Note: Descriptions are shown in the official language in which they were submitted.
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
SECURE DATA INTERACTION METHOD AND SYSTEM
FIELD
. The present disclosure relates to the information security field, and more
particularly, to a
secure data interactive method and system.
BACKGROUND
Mobile payment is a service that allows a user to pay for consumed goods or
services via a
mobile terminal (such as a smart phone, a PDA, a tablet computer and a
laptop). An
organization or an individual may directly or indirectly send a payment
instruction to a banking
financial institution via the mobile terminal, the Internet or near distance
sensing technology to
generate monetary payment and fund flow, so as to realize the mobile payment.
The mobile
payment combines the mobile terminal, the Internet, the application provider
and the financial
institution to provide the user with financial services, like monetary payment
and fee payment.
The mobile payment includes remote payment and near field payment. The remote
payment refers to that the user logs in a bank website via the mobile terminal
to implement
payment and account operations, and is mainly applied to shopping and
consumption on online
e-commerce websites; the near field payment refers to that a consumer pays the
merchant in
real time via the mobile terminal when purchasing goods or services, and the
payment is
processed on the spot, which is an offline operation with no need for a mobile
network but may
realize local communication with either a vending machine or a POS through
radio frequency
(e.g. NFC), infrared ray and Bluetooth of the mobile terminal.
During the entire mobile payment, participants involved in the payment process
include the
consumer, the merchant, a mobile operator, a third party service provider and
a bank. The
consumer and the merchant are service objects of the system; the mobile
operator provides
network support, the bank provides banking services, and the third party
service provider
provides a payment platform; various parties are combined to realize the
business.
Computerization and mobilization of the payment means are inevitable trends of
development,
23012248.1 1
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
but security issues concerning the mobile payment system are core issues of
mobile
e-commerce security.
The problem to be solved is how to guarantee the security of data interaction
during the
mobile payment.
SUMMARY
Embodiments of the present disclosure seek to solve at least one of the
problems
described above.
Accordingly, a first objective of the present disclosure is to provide a
secure data interactive
method.
A second objective of the present disclosure is to provide a secure data
interactive system.
In order to achieve the above objectives, technical solutions of the present
disclosure are
specifically realized in the following ways.
Embodiments of a first aspect of the present disclosure provide a secure data
interactive
method, including: scanning, by a terminal, an intelligent cipher token in a
signal coverage
range and obtaining identification information of the intelligent cipher
token; obtaining, by a
background system server, the identification information of the intelligent
cipher token and
completing an authentication to the intelligent cipher token; obtaining, by
the terminal, user
infdrmation corresponding to the intelligent cipher token after the background
system server
completes the authentication to the intelligent cipher token; and storing, by
the terminal, the user
information into a pre-established current user list.
Additionally, obtaining by a background system server the identification
information of the
intelligent cipher token and completing an authentication to the intelligent
cipher token includes:
generating, by the terminal, first information to be signed; sending, by the
terminal, the first
information to be signed and an authentication instruction to the intelligent
cipher token; signing,
by the intelligent cipher token, the first information to be signed by using a
private key of the
intelligent cipher token to obtain first signature information, after the
intelligent cipher token
receives the first information to be signed and the authentication
instruction; sending, by the
23012248i 2
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
intelligent cipher token, the first signature information and an intelligent
cipher token certificate
to the terminal; sending, by the terminal, authentication request information,
the identification
information of the intelligent cipher token, the first information to be
signed, the first signature
information and the intelligent cipher token certificate to the background
system server, after the
terminal receives the first signature information and the intelligent cipher
token certificate;
verifying, by the background system server, whether the intelligent cipher
token certificate is
legitimate by using a pre-stored root certificate corresponding to the
intelligent cipher token
certificate, after the background system server receives the authentication
request information,
the identification information of the intelligent cipher token, the first
information to be signed, the
first signature information and the intelligent cipher token certificate;
verifying, by the
background system server, the first signature information by using a public
key of the intelligent
cipher token after the intelligent cipher token certificate is verified to be
legitimate; and
completing, by the background system server, the authentication to the
intelligent cipher token
after the first signature information is successfully verified.
Additionally, obtaining by a background system server the identification
information of the
intelligent cipher token and completing an authentication to the intelligent
cipher token includes:
sending, by the terminal, the identification information of the intelligent
cipher token to the
=
background system server; generating, by the background system server, first
information to be
signed and sending the first information to be signed to the terminal, after
the background
system server receives the identification information of the intelligent
cipher token; sending, by
the terminal, the first information to be signed and an authentication
instruction to the intelligent
cipher token after the terminal receives the first information to be signed;
signing, by the
intelligent cipher token, the first information to be signed by using a
private key of the intelligent
cipher token to obtain first signature information, after the intelligent
cipher token receives the
first information to be signed and the authentication instruction; sending, by
the intelligent cipher
token, the first signature information and an intelligent cipher token
certificate to the terminal;
sending, by the terminal, authentication request information, the first
signature information and
the, intelligent cipher token certificate to the background system server,
after the terminal
23012248.1 3
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
receives the first signature information and the intelligent cipher token
certificate; verifying, by
the background system server, whether the intelligent cipher token certificate
is legitimate by
using a pre-stored root certificate corresponding to the intelligent cipher
token certificate, after
the background system server receives the authentication request information,
the first
signature information and the intelligent cipher token certificate; verifying,
by the background
system server, the first signature information by using a public key of the
intelligent cipher token
after the intelligent cipher token certificate is verified to be legitimate;
and completing, by the
background system server, the authentication to the intelligent cipher token
after the first
signature information is verified successfully.
Additionally, obtaining by the terminal user information corresponding to the
intelligent
cipher token includes: sending, by the terminal, the identification
information of the intelligent
cipher token and a user information reading request to the background system
server; obtaining,
by the background system server, the user information corresponding to the
intelligent cipher
token based on the identification information of the intelligent cipher token,
after the background
system server receives the identification information of the intelligent
cipher token and the user
information reading request; obtaining, by the background system server,
response information
of the user information reading request based on the user information and
sending the response
information of the user information reading request to the terminal; and
obtaining, by the
terminal, the user information based on the response information of the user
information reading
request, after the terminal receives the response information of the user
information reading
request.
Additionally, obtaining by the terminal user information corresponding to the
intelligent
cipher token includes: sending, by the terminal, a user information reading
request to the
intelligent cipher token; obtaining, by the intelligent cipher token, pre-
stored user information,
obtaining response information of the user information reading request based
on the pre-stored
user information, and sending the response information of the user information
reading request
to the terminal; and obtaining, by the terminal, the user information based on
the response
information of the user information reading request, after the terminal
receives the response
23012248.1 4
=
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
information of the user information reading request.
Additionally, completing an authentication to the intelligent cipher token
includes: sending,
by the background system server, the user information corresponding to the
intelligent cipher
token to the terminal; and obtaining by the terminal user information
corresponding to the
intelligent cipher token includes: receiving, by the terminal, the user
information corresponding
to the intelligent cipher token sent by the background system server.
Additionally, after scanning by a terminal an intelligent cipher token in a
signal coverage
range and obtaining identification information of the intelligent cipher
token, the method further
includes: generating, by the terminal, a real-time identification list, after
the terminal obtains
identification information of all intelligent cipher tokens in the signal
coverage range of the
terminal; comparing, by the terminal, each piece of identification information
in the real-time
identification list with all the identification information in the pre-
established current user list, at a
-predetermined time interval; executing, by the terminal, the step of
obtaining user information
corresponding to a scanned intelligent cipher token respectively based on
identification
information included in the real-time identification list but not included in
the pre-established
current user list; deleting, from the pre-established current user list, user
information
corresponding to each intelligent cipher token with the identification
information included in the
pre-established current user list but not included in the real-time
identification list.
= Additionally, after scanning by a terminal an intelligent cipher token in
a signal coverage
range and obtaining identification information of the intelligent cipher
token, the method further
includes: generating, by the terminal, a real-time identification list, after
the terminal obtains
identification information of all intelligent cipher tokens in the signal
coverage range of the
terminal; comparing, by the terminal, each piece of identification information
in the real-time
identification list with all the identification information in the pre-
established current user list, at a
predetermined time interval; executing, by the terminal, the step of obtaining
user information
corresponding to a scanned intelligent cipher token respectively based on
identification
information included in the real-time identification list but not included in
the pre-established
current user list, and storing obtained user information into the real-time
identification list;
23012248.1 5
=
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
copying the user information corresponding to each intelligent cipher token
with the identification
information included in the real-time identification list and included in the
pre-established current
user list from the pre-established current user list to the real-time
identification list; and taking
the real-time identification list as an updated current user list.
Additionally, signing by the intelligent cipher token the first information to
be signed by using
a private key of the intelligent cipher token to obtain first signature
information after the
intelligent cipher token receives the first information to be signed and the
authentication
instruction includes: turning, by the intelligent cipher token, a sleep state
into an awakened state
after the intelligent cipher token receives the first information to be signed
and the authentication
=
instruction; and signing, by the intelligent cipher token in the awaked state,
the first information
to be signed by using the private key of the intelligent cipher token to
obtain the first signature
information.
Additionally, after obtaining by a background system server the identification
information of
the intelligent cipher token, the method further includes: judging, by the
background system
server, whether the identification information of the intelligent cipher token
is included in an
intelligent cipher token abnormality list pre-stored in the background system
server; obtaining,
by the background system server, an intelligent cipher token locking
instruction, signing the
intelligent cipher token locking instruction by using a private key of the
background system
server to generate second signature information and sending the intelligent
cipher token locking
instruction and the second signature information to the intelligent cipher
token via the terminal,
after the background system server judges that the identification information
of the intelligent
cipher token is included in the intelligent cipher token abnormality list;
verifying, by the intelligent
cipher token, the second signature information by using a public key in a pre-
stored background
system server certificate, after the intelligent cipher token receives the
intelligent cipher token
locking instruction and the second signature information; and executing, by
the intelligent cipher
token, an intelligent cipher token locking operation based on the intelligent
cipher token locking
instruction, after the second signature information is successfully verified.
