CN102404113A - Method and system both for safety information interaction - Google Patents
Method and system both for safety information interaction Download PDFInfo
- Publication number
- CN102404113A CN102404113A CN2010102762618A CN201010276261A CN102404113A CN 102404113 A CN102404113 A CN 102404113A CN 2010102762618 A CN2010102762618 A CN 2010102762618A CN 201010276261 A CN201010276261 A CN 201010276261A CN 102404113 A CN102404113 A CN 102404113A
- Authority
- CN
- China
- Prior art keywords
- safety information
- information
- smart card
- card apparatus
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephonic Communication Services (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method and a system both for safety information interaction. The system for the safety information interaction comprises a mobile terminal and an information processing terminal, wherein the mobile terminal transmits safety information inputted by users together with business data information to the information processing terminal. The method and the system both for the safety information interaction can improve utilization rate of network resources and having high safety and reliability.
Description
Technical field
The present invention relates to information interacting method and system, more specifically, relate to safety information exchange method and system.
Background technology
At present, along with becoming increasingly abundant of the class of business of the increasingly extensive and different field of network and application of IC cards, carry out the more and more important alternately of smart card security property information (promptly higher information, for example password) to security requirement through network.
As shown in Figure 1, existing smart card security property information interaction system comprises smart card, safety information input equipment and the information processing terminal.Its basic functional principle is following: said smart card is communicated by letter with the said information processing terminal, and to said information processing terminal transmit traffic data information; Subsequently, the user is through said safety information input equipment input password, and said password is a clear-text passwords; Subsequently, the said information processing terminal is accomplished authentication and is handled said service data information according to said password.
Yet there is following problem in above-mentioned existing scheme: (1) said information interaction system must have special-purpose safety information input equipment, so system complexity is higher; (2) said service data information and said password are input in the said information processing terminal through the various network path respectively, so network resource utilization is lower; (3) input password through mode expressly, and said password must pass through third party device (being said safety information input equipment), so security of system reduces.
Therefore, there is following demand: a kind of safety information interactive system and method that not only can improve network resource utilization but also have high fail safe and reliability is provided.
Summary of the invention
In order to solve the existing defective of above-mentioned prior art scheme, the present invention proposes a kind of safety information exchange method and system.
The objective of the invention is to realize through following technical scheme:
A kind of safety information interactive system, said safety information interactive system comprises:
Portable terminal, said portable terminal are used for the safety information of user's input is sent to the information processing terminal together with service data information;
The information processing terminal, the said information processing terminal are used for sending authentication request according to said safety information that receives and said service data information, and accomplish Business Processing according to the authentication result of returning.
In the disclosed in the above scheme, preferably, said portable terminal further comprises:
Controller, said controller are used to receive the said safety information of user's input, and said safety information is stored in the smart card apparatus;
Smart card apparatus, said smart card apparatus are used for said safety information is sent to the said information processing terminal together with service data information.
In the disclosed in the above scheme, preferably, said controller is communicated by letter with said smart card apparatus through the IS07816 agreement, thereby accomplishes the storage of said safety information.
In the disclosed in the above scheme, alternatively, said safety information is stored in the said smart card apparatus with disposable temporary mode.
In the disclosed in the above scheme, alternatively, said safety information longer-term storage is in said smart card apparatus, and said safety information is effective all the time in predefined access times.
In the disclosed in the above scheme, preferably, said smart card apparatus is through the 13.56Mhz frequency range and follow the noncontact agreement and communicate by letter with the said information processing terminal, obtains thereby accomplish the disposable of said safety information and said service data information.
In the disclosed in the above scheme, preferably, said safety information interactive system adopts the fail safe that strengthens one of at least the safety information storing process in the following manner:
(1) before said safety information stores said smart card apparatus into, said smart card apparatus is verified said safety information;
(2), encrypts said safety information said safety information before storing said smart card apparatus into;
(3) salt matrices that accesses to your password is accomplished the storage of said safety information.
In the disclosed scheme, preferably,, said safety information use RSA cryptographic algorithms to encrypt said safety information before storing said smart card apparatus in the above.
The object of the invention also can be realized through following technical scheme:
A kind of safety information exchange method, said safety information exchange method comprises the steps:
(A1) user uses portable terminal input safety information;
(A2) said portable terminal sends to the information processing terminal with said safety information together with service data information;
(A3) the said information processing terminal sends authentication request according to said safety information that receives and said service data information, and accomplishes Business Processing according to the authentication result of returning.
