CN106920091A - A kind of method of payment and SOS - Google Patents

A kind of method of payment and SOS Download PDF

Info

Publication number
CN106920091A
CN106920091A CN201510997423.XA CN201510997423A CN106920091A CN 106920091 A CN106920091 A CN 106920091A CN 201510997423 A CN201510997423 A CN 201510997423A CN 106920091 A CN106920091 A CN 106920091A
Authority
CN
China
Prior art keywords
backstage
information
module
sos
single system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510997423.XA
Other languages
Chinese (zh)
Inventor
习熹
陈德权
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sumavision Technologies Co Ltd
Original Assignee
Sumavision Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sumavision Technologies Co Ltd filed Critical Sumavision Technologies Co Ltd
Priority to CN201510997423.XA priority Critical patent/CN106920091A/en
Publication of CN106920091A publication Critical patent/CN106920091A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

It is SOS due to there are two systems one in this programme the invention discloses a kind of method of payment and SOS, another is open operation system.During all of application can be only installed at open operation system in the prior art, and open operation system is unable to the data in access safety operating system.So, being paid in the embodiment of the present invention and completed by SOS, payment information is all processed by SOS and receives single system with backstage and interacted.Malware can be only installed in open operation system, but its cannot access safety operating system, so payment information cannot be obtained, also cannot just intercept and change transaction data, so, in the embodiment of the present invention, the security of user profile can be improved.

Description

A kind of method of payment and SOS
Technical field
The present invention relates to communication technical field, more particularly to a kind of method of payment and SOS.
Background technology
With the continuous culture that the continuous popularization of smart card (including financial IC card) and customer consumption are accustomed to, Smart card in user's hand both can be used for daily consumption clearing, while the application that can download trade company is carried out Integration and preferential activity etc., realize the function of one card for multiple uses.MPOS (mobile POS, mobile phone card-brushing Device) it is more cheap than traditional POS (point of sale, point-of-sale terminal) due to it so that and hold consumption Applicable trade company is more, thereby facilitating customer consumption.For example, as shown in figure 1, to lead in the prior art Cross the structural representation that mPOS completes to pay.
MPOS mainly includes that single system group is received on accepting terminal, intelligent terminal, open transmission network and backstage Into.Initiate to pay request by the secure payment application carried on intelligent terminal, obtained by accepting terminal and concluded the business Information (user profile of such as smart card, payment cipher, payment of input etc.).Accepting terminal will Transaction Information is transmitted to rear by opening transmission network by intelligent terminal after the Transaction Information encryption of acquisition Platform receives single system.Backstage is received single system and is responsible for decrypted transaction information, and is processed, and result is anti- Feed intelligent terminal.
But due to the safety problem of current intelligent terminal, cause user's existence information during being traded to be let out The risk of leakage, for example:Because intelligent terminal carries some open operation systems (such as Android system), when By root or after escaping from prison, attacker probably obtains intelligence eventually to operating system by being implanted into malicious application Data in end, and the interactive information of intelligent terminal and accepting terminal is monitored, while can intercept and change receiving The transaction data that reason terminal sends, the risk for causing user profile to reveal.So a kind of, it is necessary to new payment Method is improving the security of user profile.
The content of the invention
A kind of method of payment and SOS are the embodiment of the invention provides, is used to solve what be presently, there are In payment process, user profile easily leakage problem.
A kind of method of payment is the embodiment of the invention provides, including:
After SOS receives the startup information that open operation system sends, the preset of intelligent terminal is obtained The exclusive control of peripheral module;Wherein, intelligent terminal includes SOS and open operation system; Open operation system is used to install various applications;During SOS has and does not allow open operation system The function of the data in any application access safety operating system;Preset peripheral module at least includes providing user It is input into the module of informational function;And,
Single system foundation is received with backstage to be connected, and receive single system with backstage consult encryption rule and decryption rule;
The payment information of preset peripheral module input is obtained, and is sent out after payment information is encrypted according to encryption rule Give backstage and receive single system;The payment information at least including paying party smart card information, dealing money with And the accounts information of beneficiary;
Receive backstage and receive the result that single system is returned;Wherein, result be backstage receive single system according to Decrypt the result after rule is decrypted and processed to payment information.
