CN103944730A - Data security interactive system - Google Patents

Abstract

The invention provides a data security interactive system. According to the system, a terminal is used for scanning intelligent code devices, obtaining the identification information of and dynamic authentication passwords of the intelligent code devices, sending an authentication request, the identification information and the dynamic authentication passwords to a background, obtaining and storing the user information of the intelligent code devices after authentication is finished by the background, generating transaction information according to the user information, obtaining transaction request information, sending the transaction request information to the intelligent code devices, receiving dynamic transaction passwords generated by the intelligent code devices, obtaining a transaction data packet according to the dynamic transaction passwords and the transaction information, and sending the transaction data packet to the background; the background is used for receiving the authentication request, the identification information and the dynamic authentication passwords sent by the terminal, finishing the authentication of the intelligent code devices, verifying the dynamic transaction passwords after receiving the transaction data packet sent by the terminal, and executing the transaction after the transaction data packet passes the authentication; the intelligent code devices are used for receiving the transaction request information sent by the terminal, obtaining the transaction information, giving a prompt, receiving a confirmation instruction, and generating the dynamic transaction passwords.

Description

Data security interactive system

Technical field

The present invention relates to a kind of information security field, relate in particular to a kind of data security interactive system.

Background technology

A kind of method of service that mobile payment allows user to use its mobile terminal (terminal such as such as smart mobile phone, PDA, panel computer, notebook computer) to carry out account payment to consumed commodity or service exactly.Unit or individual by mobile terminal, the Internet or closely sensing directly or indirectly send payment instruction to bank finance mechanism and produce the behavior of monetary payoff and fund flow, thereby realize mobile payment function.Mobile payment is merged mobile terminal, the Internet, application provider and financial institution mutually, for user provides the financial business such as monetary payoff, payment.

Mobile payment mainly comprises that remote payment and near field pay two kinds.Remote payment refer to user by mobile terminal login that bank's webpage pays, account operation etc., be mainly used in shopping and the consumption of e-commerce website on line; Near field pays and refers to that consumer is in the time buying commodity or service, IMU is crossed mobile terminal and is paid to businessman, the processing paying is carried out at the scene, and be not need to use under mobile network's line to operate, by using the passages such as the radio frequency (NFC) of mobile terminal, infrared, bluetooth, the local communication of realization and automatic vending machine and POS machine.

In the process of whole mobile payment, the participant who relates to payment comprises: consumption user, trade company, mobile operator, third party service provider, bank.Consumption user and trade company are the service objects of system, and mobile operator provides network support, and bank side provides bank's related service, and third party service provider provides payment platform service, and the combination by each side is to realize business.The electronization of means of payment and mobile have become inevitable development trend, and the safety issue of mobile-payment system is the key problem of mobile e-business safety.

How in the process of mobile payment, to ensure that the fail safe of data interaction is problem demanding prompt solution.

Summary of the invention

The present invention is intended to one of address the above problem.

Main purpose of the present invention is to provide a kind of data security interactive system.

For achieving the above object, technical scheme of the present invention is specifically achieved in that

One aspect of the present invention provides a kind of data security interactive system, comprising:

Terminal, at signal cover interscan intelligent cipher equipment, and obtains identification information and the certification dynamic password of described intelligent cipher equipment; Send identification information and the certification dynamic password of authentication request, described intelligent cipher equipment to backstage system server; After described background system server completes the certification of described intelligent cipher equipment, obtain user profile corresponding to described intelligent cipher equipment; Described user profile is stored in active user's list of setting up in advance; The user profile corresponding according to intelligent cipher equipment to be transacted generates Transaction Information, and obtains transaction request information according to described Transaction Information; Send described transaction request information to described intelligent cipher equipment; Receive transaction dynamic password, described transaction dynamic password is generated by described intelligent cipher equipment; Obtain transaction data package according to described transaction dynamic password and described Transaction Information, and send described transaction data package to described background system server;

Described background system server, for receiving identification information and the certification dynamic password of the described authentication request of described terminal transmission, described intelligent cipher equipment, completes the certification to described intelligent cipher equipment; Receive after the described transaction data package of described terminal transmission, described transaction dynamic password is verified, and carry out transaction after being verified;

Described intelligent cipher equipment, the described transaction request information sending for receiving described terminal, according to Transaction Information described in described transaction request information acquisition; Point out described Transaction Information; Confirmation of receipt instruction, and generate transaction dynamic password.

In addition, in this system,

Described terminal, also for send certification instruction to described intelligent cipher equipment, and receive the identification information of described intelligent cipher equipment, receive the certification dynamic password of described intelligent cipher equipment transmission or receive the certification dynamic password that user inputs, obtaining identification information and the certification dynamic password of described intelligent cipher equipment; Described intelligent cipher equipment, the described certification instruction also sending for receiving described terminal, generate certification dynamic password, send the identification information of described intelligent cipher equipment or send the identification information of described intelligent cipher equipment and authenticate dynamic password to described terminal to described terminal.

In addition, in this system,

Described background system server, also, for receiving identification information and the certification dynamic password of the described authentication request of described terminal transmission, described intelligent cipher equipment, obtain seed key corresponding to described intelligent cipher equipment according to the identification information of described intelligent cipher equipment; Generate the checking password of certification dynamic password according to described seed key; Described certification dynamic password and described checking password are contrasted, contrast when consistent at described certification dynamic password and described checking password, complete the certification to described intelligent cipher equipment.

In addition, in this system,

Described terminal, also for sending identification information and the user profile read requests of described intelligent cipher equipment to described background system server; The response message that receives the described user profile read requests of described background system server transmission, obtains described user profile according to the response message of described user profile read requests; Described background system server, also, for receiving identification information and the described user profile read requests of the described intelligent cipher equipment that described terminal sends, obtain the user profile corresponding with described intelligent cipher equipment according to the identification information of described intelligent cipher equipment; Obtain the response message of described user profile read requests according to described user profile, and send the response message of described user profile read requests to described terminal.

In addition, in this system,

Described terminal, also for sending user profile read requests to described intelligent cipher equipment; The response message that receives the described user profile read requests of described intelligent cipher equipment transmission, obtains described user profile according to the response message of described user profile read requests; Described intelligent cipher equipment, also for obtaining pre-stored user profile, and obtains the response message of described user profile read requests, and sends the response message of described user profile read requests to described terminal according to described user profile.

In addition, in this system,

Described background system server, also for sending user profile corresponding to described intelligent cipher equipment to described terminal; Described terminal, user profile corresponding to described intelligent cipher equipment also sending for receiving described background system server.

In addition, in this system,

Described terminal, also for after signal cover interscan intelligent cipher equipment, obtains the identification information of the whole intelligent cipher equipment in the signal cover of described terminal, generates real-time identification list; The identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list is compared according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list, not in described active user's list, obtains user profile corresponding to described intelligent cipher equipment; And if the identification information of intelligent cipher equipment in described active user's list is in described real-time identification list, delete in described active user's list the not user profile of the intelligent cipher equipment in described real-time identification list.

In addition, in this system,

Described terminal, also for after signal cover interscan intelligent cipher equipment, obtains the identification information of the whole intelligent cipher equipment in the signal cover of described terminal, generates real-time identification list; The identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list is compared according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list is not in described active user's list, obtain user profile corresponding to described intelligent cipher equipment, and obtain after described user profile in described terminal, described user profile is stored in described real-time identification list; And if the identification information of intelligent cipher equipment in described real-time identification list is in described active user's list, the user profile of described intelligent cipher equipment in described active user's list is stored in described real-time identification list; Described active user's list using described real-time identification list after upgrading.

In addition, in this system, described intelligent cipher equipment, the described certification instruction also sending for receiving described terminal, is converted to wake-up states by resting state; Under wake-up states, generate certification dynamic password.

In addition, in this system,

Described background system server, also, for receiving after the identification information and certification dynamic password of described authentication request, described intelligent cipher equipment, judge whether the identification information of described intelligent cipher equipment is included in the intelligent cipher unit exception list prestoring in described background system server; After the identification information of judging described intelligent cipher equipment is in described intelligent cipher unit exception list, obtains locking intelligent cipher device directive, and send described locking intelligent cipher device directive by described terminal to described intelligent cipher equipment; Described intelligent cipher equipment, the described locking intelligent cipher device directive also sending for receiving described terminal, carries out lock operation according to described locking intelligent cipher device directive.

