; of course, if the background system server further receives the first encrypted information, in this step, the background system server further The first encrypted information is decrypted by using the private key of the background system server to obtain a shared master key.
终端接收到后台认证完成消息后,验证后台认证完成消息;具体的,终端对后台认证完成消息进行合法性验证。After receiving the background authentication completion message, the terminal verifies the background authentication completion message; specifically, the terminal performs legality verification on the background authentication completion message.
终端在验证后台认证完成消息通过后,生成终端认证第一完成消息,向后台系统服务器发送终端认证第一完成消息;当然,如果终端生成了共享主密钥,则本步骤中,终端还可以根据共享主密钥计算第一会话密钥;After the terminal verifies that the background authentication completion message is passed, the terminal generates a terminal completion first completion message, and sends a terminal authentication first completion message to the background system server; of course, if the terminal generates the shared master key, the terminal may further Calculating the first session key by sharing the master key;
后台系统服务器接收到终端认证第一完成消息后,验证终端认证第一完成消息;具体的后台系统服务器对终端认证第一完成消息进行合法性验证。After receiving the terminal completion first completion message, the background system server verifies that the terminal authenticates the first completion message; the specific background system server performs legality verification on the terminal authentication first completion message.
后台系统服务器在验证终端认证第一完成消息通过后,终端与后台系统服务器完成相互认证。当然,如果后台系统服务器还解密获得了共享主密钥,则本步骤中,后台系统服务器还可以根据共享主密钥计算第一会话密钥。After the background system server verifies that the terminal completion first completion message is passed, the terminal and the background system server complete mutual authentication. Of course, if the background system server also decrypts and obtains the shared master key, in this step, the background system server may further calculate the first session key according to the shared master key.
基于上述终端与后台系统服务器之间的双向认证,可以确保双方合法性,提高后续处理的安全性。Based on the two-way authentication between the terminal and the backend system server, the legality of both parties can be ensured, and the security of subsequent processing can be improved.
另外,后台系统服务器在验证终端认证第一完成消息通过后,还对终端开放相应的权限,例如:终端可以从后台系统服务器获取智能密码设备对应的用户信息,以便实现后台系统服务器对终端的管理。In addition, after the first system completion message of the terminal authentication is verified, the background system server also opens the corresponding authority to the terminal. For example, the terminal can obtain the user information corresponding to the smart password device from the background system server, so as to implement the management of the background system server to the terminal. .
当然,如果终端与后台系统服务器之间还生成第一会话密钥,则可以保证后台系统服务器与终端之间数据传输的安全性和/或完整性,以便后台系统服务器与终端进行后续数据传输时,利用第一会话密钥对待传输数据进行加密计算和/或校验计算。该第一会话密钥可以包括加密密钥和/或校验密钥,校验密钥可以为MAC校验计算密钥或HASH校验计算密钥,加密密钥为对称加密计算密钥,该第一会话密钥所包括的加密密钥和/或校验密钥可以为通过共享主密钥进行分解得到的。Of course, if the first session key is also generated between the terminal and the background system server, the security and/or integrity of the data transmission between the background system server and the terminal can be ensured, so that the background system server and the terminal perform subsequent data transmission. And using the first session key to perform encryption calculation and/or check calculation on the data to be transmitted. The first session key may include an encryption key and/or a verification key, and the verification key may be a MAC check calculation key or a HASH check calculation key, and the encryption key is a symmetric encryption calculation key, and the encryption key is a symmetric encryption calculation key. The encryption key and/or the verification key included in the first session key may be obtained by decomposing by sharing the master key.
当然,本发明并不局限于此种由终端发起的第一会话密钥生成过程,还可以由后台系统服务器发起该第一会话密钥生成过程。此时对于终端的锁定,只要在后台系统服务器接收到终端的标识信息后即可以由后台系统服务器进行判断即可。Of course, the present invention is not limited to such a first session key generation process initiated by the terminal, and may also be initiated by the background system server. At this time, the locking of the terminal may be determined by the background system server after the background system server receives the identification information of the terminal.
此外,第一会话密钥可以由终端或者后台系统服务器中的任一方生成后,并以对方的公钥进行加密后发送给对方,减少一方的计算复杂度。In addition, the first session key may be generated by any one of the terminal or the background system server, and encrypted by the public key of the other party and then sent to the other party, thereby reducing the computational complexity of one party.
终端与后台系统服务器之间生成第一会话密钥的过程可以与下述终端与智能密码设备 之间生成第二会话密钥的过程相同。The process of generating the first session key between the terminal and the background system server can be combined with the following terminal and smart cryptographic device. The process of generating a second session key is the same.
以下,给出一个具体的终端与后台系统服务器之间认证并结合第一会话密钥生成的方式,当然本发明并不局限于此:In the following, a specific terminal and background system server authentication is combined and combined with the first session key generation. Of course, the present invention is not limited to this:
1)商户端的终端产生随机数R1;1) The terminal at the merchant end generates a random number R1;
2)商户端的终端将随机数R1发送给后台系统服务器,并向后台系统服务器发送认证请求;2) The terminal at the merchant end sends the random number R1 to the background system server, and sends an authentication request to the background system server;
3)后台系统服务器接收到来自终端的认证请求,产生随机数R2;3) The background system server receives the authentication request from the terminal, and generates a random number R2;
4)后台系统服务器向终端发送随机数R2和后台系统服务器证书;4) The background system server sends the random number R2 and the background system server certificate to the terminal;
5)终端使用终端中预存的后台系统服务器证书对应的根证书验证收到的后台系统服务器证书;5) The terminal verifies the received background system server certificate by using the root certificate corresponding to the background system server certificate pre-stored in the terminal;
如果验证不通过,则结束;If the verification fails, it ends;
如果验证通过,终端产生共享主密钥MKey,用后台系统服务器证书中的公钥对MKey加密得到E1;If the verification is passed, the terminal generates the shared master key MKey, and encrypts the MKey with the public key in the background system server certificate to obtain E1;
6)终端连接R1和R2得到R3,对R3进行摘要计算得到H1,然后使用终端的私钥对H1进行签名计算得到S1;6) The terminal connects R1 and R2 to obtain R3, performs a digest calculation on R3 to obtain H1, and then uses the private key of the terminal to sign H1 to obtain S1;
7)终端将S1、E1和终端证书发送至后台系统服务器;7) The terminal sends the S1, E1 and the terminal certificate to the background system server;
8)后台系统服务器使用终端证书对应的根证书验证终端证书合法性;8) The background system server verifies the validity of the terminal certificate by using the root certificate corresponding to the terminal certificate;
如果验证终端证书不通过,则结束;If the verification terminal certificate does not pass, it ends;
如果验证终端证书通过,则使用终端证书验证S1;If the verification terminal certificate passes, the terminal certificate is used to verify S1;
如果验证S1不通过,则结束;If the verification S1 does not pass, it ends;
如果验证S1通过,则从E1中解密得到共享主密钥MKey;If the verification S1 is passed, the shared master key MKey is obtained by decrypting from E1;
9)后台系统服务器对后台系统服务器证书进行摘要计算得到H2,对终端证书进行摘要计算得到H3,将R1、R2、H2、H3、S1、E1连接后得到T1,对T1进行摘要计算后再经过HMAC计算得到“后台系统服务器认证完成消息”;9) The background system server performs a summary calculation on the background system server certificate to obtain H2, and performs a digest calculation on the terminal certificate to obtain H3, and connects R1, R2, H2, H3, S1, and E1 to obtain T1, and performs a digest calculation on T1. HMAC calculates the "Background System Server Authentication Complete Message";
10)后台系统服务器发送“后台系统服务器认证完成消息”到终端;10) The background system server sends a "background system server authentication completion message" to the terminal;
11)终端验证接收到的后台系统服务器发来的“后台系统服务器认证完成消息”;11) The terminal verifies the "background system server authentication completion message" sent by the background system server received;
如果验证不通过,则结束;If the verification fails, it ends;
如果验证通过,则生成“终端认证完成消息”(参见上述生成“后台系统服务器认证完成消息”的方式);If the verification is passed, a "Terminal Authentication Complete Message" is generated (see the manner of generating the "Background System Server Authentication Complete Message" above);
12)终端发送“终端认证完成消息”到后台系统服务器;12) The terminal sends a "terminal authentication completion message" to the background system server;
13)后台系统服务器验证接收到的“终端认证完成消息”; 13) The background system server verifies the received "terminal authentication completion message";
如果验证不通过,则结束;If the verification fails, it ends;
如果验证通过,则表示双向认证过程成功,双方计算会话密钥,并从会话密钥中分解出的加密密钥K1,配置为后台系统服务器与终端之间进行数据传输的加密解密,和/或校验计算的校验密钥MACKEY,配置为校验值的生成与校验。If the verification is passed, it indicates that the two-way authentication process is successful, the two parties calculate the session key, and the encryption key K1 decomposed from the session key is configured as encryption and decryption of data transmission between the background system server and the terminal, and/or The calculated verification key MACKEY is configured to generate and verify the check value.
如此商户的终端与后台系统服务器之间就进行了双向的身份认证,确保了对方是合法的,并协商出了公共的会话密钥(包括加密密钥和/或校验密钥),可配置为终端与后台系统服务器之间数据互传时的数据加密和/或校验值的生成。该商户的终端也完成了在后台系统服务器处的“签到”,即可以进行后续的用户信息读取和交易请求的操作请求。The merchant's terminal and the back-end system server perform two-way identity authentication to ensure that the other party is legitimate, and negotiate a public session key (including encryption key and/or verification key), which can be configured. Data encryption and/or check value generation for data transfer between the terminal and the backend system server. The merchant's terminal also completes the "check-in" at the background system server, that is, the subsequent operation request for reading the user information and the transaction request.
需要说明的是,本例中后台系统服务器与终端之间的传输数据的时候生成的校验值是MAC形式的。在具体实现时,所述的校验值并不一定只是用MAC密钥生成的MAC值,也可以通过生成摘要再签名的方式生成校验值。It should be noted that, in this example, the check value generated when the background system server and the terminal transmit data is in the form of MAC. In a specific implementation, the check value is not necessarily the MAC value generated by using the MAC key, and the check value may be generated by generating a digest re-signature.
在本步骤中,通过终端与后台系统服务器相互认证建立安全通道,认证通过以后即完成了持有该终端的商户在后台系统服务器的“签到”,即后台系统服务器认定了持有该终端的商户的合法性并与终端协商出第一会话密钥,以便利用该第一会话密钥实现了后台系统服务器与终端的交易数据交互时的加密传输,做好后续对智能密码设备对应的用户信息传输以及交易数据传输等操作的准备工作。之后该经过后台系统服务器认证的终端可以通过后台系统服务器对智能密码设备的合法性进行验证,并获取合法智能密码设备的相关用户信息。In this step, a secure channel is established through mutual authentication between the terminal and the background system server, and the "check-in" of the merchant holding the terminal in the background system server is completed after the authentication is passed, that is, the back-end system server identifies the merchant holding the terminal. The validity of the first session key is negotiated with the terminal, so that the first session key is used to implement the encrypted transmission when the transaction data of the background system server interacts with the terminal, and the subsequent transmission of the user information corresponding to the smart cryptographic device is performed. And the preparation of operations such as transaction data transmission. Then, the terminal authenticated by the background system server can verify the legality of the smart cryptographic device through the background system server, and obtain related user information of the legal smart cryptographic device.
2、终端与智能密码设备进行相互认证,其中:2. The terminal and the smart cryptographic device perform mutual authentication, wherein:
终端生成第三待签名信息;具体的,终端可以通过随机数生成器生成随机数作为第三待签名信息,也可以采用自身的序列号、MAC地址或者其他的标识信息作为第三待签名信息,也可以是随机数和标识信息的组合作为第三待签名信息。其中,只要可以被智能密码设备进行签名的信息均可以作为第三待签名信息,以便智能密码设备返回签名信息后对智能密码设备进行认证。随机数可以为数字、字母、特殊字符等字符中的一种或任意几种的组合。The terminal generates the third to-be-signed information. Specifically, the terminal may generate the random number as the third to-be-signed information by using the random number generator, or may use the serial number, the MAC address, or other identification information as the third to-be-signed information. It may also be a combination of a random number and identification information as the third to-be-signed information. The information that can be signed by the smart cryptographic device can be used as the third to-be-signed information, so that the smart cryptographic device can authenticate the smart cryptographic device after returning the signature information. The random number can be one of a combination of numbers, letters, special characters, or the like.
终端向智能密码设备发送第三待签名信息以及第二认证请求信息;具体的,终端可以通过无线通信链路将第三待签名信息以及第二认证请求信息向智能密码设备进行发送,以保证信息发送的便捷性;也可以通过有线接口将第三待签名信息以及第二认证请求信息向智能密码设备进行发送,以提高信息传输的安全性。The terminal sends the third to-be-signed information and the second authentication request information to the smart cryptographic device. Specifically, the terminal may send the third to-be-signed information and the second authentication request information to the smart cryptographic device through the wireless communication link to ensure the information. Convenience of sending; the third to-be-signed information and the second authentication request information may also be sent to the smart cryptographic device through a wired interface to improve the security of information transmission.
智能密码设备接收到第三待签名信息以及第二认证请求信息后,生成第四待签名信息;具体的,智能密码设备可以在接收到第二认证请求信息后,生成第四待签名信息,可以通 过随机数生成器生成随机数作为第四待签名信息,也可以采用自身的序列号、MAC地址或者其他的标识信息(例如设备访问码DAC)作为第四待签名信息,也可以是随机数和标识信息的组合作为第四待签名信息。其中,只要可以被终端进行签名的信息均可以作为第四待签名信息,以便终端返回签名信息后对终端进行认证。随机数可以为数字、字母、特殊字符等字符中的一种或任意几种的组合。After receiving the third to-be-signed information and the second authentication request information, the smart cryptographic device generates the fourth to-be-signed information. Specifically, the smart cryptographic device may generate the fourth to-be-signed information after receiving the second authentication request information. Pass The random number generator generates the random number as the fourth information to be signed, and may also use its own serial number, MAC address or other identification information (such as device access code DAC) as the fourth to-be-signed information, or may be a random number and The combination of the identification information is used as the fourth to-be-signed information. The information that can be signed by the terminal can be used as the fourth information to be signed, so that the terminal can authenticate the terminal after returning the signature information. The random number can be one of a combination of numbers, letters, special characters, or the like.
另外,智能密码设备在接收到第三待签名信息以及第二认证请求信息后,生成第四待签名信息的步骤中,智能密码设备还可以在接收到第二认证请求信息后,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下生成第四待签名信息。由休眠状态转换为唤醒状态以完成正常工作,并在智能密码设备完成工作后,再次切换为休眠状态,以减少电能损耗,延长使用寿命。In addition, in the step of generating the fourth to-be-signed information after receiving the third to-be-signed information and the second authentication request information, the smart cryptographic device may further switch from the sleep state after receiving the second authentication request information. The awake state is generated; the smart cryptographic device generates the fourth to-be-signed information in the awake state. The sleep state is changed to the awake state to complete the normal work, and after the smart cryptographic device completes the work, it is switched to the sleep state again to reduce the power loss and prolong the service life.
智能密码设备利用智能密码设备的私钥对第三待签名信息进行签名获得第二签名信息,并向终端发送第四待签名信息、第二签名信息以及智能密码设备证书;The smart cryptographic device uses the private key of the smart cryptographic device to sign the third to-be-signed information to obtain the second signature information, and sends the fourth to-be-signed information, the second signature information, and the smart cryptographic device certificate to the terminal;
终端接收到第四待签名信息、第二签名信息以及智能密码设备证书后,利用预存的智能密码设备证书对应的根证书验证智能密码设备证书是否合法;具体的,终端还需要获取智能密码设备证书对应的根证书,以便对智能密码设备证书进行合法性验证。After receiving the fourth to-be-signed information, the second signature information, and the smart cryptographic device certificate, the terminal uses the root certificate corresponding to the pre-stored smart cryptographic device certificate to verify whether the smart cryptographic device certificate is legal. Specifically, the terminal also needs to obtain the smart cryptographic device certificate. Corresponding root certificate for legality verification of smart cryptographic device certificates.
终端在验证智能密码设备证书合法后,利用智能密码设备证书中的公钥对第二签名信息进行验证;After verifying that the smart cryptographic device certificate is legal, the terminal uses the public key in the smart cryptographic device certificate to verify the second signature information;
终端在验证第二签名信息通过后,利用终端的私钥对第三待签名信息和第四待签名信息进行签名获得第三签名信息;具体的,终端在验证第二签名信息通过后,还对第三待签名信息和第四待签名信息进行签名,以保证第三待签名信息和第四待签名信息传输的安全性以及不可抵赖性,保证信息传输的合法来源。当然,终端还可以生成第一会话密钥生成因子,利用智能密码设备证书中的公钥对第一会话密钥生成因子进行加密获得第二加密信息,终端在验证智能密码设备证书以及智能密码设备的签名均通过后,生成终端与智能密码设备之间数据交互的会话密钥的生成因子(即第一会话密钥生成因子,该第一会话密钥生成因子配置为生成终端与智能密码设备之间数据交互的会话密钥),同时,利用智能密码设备证书中的公钥对该第一会话密钥生成因子进行加密,以便保证第一会话密钥生成因子传输的安全性。After verifying that the second signature information is passed, the terminal signs the third signature information and the fourth signature information by using the private key of the terminal to obtain the third signature information. Specifically, after verifying that the second signature information is passed, the terminal is still The third to-be-signed information and the fourth to-be-signed information are signed to ensure the security and non-repudiation of the third to-be-signed information and the fourth to-be-signed information transmission, and ensure a legal source of information transmission. Certainly, the terminal may further generate a first session key generation factor, encrypt the first session key generation factor by using a public key in the smart password device certificate to obtain second encrypted information, and the terminal is verifying the smart password device certificate and the smart password device. After the signatures are all passed, a generation factor of a session key for data interaction between the terminal and the smart cryptographic device is generated (ie, a first session key generation factor, and the first session key generation factor is configured to generate a terminal and a smart cryptographic device) At the same time, the first session key generation factor is encrypted by using the public key in the smart cryptographic device certificate to ensure the security of the first session key generation factor transmission.
终端向智能密码设备发送第三签名信息以及终端证书;当然,如果终端还生成了第一会话密钥生成因子,并利用智能密码设备证书中的公钥对第一会话密钥生成因子进行加密获得第二加密信息,则在本步骤中,终端除了向后台系统服务器发送第三签名信息以及终端证书外,还向后台系统服务器发送第二加密信息。 The terminal sends the third signature information and the terminal certificate to the smart cryptographic device; of course, if the terminal further generates the first session key generation factor, and encrypts the first session key generation factor by using the public key in the smart cryptographic device certificate The second encrypted information, in this step, the terminal sends the second encrypted information to the background system server in addition to the third signature information and the terminal certificate to the background system server.
智能密码设备接收到第三签名信息以及终端证书后,利用预存的终端证书对应的根证书验证终端证书是否合法;具体的,智能密码设备还需要获取到终端证书对应的根证书,以便对终端证书进行合法性验证。当然,如果终端还向智能密码设备发送第二加密信息,则本步骤中,智能密码设备还接收终端发送的第二加密信息。After receiving the third signature information and the terminal certificate, the smart cryptographic device uses the root certificate corresponding to the pre-stored terminal certificate to verify whether the terminal certificate is legal. Specifically, the smart cryptographic device also needs to obtain the root certificate corresponding to the terminal certificate, so as to obtain the terminal certificate. Perform legality verification. Of course, if the terminal further sends the second encrypted information to the smart cryptographic device, in this step, the smart cryptographic device further receives the second encrypted information sent by the terminal.
智能密码设备在验证终端证书合法后,利用终端证书中的公钥对第三签名信息进行验证;After verifying that the terminal certificate is legal, the smart cryptographic device uses the public key in the terminal certificate to verify the third signature information;
智能密码设备在验证第三签名信息通过后,生成智能密码设备认证完成消息;具体的,智能密码设备在验证终端证书以及终端的签名信息均通过后,还生成智能密码设备认证完成消息,以便告知终端智能密码设备认证完成。当然,如果智能密码设备还接收到第二加密信息,则本步骤中,智能密码设备还生成第二会话密钥生成因子,利用终端证书中的公钥对第二会话密钥生成因子进行加密获得第三加密信息,其中,智能密码设备在验证终端证书以及终端的签名信息均通过后,还生成终端与智能密码设备之间数据交互的会话密钥的生成因子(即第二会话密钥生成因子,该第二会话密钥生成因子配置为生成终端与智能密码设备之间数据交互的会话密钥),同时,利用终端证书中的公钥对该第二会话密钥生成因子进行加密,以便保证第二会话密钥生成因子传输的安全性。After verifying that the third signature information is passed, the smart cryptographic device generates a smart cryptographic device authentication completion message; specifically, after verifying the terminal certificate and the signature information of the terminal, the smart cryptographic device also generates a smart cryptographic device authentication completion message, so as to notify The terminal smart password device authentication is completed. Of course, if the smart cryptographic device further receives the second encrypted information, in this step, the smart cryptographic device further generates a second session key generation factor, and encrypts the second session key generation factor by using the public key in the terminal certificate. The third encryption information, wherein the smart cryptographic device generates a session key generation factor (ie, a second session key generation factor) for data interaction between the terminal and the smart cryptographic device after the verification of the terminal certificate and the signature information of the terminal are all passed. The second session key generation factor is configured to generate a session key for data interaction between the terminal and the smart cryptographic device, and the second session key generation factor is encrypted by using the public key in the terminal certificate to ensure The security of the second session key generation factor transmission.
智能密码设备向终端发送智能密码设备认证完成消息;当然,如果智能密码设备还生成了第二会话密钥生成因子,并对第二会话密钥生成因子进行加密获得第三加密信息,则本步骤中,智能密码设备除了向终端发送智能密码设备认证完成消息外,还向终端发送第三加密信息。The smart cryptographic device sends a smart cryptographic device authentication completion message to the terminal; of course, if the smart cryptographic device further generates the second session key generation factor and encrypts the second session key generation factor to obtain the third encrypted information, this step The smart cryptographic device sends a third encrypted information to the terminal in addition to sending the smart cryptographic device authentication completion message to the terminal.
终端接收到智能密码设备认证完成消息后,验证智能密码设备认证完成消息;具体的,终端还认证智能密码设备认证完成消息,以确保认证完成消息的合法来源。当然,如果智能密码设备还向终端发送了第三加密信息,则本步骤中,终端还接收第三加密信息。After receiving the smart password device authentication completion message, the terminal verifies the smart password device authentication completion message; specifically, the terminal also authenticates the smart password device authentication completion message to ensure the legal source of the authentication completion message. Of course, if the smart cryptographic device also sends the third encrypted information to the terminal, the terminal further receives the third encrypted information in this step.
终端在验证智能密码设备认证完成消息通过后,生成终端认证第二完成消息,向智能密码设备发送终端认证第二完成消息;具体的,终端在认证智能密码设备认证完成消息通过后,生成终端认证第二完成消息,以告知智能密码设备终端认证完成。当然,如果终端还接收到第三加密信息,则本步骤中,终端还根据第一会话密钥生成因子以及解密第三加密信息获得的第二会话密钥生成因子生成第二会话密钥,以便与智能密码设备之间通过该第二会话密钥进行数据交互。After the verification of the smart cryptographic device authentication completion message, the terminal generates a terminal authentication second completion message, and sends a terminal authentication second completion message to the smart cryptographic device. Specifically, after the terminal passes the authentication smart cryptosystem authentication completion message, the terminal generates the terminal authentication. The second completion message is to inform the smart cryptographic device that the terminal authentication is completed. Of course, if the terminal further receives the third encrypted information, in this step, the terminal further generates a second session key according to the first session key generation factor and the second session key generation factor obtained by decrypting the third encrypted information, so that Data interaction is performed with the smart cryptographic device through the second session key.
智能密码设备接收到终端认证第二完成消息后,验证终端认证第二完成消息;具体的,智能密码设备还认证终端认证第二完成消息,以确保认证完成消息的合法来源。After receiving the terminal completion second completion message, the smart cryptographic device verifies the terminal to authenticate the second completion message. Specifically, the smart cryptographic device also authenticates the terminal to authenticate the second completion message to ensure the legal source of the authentication completion message.
智能密码设备验证终端认证第二完成消息后,终端与智能密码设备完成相互认证。当 然,如果智能密码设备还生成了第二会话密钥生成因子且接收到了第二加密信息,则本步骤中,智能密码设备还根据第二会话密钥生成因子以及解密第二加密信息获得的第一会话密钥生成因子生成第二会话密钥,以便与终端之间通过该第二会话密钥进行数据交互。After the smart cryptographic device verifies the second completion message of the terminal authentication, the terminal and the smart cryptographic device complete mutual authentication. when However, if the smart cryptographic device further generates the second session key generation factor and receives the second encrypted information, in this step, the smart cryptographic device further obtains the factor according to the second session key generation factor and the second encrypted information. A session key generation factor generates a second session key for data interaction with the terminal through the second session key.
基于上述终端与智能密码设备之间的双向认证,可以确保双方合法性,提高后续处理的安全性。Based on the two-way authentication between the terminal and the smart cryptographic device, the legality of both parties can be ensured, and the security of subsequent processing can be improved.