Additionally, the method further includes: receiving and checking, by the
background
23012248.1 6
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
system server, an intelligent cipher token registration application; sending,
by the background
system server, an intelligent cipher token key pair generating instruction to
the intelligent cipher
token, after the intelligent cipher token registration application is
successfully checked;
generating, by the intelligent cipher token, an intelligent cipher token key
pair after the intelligent
cipher token receives the intelligent cipher token key pair generating
instruction; sending, by the
intelligent cipher token, a public key in the intelligent cipher token key
pair to the background
system server; generating, by the background system server, an intelligent
cipher token
certificate and sending the intelligent cipher token certificate to the
intelligent cipher token, after
the background system server receives the public key in the intelligent cipher
token key pair;
and storing, by the intelligent cipher token, the intelligent cipher token
certificate.
Additionally, the method further includes: obtaining, by the intelligent
cipher token, an
intelligent cipher token cancellation application, signing the intelligent
cipher token cancellation
application by using a private key of the intelligent cipher token to generate
third signature
information, and sending the intelligent cipher token cancellation application
and the third
signature information to the background system server; verifying, by the
background system
server, the third signature information by using a public key in the pre-
stored intelligent cipher
token certificate, after the background system server receives the intelligent
cipher token
cancellation application and the third signature information; deleting, by the
background system
server, the pre-stored intelligent cipher =token certificate, generating
intelligent cipher token
cancellation completion information and sending the intelligent cipher token
cancellation
completion information to the intelligent cipher token, after the third
signature information is
successfully verified; deleting, by the intelligent cipher token, the private
key of the intelligent
cipher token after the intelligent cipher token receives the intelligent
cipher token cancellation
completion information.
Additionally, after the background system server receives the identification
information of
the intelligent cipher token and the user information reading request, and
before the background
system server sends the response information of the user information reading
request to the
terminal, the method further includes: sending, by the background system
server, user
23012248.1 7
CA 02946914 2016-10-25
CA Application
Blokes Ref: 10798/00013
authorization request information to the intelligent cipher token via the
terminal; generating, by
the intelligent cipher token, authorization information and sending the
authorization information
to the background system server via the terminal, after the intelligent cipher
token receives the
user authorization request information; executing, by the background system
server, the step of
sending the response information of the user information reading request to
the terminal, after
the background system server receives the authorization information.
Additionally, generating by the intelligent cipher token authorization
information after the
intelligent cipher token receives the user authorization request information
includes: turning, by
the intelligent cipher token, a sleep state into an awakened state after the
intelligent cipher token
receives the user authorization request information; and generating, by the
intelligent cipher
token in the awakened state, the authorization information.
Additionally, before scanning by a terminal an intelligent cipher token in a
signal coverage
range and obtaining identification information of the intelligent cipher
token, the method further
includes: entering a scannable state for the intelligent cipher token.
Embodiments of a second aspect of the present disclosure provide a secure data
interactive system, including: a terminal, a background system server and an
intelligent cipher
token. The terminal is configured to: scan the intelligent cipher token in a
signal coverage range
and obtain identification information of the intelligent cipher token, obtain
user information
corresponding to the intelligent cipher token after the background system
server completes an
authentication to the intelligent cipher token, and store the user information
into a
pre-established current user list; and the background system server is
configured to: obtain the
identification information of the intelligent cipher token and complete the
authentication to the
intelligent cipher token.
Additionally, the terminal is further configured to: generate first
information to be signed;
send the first information to be signed and an authentication instruction to
the intelligent cipher
token; receive first signature information and an intelligent cipher token
certificate sent by the
intelligent cipher token; and send authentication request information, the
identification
information of the intelligent cipher token, the first information to be
signed, the first signature
23012248.1 8
CA 02946914 2016-10-25
=
CA Application
Blakes Ref: 10798/00013
information and the intelligent cipher token certificate to the background
system server; the
intelligent cipher token is further configured to: receive the first
information to be signed and the
authentication instruction sent by the terminal; sign the first information to
be signed by using a
private key of the intelligent cipher token to obtain the first signature
information; and send the
=
first signature information and the intelligent cipher token certificate to
the terminal; and the
background system server is further configured to: receive the authentication
request
information, the identification information of the intelligent cipher token,
the first information to be
signed, the first signature information and the intelligent cipher token
certificate; verify whether
the intelligent cipher token certificate is legitimate by using a pre-stored
root certificate
corresponding to the intelligent cipher token certificate; verify the first
signature information by
using a public key of the intelligent cipher token after the intelligent
cipher token certificate is
verified to be legitimate; and complete the authentication to the intelligent
cipher token after the
first signature information is successfully verified.
Additionally, the terminal is further configured to: send the identification
information of the
intejligent cipher token to the background system server; receive first
information to be signed
sent by the background system server; send the first information to be signed
and an
authentication instruction to the intelligent cipher token; receive first
signature information and
an intelligent cipher token certificate sent by the intelligent cipher token;
and send authentication
request information, the first signature information and the intelligent
cipher token certificate to
the background system server; the background system server is further
configured to: receive
the Identification information of the intelligent cipher token sent by the
terminal; generate the first
information to be signed; send the first .information to be signed to the
terminal; receive the
authentication request information, the first signature information and the
intelligent cipher token
certificate sent by the terminal; verify whether the intelligent cipher token
certificate is legitimate
by using a pre-stored root certificate corresponding to the intelligent cipher
token certificate;
verify the first signature information by using a public key of the
intelligent cipher token after the
intelligent cipher token certificate is verified to be legitimate; and
complete the authentication to
=
the intelligent cipher token after the first signature information is verified
successfully; and the
23012248.1 9
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
intelligent cipher token is further configured to: receive the first
information to be signed and the
authentication instruction sent by the terminal; sign the first information to
be signed by using a
private key of the intelligent cipher token to obtain the first signature
information; and send the
first signature information and the intelligent cipher token certificate to
the terminal.
Additionally, the terminal is further configured to: send the identification
information of the
intelligent cipher token and a user information reading request to the
background system server,
receive response information of the user information reading request sent by
the background
system server, and obtain the user information based on the response
information of the user
information reading request; and the background system server is further
configured to: receive
the identification information of the intelligent cipher token and the user
information reading
request sent by the terminal, and obtain the user information corresponding to
the intelligent
cipher token based on the identification information of the intelligent cipher
token; and obtain the
response information of the user information reading request based on the user
information, and
send the response information of the user information reading request to the
terminal.
Additionally, the terminal is further configured to: send a user information
reading request to
the intelligent cipher token; receive response information of the user
information reading request
sent by the intelligent cipher token, and obtain the user information based on
the response
information of the user information reading request; the intelligent cipher
token is further
configured to: obtain pre-stored user information, obtain the response
information of the user
information reading request based on the pre-stored user information, and send
the response
information of the user information reading request to the terminal.
Additionally, the background system server is further configured to send the
user
information corresponding to the intelligent cipher token to the terminal; the
terminal is further
configured to receive the user information corresponding to the intelligent
cipher token sent by
the background system server.
Additionally, after scanning the intelligent cipher token in the signal
coverage range and
obtaining the identification information of the intelligent cipher token, the
terminal is further
configured to: obtain identification information of all intelligent cipher
tokens in the signal
23012248.1 10
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
coverage range of the terminal and generate a real-time identification list;
compare each piece
of identification information in the real-time identification list with all
the identification information
in the pre-established current user list, at.a predetermined time interval;
obtain user information
corresponding to each scanned intelligent cipher token based on the
identification information
included in the real-time identification list but not included in the pre-
established current user list;
delete, from the pre-established current user list, user information
corresponding to each
intelligent cipher token with the identification information included in the
pre-established current
user list but not included in the real-time identification list.
Additionally, after scanning the intelligent cipher token in the signal
coverage range and
obtaining identification information of the intelligent cipher token, the
terminal is further
configured to: obtain identification information of all intelligent cipher
tokens in the signal
coverage range of the terminal and generate a real-time identification list;
compare each piece
of identification information in the real-time identification list with all
the identification information
in the pre-established current user list, at a predetermined time interval;
obtain user information
corresponding to each scanned intelligent cipher token based on the
identification information
included in the real-time identification list but not included in the pre-
established current user list,
and store the obtained user information into the real-time identification
list; copy user
information corresponding to each intelligent cipher token with the
identification information
included in the real-time identification list and included in the pre-
established current user list
from the pre-established current user list to the real-time identification
list; and take the real-time
identification list as an updated current user list.
Additionally, the intelligent cipher token is further configured to: turn a
sleep state into an
awakened state after receiving the first information to be signed and the
authentication
instruction, and sign and calculate the first information to be signed in the
awaked state by using
the privatekey of the intelligent cipher token to obtain the first signature
information.
Additionally, after obtaining the identification information of the
intelligent cipher token, the
background system server is further configured to: judge whether the
identification information
of the intelligent cipher token is included in an intelligent cipher token
abnormality list pre-stored
23012248.1 11
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
in the background system server; obtain an intelligent cipher token locking
instruction, sign the
intelligent cipher token locking instruction by using a private key of the
background system
server to generate second signature information, and send the intelligent
cipher token locking
instruction and the second signature information to the intelligent cipher
token via the terminal,
after judging that the identification information of the intelligent cipher
token is included in the
intelligent cipher token abnormality list; and the intelligent cipher token is
further configured to:
receive the intelligent cipher token locking instruction and the second
signature information sent
by the background system server via the terminal; verify the second signature
information by
using a public key in a pre-stored background system server certificate;
execute an intelligent
cipher token locking operation based on the intelligent cipher token locking
instruction, after the
second signature information is successfully verified.