Further, the embodiment of the present invention additionally provides a kind of SOS, including:
Start message processing module, for after the startup information for receiving the transmission of open operation system, obtaining intelligence The exclusive control of the preset peripheral module of device;Wherein, intelligent apparatus include SOS and open Put operating system;Open operation system is used to install various applications;SOS has not to be allowed to open The function of the data in any application access safety operating system in operating system;Preset peripheral module is at least Module including providing user input informational function;And,
Link block, is connected for receiving single system foundation with backstage, and receives single system negotiation encryption rule with backstage Then with decryption rule;
Payment information processing module, the payment information for obtaining preset peripheral module input, and according to encryption Rule is sent to backstage and receives single system after payment information is encrypted;The payment information at least includes paying party The accounts information of smart card information, dealing money and beneficiary;
Result receiver module, the result that single system is returned is received for receiving backstage;Wherein, process Result is that the result after single system is decrypted and processed according to decryption rule to payment information is received on backstage.
The present invention has the beneficial effect that:In technical scheme described in the embodiment of the present invention, due to being in the presence of two Unified is SOS, and another is open operation system.All of application can only in the prior art In open operation system, and open operation system is unable to the data in access safety operating system.Therefore This, pays in the embodiment of the present invention and is completed by SOS, and payment information is all by SOS Manage and receive single system with backstage and interact.Malware be can be only installed in open operation system, but it cannot be visited SOS is asked, so payment information cannot be obtained, also cannot just be intercepted and be changed transaction data, therefore This, in the embodiment of the present invention, can improve the security of user profile.
Brief description of the drawings
Technical scheme in order to illustrate more clearly the embodiments of the present invention, institute in being described to embodiment below The accompanying drawing for needing to use is briefly introduced, it should be apparent that, drawings in the following description are only of the invention Some embodiments, for one of ordinary skill in the art, on the premise of not paying creative work, Other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 show the structural representation for completing payment by mPOS in the prior art;
Fig. 2 show the schematic flow sheet of method of payment described in the embodiment of the present invention one;
Fig. 3 show the schematic diagram of payment interface described in the embodiment of the present invention one;
Fig. 4 (a) show the first schematic diagram of random keyboard described in the embodiment of the present invention one;
Fig. 4 (b) show second schematic diagram of random keyboard described in the embodiment of the present invention one;
Fig. 5 show the schematic flow sheet of method of payment described in the embodiment of the present invention two;
Equipment connection structure when realizing that Fig. 6 show method of payment described in the embodiment of the present invention two is illustrated One of figure;
Equipment connection structure when realizing that Fig. 7 show method of payment described in the embodiment of the present invention two is illustrated The two of figure;
Fig. 8 show the structural representation of SOS described in the embodiment of the present invention three.
Specific embodiment
The embodiment of the invention provides a kind of method of payment and SOS.Described in the embodiment of the present invention It is SOS due to there are two systems one in technical scheme, another is open operation system System.During all of application can be only installed at open operation system in the prior art, and open operation system can not Data in access safety operating system.So, paid in the embodiment of the present invention and completed by SOS, Payment information is all processed by SOS and receives single system with backstage and interacted.Malware can be only installed at In open operation system, but its cannot access safety operating system, so payment information cannot be obtained, also Transaction data cannot be intercepted and change, so, in the embodiment of the present invention, the safety of user profile can be improved Property.
In order that the object, technical solutions and advantages of the present invention are clearer, below in conjunction with accompanying drawing to this hair It is bright to be described in further detail, it is clear that described embodiment is only a part of embodiment of the invention, Rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing Go out all other embodiment obtained under the premise of creative work, belong to the scope of protection of the invention.
Embodiment one:
As shown in Fig. 2 it is the schematic flow sheet of method of payment described in the embodiment of the present invention one, the branch The method of paying may include following steps:
Step 201:After SOS receives the startup information that open operation system sends, intelligence is obtained The exclusive control of the preset peripheral module of terminal;Wherein, intelligent terminal includes SOS and opens Put operating system;Open operation system is used to install various applications;SOS has not to be allowed to open The function of the data in any application access safety operating system in operating system;Preset peripheral module is at least Module including providing user input informational function.
Wherein, in one embodiment, in payment process, preset peripheral module is available for user input to pay The payment informations such as password, payment.