In addition, in this system, described background system server, also for receiving the application of intelligent cipher facility registration, and application is audited to described intelligent cipher facility registration; After the application of the described intelligent cipher facility registration of examination & verification is passed through, store user profile and the identification information of described intelligent cipher equipment and the mapping relations of seed key that described intelligent cipher equipment is corresponding.

In addition,, in this system, described background system server, also for obtaining intelligent cipher equipment cancellation application, and audits described intelligent cipher equipment cancellation application; After the described intelligent cipher equipment cancellation application of examination & verification is passed through, delete user profile and the identification information of described intelligent cipher equipment and the mapping relations of seed key that described intelligent cipher equipment is corresponding.

In addition, in this system, described intelligent cipher equipment, the described transaction request information also sending for receiving described terminal, is converted to wake-up states by resting state; Under wake-up states according to Transaction Information described in described transaction request information acquisition.

In addition,, in this system, described terminal, also for receiving the acoustic signals of described intelligent cipher equipment transmission and described acoustic signals being decoded and obtained transaction dynamic password; Or gather the image information of described intelligent cipher equipment demonstration and described image information is decoded and obtained described transaction dynamic password; Or the communication interface of mating with described intelligent cipher equipment by described terminal receives described transaction dynamic password; Or the dynamic password of concluding the business described in the information acquisition of inputting by described terminal.

In addition,, in this system, described background system server also for described transaction dynamic password is being verified, and is carried out after transaction after being verified, and sends Transaction Success acknowledgement information to described terminal; And/or send Transaction Success acknowledgement information by described terminal to described intelligent cipher equipment; Described intelligent cipher equipment, also, for receiving described Transaction Success acknowledgement information, points out described Transaction Success acknowledgement information.

In addition,, in this system, described terminal, also at described background system server, described transaction dynamic password being verified, and carry out transaction after being verified after, sends reimbursement information to described intelligent cipher equipment; Receive reimbursement dynamic password, send described reimbursement dynamic password to described background system server, wherein, described reimbursement dynamic password is generated by described intelligent cipher equipment; Described intelligent cipher equipment, the described reimbursement information also sending for receiving described terminal, points out described reimbursement information; Receive reimbursement and confirm instruction, generate reimbursement dynamic password; Described background system server, the described reimbursement dynamic password also sending for receiving described terminal, verifies described reimbursement dynamic password, and after being verified, carries out reimbursement operation.

In addition,, in this system, described intelligent cipher equipment, also at described background system server, described transaction dynamic password being verified, and carry out transaction after being verified after, sends refund request to described terminal; Receive the described reimbursement information that described terminal sends, point out described reimbursement information; Receive reimbursement and confirm instruction, generate reimbursement dynamic password; Described terminal, also for generating reimbursement information, and sends described reimbursement information to described intelligent cipher equipment; Receive described reimbursement dynamic password, send described reimbursement dynamic password to described background system server; Described background system server, the described reimbursement dynamic password also sending for receiving described terminal, verifies described reimbursement dynamic password, and after being verified, carries out reimbursement operation.

In addition,, in this system, described intelligent cipher equipment, also at described background system server, described transaction dynamic password being verified, and carry out transaction after being verified after, sends refund request to described terminal; Receive the described refund request mark that described terminal sends, generate reimbursement confirmation and send described reimbursement confirmation to described terminal, wherein, described reimbursement confirmation comprises reimbursement information and reimbursement dynamic password; Described terminal, also for generating refund request mark, and sends described refund request mark to described intelligent cipher equipment; Receive described reimbursement confirmation, send described reimbursement confirmation to described background system server; Described background system server, the described reimbursement confirmation also sending for receiving described terminal, verifies described reimbursement dynamic password, and after being verified, carries out reimbursement operation.

In addition,, in this system, in described reimbursement information, also comprise duplet bill.

In addition,, in this system, described Transaction Success acknowledgement information also comprises duplet bill.

In addition,, in this system, in described Transaction Information, also comprise duplet bill.

In addition, in this system, described intelligent cipher equipment, also for by described terminal before signal cover interscan is arrived, enter and can be scanned state.

As seen from the above technical solution provided by the invention, the terminal of trade company can be by first reading the identification information of intelligent cipher equipment, and the identification information that recycles this intelligent cipher equipment obtains the user profile that intelligent cipher equipment is corresponding.Therefore, client can be without carrying out payment for merchandise by modes such as wallet, credit card, mobile phones, thereby simplified the interactive operation of client and trade company, promoted user's experience.

Brief description of the drawings

In order to be illustrated more clearly in the technical scheme of the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also obtain other accompanying drawings according to these accompanying drawings.

Fig. 1 is data security interactive system structural representation provided by the invention;

Fig. 2 is the flow chart of data security exchange method provided by the invention.

Embodiment

Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtaining under creative work prerequisite, belong to protection scope of the present invention.

In description of the invention, it will be appreciated that, term " " center ", " longitudinally ", " laterally ", " on ", D score, " front ", " afterwards ", " left side ", " right side ", " vertically ", " level ", " top ", " end ", " interior ", orientation or the position relationship of instructions such as " outward " are based on orientation shown in the drawings or position relationship, only the present invention for convenience of description and simplified characterization, instead of device or the element of instruction or hint indication must have specific orientation, with specific orientation structure and operation, therefore can not be interpreted as limitation of the present invention.In addition, term " first ", " second " be only for describing object, and can not be interpreted as instruction or hint relative importance or quantity or position.

In description of the invention, it should be noted that, unless otherwise clearly defined and limited, term " installation ", " being connected ", " connection " should be interpreted broadly, and for example, can be to be fixedly connected with, and can be also to removably connect, or connect integratedly; Can be mechanical connection, can be also electrical connection; Can be to be directly connected, also can indirectly be connected by intermediary, can be the connection of two element internals.For the ordinary skill in the art, can concrete condition understand above-mentioned term concrete meaning in the present invention.

Below in conjunction with accompanying drawing, the embodiment of the present invention is described in further detail.

Data security interactive system provided by the invention, system architecture applicatory as shown in Figure 1, comprising: background system server, terminal and intelligent cipher equipment.Wherein:

Background system server can complete the management to intelligent cipher equipment and the storage to user profile and issue management, for example comprise the management such as registration to intelligent cipher equipment, cancellation, locking, certification, it can provide the financial service such as bank's related service, payment platform service; Can comprise the combination of one or more servers such as paying server, certificate server, management server.

Terminal can be the terminal of trade company's end, to complete the initiation of mobile payment, the maintenance of user profile etc., this terminal can arrive the intelligent cipher equipment in its signal cover by automatic scan, and the communication connection of foundation and intelligent cipher equipment, obtain the user profile that intelligent cipher equipment is corresponding.Terminal of the present invention (such as POS machine etc.) increasing radio communication function module, backstage and terminal room can adopt dedicated Internet access, ensure fail safe.

Intelligent cipher equipment (for example: dynamic password generating device, OTP, e-token, dynamic token, with the USBkey of dynamic password systematic function) possess secure payment function, this intelligent cipher equipment (for example: bluetooth possesses wireless communication module, infrared ray, RFID, NFC, light, sound wave, heat energy, vibration, WIFI etc.), can and terminal between communicate by this wireless communication module, certainly, this intelligent cipher equipment (for example: audio interface can also include line interface, USB interface, serial ports etc.), and communicate by wireline interface and terminal.In addition, intelligent cipher equipment can also possess connectivity option function, if user does not open this function, terminal cannot be obtained the identification information of intelligent cipher equipment and corresponding user profile.For example: intelligent cipher equipment can enter the state that can be scanned, so that terminal scanning arrives this intelligent cipher equipment.The connectivity option function that intelligent cipher equipment possesses, can be that the hardware switch arranging on intelligent cipher equipment is opened realization, can be also that intelligent cipher equipment is opened and realized by software.

As shown in Figure 2, the framework shown in application drawing 1, data security interactive system provided by the invention can be carried out associative operation in the following manner:

Intelligent cipher equipment is registered to backstage system server:

Background system server receives the application of intelligent cipher facility registration, and application is audited to intelligent cipher facility registration; Concrete, the user who holds intelligent cipher equipment can arrive bank counter and handle the application for registration of this intelligent cipher equipment, also can handle by the Internet the application for registration of this intelligent cipher equipment, background system server receives after this application for registration, and the legitimacy of the identity to this user is audited.