Additionally, the background system server is further configured to: receive
and check an
intelligent cipher token registration application; send an intelligent cipher
token key pair
generating instruction to the intelligent cipher token, after the intelligent
cipher token registration
application is successfully checked; receive a public key in the intelligent
cipher token key pair
sent by the intelligent cipher token, generate an intelligent cipher token
certificate and send the
intelligent cipher token certificate to the intelligent cipher token; the
intelligent cipher token is
further configured to: receive the intelligent cipher token key pair
generating instruction sent by
the background system server and generate the intelligent cipher token key
pair; send the public
key in the intelligent cipher token key pair to the background system server;
store the intelligent
cipher token certificate.
Additionally, the intelligent cipher token is further configured to: obtain an
intelligent cipher
token cancellation application, sign the intelligent cipher token cancellation
application by using
a private key of the intelligent cipher token to generate third signature
information, and send the
intelligent cipher token cancellation application and the third signature
information to the
background system server; receive intelligent cipher token cancellation
completion information
sent by the background system server, and delete the private key of the
intelligent cipher token;
the- background system server is further configured to: receive the
intelligent cipher token
23012248.1 12
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
cancellation application and the third signature information sent by the
intelligent cipher token,
verify the third signature information by using a public key in the
intelligent cipher token
certificate pre-stored; delete the intelligent cipher token certificate pre-
stored, generate the
intelligent cipher token cancellation completion information and send the
intelligent cipher token
cancellation completion information to the intelligent cipher token, after the
third signature
information is successfully verified.
Additionally, the background system server is further configured to: send user
authorization
request information to the intelligent cipher token via the terminal; receive
authorization
information sent by the intelligent cipher token via the terminal and send the
response
information of the user information reading request to the terminal; the
intelligent cipher token is
further configured to: receive the user authorization request information sent
by the background
system server via the terminal, generate the authorization information, and
send the
authorization information to the background system server via the terminal.
= Additionally, the intelligent cipher token is further configured to: turn
a sleep state into an
awakened state after receiving the user authorization request information, and
generate the
authorization information in the awakened state.
Additionally, the intelligent cipher token is further configured to enter a
scannable state
before being scanned by the terminal.
As known from the above technical solutions of the present disclosure, the
terminal of the
meichant may first read the identification information of the intelligent
cipher token, and then
obtain the user information corresponding to the intelligent cipher token by
using the
identification information of the intelligent cipher token. Thus, the customer
can pay for goods
with no need for purses, credit cards, or mobile phones, which simplifies
interactive operations
between the customer and the merchant and upgrades user experience.
BRIEF DESCRIPTION OF THE DRAWINGS
The accompanying drawings used for description of embodiments will be
introduced briefly
in order to illustrate technical solutions of embodiments of the present
disclosure more clearly.
23012248.1 13
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
=
Obviously, the accompanying drawings described below are only part of
embodiments of the
present disclosure, and those skilled in the art may obtain other drawings
based on these
drawings without any creative effort.
Fig. 1 is a schematic diagram of a secure data interactive system according to
the present
disclosure; and
= Fig. 2 is a flow chart of a secure data interactive method according to
the present
disclosure.
DETAILED DESCRIPTION
Technical solutions of embodiments of the present disclosure will be described
clearly and
completely with reference to the drawings, and obviously, only part of
embodiments are
described herein. All other embodiments may be obtained by those skilled in
the art based on
the embodiments described, without any creative effort, and belong to the
protection scope of
the present disclosure.
In the present invention, it should be noted that, unless specified or limited
otherwise, the
terms "mounted," "connected," and "coupled" and the like are used broadly, and
may be, for
example, fixed connections, detachable connections, or integral connections;
may also be
mechanical or electrical connections; may also be direct connections or
indirect connections via
intervening structures; may also be inner communications of two elements,
which can be
understood by those skilled in the art according to specific situations. In
addition, terms such as
"first" and "second" are used herein for purposes of description and are not
intended to indicate
or imply relative importance or significance.
. Embodiments of the present disclosure will be further described in detail
with reference to
the drawings.
A secure data interactive method according to the present disclosure may be
applied to a
system that is constructed as shown in Fig. 1 and includes a background system
server, a
terminal and an intelligent cipher token.
The background system server may complete management of the intelligent cipher
token,
23012248.1 14
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
and storage and transmission of user information, for example, management of
registration,
cancellation, locking and authentication of the intelligent cipher token. The
background system
server may provide financial services, like banking services and payment
platform services. The
background system server and may include one of a payment server, an
authentication server
and a management server, or a combination thereof.
The terminal may be a terminal at a merchant's store, configured to initiate a
mobile
payment, and maintain the user information, etc.. The terminal may
automatically scan the
intelligent cipher token in a signal coverage range thereof, establish
communication with the
intelligent cipher token, and obtain the user information corresponding to the
intelligent cipher
token. The terminal (like a POS) of the present disclosure is additionally
provided with a
wireless communication module, and the background and the terminal employ a
dedicated
=
network connection there between, so as to guarantee security.
The intelligent cipher token has a secure payment (e.g. an electronic
signature and
generation of a one-time password) function. The intelligent cipher token has
a wireless
communication module (such as Bluetooth, infrared ray, RFID, NEC, light, sound
wave, thermal
energy, vibration, Wi-Fi, etc.) and may communicate with terminal through the
wireless
communication module. Certainly, the intelligent cipher token may further
include a wired
interface (such as an audio interface: a USB interface and a serial interface,
etc.) and
communicate with the terminal via the wired interface. Additionally, the
intelligent cipher token
may have a connection-available function, and if a user does not turn on this
function, the
terminal cannot obtain identification information of the intelligent cipher
token and the
corresponding user information. For example, the intelligent cipher token may
enter a scannable
state, such that the terminal is able to scan the intelligent cipher token.
The connection-available
function of the intelligent cipher token may be turned on by a hardware switch
provided on the
intelligent cipher token or by a piece of software in the intelligent cipher
token.
As shown in Fig. 2, the secure data interactive method includes step 1 to step
7.
Step 1: the intelligent cipher token registers with the background system
server.
= The background system server receives and checks an intelligent cipher
token registration
23012248.1 15
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
application. Specifically, a user in possession of the intelligent cipher
token may apply for the
intelligent cipher token registration at the bank counter or through the
Internet, and the
bac.kground system server will check the legitimacy of the user identity after
receiving the
intelligent cipher token registration application.
The background system server sends an intelligent cipher token key pair
generating
instruction to the intelligent cipher token, after the intelligent cipher
token registration application
is checked successfully (i.e., the check of the intelligent cipher token
registration application
passes). Specifically, the background system server agrees to register the
intelligent cipher
token of the user after the check of the legitimacy of the user identity
passes, and meanwhile
send the intelligent cipher token key pair generating instruction to the
intelligent cipher token to
indicate generation of an intelligent cipher token key pair which includes a
pair of public and
private keys.
The intelligent cipher token generates the intelligent cipher token key pair
after receiving
the intelligent cipher token key pair generating instruction. Specifically, a
key pair generation
scheme may be preset in the intelligent cipher token, and the intelligent
cipher token generates
the intelligent cipher token key pair (i.e. generating the pair of public and
private keys) based on
the preset key pair generation scheme after receiving the intelligent cipher
token key pair
generating instruction.
The intelligent cipher token sends a public key in the intelligent cipher
token key pair to the
background system server. Specifically, the intelligent cipher token may send
the public key in
the intelligent cipher token key pair to the background system server through
a reliable
communication link, to ensure that the public key is safely sent by the
intelligent cipher token, or
may send the public key in the intelligent cipher token key pair to the
background system server
via the Internet to improve convenience of the transmission of the public key
of the intelligent
cipher token.
. The background system server generates an intelligent cipher token
certificate and sends
the intelligent cipher token certificate to the intelligent cipher token,
after receiving the public key
in the intelligent cipher token key pair. Specifically, the background system
server may calculate
23012248.1 16
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
information of the user and the public key of the intelligent cipher token by
using the private key
of the background system server, so as to generate the intelligent cipher
token certificate; the
background system server may include the CA server, and calculate the
information of the user
and the public key of the intelligent cipher token by using the private key of
the CA server, so as
to generate the intelligent cipher token certificate; the background system
server may send the
information of the user and the public key of the intelligent cipher token to
the CA server, and
then the CA server calculates the information of the user and the public key
of the intelligent
cipher token by using the private key of the CA server to generate the
intelligent cipher token
certificate which is sent to the intelligent cipher token via the background
system server.
The intelligent cipher token stores the intelligent cipher token certificate.
Specifically, the
intelligent cipher token stores the intelligent cipher token certificate into
a storage area for
performing safety functions, after receiving the intelligent cipher token
certificate sent by the
background system server. Certainly, regarding different background system
servers, the
intelligent cipher token may store different intelligent cipher token
certificates sent by different
background system servers.
Certainly, the terminal may register with the background system server.
Step 2: the terminal scans the intelligent cipher token in the signal coverage
range
and obtains the identification information of the intelligent cipher token.
Specifically, the terminal may send an inquiry signal (e.g. a serial number of
the terminal
may be included in it) at regular time intervals to inquire the intelligent
cipher token in a certain
wireless signal coverage range.