Wherein, in one embodiment, open operation system is constantly in running status under normal circumstances, and With the exclusive control to preset peripheral module, and in order to save electric energy, the safety operation of intelligent terminal System in open operation system operation in a dormant state.When open operation system sends startup information to peace After full operation system, SOS is waken up, and obtains the unique of the preset peripheral module of intelligent terminal Control.And now, open operation system loses the exclusive control to preset peripheral module, for the purposes of Electric energy is saved, open operation system is in a dormant state.And open operation system is lost to preset peripheral module Exclusive control after, due to uncontrollable peripheral module, also cannot just obtain user by peripheral module The information of input, such as payment cipher, payment etc., so, SOS obtains preset peripheral hardware The exclusive control of module can improve the security of payment information.
Wherein, in one embodiment, the exclusive control of preset peripheral module refers to the same time, safety Only having a system in operating system and open operation system can carry out information exchange with preset peripheral module.
During specific implementation, the mode that SOS obtains exclusive control can be according to prior art reality Existing, the present invention is not limited this.For example, under ARM platforms, SOS receives startup letter During breath, by the SCR (Secure of the CPU (Central Processing Unit, central processing unit) of intelligent terminal Configuration Register, secure configuration registers) in Nsbit (Non-secure bit, non-security shape State flag bit) 0 is set to, demonstrate the need for for CPU switching to SOS, and preserve the upper of CPU Context information is used for restoring scene after pattern switching, then by SMC (Secure Monitor Call, peace Syntype is called) enter SOS, can dynamically configure internal memory, pre- using safety protection controller Peripheral module is put for secure and non-secure region, the number of content and preset peripheral module in SOS According to being all stored in safety zone;Application program access safety region under from open operation system When, CPU will refuse the request, and thus SOS obtains exclusive control;It is similar in Intel Can equally be completed using SMX (Safer Mode Extensions, safe mode extension) instruction under platform State operation.The specific mode for obtaining exclusive control, can be different according to operating platform difference, of the invention This is not limited.
Payment application can be installed, the startup information in step 201 can be paid in open operation system Using being sent to SOS.For example, paying application interface as shown in figure 3, user clicks on the boundary After " receiving single " button in face, pay application and just generate startup information, and startup information is sent to safety Operating system.It should be noted that Fig. 3 is only used for illustrating the embodiment of the present invention, it is not used to limit this hair Bright embodiment, during specific implementation, can according to actual needs design the interface for paying application.
Wherein, in one embodiment, startup information can also be open operation system detectio to predetermined registration operation Startup information is generated and sent afterwards to SOS.If for example, intelligent terminal be intelligent touch screen terminal, Open operation system detects the gesture operation that user performs in the process of running, if detecting the hand of user's execution When gesture operation is for default gesture, then open operation system generates and sends startup information to SOS. Wherein, gesture is preset, e.g. gesture draws preset pattern (such as circle), Huo Zhe on the touchscreen Point touching screen preset times etc. in preset duration.It should be noted that during specific implementation, can regard actual Need to set default gesture, the present invention does not limit this.
Step 202:With backstage receive single system set up be connected, and with backstage receive single system negotiation encryption rule and Decryption rule.
Step 203:Obtain the payment information of preset peripheral module input, and according to encryption rule by disbursement letter Backstage is sent to after encryption for information and receives single system;The payment information at least smart card information including paying party, The accounts information of dealing money and beneficiary.
Step 204:Receive backstage and receive the result that single system is returned;Wherein, result is that backstage is received Single system according to decryption rule payment information is decrypted and processed after result.
For ease of understanding method of payment provided in an embodiment of the present invention, the method is carried out further below It is bright, including herein below:
1), wherein, in one embodiment, for ease of being further ensured that the safety of payment information, step 201 In startup information include encryption identification authentication data;The preset of intelligent terminal is obtained in step 201 Before the exclusive control of peripheral module, identification authentication data can also be solved in the embodiment of the present invention It is close, and whether the identification authentication data compared after decryption is consistent with the identification authentication data for prestoring;If consistent, The step of then performing the exclusive control of the preset peripheral module for obtaining intelligent terminal;If inconsistent, to opening Put operating system and send authentication failure message.
For example, when installation payment is applied in open operation system, paying the authentication number that application will be encrypted According to carrying SOS is sent in startup information.After SOS receives startup information, The identification authentication data in startup information is decrypted first, then compares the identification authentication data after decryption It is whether consistent with the identification authentication data for prestoring.If consistent, then it is assumed that it is legal application to pay application, is opened Dynamic information is legal and effective, and unique control of the preset peripheral module of intelligent terminal is just obtained afterwards Power.So, the legitimacy certification to starting information is actually completed, it is to avoid disabled user's (or application) Startup information is sent, and carries out follow-up delivery operation.In such manner, it is possible to safety of guaranteeing payment.