当然,本发明并不局限于此种由终端发起的第二会话密钥生成过程,还可以由智能密码设备发起该第二会话密钥生成过程。Of course, the present invention is not limited to such a second session key generation process initiated by the terminal, and the second session key generation process may also be initiated by the smart cryptographic device.
此外,第二会话密钥可以由终端或者智能密码设备中的任一方生成后,并以对方的公钥进行加密后发送给对方,减少一方的计算复杂度。In addition, the second session key may be generated by one of the terminal or the smart cryptographic device, and encrypted by the public key of the other party and then sent to the other party, thereby reducing the computational complexity of one party.
当然,本发明的终端与智能密码设备之间生成第二会话密钥的过程可以与上述终端与后台系统服务器之间生成第一会话密钥的过程相同。即第二会话密钥也可以通过分解共享主密钥的方式获得。Of course, the process of generating the second session key between the terminal of the present invention and the smart cryptographic device may be the same as the process of generating the first session key between the terminal and the background system server. That is, the second session key can also be obtained by decomposing the shared master key.
以下,给出一个具体的终端与智能密码设备之间认证并结合第二会话密钥生成的方式,当然本发明并不局限于此:In the following, a specific method of authenticating between the terminal and the smart cryptographic device and combining the second session key generation is given. Of course, the present invention is not limited to this:
1)终端向智能密码设备发送认证请求,并发送随机数R01;1) The terminal sends an authentication request to the smart cryptographic device, and sends a random number R01;
2)处于休眠状态的智能密码设备在接收到终端发来的认证请求以后被唤醒;2) The smart cryptographic device in the dormant state is woken up after receiving the authentication request sent by the terminal;
3)智能密码设备生成随机数R02,并对R01进行摘要计算并用其私钥加密摘要生成签名S01,智能密码设备将随机数R02、签名S01以及智能密码设备证书发送给终端;3) The smart cryptographic device generates a random number R02, performs a digest calculation on the R01, and uses the private key to encrypt the digest to generate the signature S01, and the smart cryptographic device sends the random number R02, the signature S01, and the smart cryptographic device certificate to the terminal;
4)终端使用终端内预存的智能密码设备证书对应的根证书验证智能密码设备证书的合法性;4) The terminal verifies the legality of the smart cryptographic device certificate by using the root certificate corresponding to the smart cryptographic device certificate pre-stored in the terminal;
如果验证智能密码设备证书不合法,则结束连接;If the verification of the smart password device certificate is invalid, the connection is terminated;
如果验证智能密码设备证书合法,则执行步骤5);If the verification of the smart cryptographic device certificate is legal, perform step 5);
5)终端验证签名S01是否正确,5) Is the terminal verification signature S01 correct?
如果验证签名S01不正确,则结束连接;If the verification signature S01 is incorrect, the connection is terminated;
如果验证签名S01正确,则执行步骤6);If the verification signature S01 is correct, step 6) is performed;
6)终端将R01、R02连接起来组成R01|R02,对R01|R02生成摘要并签名,得到签名S02,生成随机数R03,利用智能密码设备的公钥加密R03生成密文E01。将E01、终端证书和S02发送给智能密码设备;6) The terminal connects R01 and R02 to form R01|R02, generates a digest and signs the R01|R02, obtains a signature S02, generates a random number R03, and generates a ciphertext E01 by using the public key of the smart cryptographic device to encrypt R03. Send E01, terminal certificate and S02 to the smart cryptographic device;
7)智能密码设备使用智能密码设备预存的终端证书对应的根证书验证终端证书的合法性;7) The smart cryptographic device verifies the legality of the terminal certificate by using the root certificate corresponding to the terminal certificate pre-stored by the smart cryptographic device;
如果验证终端证书不合法,则结束连接; If the verification terminal certificate is invalid, the connection is terminated;
如果验证终端证书合法,则执行步骤8);If the verification terminal certificate is legal, perform step 8);
8)智能密码设备验证签名S02是否正确;8) Whether the smart password device verifies that the signature S02 is correct;
如果验证签名S02不正确,则结束连接;If the verification signature S02 is incorrect, the connection is terminated;
如果验证签名S02正确,则执行步骤9);If the verification signature S02 is correct, step 9) is performed;
9)智能密码设备生成随机数R04,利用终端的公钥对R04加密生成密文E02,将密文E02发给终端;9) The intelligent cryptographic device generates a random number R04, encrypts R04 with the public key of the terminal to generate ciphertext E02, and sends the ciphertext E02 to the terminal;
10)终端生成认证完成消息,终端对终端证书进行摘要运算得到H01,对智能密码设备证书进行摘要运算得到H02,将R01、R02、E01,E02,H01、H02、S01、S02连接后得到T01,然后对T01进行摘要并签名,得到“后台认证完成消息”F01,向智能密码设备发送F01;10) The terminal generates an authentication completion message, the terminal performs a digest operation on the terminal certificate to obtain H01, performs a digest operation on the smart cryptographic device certificate to obtain H02, and connects R01, R02, E01, E02, H01, H02, S01, and S02 to obtain T01. Then, T01 is digested and signed, and a "background authentication completion message" F01 is obtained, and F01 is sent to the smart cryptographic device;
11)智能密码设备收到F01,对F01进行验证;11) The smart cryptographic device receives F01 and verifies F01;
如果验证F01不通过,则返回错误信息结束连接;If the verification F01 does not pass, an error message is returned to end the connection;
如果验证F01通过,则执行步骤12);If the verification F01 is passed, step 12) is performed;
12)智能密码设备以同样方式生成认证完成消息F02,并将生成的认证完成信息发送给终端;12) The smart cryptographic device generates an authentication completion message F02 in the same manner, and sends the generated authentication completion information to the terminal;
13)终端验证F02;13) Terminal verification F02;
如果验证F02不通过,则返回错误信息结束连接;If the verification F02 does not pass, an error message is returned to end the connection;
如果验证F02通过,则执行步骤14);If the verification F02 is passed, step 14) is performed;
14)智能密码设备与终端分别连接R03、R04,得到R03|R04,利用R03|R04生成第二会话密钥K2(该密钥可以仅为加密密钥),配置为两者之后数据的安全传输。14) The smart cryptographic device and the terminal are respectively connected to R03 and R04 to obtain R03|R04, and the second session key K2 is generated by using R03|R04 (the key may be only an encryption key), and the data is securely transmitted after the two. .
由此可见,终端与智能密码设备的相互认证过程(过程二)与后台和终端相互认证(过程一)不同之处在于:It can be seen that the mutual authentication process between the terminal and the smart cryptographic device (process 2) and the mutual authentication between the background and the terminal (process 1) are:
过程一生成了加密密钥以及校验密钥(例如MACKEY),过程二只生成了加密密钥,没有生成校验密钥(当然也可以生成校验密钥)。Process 1 generates an encryption key and a verification key (such as MACKEY). Process 2 only generates an encryption key, and does not generate a verification key (of course, a verification key can also be generated).
校验密钥的作用是用来生成校验值,校验值是用来校验数据传输过程中是否被篡改的。数据发送方采用特定算法利用校验密钥将传输的数据生成校验值,数据接收方利用校验值和校验密钥来校验接收的数据是否被篡改。而针对于本发明终端与智能密码设备后续的流程,终端与智能密码设备之间传输交易数据时,用户可以通过智能密码设备上显示的信息进行人为判断数据是否正确,所以无须再引入校验值;对于终端也可以通过校验智能密码设备发来的签名来判断信息是否被篡改,也无需引入校验值,因此为了简化处理流程,提高通信效率,在生成第二会话密钥时,可以不需要生成校验密钥。当然,为了进一步提高 安全性,也可以生成校验密钥。The function of the verification key is to generate a check value, which is used to verify whether the data has been tampered with during transmission. The data sender uses a specific algorithm to generate a check value using the check key, and the data receiver uses the check value and the check key to verify whether the received data has been tampered with. For the subsequent process of the terminal and the smart cryptographic device of the present invention, when the transaction data is transmitted between the terminal and the smart cryptographic device, the user can manually determine whether the data is correct through the information displayed on the smart cryptographic device, so no need to introduce a check value. The terminal can also determine whether the information has been tampered with by verifying the signature sent by the smart cryptographic device, and does not need to introduce a check value. Therefore, in order to simplify the processing flow and improve communication efficiency, when generating the second session key, it may not A verification key needs to be generated. Of course, in order to further improve Security, you can also generate a verification key.
对于后台系统服务器和终端之间,因为后台系统服务器并不知晓交易具体内容,为保证安全,则需通过引入校验值的方式来判断数据是否被篡改。For the background system server and the terminal, because the background system server does not know the specific content of the transaction, in order to ensure security, it is necessary to determine whether the data has been tampered with by introducing a check value.
由此可见,过程一是通过一方产生共享主密钥,再采用特殊的算法对共享主密钥进行处理,而分解得到加密密钥和校验密钥;过程二是认证双方各产生一个加密密钥的组成因子,最后合成加密密钥。当然,过程一中采用的会话密钥生成方式与过程二中采用的会话密钥生成方式既可以配置为终端与后台系统服务器之间会话密钥的生成,也可以配置为终端与智能密码设备之间会话密钥的生成。It can be seen that the process first generates a shared master key through one party, and then uses a special algorithm to process the shared master key, and decomposes to obtain an encryption key and a verification key; the second process is that each side of the authentication generates an encryption key. The constituent factor of the key, and finally the encryption key. Of course, the session key generation method used in the process 1 and the session key generation method used in the process 2 can be configured as a session key between the terminal and the background system server, or configured as a terminal and a smart cryptographic device. The generation of a session key.
由此,在终端与智能密码设备进行了双向认证后,可以防范钓鱼风险,防止传输信息的篡改、远程劫持和中间人攻击等交易风险,从而有效的保障终端与智能密码设备的资金安全。Therefore, after the terminal and the smart cryptographic device perform the two-way authentication, the phishing risk can be prevented, the transaction risk such as tampering of the transmission information, remote hijacking and man-in-the-middle attack can be prevented, thereby effectively securing the funds of the terminal and the smart cryptographic device.
在本步骤中,可以仅构建后台系统服务器与终端之间进行相互认证的方法体系,建立二者之间的安全通道;也可以仅构建终端与智能密码设备之间进行相互认证的方法体系,建立二者之间的安全通道;还可以构建后台系统服务器、终端、智能密码设备三者之间进行相互认证的方法体系,建立三者之间的安全通道。基于上述三种中的任一种相互认证的方法体系,可以防范钓鱼风险,防止交易信息篡改、远程劫持和中间人攻击等交易风险,从而有效保障持有智能密码设备的用户与持有终端的商户的账户资金安全。In this step, only the method system for mutual authentication between the background system server and the terminal may be constructed, and a secure channel between the two may be established; or only a method system for mutual authentication between the terminal and the smart cryptographic device may be constructed. A secure channel between the two; a method system for mutual authentication between the background system server, the terminal, and the smart cryptographic device can be constructed to establish a secure channel between the three. Based on the method of mutual authentication of any of the above three types, it can prevent phishing risks and prevent transaction risks such as transaction information tampering, remote hijacking and man-in-the-middle attacks, thereby effectively protecting users holding smart cryptographic devices and merchants holding terminals. The account funds are safe.
此外,本发明并不局限于本步骤三在步骤二之后完成,也可以在步骤二之前完成或者与步骤二同时完成,只要在步骤四之前完成认证即可。In addition, the present invention is not limited to the completion of step 3 after step two, and may be completed before step two or simultaneously with step two, as long as the authentication is completed before step four.
当然,本发明中的第一会话密钥可以预存在后台系统服务器和终端中,也可以通过后台系统服务器和终端协商生成,在协商生成第一会话密钥时,可以在终端与后台系统服务器进行认证的过程中协商生成(参见上述终端与后台系统服务器进行相互认证的流程)。Certainly, the first session key in the present invention may be pre-stored in the background system server and the terminal, or may be generated through negotiation between the background system server and the terminal, and may be performed on the terminal and the background system server when the first session key is generated by negotiation. Negotiation is generated during the authentication process (see the above process of mutual authentication between the terminal and the backend system server).
当然,本发明中后台系统服务器与终端之间传输的所有信息均可以通过第一会话密钥加密计算和/或校验计算后传输。Of course, all information transmitted between the background system server and the terminal in the present invention can be transmitted through the first session key encryption calculation and/or verification calculation.
本发明中的第二会话密钥可以预存在终端和智能密码设备中,也可以通过终端和智能密码设备协商生成,在协商生成第二会话密钥时,可以在终端与智能密码设备进行认证的过程中协商生成(参见上述终端与智能密码设备进行相互认证的流程)。The second session key in the present invention may be pre-stored in the terminal and the smart cryptographic device, or may be generated through negotiation between the terminal and the smart cryptographic device. When the second session key is generated by negotiation, the terminal and the smart cryptographic device may be authenticated. Negotiation generation in the process (refer to the above process of mutual authentication between the terminal and the smart cryptographic device).
当然,本发明中终端与智能密码设备之间传输的所有信息也均可以通过第二会话密钥加密计算和/或校验计算后传输。Of course, all information transmitted between the terminal and the smart cryptographic device in the present invention can also be transmitted through the second session key encryption calculation and/or verification calculation.
步骤三:终端获取用户信息。Step 3: The terminal obtains user information.
具体的,本步骤中,终端根据扫描到的智能密码设备的标识信息获取智能密码设备对 应的用户信息(例如,可以是用户的照片、姓名、账号等信息),具体可以通过但不限于以下方式获取智能密码设备对应的用户信息:Specifically, in this step, the terminal acquires a pair of smart password devices according to the identifier information of the scanned smart password device. The user information (for example, the user's photo, name, account, and the like) may be obtained, and the user information corresponding to the smart password device may be obtained by, but not limited to, the following manner:
方式一、终端从后台系统服务器获取智能密码设备对应的用户信息:Method 1: The terminal obtains user information corresponding to the smart password device from the background system server:
终端向后台系统服务器发送智能密码设备的标识信息以及用户信息读取请求;具体的,在终端向后台系统服务器发送智能密码设备的标识信息以及用户信息读取请求时,可以直接向后台系统服务器发送智能密码设备的标识信息以及用户信息读取请求,也可以利用第一会话密钥对智能密码设备的标识信息和/或用户信息读取请求进行加密计算和/或校验计算后再发送,以保证信息传输的安全性和完整性。The terminal sends the identification information of the smart cryptographic device and the user information read request to the background system server; specifically, when the terminal sends the identification information of the smart cryptographic device and the user information read request to the background system server, the terminal may directly send the request to the background system server. The identification information of the smart cryptographic device and the user information reading request may also use the first session key to perform encryption calculation and/or verification calculation on the identification information of the smart cryptographic device and/or the user information read request, and then send the Guarantee the security and integrity of information transmission.
后台系统服务器接收到智能密码设备的标识信息以及用户信息读取请求后,根据智能密码设备的标识信息获取与智能密码设备对应的用户信息;具体的,后台系统服务器预存了已注册的每个智能密码设备对应的用户信息,以便根据接收到的智能密码设备的标识信息获得该智能密码设备对应的用户信息。当然,如果终端向后台系统服务器发送了加密计算和/或校验计算后的信息,那么本步骤中,后台系统服务器还需要利用第一会话密钥对接收到的信息进行解密和/或校验验证计算无误后,获得完整的智能密码设备的标识信息和/或用户信息读取请求。After receiving the identification information of the smart cryptographic device and the user information reading request, the background system server obtains the user information corresponding to the smart cryptographic device according to the identification information of the smart cryptographic device; specifically, the background system server prestores each registered smart device. The user information corresponding to the cryptographic device is used to obtain the user information corresponding to the smart cryptographic device according to the received identification information of the smart cryptographic device. Of course, if the terminal sends the encrypted computing and/or the verified calculated information to the background system server, in this step, the background system server also needs to decrypt and/or verify the received information by using the first session key. After the verification calculation is correct, the identification information of the complete smart cryptographic device and/or the user information read request are obtained.
此外,为了确保数据交互的安全性以及智能密码设备的合法性,后台系统服务器在接收到智能密码设备的标识信息以及用户信息读取请求后,还判断智能密码设备的标识信息是否包含在后台系统服务器中预存的智能密码设备异常名单中;后台系统服务器在判断出智能密码设备的标识信息在智能密码设备异常名单中后,获取锁定智能密码设备指令,以及利用后台系统服务器的私钥对锁定智能密码设备指令进行签名获得第五签名信息,并通过终端向智能密码设备发送锁定智能密码设备指令以及第五签名信息;智能密码设备接收到锁定智能密码设备指令以及第五签名信息后,利用预存的后台系统服务器证书中的公钥对第五签名信息进行验证;智能密码设备在验证第五签名信息通过后,根据锁定智能密码设备指令执行锁定操作。In addition, in order to ensure the security of the data interaction and the legality of the smart cryptographic device, the background system server determines whether the identification information of the smart cryptographic device is included in the background system after receiving the identification information of the smart cryptographic device and the user information reading request. The intelligent password device exception list pre-stored in the server; the background system server obtains the instruction to lock the smart password device after determining that the identification information of the smart password device is in the abnormal list of the smart password device, and uses the private key pair of the background system server to lock the smart The cryptographic device instructs the signature to obtain the fifth signature information, and sends the locked smart cryptographic device command and the fifth signature information to the smart cryptographic device through the terminal; after receiving the locked smart cryptographic device command and the fifth signature information, the smart cryptographic device uses the pre-stored The public key in the background system server certificate verifies the fifth signature information; after verifying that the fifth signature information is passed, the smart cryptographic device performs a locking operation according to the instruction of the locked smart cryptographic device.
具体的,智能密码设备异常名单可以为黑名单、挂失名单、失效名单等任意表示智能密码设备身份非法的名单;如果智能密码设备的标识信息在智能密码设备异常名单中,则说明该智能密码设备是非法的智能密码设备,此时,为了确保安全性,后台系统服务器通过终端向该非法智能密码设备发送锁定指令以锁定该非法智能密码设备,同时,后台系统服务器还对该锁定指令进行签名,以确保锁定指令的合法来源,避免非法锁定智能密码设备的恶意操作。Specifically, the smart password device abnormal list may be a blacklist, a loss list, an invalidation list, or the like, which is an illegal list of the smart password device identity; if the smart password device identification information is in the smart password device abnormal list, the smart password device is specified. It is an illegal smart password device. At this time, in order to ensure security, the background system server sends a lock instruction to the illegal smart password device through the terminal to lock the illegal smart password device, and the background system server also signs the lock command. To ensure the legal source of the lock instruction, to avoid malicious operations that illegally lock the smart password device.
当然,本发明并不局限于此,对于实际应用来说,只要可以合法锁定非法智能密 码设备即可。Of course, the present invention is not limited to this. For practical applications, as long as the illegal smart secret can be legally locked. The code device can be.
另外,后台系统服务器也可以不对锁定指令进行签名,仅发送锁定指令至非法终端以锁定该非法终端。In addition, the background system server may not sign the lock instruction and only send the lock command to the illegal terminal to lock the illegal terminal.
智能密码设备根据锁定智能密码设备指令执行锁定操作可以包括:智能密码设备拒绝执行任何请求,销毁自身存储的证书等任意方式。The smart cryptographic device may perform the locking operation according to the instruction of the locked smart cryptographic device, and may include any manner in which the smart cryptographic device refuses to execute any request, destroys the certificate stored by itself, and the like.
当然,后台系统服务器在发送锁定指令后,还可以执行拒绝该非法智能密码设备的任何请求。Of course, the background system server can also perform any request to reject the illegal smart cryptographic device after sending the lock instruction.
可见,采用本例提供的方法,当用户遗失了智能密码设备后可以向后台系统服务器进行挂失,后台系统服务器将该智能密码设备的设备识别码登记到挂失名单上;或者出现账户异常遭到举报等情况,后台系统服务器也会将这些智能密码设备登记在黑名单中。这些异常名单中的设备都会作为异常设备登记在异常名单上。每次交易之前,后台系统服务器会对智能密码设备进行认证,认证过程中会将该设备标识与异常名单比对,若在名单上即对该智能密码设备进行锁定。应用该方法,若有人盗用他人的智能密码设备,并企图非法使用该智能密码设备进行转账盗取用户资金时,由于后台系统服务器每次交易之前都会对智能密码设备进行认证,后台系统服务器可以远程将这个智能密码设备锁定,因此即使该智能密码设备被别人被非法盗用也能保障用户账户不受损失。It can be seen that, by using the method provided in this example, when the user loses the smart password device, the backend system server can report the loss, and the background system server registers the device identification code of the smart password device on the loss list; or the account is abnormally reported. In some cases, the backend system server will also register these smart password devices in the blacklist. Devices in these exception lists are registered as exception devices on the exception list. Before each transaction, the background system server authenticates the smart password device. During the authentication process, the device identifier is compared with the abnormal list. If the smart password device is locked on the list. Applying this method, if someone steals another person's smart password device and attempts to illegally use the smart password device to transfer funds to steal user funds, the background system server can remotely authenticate the smart password device before each transaction. The smart password device is locked, so that even if the smart password device is illegally stolen by others, the user account can be protected from loss.
此外,本发明中,后台系统服务器通过终端向智能密码设备发送锁定智能密码设备指令以及第五签名信息时,还可以利用第一会话密钥对锁定智能密码设备指令以及第五签名信息进行加密计算和/或校验计算,以便保证锁定智能密码设备指令以及第五签名信息传输的安全性和/或完整性,终端接收到经加密计算和/或校验计算后的信息后,利用第一会话密钥进行解密计算和/或校验验证计算后,获得锁定智能密码设备指令以及第五签名信息。当然,终端在获得锁定智能密码设备指令以及第五签名信息后,还可以利用第二会话密钥对锁定智能密码设备指令以及第五签名信息进行加密计算和/或校验计算后,将加密计算和/或校验计算后的信息发送至智能密码设备,以保证信息传输的安全性和/或完整性,智能密码设备在接收到终端发送的信息后,进行解密计算和/或校验验证计算,以获得锁定智能密码设备指令以及第五签名信息。In addition, in the present invention, when the background system server sends the lock smart cryptographic device command and the fifth signature information to the smart cryptographic device, the backend system server may further perform encryption calculation on the locked smart cryptographic device command and the fifth signature information by using the first session key. And/or verifying the calculation to ensure the security and/or integrity of the locked smart cryptographic device command and the fifth signature information transmission, and the terminal uses the first session after receiving the encrypted calculated and/or verified calculated information. After the key performs the decryption calculation and/or the verification verification calculation, the locked smart password device instruction and the fifth signature information are obtained. Certainly, after obtaining the lock smart cryptographic device command and the fifth signature information, the terminal may further perform encryption calculation and/or check calculation on the locked smart cryptographic device command and the fifth signature information by using the second session key, and then perform the cryptographic calculation. And/or verifying the calculated information and sending it to the smart cryptographic device to ensure the security and/or integrity of the information transmission. After receiving the information sent by the terminal, the smart cryptographic device performs decryption calculation and/or verification verification calculation. To obtain the lock smart cryptographic device command and the fifth signature information.
另外,为了保证用户信息的安全性,后台系统服务器还需要通过智能密码设备持有者的授权才能将该智能密码设备对应的用户信息发送给终端。后台系统服务器通过终端向智能密码设备发送用户授权请求信息(例如,该用户授权请求信息可以是随机数);智能密码设备接收到用户授权请求信息后,生成授权信息(例如,该授权信息可 以是对该随机数进行签名后得到的信息),并通过终端向后台系统服务器发送授权信息;后台系统服务器接收到授权信息后,执行后台系统服务器向终端发送用户信息读取请求的响应信息的步骤。当然,后台系统服务器还可以利用后台系统服务器的私钥将用户授权请求信息进行签名后,通过终端向智能密码设备进行发送,智能密码设备接收到签名的信息后,对签名进行验证,验证通过后则认为用户授权请求信息是来自于合法的后台系统服务器,并对该请求进行确认以授权后台系统服务器;智能密码设备也可以利用智能密码设备的私钥对授权信息进行签名后通过终端发送给后台系统服务器,后台系统服务器接收到签名的信息后,对签名进行验证,验证通过后则认为授权信息是来自于正确的智能密码设备,以根据授权信息进行后续操作;后台系统服务器还可以利用第一会话密钥对用户授权请求信息进行加密计算和/或校验计算后发送给终端,终端利用第一会话密钥对接收到的信息进行解密计算和/或校验验证计算;终端利用第二会话密钥对用户授权请求信息进行加密计算和/或校验计算后发送给智能密码设备,智能密码设备利用第二会话密钥对接收到的信息进行解密计算和/或校验验证计算;后台系统服务器还可以利用后台系统服务器的私钥对用户授权请求信息进行签名后再利用第一会话密钥进行加密计算和/或校验计算,终端利用第一会话密钥对接收到的信息进行解密计算和/或校验验证计算;终端利用第二会话密钥对后台系统服务器签名后的信息进行加密计算和/或校验计算后发送至智能密码设备,智能密码设备利用第二会话密钥对接收到的信息进行解密计算和/或校验验证计算,并对签名进行验签。以上仅是后台系统服务器向智能密码设备请求授权的几种方式,本发明并不局限于此,以上的各类变形组合也应属于本发明的保护范围。In addition, in order to ensure the security of the user information, the background system server also needs to authorize the smart password device holder to send the user information corresponding to the smart password device to the terminal. The background system server sends the user authorization request information to the smart cryptographic device through the terminal (for example, the user authorization request information may be a random number); after receiving the user authorization request information, the smart cryptographic device generates authorization information (for example, the authorization information may be The information obtained by signing the random number is transmitted, and the authorization information is sent to the background system server by the terminal; after the background system server receives the authorization information, the background system server sends the response information of the user information read request to the terminal. step. Of course, the background system server may also use the private key of the background system server to sign the user authorization request information, and then send the information to the smart cryptographic device through the terminal. After receiving the signed information, the smart cryptographic device verifies the signature, and after the verification is passed. The user authorization request information is considered to be from a legitimate background system server, and the request is confirmed to authorize the background system server; the smart cryptographic device can also use the private key of the smart cryptographic device to sign the authorization information and then send it to the background through the terminal. After receiving the signed information, the system server verifies the signature. After the verification is passed, the authorization information is considered to be from the correct smart password device to perform subsequent operations according to the authorization information; the background system server may also utilize the first The session key performs encryption calculation and/or verification calculation on the user authorization request information, and then sends the data to the terminal, and the terminal uses the first session key to perform decryption calculation and/or verification verification calculation on the received information; the terminal uses the second session. Key pair user The right request information is sent to the smart cryptographic device after the encryption calculation and/or the check calculation, and the smart cryptographic device uses the second session key to perform decryption calculation and/or verification verification calculation on the received information; the background system server may also utilize The private key of the background system server signs the user authorization request information, and then uses the first session key to perform encryption calculation and/or verification calculation, and the terminal uses the first session key to decrypt the received information and/or the school. Verifying the verification calculation; the terminal uses the second session key to perform encryption calculation and/or verification calculation on the information signed by the background system server, and then sends the information to the smart password device, and the smart password device uses the second session key to perform the received information. Decrypt the calculation and/or verify the verification calculation and check the signature. The above is only a few ways for the background system server to request authorization from the smart cryptographic device. The present invention is not limited thereto, and the above various combinations of variants should also fall within the protection scope of the present invention.