The intelligent cipher token monitors (inquiry scanning) the inquiry of the
terminal, and
when the intelligent cipher token enters the signal coverage range of the
terminal, the
identification information of the intelligent cipher token is sent to the
terminal, such that the
terminal scans and obtains the identification information of the intelligent
cipher token.
Provided hereinafter are two methods for obtaining the identification
information of the
intelligent cipher token by the terminal.
(1) The terminal may inquire the intelligent cipher token in the certain
wireless signal
23012248.1 17
CA 02946914 2016-10-25
=
CA Application
Blakes Ref: 10798/00013
coverage range via an inquiry access code (IAC).
The intelligent cipher token monitors (inquiry scanning) the inquiry of the
terminal, and
when the intelligent cipher token enters the signal coverage range of the
terminal, address and
clock information of the intelligent cipher token is sent to the terminal. The
intelligent cipher
token monitors paging information from the terminal and conducts paging scan.
The terminal
pages the intelligent cipher token inquired. The intelligent cipher token
sends a device access
code (DAC) of the intelligent cipher token to the terminal after receiving the
paging information.
(2) The terminal sends the inquiry signal to inquire the intelligent cipher
token in the certain
wireless signal coverage range.
The intelligent cipher token monitors (inquiry scanning) the inquiry signal of
the terminal,
and when the intelligent cipher token enters the signal coverage range of the
terminal, the
address of the intelligent cipher token is sent to the terminal.
Certainly, the present disclosure uses the above two examples to illustrate
how the terminal
obtains the identification information of the intelligent cipher token, but is
not limited thereby.
Baded on the two methods for obtaining the identification information of the
intelligent cipher
token, if the intelligent cipher token receives any information sent by the
terminal, the intelligent
cipher token may take the information as a wake-up signal, and turn a sleep
state into an
awakened state (i.e. a normal working mode) according to the wake-up signal.
Meanwhile, the
intelligent cipher token may return to the sleep state automatically after the
completion of any
command execution. The intelligent cipher token enters the sleep state to save
energy thereof,
thus lengthening service life.
Before the step of scanning the intelligent cipher token by the terminal, the
intelligent cipher
token needs to enter the scannable state, such that the intelligent cipher
token may be scanned
by the terminal, in which the implementation of entering the scannable state
may be realized by
the hardware switch provided on the intelligent cipher token or by a piece of
software in the
intelligent cipher token.
Step 3: the background system server authenticates the intelligent cipher
token.
The terminal generates first information to be signed. Specifically, the
terminal may
23012248.1 18
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
generate, by a random number generator, a random number as the first
information to be signed,
=
or may take its own serial number, a MAC address or other identification
information as the first
information to be signed, or may take the combination of the random number and
the
identification information as the first information to be signed. Any
information may be taken as
the first information to be signed, as long as the information is capable of
being signed by the
intelligent cipher token, such that signature information returned by the
intelligent cipher token
may be sent to the background system server, so as to make the background
system server
authenticate the intelligent cipher token. The random number may be one of a
figure, a letter
and a special character, or a combination thereof.
The terminal sends the first information to be signed and an authentication
instruction to the
intelligent cipher token. Specifically, the terminal may send the first
information to be signed and
the Authentication instruction to the intelligent cipher token via a wireless
communication link to
guarantee convenience of information transmission, or may send the first
information to be
signed and the authentication instruction to the intelligent cipher token via
the wired interface to
improve security of the information transmission.
The intelligent cipher token signs and calculates the first information to be
signed by using
a private key of the intelligent cipher token to obtain first signature
information, after receiving
the first information to be signed and the authentication instruction.
Additionally, in the step of signing by the intelligent cipher token, the
first information to
be signed by using the private key of the intelligent cipher token to obtain
the first signature
information after receiving the first information to be signed and the
authentication
instruction, the intelligent cipher token may further turn the sleep state to
the awakened
state after receiving the first information to be signed and the
authentication instruction,
= and sign the first information to be signed in the awakened state by
using the private key of
the intelligent cipher token to obtain the first signature information. The
intelligent cipher
token turns from the sleep state into the awakened state to complete the
normal work, and
turns back to the sleep state after the completion of work to reduce energy
consumption
and prolong the service life.
23012248.1 19
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
The intelligent cipher token sends the first signature information and the
intelligent cipher
token certificate to the terminal.
The terminal sends authentication request information, the identification
information of the
intelligent cipher token, the first information to be signed, the first
signature information and the
intelligent cipher token certificate to the background system server, after
the terminal receives
the first signature information and the intelligent cipher token certificate.
Specifically, in this step,
the terminal only servers to transfer data so as to improve the data
transmission efficiency.
The background system server verifies whether the intelligent cipher token
certificate is
legitimate by using a pre-stored root certificate corresponding to the
intelligent cipher token
cerfificate, after receiving the authentication request information, the
identification information of
the intelligent cipher token, the first information to be signed, the first
signature information and
the intelligent cipher token certificate. Specifically, the background system
server further needs
to obtain the root certificate corresponding to the intelligent cipher token
certificate, to verify
legitimacy of the intelligent cipher token.
In order to guarantee the security of data interaction and the legitimacy of
the
intelligent cipher token, the background system server further judges whether
the
identification information of the intelligent cipher token is included in an
intelligent cipher
token abnormality list pre-stored in the background system server, after
receiving the
authentication request information, the identification information of the
intelligent cipher
token, the first information to be signed, the first signature information and
the intelligent
cipher token certificate. After the background system server judges that the
identification
information of the intelligent cipher token is included in the intelligent
cipher token
abnormality list, the background system server obtains an intelligent cipher
token locking
instruction, signs the intelligent cipher token locking instruction by using
the private key of
the background system server to generate second signature information, and
sends the
intelligent cipher token locking instruction and the second signature
information to the
- intelligent cipher token via the terminal. The intelligent cipher token
verifies the second
signature information by using the public key in the pre-stored background
system server
23012248.1 20
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
certificate, after receiving the intelligent cipher token locking instruction
and the second
= signature information. The intelligent cipher token executes an
intelligent cipher token
locking operation based on the intelligent cipher token locking instruction,
after the second
signature information is successfully verified.
Specifically, the intelligent cipher token abnormality list may be a list
representing
intelligent cipher tokens having illegitimate identities, such as a blacklist,
a loss list and an
expired list. If the identification information of the intelligent cipher
token is included in the
intelligent cipher token abnormality list, the intelligent cipher token is
illegitimate. In such a
case, the background system server sends the intelligent cipher token locking
instruction to
the illegitimate intelligent cipher token via the terminal to lock the
illegitimate intelligent
cipher token, so as to guarantee the security, and the background system
server also signs
the intelligent cipher token locking instruction to ensure a legitimate source
of the
instruction, so as to avoid malicious operations of locking the intelligent
cipher token
illegitimately.
Certainly, the present disclosure is not limited thereby; for practical
applications, it is
acceptable as long as the illegitimate intelligent cipher token is locked
legitimately.
Additionally, the background system server may only send the intelligent
cipher token
locking instruction to the illegitimate intelligent cipher token to lock the
illegitimate intelligent
cipher token, without signing the intelligent cipher token locking
instruction.
The intelligent cipher token may execute the intelligent cipher token locking
operation
based on the intelligent cipher token locking instruction in such a manner
that the intelligent
cipher token refuses to execute any request, destroys certificates stored
therein or the like.
Certainly, the background system server may refuse to execute any request from
the
illegitimate intelligent cipher token after sends the intelligent cipher token
locking
= instruction.
Therefore, if the user losses the intelligent cipher token, the user may
report the loss to
the background system server, and then the background system server records a
device
identification code of the intelligent cipher token into the loss list; or if
any account
23012248.1 21
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
abnormality occurs and is reported, the background system server will record
the intelligent
cipher token into the blacklist. The devices in the above lists are recorded
as abnormal
devices in the abnormality list. Before every transaction, the background
system server
verifies the intelligent cipher token ¨ comparing the device identification
with the
abnormality list, and locks the intelligent cipher token if the device
identification is recorded
in the abnormality list. With this method, if someone else embezzles the
intelligent cipher
token and intends for transfer account to steal money illegally, since the
background
system server verifies the intelligent cipher token before each transaction
occurs, the
background system server may lock the intelligent cipher token remotely, such
that the
user account may be protected from loss even if the intelligent cipher token
is embezzled
by someone else.
The background system server verifies the first signature information by using
the public
key of the intelligent cipher token after the intelligent cipher token
certificate is verified to be
legitimate.
The background system server completes the authentication to the intelligent
cipher token
after the first signature information is verified successfully. Specifically,
the background system
server further generates an authentication completion message after the
verification of the first
signature information passes, and sends the authentication completion message
to the terminal
to inform the terminal of the completion of authentication.
- Based on the authentication to the intelligent cipher token implemented by
the background
system server, it is possible to ensure the legitimacy of the intelligent
cipher token and improve
security of subsequent processing. Meanwhile, it is possible to prevent
phishing risks, tampering
with information transmitted, remote hijacking and man-in-the-middle attacks,
so as to effectively
guarantee the account fund security of the owner of the intelligent cipher
token.
Step 4: the user information is obtained by the terminal.
Specifically, in this step, the terminal obtains the user information (for
example, a photo,
name and an account of the user) corresponding to the intelligent cipher token
based on the
identification information of the intelligent cipher token scanned; the user
information
23012248.1 22
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
corresponding to the intelligent cipher token may be obtained specifically in
but not limited to the
following ways.
First way: the terminal obtains the user information corresponding to the
intelligent cipher
token from the background system server.