Background system server, after the application of examination & verification intelligent cipher facility registration is passed through, is stored corresponding user profile and the identification information of intelligent cipher equipment and the mapping relations of seed key of intelligent cipher equipment; Concrete, after the legitimacy of background system server examination & verification user identity etc. is passed through, agreed to user's intelligent cipher equipment to register, and, background system server can pre-stored seed key and the corresponding relation of the identification information of intelligent cipher equipment, after registration completes, by the identification information of intelligent cipher equipment and seed key and user information correlation, complete subsequent treatment so that corresponding with intelligent cipher equipment.

Certainly, terminal also can be registered to backstage system server.

Terminal is at signal cover interscan intelligent cipher equipment, and obtains identification information and the certification dynamic password of intelligent cipher equipment:

Concrete, terminal can send request signal (sequence number of for example terminal) according to certain time interval and inquire about the intelligent cipher equipment in certain wireless signal coverage;

Intelligent cipher equipment is intercepted (inquiry scan) to the inquiry of terminal, after intelligent cipher equipment enters in the signal cover of terminal, the identification information that sends intelligent cipher equipment to terminal, thus, terminal scanning has arrived the identification information of intelligent cipher equipment.

Below, provide two kinds of modes that realize terminal scanning and obtain the identification information of intelligent cipher equipment:

(1) terminal can be used IAC (Inquiry Access Code, Inquiry Access Code) to inquire about the intelligent cipher equipment in certain wireless signal coverage;

Intelligent cipher equipment is intercepted (inquiry scan) to the inquiry of terminal, after intelligent cipher equipment enters in the signal cover of terminal, sends address and the clock information of intelligent cipher equipment to terminal;

Intelligent cipher equipment intercepts the paging information of self terminal, carries out page scan;

The intelligent cipher equipment that paging terminal has inquired;

Intelligent cipher equipment receives after paging information, sends the DAC (Device Access Code, device access code) of intelligent cipher equipment to terminal.

(2) terminal sends request signal and inquires about the intelligent cipher equipment in certain wireless signal coverage;

Intelligent cipher equipment is intercepted (inquiry scan) to the request signal of terminal, after intelligent cipher equipment enters in the signal cover of terminal, sends the address of intelligent cipher equipment to terminal.

Certainly, how the present invention only obtains the identification information of intelligent cipher equipment with above two examples explanation terminal, but the present invention is not limited thereto, the method of the identification information based on above-mentioned two acquisition intelligent cipher equipment, intelligent cipher equipment can be in the time receiving any information of terminal transmission, the information that all terminal can be sent is as dormancy awakening signal, and intelligent cipher equipment, according to dormancy awakening signal, switches to wake-up states (being normal mode of operation) by resting state.Meanwhile, intelligent cipher equipment, after any command execution finishes, all can automatically reply resting state.Intelligent cipher equipment enters resting state to save the electric energy of intelligent cipher equipment, increases the service life.

Before terminal scanning intelligent cipher equipment, intelligent cipher equipment also needs to enter the state that can be scanned, so that terminal can scan this intelligent cipher equipment, wherein, intelligent cipher equipment enters the state that can be scanned and can be opened and be realized by the hardware switch arranging on intelligent cipher equipment, also can be opened and be realized by intelligent cipher device software.

Concrete, identification information and certification dynamic password that terminal obtains intelligent cipher equipment can adopt but be not limited to following implementation:

Mode one, terminal send certification instruction to intelligent cipher equipment, intelligent cipher equipment receives after certification instruction, generate certification dynamic password, send identification information and the certification dynamic password of intelligent cipher equipment to terminal, terminal receives identification information and the certification dynamic password of intelligent cipher equipment.

Mode two, terminal send certification instruction to intelligent cipher equipment, intelligent cipher equipment receives after certification instruction, generate certification dynamic password, intelligent cipher equipment sends the identification information of intelligent cipher equipment to terminal, terminal receives the certification dynamic password of user's input, and terminal obtains identification information and the certification dynamic password of intelligent cipher equipment.

Intelligent cipher equipment receives after certification instruction, and generation certification dynamic password specifically can adopt but be not limited to following mode to be realized: intelligent cipher equipment receives after certification instruction, is converted to wake-up states by resting state; Intelligent cipher equipment generates certification dynamic password under wake-up states.Intelligent cipher equipment enters resting state to save the electric energy of intelligent cipher equipment, increases the service life.

The identification information of intelligent cipher equipment can adopt the information that self sequence number, MAC Address or other identification information etc. can unique identification intelligent cipher equipment.

Background system server authenticates intelligent cipher equipment:

Terminal sends identification information and the certification dynamic password of authentication request, intelligent cipher equipment to backstage system server;

Background system server receives after the identification information and certification dynamic password of authentication request, intelligent cipher equipment, completes the certification to intelligent cipher equipment; Concrete, complete and can adopt but be not limited to following implementation the certification of intelligent cipher equipment: background system server receives after the identification information and certification dynamic password of authentication request, intelligent cipher equipment, obtains according to the identification information of intelligent cipher equipment the seed key that intelligent cipher equipment is corresponding; Background system server generates the checking password of certification dynamic password according to seed key; Background system server contrasts certification dynamic password and checking password, at certification dynamic password with verify that password contrasts when consistent, completes the certification to intelligent cipher equipment;

In order to ensure the fail safe of data interaction and the legitimacy of intelligent cipher equipment, background system server receives after the identification information and certification dynamic password of authentication request, intelligent cipher equipment, also judges whether the identification information of intelligent cipher equipment is included in the intelligent cipher unit exception list prestoring in background system server; Background system server, after the identification information of judging intelligent cipher equipment is in intelligent cipher unit exception list, obtains locking intelligent cipher device directive, and sends locking intelligent cipher device directive by terminal to intelligent cipher equipment; Intelligent cipher equipment receives after locking intelligent cipher device directive, carries out lock operation according to locking intelligent cipher device directive.

Concrete, intelligent cipher unit exception list can be for blacklist, report the loss list, inefficacy list etc. represents arbitrarily the illegal list of intelligent cipher equipment identities; If the identification information of intelligent cipher equipment is in intelligent cipher unit exception list, illustrate that this intelligent cipher equipment is illegal intelligent cipher equipment, now, in order to ensure fail safe, background system server sends lock instruction to lock this illegal intelligent cipher equipment by terminal to this illegal intelligent cipher equipment.

Certainly, the present invention is not limited thereto, for practical application, as long as can the illegal intelligent cipher equipment of legal locking.

Intelligent cipher equipment is carried out lock operation according to locking intelligent cipher device directive and can be comprised: intelligent cipher equipment refusal is carried out any request, destroys the any-mode such as seed key of self storage.

Certainly, background system server is sending after lock instruction, can also carry out any request of this illegal intelligent cipher equipment of refusal.

Visible, when user has lost after intelligent cipher equipment, can report the loss to backstage system server, background system server registers to the EIC equipment identification code of this intelligent cipher equipment to report the loss on list; Or occur that account the situation such as reported extremely, background system server also can be by these intelligent cipher device registration in blacklist.Equipment in these abnormal lists all can be served as abnormal device registration on abnormal list.Before each transaction, background system server can authenticate intelligent cipher equipment, can be by this device identification and exception name digital ratio pair, if this intelligent cipher equipment is locked on list in verification process.Apply this kind of mode, if someone usurps other people intelligent cipher equipment, and illegal this intelligent cipher equipment that uses of attempt is transferred accounts while stealing user's fund, owing to all can intelligent cipher equipment being authenticated before the each transaction of background system server, background system server can be long-range by this intelligent cipher equipment locking, even if therefore this intelligent cipher equipment is illegally usurped and also can be ensured that user account do not suffer a loss by others.

Certainly, background system server, after completing the certification of intelligent cipher equipment, can also generate and authenticate message, and send to terminal, to inform that terminal authentication completes, also certification can be completed to message and be sent to intelligent cipher equipment, to inform that intelligent cipher device authentication completes.

The certification of intelligent cipher equipment being carried out based on above-mentioned background system server, can guarantee the legitimacy of intelligent cipher equipment, improves the fail safe of subsequent treatment.Meanwhile, can take precautions against fishing risk, prevent the transaction risks such as the distorting of transmission information, long-range abduction and man-in-the-middle attack, thereby effectively ensure intelligent cipher equipment holder's fund security.