2), on step 202:
Wherein, receive single system to consult encryption rule and decryption rule with backstage in one embodiment is, for example, to assist Business is encrypted and decrypted using which kind of enciphering and deciphering algorithm, or both sides' negotiations process cryptographic key protection transaction data Deng.For example:The result of negotiation is that SOS and backstage are received single system and possess public key and private key, is pacified Full operation system is encrypted using private key, and backstage is received single system and is decrypted using private key;And backstage receives single System is encrypted using public key, and SOS is decrypted using private key.It should be noted that can It is easy between SOS and backstage receipts single system with using algorithms for encryption and decryption of the prior art Communicated by ciphertext, the embodiment of the present invention is not limited this.
Wherein, in one embodiment, in order to be further ensured that communication security, in the embodiment of the present invention, peace Full operation system receives single system and sets up VPN (Virtual Private Network, VPN) with backstage. So, SOS can send payment information to backstage and receive single system by VPN, and backstage is received Result can also be returned to SOS by single system by VPN.
Wherein, in one embodiment, in order to be further ensured that the safety of payment information, ip intelligent peripherals module ESE (embedded Secure Element, embedded security chip) can be included.So safety operation System can be completed (such as to deposit the encryption and decryption of payment information in eSE by the eSE of intelligent terminal Storage key, and encryption is completed according to key and is decrypted).Specifically, delivery operation system sends out payment information ESE is given, SOS is sent to after being encrypted to payment information by eSE.Because eSE is one only Vertical module simultaneously has resistance against physical attacking ability higher, can prevent attacker from being obtained by physical attacks mode To key information, so, can further improve the security of payment information.
3), wherein, in one embodiment, in order to further reduce the equipment needed for paying, the present invention is real Apply and can save accepting terminal in example, the information of smart card is read by intelligent terminal or cheap card reader (such as account, holder name, or account, holder name and additional information, the additional information E.g. card Expiration Date, transaction count etc.).Specifically, the preset peripheral module can also include Card reading unit;The card reading unit includes nearly NFC (Near Field Communication, near radio The communication technology) module or card reader;
The payment information of preset peripheral module input is so obtained in step 203, it may include following steps:
Step A1:The smart card information of paying party is obtained from smart card by card reading unit.
Step A2:The dealing money of input is received, and obtains the accounts information of beneficiary.
Wherein, the execution sequence of step A1 and step A2 is unrestricted.
Wherein, in one embodiment, the dealing money of input is received in step A2, is specifically can perform and be The dealing money of input is obtained by the touch screen of intelligent terminal.
Wherein, in one embodiment, in step A2, the accounts information of beneficiary is obtained, can be specifically held Behavior:The accounts information of the beneficiary of input is obtained by the touch screen of intelligent terminal;Can also in advance by gathering The accounts information storage of side, then, in step A2, the accounts information of acquisition beneficiary specifically can perform and be: The accounts information of the beneficiary that reading is prestored.
Wherein, the accounts information of beneficiary is, for example, smart card (such as gold of beneficiary in one embodiment Melt IC-card (Integrated Circuit Card, integrated circuit card))).
4), wherein, in one embodiment, completing payment needs to obtain payment cipher, the embodiment of the present invention In, if preset peripheral module at least includes the module for providing user input informational function for touch screen is (such as intelligent Terminal is intelligent touch screen terminal), after being sent to after payment information is encrypted in step 203 according to encryption rule Before platform receives single system, can also be comprised the following steps in the embodiment of the present invention:
Step B1:Random keyboard is generated and shown, and asks to be input into trading password.
Step B2:The trading password of input is received and sent to smart card authentication, and determination receives intelligence Block the trading password for sending and be verified information;Or, trading password is sent to backstage and being received single system and being determined The trading password for receiving backstage receipts single system transmission is verified information.
Wherein, it is that trading password is sent to smart card authentication or backstage receipts single system checking in step B2, Can be determined according to prior art, the present invention is not limited this.
So, in the embodiment of the present invention, the keyboard for being input into payment cipher is random keyboard, such as schemed Shown in 4 (a), for the first time during display random keyboard, character A is in the upper left corner of keyboard.Second display with During switch disk as shown in Fig. 4 (b), character A is in the lower right corner of keyboard.In such manner, it is possible to avoid illegal use Family goes out payment cipher according to position judgment.So as to further ensure the safety of payment information.