The terminal sends the identification information of the intelligent cipher
token and a user
information reading request to the background system server. Specifically, the
terminal may
directly send the identification information of the intelligent cipher token
and the user information
reading request to the background system server.
The background system server obtains the user information corresponding to the
intelligent
cipher token based on the identification information of the intelligent cipher
token, after receiving
the identification information of the intelligent cipher token and the user
information reading
request. Specifically, the background system server pre-stores the user
information
corresponding to each registered intelligent cipher token, so as to obtain the
user information
corresponding to the intelligent cipher token based on the received
identification information of
the intelligent cipher token.
Moreover, in order to guarantee the security of the user information, the
background
system server further needs to be authorized by the user in possession of the
intelligent
cipher token before sending the user information corresponding to the
intelligent cipher
token to the terminal. The background system server sends user authorization
request
information (e.g. a random number) to the intelligent cipher token via the
terminal. The
intelligent cipher token generates authorization information (e.g. information
obtained by
signing the random number) after receiving the user authorization request
information, and
sends the authorization information to the background system server via the
terminal. The
background system server executes a step of sending response information of
the user
= information reading request to the terminal, after receiving the
authorization information.
Certainly, the background system server may sign the user authorization
request
information by using the private key of the background system server, and then
sends it to
the intelligent cipher token via the terminal; the intelligent cipher token
verifies the signature
23012248.1 23
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
after receiving the signature information; after the verification passes, the
user
authorization request information is considered to come from a legitimate
background
system server, and the request is confirmed to authorize the background system
server.
The intelligent cipher token may sign the authorization information by using
the private key
of the intelligent cipher token and then sends it to the background system
server via the
. terminal; the background system server verifies the signature after
receiving the signature
information; after the verification passes, the authorization information is
considered to
come from a right intelligent cipher token, and subsequent operations are
implemented
based on the authorization information. The present disclosure is not limited
to the above
ways of requesting the intelligent cipher token for authorization of the
background system
server, and all kinds of combinations of the above ways fall into the
protection scope of the
" present disclosure.
Certainly, the intelligent cipher token may turn from the sleep state into the
awakened
state after receiving the user authorization request information, and generate
the
authorization information in the awakened state, so as to save energy and
prolong service
life of the intelligent cipher token.
The background system server obtains the response information of the user
information
reading request based on the user information, and sends the response
information of the user
information reading request to the terminal.
The terminal obtains the user information based on the response information of
the user
information reading request, after receiving the response information of the
user information
reading request.
Second way: the terminal obtains the user information corresponding to the
intelligent
cipher token from the intelligent cipher token.
The terminal sends the user information reading request to the intelligent
cipher token.
The intelligent cipher token obtains the pre-stored user information, obtains
the response
information of the user information reading request based on the pre-stored
user information,
and sends the response information of the user information reading request to
the terminal.
230i2248.1 24
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
The terminal obtains the user information based on the response information of
the user
information reading request, after receiving the response information of the
user information
reading request.
Additionally, if the user in possession of the intelligent cipher token
refuses to send the user
information, a reject message may be sent to the terminal through a button
provided on the
intelligent cipher token or through a piece of software, to guarantee the
security of the user
information.
Third way: the background system server directly sends to the intelligent
cipher token the
user information corresponding to the intelligent cipher token via the
terminal at the same time
of completing the authentication.
When the background system server completes the authentication to the
intelligent cipher
token, the background system server also sends the user information
corresponding to the
intelligent cipher token to the terminal. Specifically, the background system
server may send the
authentication completion message to the terminal at the end of the
authentication to the
intelligent cipher token, to inform the terminal that the authentication to
the intelligent cipher
token by the background system server is finished. When sending the
authentication completion
=
message to the terminal, the background system server may obtain the pre-
stored user
information corresponding to the intelligent cipher token based on the
identification information
of the intelligent cipher token, so as to send the user information
corresponding to the intelligent
cipher token to the terminal.
The terminal obtains the user information corresponding to the intelligent
cipher token, that
is, the terminal directly obtains the user information corresponding to the
intelligent cipher token
from information sent by the background system server.
The terminal stores the user information into a pre-established current user
list. Specifically,
the intelligent cipher tokens scanned varies constantly due to the staff
turnover and the
customer flow rate change in the shop where the terminal is. In such a case,
the pre-established
current user list may be updated in but not limited to the following modes.
First update mode:
23012248.1 25
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
= The terminal generates a real-time identification list, after obtaining
identification information
of all the intelligent cipher tokens in the signal coverage range of the
terminal.
The terminal compares each piece of identification information in the real-
time identification
list with all the identification information in the pre-established current
user list, at a
predetermined time interval.
The step of obtaining user information corresponding to a scanned intelligent
cipher token
by the terminal respectively based on the identification information included
in the
pre-established current user list but not included in the real-time
identification list is executed,
the user information corresponding to each intelligent cipher token whose
identification
information is included in the pre-established current user list but not
included in the real-time
identification list is deleted from the pre-established current user list.
If the pre-established current user list is updated in this mode, it is
possible to ensure that
the user information corresponding to the intelligent cipher token(s) in the
signal coverage range
of the terminal is updated to the pre-established current user list, and the
user information
corresponding to the intelligent cipher token(s) leaving the signal coverage
range is deleted
from the pre-established current user list, thereby guaranteeing security.
Second update mode:
The terminal generates a real-time identification list, after obtaining
identification information
of all the intelligent cipher tokens in the signal coverage range of the
terminal.
The terminal compares each piece of identification information in the real-
time identification
list with all the identification information in the pre-established current
user list, at a
predetermined time interval.
The step of obtaining user information corresponding to a scanned intelligent
cipher token
by the terminal respectively based on the identification information included
in the real-time
identification list but not included in the pre-established current user list
is executed, and the
obtained user information is stored into the real-time identification list;
the user information
corresponding to each intelligent cipher token with the identification
information included in the
real-time identification list and included in the pre-established current user
list is copied from the
23012248.1 26
=
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
pre-established current user list to the real-time identification list.
The real-time identification list is taken as an updated current user list.
If the pre-established current user list is updated in this mode, it is
possible to only update
the user information corresponding to the intelligent cipher token(s) in the
signal coverage range
of the terminal timely, so as to improve update efficiency. In this mode, when
obtaining the user
information, the terminal may copy the user information corresponding to the
original intelligent
cipher token(s) in the shop from the pre-established current user list into
the real-time
identification list, and obtain the user information corresponding to new
customers going into the
shop by making the user information reading request to the background system
server or the
intelligent cipher token.
Therefore, when the customer flow rate in the shop where the terminal is
located changes,
the pre-established current user list may be updated automatically with no
need for operations
by the merchant, so it is convenient for store clerks to manage and maintain
the customer
information.
Additionally, the terminal may display the user information corresponding to
the intelligent
cipher token stored in the current user list, such that the user in possession
of the intelligent
cipher token may check the user information to guarantee the validity of the
transaction.
In the prior art, the transaction process needs a device with an account
storage function, for
example, a SIM card and a smart card, and the user needs to swipe card or tap
the mobile
phone, such that the merchant may obtain account information of the user.
Compared with the prior art, in the present disclosure, the terminal of the
merchant may
first read the identification information of the intelligent cipher token and
then obtain the user
information corresponding to the intelligent cipher token based on the
identification information
of the intelligent cipher token. Thus, the customer can pay for goods without
need for the purse,
the credit card and the mobile phone, thereby simplifying interactive
operations between the
customer and the merchant and improving the user experience.
Step 5: the transaction information is processed.
The terminal generates the transaction information based on the user
information
23012248.1 27
=
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
corresponding to the intelligent cipher token involved in the transaction, and
obtains transaction
request information based on the transaction information. Specifically, the
transaction
information may contain transaction amount, account information of payer and
payee,
identification information of the payer and payee; the transaction information
may further include
an electronic statement of account, based on which the user may check
transaction details,
such as specific transaction time, transaction number, transaction amount and
goods
purChased.
The terminal sends the transaction request information to the intelligent
cipher token.
Specifically, the terminal may send the transaction request information in but
not limited to the
following ways. The terminal sends the transaction request information via an
acoustic signal
after encoding it; or the terminal graphically encodes the transaction request
information and
displays it for image collection by the intelligent cipher token; or the
terminal sends the
transaction request information via a communication interface of the terminal
matching the
intelligent cipher token.
The intelligent cipher token obtains the transaction information based on the
transaction
request information after receiving the transaction request information.
In order to save energy of the intelligent cipher token and prolong the
service life thereof,
the. intelligent cipher token may further turn the sleep state into the
awakened state after
receiving the transaction request information. The intelligent cipher token
obtains the transaction
information in the awakened state based on the transaction request
information.
The intelligent cipher token prompts the transaction information.
Specifically, the intelligent
cipher token may display the transaction information on a display screen, or
broadcast it in the
form of speech via a loudspeaker. Certainly, the intelligent cipher token may
prompt the user in
other manners to obtain authentic transaction information so as to guarantee
the security of the
transaction. Additionally, the intelligent cipher token may extract key
information from the
transaction information after obtaining the transaction information, and only
prompt the key
information, in which the specific prompting manner may refer to the prompting
manner of the
transaction information.