当然,在智能密码设备在接收到用户授权请求信息后,还可以由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下生成授权信息。以便节省电能,延长智能密码设备的使用寿命。Certainly, after receiving the user authorization request information, the smart cryptographic device can also be converted from the sleep state to the awake state; the smart cryptographic device generates the authorization information in the awake state. In order to save energy and extend the life of smart password devices.
后台系统服务器根据用户信息获得用户信息读取请求的响应信息,并向终端发送用户信息读取请求的响应信息;当然,还可以利用第一会话密钥对用户信息进行加密计算和/或校验计算,以保证用户信息传输的安全性和/或完整性。The background system server obtains the response information of the user information read request according to the user information, and sends the response information of the user information read request to the terminal; of course, the user information may be encrypted and/or verified by using the first session key. Calculated to ensure the security and/or integrity of user information transmission.
终端接收到用户信息读取请求的响应信息后,根据用户信息读取请求的响应信息获得用户信息;当然,如果终端收到的是对用户信息进行加密计算和/或校验计算后得到的信息,在本步骤中终端还利用第一会话密钥对用户信息读取请求的响应信息进行解密计算和/或校验验证计算后获得用户信息。After receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request; of course, if the terminal receives the information obtained by performing encryption calculation and/or verification calculation on the user information In this step, the terminal further obtains user information by performing decryption calculation and/or verification verification calculation on the response information of the user information read request by using the first session key.
方式二、终端从智能密码设备获取智能密码设备对应的用户信息: Manner 2: The terminal obtains user information corresponding to the smart password device from the smart password device:
终端根据扫描到的智能密码设备的标识信息向智能密码设备发送用户信息读取请求;具体的,终端可以直接向智能密码设备发送用户信息读取请求,也可以利用第二会话密钥对用户信息读取请求进行加密计算和/或校验计算后再发送,以保证信息传输的安全性和完整性。The terminal sends a user information read request to the smart cryptographic device according to the identifier information of the scanned smart cryptographic device; specifically, the terminal may directly send the user information read request to the smart cryptographic device, or may use the second session key to the user information. The read request is sent after the encryption calculation and/or the check calculation to ensure the security and integrity of the information transmission.
智能密码设备获得预先存储的用户信息,并根据用户信息获得用户信息读取请求的响应信息,并向终端发送用户信息读取请求的响应信息;具体的,智能密码设备可以直接将获取到的用户信息发送给终端,也可以利用第二会话密钥对获取到的用户信息进行加密计算和/或校验计算后获得用户信息读取请求的响应信息发送给终端。The smart cryptographic device obtains the pre-stored user information, and obtains the response information of the user information read request according to the user information, and sends the response information of the user information read request to the terminal; specifically, the smart cryptographic device can directly obtain the obtained user. The information is sent to the terminal, and the response information obtained by performing the encryption calculation and/or the verification calculation on the acquired user information by using the second session key may be sent to the terminal.
终端接收到用户信息读取请求的响应信息后,根据用户信息读取请求的响应信息获得用户信息。当然,如果终端收到的是对用户信息进行加密计算和/或校验计算后得到的信息,在本步骤中终端还利用第二会话密钥对用户信息读取请求的响应信息进行解密计算和/或校验验证计算后获得用户信息。After receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request. Of course, if the terminal receives the information obtained by performing encryption calculation and/or verification calculation on the user information, in this step, the terminal further uses the second session key to decrypt the response information of the user information read request and / or verify the verification calculation to obtain user information.
此外,如果智能密码设备的持有者拒绝发送用户信息,则可以通过智能密码设备上设置的按键或者通过软件控制向终端发送拒绝信息,以保证用户信息的安全。当然,该拒绝信息也可以通过第二会话密钥加密计算和/或校验计算后发送。In addition, if the holder of the smart cryptographic device refuses to send the user information, the refusal information may be sent to the terminal through a button set on the smart cryptographic device or through software control to ensure the security of the user information. Of course, the rejection information can also be sent after the second session key encryption calculation and/or verification calculation.
终端将用户信息存储到预先建立的当前用户列表中;具体的,由于终端所在店铺内客流量的变化、人员的流动,探测到的智能密码设备也是不断变化的,此时,该当前用户列表可以通过但不限于如下方式进行更新:The terminal stores the user information in the pre-established current user list. Specifically, the detected smart password device is constantly changing due to the change of the passenger flow in the store where the terminal is located and the flow of the personnel. At this time, the current user list may be Update by, but not limited to, the following:
更新方式一:Update method one:
终端获得在终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;The terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;
终端根据预设的时间间隔将实时标识列表中的智能密码设备的标识信息与当前用户列表中的智能密码设备的标识信息进行比对;The terminal compares the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval;
如果实时标识列表中的智能密码设备的标识信息不在当前用户列表中,则执行终端根据扫描到的智能密码设备的标识信息获取智能密码设备对应的用户信息的步骤;且如果当前用户列表中的智能密码设备的标识信息不在实时标识列表中,则删除当前用户列表中不在实时标识列表中的智能密码设备的用户信息。If the identification information of the smart cryptographic device in the real-time identification list is not in the current user list, the step of obtaining the user information corresponding to the smart cryptographic device according to the identification information of the scanned smart cryptographic device; and if the current user list is intelligent If the identification information of the cryptographic device is not in the real-time identification list, the user information of the smart cryptographic device that is not in the real-time identification list in the current user list is deleted.
通过本方式对当前用户列表进行更新,可以保证在终端信号覆盖范围内的智能密码设备对应的用户信息可以及时更新到当前用户列表中,对于离开终端信号覆盖范围内的智能密码设备对应的用户信息可以及时从当前用户列表中删除,保证安全性。The current user list is updated in this manner to ensure that the user information corresponding to the smart cryptographic device in the coverage of the terminal signal can be updated to the current user list in time, and the user information corresponding to the smart cryptographic device within the coverage of the terminal signal is removed. It can be deleted from the current user list in time to ensure security.
更新方式二: Update method 2:
终端获得在终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;The terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;
终端根据预设的时间间隔将实时标识列表中的智能密码设备的标识信息与当前用户列表中的智能密码设备的标识信息进行比对;The terminal compares the identification information of the smart cryptographic device in the real-time identification list with the identification information of the smart cryptographic device in the current user list according to a preset time interval;
如果实时标识列表中的智能密码设备的标识信息不在当前用户列表中,则执行终端根据扫描到的智能密码设备的标识信息获取智能密码设备对应的用户信息的步骤,并在终端获得用户信息后,将用户信息存储至实时标识列表中;且如果实时标识列表中的智能密码设备的标识信息在当前用户列表中,则将在当前用户列表中的智能密码设备的用户信息存储至实时标识列表中;If the identification information of the smart cryptographic device in the real-time identification list is not in the current user list, the step of obtaining the user information corresponding to the smart cryptographic device according to the identification information of the scanned smart cryptographic device is performed, and after the terminal obtains the user information, The user information is stored in the real-time identification list; and if the identification information of the smart cryptographic device in the real-time identification list is in the current user list, the user information of the smart cryptographic device in the current user list is stored in the real-time identification list;
将实时标识列表作为更新后的当前用户列表。The real-time identification list is taken as the updated current user list.
通过本方式对当前用户列表进行更新,可以仅将在终端的信号覆盖范围内的智能密码设备对应的用户信息进行及时更新,提高更新效率。利用本方式,终端在获取用户信息时,可以将店内原有智能密码设备对应的用户信息直接从原有的当前用户列表中复制到实时标识列表中,新进店的顾客对应的用户信息可以通过向后台系统服务器或者智能密码设备提出用户信息读取请求来获得。By updating the current user list in this manner, only the user information corresponding to the smart cryptographic device within the signal coverage of the terminal can be updated in time to improve the update efficiency. With this method, when acquiring the user information, the terminal can copy the user information corresponding to the original smart password device in the store directly from the original current user list to the real-time identification list, and the user information corresponding to the customer of the newly entered store can pass. A user information read request is obtained from the background system server or the smart cryptographic device to obtain.
由此可见,当终端所在店铺客流量发生变化时,不需要商户进行任何操作,当前用户列表可以自动进行更新,方便了商户的店员对顾客的信息管理维护。It can be seen that when the traffic of the store where the terminal is located does not require any operation by the merchant, the current user list can be automatically updated, which facilitates the management and maintenance of the information of the merchant's store staff.
另外,终端可以将所存储的当前用户列表中用户对应的用户信息显示出来,以便智能密码设备的持有者查看该用户信息,确保交易的正确性。In addition, the terminal may display the user information corresponding to the user in the stored current user list, so that the holder of the smart password device can view the user information to ensure the correctness of the transaction.
现有技术中,交易过程均需要SIM卡或智能卡等具备账户存储功能的设备,用户需要进行刷卡刷手机等操作,如此商户才能获得用户的账户信息。In the prior art, the transaction process requires a device with an account storage function such as a SIM card or a smart card, and the user needs to perform operations such as swiping the mobile phone, so that the merchant can obtain the account information of the user.
区别于现有技术,商户的终端可以通过先读取智能密码设备的标识信息,再利用该智能密码设备的标识信息获取智能密码设备对应的用户信息。因此,顾客可以无需借助钱包、信用卡、手机等方式来支付商品,从而简化了顾客与商户的交互操作,提升了用户体验。Different from the prior art, the terminal of the merchant can obtain the user information corresponding to the smart cryptographic device by first reading the identification information of the smart cryptographic device and then using the identification information of the smart cryptographic device. Therefore, the customer can pay for the product without using a wallet, a credit card, a mobile phone, etc., thereby simplifying the interaction between the customer and the merchant, and improving the user experience.
步骤四:交易信息处理。Step 4: Transaction information processing.
终端根据待交易的智能密码设备对应的用户信息生成交易信息,并根据交易信息获得交易请求信息;具体的,交易信息可以包含交易金额、收付款双方的账号信息、收付款双方的标识信息等信息,交易信息中还可以包括电子对账单,用户可以根据电子对账单审核交易细节,例如,具体交易时间、交易单号,交易金额、购买的物品等。当然,终端还可以利用第二会话密钥对交易信息进行加密计算和/或校验计算以确保交易信息传输的安全性和/或完整性。 The terminal generates transaction information according to the user information corresponding to the smart cryptographic device to be traded, and obtains the transaction request information according to the transaction information; specifically, the transaction information may include information such as the transaction amount, the account information of both parties of the payment and payment, and the identification information of both parties of the payment and payment. The transaction information may also include an electronic statement, and the user may review the transaction details according to the electronic statement, such as the specific transaction time, the transaction number, the transaction amount, the purchased item, and the like. Of course, the terminal can also perform encryption calculation and/or check calculation on the transaction information by using the second session key to ensure the security and/or integrity of the transaction information transmission.
终端向智能密码设备发送交易请求信息;具体的,终端可以通过但不限于如下方式发送交易请求信息:终端对交易请求信息进行编码后通过声波信号发送;或者终端对交易请求信息进行图形编码后并显示以便智能密码设备进行图像采集;或者终端通过终端与智能密码设备匹配的通信接口发送交易请求信息。The terminal sends the transaction request information to the smart cryptographic device. Specifically, the terminal may send the transaction request information by using, but not limited to, the following: the terminal encodes the transaction request information and sends the signal through the sound wave; or the terminal performs graphic coding on the transaction request information. Displayed for the smart cryptographic device to perform image acquisition; or the terminal transmits the transaction request information through a communication interface that the terminal matches with the smart cryptographic device.
智能密码设备接收到交易请求信息后,根据交易请求信息获得交易信息;当然,如果智能密码设备接收到的是终端通过第二会话密钥对交易信息进行加密计算和/或校验计算得到的交易请求信息,则在本步骤中,智能密码设备还利用第二会话密钥对交易请求信息进行解密计算和/或校验验证计算获得交易信息,以保证交易信息传输的安全性和/或完整性。After receiving the transaction request information, the smart cryptographic device obtains the transaction information according to the transaction request information; of course, if the smart cryptographic device receives the transaction obtained by the terminal encrypting and/or verifying the transaction information through the second session key. Requesting information, in this step, the smart cryptographic device also uses the second session key to perform decryption calculation and/or verification verification calculation on the transaction request information to obtain transaction information to ensure the security and/or integrity of the transaction information transmission. .
为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在接收到交易请求信息后,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下根据交易请求信息获得交易信息,当然,智能密码设备还可以在唤醒状态下利用第二会话密钥对交易请求信息进行解密计算和/或校验验证计算获得交易信息。In order to save the power of the smart cryptographic device and prolong the service life, the smart cryptographic device can also change from the sleep state to the awake state after receiving the transaction request information; the smart cryptographic device obtains the transaction information according to the transaction request information in the awake state, of course, The smart cryptographic device can also obtain the transaction information by performing decryption calculation and/or verification verification calculation on the transaction request information by using the second session key in the awake state.
智能密码设备提示交易信息;具体的,智能密码设备可以通过显示屏将交易信息显示出来,也可以通过扬声器等将交易信息以语音的方式播放出来。当然,智能密码设备还可以通过其他方式提示用户以获知真实的交易信息,确保交易的安全。此外,智能密码设备获取到交易信息后,还可以对交易信息进行关键信息的提取,智能密码设备仅对关键信息进行提示,具体提示方式可以参见智能密码设备对交易信息的提示方式。The smart password device prompts the transaction information; specifically, the smart password device can display the transaction information through the display screen, and can also play the transaction information in a voice manner through a speaker or the like. Of course, the smart cryptographic device can also prompt the user to know the real transaction information by other means to ensure the security of the transaction. In addition, after the smart cryptographic device obtains the transaction information, the key information can be extracted from the transaction information, and the smart cryptographic device only prompts the key information. For the specific prompting manner, refer to the prompting manner of the smart cryptographic device for the transaction information.
智能密码设备接收确认指令,并生成交易确认信息;具体的,智能密码设备可以通过检测到设置在智能密码设备上的确认键被按下时发送的信息接收确认指令,也可以通过检测到触摸屏上显示的虚拟确认键被点击时发送的信息接收确认指令,还可以通过检测到的语音、指纹、虹膜等生物特征信息作为确认指令等任意方式。进一步,智能密码设备可以通过但不限于如下方式生成交易确认信息:智能密码设备利用智能密码设备的私钥对交易信息进行签名,生成交易签名信息作为交易确认信息;或者智能密码设备生成动态口令作为交易确认信息,当然上述交易确认信息还可以是利用第二会话密钥加密计算和/或校验计算后的信息。当然,为了防止重复交易,保证用户的账户安全,在智能密码设备每次生成交易确认信息时,智能密码设备还生成单次交易标识,并利用智能密码设备的私钥对交易信息以及单次交易标识进行签名,生成交易签名信息作为交易确认信息;或者智能密码设备生成单次交易标识,利用智能密码设备的私钥对单次交易标识进行签名获得单次交易标识的签名信息,并生成动态口令,将单次交易标识的签名信息以及动态口令作为交易确认信息,以保证一次交易仅被成功执行一次,其中单次交易标识可以为随机数等,当然上述 交易确认信息也可以是利用第二会话密钥加密计算和/或校验计算后的信息。由于无线网络传输线路不稳定,可能出现智能密码设备收不到回执的情况,如果不设置单次交易标识,终端在没有收到智能密码设备的签名信息时,可能需要持有该智能密码设备的用户多次进行确认签名操作,也就是智能密码设备多次向终端发送签名信息,那么就有可能造成终端可以利用这多个签名值生成多个交易数据包发送给后台系统服务器,从而对智能密码设备对应的账户进行重复扣款。而如果设置了单次交易标识,当出现线路不稳定时,智能密码设备就会继续再对交易信息和同一个单次交易标识进行签名再发送给终端,直到收到回执为止。终端用智能密码设备发来的签名值生成交易数据包,后台系统服务器收到交易数据包会对里面的单次交易标识进行判定,若此单次交易标识已经保存在交易日志中,也就是说已经交易过了,就不会再对这个交易数据包进行处理,不会造成多次或者重复扣款,从而保护了智能密码设备用户的账户资金安全。The smart cryptographic device receives the confirmation command and generates the transaction confirmation information; specifically, the smart cryptographic device can receive the confirmation command by detecting the information sent when the confirmation button set on the smart cryptographic device is pressed, or can detect the touch screen by detecting The information confirmation confirmation command sent when the virtual confirmation key is displayed is clicked, and the biometric information such as the detected voice, fingerprint, and iris may be used as a confirmation command or the like. Further, the smart cryptographic device may generate the transaction confirmation information by, but not limited to, the smart cryptographic device signing the transaction information by using the private key of the smart cryptographic device, generating the transaction signature information as the transaction confirmation information; or generating the dynamic password as the smart cryptographic device. The transaction confirmation information, of course, the transaction confirmation information may also be information calculated by using the second session key encryption calculation and/or verification. Of course, in order to prevent duplicate transactions and ensure the security of the user's account, each time the smart cryptographic device generates the transaction confirmation information, the smart cryptographic device also generates a single transaction identifier, and uses the private key of the smart cryptographic device to transaction information and a single transaction. The identifier is signed, the transaction signature information is generated as the transaction confirmation information; or the smart cryptographic device generates a single transaction identifier, and the single transaction identifier is signed by the private key of the smart cryptographic device to obtain the signature information of the single transaction identifier, and the dynamic password is generated. The signature information of the single transaction identifier and the dynamic password are used as transaction confirmation information to ensure that a transaction is successfully executed only once, wherein the single transaction identifier can be a random number, etc. The transaction confirmation information may also be information calculated using the second session key encryption calculation and/or verification. Due to the unstable transmission line of the wireless network, the smart password device may not receive the receipt. If the single transaction identifier is not set, the terminal may need to hold the smart password device when it does not receive the signature information of the smart password device. The user performs the confirmation signature operation multiple times, that is, the smart cryptographic device sends the signature information to the terminal multiple times, so that the terminal may use the multiple signature values to generate multiple transaction data packets and send them to the background system server, thereby The account corresponding to the device is repeatedly debited. If a single transaction identifier is set, when the line is unstable, the smart cryptographic device will continue to sign the transaction information and the same single transaction identifier and then send it to the terminal until the receipt is received. The terminal generates a transaction data packet by using the signature value sent by the smart cryptographic device, and the background system server receives the transaction data packet to determine the single transaction identifier inside, if the single transaction identifier is already saved in the transaction log, that is, Once the transaction has been made, the transaction data packet will no longer be processed, and no multiple or repeated debits will be incurred, thus protecting the account funds of the smart password device user.
终端接收交易确认信息;具体的,终端可以通过但不限于如下方式接收交易确认信息:终端接收智能密码设备发送的声波信号并对声波信号进行解码获得交易确认信息(例如,可以采用声波识别设备对声波信号进行识别,采用声波解码器对声波信号进行解码获得交易确认信息);或者终端采集智能密码设备显示的图像信息并对图像信息(例如,二维码、条形码等)进行解码获得交易确认信息(例如采用图像采集设备对图像信息进行采集,采用解码器对图像信息进行解码后获得交易确认信息);或者终端通过终端与智能密码设备匹配的通信接口接收交易确认信息;或者终端通过终端输入的信息获得交易确认信息。如果交易确认信息是利用第二会话密钥加密计算和/或校验计算得到的,那么本步骤中,还利用第二会话密钥对计算后的信息进行解密计算和/或校验验证计算。The terminal receives the transaction confirmation information. Specifically, the terminal may receive the transaction confirmation information by using, but not limited to, the following manner: the terminal receives the sound wave signal sent by the smart password device and decodes the sound wave signal to obtain the transaction confirmation information (for example, the sound wave identification device may be used. The sound wave signal is recognized, the sound wave signal is decoded by the sound wave decoder to obtain the transaction confirmation information); or the terminal collects the image information displayed by the smart password device and decodes the image information (for example, the two-dimensional code, the barcode, etc.) to obtain the transaction confirmation information. (For example, the image acquisition device is used to collect the image information, and the decoder is used to decode the image information to obtain the transaction confirmation information); or the terminal receives the transaction confirmation information through the communication interface matched by the terminal and the smart cryptographic device; or the terminal inputs through the terminal. The information is obtained by confirming the transaction. If the transaction confirmation information is obtained by using the second session key encryption calculation and/or verification calculation, then in this step, the calculated information is also subjected to decryption calculation and/or verification verification calculation using the second session key.
终端根据交易确认信息获得交易数据包,并向后台系统服务器发送交易数据包;具体的,交易数据包中也可以包括交易信息等其他信息。交易信息可以包含交易金额、收付款双方的账号信息、收付款双方的标识信息等信息,交易信息中还可以包括电子对账单,用户可以根据电子对账单审核交易细节,例如,具体交易时间、交易单号,交易金额、购买的物品等。当然,终端还可以利用第一会话密钥对交易确认信息或者对交易确认信息解密后的信息进行加密计算和/或校验计算,以保证信息传输的安全性和/或完整性。The terminal obtains the transaction data packet according to the transaction confirmation information, and sends the transaction data packet to the background system server; specifically, the transaction data package may also include other information such as transaction information. The transaction information may include information such as the transaction amount, the account information of the parties to the payment, and the identification information of both parties. The transaction information may also include an electronic statement, and the user may review the transaction details according to the electronic statement, for example, the specific transaction time, the transaction. Single number, transaction amount, purchased items, etc. Of course, the terminal may further perform encryption calculation and/or verification calculation on the transaction confirmation information or the information decrypted by the transaction confirmation information by using the first session key to ensure the security and/or integrity of the information transmission.
后台系统服务器接收到交易数据包后,根据交易数据包获得交易确认信息;当然,后台系统服务器还可以利用第一会话密钥对交易数据包进行解密计算和/或校验验证计算获得交易确认信息。After receiving the transaction data packet, the background system server obtains the transaction confirmation information according to the transaction data packet; of course, the background system server may further perform the decryption calculation and/or the verification verification calculation on the transaction data packet by using the first session key to obtain the transaction confirmation information. .
后台系统服务器对交易确认信息进行验证,并在验证通过后执行交易;具体的,后台系统服务器只有在验证交易确认信息验证通过后,才说明本次交易经过了合法的智能密码 设备的确认,并根据确认后的结果执行交易。当然,为了保证智能密码设备的持有者知晓交易已经完成,后台系统服务器还可以通过终端向智能密码设备发送交易成功回执信息;智能密码设备接收到交易成功回执信息后,提示交易成功回执信息,交易成功回执信息中还可以包括电子对账单,用户可以根据电子对账单审核交易细节,例如,具体交易时间、交易单号,交易金额、购买的物品等,另外,后台系统服务器还可以向终端发送交易成功回执信息,以便终端获知交易完成。当然,交易成功回执信息可以利用第一会话密钥加密计算和/或校验计算后发送给终端,终端解密计算和/或校验验证计算后利用第二会话密钥进行加密计算和/或校验计算后发送给智能密码设备,智能密码设备解密计算和/或校验验证计算后提示给用户知晓;交易成功回执信息也可以是后台系统服务器利用后台系统服务器的私钥进行签名后通过终端发送给智能密码设备,智能密码设备对签名的信息进行验签通过后提示给用户知晓;还可以是后台系统服务器签名后利用第一会话密钥加密计算和/或校验计算后发送给终端,终端解密计算和/或校验计算后利用第二会话密钥加密计算和/或校验计算后发送给智能密码设备,智能密码设备解密计算和/或校验验证计算后并验签通过后提示给用户知晓。The background system server verifies the transaction confirmation information and executes the transaction after the verification is passed; specifically, the background system server only indicates that the transaction has passed the legal smart password after the verification transaction verification information is verified. Confirmation of the equipment and execution of the transaction based on the confirmed results. Of course, in order to ensure that the holder of the smart cryptographic device knows that the transaction has been completed, the background system server may also send the transaction success receipt information to the smart cryptographic device through the terminal; after receiving the transaction success receipt information, the smart cryptographic device prompts the transaction success receipt information. The transaction success receipt information may also include an electronic statement, and the user may review the transaction details according to the electronic statement, for example, specific transaction time, transaction number, transaction amount, purchased items, etc. In addition, the background system server may also send the terminal to the terminal. The transaction successfully returns the information so that the terminal knows that the transaction is completed. Of course, the transaction success receipt information can be sent to the terminal by using the first session key encryption calculation and/or verification calculation, and the terminal decryption calculation and/or verification verification calculation uses the second session key for encryption calculation and/or calibration. After the calculation is performed, it is sent to the smart cryptographic device, and the smart cryptographic device decrypts the calculation and/or verifies the verification calculation and prompts the user to know; the transaction success receipt information may also be that the background system server uses the private key of the background system server to sign and then sends the message through the terminal. For the smart cryptographic device, the smart cryptographic device prompts the user to know the signature information, and may also be prompted by the background system server to use the first session key to encrypt and calculate and/or verify the calculation and then send it to the terminal. After the decryption calculation and/or the verification calculation, the second session key is used to encrypt the calculation and/or the verification calculation, and then sent to the smart cryptographic device, and the smart cryptographic device decrypts the calculation and/or verifies the verification calculation, and then prompts the verification after the verification is passed. User knows.