Terminal is obtained user profile:

Concrete, after background system server completes the certification of intelligent cipher equipment, terminal is obtained the user profile that intelligent cipher equipment is corresponding.

Terminal is obtained the user profile that intelligent cipher equipment is corresponding (for example, can be the information such as user's photo, name, account), specifically can obtain the user profile that intelligent cipher equipment is corresponding through but not limited to following mode:

Mode one, terminal obtain from background system server the user profile that intelligent cipher equipment is corresponding:

Terminal sends identification information and the user profile read requests of intelligent cipher equipment to backstage system server; Concrete, in the time that terminal sends the identification information of intelligent cipher equipment and user profile read requests to backstage system server, can be directly to identification information and the user profile read requests of backstage system server transmission intelligent cipher equipment.

Background system server receives after the identification information and user profile read requests of intelligent cipher equipment, obtains the user profile corresponding with intelligent cipher equipment according to the identification information of intelligent cipher equipment; Concrete, background system server user profile corresponding to registered each intelligent cipher equipment that prestored, to obtain according to the identification information of the intelligent cipher equipment receiving the user profile that this intelligent cipher equipment is corresponding.

In addition, in order to ensure the fail safe of user profile, background system server also needs user profile corresponding this intelligent cipher equipment to be sent to terminal by intelligent cipher equipment holder's mandate.Background system server sends user-authorization-request information (for example, this user-authorization-request information can be random number) by terminal to intelligent cipher equipment; Intelligent cipher equipment receives after user-authorization-request information, generates authorization message, and sends authorization message by terminal to backstage system server; Background system server receives after authorization message, sends the response message of user profile read requests to terminal.

Certainly, receiving after user-authorization-request information at intelligent cipher equipment, can also be converted to wake-up states by resting state; Intelligent cipher equipment generates authorization message under wake-up states.So that saving electric energy, the useful life of prolongation intelligent cipher equipment.

Background system server obtains the response message of user profile read requests according to user profile, and sends the response message of user profile read requests to terminal;

Terminal receives after the response message of user profile read requests, obtains user profile according to the response message of user profile read requests.

Mode two, terminal obtain from intelligent cipher equipment the user profile that intelligent cipher equipment is corresponding:

Terminal sends user profile read requests to intelligent cipher equipment;

Intelligent cipher equipment obtains pre-stored user profile, and obtains the response message of user profile read requests according to user profile, and sends the response message of user profile read requests to terminal;

Terminal receives after the response message of user profile read requests, obtains user profile according to the response message of user profile read requests.

In addition,, if the holder of intelligent cipher equipment refuses to send user profile, can or send exclude information by software control to terminal by the button that arranges on intelligent cipher equipment, to ensure the safety of user profile.

Mode three: background system server directly sends user profile corresponding to intelligent cipher equipment by terminal to intelligent cipher equipment in completing certification:

Background system server is in the time of the certification completing intelligent cipher equipment, and background system server also sends user profile corresponding to intelligent cipher equipment to terminal; Concrete, background system server is after completing the certification of intelligent cipher equipment, can also send and authenticate message to terminal, to inform that terminal background system server authentication intelligent cipher equipment completes, in the time that background system server has authenticated message to terminal transmission, can also obtain the user profile corresponding with this intelligent cipher equipment prestoring according to the identification information of intelligent cipher equipment, thereby send user profile corresponding to intelligent cipher equipment to terminal.

Terminal is obtained the user profile that intelligent cipher equipment is corresponding, the information that terminal directly sends from background system server, gets the user profile that this intelligent cipher equipment is corresponding.

Terminal stores user profile in active user's list of setting up in advance; Concrete, due to flowing of the variation of the volume of the flow of passengers in shop, terminal place, personnel, the intelligent cipher equipment detecting is also constantly to change, and now, this current user list can upgrade through but not limited to following mode:

Mode one:

Terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of terminal, generates real-time identification list;

Terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in real-time identification list and active user's list according to the default time interval;

If the identification information of the intelligent cipher equipment in identification list, not in active user's list, obtains the user profile that intelligent cipher equipment is corresponding in real time; And if the identification information of intelligent cipher equipment in active user's list is in identification list in real time, delete in active user's list not the user profile of the intelligent cipher equipment in identification list in real time.

By the manner, active user's list is upgraded, can ensure that user profile corresponding to intelligent cipher equipment in terminal signaling coverage can update in active user's list, can from active user's list, delete in time for user profile corresponding to intelligent cipher equipment of leaving in terminal signaling coverage, ensure fail safe.

Mode two:

Terminal obtains the identification information of the whole intelligent cipher equipment in the signal cover of terminal, generates real-time identification list;

Terminal was compared the identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in real-time identification list and active user's list according to the default time interval;

If the identification information of the intelligent cipher equipment in identification list, not in active user's list, obtains the user profile that intelligent cipher equipment is corresponding in real time, and obtains after user profile in terminal, user profile is stored in real-time identification list; And if in real time the identification information of the intelligent cipher equipment in identification list, in active user's list, is stored to the user profile of the intelligent cipher equipment in active user's list in real-time identification list;

Active user's list using real-time identification list after upgrading.

By the manner, active user's list is upgraded, can only user profile corresponding to intelligent cipher equipment in the signal cover of terminal be upgraded in time, improve and upgrade efficiency.Utilize the manner, terminal is in the time obtaining user profile, the user profile that in shop, original intelligent cipher equipment is corresponding directly can be copied in real-time identification list from original active user's list, user profile corresponding to client of newly entering shop can be by obtaining to backstage system server or intelligent cipher equipment proposition user profile read requests.

As can be seen here, in the time that shop, the terminal place volume of the flow of passengers changes, do not need trade company to carry out any operation, active user's list can be upgraded automatically, has facilitated the salesman of trade company to safeguard client's information management.

In addition, terminal can show user profile corresponding to user in stored active user's list, so that the holder of intelligent cipher equipment checks this user profile, guarantees the correctness of transaction.

In prior art, process of exchange all needs SIM card or smart card etc. to possess the equipment of account memory function, user's operations such as mobile phone of need to swiping the card, and so trade company could obtain user's accounts information.

Be different from prior art, the terminal of trade company can be by first reading the identification information of intelligent cipher equipment, and the identification information that recycles this intelligent cipher equipment obtains the user profile that intelligent cipher equipment is corresponding.Therefore, client can be without carrying out payment for merchandise by modes such as wallet, credit card, mobile phones, thereby simplified the interactive operation of client and trade company, promoted user's experience.

Transaction Information processing:

Terminal generates Transaction Information according to user profile corresponding to intelligent cipher equipment to be transacted, and obtains transaction request information according to Transaction Information; Concrete, Transaction Information can comprise dealing money, bank settlement both sides' the information such as account information, bank settlement both sides' identification information, in Transaction Information, can also comprise duplet bill, user can be according to duplet bill examination & verification trade detail, for example, concrete exchange hour, transaction odd numbers, the article of dealing money, purchase etc.

Terminal sends transaction request information to intelligent cipher equipment; Concrete, terminal can send transaction request information through but not limited to following mode: terminal sends by acoustic signals after transaction request information is encoded; Or terminal carries out also showing so that intelligent cipher equipment carries out IMAQ after encoding of graphs to transaction request information; Or the communication interface that terminal is mated with intelligent cipher equipment by terminal sends transaction request information.

Intelligent cipher equipment receives after transaction request information, according to transaction request information acquisition Transaction Information;

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, receiving after transaction request information, be converted to wake-up states by resting state; Intelligent cipher equipment under wake-up states according to transaction request information acquisition Transaction Information.

Intelligent cipher device prompts Transaction Information; Concrete, intelligent cipher equipment can show Transaction Information by display screen, also can Transaction Information be played back in the mode of voice by loud speaker etc.Certainly, intelligent cipher equipment can also point out user to know real Transaction Information by other means, guarantees the safety of transaction.In addition, intelligent cipher equipment gets after Transaction Information, can also carry out to Transaction Information the extraction of key message, and intelligent cipher equipment is only pointed out key message, concrete prompting mode can be referring to intelligent cipher equipment the prompting mode to Transaction Information.