23012248.1 28
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
The intelligent cipher token receives a confirmation instruction and generates
transaction
confirmation information. Specifically, the intelligent cipher token may
receive the confirmation
instruction by detecting information which is sent when a confirmation key
provided on the
intelligent cipher token is pressed down; or may receive the confirmation
instruction by detecting
information which is sent when a virtual confirmation key on a touch screen is
clicked; or take
biological features (like voice, fingerprint and iris) as the confirmation
instruction. Further, the
intelligent cipher token may generate the transaction confirmation information
in but not limited
to the following ways. The intelligent cipher token signs the transaction
information by using the
private key of the intelligent cipher token, generates transaction signature
information as the
transaction confirmation information; or intelligent cipher token generates a
one-time password
as the transaction confirmation information. Certainly, in order to prevent
repeated transactions
and guarantee the user account security, every time the intelligent cipher
token generates the
transaction confirmation information, it also generates single transaction
identification and signs
the transaction information and the single transaction identification by using
the private key of
the intelligent cipher token, to obtain the transaction signature information
as the transaction
confirmation information, or it generates the single transaction
identification, signs the single
transaction identification by using the private key of the intelligent cipher
token to obtain
signature information of the single transaction identification, generates the
one-time password,
and takes the signature information of the single transaction identification
and the one-time
password as the transaction confirmation information, so as to ensure that a
transaction will be
successfully executed only once, in which the single transaction
identification may be a random
number. Because the wireless network transmission line is unstable, it is
possible that the
intelligent cipher token does not receive any receipt. If the single
transaction identification is not
provided, the user in possession of the intelligent cipher token may need to
implement
confirmation signing operations repeatedly when the terminal does not receive
the signature
information of the intelligent cipher token. That is, the intelligent cipher
token sends the
signature information to the terminal repeatedly, so it is possible that the
terminal generates
several transaction data packets from several signature values and sends the
packets to the
23012248.1 29
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
background system server, which causes repeated deductions on an account
corresponding to
the intelligent cipher token. However, if the single transaction
identification is provided, when the
wireless network transmission line is unstable, the intelligent cipher token
will sign the
=
transaction information and the same single transaction identification and
then send them to the
terminal, until the intelligent cipher token receives successful transaction
receipt information.
The terminal generates the transaction data packet by using the signature sent
from the
intelligent cipher token; the background system server makes a judgment on
whether the single
transaction identification contained in the transaction data packet; if the
single transaction
identification has been stored in a transaction log, that is, the transaction
has been performed,
the transaction data packet will not be processed, so as to avoid several or
repeated deductions
and thus protect the account fund security of the user in possession of the
intelligent cipher
token.
The terminal receives the transaction confirmation information. Specifically,
the terminal
may receive the transaction confirmation information in but not limited to the
following ways. The
terminal receives the acoustic signal sent by the intelligent cipher token and
decodes the
acoustic signal to obtain the transaction confirmation information (e.g. the
acoustic signal may
be identified by an acoustic identification device and decoded by an acoustic
decoder, so as to
obtain the transaction confirmation information); or the terminal collects
image information (e.g.
a 2-dimensional code, a barcode, etc.) displayed by the intelligent cipher
token and decodes the
image information to obtain the transaction confirmation information (e.g. the
image information
is collected by an image collection device and decoded by a decoder to obtain
the transaction
confirmation information); or the terminal receives the transaction
confirmation information via
the communication interface of the terminal matching the intelligent cipher
token; or the terminal
obtains the transaction confirmation information from the information inputted
at the terminal.
The terminal obtains the transaction data packet based on the transaction
confirmation
information, and sends the transaction data packet to the background system
server. Specifically,
the transaction data packet may include other information besides the
transaction information.
The transaction information may contain the transaction amount, the account
information of
23012248.1 30
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
payer and payee, the identification information of the payer and payee; the
transaction
information may further include the electronic statement of account, based on
which the user
may check transaction details, such as specific transaction time, transaction
number,
transaction amount and goods purchased.
The background system server obtains the transaction confirmation information
based on
the transaction data packet after receiving the transaction data packet.
The background system server verifies the transaction confirmation information
and
executes the transaction after the verification passes. Specifically, it
proves that the transaction
is confirmed by the legitimate intelligent cipher token only after the
verification of the transaction
confirmation information by the background system server passes, and then the
transaction is
executed based on the confirmed result. Certainly, in order to ensure that the
owner of the
intelligent cipher token is informed of the completion of the transaction, the
background system
server may send the successful transaction receipt information to the
intelligent cipher token via
the terminal. The intelligent cipher token prompts the successful transaction
receipt information
after receiving it, and the successful transaction receipt information
includes the electronic
statement of account, based on which the user may check transaction details,
such as specific
transaction time, transaction number, transaction amount and goods purchased.
The
background system server may send the successful transaction receipt
information to the
terminal to inform the terminal of the completion of the transaction. The
successful transaction
receipt information may be sent to the intelligent cipher token via the
terminal after the
background system server signs the information with the private key of the
background system
server; the intelligent cipher token prompts the user after verification of
the signed information
by the intelligent cipher token passes.
Step 6: refund
When the customer asks for a refund, a refunding operation may be realized in
but not
limited to the following ways.
First way: the terminal sends refund information to the intelligent cipher
token. Specifically,
the refund information may include account numbers of both parties involved in
the refund,
23012248i 31
CA 02946914 2016-10-25
CA Application
Bakes Ref: 10798/00013
refund amount, refund transaction number, and identification information of
the both parties, or
any combination thereof. The refund information may further include an
electronic statement of
account, based on which the user may check refund details, such as specific
refund time, the
refund transaction number, the refund amount and goods refunded. The terminal
may further
send the refund information in but not limited to the following ways. The
terminal sends the
refund information via the acoustic signal after encoding it; or the terminal
graphically encodes
the refund information and displays it for image collection by the intelligent
cipher token; or the
terminal sends the refund information via the communication interface of the
terminal matching
the intelligent cipher token.
The intelligent cipher token prompts the refund information after receiving
it. Specifically, the
intelligent cipher token informs the user of the refund information by voice
broadcasting or
displaying on the display screen, after receiving the refund information, such
that the user
confirms that the refund information is authentic.
In order to save energy of the intelligent cipher token and prolong the
service life
thereof, the intelligent cipher token may further turn the sleep state into
the awakened state
after receiving the refund information, and prompt the refund information in
the awakened
state.
The intelligent cipher token receives a refund confirmation instruction, signs
the refund
information by using the private key of the intelligent cipher token, and
generates refund
confirmation information. Specifically, the user makes confirmation through a
physical key or a
virtual key of the intelligent cipher token, after the refund information is
considered to be
authentic. The intelligent cipher token turns the awakened state into the
sleep state, after
sending the refund confirmation information to the terminal (for example,
after sending the
acoustic signal corresponding to the refund confirmation information, or after
displaying image
information corresponding to the refund confirmation information for a
predetermined time).
The terminal receives the refund confirmation information, and sends the
refund
confirmation information to the background system server. Specifically, the
terminal may receive
the refund confirmation information in but not limited to the following ways.
The terminal
23012248.1 32
CA 02946914 2016-10-25
=
CA Application
Blakes Ref: 10798/00013
receives the acoustic signal sent by the intelligent cipher token and decodes
the acoustic signal
to obtain the refund confirmation information (e.g. the acoustic signal may be
identified by the
acoustic identification device and decoded by the acoustic decoder, so as to
obtain the refund
confirmation information); or the terminal collects image information (e.g. a
2-dimensional code,
a barcode, etc.) displayed by the intelligent cipher token and decodes the
image information to
obtain the refund confirmation information (e.g. the image information is
collected by the image
collection device and decoded by the decoder to obtain the refund confirmation
information); or
the terminal receives the refund confirmation information via the
communication interface of the
terminal matching the intelligent cipher token. Meanwhile, the terminal may
send the refund
confirmation information to the background system server via a secure
dedicated network.
The background system server receives and verifies the refund confirmation
information,
and executes a refund operation after the verification passes.
Regarding the first way, provided an application scene of the refund, but the
present
disclosure is not limited thereby.
The terminal generates the refund information (which may be obtained by
searching
recorded transaction information, or may be re-generated, or may be in other
forms) based on
the refund intention of the customer.
The intelligent cipher token turns the sleep state into the awakened state
after receiving the
refund information, and displays the refund information to the customer for
confirmation.
The customer confirms the refund information to be right, and presses down the
confirmation key on the intelligent cipher token to confirm; after receiving
the refund
confirmation instruction, the intelligent cipher token signs the refund
information by using the
private key of the intelligent cipher token to obtain the refund confirmation
information, and
sends the refund confirmation information to the terminal.
The terminal sends the refund confirmation information to the background
system server
after receiving it.
The background system server verifies the refund confirmation information by
using the
public key of the intelligent cipher token after receiving the refund
confirmation information,
23012248.1 33
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
executes the refund operation after verification passes, and sends the
successful refund receipt
information to the terminal and/or the intelligent cipher token.
Second way: the difference from the first way lies in that the terminal
further receives a
refund request sent by the intelligent cipher token and generates the refund
information based
on the refund request, before sending the refund information to the
intelligent cipher token.
Specifically, the refund request may be generated in such a manner that the
customer presses
down a key on the intelligent cipher token; the intelligent cipher token sends
the refund request
to the terminal after receiving it. The refund information may further include
the electronic
statement of account, based on which the user may check refund details, such
as specific
refund time, the refund transaction number, the refund amount and goods
refunded. Certainly,
any implementation where the intelligent cipher token may be triggered to
generate the refund
request falls into the protection scope of the present disclosure.
In order to save energy of the intelligent cipher token and prolong the
service life
thereof, the intelligent cipher token may further turn the sleep state into
the awakened state
before sending the refund request to the terminal, send the refund request to
the terminal
in the awakened state, and then turn the awakened state into the sleep state
after sending
the refund request. The intelligent cipher token turns the sleep state into
the awakened
state after receiving the refund information sent by the terminal, and
executes operations of
prompting the refund information and generating the refund confirmation
information in the
awakened state. The intelligent cipher token turns the awakened state into the
sleep state
after sending the refund confirmation information to the terminal (e.g. after
sending the
acoustic signal corresponding to the refund confirmation information or after
displaying the
image information corresponding to the refund confirmation information for a
predetermined time).