步骤五:退款。Step 5: Refund.
当顾客需要退款时,可以执行但不限于如下几种方式以实现退款操作:When a customer needs a refund, they can perform but are not limited to the following ways to achieve a refund:
方式一、终端向智能密码设备发送退款信息;具体的,退款信息可以包括:退款双方的账号、退款金额、退款交易单号、退款双方的标识信息等任意组合,退款信息中还可以包括电子对账单,用户可以根据电子对账单审核退款细节,例如,具体退款时间、退款交易单号,退款金额、退换的物品等。当然,该退款信息还可以通过第二会话密钥进行加密计算和/或校验计算后发送至智能密码设备,以保证信息传输的安全性和/或完整性。终端还可以通过但不限于如下方式发送退款信息:终端对退款信息进行编码后通过声波信号发送;或者终端对退款信息进行图形编码后并显示以便智能密码设备进行图像采集;或者终端通过终端与智能密码设备匹配的通信接口发送退款信息。Method 1: The terminal sends the refund information to the smart password device; specifically, the refund information may include: any combination of the account number of the refund, the refund amount, the refund transaction ticket number, and the identification information of both parties of the refund, and the refund The information can also include an electronic statement, and the user can review the refund details based on the electronic statement, such as the specific refund time, the refund transaction number, the refund amount, and the returned item. Of course, the refund information can also be sent to the smart cryptographic device through the second session key for encryption calculation and/or verification calculation to ensure the security and/or integrity of the information transmission. The terminal may also send the refund information by, but not limited to, the following: the terminal encodes the refund information and sends the sound signal through the sound wave signal; or the terminal graphically encodes the refund information and displays it for the smart password device to perform image collection; or the terminal passes The communication interface that the terminal matches with the smart cryptographic device sends a refund information.
智能密码设备接收到退款信息后,提示退款信息;具体的,智能密码设备在接收到退款信息后,将该退款信息通过语音播放或者显示屏显示等任意方式提示给用户知晓,以便用户确定该退款信息是真实的退款信息。当终端利用第二会话密钥对退款信息进行加密计算和/或校验计算后,本步骤还需利用第二会话密钥对接收到的信息进行解密计算和/或校验验证计算。After receiving the refund information, the smart password device prompts the refund information; specifically, after receiving the refund information, the smart password device prompts the user to know the refund information by any means such as voice play or display display, so that The user determines that the refund information is a true refund information. After the terminal performs the encryption calculation and/or the verification calculation on the refund information by using the second session key, the step further needs to perform the decryption calculation and/or the verification verification calculation on the received information by using the second session key.
为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在接收到退款信息后,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下提示退款信息。 In order to save the power of the smart cryptographic device and prolong the service life, the smart cryptographic device can also switch from the sleep state to the awake state after receiving the refund information; the smart cryptographic device prompts the refund information in the awake state.
智能密码设备接收退款确认指令,并利用智能密码设备的私钥对退款信息进行签名,生成退款确认信息;具体的,用户在确定了退款信息是真实的退款信息后,通过智能密码设备上设置的实体按键或者虚拟按键等方式进行确认。智能密码设备在向终端发送退款确认信息后(例如,发送退款确认信息对应的声波信号后,或者显示退款确认信息对应的图像信息达到预定的时间后),由唤醒状态转换为休眠状态。The smart cryptographic device receives the refund confirmation instruction and signs the refund information by using the private key of the smart cryptographic device to generate a refund confirmation information; specifically, the user passes the smart after determining that the refund information is true refund information. Confirm the physical button or virtual button set on the password device. After the smart cryptographic device sends the refund confirmation information to the terminal (for example, after transmitting the sound wave signal corresponding to the refund confirmation information, or after displaying the image information corresponding to the refund confirmation information for a predetermined time), the awake state is changed to the sleep state. .
终端接收退款确认信息,对退款确认信息进行验证,并在验证通过后,利用终端的私钥对退款确认信息进行签名生成退款确认包;具体的,终端可以通过但不限于如下方式接收退款确认信息:终端接收智能密码设备发送的声波信号并对声波信号进行解码获得退款确认信息(例如,可以采用声波识别设备对声波信号进行识别,采用声波解码器对声波信号进行解码获得退款确认信息);或者终端采集智能密码设备显示的图像信息并对图像信息(例如,二维码、条形码等)进行解码获得退款确认信息(例如采用图像采集设备对图像信息进行采集,采用解码器对图像信息进行解码后获得退款确认信息);或者终端通过终端与智能密码设备匹配的通信接口接收退款确认信息。此外,终端利用智能密码设备的公钥对退款确认信息进行验证。The terminal receives the refund confirmation information, and verifies the refund confirmation information, and after the verification is passed, uses the private key of the terminal to sign the refund confirmation information to generate a refund confirmation package; specifically, the terminal may pass but is not limited to the following manner Receiving the refund confirmation information: the terminal receives the sound wave signal sent by the smart password device and decodes the sound wave signal to obtain the refund confirmation information (for example, the sound wave identification device can be used to identify the sound wave signal, and the sound wave signal is decoded by the sound wave decoder to obtain the sound wave signal. Refund confirmation information); or the terminal collects image information displayed by the smart cryptographic device and decodes the image information (for example, two-dimensional code, barcode, etc.) to obtain refund confirmation information (for example, image acquisition device is used to collect image information, The decoder obtains the refund confirmation information after decoding the image information; or the terminal receives the refund confirmation information through the communication interface matched by the terminal and the smart password device. In addition, the terminal authenticates the refund confirmation information using the public key of the smart cryptographic device.
终端向后台系统服务器发送退款确认包和退款确认信息;具体的,终端可以向后台系统服务器直接发送退款确认包和退款确认信息,终端也可以利用第一会话密钥对退款确认包和退款确认信息进行加密计算和/或校验计算后发送至后台系统服务器,以保证信息传输的安全性和/或完整性。The terminal sends a refund confirmation packet and a refund confirmation information to the background system server; specifically, the terminal may directly send the refund confirmation package and the refund confirmation information to the background system server, and the terminal may also use the first session key to confirm the refund. The package and refund confirmation information is sent to the backend system server after encryption calculation and/or verification calculation to ensure the security and/or integrity of the information transmission.
后台系统服务器接收到退款确认包和退款确认信息后,分别对退款确认包和退款确认信息进行验证,并在全部验证通过后,执行退款操作。具体的,如果终端利用了第一会话密钥对退款确认包和退款确认信息进行了加密计算和/或校验计算,那么本步骤中,后台系统服务器还利用第一会话密钥对接收到的信息进行解密计算和/或校验验证计算。此外,后台系统服务器还利用终端的公钥对退款确认包进行验证,利用智能密码设备的公钥对退款确认信息进行验证。After receiving the refund confirmation package and the refund confirmation information, the background system server verifies the refund confirmation package and the refund confirmation information separately, and performs the refund operation after all the verifications are passed. Specifically, if the terminal performs the encryption calculation and/or the check calculation on the refund confirmation package and the refund confirmation information by using the first session key, in this step, the background system server further receives the first session key pair. The obtained information is subjected to decryption calculation and/or verification verification calculation. In addition, the backend system server also uses the public key of the terminal to verify the refund confirmation package, and uses the public key of the smart cryptographic device to verify the refund confirmation information.
以下针对方式一,提供一种退款的应用场景,但本发明并不局限于此:The following provides an application scenario for refund, but the present invention is not limited to this:
店铺根据顾客的退款意向,由终端生成退款信息(该退款信息可以是通过查找已记录的交易信息获得,也可以是重新生成的一个退款信息或其他形式的退款信息),并使用终端和智能密码设备之间的第二会话密钥加密退款信息,并发送给智能密码设备;The store generates refund information according to the customer's refund intention (the refund information may be obtained by searching for the recorded transaction information, or may be a regenerated refund information or other forms of refund information), and The refund information is encrypted using a second session key between the terminal and the smart cryptographic device and sent to the smart cryptographic device;
智能密码设备在接收到加密后的退款信息后,由休眠状态转换为唤醒状态,并利用第二会话密钥解密该加密退款信息,获得退款信息,并对退款信息进行显示,以供顾客进行确认; After receiving the encrypted refund information, the smart cryptographic device converts from the sleep state to the awake state, and decrypts the encrypted refund information by using the second session key, obtains the refund information, and displays the refund information. For customer confirmation;
顾客确认该退款信息正确,按下智能密码设备上的确认键进行确认,智能密码设备接收到该退款确认指令后,利用智能密码设备的私钥对退款信息进行签名得到退款确认信息,并利用第二会话密钥对退款确认信息进行加密,发送给终端;The customer confirms that the refund information is correct. Press the confirmation button on the smart password device to confirm. After receiving the refund confirmation command, the smart password device signs the refund information with the private key of the smart password device to obtain the refund confirmation information. And encrypting the refund confirmation information by using the second session key, and transmitting the information to the terminal;
终端接收到加密后的退款确认信息后,利用第二会话密钥解密此信息,获得退款确认信息,并利用智能密码设备的公钥验证退款确认信息的正确性,若正确,终端利用终端的私钥对退款确认信息再进行签名得到退款确认包,当然,终端还可以直接对退款信息进行签名得到退款确认包;After receiving the encrypted refund confirmation information, the terminal decrypts the information by using the second session key, obtains the refund confirmation information, and verifies the correctness of the refund confirmation information by using the public key of the smart password device. If correct, the terminal utilizes The private key of the terminal re-signs the refund confirmation information to obtain a refund confirmation package. Of course, the terminal can also directly sign the refund information to obtain a refund confirmation package;
终端利用第一会话密钥对退款确认包和退款确认信息进行加密后发送至后台系统服务器;The terminal encrypts the refund confirmation package and the refund confirmation information by using the first session key, and sends the confirmation to the background system server;
后台系统服务器接收到加密后的信息后,利用第一会话密钥对接收到的信息进行解密,并利用终端的公钥对退款确认包进行验证,利用智能密码设备的公钥对退款确认信息进行验证,并在二者验证均通过后,执行退款操作,并发送退款成功回执信息给终端和/或智能密码设备。After receiving the encrypted information, the background system server decrypts the received information by using the first session key, and uses the public key of the terminal to verify the refund confirmation package, and uses the public key of the smart password device to confirm the refund. The information is verified and, after both verifications have been passed, a refund operation is performed and a refund success receipt information is sent to the terminal and/or smart cryptographic device.
方式二、该方式二与方式一的区别在于:在终端向智能密码设备发送退款信息之前,该终端还接收该智能密码设备发送的退款请求,并根据退款请求生成退款信息。具体的,顾客可以通过按下智能密码设备上的按键以生成退款请求,智能密码设备接收到该退款请求后,将该退款请求发送给该终端。退款信息中还可以包括电子对账单,用户可以根据电子对账单审核退款细节,例如,具体退款时间、退款交易单号,退款金额、退换的物品等。当然,任何可以触发智能密码设备生成退款请求的实现方式都属于本发明的保护范围内。Mode 2: The difference between the second mode and the first mode is that before the terminal sends the refund information to the smart cryptographic device, the terminal further receives the refund request sent by the smart cryptographic device, and generates the refund information according to the refund request. Specifically, the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request to the terminal after receiving the refund request. The refund information can also include an electronic statement, and the user can review the refund details based on the electronic statement, such as the specific refund time, the refund transaction number, the refund amount, and the returned item. Of course, any implementation that can trigger a smart cryptographic device to generate a refund request is within the scope of the present invention.
为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在向终端发送退款请求前,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下向终端发送退款请求。智能密码设备发送退款请求之后,由唤醒状态转换为休眠状态。当智能密码设备接收到终端发送的退款信息时,由休眠状态转换为唤醒状态,在唤醒状态下执行提示退款信息和生成退款确认信息的操作。智能密码设备在向终端发送退款确认信息后(例如,发送退款确认信息对应的声波信号后,或者显示退款确认信息对应的图像信息达到预定的时间后),由唤醒状态转换为休眠状态。In order to save the power of the smart cryptographic device and prolong the service life, the smart cryptographic device can also switch from the sleep state to the awake state before sending the refund request to the terminal; the smart cryptographic device sends a refund request to the terminal in the awake state. After the smart cryptographic device sends a refund request, it transitions from the awake state to the sleep state. When the smart cryptographic device receives the refund information sent by the terminal, it changes from the sleep state to the awake state, and performs an operation of prompting the refund information and generating the refund confirmation information in the awake state. After the smart cryptographic device sends the refund confirmation information to the terminal (for example, after transmitting the sound wave signal corresponding to the refund confirmation information, or after displaying the image information corresponding to the refund confirmation information for a predetermined time), the awake state is changed to the sleep state. .
方式三、智能密码设备向终端发送退款请求;具体的,顾客可以通过按下智能密码设备上的按键以生成退款请求,智能密码设备接收到该退款请求后,将该退款请求发送给该终端。当然,任何可以触发智能密码设备生成退款请求的实现方式都属于本发明的保护范围内。Method 3: The smart password device sends a refund request to the terminal; specifically, the customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request after receiving the refund request. Give the terminal. Of course, any implementation that can trigger a smart cryptographic device to generate a refund request is within the scope of the present invention.
为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在向终端发 送退款请求前,由休眠状态转换为唤醒状态;智能密码设备在唤醒状态下向终端发送退款请求。In order to save the power of the smart password device and prolong the service life, the smart password device can also be sent to the terminal. Before the refund request is sent, the sleep state is switched to the awake state; the smart cryptographic device sends a refund request to the terminal in the awake state.
终端生成退款请求标识,并向智能密码设备发送退款请求标识;具体的,终端可以生成随机数,将该随机数作为退款请求标识,该随机数配置为提供给智能密码设备以生成退款信息。The terminal generates a refund request identifier, and sends a refund request identifier to the smart password device. Specifically, the terminal may generate a random number, and the random number is used as a refund request identifier, and the random number is configured to be provided to the smart password device to generate a refund. Information.
智能密码设备接收到退款请求标识后,生成退款信息,并利用智能密码设备的私钥对退款信息进行签名,得到退款确认信息,并向终端发送退款确认信息;具体的,智能密码设备利用该退款请求标识、退款金额、退款账户等信息生成退款信息,该退款信息还可以包括退款交易单号、退款双方的标识信息等任意组合;其中,退款金额可以通过智能密码设备上的按键进行输入,当然,也可以通过其他方式(例如,语音输入)输入,退款账户可以通过智能密码设备上的按键进行输入,还可以通过读取预先存储在智能密码设备中的退款账户来输入;当然,还可以在交易完成后,在智能密码设备上保存交易信息,通过查询交易信息以获得退款金额和退款账户等信息;当然,该退款信息还可以通过第二会话密钥进行加密计算和/或校验计算后发送至终端,以保证信息传输的安全性和/或完整性。智能密码设备还可以通过但不限于如下方式发送退款信息:智能密码设备对退款信息进行编码后通过声波信号发送;或者智能密码设备对退款信息进行图形编码后并显示以便终端进行图像采集;或者智能密码设备通过智能密码设备与终端匹配的通信接口发送退款信息。After receiving the refund request identifier, the smart password device generates a refund information, and uses the private key of the smart password device to sign the refund information, obtains the refund confirmation information, and sends a refund confirmation information to the terminal; specific, intelligent The password device generates the refund information by using the refund request identifier, the refund amount, the refund account and the like, and the refund information may further include any combination of the refund transaction ticket number and the identification information of both parties of the refund; The amount can be input through the keys on the smart password device. Of course, it can also be input by other means (for example, voice input). The refund account can be input through the keys on the smart password device, and can also be pre-stored in the smart by reading. The refund account in the password device is input; of course, after the transaction is completed, the transaction information is saved on the smart password device, and the transaction information is inquired to obtain information such as the refund amount and the refund account; of course, the refund information It can also perform encryption calculation and/or verification calculation through the second session key and send it to the terminal to ensure the letter. Security and / or integrity of transmission. The smart cryptographic device may also send the refund information by, but not limited to, the following: the smart cryptographic device encodes the refund information and transmits the sound signal; or the smart cryptographic device graphically encodes the refund information and displays it for the terminal to perform image collection. Or the smart cryptographic device sends a refund message via the communication interface that the smart cryptographic device matches the terminal.
为了节约智能密码设备的电能,延长使用寿命,智能密码设备还可以在向终端发送退款确认信息后(例如,发送退款确认信息对应的声波信号后,或者显示退款确认信息对应的图像信息达到预定的时间后),由唤醒状态转换为休眠状态。In order to save the power of the smart cryptographic device and prolong the service life, the smart cryptographic device can also send the refund confirmation information to the terminal (for example, after transmitting the sound wave signal corresponding to the refund confirmation information, or displaying the image information corresponding to the refund confirmation information) After the predetermined time has elapsed, the state transitions from the awake state to the sleep state.
终端接收退款确认信息,对退款确认信息进行验证,并在验证通过后,利用终端的私钥对退款确认信息进行签名生成退款确认包;具体的,当智能密码设备利用第二会话密钥对退款信息进行加密计算和/或校验计算后,本步骤还需利用第二会话密钥对接收到的信息进行解密计算和/或校验验证计算;终端可以通过但不限于如下方式接收退款确认信息:终端接收智能密码设备发送的声波信号并对声波信号进行解码获得退款确认信息(例如,可以采用声波识别设备对声波信号进行识别,采用声波解码器对声波信号进行解码获得退款确认信息);或者终端采集智能密码设备显示的图像信息并对图像信息(例如,二维码、条形码等)进行解码获得退款确认信息(例如采用图像采集设备对图像信息进行采集,采用解码器对图像信息进行解码后获得退款确认信息);或者终端通过终端与智能密码设备匹配的通信接口接收退款确认信息。此外,终端利用智能密码设备的公钥对退款确认信息进行验证。 The terminal receives the refund confirmation information, verifies the refund confirmation information, and after the verification is passed, uses the private key of the terminal to sign the refund confirmation information to generate a refund confirmation package; specifically, when the smart password device utilizes the second session After the key performs encryption calculation and/or verification calculation on the refund information, this step also needs to use the second session key to perform decryption calculation and/or verification verification calculation on the received information; the terminal may pass but not be limited to the following The method receives the refund confirmation information: the terminal receives the sound wave signal sent by the smart password device and decodes the sound wave signal to obtain the refund confirmation information (for example, the sound wave recognition device can be used to identify the sound wave signal, and the sound wave decoder is used to decode the sound wave signal. Obtaining the refund confirmation information); or the terminal collects the image information displayed by the smart password device and decodes the image information (for example, the two-dimensional code, the barcode, etc.) to obtain the refund confirmation information (for example, the image collection device is used to collect the image information, Decoding the image information using a decoder to obtain a refund confirmation message); or Receiving an acknowledgment message through the interface with the smart communication terminal refund password matches the device. In addition, the terminal authenticates the refund confirmation information using the public key of the smart cryptographic device.
终端向后台系统服务器发送退款确认包和退款确认信息;具体的,终端直接向后台系统服务器发送退款确认包和退款确认信息,终端也可以利用第一会话密钥对退款确认包和退款确认信息进行加密计算和/或校验计算后发送至后台系统服务器,以保证信息传输的安全性和/或完整性。The terminal sends a refund confirmation packet and a refund confirmation information to the background system server; specifically, the terminal directly sends a refund confirmation packet and a refund confirmation message to the background system server, and the terminal can also use the first session key to confirm the refund confirmation package. And the refund confirmation information is sent to the background system server after encryption calculation and/or verification calculation to ensure the security and/or integrity of the information transmission.
后台系统服务器接收到退款确认包和退款确认信息后,分别对退款确认包和退款确认信息进行验证,并在全部验证通过后,执行退款操作。具体的,如果终端利用了第一会话密钥对退款确认包和退款确认信息进行了加密计算和/或校验计算,那么本步骤中,后台系统服务器还利用第一会话密钥对接收到的信息进行解密计算和/或校验验证计算。此外,后台系统服务器还利用终端的公钥对退款确认包进行验证,利用智能密码设备的公钥对退款确认信息进行验证。After receiving the refund confirmation package and the refund confirmation information, the background system server verifies the refund confirmation package and the refund confirmation information separately, and performs the refund operation after all the verifications are passed. Specifically, if the terminal performs the encryption calculation and/or the check calculation on the refund confirmation package and the refund confirmation information by using the first session key, in this step, the background system server further receives the first session key pair. The obtained information is subjected to decryption calculation and/or verification verification calculation. In addition, the backend system server also uses the public key of the terminal to verify the refund confirmation package, and uses the public key of the smart cryptographic device to verify the refund confirmation information.
以下针对方式三,提供一种退款的应用场景,但本发明并不局限于此:The following provides a refund application scenario for mode 3, but the present invention is not limited to this:
智能密码设备由休眠状态转换为唤醒状态;例如,可以通过持有该智能密码设备的顾客的按键操作使得智能密码设备进入唤醒状态;The smart cryptographic device is switched from a sleep state to an awake state; for example, the smart cryptographic device can be brought into an awake state by a key operation of a customer holding the smart cryptographic device;
顾客可以通过按下智能密码设备上的按键以生成退款请求,智能密码设备接收到该退款请求后,将该退款请求发送给该终端;The customer can generate a refund request by pressing a button on the smart password device, and the smart password device sends the refund request to the terminal after receiving the refund request;
终端可以生成随机数R,将该随机数作R为退款请求标识,并向智能密码设备发送退款请求标识;The terminal may generate a random number R, and the random number is R as a refund request identifier, and send a refund request identifier to the smart password device;
智能密码设备生成退款信息,并利用智能密码设备的私钥对退款信息进行签名,得到退款确认信息,并向终端发送退款确认信息;其中,该退款信息至少包括:退款请求标识、退款金额、退款账户等信息,其中,退款金额、退款账户等信息可以由顾客通过智能密码设备上的按键进行输入,或者退款金额可以由顾客通过智能密码设备上的按键输入,退款账户从智能密码设备预存的信息中读取获得,或者退款金额、退款账户等信息均可以从智能密码设备预存的信息中读取获得,智能密码设备使用终端和智能密码设备之间的第二会话密钥加密退款确认信息,并发送给终端;The smart password device generates the refund information, and uses the private key of the smart password device to sign the refund information, obtain the refund confirmation information, and send the refund confirmation information to the terminal; wherein the refund information includes at least: a refund request Information such as identification, refund amount, refund account, etc., wherein the refund amount, refund account and other information can be input by the customer through the button on the smart password device, or the refund amount can be passed by the customer through the button on the smart password device Input, the refund account is read from the information pre-stored by the smart password device, or the refund amount, refund account and other information can be read from the information pre-stored by the smart password device, and the smart password device uses the terminal and the smart password device. The second session key is encrypted with the refund confirmation information and sent to the terminal;
终端接收到加密后的退款确认信息后,利用第二会话密钥解密此信息,获得退款确认信息,并利用智能密码设备的公钥验证退款确认信息的正确性,若正确,终端利用终端的私钥对退款确认信息再进行签名得到退款确认包,当然,终端还可以直接对退款信息进行签名得到退款确认包;After receiving the encrypted refund confirmation information, the terminal decrypts the information by using the second session key, obtains the refund confirmation information, and verifies the correctness of the refund confirmation information by using the public key of the smart password device. If correct, the terminal utilizes The private key of the terminal re-signs the refund confirmation information to obtain a refund confirmation package. Of course, the terminal can also directly sign the refund information to obtain a refund confirmation package;
终端利用第一会话密钥对退款确认包和退款确认信息进行加密后发送至后台系统服务器;The terminal encrypts the refund confirmation package and the refund confirmation information by using the first session key, and sends the confirmation to the background system server;
后台系统服务器接收到加密后的信息后,利用第一会话密钥对接收到的信息进行解密, 并利用终端的公钥对退款确认包进行验证,利用智能密码设备的公钥对退款确认信息进行验证,并在二者验证均通过后,执行退款操作,并发送退款成功回执信息给终端和/或智能密码设备。After receiving the encrypted information, the background system server decrypts the received information by using the first session key. The refund confirmation packet is verified by the public key of the terminal, and the refund confirmation information is verified by the public key of the smart password device, and after both verifications are passed, the refund operation is performed, and the refund success receipt information is sent. Give the terminal and / or smart cryptographic device.