Wherein, in one embodiment for the safety for ensureing to conclude the business, preset peripheral module can also include referring to Line identification module, so, without user input trading password, during trading password can be avoided to be input into Leakage encrypted message, so as to transaction security can be further ensured that by fingerprint recognition.
5), wherein, in one embodiment, SOS receives backstage and receives the treatment that single system is returned After result, can be shown by SOS control display screen.Can also by SOS will After reason result is sent to open operation system, the unique of preset peripheral module is regained by open operation system After control, shown in open operation system.
For example, being provided with payment application in open operation system, pay application and receive SOS hair The result is shown after the result sent.If paid successfully, treatment can also be tied by paying application Fruit is sent to printer printing, used as transaction voucher.Paying application can also store result, in order to Inquire about in the future.
To sum up, it is SOS due to there are two systems one in the embodiment of the present invention, another It is open operation system.During all of application can be only installed at open operation system in the prior art, and open Operating system is unable to the data in access safety operating system.So, paid by safety in the embodiment of the present invention Operating system is completed, and payment information is all processed by SOS and receives single system with backstage and interacted.Maliciously Software can be only installed in open operation system, but its cannot access safety operating system, so cannot obtain Payment information, also cannot just intercept and change transaction data, so, in the embodiment of the present invention, can improve The security of user profile.
Additionally, in the embodiment of the present invention, intelligent terminal can all read intelligence by NFC or card reader Card information, can save accepting terminal, so, the equipment cost for paying and disposing can be reduced to.
Additionally, in the embodiment of the present invention, by the identification authentication data of the encryption in startup information, Neng Goushi Now to the certification of startup information, prevent disabled user from sending startup information, so can further ensure user Information security.Improve the security for paying.
Additionally, in the embodiment of the present invention, it is defeated by random keyboard in order to user by generating random keyboard Enter payment cipher, safety of payment can be further ensured that.
Embodiment two
For ease of further understanding method of payment provided in an embodiment of the present invention, opened using transmission with paying below Dynamic information, SOS is received as a example by single system communication completion payment with backstage, and traveling one is entered to the method Step explanation.As shown in figure 5, being the exemplary process diagram of the method, comprise the following steps:
Step 501:Payment in open operation system carries the identification authentication data of encryption using transmission Startup information is to SOS.
Step 502:After SOS receives startup information, identification authentication data is decrypted, And compare decryption after identification authentication data it is whether consistent with the identification authentication data for prestoring;If consistent, perform Step 504;If inconsistent, step 503 is performed.
Step 503:SOS sends authentication failure message to application is paid.
Step 504:SOS obtains the exclusive control of the preset peripheral module of intelligent terminal.
Step 505:SOS is received single system foundation and is connected with backstage, and receives single system association with backstage Business's encryption rule and decryption rule.
Step 506:SOS is believed by the smart card that NFC module obtains paying party from smart card Breath, and the dealing money of input is received by touch-screen, and obtain the accounts information of beneficiary.
Step 507:SOS is generated and shows random keyboard, and asks to be input into trading password.
Step 508:SOS is received and sends the trading password of input to smart card authentication, and really Surely when the trading password for receiving smart card transmission is verified information, payment information is added according to encryption rule Backstage is sent to after close and receives single system;The payment information at least smart card information including paying party, transaction The accounts information of the amount of money and beneficiary.
It should be noted that as described in embodiment one, if trading password is to need backstage to receive single system to verify When, step 508 is that trading password is sent into backstage to receive single system checking here, and determination receives backstage The trading password for receiving single system transmission is verified information.
Step 509:SOS receives backstage and receives the result that single system is returned;Wherein, process Result is that the result after single system is decrypted and processed according to decryption rule to payment information is received on backstage.
Step 510:Result is sent to payment application by SOS, triggers open operation system Obtain the exclusive control of the preset peripheral module of intelligent terminal.
Step 511:Pay and apply display processing result.
Step 512:Pay the treatment request that application receives print processing result.
Step 513:Pay application and result is sent to printer printing.
Wherein, as shown in fig. 6, the structural representation of the system to realize above-mentioned steps 601- steps 612.
Wherein, in one embodiment, as shown in fig. 7, can also be read using accepting terminal or card reader Smart card information is taken, is connection accepting terminal or the structural representation of card reader in Fig. 7.It should be noted that Accepting terminal or card reader are only connected during specific implementation.