In the disclosed in the above scheme, preferably, said step (A1) further comprises: the controller in the said portable terminal receives the said safety information of user's input, and said safety information is stored in the smart card apparatus in the said portable terminal.
In the disclosed in the above scheme, preferably, said controller is communicated by letter with said smart card apparatus through the IS07816 agreement, thereby accomplishes the storage of said safety information.
In the disclosed in the above scheme, alternatively, said safety information is stored in the said smart card apparatus with disposable temporary mode.
In the disclosed in the above scheme, alternatively, said safety information longer-term storage is in said smart card apparatus, and said safety information is effective all the time in predefined access times.
In the disclosed in the above scheme, preferably, said smart card apparatus is through the 13.56Mhz frequency range and follow the noncontact agreement and communicate by letter with the said information processing terminal, obtains thereby accomplish the disposable of said safety information and said service data information.
In the disclosed in the above scheme, preferably, said safety information exchange method adopts the fail safe that strengthens one of at least the safety information storing process in the following manner:
(1) before said safety information stores said smart card apparatus into, said smart card apparatus is verified said safety information;
(2), encrypts said safety information said safety information before storing said smart card apparatus into;
(3) salt matrices that accesses to your password is accomplished the storage of said safety information.
In the disclosed scheme, preferably,, said safety information use RSA cryptographic algorithms to encrypt said safety information before storing said smart card apparatus in the above.
Disclosed safety information interactive system of the present invention and method have following advantage: because portable terminal can send to the said information processing terminal with said safety information and service data information simultaneously together, therefore can improve utilization rate of network resource; Simultaneously, owing to do not need the safety information input equipment of third-party special use, therefore have high fail safe and reliability.
Description of drawings
In conjunction with accompanying drawing, technical characterictic of the present invention and advantage will be understood by those skilled in the art better, wherein:
Fig. 1 is the Organization Chart of existing safety information interactive system;
Fig. 2 is the Organization Chart of safety information interactive system according to an embodiment of the invention;
Fig. 3 is the flow chart of safety information exchange method according to an embodiment of the invention.
Embodiment
Fig. 2 is the Organization Chart of safety information interactive system according to an embodiment of the invention.As shown in Figure 2, the disclosed safety information interactive system of the present invention comprises portable terminal 1, the information processing terminal 2 (for example being similar to the device of POS machine).Wherein, said portable terminal 1 is used for input safety information (for example password), and said safety information is sent to the said information processing terminal 2 together with service data information (for example smart card ID number etc.).The said information processing terminal 2 is used for sending authentication request according to said safety information that receives and said service data information, and accomplishes Business Processing according to the authentication result of returning.
As shown in Figure 2, in the disclosed safety information interactive system of the present invention, said portable terminal 1 further comprises smart card apparatus 3 and controller 4.Said controller 4 is used to receive the said safety information of user's input, and said safety information is stored in the said smart card apparatus 3.Said smart card apparatus 3 is used for said safety information is sent to the said information processing terminal 2 together with service data information (for example smart card ID number etc.).
In the disclosed safety information interactive system of the present invention, preferably, said controller 4 is communicated by letter with said smart card apparatus 3 through the IS07816 agreement, thereby accomplishes the storage of said safety information.Alternatively, the storage mode of said safety information has following two kinds: (1) is disposable temporary, loses efficacy after promptly this this Business Processing is accomplished; (2) longer-term storage, promptly in the effective degree that is provided with in advance, said safety information is effective all the time.
Preferably; In the disclosed safety information interactive system of the present invention; Said smart card apparatus 3 is through the 13.56Mhz frequency range and follow the noncontact agreement and communicate by letter with the said information processing terminal 2, obtains thereby accomplish the disposable of said safety information and service data information.Above-mentioned preferred communication mode only is exemplary, it should be appreciated by those skilled in the art, can adopt any communication mode that is suitable for accomplishing said function.Preferably, said service data information defaults in the said smart card apparatus 3.