以上三种退款方式中,退款确认包或者退款确认信息中还可以包含单次退款标识,该单次退款标识可以为随机数,以保证一次退款仅被成功执行一次。当然,该单次退款标识可以由终端生成,也可以由智能密码设备生成,可以在退款确认包中被终端签名,也可以在退款确认信息中被智能密码设备签名。In the above three refund methods, the refund confirmation package or the refund confirmation information may also include a single refund identifier, and the single refund identifier may be a random number to ensure that one refund is successfully executed only once. Of course, the single refund identifier may be generated by the terminal, or may be generated by the smart password device, may be signed by the terminal in the refund confirmation packet, or may be signed by the smart password device in the refund confirmation information.
当然,后台系统服务器在执行退款操作后,还可以向终端和/或智能密码设备发送退款成功回执信息,以便店铺和/或顾客可以得知退款成功。Of course, after performing the refund operation, the background system server may also send a refund success receipt information to the terminal and/or the smart password device, so that the store and/or the customer can know that the refund is successful.
由此可见,通过上述退款流程,可以大大简化顾客在退款过程中的操作,应用智能密码设备相关的安全功能能保障顾客退款过程的安全性,为消费者带来无缝使用体验。It can be seen that through the above refund process, the operation of the customer in the refund process can be greatly simplified, and the security function related to the application of the smart password device can ensure the security of the customer refund process and bring a seamless use experience to the consumer.
步骤六:销户。Step 6: Sell out.
包括终端的销户和智能密码设备的销户,以下先对终端的销户进行说明:Including the terminal's account cancellation and smart password device sales, the following describes the terminal's account:
终端获取终端销户申请,利用终端的私钥对销户申请进行签名获得第六签名信息,并向后台系统服务器发送终端销户申请以及第六签名信息;具体的,终端可以直接向后台系统服务器发送销户申请以及第六签名信息,终端也可以利用第一会话密钥对第六签名信息进行加密计算和/或校验计算,并将计算后的信息发送至后台系统服务器,以保证信息传输的安全性和/或完整性。The terminal acquires the terminal account cancellation application, uses the private key of the terminal to sign the account cancellation application to obtain the sixth signature information, and sends the terminal account cancellation application and the sixth signature information to the background system server; specifically, the terminal can directly go to the background system server. Sending the account cancellation application and the sixth signature information, the terminal may also perform encryption calculation and/or verification calculation on the sixth signature information by using the first session key, and send the calculated information to the background system server to ensure information transmission. Safety and / or integrity.
后台系统服务器接收到终端销户申请以及第六签名信息后,利用预存的终端证书中的公钥对第六签名信息进行验证;具体的,如果终端还利用第一会话密钥进行了加密计算和/或校验计算,在本步骤中,后台系统服务器还利用第一会话密钥对接收到的信息进行解密计算和/或校验验证计算。After receiving the terminal account cancellation application and the sixth signature information, the background system server uses the public key in the pre-stored terminal certificate to verify the sixth signature information; specifically, if the terminal further performs encryption calculation using the first session key and / or check calculation, in this step, the background system server also uses the first session key to perform decryption calculation and/or verification verification calculation on the received information.
后台系统服务器在验证第六签名信息通过后,删除预存的终端证书,并生成终端销户完成信息,向终端发送终端销户完成信息;具体的,后台系统服务器在进行销户时,除了删除预存的终端证书外,还可以将该终端对应的信息放到后台系统服务器预设的销户列表里等其他销户操作。另外,销户完成信息也可以是利用第一会话密钥进行加密计算和/或校验计算得到的,也可以是利用后台系统服务器的私钥进行签名得到的,或者利用后台系统服务器的私钥进行签名后再利用第一会话密钥进行加密计算和/或校验计算得到的。After verifying that the sixth signature information is passed, the background system server deletes the pre-stored terminal certificate, and generates terminal completion information, and sends the terminal completion information to the terminal; specifically, the background system server deletes the pre-stored when performing the account cancellation. In addition to the terminal certificate, the information corresponding to the terminal can be placed in the default account list of the background system server and other other account operations. In addition, the account completion information may also be obtained by using the first session key for encryption calculation and/or verification calculation, or by using the private key of the background system server for signature, or by using the private key of the background system server. After the signature is performed, the first session key is used for the encryption calculation and/or the check calculation.
终端接收到终端销户完成信息后,删除终端的私钥。具体的,终端接收到终端销户完成信息后,删除私钥,当然,还可以拒绝执行任何与发送该终端销户完成信息的后台系统服务器有关的交易操作。此外,终端还可以利用第一会话密钥进行解密计算和/或校验验证 计算和/或验签操作等。After receiving the terminal completion information, the terminal deletes the private key of the terminal. Specifically, after receiving the terminal completion information, the terminal deletes the private key. Of course, the terminal may also refuse to perform any transaction operation related to the background system server that sends the terminal to complete the information. In addition, the terminal can also perform decryption calculation and/or verification verification using the first session key. Calculation and / or check operation, etc.
以下对智能密码设备的销户进行说明:The following describes the cancellation of smart password devices:
智能密码设备获取智能密码设备销户申请,利用智能密码设备的私钥对销户申请进行签名获得第七签名信息,并向后台系统服务器发送智能密码设备销户申请以及第七签名信息;具体的,该第七签名信息可以是通过终端发送的,也可以是人工办理的,在通过终端发送时,可以利用第一会话密钥和第二会话密钥进行加密计算和/或校验计算等计算,以保证信息传输的安全性。The smart password device obtains the application for the smart password device to cancel the account, uses the private key of the smart password device to sign the account cancellation application to obtain the seventh signature information, and sends the smart password device account cancellation application and the seventh signature information to the background system server; The seventh signature information may be sent by the terminal, or may be manually processed. When being sent by the terminal, the first session key and the second session key may be used to perform calculations such as encryption calculation and/or verification calculation. To ensure the security of information transmission.
后台系统服务器接收到智能密码设备销户申请以及第七签名信息后,利用预存的智能密码设备证书中的公钥对第七签名信息进行验证;具体的,如果终端还利用第一会话密钥进行了加密计算和/或校验计算,在本步骤中,后台系统服务器还利用第一会话密钥对接收到的信息进行解密计算和/或校验验证计算。After receiving the smart PIN device account cancellation application and the seventh signature information, the background system server uses the public key in the pre-stored smart cryptographic device certificate to verify the seventh signature information; specifically, if the terminal further uses the first session key The encryption calculation and/or the verification calculation, in this step, the background system server also performs decryption calculation and/or verification verification calculation on the received information by using the first session key.
后台系统服务器在验证第七签名信息通过后,删除预存的智能密码设备证书,并生成智能密码设备销户完成信息,向智能密码设备发送智能密码设备销户完成信息;具体的,后台系统服务器在进行销户时,除了删除预存的智能密码设备证书外,还可以将该智能密码设备对应的信息放到后台系统服务器预设的销户列表里等其他销户操作。另外,销户完成信息也可以通过终端发送至智能密码设备,此时可以利用第一会话密钥进行加密计算和/或校验计算得到的,也可以是利用后台系统服务器的私钥进行签名得到的,或者利用后台系统服务器的私钥进行签名后再利用第一会话密钥进行加密计算和/或校验计算得到的。After verifying the seventh signature information, the background system server deletes the pre-stored smart password device certificate, generates a smart password device account completion information, and sends the smart password device to the smart password device to complete the information; specifically, the background system server is When the account is cancelled, in addition to deleting the pre-stored smart password device certificate, the information corresponding to the smart password device can be placed in the default account list of the background system server and other other account operations. In addition, the account completion information can also be sent to the smart cryptographic device through the terminal. In this case, the first session key can be used for the encryption calculation and/or the check calculation, or the signature of the backend system server can be used to obtain the signature. Or use the private key of the background system server to sign and then use the first session key for encryption calculation and/or check calculation.
智能密码设备接收到智能密码设备销户完成信息后,删除智能密码设备的私钥。具体的,智能密码设备可以对签名信息进行验签,并在验签通过后,执行删除操作,也可以利用第二会话密钥解密和/或校验验证得到的信息,当然,还可以利用第二会话密钥解密和/或校验验证得到的信息后再对签名信息进行验签,只要保证信息传输的安全性和/或完整性均应包含在本发明的保护范围内。After receiving the information about the completion of the smart cryptographic device, the smart cryptographic device deletes the private key of the smart cryptographic device. Specifically, the smart cryptographic device may perform verification on the signature information, and after the verification is passed, perform a deletion operation, and may also use the second session key to decrypt and/or verify the obtained information, and of course, may also utilize the After the second session key is decrypted and/or verified, the signature information is checked, as long as the security and/or integrity of the information transmission is included in the scope of the present invention.
后台系统服务器通过管理终端和智能密码设备的注册、销户、认证以及锁定几个方面,确保终端和智能密码设备的合法性,杜绝了由于终端或者智能密码设备被非法盗用时产生的财产损失。The back-end system server ensures the legitimacy of the terminal and the smart password device through the registration, the account cancellation, the authentication and the locking of the management terminal and the smart password device, and the property loss caused by the illegal use of the terminal or the smart password device is eliminated.
值得说明的是,以上的步骤一至步骤六并非依次执行的,其可以仅完成其中几个步骤,另外,以上的步骤一至步骤六也不仅限于同一应用场景下完成,无论在何种应用场景下,只要使用本发明的任一步骤,并可以安全的执行完交易即应属于本发明的保护范围。It should be noted that the above steps 1 to 6 are not performed in sequence, and only a few steps may be completed. In addition, the above steps 1 to 6 are not limited to the same application scenario, regardless of the application scenario. It is within the scope of the present invention to use any of the steps of the present invention and to perform the transaction safely.
以下,给出本发明示例性的一种应用场景: Hereinafter, an exemplary application scenario of the present invention is given:
本应用场景中,在智能密码设备上集成无线通信模块,以及状态控制模块形成本发明的新型的可配置为安全支付的智能密码设备。该智能密码设备包括无线通信模块,其可以是蓝牙通信模块或者WIFI通信模块等,该无线通信模块可以对其他设备进行查询扫描和寻呼扫描,并可以与其他无线设备进行信号和数据的交互。同时该智能密码设备上还包括一个状态控制模块,可以控制智能密码设备的无线通信模块和主机的工作状态。且本发明的智能密码设备具备两个状态:休眠状态以及唤醒状态,在休眠状态下只有收发器(无线通信模块)和状态控制模块处于工作,CPU将关闭,不能进行指令操作(例如:签名,接收、发送数据等功能),从而使智能密码设备处于一种低功耗的状态。当其他无线设备从外部发给该智能密码设备应用指令时,状态控制模块可以对这些信号进行识别,并生成唤醒信号,将CPU唤醒为唤醒状态,开始执行这个应用命令。当命令执行完毕以后,CPU将再次进入休眠状态。In this application scenario, a wireless communication module is integrated on the smart cryptographic device, and the state control module forms a novel smart cryptographic device configurable as a secure payment of the present invention. The smart cryptographic device includes a wireless communication module, which may be a Bluetooth communication module or a WIFI communication module, etc., and the wireless communication module may perform inquiry scanning and page scanning on other devices, and may perform signal and data interaction with other wireless devices. At the same time, the smart cryptographic device further includes a state control module, which can control the working state of the wireless communication module of the smart cryptographic device and the host. Moreover, the smart cryptographic device of the present invention has two states: a sleep state and an awake state. In the sleep state, only the transceiver (wireless communication module) and the state control module are in operation, the CPU is turned off, and the instruction operation cannot be performed (for example, signature, Receiving and transmitting data, etc., so that the smart cryptographic device is in a low power state. When other wireless devices send the smart cryptographic device application command from the outside, the state control module can identify these signals, generate a wake-up signal, wake up the CPU to the awake state, and start executing the application command. When the command is executed, the CPU will go to sleep again.
以下,对于本发明的完整交易流程进行简单说明:In the following, a brief description of the complete transaction process of the present invention is provided:
智能密码设备处于休眠状态,用户带着该智能密码设备进入终端的无线信号覆盖范围内,智能密码设备与终端完成无线设备的交互识别,即终端可以知道有智能密码设备进入终端所在店铺并与该智能密码设备建立连接。The smart cryptographic device is in a dormant state, and the user enters the wireless signal coverage of the terminal with the smart cryptographic device, and the smart cryptographic device and the terminal complete the interactive identification of the wireless device, that is, the terminal can know that the smart cryptographic device enters the store where the terminal is located and A smart cryptographic device establishes a connection.
终端与智能密码设备建立连接以后,终端会向智能密码设备发送认证设备的请求,智能密码设备接收到该请求,状态控制模块会发出唤醒信号,此时CPU就会被唤醒,智能密码设备进入唤醒状态,并执行相应的操作。After the terminal establishes a connection with the smart cryptographic device, the terminal sends a request for the authentication device to the smart cryptographic device. When the smart cryptographic device receives the request, the state control module sends a wakeup signal, and the CPU is woken up, and the smart cryptographic device enters the wakeup. Status and perform the appropriate action.
智能密码设备完成相应指令以后,恢复至休眠状态,并继续保持与终端的设备交互识别,以便终端能够判断智能密码设备的持有者是否离店。After completing the corresponding instruction, the smart cryptographic device returns to the sleep state, and continues to maintain the device interaction identification with the terminal, so that the terminal can determine whether the holder of the smart cryptographic device leaves the store.
终端与智能密码设备相互认证通过以后,终端会向后台系统服务器提出读取用户信息的请求,后台系统服务器提出输入用户授权信息的请求,此时终端会向智能密码设备发送用户授权请求。After the terminal and the smart cryptographic device authenticate each other, the terminal requests the background system server to read the user information, and the background system server requests the user authorization information, and the terminal sends a user authorization request to the smart cryptographic device.
休眠状态下的智能密码设备接收到来自终端发送的用户授权请求,进入唤醒状态。智能密码设备将显示终端的请求,提示用户进行判断是否授权。The smart cryptographic device in the sleep state receives the user authorization request sent from the terminal, and enters the awake state. The smart cryptographic device will display the request from the terminal, prompting the user to judge whether it is authorized.
用户根据显示的终端发送的请求判断是否授权,若授权,则按下智能密码设备上的确认键使智能密码设备产生授权信息并发送给终端,然后转入休眠状态,否则,智能密码设备结束执行命令,直接转入休眠状态。The user determines whether to authorize according to the request sent by the displayed terminal. If authorized, press the confirmation button on the smart password device to cause the smart password device to generate authorization information and send it to the terminal, and then enter the sleep state. Otherwise, the smart password device ends execution. Command, go directly to sleep state.
在结算时,终端又会向休眠状态的智能密码设备发送用户交易确认请求指令,处于休眠状态下的智能密码设备接收到该指令进入唤醒状态,智能密码设备显示接收到的交易信息,用户进行确认,若交易信息正确,则按下确认键使智能密码设备对交易信息签名,并 返回给终端;否则,结束执行操作,智能密码设备转入休眠状态。At the time of settlement, the terminal sends a user transaction confirmation request command to the sleepy smart cryptographic device, and the smart cryptographic device in the sleep state receives the command to enter the awake state, and the smart cryptographic device displays the received transaction information, and the user confirms. If the transaction information is correct, press the enter key to cause the smart password device to sign the transaction information, and Return to the terminal; otherwise, the execution of the operation ends, and the smart cryptographic device goes to sleep.
以下,给出本发明的另一种应用场景:In the following, another application scenario of the present invention is given:
后台系统服务器与终端进行相互认证,建立安全通道协商共同的会话密钥K1;The background system server and the terminal perform mutual authentication, and establish a secure channel to negotiate a common session key K1;
终端在本地服务器建立一个当前用户列表,该当前用户列表可以用来存储当前店内的顾客持有的智能密码设备对应的用户信息;The terminal establishes a current user list on the local server, where the current user list can be used to store user information corresponding to the smart password device held by the customer in the current store;
终端本地服务器通过无线方式(例如采用无线探测设备)对终端的无线信号覆盖范围内的智能密码设备进行监测;The terminal local server monitors the smart cryptographic device in the wireless signal coverage of the terminal by using a wireless method (for example, using a wireless detecting device);
顾客携带着具有无线通讯功能的智能密码设备(处于休眠状态)逛街购物,当该顾客进入终端的无线信号覆盖范围内,智能密码设备可以被终端搜索到,并与终端建立无线连接;The customer carries a smart cryptographic device with wireless communication function (sleeping state) to shop, and when the customer enters the wireless signal coverage of the terminal, the smart cryptographic device can be searched by the terminal and establish a wireless connection with the terminal;
终端与智能密码设备进行相互认证,并建立安全通道协商出共同的会话密钥K2;The terminal and the smart cryptographic device perform mutual authentication, and establish a secure channel to negotiate a common session key K2;
终端向后台系统服务器发送读取智能密码设备对应的用户信息的请求;The terminal sends a request for reading the user information corresponding to the smart password device to the background system server;
后台系统服务器产生随机数(单次授权标识),作为生成用户授权信息的参数,后台系统服务器利用会话密钥K1加密该随机数;The background system server generates a random number (single authorization identifier) as a parameter for generating user authorization information, and the background system server encrypts the random number by using the session key K1;
后台系统服务器向终端发出用户授权请求信息,并将该随机数密文发送给终端;The background system server sends the user authorization request information to the terminal, and sends the random number ciphertext to the terminal;
终端解密密文,再利用终端与智能密码设备之间协商的会话密钥K2对该随机数加密;The terminal decrypts the ciphertext, and then encrypts the random number by using the session key K2 negotiated between the terminal and the smart cryptographic device;
终端向智能密码设备发送用户授权请求信息,并将该随机数密文发给智能密码设备;The terminal sends the user authorization request information to the smart cryptographic device, and sends the random ciphertext to the smart cryptographic device;
智能密码设备接收到该用户授权请求信息后,转换成唤醒状态,并利用会话密钥K2对接收到的该随机数密文进行解密,然后在智能密码设备的显示屏上显示该用户授权请求信息,等待用户进行确认;After receiving the authorization request information, the smart cryptographic device converts to the awake state, and decrypts the received random ciphertext by using the session key K2, and then displays the user authorization request information on the display screen of the smart cryptographic device. Waiting for the user to confirm;
用户对该信息进行判断,如果不允许则拒绝,智能密码设备转入休眠状态;The user judges the information, and if not allowed, the smart password device goes to sleep state;
如果允许,则按下智能密码设备上的确认键,智能密码设备对该随机数(单次授权标识)进行摘要并签名,并将签名值作为用户授权信息,利用会话密钥K2加密签名值发送至终端,然后转入休眠状态;If allowed, press the confirmation key on the smart password device, the smart password device summarizes and signs the random number (single authorization identifier), and uses the signature value as the user authorization information to send the signature value using the session key K2. Go to the terminal and then go to sleep;
终端接到签名值利用会话密钥K2解密,再利用会话密钥K1加密,传送给后台系统服务器;The terminal receives the signature value and decrypts it with the session key K2, and then encrypts it with the session key K1 and transmits it to the background system server;
后台系统服务器利用会话密钥K1解密得到签名,再利用智能密码设备的公钥解密签名,将利用其自身生成的随机数生成的摘要与解密签名后得到的值进行对比,若不一致,则返回错误信息结束操作;The background system server decrypts the signature by using the session key K1, and then decrypts the signature by using the public key of the smart cryptographic device, and compares the digest generated by the self-generated random number with the value obtained by decrypting the signature, and if not, returns an error. End of information operation;
若一致,则后台系统服务器将用户信息利用会话密钥K1进行加密,并生成用户授权 信息校验值(第一校验值),该校验值可以是MAC形式或者哈希函数加签名的形式等,将密文以及校验值发送给终端;If they are consistent, the background system server encrypts the user information with the session key K1 and generates a user authorization. The information check value (the first check value), the check value may be in the form of a MAC or a hash function plus a signature, etc., and the ciphertext and the check value are sent to the terminal;
终端收到用户信息以后,将用户信息存储在当前用户列表中;After receiving the user information, the terminal stores the user information in the current user list.
顾客购物结束以后到收银处进行结算;After the customer has finished shopping, he will settle at the cashier's office;
终端结算金额,并在当前用户列表中选中该顾客持有的智能密码设备对应的账户;The terminal settles the amount, and selects an account corresponding to the smart password device held by the customer in the current user list;
终端将交易金额、收付款双方账号、收付款双方标识信息等生成交易信息,利用会话密钥K2加密交易信息;The terminal generates transaction information by using the transaction amount, the account of the payment and payment parties, and the identification information of the payment and payment parties, and encrypts the transaction information by using the session key K2;
终端向智能密码设备发送交易请求信息,并将交易信息密文发送给智能密码设备;The terminal sends the transaction request information to the smart cryptographic device, and sends the transaction ciphertext to the smart cryptographic device;
智能密码设备接收到终端的交易请求信息,则转入唤醒状态,对交易信息解密成明文并在屏幕上显示出来;After receiving the transaction request information of the terminal, the smart cryptographic device transfers to the awake state, decrypts the transaction information into plaintext and displays it on the screen;
顾客对交易信息进行确认,若有问题则按取消,交易中止,智能密码设备转入休眠状态;The customer confirms the transaction information, if there is a problem, press cancel, the transaction is aborted, and the smart password device goes to sleep state;
若没有问题,则按下确认键,智能密码设备生成随机数,作为单次交易标识;If there is no problem, press the confirm button, and the smart password device generates a random number as a single transaction identifier;
智能密码设备对交易信息以及该随机数进行摘要并签名,利用会话密钥K2加密签名,得到用户交易确认信息并发送给终端;The smart cryptographic device summarizes and signs the transaction information and the random number, encrypts the signature by using the session key K2, obtains the user transaction confirmation information, and sends the information to the terminal;
终端对用户交易确认信息进行解密,并生成交易数据包(包括交易金额,收付款双方账号以及各自的唯一识别信息等),利用会话密钥K1对交易数据包加密,并生成交易数据包校验值(第二校验值);The terminal decrypts the user transaction confirmation information, and generates a transaction data packet (including the transaction amount, the payment and payment account number, and the respective unique identification information, etc.), encrypts the transaction data packet by using the session key K1, and generates a transaction data packet verification. Value (second check value);
终端向后台系统服务器发送转账申请并发送交易数据包密文以及第二校验值;The terminal sends a transfer request to the background system server and sends the transaction data packet ciphertext and the second check value;
后台系统服务器进行转账处理,并向终端发送转账成功的支付完成信息,当然,后台系统服务器还可以将支付完成信息通过终端发送给智能密码设备,以便顾客得知交易完成;The background system server performs the transfer processing, and sends the payment completion information to the terminal successfully. Of course, the background system server can also send the payment completion information to the smart cryptographic device through the terminal, so that the customer knows that the transaction is completed;
终端收到该支付完成信息,向顾客交付商品,结账完成。The terminal receives the payment completion information, delivers the goods to the customer, and the settlement is completed.
通过终端与后台系统服务器之间进行的认证,终端认定了后台系统服务器的合法性以后,可以利用可信的后台系统服务器对智能密码设备的合法性进行认证。在同时确定了后台系统服务器与智能密码设备是可信的情况下,这样就保证了终端的交易安全。同时利用后台系统服务器对终端的合法性认证以及交易时智能密码设备对显示信息手动确认的环节,也保证了智能密码设备持有者的交易安全。Through the authentication between the terminal and the back-end system server, after the terminal determines the legitimacy of the background system server, the trusted background system server can be used to authenticate the legality of the smart cryptographic device. In the case where it is determined that the background system server and the smart cryptographic device are trusted, this ensures the security of the terminal transaction. At the same time, the legality authentication of the terminal by the background system server and the manual confirmation of the display information by the smart cryptographic device during the transaction are also ensured, and the transaction security of the smart cryptographic device holder is also ensured.
基于本发明提供的数据安全交互方法和系统,顾客在进入店铺进行交易时,无需配合手机、银行卡或金融IC卡等相关账户载体设备完成支付,而原有技术的支付过程均需要借 助SIM卡或智能卡等具备账户存储功能的设备,用户还需要进行刷卡、刷手机等操作才能完成交易。采用本发明提供的方法,顾客可以无需借助钱包、信用卡、手机等方式来完成支付,从而简化了顾客与商户在支付过程中的交互操作,提高了支付效率,提升了顾客在近场支付过程中的体验;同时利用智能密码设备的安全性特点保证顾客支付过程的安全性。Based on the data security interaction method and system provided by the present invention, when a customer enters a store to conduct a transaction, it is not necessary to complete payment with a related account carrier device such as a mobile phone, a bank card or a financial IC card, and the payment process of the original technology needs to be borrowed. For devices that have an account storage function such as a SIM card or a smart card, the user also needs to perform operations such as swiping a card or swiping a mobile phone to complete the transaction. By adopting the method provided by the invention, the customer can complete the payment without using the wallet, the credit card, the mobile phone, etc., thereby simplifying the interaction between the customer and the merchant in the payment process, improving the payment efficiency, and improving the customer in the near field payment process. The experience; while using the security features of smart cryptographic devices to ensure the security of the customer payment process.