Intelligent cipher equipment confirmation of receipt instruction, and generate transaction dynamic password; Concrete, the information confirmation of receipt instruction that intelligent cipher equipment can send when detecting that the acknowledgement key being arranged on intelligent cipher equipment is pressed, also can touch the information confirmation of receipt instruction that the virtual acknowledgement key of screen display sends when clicked by detecting, the biological informations such as voice that can also be by detecting, fingerprint, iris are as confirming the any-modes such as instruction.Further, intelligent cipher equipment can generate transaction dynamic password through but not limited to following mode: all or part of Transaction Information of intelligent cipher equipment utilization generates transaction dynamic password; Or all or part of Transaction Information binding time of the intelligent cipher equipment utilization factor generates transaction dynamic password; Or all or part of Transaction Information binding events of the intelligent cipher equipment utilization factor generates transaction dynamic password; Or the intelligent cipher equipment utilization all or part of Transaction Information binding time factor and the event factor generate transaction dynamic password, certainly, the challenge code that intelligent cipher equipment can also receive user input generates separately transaction dynamic password, or the factor such as the binding time factor and/or the event factor generates transaction dynamic password.

Terminal receives transaction dynamic password; Concrete, terminal can receive transaction dynamic password through but not limited to following mode: terminal receives the acoustic signals of intelligent cipher equipment transmission and acoustic signals is decoded and (for example obtained transaction dynamic password, can adopt sound wave identification equipment to identify acoustic signals, adopt sound wave decoder to decode and obtain transaction dynamic password acoustic signals); Or terminal gathers image information that intelligent cipher equipment shows to image information (for example, Quick Response Code, bar code etc.) decoding obtains transaction dynamic password (for example adopt image capture device to gather image information, employing decoder obtains transaction dynamic password after image information is decoded); Or the communication interface that terminal is mated with intelligent cipher equipment by terminal receives transaction dynamic password; Or the information acquisition that terminal is inputted by terminal transaction dynamic password.

Terminal obtains transaction data package according to transaction dynamic password and Transaction Information, and sends transaction data package to backstage system server; Concrete, in transaction data package, also can comprise other information such as Transaction Information.Transaction Information can comprise dealing money, bank settlement both sides' the information such as account information, bank settlement both sides' identification information, in Transaction Information, can also comprise duplet bill, user can be according to duplet bill examination & verification trade detail, for example, concrete exchange hour, transaction odd numbers, the article of dealing money, purchase etc.

Background system server receives after transaction data package, transaction dynamic password is verified, and carried out transaction after being verified; Concrete, background system server only after checking transaction verifying dynamic password passes through, just illustrates that this transaction passed through the confirmation of legal intelligent cipher equipment, and carries out and conclude the business according to the result after confirming.Certainly,, in order to ensure that the holder of intelligent cipher equipment knows transaction and completes, background system server can also send Transaction Success acknowledgement information to intelligent cipher equipment by terminal; Intelligent cipher equipment receives after Transaction Success acknowledgement information, prompting Transaction Success acknowledgement information, in Transaction Success acknowledgement information, can also comprise duplet bill, user can be according to duplet bill examination & verification trade detail, for example, concrete exchange hour, transaction odd numbers, the article of dealing money, purchase etc.Background system server can also send Transaction Success acknowledgement information to terminal, has concluded the business so that terminal is known.

Reimbursement:

In the time of customer need reimbursement, can carry out but be not limited to following several mode to realize reimbursement operation:

Mode one, terminal send reimbursement information to intelligent cipher equipment; Concrete, reimbursement information can comprise: the combination in any such as reimbursement both sides' account, refund amount, reimbursement transaction odd numbers, reimbursement both sides' identification information, in reimbursement information, can also comprise duplet bill, user can be according to duplet bill examination & verification reimbursement details, for example, concrete reimbursement time, reimbursement transaction odd numbers, refund amount, the article replaced etc.Terminal can also send reimbursement information through but not limited to following mode: terminal sends by acoustic signals after reimbursement information is encoded; Or terminal carries out also showing so that intelligent cipher equipment carries out IMAQ after encoding of graphs to reimbursement information; Or the communication interface that terminal is mated with intelligent cipher equipment by terminal sends reimbursement information.

Intelligent cipher equipment receives after reimbursement information, prompting reimbursement information; Concrete, intelligent cipher equipment is receiving after reimbursement information, and this reimbursement information exchange is crossed to the any-mode such as speech play or display screen demonstration and be prompted to user and know, be real reimbursement information so that user determines this reimbursement information.

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, receiving after reimbursement information, be converted to wake-up states by resting state; Intelligent cipher equipment is pointed out reimbursement information under wake-up states.

Intelligent cipher equipment receives reimbursement and confirms instruction, generates reimbursement dynamic password; Concrete, user, after having determined that reimbursement information is real reimbursement information, confirms by the mode such as physical button or virtual key arranging on intelligent cipher equipment.Intelligent cipher equipment after sending reimbursement confirmation to terminal (for example, send after acoustic signals corresponding to reimbursement confirmation, or show that image information corresponding to reimbursement confirmation reached after predetermined time), be converted to resting state by wake-up states.

Terminal receives reimbursement dynamic password, sends reimbursement dynamic password to backstage system server; Concrete, terminal can receive reimbursement dynamic password through but not limited to following mode: terminal receives the acoustic signals of intelligent cipher equipment transmission and acoustic signals is decoded and (for example obtained reimbursement dynamic password, can adopt sound wave identification equipment to identify acoustic signals, adopt sound wave decoder to decode and obtain reimbursement dynamic password acoustic signals); Or terminal gathers image information that intelligent cipher equipment shows to image information (for example, Quick Response Code, bar code etc.) decoding obtains reimbursement dynamic password (for example adopt image capture device to gather image information, employing decoder obtains reimbursement dynamic password after image information is decoded); Or the communication interface that terminal is mated with intelligent cipher equipment by terminal receives reimbursement dynamic password.Meanwhile, terminal can send reimbursement dynamic password to backstage system server by safe dedicated network.

Background system server receives after reimbursement dynamic password, reimbursement dynamic password is verified, and after being verified, carried out reimbursement operation.

For mode one, provide a kind of application scenarios of reimbursement, but the present invention is not limited thereto below:

Shop, according to client's reimbursement purpose, generates reimbursement information (this reimbursement information can be to obtain by searching the Transaction Information having recorded, and can be also a reimbursement information or the other forms of reimbursement information regenerating) by terminal;

Intelligent cipher equipment, receiving after reimbursement information, is converted to wake-up states by resting state, and reimbursement information is shown, confirms for client;

Client confirms that this reimbursement information is correct, and the acknowledgement key of pressing on intelligent cipher equipment confirms, intelligent cipher equipment receives this reimbursement and confirms, after instruction, to generate reimbursement dynamic password, and reimbursement dynamic password is sent to terminal;

Terminal receives after reimbursement dynamic password, and reimbursement dynamic password is sent to background system server;

Background system server receives after reimbursement dynamic password, and reimbursement dynamic password is verified, after being verified, carrying out reimbursement operation, and sends reimbursement success receipt information to terminal and/or intelligent cipher equipment.

Mode two, which two are with the difference of mode one: before terminal sends reimbursement information to intelligent cipher equipment, this terminal also receives the refund request that this intelligent cipher equipment sends, and generates reimbursement information according to refund request.Concrete, client can be by pressing button on intelligent cipher equipment to generate refund request, and intelligent cipher equipment receives after this refund request, and this refund request is sent to this terminal.In reimbursement information, can also comprise duplet bill, user can be according to duplet bill examination & verification reimbursement details, for example, and concrete reimbursement time, reimbursement transaction odd numbers, refund amount, the article replaced etc.Certainly, any intelligent cipher equipment that can trigger generates the implementation of refund request and all belongs in protection scope of the present invention.

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, sending before refund request to terminal, be converted to wake-up states by resting state; Intelligent cipher equipment sends refund request to terminal under wake-up states.Intelligent cipher equipment is converted to resting state by wake-up states after sending refund request.In the time that intelligent cipher equipment receives the reimbursement information of terminal transmission, be converted to wake-up states by resting state, under wake-up states, carry out the operation of prompting reimbursement information and generation reimbursement dynamic password.Intelligent cipher equipment after sending reimbursement dynamic password to terminal (for example, send after the acoustic signals that reimbursement dynamic password is corresponding, or show that image information corresponding to reimbursement dynamic password reached after predetermined time), be converted to resting state by wake-up states.