Preferably; In the disclosed safety information interactive system of the present invention; According to the actual requirements; Can add the fail safe of adopting in the following manner that strengthens one of at least said safety information storing process: (1) before said safety information stores said smart card apparatus 3 into, the said safety information of said smart card apparatus 3 checkings; (2) before said safety information stores said smart card apparatus 3 into, encrypt said safety information and (can use RSA cryptographic algorithms; Be that said smart card apparatus generates the public private key pair of disposable or permanent storage and PKI is sent to said controller 4, said subsequently controller 4 uses these PKIs that said safety information is encrypted) (3) salt matrices that accesses to your password accomplishes the storage of said safety information.
The basic functional principle of the disclosed safety information interactive system of the present invention is following: the user uses said portable terminal 1 input safety information; Controller 4 in the said portable terminal 1 stores said safety information in the said smart card apparatus 4 into; The user near the said information processing terminal 2, and sends said portable terminal to the said information processing terminal 2 with said safety information with preset service data information; The said information processing terminal 2 is initiated authentication request according to said safety information and said service data information, and accomplishes Business Processing according to the authentication result of returning.
Fig. 3 is the flow chart of safety information exchange method according to an embodiment of the invention.As shown in Figure 3, the disclosed safety information exchange method of the present invention comprises the steps: that (A1) user uses portable terminal input safety information (for example password); (A2) said portable terminal sends to the information processing terminal with said safety information together with service data information (for example smart card ID number etc.); (A3) the said information processing terminal sends authentication request according to said safety information that receives and said service data information, and accomplishes Business Processing according to the authentication result of returning.
Preferably; In the disclosed safety information exchange method of the present invention; Step (A1) further comprises: the controller in the said portable terminal receives the said safety information of user's input, and said safety information is stored in the smart card apparatus in the said portable terminal.
In the disclosed safety information exchange method of the present invention, preferably, said controller is communicated by letter with said smart card apparatus through the IS07816 agreement, thereby accomplishes the storage of said safety information.Alternatively, the storage mode of said safety information is one of following dual mode: (1) is disposable temporary, loses efficacy after promptly this this Business Processing is accomplished; (2) longer-term storage, promptly in the effective degree that is provided with in advance, said safety information is effective all the time.
Preferably; In the disclosed safety information exchange method of the present invention; Said smart card apparatus is through the 13.56Mhz frequency range and follow the noncontact agreement and communicate by letter with the said information processing terminal, obtains thereby accomplish the disposable of said safety information and service data information.Above-mentioned preferred communication mode only is exemplary, it should be appreciated by those skilled in the art, can adopt any communication mode that is suitable for accomplishing said function.Preferably, said service data information defaults in the said smart card apparatus.
Preferably; In the disclosed safety information exchange method of the present invention; According to the actual requirements; Can add the fail safe of adopting in the following manner that strengthens one of at least said safety information storing process: (1) before said safety information stored said smart card apparatus into, said smart card apparatus was verified said safety information; (2) before said safety information stores said smart card apparatus into, encrypt said safety information and (can use RSA cryptographic algorithms; It is the public private key pair that said smart card apparatus generates disposable or permanent storage; And PKI sent to said controller, and said subsequently controller uses this PKI that said safety information is encrypted) (3) salt matrices that accesses to your password accomplishes the storage of said safety information.
Although the present invention describes through above-mentioned preferred implementation, its way of realization is not limited to above-mentioned execution mode.Should be realized that: under the situation that does not break away from purport of the present invention and scope, those skilled in the art can make different variations and modification to the present invention.
Claims (16)
1. safety information interactive system, said safety information interactive system comprises:
Portable terminal, said portable terminal are used for the safety information of user's input is sent to the information processing terminal together with service data information;
The information processing terminal, the said information processing terminal are used for sending authentication request according to said safety information that receives and said service data information, and accomplish Business Processing according to the authentication result of returning.
2. safety information interactive system according to claim 1 is characterized in that, said portable terminal further comprises:
Controller, said controller are used to receive the said safety information of user's input, and said safety information is stored in the smart card apparatus;
Smart card apparatus, said smart card apparatus are used for said safety information is sent to the said information processing terminal together with service data information.
3. safety information interactive system according to claim 2 is characterized in that, said controller is communicated by letter with said smart card apparatus through I S 07816 agreement, thereby accomplishes the storage of said safety information.
4. safety information interactive system according to claim 3 is characterized in that, said safety information is stored in the said smart card apparatus with disposable temporary mode.
5. safety information interactive system according to claim 3 is characterized in that, said safety information longer-term storage is in said smart card apparatus, and said safety information is effective all the time in predefined access times.