顾客选购好商品以后在结账时,终端无需再通过让顾客手动刷卡或刷手机的方式获得用户信息,是因为该用户信息在刚进店时已经存储在终端的当前用户列表中了,结账时顾客只需报出自己的姓名,终端即可直接将结算后的金额等交易信息发送至顾客的智能密码设备并显示,此时,顾客只需利用智能密码设备进行确认,并输出交易确认信息,终端生成交易数据包发送给后台系统服务器,后台系统服务器验证该交易数据包准确无误后进行转账处理,即可完成支付过程。After the customer purchases the good product, the terminal does not need to obtain the user information by manually swiping the card or swiping the mobile phone, because the user information is already stored in the current user list of the terminal when entering the store, and at the time of checkout The customer only needs to report his/her name, and the terminal can directly send the transaction information such as the amount after settlement to the customer's smart password device and display it. At this time, the customer only needs to confirm with the smart password device and output the transaction confirmation information. The terminal generates a transaction data packet and sends it to the background system server. After the background system server verifies that the transaction data packet is accurate and then performs the transfer processing, the payment process can be completed.
当顾客走出这家店铺的信号覆盖范围时,智能密码设备与终端之间的网络连接就会自动中断,用户信息从该店铺的当前用户列表中消失。若顾客又进入另一家店铺时,将会自动进入该另一家店铺的当前用户列表中,开始另一次购物。这样不需要顾客执行任何操作,只需要顾客在购物时将一个小巧的智能密码设备随身放入口袋,采用本发明就可以为顾客带来无缝使用体验。When the customer leaves the signal coverage of the store, the network connection between the smart cryptographic device and the terminal is automatically interrupted, and the user information disappears from the current user list of the store. If the customer enters another store again, he will automatically enter the current user list of the other store and start another shopping. This eliminates the need for the customer to perform any operations, and only requires the customer to put a small smart password device into the pocket while shopping, and the invention can provide a seamless user experience.
流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本发明的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本发明的实施例所属技术领域的技术人员所理解。Any process or method description in the flowcharts or otherwise described herein may be understood to represent a module, segment or portion of code that includes one or more executable instructions for implementing the steps of a particular logical function or process. And the scope of the preferred embodiments of the invention includes additional implementations, in which the functions may be performed in a substantially simultaneous manner or in an opposite order depending on the functions involved, in the order shown or discussed. It will be understood by those skilled in the art to which the embodiments of the present invention pertain.
应当理解,本发明的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式中,多个步骤或方法可以用存储在存储器中且由合适的指令执行系统执行的软件或固件来实现。例如,如果用硬件来实现,和在另一实施方式中一样,可用本领域公知的下列技术中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路,具有合适的组合逻辑门电路的专用集成电路,可编程门阵列(PGA),现场可编程门阵列(FPGA)等。It should be understood that portions of the invention may be implemented in hardware, software, firmware or a combination thereof. In the above-described embodiments, multiple steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques well known in the art: having logic gates for implementing logic functions on data signals. Discrete logic circuits, application specific integrated circuits with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.
本技术领域的普通技术人员可以理解实现上述实施例方法携带的全部或部分步骤是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,该程序在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art can understand that all or part of the steps carried by the method of implementing the above embodiments can be completed by a program to instruct related hardware, and the program can be stored in a computer readable storage medium. When executed, one or a combination of the steps of the method embodiments is included.
此外,在本发明各个实施例中的各功能单元可以集成在一个处理模块中,也可以是各 个单元单独物理存在,也可以两个或两个以上单元集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing module, or may be each Units exist physically separately, or two or more units can be integrated into one module. The above integrated modules can be implemented in the form of hardware or in the form of software functional modules. The integrated modules, if implemented in the form of software functional modules and sold or used as stand-alone products, may also be stored in a computer readable storage medium.
上述提到的存储介质可以是只读存储器,磁盘或光盘等。The above mentioned storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of the present specification, the description with reference to the terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" and the like means a specific feature described in connection with the embodiment or example. A structure, material or feature is included in at least one embodiment or example of the invention. In the present specification, the schematic representation of the above terms does not necessarily mean the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in a suitable manner in any one or more embodiments or examples.
尽管上面已经示出和描述了本发明的实施例,可以理解的是,上述实施例是示例性的,不能理解为对本发明的限制,本领域的普通技术人员在不脱离本发明的原理和宗旨的情况下在本发明的范围内可以对上述实施例进行变化、修改、替换和变型。本发明的范围由所附权利要求及其等同限定。 Although the embodiments of the present invention have been shown and described, it is understood that the foregoing embodiments are illustrative and not restrictive Variations, modifications, alterations and variations of the above-described embodiments are possible within the scope of the invention. The scope of the invention is defined by the appended claims and their equivalents.

Claims (58)

  1. 一种数据安全交互方法,其特征在于,包括:A data security interaction method, comprising:
    终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息;The terminal scans the smart cryptographic device within the signal coverage area, and obtains the identification information of the scanned smart cryptographic device;
    所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息;Obtaining, by the terminal, user information corresponding to the smart cryptographic device according to the scanned identifier information of the smart cryptographic device;
    所述终端将所述用户信息存储到预先建立的当前用户列表中;The terminal stores the user information in a pre-established current user list;
    所述终端根据待交易的智能密码设备对应的用户信息生成交易信息,并根据所述交易信息获得交易请求信息;The terminal generates transaction information according to user information corresponding to the smart cryptographic device to be traded, and obtains transaction request information according to the transaction information;
    所述终端向所述智能密码设备发送所述交易请求信息;Transmitting, by the terminal, the transaction request information to the smart cryptographic device;
    所述智能密码设备接收到所述交易请求信息后,根据所述交易请求信息获得所述交易信息;After receiving the transaction request information, the smart cryptographic device obtains the transaction information according to the transaction request information;
    所述智能密码设备提示所述交易信息;The smart cryptographic device prompts the transaction information;
    所述智能密码设备接收确认指令,并生成交易确认信息;The smart cryptographic device receives the confirmation command and generates transaction confirmation information;
    所述终端接收所述交易确认信息;Receiving, by the terminal, the transaction confirmation information;
    所述终端根据所述交易确认信息获得交易数据包,并向所述后台系统服务器发送所述交易数据包;The terminal obtains a transaction data packet according to the transaction confirmation information, and sends the transaction data packet to the background system server;
    所述后台系统服务器接收到所述交易数据包后,根据所述交易数据包获得所述交易确认信息;After receiving the transaction data packet, the background system server obtains the transaction confirmation information according to the transaction data packet;
    所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易。The backend system server verifies the transaction confirmation information and executes the transaction after the verification is passed.
  2. 根据权利要求1所述的方法,其特征在于,所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息包括:The method according to claim 1, wherein the acquiring, by the terminal, the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device comprises:
    所述终端向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求;Sending, by the terminal, identification information of the smart cryptographic device and a user information read request to the background system server;
    所述后台系统服务器接收到所述智能密码设备的标识信息以及所述用户信息读取请求后,根据所述智能密码设备的标识信息获取与所述智能密码设备对应的用户信息;After receiving the identification information of the smart cryptographic device and the user information reading request, the background system server obtains user information corresponding to the smart cryptographic device according to the identification information of the smart cryptographic device;
    所述后台系统服务器根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息;The background system server obtains response information of the user information read request according to the user information, and sends response information of the user information read request to the terminal;
    所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的响应信息获得所述用户信息。 After receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request.
  3. 根据权利要求1所述的方法,其特征在于,所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息包括:The method according to claim 1, wherein the acquiring, by the terminal, the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device comprises:
    所述终端根据扫描到的所述智能密码设备的标识信息向所述智能密码设备发送用户信息读取请求;The terminal sends a user information read request to the smart cryptographic device according to the scanned identifier information of the smart cryptographic device;
    所述智能密码设备获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息;The smart cryptographic device obtains pre-stored user information, and obtains response information of the user information read request according to the user information, and sends response information of the user information read request to the terminal;
    所述终端接收到所述用户信息读取请求的响应信息后,根据所述用户信息读取请求的响应信息获得所述用户信息。After receiving the response information of the user information read request, the terminal obtains the user information according to the response information of the user information read request.
  4. 根据权利要求1至3任一项所述的方法,其特征在于,所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息的步骤之后,所述方法还包括:The method according to any one of claims 1 to 3, wherein after the terminal scans the smart cryptographic device within the signal coverage and obtains the scanned identification information of the smart cryptographic device, the The method also includes:
    所述终端获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;The terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;
    所述终端根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;The terminal compares the identifier information of the smart cryptographic device in the real-time identifier list with the identifier information of the smart cryptographic device in the current user list according to a preset time interval;
    如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则执行所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息的步骤;且如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息。If the identifier information of the smart cryptographic device in the real-time identities list is not in the current user list, the terminal is configured to acquire the user information corresponding to the smart cryptographic device according to the scanned identifier information of the smart cryptographic device. If the identification information of the smart cryptographic device in the current user list is not in the real-time identifier list, the user information of the smart cryptographic device that is not in the real-time identifier list in the current user list is deleted.
  5. 根据权利要求1至3任一项所述的方法,其特征在于,所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息的步骤之后,所述方法还包括:The method according to any one of claims 1 to 3, wherein after the terminal scans the smart cryptographic device within the signal coverage and obtains the scanned identification information of the smart cryptographic device, the The method also includes:
    所述终端获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;The terminal obtains identification information of all the smart cryptographic devices within the signal coverage of the terminal, and generates a real-time identification list;
    所述终端根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;The terminal compares the identifier information of the smart cryptographic device in the real-time identifier list with the identifier information of the smart cryptographic device in the current user list according to a preset time interval;
    如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则执行所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息的步骤,并在所述终端获得所述用户信息后,将所述用户信息存储至所述实时标识列表中;且如果所述实时标识列表中的智能密码设备的标识信息在所述当前用户列表中,则将所述在所述当前用户列表中的智能密码设备的用户信息存储至所述实时标识列表中; If the identifier information of the smart cryptographic device in the real-time identities list is not in the current user list, the terminal is configured to acquire the user information corresponding to the smart cryptographic device according to the scanned identifier information of the smart cryptographic device. Step, and after the terminal obtains the user information, storing the user information into the real-time identifier list; and if the identifier information of the smart cryptographic device in the real-time identifier list is in the current user list And storing the user information of the smart cryptographic device in the current user list into the real-time identifier list;
    将所述实时标识列表作为更新后的所述当前用户列表。The real-time identification list is taken as the updated current user list.
  6. 根据权利要求2所述的方法,其特征在于,所述终端向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求的步骤之后,所述方法还包括:The method according to claim 2, wherein after the step of the terminal transmitting the identification information of the smart cryptographic device and the user information reading request to the background system server, the method further includes:
    所述后台系统服务器判断所述智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中;Determining, by the background system server, whether the identification information of the smart cryptographic device is included in an abnormal list of smart cryptographic devices pre-stored in the background system server;
    所述后台系统服务器在判断出所述智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,以及利用所述后台系统服务器的私钥对锁定智能密码设备指令进行签名获得第五签名信息,并通过所述终端向所述智能密码设备发送所述锁定智能密码设备指令以及所述第五签名信息;After determining, by the background system server, that the identifier information of the smart cryptographic device is in the abnormal list of the smart cryptographic device, acquiring a command for locking the smart cryptographic device, and using the private key pair of the background system server to lock the smart cryptographic device command Performing a signature to obtain a fifth signature information, and transmitting, by the terminal, the locked smart cryptographic device instruction and the fifth signature information to the smart cryptographic device;
    所述智能密码设备接收到所述锁定智能密码设备指令以及所述第五签名信息后,利用预存的所述后台系统服务器证书中的公钥对所述第五签名信息进行验证;After receiving the locked smart cryptographic device command and the fifth signature information, the smart cryptographic device uses the pre-stored public key in the background system server certificate to verify the fifth signature information;
    所述智能密码设备在验证所述第五签名信息通过后,根据所述锁定智能密码设备指令执行锁定操作。After verifying that the fifth signature information is passed, the smart cryptographic device performs a locking operation according to the locked smart cryptographic device instruction.
  7. 根据权利要求1至6任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 6, wherein the method further comprises:
    所述后台系统服务器接收终端注册申请,并对所述终端注册申请进行审核;Receiving, by the background system server, a terminal registration application, and reviewing the terminal registration application;
    所述后台系统服务器在审核所述终端注册申请通过后,向所述终端发送终端密钥对生成指令;After the background system server approves the terminal registration application, the background system server sends a terminal key pair generation instruction to the terminal;
    所述终端接收到所述终端密钥对生成指令后,生成终端密钥对;After receiving the terminal key pair generation instruction, the terminal generates a terminal key pair;
    所述终端向所述后台系统服务器发送所述终端密钥对中的公钥;Transmitting, by the terminal, the public key in the terminal key pair to the background system server;
    所述后台系统服务器接收到所述终端密钥对中的公钥后,生成所述终端证书,并向所述终端发送所述终端证书;After receiving the public key in the terminal key pair, the background system server generates the terminal certificate, and sends the terminal certificate to the terminal;
    所述终端存储所述终端证书;The terminal stores the terminal certificate;
    以及as well as
    所述后台系统服务器接收智能密码设备注册申请,并对所述智能密码设备注册申请进行审核;Receiving, by the background system server, a smart password device registration application, and reviewing the smart password device registration application;
    所述后台系统服务器在审核所述智能密码设备注册申请通过后,向所述智能密码设备发送智能密码设备密钥对生成指令;After the background system server verifies that the smart password device registration application is approved, the background system server sends a smart password device key pair generation instruction to the smart password device;
    所述智能密码设备接收到所述智能密码设备密钥对生成指令后,生成智能密码设备密钥对;After receiving the smart cryptographic device key pair generation instruction, the smart cryptographic device generates a smart cryptographic device key pair;
    所述智能密码设备向所述后台系统服务器发送所述智能密码设备密钥对中的公钥;Sending, by the smart cryptographic device, the public key in the smart cryptographic device key pair to the background system server;
    所述后台系统服务器接收到所述智能密码设备密钥对中的公钥后,生成所述智能密码 设备证书,并向所述智能密码设备发送所述智能密码设备证书;After the background system server receives the public key in the smart cryptographic device key pair, the smart password is generated. a device certificate, and sending the smart password device certificate to the smart password device;
    所述智能密码设备存储所述智能密码设备证书。The smart cryptographic device stores the smart cryptographic device certificate.
  8. 根据权利要求7所述的方法,其特征在于,所述方法还包括:The method of claim 7, wherein the method further comprises:
    所述终端获取终端销户申请,利用所述终端的私钥对所述销户申请进行签名获得第六签名信息,并向所述后台系统服务器发送所述终端销户申请以及所述第六签名信息;所述后台系统服务器接收到所述终端销户申请以及所述第六签名信息后,利用预存的所述终端证书中的公钥对所述第六签名信息进行验证;所述后台系统服务器在验证所述第六签名信息通过后,删除预存的所述终端证书,并生成终端销户完成信息,向所述终端发送所述终端销户完成信息;所述终端接收到所述终端销户完成信息后,删除所述终端的私钥;和/或The terminal acquires a terminal account cancellation application, uses the private key of the terminal to sign the account cancellation application to obtain a sixth signature information, and sends the terminal account cancellation application and the sixth signature to the background system server. The background system server, after receiving the terminal account cancellation application and the sixth signature information, verifying the sixth signature information by using a public key in the pre-stored terminal certificate; the background system server After verifying that the sixth signature information is passed, deleting the pre-stored terminal certificate, and generating terminal account completion information, sending the terminal account completion information to the terminal; the terminal receiving the terminal account cancellation After completing the information, delete the private key of the terminal; and/or
    所述智能密码设备获取智能密码设备销户申请,利用所述智能密码设备的私钥对所述销户申请进行签名获得第七签名信息,并向所述后台系统服务器发送所述智能密码设备销户申请以及所述第七签名信息;所述后台系统服务器接收到所述智能密码设备销户申请以及所述第七签名信息后,利用预存的所述智能密码设备证书中的公钥对所述第七签名信息进行验证;所述后台系统服务器在验证所述第七签名信息通过后,删除预存的所述智能密码设备证书,并生成智能密码设备销户完成信息,向所述智能密码设备发送所述智能密码设备销户完成信息;所述智能密码设备接收到所述智能密码设备销户完成信息后,删除所述智能密码设备的私钥。The smart cryptographic device obtains a smart PIN device account cancellation application, uses the private key of the smart cryptographic device to sign the account cancellation application to obtain a seventh signature information, and sends the smart cryptographic device pin to the background system server. a user application and the seventh signature information; after receiving the smart cryptographic device account cancellation application and the seventh signature information, the background system server uses the pre-stored public key in the smart cryptographic device certificate to The seventh signature information is verified; after the verification, the background system server deletes the pre-stored smart password device certificate, and generates a smart password device account completion information, and sends the smart password device to the smart password device. The smart cryptographic device cancels the information; the smart cryptographic device deletes the private key of the smart cryptographic device after receiving the information about the completion of the smart cryptographic device.
  9. 根据权利要求2所述的方法,其特征在于,所述后台系统服务器接收到所述智能密码设备的标识信息以及所述用户信息读取请求的步骤之后,所述后台系统服务器向所述终端发送所述用户信息读取请求的响应信息的步骤之前,所述方法还包括:The method according to claim 2, wherein after the background system server receives the identification information of the smart cryptographic device and the user information read request, the background system server sends the terminal system server to the terminal Before the step of the user information reading the response information of the request, the method further includes:
    所述后台系统服务器通过所述终端向所述智能密码设备发送用户授权请求信息;The background system server sends user authorization request information to the smart cryptographic device through the terminal;
    所述智能密码设备接收到所述用户授权请求信息后,生成授权信息,并通过所述终端向所述后台系统服务器发送所述授权信息;After receiving the user authorization request information, the smart cryptographic device generates authorization information, and sends the authorization information to the background system server by using the terminal;
    所述后台系统服务器接收到所述授权信息后,执行所述后台系统服务器向所述终端发送所述用户信息读取请求的响应信息的步骤。After receiving the authorization information, the background system server performs the step of the background system server sending the response information of the user information read request to the terminal.
  10. 根据权利要求9所述的方法,其特征在于,所述智能密码设备接收到所述用户授权请求信息后,生成授权信息的步骤包括:The method according to claim 9, wherein the step of generating the authorization information after the smart cryptographic device receives the user authorization request information comprises:
    所述智能密码设备在接收到所述用户授权请求信息后,由休眠状态转换为唤醒状态;After receiving the user authorization request information, the smart cryptographic device transitions from a sleep state to an awake state;
    所述智能密码设备在唤醒状态下生成授权信息。The smart cryptographic device generates authorization information in an awake state.
  11. 根据权利要求1至10任一项所述的方法,其特征在于,所述智能密码设备接收到所述交易请求信息后,根据所述交易请求信息获得所述交易信息的步骤包括: The method according to any one of claims 1 to 10, wherein the step of obtaining the transaction information according to the transaction request information after the smart cryptographic device receives the transaction request information comprises:
    所述智能密码设备接收到所述交易请求信息后,由休眠状态转换为唤醒状态;After receiving the transaction request information, the smart cryptographic device converts from a sleep state to an awake state;
    所述智能密码设备在唤醒状态下根据所述交易请求信息获得所述交易信息。The smart cryptographic device obtains the transaction information according to the transaction request information in an awake state.
  12. 根据权利要求1至11任一项所述的方法,其特征在于,所述智能密码设备生成交易确认信息的步骤包括:The method according to any one of claims 1 to 11, wherein the step of generating the transaction confirmation information by the smart cryptographic device comprises:
    所述智能密码设备利用所述智能密码设备的私钥对所述交易信息进行签名,生成交易签名信息作为交易确认信息;或者The smart cryptographic device signs the transaction information by using a private key of the smart cryptographic device, and generates transaction signature information as transaction confirmation information; or
    所述智能密码设备生成动态口令作为交易确认信息。The smart cryptographic device generates a dynamic password as transaction confirmation information.
  13. 根据权利要求1至11任一项所述的方法,其特征在于,所述智能密码设备生成交易确认信息的步骤包括:The method according to any one of claims 1 to 11, wherein the step of generating the transaction confirmation information by the smart cryptographic device comprises:
    所述智能密码设备生成单次交易标识,并利用所述智能密码设备的私钥对所述交易信息以及所述单次交易标识进行签名,生成交易签名信息作为交易确认信息;或者The smart cryptographic device generates a single transaction identifier, and signs the transaction information and the single transaction identifier by using a private key of the smart cryptographic device to generate transaction signature information as transaction confirmation information; or
    所述智能密码设备生成单次交易标识,利用所述智能密码设备的私钥对所述单次交易标识进行签名获得单次交易标识的签名信息,并生成动态口令,将单次交易标识的签名信息以及所述动态口令作为交易确认信息。The smart cryptographic device generates a single transaction identifier, and uses the private key of the smart cryptographic device to sign the single transaction identifier to obtain signature information of a single transaction identifier, and generate a dynamic password, and sign the single transaction identifier The information and the dynamic password are used as transaction confirmation information.
  14. 根据权利要求12或13所述的方法,其特征在于,所述终端接收所述交易确认信息的步骤包括:The method according to claim 12 or 13, wherein the step of the terminal receiving the transaction confirmation information comprises:
    所述终端接收所述智能密码设备发送的声波信号并对所述声波信号进行解码获得交易确认信息;或者Receiving, by the terminal, an acoustic wave signal sent by the smart cryptographic device and decoding the acoustic wave signal to obtain transaction confirmation information; or
    所述终端采集所述智能密码设备显示的图像信息并对所述图像信息进行解码获得所述交易确认信息;或者The terminal collects image information displayed by the smart cryptographic device and decodes the image information to obtain the transaction confirmation information; or
    所述终端通过所述终端与所述智能密码设备匹配的通信接口接收所述交易确认信息;或者Receiving, by the terminal, the transaction confirmation information by using a communication interface that is matched by the terminal and the smart cryptographic device; or
    所述终端通过所述终端输入的信息获得所述交易确认信息。The terminal obtains the transaction confirmation information by using information input by the terminal.
  15. 根据权利要求1至14任一项所述的方法,其特征在于,所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易的步骤之后,所述方法还包括:The method according to any one of claims 1 to 14, wherein after the step of the background system server verifying the transaction confirmation information and executing the transaction after the verification is passed, the method further comprises:
    所述后台系统服务器向所述终端发送交易成功回执信息;或者Sending, by the background system server, transaction success receipt information to the terminal; or
    所述后台系统服务器通过所述终端向所述智能密码设备发送交易成功回执信息;所述智能密码设备接收到所述交易成功回执信息后,提示所述交易成功回执信息。The background system server sends transaction success receipt information to the smart cryptographic device through the terminal; after receiving the transaction success receipt information, the smart cryptographic device prompts the transaction success receipt information.
  16. 根据权利要求1至15任一项所述的方法,其特征在于,所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易的步骤之后,所述方法还包括:The method according to any one of claims 1 to 15, wherein after the step of the background system server verifying the transaction confirmation information and performing the transaction after the verification is passed, the method further comprises:
    所述终端向所述智能密码设备发送退款信息; The terminal sends refund information to the smart cryptographic device;
    所述智能密码设备接收到所述退款信息后,提示所述退款信息;After receiving the refund information, the smart cryptographic device prompts the refund information;
    所述智能密码设备接收退款确认指令,并利用所述智能密码设备的私钥对所述退款信息进行签名,生成退款确认信息;Receiving, by the smart cryptographic device, a refund confirmation instruction, and signing the refund information by using a private key of the smart cryptographic device to generate refund confirmation information;
    所述终端接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;Receiving, by the terminal, the refund confirmation information, verifying the refund confirmation information, and after the verification is passed, signing the refund confirmation information by using a private key of the terminal to generate a refund confirmation package;
    所述终端向所述后台系统服务器发送所述退款确认包和所述退款确认信息;Sending, by the terminal, the refund confirmation package and the refund confirmation information to the background system server;
    所述后台系统服务器接收到所述退款确认包和所述退款确认信息后,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。After receiving the refund confirmation package and the refund confirmation information, the background system server separately verifies the refund confirmation package and the refund confirmation information, and performs a refund after all verifications are passed. operating.
  17. 根据权利要求1至15任一项所述的方法,其特征在于,所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易的步骤之后,所述方法还包括:The method according to any one of claims 1 to 15, wherein after the step of the background system server verifying the transaction confirmation information and performing the transaction after the verification is passed, the method further comprises:
    所述智能密码设备向所述终端发送退款请求;The smart cryptographic device sends a refund request to the terminal;
    所述终端生成退款信息,并向所述智能密码设备发送所述退款信息;The terminal generates refund information, and sends the refund information to the smart cryptographic device;
    所述智能密码设备接收到所述退款信息后,提示所述退款信息;After receiving the refund information, the smart cryptographic device prompts the refund information;
    所述智能密码设备接收退款确认指令,并利用所述智能密码设备的私钥对所述退款信息进行签名,生成退款确认信息;Receiving, by the smart cryptographic device, a refund confirmation instruction, and signing the refund information by using a private key of the smart cryptographic device to generate refund confirmation information;
    所述终端接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;Receiving, by the terminal, the refund confirmation information, verifying the refund confirmation information, and after the verification is passed, signing the refund confirmation information by using a private key of the terminal to generate a refund confirmation package;
    所述终端向所述后台系统服务器发送所述退款确认包和所述退款确认信息;Sending, by the terminal, the refund confirmation package and the refund confirmation information to the background system server;
    所述后台系统服务器接收到所述退款确认包和所述退款确认信息后,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。After receiving the refund confirmation package and the refund confirmation information, the background system server separately verifies the refund confirmation package and the refund confirmation information, and performs a refund after all verifications are passed. operating.