Mode three, intelligent cipher equipment send refund request to terminal; Concrete, client can be by pressing button on intelligent cipher equipment to generate refund request, and intelligent cipher equipment receives after this refund request, and this refund request is sent to this terminal.Certainly, any intelligent cipher equipment that can trigger generates the implementation of refund request and all belongs in protection scope of the present invention.

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also, sending before refund request to terminal, be converted to wake-up states by resting state; Intelligent cipher equipment sends refund request to terminal under wake-up states.

Terminal generates refund request mark, and sends refund request mark to intelligent cipher equipment; Concrete, terminal can generate random number, and this random number is identified as refund request, and this random number is used for offering intelligent cipher equipment to generate reimbursement information.

Intelligent cipher equipment receives after refund request mark, generates reimbursement confirmation and sends reimbursement confirmation to terminal, and wherein, reimbursement confirmation comprises reimbursement information and reimbursement dynamic password; Concrete, the Information generation reimbursement information such as this refund request mark of intelligent cipher equipment utilization, refund amount, reimbursement account, this reimbursement information can also comprise the combination in any such as reimbursement transaction odd numbers, reimbursement both sides' identification information; Wherein, refund amount can be inputted by the button on intelligent cipher equipment, certainly, also can be by other means (for example, phonetic entry) input, reimbursement account can be inputted by the button on intelligent cipher equipment, can also the reimbursement account in intelligent cipher equipment input by reading pre-stored; Certainly, can also, after transaction completes, on intelligent cipher equipment, preserve Transaction Information, by inquiring about Transaction Information to obtain the information such as refund amount and reimbursement account.Intelligent cipher equipment can also send reimbursement information through but not limited to following mode: intelligent cipher equipment sends by acoustic signals after reimbursement information is encoded; Or intelligent cipher equipment carries out also showing so that terminal is carried out IMAQ after encoding of graphs to reimbursement information; Or the communication interface that intelligent cipher equipment mates with terminal by intelligent cipher equipment sends reimbursement information.

In order to save the electric energy of intelligent cipher equipment, increase the service life, intelligent cipher equipment can also be after sending reimbursement dynamic password to terminal (for example, send after the acoustic signals that reimbursement dynamic password is corresponding, or show that image information corresponding to reimbursement dynamic password reached after predetermined time), be converted to resting state by wake-up states.

Terminal receives reimbursement dynamic password, sends reimbursement dynamic password to backstage system server; Concrete, terminal can receive reimbursement dynamic password through but not limited to following mode: terminal receives the acoustic signals of intelligent cipher equipment transmission and acoustic signals is decoded and (for example obtained reimbursement dynamic password, can adopt sound wave identification equipment to identify acoustic signals, adopt sound wave decoder to decode and obtain reimbursement dynamic password acoustic signals); Or terminal gathers image information that intelligent cipher equipment shows to image information (for example, Quick Response Code, bar code etc.) decoding obtains reimbursement dynamic password (for example adopt image capture device to gather image information, employing decoder obtains reimbursement dynamic password after image information is decoded); Or the communication interface that terminal is mated with intelligent cipher equipment by terminal receives reimbursement dynamic password.In addition, terminal can send reimbursement dynamic password to backstage system server by dedicated network.

Background system server receives after reimbursement dynamic password, reimbursement dynamic password is verified, and after being verified, carried out reimbursement operation.

Certainly, background system server is being carried out after reimbursement operation, can also send reimbursement success receipt information to terminal and/or intelligent cipher equipment, so that shop and/or client can learn reimbursement success.

As can be seen here, by above-mentioned reimbursement flow process, can greatly simplify the operation of client in reimbursement process, the device-dependent safety function of application intelligent cipher can ensure the fail safe of client's reimbursement process, for consumer brings seamless experience.

Cancellation:

Comprise the cancellation of terminal and the cancellation of intelligent cipher equipment, below only the cancellation of intelligent cipher equipment described:

Intelligent cipher equipment obtains intelligent cipher equipment cancellation application, and intelligent cipher equipment cancellation application is audited; Concrete, this cancellation application can send by terminal or intelligent cipher equipment, also can manually handle.

Background system server, after examination & verification intelligent cipher equipment cancellation application is passed through, is deleted corresponding user profile and the identification information of intelligent cipher equipment and the mapping relations of seed key of intelligent cipher equipment; Concrete, background system server is in the time carrying out cancellation, except deleting the user profile and the identification information of intelligent cipher equipment and the mapping relations of seed key that intelligent cipher equipment is corresponding, information corresponding this intelligent cipher equipment can also be put in the default cancellation list of background system server and wait other cancellations to operate.

Background system server, by managing registration, cancellation, the certification of intelligent cipher equipment and locking several aspects, is guaranteed the legitimacy of intelligent cipher equipment, the property loss having produced while having stopped illegally to be usurped due to intelligent cipher equipment.

What deserves to be explained is; the above operation of system is not carried out successively; it can only complete wherein several operations; in addition; above operation is also not limited only to complete under same application scenarios; no matter under which kind of application scenarios, as long as use arbitrary operation of the present invention, and can safety execute transaction and should belong to protection scope of the present invention.

Below, provide the exemplary a kind of application scenarios of the present invention:

In this application scene, integrated wireless communication module on intelligent cipher equipment, and status control module forms the novel intelligent cipher equipment that can be used for secure payment of the present invention.This intelligent cipher equipment comprises wireless communication module, it can be bluetooth communication or WIFI communication module etc., this wireless communication module can carry out inquiry scan and page scan to other equipment, and can carry out the mutual of signal and data with other wireless devices.On this intelligent cipher equipment, also comprise a status control module simultaneously, can control the operating state of wireless communication module and the main frame of intelligent cipher equipment.And intelligent cipher equipment of the present invention possesses two states: resting state and wake-up states, under resting state, only have transceiver (wireless communication module) and status control module in work, CPU will close, can not carry out command operating (for example: receive, send the functions such as data), thereby make the state of intelligent cipher equipment in a kind of low-power consumption.When other wireless devices are issued this intelligent cipher equipment application instruction from outside, status control module can be identified these signals, and generates wake-up signal, and CPU is waken up as wake-up states, starts to carry out this utility command.After command execution is complete, CPU will enter resting state again.

Below, be briefly described for transaction flow process of the present invention:

Intelligent cipher equipment is in resting state, user enters with this intelligent cipher equipment in the wireless signal coverage of terminal, intelligent cipher equipment and terminal complete the interactive identification of wireless device, and terminal can be known has intelligent cipher equipment to enter shop, terminal place and connects with this intelligent cipher equipment.

After terminal and intelligent cipher equipment connect, terminal can send to intelligent cipher equipment the request of authenticating device, intelligent cipher equipment receives this request, status control module can be sent wake-up signal, now CPU will be waken up, intelligent cipher equipment enters wake-up states, and carries out corresponding operation.

After intelligent cipher equipment completes command adapted thereto, return to resting state, and continue the equipment interactive identification of maintenance and terminal, whether check out so that terminal can judge the holder of intelligent cipher equipment.

Terminal proposes the request of reading user profile to backstage system server, background system server proposes the request of input authorized user message, and now terminal can send user-authorization-request to intelligent cipher equipment.

Intelligent cipher equipment under resting state receives the user-authorization-request that self terminal sends, and enters wake-up states.Intelligent cipher equipment is by the request of display terminal, and prompting user judges whether to authorize.

The request that user sends according to the terminal showing judges whether to authorize, if authorize, the acknowledgement key of pressing on intelligent cipher equipment makes intelligent cipher equipment produce authorization message and send to terminal, then proceed to resting state, otherwise, intelligent cipher device end fill order, directly proceeds to resting state.

In the time of clearing, terminal can send customer transaction to the intelligent cipher equipment of resting state again and confirm request instruction, intelligent cipher equipment under resting state receives this instruction and enters wake-up states, intelligent cipher equipment shows the Transaction Information receiving, user confirms, if Transaction Information is correct, presses acknowledgement key and make intelligent cipher equipment generate transaction dynamic password, and return to terminal; Otherwise, finishing executable operations, intelligent cipher equipment proceeds to resting state.