6. according to claim 4 or 5 described safety information interactive systems; It is characterized in that; Said smart card apparatus is through the 13.56Mhz frequency range and follow the noncontact agreement and communicate by letter with the said information processing terminal, obtains thereby accomplish the disposable of said safety information and said service data information.
7. safety information interactive system according to claim 6 is characterized in that, said safety information interactive system adopts the fail safe that strengthens one of at least the safety information storing process in the following manner:
(1) before said safety information stores said smart card apparatus into, said smart card apparatus is verified said safety information;
(2), encrypts said safety information said safety information before storing said smart card apparatus into;
(3) salt matrices that accesses to your password is accomplished the storage of said safety information.
8. safety information interactive system according to claim 7 is characterized in that, before said safety information stores said smart card apparatus into, uses RSA cryptographic algorithms to encrypt said safety information.
9. safety information exchange method, said safety information exchange method comprises the steps:
(A1) user uses portable terminal input safety information;
(A2) said portable terminal sends to the information processing terminal with said safety information together with service data information;
(A3) the said information processing terminal sends authentication request according to said safety information that receives and said service data information, and accomplishes Business Processing according to the authentication result of returning.
10. safety information exchange method according to claim 9; It is characterized in that; Said step (A1) further comprises: the controller in the said portable terminal receives the said safety information of user's input, and said safety information is stored in the smart card apparatus in the said portable terminal.
11. safety information exchange method according to claim 10 is characterized in that, said controller is communicated by letter with said smart card apparatus through the IS07816 agreement, thereby accomplishes the storage of said safety information.
12. safety information exchange method according to claim 11 is characterized in that, said safety information is stored in the said smart card apparatus with disposable temporary mode.
13. safety information exchange method according to claim 11 is characterized in that, said safety information longer-term storage is in said smart card apparatus, and said safety information is effective all the time in predefined access times.
14. according to claim 12 or 13 described safety information exchange methods; It is characterized in that; Said smart card apparatus is through the 13.56Mhz frequency range and follow the noncontact agreement and communicate by letter with the said information processing terminal, obtains thereby accomplish the disposable of said safety information and said service data information.
15. safety information exchange method according to claim 14 is characterized in that, said safety information exchange method adopts the fail safe that strengthens one of at least the safety information storing process in the following manner:
(1) before said safety information stores said smart card apparatus into, said smart card apparatus is verified said safety information;
(2), encrypts said safety information said safety information before storing said smart card apparatus into;
(3) salt matrices that accesses to your password is accomplished the storage of said safety information.
16. safety information exchange method according to claim 15 is characterized in that, before said safety information stores said smart card apparatus into, uses RSA cryptographic algorithms to encrypt said safety information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102762618A CN102404113A (en) | 2010-09-08 | 2010-09-08 | Method and system both for safety information interaction |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102762618A CN102404113A (en) | 2010-09-08 | 2010-09-08 | Method and system both for safety information interaction |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102404113A true CN102404113A (en) | 2012-04-04 |
Family
ID=45885934
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102762618A Pending CN102404113A (en) | 2010-09-08 | 2010-09-08 | Method and system both for safety information interaction |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102404113A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243152A (en) * | 2013-06-06 | 2014-12-24 | 中国银联股份有限公司 | Security information interaction system, equipment and method |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040107367A1 (en) * | 2001-02-09 | 2004-06-03 | Friedrich Kisters | Method, arrangement and secure medium for authentication of a user |
| US20070038854A1 (en) * | 2005-08-09 | 2007-02-15 | Sung-Rock Cheon | Secure NFC apparatus and method for supporting various security modules |