  18. 根据权利要求1至15任一项所述的方法,其特征在于,所述后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易的步骤之后,所述方法还包括:The method according to any one of claims 1 to 15, wherein after the step of the background system server verifying the transaction confirmation information and performing the transaction after the verification is passed, the method further comprises:
    所述智能密码设备向所述终端发送退款请求;The smart cryptographic device sends a refund request to the terminal;
    所述终端生成退款请求标识,并向所述智能密码设备发送所述退款请求标识;The terminal generates a refund request identifier, and sends the refund request identifier to the smart password device;
    所述智能密码设备接收到所述退款请求标识后,生成退款信息,并利用所述智能密码设备的私钥对所述退款信息进行签名,得到退款确认信息,并向所述终端发送所述退款确认信息;After receiving the refund request identifier, the smart password device generates refund information, and signs the refund information by using the private key of the smart password device to obtain refund confirmation information, and sends the refund confirmation information to the terminal. Sending the refund confirmation information;
    所述终端接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;Receiving, by the terminal, the refund confirmation information, verifying the refund confirmation information, and after the verification is passed, signing the refund confirmation information by using a private key of the terminal to generate a refund confirmation package;
    所述终端向所述后台系统服务器发送所述退款确认包和所述退款确认信息;Sending, by the terminal, the refund confirmation package and the refund confirmation information to the background system server;
    所述后台系统服务器接收到所述退款确认包和所述退款确认信息后,分别对所述退款 确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。After the background system server receives the refund confirmation package and the refund confirmation information, respectively, the refund The confirmation package and the refund confirmation information are verified, and after all verification is passed, the refund operation is performed.
  19. 根据权利要求16或17所述的方法,其特征在于,所述退款信息中还包含电子对账单。The method of claim 16 or 17, wherein the refund information further comprises an electronic statement.
  20. 根据权利要求15所述的方法,其特征在于,所述交易成功回执信息还包含电子对账单。The method of claim 15 wherein said transaction success receipt information further comprises an electronic statement.
  21. 根据权利要求1至18任一项所述的方法,其特征在于,所述交易信息中还包含电子对账单。The method according to any one of claims 1 to 18, characterized in that the transaction information further comprises an electronic statement.
  22. 根据权利要求1至21任一项所述的方法,其特征在于,所述终端在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息之前,所述方法还包括:The method according to any one of claims 1 to 21, wherein the method further scans the smart cryptographic device within the signal coverage area and obtains the scanned identification information of the smart cryptographic device. include:
    所述智能密码设备进入可被扫描状态。The smart cryptographic device enters a state that can be scanned.
  23. 根据权利要求1至22任一项所述的方法,其特征在于,在所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息之前,所述方法还包括:The method according to any one of claims 1 to 22, wherein before the terminal acquires user information corresponding to the smart cryptographic device according to the scanned identification information of the smart cryptographic device, the method further include:
    所述终端与所述后台系统服务器进行相互认证。The terminal performs mutual authentication with the background system server.
  24. 根据权利要求23所述的方法,其特征在于,所述终端与后台系统服务器进行相互认证包括:The method according to claim 23, wherein the mutually authenticating the terminal with the background system server comprises:
    所述终端生成第一待签名信息;The terminal generates first to-be-signed information;
    所述终端向后台系统服务器发送所述第一待签名信息以及第一认证请求信息;Transmitting, by the terminal, the first to-be-signed information and the first authentication request information to a background system server;
    所述后台系统服务器接收到所述第一待签名信息以及所述第一认证请求信息后,生成第二待签名信息;After receiving the first to-be-signed information and the first authentication request information, the background system server generates second to-be-signed information;
    所述后台系统服务器向所述终端发送所述第二待签名信息以及后台系统服务器证书;Sending, by the background system server, the second to-be-signed information and the background system server certificate to the terminal;
    所述终端接收到所述第二待签名信息以及所述后台系统服务器证书后,利用预存的后台系统服务器证书对应的根证书验证所述后台系统服务器证书是否合法;After receiving the second to-be-signed information and the background system server certificate, the terminal uses the root certificate corresponding to the pre-stored background system server certificate to verify whether the background system server certificate is legal;
    所述终端在验证所述后台系统服务器证书合法后,利用所述终端的私钥对所述第一待签名信息和所述第二待签名信息进行签名生成第一签名信息;After verifying that the background system server certificate is legal, the terminal signs the first to-be-signed information and the second to-be-signed information by using the private key of the terminal to generate first signature information;
    所述终端向所述后台系统服务器发送所述第一签名信息以及终端证书;Transmitting, by the terminal, the first signature information and the terminal certificate to the background system server;
    所述后台系统服务器利用预存的终端证书对应的根证书验证所述终端证书是否合法;The background system server verifies whether the terminal certificate is legal by using a root certificate corresponding to the pre-stored terminal certificate;
    所述后台系统服务器在验证所述终端证书合法后,利用所述终端证书中的公钥验证所述第一签名信息;After verifying that the terminal certificate is legal, the background system server verifies the first signature information by using a public key in the terminal certificate;
    所述后台系统服务器在验证所述第一签名信息通过后,生成后台认证完成消息,并向 所述终端发送所述后台认证完成消息;After verifying that the first signature information is passed, the background system server generates a background authentication completion message, and Sending, by the terminal, the background authentication completion message;
    所述终端接收到所述后台认证完成消息后,验证所述后台认证完成消息;After receiving the background authentication completion message, the terminal verifies the background authentication completion message;
    所述终端在验证所述后台认证完成消息通过后,生成终端认证第一完成消息,向所述后台系统服务器发送所述终端认证第一完成消息;After verifying that the background authentication completion message is passed, the terminal generates a terminal authentication first completion message, and sends the terminal authentication first completion message to the background system server;
    所述后台系统服务器接收到所述终端认证第一完成消息后,验证所述终端认证第一完成消息;After receiving the terminal completion first completion message, the background system server verifies the terminal to authenticate the first completion message;
    所述后台系统服务器在验证所述终端认证第一完成消息通过后,所述终端与所述后台系统服务器完成相互认证。After the background system server verifies that the terminal authentication first completion message is passed, the terminal and the background system server complete mutual authentication.
  25. 根据权利要求24所述的方法,其特征在于,所述第一认证请求信息包括所述终端的标识信息;The method according to claim 24, wherein the first authentication request information comprises identification information of the terminal;
    所述后台系统服务器接收到所述第一待签名信息以及所述第一认证请求信息后,判断所述终端的标识信息是否包含在所述后台系统服务器中预存的终端异常名单中;After receiving the first to-be-signed information and the first authentication request information, the background system server determines whether the identification information of the terminal is included in a terminal abnormal list pre-stored in the background system server;
    所述后台系统服务器在判断出所述终端的标识信息在所述终端异常名单中后,获取锁定终端指令,以及利用所述后台系统服务器的私钥对锁定终端指令进行签名获得第四签名信息,并向所述终端发送所述锁定终端指令以及所述第四签名信息;After the background system server determines that the identification information of the terminal is in the abnormal list of the terminal, acquires a lock terminal instruction, and uses the private key of the background system server to sign the locked terminal instruction to obtain the fourth signature information. And sending the locked terminal instruction and the fourth signature information to the terminal;
    所述终端接收到所述锁定终端指令以及所述第四签名信息后,利用预存的所述后台系统服务器证书中的公钥对所述第四签名信息进行验证;After receiving the locked terminal instruction and the fourth signature information, the terminal verifies the fourth signature information by using a public key in the pre-stored background system server certificate;
    所述终端在验证所述第四签名信息通过后,根据所述锁定终端指令执行锁定操作。After verifying that the fourth signature information is passed, the terminal performs a locking operation according to the locked terminal instruction.
  26. 根据权利要求1至25任一项所述的方法,其特征在于,在所述终端根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息之前,所述方法还包括:The method according to any one of claims 1 to 25, wherein before the terminal acquires user information corresponding to the smart cryptographic device according to the scanned identification information of the smart cryptographic device, the method further include:
    所述终端与所述智能密码设备进行相互认证。The terminal performs mutual authentication with the smart cryptographic device.
  27. 根据权利要求26的方法,其特征在于,所述终端与所述智能密码设备进行相互认证包括:The method of claim 26, wherein the mutually authenticating the terminal with the smart cryptographic device comprises:
    所述终端生成第三待签名信息;The terminal generates third to-be-signed information;
    所述终端向所述智能密码设备发送所述第三待签名信息以及第二认证请求信息;Transmitting, by the terminal, the third to-be-signed information and the second authentication request information to the smart cryptographic device;
    所述智能密码设备接收到所述第三待签名信息以及所述第二认证请求信息后,生成第四待签名信息;After receiving the third to-be-signed information and the second authentication request information, the smart cryptographic device generates fourth to-be-signed information;
    所述智能密码设备利用所述智能密码设备的私钥对所述第三待签名信息进行签名获得第二签名信息,并向所述终端发送所述第四待签名信息、所述第二签名信息以及智能密码设备证书; The smart cryptographic device uses the private key of the smart cryptographic device to sign the third to-be-signed information to obtain second signature information, and sends the fourth to-be-signed information and the second signature information to the terminal. And a smart password device certificate;
    所述终端接收到所述第四待签名信息、所述第二签名信息以及所述智能密码设备证书后,利用预存的智能密码设备证书对应的根证书验证所述智能密码设备证书是否合法;After receiving the fourth to-be-signed information, the second signature information, and the smart cryptographic device certificate, the terminal verifies whether the smart cryptographic device certificate is legal by using a root certificate corresponding to the pre-stored smart cryptographic device certificate;
    所述终端在验证所述智能密码设备证书合法后,利用所述智能密码设备证书中的公钥对所述第二签名信息进行验证;After verifying that the smart cryptographic device certificate is legal, the terminal verifies the second signature information by using a public key in the smart cryptographic device certificate;
    所述终端在验证所述第二签名信息通过后,利用所述终端的私钥对所述第三待签名信息和所述第四待签名信息进行签名获得第三签名信息;After verifying that the second signature information is passed, the terminal signs the third to-be-signed information and the fourth to-be-signed information by using the private key of the terminal to obtain third signature information;
    所述终端向所述智能密码设备发送所述第三签名信息以及所述终端证书;Transmitting, by the terminal, the third signature information and the terminal certificate to the smart cryptographic device;
    所述智能密码设备接收到所述第三签名信息以及所述终端证书后,利用预存的所述终端证书对应的根证书验证所述终端证书是否合法;After receiving the third signature information and the terminal certificate, the smart cryptographic device uses the root certificate corresponding to the pre-stored terminal certificate to verify whether the terminal certificate is legal;
    所述智能密码设备在验证所述终端证书合法后,利用所述终端证书中的公钥对所述第三签名信息进行验证;After verifying that the terminal certificate is legal, the smart cryptographic device uses the public key in the terminal certificate to verify the third signature information;
    所述智能密码设备在验证所述第三签名信息通过后,生成智能密码设备认证完成消息;After verifying that the third signature information is passed, the smart cryptographic device generates a smart cryptographic device authentication completion message;
    所述智能密码设备向所述终端发送所述智能密码设备认证完成消息;Sending, by the smart cryptographic device, the smart cryptographic device authentication completion message to the terminal;
    所述终端接收到所述智能密码设备认证完成消息后,验证所述智能密码设备认证完成消息;After receiving the smart cryptographic device authentication completion message, the terminal verifies the smart cryptographic device authentication completion message;
    所述终端在验证所述智能密码设备认证完成消息通过后,生成终端认证第二完成消息,向所述智能密码设备发送所述终端认证第二完成消息;After verifying that the smart cryptographic device authentication completion message is passed, the terminal generates a terminal authentication second completion message, and sends the terminal authentication second completion message to the smart cryptographic device;
    所述智能密码设备接收到所述终端认证第二完成消息后,验证所述终端认证第二完成消息;After receiving the terminal completion second completion message, the smart cryptographic device verifies that the terminal authenticates the second completion message;
    所述智能密码设备验证所述终端认证第二完成消息后,所述终端与所述智能密码设备完成相互认证。After the smart cryptographic device verifies the second authentication message of the terminal authentication, the terminal and the smart cryptographic device complete mutual authentication.
  28. 根据权利要求27所述的方法,其特征在于,所述智能密码设备接收到所述第三待签名信息以及所述第二认证请求信息后,生成第四待签名信息的步骤包括:The method according to claim 27, wherein the step of generating the fourth to-be-signed information after the smart cryptographic device receives the third to-be-signed information and the second authentication request information comprises:
    所述智能密码设备在接收到所述第二认证请求信息后,由休眠状态转换为唤醒状态;After receiving the second authentication request information, the smart cryptographic device converts from a sleep state to an awake state;
    所述智能密码设备在唤醒状态下生成第四待签名信息。The smart cryptographic device generates fourth to-be-signed information in an awake state.
  29. 根据权利要求1至28任一项所述的方法,其特征在于,A method according to any one of claims 1 to 28, characterized in that
    所述后台系统服务器与所述终端之间传输的信息均通过第一会话密钥加密计算和/或校验计算后传输,其中,所述第一会话密钥预存在所述后台系统服务器和所述终端中或者所述第一会话密钥通过所述后台系统服务器和所述终端协商生成;和/或The information transmitted between the background system server and the terminal is transmitted through the first session key encryption calculation and/or the verification calculation, wherein the first session key is pre-existing in the background system server and the Said in the terminal or the first session key is negotiated by the background system server and the terminal; and/or
    所述终端与所述智能密码设备之间传输的信息均通过第二会话密钥加密计算和/或校验计算后传输,其中,所述第二会话密钥预存在所述终端和所述智能密码设备中或者所述 第二会话密钥通过所述终端和所述智能密码设备协商生成。The information transmitted between the terminal and the smart cryptographic device is transmitted through a second session key encryption calculation and/or a check calculation, wherein the second session key pre-stores the terminal and the smart In the cryptographic device or in the The second session key is generated by negotiation between the terminal and the smart cryptographic device.
  30. 一种数据安全交互系统,其特征在于,包括:A data security interaction system, comprising:
    终端,配置为在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息;根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息;将所述用户信息存储到预先建立的当前用户列表中;根据待交易的智能密码设备对应的用户信息生成交易信息,并根据所述交易信息获得交易请求信息;向所述智能密码设备发送所述交易请求信息;接收交易确认信息,其中,所述交易确认信息由所述智能密码设备生成;根据所述交易确认信息获得交易数据包,并向所述后台系统服务器发送所述交易数据包;The terminal is configured to scan the smart cryptographic device in the signal coverage area, and obtain the scanned information of the smart cryptographic device; and obtain the user information corresponding to the smart cryptographic device according to the scanned information of the smart cryptographic device Storing the user information into a pre-established current user list; generating transaction information according to user information corresponding to the smart cryptographic device to be traded, and obtaining transaction request information according to the transaction information; and transmitting the information to the smart cryptographic device Transmitting transaction request information; receiving transaction confirmation information, wherein the transaction confirmation information is generated by the smart cryptographic device; obtaining a transaction data packet according to the transaction confirmation information, and transmitting the transaction data packet to the background system server;
    所述智能密码设备,配置为接收所述终端发送的所述交易请求信息,根据所述交易请求信息获得所述交易信息;提示所述交易信息;接收确认指令,并生成交易确认信息;The smart cryptographic device is configured to receive the transaction request information sent by the terminal, obtain the transaction information according to the transaction request information, prompt the transaction information, receive a confirmation instruction, and generate transaction confirmation information;
    所述后台系统服务器,配置为接收所述终端发送的所述交易数据包,根据所述交易数据包获得所述交易确认信息;对所述交易确认信息进行验证,并在验证通过后执行交易。The background system server is configured to receive the transaction data packet sent by the terminal, obtain the transaction confirmation information according to the transaction data package, verify the transaction confirmation information, and execute the transaction after the verification is passed.
  31. 根据权利要求30所述的系统,其特征在于,The system of claim 30 wherein:
    所述终端,还配置为向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求;接收所述后台系统服务器发送的用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息;The terminal is further configured to send the identifier information of the smart cryptographic device and the user information read request to the background system server, and receive response information of the user information read request sent by the background system server, according to the user The response information of the information read request obtains the user information;
    所述后台系统服务器,还配置为接收所述终端发送的所述智能密码设备的标识信息以及所述用户信息读取请求,根据所述智能密码设备的标识信息获取与所述智能密码设备对应的用户信息;根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息。The background system server is further configured to receive the identification information of the smart cryptographic device and the user information read request sent by the terminal, and obtain, according to the identification information of the smart cryptographic device, a corresponding to the smart cryptographic device. User information; obtaining response information of the user information read request according to the user information, and transmitting response information of the user information read request to the terminal.
  32. 根据权利要求30所述的系统,其特征在于,The system of claim 30 wherein:
    所述终端,还配置为根据扫描到的所述智能密码设备的标识信息向所述智能密码设备发送用户信息读取请求;接收所述智能密码设备发送的用户信息读取请求的响应信息,根据所述用户信息读取请求的响应信息获得所述用户信息;The terminal is further configured to send a user information read request to the smart cryptographic device according to the scanned identification information of the smart cryptographic device; and receive response information of the user information read request sent by the smart cryptographic device, according to the The response information of the user information read request obtains the user information;
    所述智能密码设备,还配置为获得预先存储的用户信息,并根据所述用户信息获得所述用户信息读取请求的响应信息,并向所述终端发送所述用户信息读取请求的响应信息。The smart cryptographic device is further configured to obtain pre-stored user information, obtain response information of the user information read request according to the user information, and send the response information of the user information read request to the terminal. .
  33. 根据权利要求30至32任一项所述的系统,其特征在于,A system according to any one of claims 30 to 32, wherein
    所述终端,还配置为在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息之后,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;根据预设的时间间隔将所述实时标识列表中的智能密码设备的 标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息;且如果所述当前用户列表中的智能密码设备的标识信息不在所述实时标识列表中,则删除所述当前用户列表中不在所述实时标识列表中的智能密码设备的用户信息。The terminal is further configured to scan the smart cryptographic device within the signal coverage range, and obtain the scanned identification information of the smart cryptographic device, and obtain identification information of all the smart cryptographic devices within the signal coverage range of the terminal. Generating a real-time identification list; and the smart cryptographic device in the real-time identification list is preset according to a preset time interval The identification information is compared with the identification information of the smart cryptographic device in the current user list; if the identification information of the smart cryptographic device in the real-time identification list is not in the current user list, according to the scanned smart The identification information of the cryptographic device acquires the user information corresponding to the smart cryptographic device; and if the identification information of the smart cryptographic device in the current user list is not in the real-time identification list, deleting the current user list is not included in the current user list. User information of the smart cryptographic device in the real-time identification list.
  34. 根据权利要求30至32任一项所述的系统,其特征在于,A system according to any one of claims 30 to 32, wherein
    所述终端,还配置为在信号覆盖范围内扫描智能密码设备,并获得扫描到的所述智能密码设备的标识信息之后,获得在所述终端的信号覆盖范围内的全部智能密码设备的标识信息,生成实时标识列表;根据预设的时间间隔将所述实时标识列表中的智能密码设备的标识信息与所述当前用户列表中的智能密码设备的标识信息进行比对;如果所述实时标识列表中的智能密码设备的标识信息不在所述当前用户列表中,则根据扫描到的所述智能密码设备的标识信息获取所述智能密码设备对应的用户信息,并在所述终端获得所述用户信息后,将所述用户信息存储至所述实时标识列表中;且如果所述实时标识列表中的智能密码设备的标识信息在所述当前用户列表中,则将所述在所述当前用户列表中的智能密码设备的用户信息存储至所述实时标识列表中;将所述实时标识列表作为更新后的所述当前用户列表。The terminal is further configured to scan the smart cryptographic device within the signal coverage range, and obtain the scanned identification information of the smart cryptographic device, and obtain identification information of all the smart cryptographic devices within the signal coverage range of the terminal. And generating a real-time identifier list; comparing the identifier information of the smart password device in the real-time identifier list with the identifier information of the smart password device in the current user list according to a preset time interval; if the real-time identifier list Acquiring the identification information of the smart cryptographic device in the current user list, obtaining the user information corresponding to the smart cryptographic device according to the scanned identification information of the smart cryptographic device, and obtaining the user information at the terminal And storing the user information in the real-time identifier list; and if the identifier information of the smart cryptographic device in the real-time identifier list is in the current user list, then the User information of the smart cryptographic device is stored in the real-time identification list; Identifying said updated list as a list of current users.
  35. 根据权利要求31所述的系统,其特征在于,The system of claim 31, wherein
    所述后台系统服务器,还配置为终端向所述后台系统服务器发送所述智能密码设备的标识信息以及用户信息读取请求之后,判断所述智能密码设备的标识信息是否包含在所述后台系统服务器中预存的智能密码设备异常名单中;在判断出所述智能密码设备的标识信息在所述智能密码设备异常名单中后,获取锁定智能密码设备指令,以及利用所述后台系统服务器的私钥对锁定智能密码设备指令进行签名获得第五签名信息,并通过所述终端向所述智能密码设备发送所述锁定智能密码设备指令以及所述第五签名信息;The background system server is further configured to: after the terminal sends the identification information of the smart cryptographic device and the user information read request to the background system server, determine whether the identifier information of the smart cryptographic device is included in the background system server In the abnormal list of the pre-stored smart cryptographic device; after determining that the identification information of the smart cryptographic device is in the abnormal list of the smart cryptographic device, obtaining the instruction to lock the smart cryptographic device, and using the private key pair of the backend system server Locking the smart cryptographic device instruction to obtain a fifth signature information, and transmitting, by the terminal, the locked smart cryptographic device instruction and the fifth signature information to the smart cryptographic device;
    所述智能密码设备,还配置为接收所述锁定智能密码设备指令以及所述第五签名信息,利用预存的所述后台系统服务器证书中的公钥对所述第五签名信息进行验证;在验证所述第五签名信息通过后,根据所述锁定智能密码设备指令执行锁定操作。The smart cryptographic device is further configured to receive the locked smart cryptographic device command and the fifth signature information, and verify the fifth signature information by using a pre-stored public key in the background system server certificate; After the fifth signature information is passed, the locking operation is performed according to the locked smart cryptographic device instruction.
  36. 根据权利要求30至35任一项所述的系统,其特征在于,A system according to any one of claims 30 to 35, wherein
    所述后台系统服务器,还配置为接收终端注册申请,并对所述终端注册申请进行审核;在审核所述终端注册申请通过后,向所述终端发送终端密钥对生成指令;接收所述终端发送的终端密钥对中的公钥,生成所述终端证书,并向所述终端发送所述终端证书;The background system server is further configured to receive a terminal registration application, and review the terminal registration application; after reviewing the terminal registration application, send a terminal key pair generation instruction to the terminal; and receive the terminal Generating, by the public key in the sent terminal key pair, the terminal certificate, and sending the terminal certificate to the terminal;
    以及所述后台系统服务器,还配置为接收智能密码设备注册申请,并对所述智能密码 设备注册申请进行审核;在审核所述智能密码设备注册申请通过后,向所述智能密码设备发送智能密码设备密钥对生成指令;接收所述智能密码设备发送的所述智能密码设备密钥对中的公钥,生成所述智能密码设备证书,并向所述智能密码设备发送所述智能密码设备证书;And the background system server is further configured to receive a smart password device registration application and the smart password The device registration application is reviewed; after the verification of the smart password device registration application is passed, the smart password device key pair generation instruction is sent to the smart password device; and the smart password device key pair sent by the smart password device is received. Generating the smart cryptographic device certificate and transmitting the smart cryptographic device certificate to the smart cryptographic device;
    所述终端,还配置为接收所述后台系统服务器发送的所述终端密钥对生成指令,生成终端密钥对;向所述后台系统服务器发送所述终端密钥对中的公钥;存储所述终端证书;The terminal is further configured to receive the terminal key pair generation instruction sent by the background system server, generate a terminal key pair, and send the public key in the terminal key pair to the background system server; Terminal certificate;
    所述智能密码设备,还配置为接收所述后台系统服务器发送的所述智能密码设备密钥对生成指令,生成智能密码设备密钥对;向所述后台系统服务器发送所述智能密码设备密钥对中的公钥;存储所述智能密码设备证书。The smart cryptographic device is further configured to receive the smart cryptographic device key pair generation instruction sent by the background system server, generate a smart cryptographic device key pair, and send the smart cryptographic device key to the background system server. The public key of the pair; storing the smart cryptographic device certificate.