Below, provide another kind of application scenarios of the present invention:

Terminal is set up active user's list at home server, and this current user list can be used for storing user profile corresponding to intelligent cipher equipment that the client in current shop holds;

Terminal home server for example, is monitored the intelligent cipher equipment in the wireless signal coverage of terminal by wireless mode (adopting wireless exploration equipment);

Client is carrying the shopping of going window-shopping of the intelligent cipher equipment (in resting state) with wireless communication function, in this client enters the wireless signal coverage of terminal, intelligent cipher equipment can be arrived by terminal searching, and sets up wireless connections with terminal;

Terminal sends certification instruction to intelligent cipher equipment;

After the intelligent cipher equipment of resting state is receiving the certification instruction that terminal sends, be waken up, enter wake-up states;

Intelligent cipher equipment generates certification dynamic password, and certification dynamic password and sequence number are sent to terminal;

Terminal, receiving after the certification dynamic password and sequence number that intelligent cipher equipment sends over, sends to background system server by certification dynamic password and sequence number;

The legitimacy of background system server authentication intelligent cipher equipment; If checking is not passed through, finish;

If be verified, background system server authentication intelligent cipher equipment success, sends to terminal by user profile such as user's accounts;

Terminal receives after the user profile of background system server transmission, and user profile is stored in active user's list;

After finishing, client's shopping settles accounts to cashier;

Terminal settlement amounts, and account corresponding to intelligent cipher equipment of choosing this client to hold in active user's list;

The combination in any in the commodity of choosing, dealing money, bank settlement both sides account, bank settlement both sides identification information etc. is generated Transaction Information by terminal, and send to intelligent cipher equipment;

Intelligent cipher equipment receives after Transaction Information, proceeds to wake-up states, and Transaction Information is shown on screen, waits for that user confirms;

Client confirms Transaction Information, if having problem by cancellation, and trading suspension, intelligent cipher equipment proceeds to resting state;

If after user confirms that Transaction Information is correct, press the confirmation button arranging on intelligent cipher equipment, intelligent cipher equipment generates and shows the dynamic password of concluding the business;

User inputs this transaction dynamic password in terminal, and transfer request and transaction dynamic password are sent to background system server by terminal;

Background system server receives after transfer request and transaction dynamic password, checking transaction dynamic password, and after being verified, complete and transfer accounts, and send to terminal the successful information that paid of transferring accounts, certainly, background system server can also complete payment information exchange and cross terminal and send to intelligent cipher equipment, has concluded the business so that client learns;

Terminal receives that this payment completes information, pays commodity to client, and checkout completes.

By background system server, intelligent cipher equipment being authenticated, is in believable situation at intelligent cipher equipment, and while utilizing transaction, intelligent cipher equipment, to showing the link of information manual confirmation, has also ensured intelligent cipher equipment holder's transaction security.

Based on data security interactive system provided by the invention, client is in the time entering shop and conclude the business, complete payment without related account vehicle equipments such as matching with mobile phone, bank card or financial IC cards, and the payment process of original technology all need to possess by SIM card or smart card etc. the equipment of account memory function, user also needs to swipe the card, brush the operations such as mobile phone just can complete transaction.Adopt system provided by the invention, client can be without completing payment by modes such as wallet, credit card, mobile phones, thereby simplify the interactive operation in payment process of client and trade company, improved payment efficiency, promoted the experience of client in the payment process of near field; Utilize the fail safe of the safety profile promise customer payment process of intelligent cipher equipment simultaneously.

Client has chosen commodity later in the time of checkout, terminal is without obtaining user profile by the mode that allows client manually swipe the card or to brush mobile phone again, to have suffered because this user profile has been stored in active user's list of terminal in the time just entering shop, when checkout, client only need quote the name of oneself, terminal can directly be sent to the Transaction Informations such as the amount of money after clearing client's intelligent cipher equipment and show, now, client only need utilize intelligent cipher equipment to confirm, and in terminal input transaction dynamic password, Transaction Information and transaction dynamic password are sent to background system server by terminal, the processing of transferring accounts after this transaction dynamic password of background system server authentication is accurate, can complete payment process.

In the time that client walks out the signal cover in this family shop, the network between intelligent cipher equipment and terminal is connected and will automatically interrupts, and user profile disappears from active user's list in this shop.If when client enters again another family shop, will automatically enter in active user's list in this another family shop, start another shopping.Do not need like this client to carry out any operation, only need client, in the time of shopping, a small and exquisite intelligent cipher equipment is put into oneself to pocket, adopt the present invention just can bring seamless experience for client.

Any process of otherwise describing in flow chart or at this or method are described and can be understood to, represent to comprise that one or more is for realizing module, fragment or the part of code of executable instruction of step of specific logical function or process, and the scope of the preferred embodiment of the present invention comprises other realization, wherein can be not according to order shown or that discuss, comprise according to related function by the mode of basic while or by contrary order, carry out function, this should be understood by embodiments of the invention person of ordinary skill in the field.

Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, multiple steps or method can realize with being stored in software or the firmware carried out in memory and by suitable instruction execution system.For example, if realized with hardware, the same in another embodiment, can realize by any one in following technology well known in the art or their combination: there is the discrete logic for data-signal being realized to the logic gates of logic function, there is the application-specific integrated circuit (ASIC) of suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.

Those skilled in the art are appreciated that realizing all or part of step that above-described embodiment method carries is can carry out the hardware that instruction is relevant by program to complete, described program can be stored in a kind of computer-readable recording medium, this program, in the time carrying out, comprises step of embodiment of the method one or a combination set of.

In addition, the each functional unit in each embodiment of the present invention can be integrated in a processing module, can be also that the independent physics of unit exists, and also can be integrated in a module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.If described integrated module realizes and during as production marketing independently or use, also can be stored in a computer read/write memory medium using the form of software function module.

The above-mentioned storage medium of mentioning can be read-only memory, disk or CD etc.

In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or example in conjunction with specific features, structure, material or the feature of this embodiment or example description.In this manual, the schematic statement of above-mentioned term is not necessarily referred to identical embodiment or example.And specific features, structure, material or the feature of description can be with suitable mode combination in any one or more embodiment or example.

Although illustrated and described embodiments of the invention above, be understandable that, above-described embodiment is exemplary, can not be interpreted as limitation of the present invention, those of ordinary skill in the art can change above-described embodiment within the scope of the invention in the situation that not departing from principle of the present invention and aim, amendment, replacement and modification.Scope of the present invention is by claims and be equal to and limit.

Claims (22)

1. a data security interactive system, is characterized in that, comprising:

Terminal, at signal cover interscan intelligent cipher equipment, and obtains identification information and the certification dynamic password of described intelligent cipher equipment; Send identification information and the certification dynamic password of authentication request, described intelligent cipher equipment to backstage system server; After described background system server completes the certification of described intelligent cipher equipment, obtain user profile corresponding to described intelligent cipher equipment; Described user profile is stored in active user's list of setting up in advance; The user profile corresponding according to intelligent cipher equipment to be transacted generates Transaction Information, and obtains transaction request information according to described Transaction Information; Send described transaction request information to described intelligent cipher equipment; Receive transaction dynamic password, described transaction dynamic password is generated by described intelligent cipher equipment; Obtain transaction data package according to described transaction dynamic password and described Transaction Information, and send described transaction data package to described background system server;

Described background system server, for receiving identification information and the certification dynamic password of the described authentication request of described terminal transmission, described intelligent cipher equipment, completes the certification to described intelligent cipher equipment; Receive after the described transaction data package of described terminal transmission, described transaction dynamic password is verified, and carry out transaction after being verified;

Described intelligent cipher equipment, the described transaction request information sending for receiving described terminal, according to Transaction Information described in described transaction request information acquisition; Point out described Transaction Information; Confirmation of receipt instruction, and generate transaction dynamic password.

2. system according to claim 1, is characterized in that,

Described terminal, also for send certification instruction to described intelligent cipher equipment, and receive the identification information of described intelligent cipher equipment, receive the certification dynamic password of described intelligent cipher equipment transmission or receive the certification dynamic password that user inputs, obtaining identification information and the certification dynamic password of described intelligent cipher equipment;

Described intelligent cipher equipment, the described certification instruction also sending for receiving described terminal, generate certification dynamic password, send the identification information of described intelligent cipher equipment or send the identification information of described intelligent cipher equipment and authenticate dynamic password to described terminal to described terminal.

3. system according to claim 1 and 2, is characterized in that,

Described background system server, also, for receiving identification information and the certification dynamic password of the described authentication request of described terminal transmission, described intelligent cipher equipment, obtain seed key corresponding to described intelligent cipher equipment according to the identification information of described intelligent cipher equipment; Generate the checking password of certification dynamic password according to described seed key; Described certification dynamic password and described checking password are contrasted, contrast when consistent at described certification dynamic password and described checking password, complete the certification to described intelligent cipher equipment.