Third way: the intelligent cipher token sends the refund request to the
terminal. Specifically,
the refund request may be generated in such a manner that the customer presses
down the key
on the intelligent cipher token; the intelligent cipher token sends the refund
request to the
terminal after receiving it. Certainly, any implementation where the
intelligent cipher token may
23012248.1 34
=
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
be triggered to generate the refund request falls into the protection scope of
the present
disclosure.
In order to save energy of the intelligent cipher token and prolong the
service life
thereof, the intelligent cipher token may further turn the sleep state into
the awakened state
before sending the refund request to the terminal, and send the refund request
to the
terminal in the awakened state.
The terminal generates refund request identification, and sends the refund
request
identification to the intelligent cipher token. Specifically, the terminal may
generate a random
number and takes the random number as the refund request identification, in
which the random
number is offered to the intelligent cipher token to generate the refund
information.
The intelligent cipher token generates the refund information after receiving
the refund
request identification, signs the refund information by using the private key
of the intelligent
cipher token to obtain the refund confirmation information, and sends the
refund confirmation
information to the terminal. Specifically, the intelligent cipher token
generates the refund
information by using the refund request identification, the refund amount and
the refund account;
the refund information may include any combination of the refund transaction
number and the
identification information of the both parties involved in the refund. The
refund amount may be
input via a key on the intelligent cipher token, and certainly may be input in
other manners (like
voice input). The refund account may be input via a key on the intelligent
cipher token, and may
be input by reading refund accounts pre-stored in the intelligent cipher
token. Certainly, it is also
possible to store the transaction information into the intelligent cipher
token after the transaction
is completed and then search the transaction information to obtain the refund
amount and the
refund account. The intelligent cipher token may send the refund information
in but not limited to
the following ways. The intelligent cipher token sends the refund information
via the acoustic
signal after encoding it; or the intelligent cipher token graphically encodes
the refund information
and displays it for image collection by the terminal; or the intelligent
cipher token sends the
refund information via the communication interface of the intelligent cipher
token matching the
terminal.
23012248.1 35
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
=
In order to save energy of the intelligent cipher token and prolong the
service life
thereof, the intelligent cipher token may turn the awakened state into the
sleep state after
sending the refund confirmation information to the terminal (e.g. after
sending the acoustic
signal corresponding to the refund confirmation information or after
displaying the image
information corresponding to the refund confirmation information for a
predetermined time).
The terminal receives the refund confirmation information and sends the refund
confirmation information to the background system server. Specifically, the
terminal may receive
the refund confirmation information in but not limited to the following ways.
The terminal
receives the acoustic signal sent by the intelligent cipher token and decodes
the acoustic signal
to obtain the refund confirmation information (e.g. the acoustic signal may be
identified by the
acoustic identification device and decoded by the acoustic decoder, so as to
obtain the refund
confirmation information); or the terminal collects image information (e.g. a
2-dimensional code,
a barcode, etc.) displayed by the intelligent cipher token and decodes the
image information to
obtain the refund confirmation information (e.g. the image information is
collected by the image
collection device and decoded by the decoder to obtain the refund confirmation
information); or
the germinal receives the refund confirmation information via the
communication interface of the
terminal matching the intelligent cipher token. Additionally, the terminal
sends the refund
confirmation information to the background system server via the dedicated
network.
The background system server verifies the refund confirmation information
after receiving
the refund confirmation information, and executes the refund operation after
the verification
passes. Specifically, the background system server verifies the refund
confirmation information
by using the public key of the intelligent cipher token.
=
Regarding the third way, provided an application scene of the refund, but the
present
disclosure is not limited thereby.
The intelligent cipher token turns the sleep state into the awakened state.
For example, the
intelligent cipher token enters the awakened state through the key-pressing
operation from the
customer in possession of the intelligent cipher token.
The customer may press down the key on the intelligent cipher token to
generate the
23012248i 36
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
refund request, and the intelligent cipher token sends the refund request to
the terminal after
receiving it.
The terminal may generate a random number R, take the random number R as the
refund
request identification, and send the refund request identification to the
intelligent cipher token.
The intelligent cipher token generates the refund information, signs the
refund information
by using the private key of the intelligent cipher token to obtain the refund
confirmation
information, and sends the refund confirmation information to the terminal, in
which the refund
information at least includes the refund request identification, the refund
amount and the refund
account. The refund amount and the refund account may be input by the customer
via a key on
the intelligent cipher token; or the refund amount may be input by the
customer via a key on the
intelligent cipher token, while the refund account may be obtained by reading
information
pre-stored in the intelligent cipher token; or the refund amount and the
refund account both may
be obtained by reading the information pre-stored in the intelligent cipher
token.
The terminal sends the refund confirmation information to the background
system server
after receiving it.
The background system server verifies the refund confirmation information by
using the
putilic key of the intelligent cipher token after receiving the refund
confirmation information. If the
verification passes, the refund operation is executed, and the successful
refund receipt
information is sent to the terminal and/or the intelligent cipher token.
For the above three refunding ways, the refund confirmation information may
further include
single refund identification which may be a random number to ensure that a
refund may be
successfully executed only once. Certainly, the single refund identification
may be generated by
the terminal or by the intelligent cipher token, or may be signed by the
intelligent cipher token in
the refund confirmation information.
Certainly, the background system server may further send the successful refund
receipt
information to the terminal and/or the intelligent cipher token after
executing the refund
operation, such that the shop and/or the customer may be informed that the
refund has
succeeded.
23012248.1 37
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
Therefore, through the above refund flow path, operations of the customer in
the refund
process may be simplified considerably, and relevant security functions of the
intelligent cipher
token may guarantee the security of the refund process, which brings about
seamless user
experience.
Step 7: cancellation
The term cancellation in embodiments of the present disclosure includes
terminal
cancellation and intelligent cipher token cancellation, and only the
intelligent cipher token
cancellation will be exemplified.
The intelligent cipher token obtains an intelligent cipher token cancellation
application,
signs the intelligent cipher token cancellation application by using the
private key of the
intelligent cipher token to generate third signature information, and sends
the intelligent cipher
token cancellation application and the third signature information to the
background system
server. Specifically, the third signature information may be sent via the
terminal or processed
manually.
The background system server verifies the third signature information by using
the public
key- in the pre-stored intelligent cipher token certificate, after receiving
the intelligent cipher
token cancellation application and the third signature information.
After verification of the third signature information passes, the background
system server
deletes the pre-stored intelligent cipher token certificate, generates
intelligent cipher token
cancellation completion information and sends the intelligent cipher token
cancellation
completion information to the intelligent cipher token. Specifically, during
the intelligent cipher
token cancellation, the background system server may put the information
corresponding to the
intelligent cipher token into a cancellation.list preset in the background
system server or perform
other cancellation operations, apart from the deletion of the pre-stored
intelligent cipher token
certificate.
The intelligent cipher token deletes the private key of the intelligent cipher
token after
receiving the intelligent cipher token cancellation completion information.
Specifically, the
intelligent cipher token may verify the signature information, and execute the
deletion operation
23012248.1 38
= CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
after the verification passes.
The background system server ensures the legitimacy of the intelligent cipher
token, and
avoids financial loss due to illegal embezzlement of the intelligent cipher
token, by managing the
=
registration, cancellation, authentication and locking of the intelligent
cipher token.
It shall be noted that steps 1 to 7 are not necessarily executed sequentially,
and perhaps
only several steps need to be completed; and steps 1 to 7 are not necessarily
implemented in
one application scenes, that is, implementations in any kinds of application
scenes fall into the
protection scope of the present disclosure, as long as any one of steps 1 to 7
is used to
complete the transaction safely.
An example application scene of the present disclosure is presented below.
In this application scene, an intelligent cipher token is integrated with a
wireless
communication module and a state control module to form a novel intelligent
cipher token for
secure payment according to the present disclosure. The intelligent cipher
token includes a
wireless communication module which may be a Bluetooth communication module or
a Wi-Fi
communication module, and the wireless communication module may scan other
devices by
inquiring and paging and may exchange signals and data with other wireless
devices.
Meanwhile, the intelligent cipher token also includes a state control module
configured to control
working states of the wireless communication module and the host. The
intelligent cipher token
according to the present disclosure has two states, namely, a sleep state and
an awakened
state; in the sleep state, only a transceiver (i.e. the wireless communication
module) and the
state control module are working, while CPU is closed and cannot implement
instruction
operations (e.g. signing, and receiving and sending data), such that the
intelligent cipher token
is in a low-consumption state. When other wireless devices send an application
instruction to
this intelligent cipher token, the state control module may identify these
signals, and generate a
wake-up signal to awaken the CPU, such that the CPU starts executing the
application
instruction in the awakened state. After the instruction is executed, the CPU
enters the sleep
=
state again.
In the following, a complete transaction process of the present disclosure
will be illustrated
23012248.1 39
CA 02946914 2016-10-25
=
CA Application
Blakes Ref: 10798/00013
briefly.
An intelligent cipher token is in the sleep state; a user brings the
intelligent cipher token into
a wireless signal coverage range of a terminal; the intelligent cipher token
and the terminal
complete interactive recognition suitable for wireless devices; that is, the
terminal is able to
know that the intelligent cipher token enters the shop where the terminal is
and to establish
connection with the intelligent cipher token.