| CN101034449A (en) * | 2007-04-17 | 2007-09-12 | 华中科技大学 | Method, system and mobile terminal for implementing electronic payment |
| CN101105776A (en) * | 2007-01-10 | 2008-01-16 | 上海瀚银信息技术有限公司 | Standard extension card with embedded CPU IC and method for realizing electronic payment |
| CN101154281A (en) * | 2006-09-30 | 2008-04-02 | 联想(北京)有限公司 | Method and mobile device for migrating finance data in smart card |
| CN101162535A (en) * | 2006-10-13 | 2008-04-16 | 中国银联股份有限公司 | Method and system for realizing magnetic stripe card trading by IC card |
| CN101604404A (en) * | 2009-07-31 | 2009-12-16 | 北京印天网真科技有限公司 | A kind of Updatable universal smart card and system and method thereof |
| CN101615322A (en) * | 2008-06-25 | 2009-12-30 | 上海富友网络技术有限公司 | Realization has the mobile terminal payment method and system of magnetic payment function |
| CN201465137U (en) * | 2009-06-08 | 2010-05-12 | 深圳市江波龙电子有限公司 | Non-contact card reader |
-
2010
- 2010-09-08 CN CN2010102762618A patent/CN102404113A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040107367A1 (en) * | 2001-02-09 | 2004-06-03 | Friedrich Kisters | Method, arrangement and secure medium for authentication of a user |
| US20070038854A1 (en) * | 2005-08-09 | 2007-02-15 | Sung-Rock Cheon | Secure NFC apparatus and method for supporting various security modules |
| CN101154281A (en) * | 2006-09-30 | 2008-04-02 | 联想(北京)有限公司 | Method and mobile device for migrating finance data in smart card |
| CN101162535A (en) * | 2006-10-13 | 2008-04-16 | 中国银联股份有限公司 | Method and system for realizing magnetic stripe card trading by IC card |
| CN101105776A (en) * | 2007-01-10 | 2008-01-16 | 上海瀚银信息技术有限公司 | Standard extension card with embedded CPU IC and method for realizing electronic payment |
| CN101034449A (en) * | 2007-04-17 | 2007-09-12 | 华中科技大学 | Method, system and mobile terminal for implementing electronic payment |
| CN101615322A (en) * | 2008-06-25 | 2009-12-30 | 上海富友网络技术有限公司 | Realization has the mobile terminal payment method and system of magnetic payment function |
| CN201465137U (en) * | 2009-06-08 | 2010-05-12 | 深圳市江波龙电子有限公司 | Non-contact card reader |
| CN101604404A (en) * | 2009-07-31 | 2009-12-16 | 北京印天网真科技有限公司 | A kind of Updatable universal smart card and system and method thereof |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243152A (en) * | 2013-06-06 | 2014-12-24 | 中国银联股份有限公司 | Security information interaction system, equipment and method |
| CN104243152B (en) * | 2013-06-06 | 2018-01-12 | 中国银联股份有限公司 | Security information interaction system, apparatus and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106559783B (en) | Authentication method, device and system for WIFI network | |
| US20160012272A1 (en) | Fingerprint authentication system and a fingerprint authentication method based on nfc | |
| CN103415008A (en) | Encryption communication method and encryption communication system | |
| CN101159008A (en) | Mutual authentication method between a communication interface and a host processor of an nfc chipset | |
| CN103297403A (en) | Method and system for achieving dynamic password authentication | |
| EP2937806A1 (en) | Method and system for securing electronic data exchange between an industrial programmable device and a portable programmable device | |
| CN102056077B (en) | Method and device for applying smart card by key | |
| CN101917710A (en) | Method, system and related device for mobile internet encryption communication | |
| CN104661171B (en) | Small data secure transmission method and system for MTC (machine type communication) equipment group | |
| EP2881863A1 (en) | Method for implementing encryption in storage card, and decryption method and device | |
| CN103886661A (en) | Entrance guard management method and system | |
| CN103916363A (en) | Communication security management method and system for encryption machine | |
| CN105634737A (en) | Data transmission method, terminals and system thereof | |
| CN103914913A (en) | Intelligent card application scene recognition method and system | |
| CN104270244A (en) | NFC encryption method and system | |
| CN107333263B (en) | Improved SIM card and mobile communication identity recognition method and system | |
| CN105142134A (en) | Parameter obtaining and transmission methods/devices | |
| CN104954130A (en) | Entity identification method and device thereof | |
| CN102546172A (en) | Access control method of intelligent card, intelligent card, terminal and system | |
| CN105407467A (en) | Short message encryption methods, devices and system | |
| CN104936306B (en) | MTC device group small data secure transmission connection establishment method, HSS and system | |
| CN104796399A (en) | Key negotiation method of data encryption transmission | |
| CN103957521A (en) | Community visitor authentication method and system based on NFC technology | |
| CN102045670B (en) | Method, server and smart card for transmitting short message | |
| CN104135458A (en) | Establishment of communication connection between mobile equipment and secure carrier |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20120404 |
|
| RJ01 | Rejection of invention patent application after publication |