  37. 根据权利要求36所述的系统,其特征在于,The system of claim 36 wherein:
    所述终端,还配置为获取终端销户申请,利用所述终端的私钥对所述销户申请进行签名获得第六签名信息,并向所述后台系统服务器发送所述终端销户申请以及所述第六签名信息;接收所述后台系统服务器发送的终端销户完成信息,删除所述终端的私钥;The terminal is further configured to acquire a terminal account cancellation application, use the private key of the terminal to sign the account cancellation application to obtain a sixth signature information, and send the terminal account cancellation application and the office to the background system server. The sixth signature information is received; the terminal completion information sent by the background system server is received, and the private key of the terminal is deleted;
    所述后台系统服务器,还配置为接收所述终端发送的所述终端销户申请以及所述第六签名信息后,利用预存的所述终端证书中的公钥对所述第六签名信息进行验证;在验证所述第六签名信息通过后,删除预存的所述终端证书,并生成终端销户完成信息,向所述终端发送所述终端销户完成信息;The background system server is further configured to: after receiving the terminal account cancellation application and the sixth signature information sent by the terminal, verifying the sixth signature information by using a public key in the pre-stored terminal certificate After verifying that the sixth signature information is passed, deleting the pre-stored terminal certificate, and generating a terminal account completion information, and sending the terminal account completion information to the terminal;
    和/或and / or
    所述智能密码设备,还配置为获取智能密码设备销户申请,利用所述智能密码设备的私钥对所述销户申请进行签名获得第七签名信息,并向所述后台系统服务器发送所述智能密码设备销户申请以及所述第七签名信息;接收所述后台系统服务器发送的智能密码设备销户完成信息,删除所述智能密码设备的私钥;The smart cryptographic device is further configured to obtain a smart PIN device account cancellation application, use the private key of the smart cryptographic device to sign the account cancellation application to obtain a seventh signature information, and send the seventh signature information to the background system server. Receiving the smart password device account cancellation application and the seventh signature information; receiving the smart password device account completion information sent by the background system server, and deleting the private key of the smart password device;
    所述后台系统服务器,还配置为接收所述智能密码设备发送的所述智能密码设备销户申请以及所述第七签名信息,利用预存的所述智能密码设备证书中的公钥对所述第七签名信息进行验证;在验证所述第七签名信息通过后,删除预存的所述智能密码设备证书,并生成智能密码设备销户完成信息,向所述智能密码设备发送所述智能密码设备销户完成信息。The background system server is further configured to receive the smart cryptographic device account cancellation application and the seventh signature information sent by the smart cryptographic device, and use the public key in the pre-stored smart cryptographic device certificate to Seventh signature information is verified; after verifying that the seventh signature information is passed, the pre-stored smart password device certificate is deleted, and the smart password device account completion information is generated, and the smart password device pin is sent to the smart password device. The user completes the information.
  38. 根据权利要求31所述的系统,其特征在于,The system of claim 31, wherein
    所述后台系统服务器,还配置为通过所述终端向所述智能密码设备发送用户授权请求信息;接收所述智能密码设备通过所述终端发送的授权信息后,向所述终端发送所述用户信息读取请求的响应信息; The background system server is further configured to send user authorization request information to the smart cryptographic device through the terminal; and after receiving the authorization information sent by the smart cryptographic device by the terminal, send the user information to the terminal Read the response information of the request;
    所述智能密码设备,还配置为接收所述用户授权请求信息,生成授权信息,并通过所述终端向所述后台系统服务器发送所述授权信息。The smart cryptographic device is further configured to receive the user authorization request information, generate authorization information, and send the authorization information to the background system server by using the terminal.
  39. 根据权利要求38所述的系统,其特征在于,The system of claim 38, wherein
    所述智能密码设备,还配置为在接收到所述用户授权请求信息后,由休眠状态转换为唤醒状态;在唤醒状态下生成授权信息。The smart cryptographic device is further configured to: after receiving the user authorization request information, transition from a sleep state to an awake state; and generate authorization information in the awake state.
  40. 根据权利要求30至39任一项所述的系统,其特征在于,A system according to any one of claims 30 to 39, wherein
    所述智能密码设备,还配置为接收所述交易请求信息,由休眠状态转换为唤醒状态;在唤醒状态下根据所述交易请求信息获得所述交易信息。The smart cryptographic device is further configured to receive the transaction request information, and switch from a sleep state to an awake state; and obtain the transaction information according to the transaction request information in an awake state.
  41. 根据权利要求30至40任一项所述的系统,其特征在于,A system according to any one of claims 30 to 40, wherein
    所述智能密码设备,还配置为利用所述智能密码设备的私钥对所述交易信息进行签名,生成交易签名信息作为交易确认信息或者生成动态口令作为交易确认信息。The smart cryptographic device is further configured to sign the transaction information by using a private key of the smart cryptographic device, generate transaction signature information as transaction confirmation information or generate a dynamic password as transaction confirmation information.
  42. 根据权利要求30至40任一项所述的系统,其特征在于,A system according to any one of claims 30 to 40, wherein
    所述智能密码设备,还配置为生成单次交易标识,并利用所述智能密码设备的私钥对所述交易信息以及所述单次交易标识进行签名,生成交易签名信息作为交易确认信息;或者The smart cryptographic device is further configured to generate a single transaction identifier, and use the private key of the smart cryptographic device to sign the transaction information and the single transaction identifier to generate transaction signature information as transaction confirmation information; or
    所述智能密码设备,还配置为生成单次交易标识,利用所述智能密码设备的私钥对所述单次交易标识进行签名获得单次交易标识的签名信息,并生成动态口令,将单次交易标识的签名信息以及所述动态口令作为交易确认信息。The smart cryptographic device is further configured to generate a single transaction identifier, and use the private key of the smart cryptographic device to sign the single transaction identifier to obtain signature information of a single transaction identifier, and generate a dynamic password, which will be a single time The signature information of the transaction identifier and the dynamic password are used as transaction confirmation information.
  43. 根据权利要求41或42所述的系统,其特征在于,A system according to claim 41 or claim 42 wherein:
    所述终端,还配置为接收所述智能密码设备发送的声波信号并对所述声波信号进行解码获得交易确认信息;或者The terminal is further configured to receive an acoustic wave signal sent by the smart cryptographic device and decode the acoustic wave signal to obtain transaction confirmation information; or
    采集所述智能密码设备显示的图像信息并对所述图像信息进行解码获得所述交易确认信息;或者Acquiring image information displayed by the smart cryptographic device and decoding the image information to obtain the transaction confirmation information; or
    通过所述终端与所述智能密码设备匹配的通信接口接收所述交易确认信息;或者Receiving, by the communication interface that the terminal matches the smart cryptographic device, the transaction confirmation information; or
    通过所述终端输入的信息获得所述交易确认信息。The transaction confirmation information is obtained by the information input by the terminal.
  44. 根据权利要求30至43任一项所述的系统,其特征在于,A system according to any one of claims 30 to 43 wherein:
    所述后台系统服务器,还配置为在对所述交易确认信息进行验证,并在验证通过后执行交易之后,向所述终端发送交易成功回执信息;和/或通过所述终端向所述智能密码设备发送交易成功回执信息;The background system server is further configured to: after verifying the transaction confirmation information, and executing the transaction after the verification is passed, sending the transaction success receipt information to the terminal; and/or using the terminal to the smart password The device sends a transaction success receipt information;
    所述智能密码设备,还配置为接收所述交易成功回执信息,提示所述交易成功回执信息。 The smart cryptographic device is further configured to receive the transaction success receipt information, prompting the transaction to successfully return receipt information.
  45. 根据权利要求30至44任一项所述的系统,其特征在于,A system according to any one of claims 30 to 44, wherein
    所述终端,还配置为在后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易之后,向所述智能密码设备发送退款信息;接收退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;向所述后台系统服务器发送所述退款确认包和所述退款确认信息;The terminal is further configured to: in the background system server, verify the transaction confirmation information, and after executing the transaction after the verification is passed, send the refund information to the smart password device; receive the refund confirmation information, and the refund The confirmation information is verified, and after the verification is passed, the refund confirmation information is signed by using the private key of the terminal to generate a refund confirmation package; and the refund confirmation package is sent to the background system server Refund confirmation information;
    所述智能密码设备,还配置为接收所述终端发送的所述退款信息后,提示所述退款信息;接收退款确认指令,并利用所述智能密码设备的私钥对所述退款信息进行签名,生成退款确认信息;The smart cryptographic device is further configured to: after receiving the refund information sent by the terminal, prompting the refund information; receiving a refund confirmation instruction, and using the private key of the smart cryptographic device to refund the refund The information is signed and a refund confirmation message is generated;
    所述后台系统服务器,还配置为接收所述终端发送的所述退款确认包和所述退款确认信息后,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。The background system server is further configured to: after receiving the refund confirmation package and the refund confirmation information sent by the terminal, verify the refund confirmation package and the refund confirmation information respectively, and After all verification is passed, a refund operation is performed.
  46. 根据权利要求30至44任一项所述的系统,其特征在于,A system according to any one of claims 30 to 44, wherein
    所述智能密码设备,还配置为在后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易之后,向所述终端发送退款请求;接收所述终端发送的所述退款信息后,提示所述退款信息;接收退款确认指令,并利用所述智能密码设备的私钥对所述退款信息进行签名,生成退款确认信息;The smart cryptographic device is further configured to verify the transaction confirmation information in the background system server, and send a refund request to the terminal after the transaction is executed after the verification is passed; and receive the refund sent by the terminal After the information, prompting the refund information; receiving a refund confirmation instruction, and signing the refund information by using a private key of the smart password device to generate a refund confirmation information;
    所述终端,还配置为生成退款信息,并向所述智能密码设备发送所述退款信息;接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;向所述后台系统服务器发送所述退款确认包和所述退款确认信息;The terminal is further configured to generate refund information, and send the refund information to the smart password device; receive the refund confirmation information, verify the refund confirmation information, and after the verification is passed, And signing the refund confirmation information by using a private key of the terminal to generate a refund confirmation package; and sending the refund confirmation package and the refund confirmation information to the background system server;
    所述后台系统服务器,还配置为接收所述终端发送的所述退款确认包和所述退款确认信息,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。The background system server is further configured to receive the refund confirmation package and the refund confirmation information sent by the terminal, and verify the refund confirmation package and the refund confirmation information respectively, and After the verification is passed, the refund operation is performed.
  47. 根据权利要求30至44任一项所述的系统,其特征在于,A system according to any one of claims 30 to 44, wherein
    所述智能密码设备,还配置为在后台系统服务器对所述交易确认信息进行验证,并在验证通过后执行交易之后,向所述终端发送退款请求;接收所述终端发送的退款请求标识,生成退款信息,并利用所述智能密码设备的私钥对所述退款信息进行签名,得到退款确认信息,并向所述终端发送所述退款确认信息;The smart cryptographic device is further configured to verify the transaction confirmation information in the background system server, and send a refund request to the terminal after performing the transaction after the verification is passed; and receive the refund request identifier sent by the terminal Generating refund information, and signing the refund information by using a private key of the smart cryptographic device to obtain refund confirmation information, and sending the refund confirmation information to the terminal;
    所述终端,还配置为生成退款请求标识,并向所述智能密码设备发送所述退款请求标识;接收所述退款确认信息,对所述退款确认信息进行验证,并在验证通过后,利用所述终端的私钥对所述退款确认信息进行签名生成退款确认包;向所述后台系统服务器发送所 述退款确认包和所述退款确认信息;The terminal is further configured to generate a refund request identifier, and send the refund request identifier to the smart password device; receive the refund confirmation information, verify the refund confirmation information, and pass the verification Afterwards, the refund confirmation information is signed by using the private key of the terminal to generate a refund confirmation package; and the backend system server is sent Declaring the refund confirmation package and the refund confirmation information;
    所述后台系统服务器,还配置为接收所述终端发送的所述退款确认包和所述退款确认信息,分别对所述退款确认包和所述退款确认信息进行验证,并在全部验证通过后,执行退款操作。The background system server is further configured to receive the refund confirmation package and the refund confirmation information sent by the terminal, and verify the refund confirmation package and the refund confirmation information respectively, and After the verification is passed, the refund operation is performed.
  48. 根据权利要求45或46所述的系统,其特征在于,所述退款信息中还包含电子对账单。A system according to claim 45 or 46, wherein said refund information further comprises an electronic statement.
  49. 根据权利要求44所述的系统,其特征在于,所述交易成功回执信息还包含电子对账单。The system of claim 44 wherein said transaction success receipt information further comprises an electronic statement.
  50. 根据权利要求30至47任一项所述的系统,其特征在于,所述交易信息中还包含电子对账单。A system according to any one of claims 30 to 47, wherein the transaction information further comprises an electronic statement.
  51. 根据权利要求30至50任一项所述的系统,其特征在于,A system according to any one of claims 30 to 50, wherein
    所述智能密码设备,还配置为在被终端在信号覆盖范围内扫描到之前,进入可被扫描状态。The smart cryptographic device is further configured to enter a scannable state before being scanned by the terminal within the signal coverage.
  52. 根据权利要求30至51任一项所述的系统,其特征在于,A system according to any one of claims 30 to 51, wherein
    所述终端还与所述后台系统服务器进行相互认证。The terminal also performs mutual authentication with the background system server.
  53. 根据权利要求52所述的系统,其特征在于,The system of claim 52, wherein
    所述终端,还配置为生成第一待签名信息;向后台系统服务器发送所述第一待签名信息以及第一认证请求信息;接收所述后台系统服务器发送的第二待签名信息以及所述后台系统服务器证书,利用预存的后台系统服务器证书对应的根证书验证所述后台系统服务器证书是否合法;在验证所述后台系统服务器证书合法后,利用所述终端的私钥对所述第一待签名信息和所述第二待签名信息进行签名生成第一签名信息;向所述后台系统服务器发送所述第一签名信息以及终端证书;接收所述后台系统服务器发送的后台认证完成消息后,验证所述后台认证完成消息;在验证所述后台认证完成消息通过后,生成终端认证第一完成消息,向所述后台系统服务器发送所述终端认证第一完成消息;The terminal is further configured to generate first to-be-signed information; send the first to-be-signed information and the first authentication request information to the background system server; receive the second to-be-signed information sent by the background system server, and the background a system server certificate, using the root certificate corresponding to the pre-stored background system server certificate to verify whether the background system server certificate is legal; after verifying that the background system server certificate is legal, using the private key of the terminal to sign the first to sign The information and the second to-be-signed information are signed to generate first signature information; the first signature information and the terminal certificate are sent to the background system server; after receiving the background authentication completion message sent by the background system server, the verification office After the background authentication completion message is verified, the terminal authentication first completion message is generated, and the terminal authentication first completion message is sent to the background system server;
    所述后台系统服务器,还配置为接收所述终端发送的所述第一待签名信息以及所述第一认证请求信息,生成第二待签名信息;向所述终端发送所述第二待签名信息以及后台系统服务器证书;利用预存的终端证书对应的根证书验证所述终端证书是否合法;在验证所述终端证书合法后,利用所述终端证书中的公钥验证所述第一签名信息;在验证所述第一签名信息通过后,生成后台认证完成消息,并向所述终端发送所述后台认证完成消息;接收所述终端发送的所述终端认证第一完成消息,验证所述终端认证第一完成消息;在验证所述终端认证第一完成消息通过后,所述终端与所述后台系统服务器完成相互认证。 The background system server is further configured to receive the first to-be-signed information and the first authentication request information sent by the terminal, generate second to-be-signed information, and send the second to-be-signed information to the terminal. And the background system server certificate; verifying whether the terminal certificate is legal by using a root certificate corresponding to the pre-stored terminal certificate; and verifying that the terminal certificate is legal, verifying the first signature information by using a public key in the terminal certificate; After the first signature information is verified, the background authentication completion message is generated, and the background authentication completion message is sent to the terminal; the terminal authentication first completion message sent by the terminal is received, and the terminal authentication is verified. After completing the message, after verifying that the terminal authentication first completion message is passed, the terminal and the background system server complete mutual authentication.
  54. 根据权利要求53所述的系统,其特征在于,The system of claim 53 wherein:
    所述后台系统服务器,还配置为接收所述终端发送的所述第一待签名信息以及所述第一认证请求信息,其中,所述第一认证请求信息包括所述终端的标识信息;判断所述终端的标识信息是否包含在所述后台系统服务器中预存的终端异常名单中;在判断出所述终端的标识信息在所述终端异常名单中后,获取锁定终端指令,以及利用所述后台系统服务器的私钥对锁定终端指令进行签名获得第四签名信息,并向所述终端发送所述锁定终端指令以及所述第四签名信息;The background system server is further configured to receive the first to-be-signed information and the first authentication request information sent by the terminal, where the first authentication request information includes identification information of the terminal; Whether the identification information of the terminal is included in the terminal abnormal list pre-stored in the background system server; after determining that the identification information of the terminal is in the abnormal list of the terminal, acquiring a locking terminal instruction, and using the background system The private key of the server signs the locked terminal instruction to obtain the fourth signature information, and sends the locked terminal instruction and the fourth signature information to the terminal;
    所述终端,还配置为接收所述后台系统服务器发送的所述锁定终端指令以及所述第四签名信息,利用预存的所述后台系统服务器证书中的公钥对所述第四签名信息进行验证;在验证所述第四签名信息通过后,根据所述锁定终端指令执行锁定操作。The terminal is further configured to receive the locked terminal command and the fourth signature information sent by the background system server, and verify the fourth signature information by using a pre-stored public key in the background system server certificate. After verifying that the fourth signature information is passed, performing a locking operation according to the locked terminal instruction.
  55. 根据权利要求30至54任一项所述的系统,其特征在于,A system according to any one of claims 30 to 54, wherein
    所述终端还与所述智能密码设备进行相互认证。The terminal also performs mutual authentication with the smart cryptographic device.
  56. 根据权利要求55的系统,其特征在于,The system of claim 55, wherein
    所述终端,还配置为生成第三待签名信息;向所述智能密码设备发送所述第三待签名信息以及第二认证请求信息;接收所述智能密码设备发送的所述第四待签名信息、所述第二签名信息以及所述智能密码设备证书,利用预存的智能密码设备证书对应的根证书验证所述智能密码设备证书是否合法;在验证所述智能密码设备证书合法后,利用所述智能密码设备证书中的公钥对所述第二签名信息进行验证;在验证所述第二签名信息通过后,利用所述终端的私钥对所述第三待签名信息和所述第四待签名信息进行签名获得第三签名信息;向所述智能密码设备发送所述第三签名信息以及所述终端证书;接收所述智能密码设备发送的所述智能密码设备认证完成消息,验证所述智能密码设备认证完成消息;在验证所述智能密码设备认证完成消息通过后,生成终端认证第二完成消息,向所述智能密码设备发送所述终端认证第二完成消息;The terminal is further configured to generate third to-be-signed information, and send the third to-be-signed information and the second authentication request information to the smart cryptographic device, and receive the fourth to-be-signed information sent by the smart cryptographic device. And the second signature information and the smart cryptographic device certificate, verifying whether the smart cryptographic device certificate is legal by using a root certificate corresponding to the pre-stored smart cryptographic device certificate; and after verifying that the smart cryptographic device certificate is legal, using the The public key in the smart cryptographic device certificate verifies the second signature information; after verifying that the second signature information is passed, using the private key of the terminal to the third to-be-signed information and the fourth to-be-signed information And signing the signature information to obtain the third signature information; sending the third signature information and the terminal certificate to the smart cryptographic device; and receiving the smart cryptographic device authentication completion message sent by the smart cryptographic device to verify the smart a password device authentication completion message; after verifying that the smart password device authentication completion message is passed, generating a terminal identification Second completion message, transmitting the authentication to the terminal device of the second smart password complete message;
    所述智能密码设备,还配置为接收所述终端发送的所述第三待签名信息以及所述第二认证请求信息,生成第四待签名信息;利用所述智能密码设备的私钥对所述第三待签名信息进行签名获得第二签名信息,并向所述终端发送所述第四待签名信息、所述第二签名信息以及智能密码设备证书;接收所述终端发送的所述第三签名信息以及所述终端证书后,利用预存的所述终端证书对应的根证书验证所述终端证书是否合法;在验证所述终端证书合法后,利用所述终端证书中的公钥对所述第三签名信息进行验证;在验证所述第三签名信息通过后,生成智能密码设备认证完成消息;向所述终端发送所述智能密码设备认证完成消息;接收所述终端发送的所述终端认证第二完成消息后,验证所述终端认证第二完成 消息;验证所述终端认证第二完成消息后,所述终端与所述智能密码设备完成相互认证。The smart cryptographic device is further configured to receive the third to-be-signed information and the second authentication request information sent by the terminal, to generate fourth to-be-signed information, and use the private key of the smart cryptographic device to The third to-be-signed information is signed to obtain the second signature information, and the fourth to-be-signed information, the second signature information, and the smart cryptographic device certificate are sent to the terminal; and the third signature sent by the terminal is received. After the information and the terminal certificate, verifying whether the terminal certificate is legal by using the root certificate corresponding to the pre-stored terminal certificate; and after verifying that the terminal certificate is legal, using the public key in the terminal certificate to the third And verifying the signature information; after verifying that the third signature information is passed, generating a smart cryptographic device authentication completion message; transmitting the smart cryptographic device authentication completion message to the terminal; and receiving the terminal authentication second sent by the terminal After completing the message, verify that the terminal authentication is completed second. After the terminal authenticates the second completion message, the terminal and the smart cryptographic device complete mutual authentication.
  57. 根据权利要求56所述的系统,其特征在于,The system of claim 56 wherein:
    所述智能密码设备,还配置为在接收到所述第二认证请求信息后,由休眠状态转换为唤醒状态;在唤醒状态下生成第四待签名信息。The smart cryptographic device is further configured to: after receiving the second authentication request information, transition from a sleep state to an awake state; and generate a fourth to-be-signed information in the awake state.
  58. 根据权利要求30至57任一项所述的系统,其特征在于,A system according to any one of claims 30 to 57, wherein
    所述后台系统服务器与所述终端之间传输的信息均通过第一会话密钥加密计算和/或校验计算后传输,其中,所述第一会话密钥预存在所述后台系统服务器和所述终端中或者所述第一会话密钥通过所述后台系统服务器和所述终端协商生成;和/或The information transmitted between the background system server and the terminal is transmitted through the first session key encryption calculation and/or the verification calculation, wherein the first session key is pre-existing in the background system server and the Said in the terminal or the first session key is negotiated by the background system server and the terminal; and/or
    所述终端与所述智能密码设备之间传输的信息均通过第二会话密钥加密计算和/或校验计算后传输,其中,所述第二会话密钥预存在所述终端和所述智能密码设备中或者所述第二会话密钥通过所述终端和所述智能密码设备协商生成。 The information transmitted between the terminal and the smart cryptographic device is transmitted through a second session key encryption calculation and/or a check calculation, wherein the second session key pre-stores the terminal and the smart The second session key is generated in the cryptographic device or negotiated by the terminal and the smart cryptographic device.
PCT/CN2015/071354 2014-04-25 2015-01-22 Secure data interaction method and system WO2015161691A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201410171461.5 2014-04-25
CN201410171806.7A CN103944729A (en) 2014-04-25 2014-04-25 Data security interactive method
CN201410171806.7 2014-04-25
CN201410171461.5A CN103942687A (en) 2014-04-25 2014-04-25 Data security interactive system

Publications (1)

Publication Number Publication Date
WO2015161691A1 true WO2015161691A1 (en) 2015-10-29

Family

ID=54331714

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/071354 WO2015161691A1 (en) 2014-04-25 2015-01-22 Secure data interaction method and system

Country Status (1)

Country Link
WO (1) WO2015161691A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532629A (en) * 2020-11-30 2021-03-19 航天信息股份有限公司 Data transmission method, device, equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051907A (en) * 2007-05-14 2007-10-10 北京握奇数据系统有限公司 Safety certifying method and its system for facing signature data
CN102227106A (en) * 2011-06-01 2011-10-26 飞天诚信科技股份有限公司 Method and system for intelligent secret key equipment to communicate with computer
CN103942687A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive system
CN103944729A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101051907A (en) * 2007-05-14 2007-10-10 北京握奇数据系统有限公司 Safety certifying method and its system for facing signature data
CN102227106A (en) * 2011-06-01 2011-10-26 飞天诚信科技股份有限公司 Method and system for intelligent secret key equipment to communicate with computer
CN103942687A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive system
CN103944729A (en) * 2014-04-25 2014-07-23 天地融科技股份有限公司 Data security interactive method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112532629A (en) * 2020-11-30 2021-03-19 航天信息股份有限公司 Data transmission method, device, equipment and medium

Similar Documents

Publication Publication Date Title
WO2015161699A1 (en) Secure data interaction method and system
WO2015161690A1 (en) Secure data interaction method and system
KR101784125B1 (en) Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data
US10135614B2 (en) Integrated contactless MPOS implementation
KR101544722B1 (en) Method for performing non-repudiation, payment managing server and user device therefor
CN103942687A (en) Data security interactive system
CN103942688A (en) Data security interactive system
CN103944736A (en) Data security interactive method
US20130308778A1 (en) Secure registration of a mobile device for use with a session
US20130311382A1 (en) Obtaining information for a payment transaction
CN103942690A (en) Data security interactive system
CN103944729A (en) Data security interactive method
CN103942684A (en) Data security interactive system
US20120310840A1 (en) Authentication method, payment authorisation method and corresponding electronic equipments
CN103944734A (en) Data security interactive method
TWI591553B (en) Systems and methods for mobile devices to trade financial documents
CN103944730A (en) Data security interactive system
CN103942685A (en) Data security interactive system
CN103944728A (en) Data security interactive system
CN103944908A (en) Data updating method and system
WO2015161693A1 (en) Secure data interaction method and system
CN103944735A (en) Data security interactive method
CN103944731A (en) Data security interactive method
CN101425901A (en) Control method and device for customer identity verification in processing terminals
CN103942686A (en) Data security interactive system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15782876

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15782876

Country of ref document: EP

Kind code of ref document: A1