After the connection between the terminal and the intelligent cipher token is
established,
the terminal sends a device authentication request to the intelligent cipher
token; the intelligent
cipher token receives the request and the state control module sends the wake-
up signal, such
that the CPU is awakened and the intelligent cipher token enters the awakened
state to execute
corresponding operations.
The intelligent cipher token returns to the sleep state after completing
corresponding
operations, and remains interactive recognition with the terminal, such that
the terminal may
judge whether the owner of the intelligent cipher token leaves the shop.
The terminal puts forward a user information reading request to the background
system
server, and the background system server makes a user authorization
information inputting
request, in which case the terminal sends a user authorization request to the
intelligent cipher
token.
The intelligent cipher token in the sleep state enters the awakened state upon
receiving the
user authorization request from the terminal. The intelligent cipher token
displays the request
from the terminal and prompts the user to judge whether to authorize.
The user judges whether to authorize based on the displayed request sent by
the terminal;
if the request is allowed, the user presses down a confirmation key on the
intelligent cipher
token, such that the intelligent cipher token generates authorization
information, send the
authorization information to the terminal, and enters the sleep state;
otherwise, the intelligent
cipher token stops executing instructions and directly enters the sleep state.
For settlement of transaction, the terminal sends a user transaction
confirmation request
instruction to the intelligent cipher token in the sleep state; the
intelligent cipher token in the
23012248.1 40
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
sleep state enters the awakened state upon receiving the instruction, and
displays the
transaction information received to the user for confirmation; if the
transaction information is
right, the user presses down the confirmation key to make the intelligent
cipher token sign the
transaction information and send the information back to the terminal;
otherwise, execution of
operations is stopped, and the intelligent cipher token enters the sleep
state.
In the following, another application scene of the present discourse is
provided.
The terminal established a current user list in a local server, and the
current user list may
be used to store the user information corresponding to intelligent cipher
tokens owned by
customers in the shop at present.
=
The local server of the terminal monitors the intelligent cipher tokens in the
wireless signal
coverage range of the terminal in a wireless manner (for example, via a
wireless detection
device).
The customer takes an intelligent cipher token having a wireless communication
function (in
the sleep state) with him when shopping; the intelligent cipher token may be
searched by the
terminal and establish wireless connection with the terminal when the customer
goes into the
wireless signal coverage range of the terminal.
The terminal sends a random number R1 to the intelligent cipher token, and
sends an
authentication instruction to the intelligent cipher token.
The intelligent cipher token in the sleep state is awakened after receiving
the authentication
instruction from the terminal, and enters the awakened state.
The intelligent cipher token summarizes R1 and encrypts a summary with its
private key to
generate a signature S, and sends the signature S and an intelligent cipher
token certificate to
the terminal.
The terminal sends the signature S, the intelligent cipher token certificate,
the random
number R1 generated before, and the obtained identification information of the
intelligent cipher
token to the background system server, after receiving the signature S and the
intelligent cipher
token certificate.
The background system server verifies the legitimacy of the intelligent cipher
token
23012248.1 41
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
certificate by using a root certificate corresponding to the intelligent
cipher token certificate; the
process is ended if the verification of the intelligent cipher token
certificate fails.
If the verification of the intelligent cipher token certificate passes, the
background system
serer verifies the signature S by using the public key of the intelligent
cipher token; if the
verification of the signature S fails, the process is ended.
If the verification of the signature S passes, the background system server
sends the user
information (like user account) to the terminal after the intelligent cipher
token is verified
successfully.
The terminal stores the user information into the current user list after
receiving the user
information sent by the background system server.
The customer settles the transaction at the cashier after shopping.
The terminal settles the transaction amount and chooses, from the current user
list, an
account corresponding to the intelligent cipher token owned by the customer.
The terminal generates the transaction information from any combinations of
the purchased
goods, the transaction amount, the accounts of the payer and the payee, the
identification
infqrmation of the payer and the payee, and sends the transaction information
to the intelligent
cipher token.
The intelligent cipher token turns into the awakened state after receiving the
transaction
information, and displays the transaction information on the screen to be
confirmed by the user.
The customer confirms the transaction information; if any problem, a
cancellation key is
pressed down and the transaction is suspended. The intelligent cipher token
turns into the sleep
state.
If the customer confirms that the transaction information is right, the
customer presses
down a confirmation key disposed on the intelligent cipher token; the
intelligent cipher token
generates the random number as the single transaction identification; the
intelligent cipher token
signs the transaction information and the single transaction identification.
The intelligent cipher token sends the signature information to the terminal,
and the terminal
sends a transfer request and the signature information to the background
system server.
23012248.1 42
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
The background system server verifies the signature after receiving the
transfer request
and the signature information; after the verification of the signature passes,
the background
system server completes the transfer and sends payment completion information
which
represents successful transfer to the terminal; certainly, the background
system server may
send the payment completion information to the intelligent cipher token via
the terminal, such
that the customer may know that the transaction is completed.
The terminal receives the payment completion information, the goods are
delivered to the
customer, and the transaction is completed.
. Through the authentication to the intelligent cipher token by the background
system server,
in the case that the intelligent cipher token is verified to be reliable, the
transaction security of
the intelligent cipher token may be ensured by manual confirmation of the
information displayed
on the intelligent cipher token during the transaction.
With the secure data interactive method according to the present disclosure,
the customer
does not need any account carrier devices, for example mobile phones, bank
cards or financial
IC cards, to finish the payment, when transacting in the shop. In the prior
art, the payment
process needs a device with the account storage function, for example, a SIM
card or a smart
card, and the user needs to swipe card or tap the mobile phone, so as to
complete the
transaction. However, with the method according to the present disclosure, the
customer can
finish the payment without need for the purse, the credit card and the mobile
phone, thereby
simplifying interactive operations between the customer and the merchant,
improving the
payment efficiency, and upgrading the user experience during near-field
payment; meanwhile,
the security features of the intelligent cipher token may ensure the security
of the customer
payment process.
When the customer chooses goods and pays for them, the terminal may obtain the
user
information without swiping cards or tapping mobile phones manually, because
the user
information has been stored in the current user list of the terminal when the
customer just enters
the shop. In such a case, the customer only needs to offer his name when
paying for goods,
and the terminal may directly send the transaction information (including the
settlement amount)
23012248.1 43
=
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
to the intelligent cipher token of the customer and display the transaction
information thereon,
such that the customer only needs to confirm the transaction information
through the intelligent
cipher token and outputs the transaction confirmation information; the
terminal generates the
transaction data packet and sends it to the background system server; the
background system
server conducts the transfer after verifying that the transaction data packet
is right. In such a
way, the payment process may be completed.
When the customer walks out of the signal coverage range of the shop, the
network
connection between the intelligent cipher token and the terminal will break
off automatically, and
the user information disappears from the current user list corresponding to
the shop. If the
customer walks into another shop, the user information will be recorded in the
current user list
corresponding to the other shop, and another shopping begins. In such a way,
the customer
does not need any operations, as long as the customer takes a small
intelligent cipher token
with him. The present disclosure can bring about the seamless user experience.
Any process or method described in a flow chart or described herein in other
ways may be
understood to include one or more modules, segments or portions of codes of
executable
instructions for achieving specific logical 'functions or steps in the
process, and the scope of a
preferred embodiment of the present disclosure includes other implementations,
in which the
order of execution is different from that which is depicted or discussed,
including executing
functions in a substantially simultaneous manner or in an opposite order
according to the
related functions. This should be understood by those skilled in the art to
which
embodiments of the present disclosure belong.
It should be understood that each part of the present disclosure may be
realized by the
hardware, software, firmware or their combination. In the above embodiments, a
plurality of
steps or methods may be realized by the software or firmware stored in the
memory and
executed by the appropriate instruction execution system. For example, if it
is realized by the
hardware, likewise in another embodiment, the steps or methods may be realized
by one or a
combination of the following techniques known in the art: a discrete logic
circuit having a logic
gate circuit for realizing a logic function of a data signal, an application-
specific integrated circuit
23012248.1 44
CA 02946914 2016-10-25
CA Application
Blakes Ref: 10798/00013
having an appropriate combination logic gate circuit, a programmable gate
array (PGA), a field
programmable gate array (FPGA), etc.
Those skilled in the art shall understand that all or parts of the steps in
the above
exemplifying method of the present disclosure may be achieved by commanding
the related
hardware with programs. The programs may be stored in a computer readable
storage medium,
and. the programs comprise one or a combination of the steps in the method
embodiments of
the present disclosure when run on a computer.
In addition, each function cell of the embodiments of the present disclosure
may be
integrated in a processing module, or these cells may be separate physical
existence, or two or
more cells are integrated in a processing module. The integrated module may be
realized in a
form of hardware or in a form of software function modules. When the
integrated module is
rea[ized in a form of software function module and is sold or used as a
standalone product, the
integrated module may be stored in a computer readable storage medium.
The storage medium mentioned above may be read-only memories, magnetic disks,
CD,
etc.
Reference throughout this specification to "an embodiment," "some
embodiments,"
"an example," "a specific example," or "some examples," means that a
particular feature,
strUcture, material, or characteristic described in connection with the
embodiment or
example is included in at least one embodiment or example of the present
disclosure. The
appearances of the phrases throughout this specification are not necessarily
referring to
the same embodiment or example of the present disclosure. Furthermore, the
particular
features, structures, materials, or characteristics may be combined in any
suitable manner
in one or more embodiments or examples.
Although explanatory embodiments have been shown and described, it would be
appreciated by those skilled in the art that the above embodiments cannot be
construed to
limit the present disclosure, and changes, alternatives, and modifications can
be made in
the embodiments without departing from spirit, principles and scope of the
present
disclosure.
23012248.1 45
=