4. according to the system described in claims 1 to 3 any one, it is characterized in that,

Described terminal, also for sending identification information and the user profile read requests of described intelligent cipher equipment to described background system server; The response message that receives the described user profile read requests of described background system server transmission, obtains described user profile according to the response message of described user profile read requests;

Described background system server, also, for receiving identification information and the described user profile read requests of the described intelligent cipher equipment that described terminal sends, obtain the user profile corresponding with described intelligent cipher equipment according to the identification information of described intelligent cipher equipment; Obtain the response message of described user profile read requests according to described user profile, and send the response message of described user profile read requests to described terminal.

5. according to the system described in claims 1 to 3 any one, it is characterized in that,

Described terminal, also for sending user profile read requests to described intelligent cipher equipment; The response message that receives the described user profile read requests of described intelligent cipher equipment transmission, obtains described user profile according to the response message of described user profile read requests;

Described intelligent cipher equipment, also for obtaining pre-stored user profile, and obtains the response message of described user profile read requests, and sends the response message of described user profile read requests to described terminal according to described user profile.

6. according to the system described in claims 1 to 3 any one, it is characterized in that,

Described background system server, also for sending user profile corresponding to described intelligent cipher equipment to described terminal;

Described terminal, user profile corresponding to described intelligent cipher equipment also sending for receiving described background system server.

7. according to the system described in claim 1 to 6 any one, it is characterized in that,

Described terminal, also for after signal cover interscan intelligent cipher equipment, obtains the identification information of the whole intelligent cipher equipment in the signal cover of described terminal, generates real-time identification list; The identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list is compared according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list, not in described active user's list, obtains user profile corresponding to described intelligent cipher equipment; And if the identification information of intelligent cipher equipment in described active user's list is in described real-time identification list, delete in described active user's list the not user profile of the intelligent cipher equipment in described real-time identification list.

8. according to the system described in claim 1 to 6 any one, it is characterized in that,

Described terminal, also for after signal cover interscan intelligent cipher equipment, obtains the identification information of the whole intelligent cipher equipment in the signal cover of described terminal, generates real-time identification list; The identification information of the intelligent cipher equipment in the identification information of the intelligent cipher equipment in described real-time identification list and described active user's list is compared according to the default time interval; If the identification information of the intelligent cipher equipment in described real-time identification list is not in described active user's list, obtain user profile corresponding to described intelligent cipher equipment, and obtain after described user profile in described terminal, described user profile is stored in described real-time identification list; And if the identification information of intelligent cipher equipment in described real-time identification list is in described active user's list, the user profile of described intelligent cipher equipment in described active user's list is stored in described real-time identification list; Described active user's list using described real-time identification list after upgrading.

9. system according to claim 2, is characterized in that,

Described intelligent cipher equipment, the described certification instruction also sending for receiving described terminal, is converted to wake-up states by resting state; Under wake-up states, generate certification dynamic password.

10. according to the system described in claim 1 to 9 any one, it is characterized in that,

Described background system server, also, for receiving after the identification information and certification dynamic password of described authentication request, described intelligent cipher equipment, judge whether the identification information of described intelligent cipher equipment is included in the intelligent cipher unit exception list prestoring in described background system server; After the identification information of judging described intelligent cipher equipment is in described intelligent cipher unit exception list, obtains locking intelligent cipher device directive, and send described locking intelligent cipher device directive by described terminal to described intelligent cipher equipment;

Described intelligent cipher equipment, the described locking intelligent cipher device directive also sending for receiving described terminal, carries out lock operation according to described locking intelligent cipher device directive.

11. according to the system described in claim 1 to 10 any one, it is characterized in that,

Described background system server, also for receiving the application of intelligent cipher facility registration, and application is audited to described intelligent cipher facility registration; After the application of the described intelligent cipher facility registration of examination & verification is passed through, store user profile and the identification information of described intelligent cipher equipment and the mapping relations of seed key that described intelligent cipher equipment is corresponding.

12. systems according to claim 11, is characterized in that,

Described background system server, also for obtaining intelligent cipher equipment cancellation application, and audits described intelligent cipher equipment cancellation application; After the described intelligent cipher equipment cancellation application of examination & verification is passed through, delete user profile and the identification information of described intelligent cipher equipment and the mapping relations of seed key that described intelligent cipher equipment is corresponding.

13. according to the system described in claim 1 to 12 any one, it is characterized in that,

Described intelligent cipher equipment, the described transaction request information also sending for receiving described terminal, is converted to wake-up states by resting state; Under wake-up states according to Transaction Information described in described transaction request information acquisition.

14. according to the system described in claim 1 to 13 any one, it is characterized in that,

Described terminal, also for receiving the acoustic signals of described intelligent cipher equipment transmission and described acoustic signals being decoded and obtained transaction dynamic password; Or

Gather the image information of described intelligent cipher equipment demonstration and described image information is decoded and obtained described transaction dynamic password; Or

The communication interface of mating with described intelligent cipher equipment by described terminal receives described transaction dynamic password; Or

The dynamic password of concluding the business described in the information acquisition of inputting by described terminal.

15. according to the system described in claim 1 to 14 any one, it is characterized in that,

Described background system server also for described transaction dynamic password is being verified, and is carried out after transaction after being verified, and sends Transaction Success acknowledgement information to described terminal; And/or send Transaction Success acknowledgement information by described terminal to described intelligent cipher equipment;

Described intelligent cipher equipment, also, for receiving described Transaction Success acknowledgement information, points out described Transaction Success acknowledgement information.

16. according to the system described in claim 1 to 15 any one, it is characterized in that,

Described terminal, also at described background system server, described transaction dynamic password being verified, and carry out transaction after being verified after, sends reimbursement information to described intelligent cipher equipment; Receive reimbursement dynamic password, send described reimbursement dynamic password to described background system server, wherein, described reimbursement dynamic password is generated by described intelligent cipher equipment;

Described intelligent cipher equipment, the described reimbursement information also sending for receiving described terminal, points out described reimbursement information; Receive reimbursement and confirm instruction, generate reimbursement dynamic password;

Described background system server, the described reimbursement dynamic password also sending for receiving described terminal, verifies described reimbursement dynamic password, and after being verified, carries out reimbursement operation.

17. according to the system described in claim 1 to 15 any one, it is characterized in that,

Described intelligent cipher equipment, also at described background system server, described transaction dynamic password being verified, and carry out transaction after being verified after, sends refund request to described terminal; Receive the described reimbursement information that described terminal sends, point out described reimbursement information; Receive reimbursement and confirm instruction, generate reimbursement dynamic password;

Described terminal, also for generating reimbursement information, and sends described reimbursement information to described intelligent cipher equipment; Receive described reimbursement dynamic password, send described reimbursement dynamic password to described background system server;

Described background system server, the described reimbursement dynamic password also sending for receiving described terminal, verifies described reimbursement dynamic password, and after being verified, carries out reimbursement operation.

18. according to the system described in claim 1 to 15 any one, it is characterized in that,

Described intelligent cipher equipment, also at described background system server, described transaction dynamic password being verified, and carry out transaction after being verified after, sends refund request to described terminal; Receive the described refund request mark that described terminal sends, generate reimbursement confirmation and send described reimbursement confirmation to described terminal, wherein, described reimbursement confirmation comprises reimbursement information and reimbursement dynamic password;

Described terminal, also for generating refund request mark, and sends described refund request mark to described intelligent cipher equipment; Receive described reimbursement confirmation, send described reimbursement confirmation to described background system server;

Described background system server, the described reimbursement confirmation also sending for receiving described terminal, verifies described reimbursement dynamic password, and after being verified, carries out reimbursement operation.

19. according to the system described in claim 16 or 17, it is characterized in that, in described reimbursement information, also comprises duplet bill.

20. systems according to claim 15, is characterized in that, described Transaction Success acknowledgement information also comprises duplet bill.

21. according to the system described in claim 1 to 20 any one, it is characterized in that, also comprises duplet bill in described Transaction Information.

22. according to the system described in claim 1 to 21 any one, it is characterized in that,

Described intelligent cipher equipment, also for by described terminal before signal cover interscan is arrived, enter and can be scanned state.