Wherein, in one embodiment, can be applied by paying by bluetooth or other wireless communication technologys Result is sent to printer printing.
To sum up, it is SOS due to there are two systems one in the embodiment of the present invention, another It is open operation system.During all of application can be only installed at open operation system in the prior art, and open Operating system is unable to the data in access safety operating system.So, paid by safety in the embodiment of the present invention Operating system is completed, and payment information is all processed by SOS and receives single system with backstage and interacted.Maliciously Software can be only installed in open operation system, but its cannot access safety operating system, so cannot obtain Payment information, also cannot just intercept and change transaction data, so, in the embodiment of the present invention, can improve The security of user profile.
Embodiment three
Based on identical inventive concept, the present invention also provides a kind of SOS, as shown in figure 8, bag Include:
Start message processing module 801, for after the startup information for receiving the transmission of open operation system, obtaining The exclusive control of the preset peripheral module of intelligent apparatus;Wherein, intelligent apparatus include SOS With open operation system;Open operation system is used to install various applications;SOS has not to be allowed The function of the data in any application access safety operating system in open operation system;Preset peripheral module At least include providing the module of user input informational function;And,
Link block 802, is connected for receiving single system foundation with backstage, and consults to add with backstage receipts single system Close rule and decryption rule;
Payment information processing module 803, the payment information for obtaining preset peripheral module input, and according to Encryption rule is sent to backstage and receives single system after payment information is encrypted;The payment information at least includes payment The accounts information of the smart card information of side, dealing money and beneficiary;
Result receiver module 804, the result that single system is returned is received for receiving backstage;Wherein, Result is that the result after single system is decrypted and processed according to decryption rule to payment information is received on backstage.
Wherein, in one embodiment, the link block 802, specifically for receiving monosystem construction in a systematic way with backstage Vertical virtual private network.
Wherein, in one embodiment, the preset peripheral module also includes card reading unit;The Card Reader list Unit includes the short distance wireless communication technology NFC module or card reader;
The payment information processing module 803, specifically includes:
Smart card information acquiring unit, the smart card for obtaining paying party from smart card by card reading unit Information;And,
Other acquiring units, for receiving the dealing money of input, and obtain the accounts information of beneficiary.
Wherein, in one embodiment, the startup information includes the identification authentication data of encryption;It is described SOS also includes:
Authentication module, for the preset peripheral module for starting message processing module acquisition intelligent apparatus only Before one control, identification authentication data is decrypted, and compare decryption after identification authentication data with it is pre- Whether the identification authentication data deposited is consistent;
First performing module, if identification authentication data and the identification authentication data one for prestoring after for decrypting Cause, then triggering performs the preset peripheral module for starting message processing module execution acquisition intelligent apparatus only The step of one control;
Second performing module, if differing with the identification authentication data for prestoring for the identification authentication data after decrypting Cause, then send authentication failure message to open operation system.
Wherein, in one embodiment, if preset peripheral module at least includes providing user input informational function Module be touch screen, the SOS also includes:
Random keyboard generation module, for the payment information processing module according to encryption rule by payment information Before backstage receipts single system is sent to after encryption, random keyboard is generated and shown, and ask to be input into trading password;
Confirm module, for receiving and send the trading password of input and received to smart card authentication, and determination The trading password that smart card sends is verified information;Or, trading password is sent to backstage receiving single system simultaneously It is determined that the trading password for receiving backstage receipts single system transmission is verified information.
To sum up, it is SOS due to there are two systems one in the embodiment of the present invention, another It is open operation system.During all of application can be only installed at open operation system in the prior art, and open Operating system is unable to the data in access safety operating system.So, paid by safety in the embodiment of the present invention Operating system is completed, and payment information is all processed by SOS and receives single system with backstage and interacted.Maliciously Software can be only installed in open operation system, but its cannot access safety operating system, so cannot obtain Payment information, also cannot just intercept and change transaction data, so, in the embodiment of the present invention, can improve The security of user profile.
On the SOS in above-described embodiment, wherein modules have performed the concrete mode for operating It has been described in detail through in the embodiment about the method, explanation will be not set forth in detail herein.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, device, system, Or computer program product.Therefore, the present invention can using complete hardware embodiment, complete software embodiment, Or the form of the embodiment in terms of combination software and hardware.And, the present invention can use at one or more it In include computer-usable storage medium (the including but not limited to disk storage of computer usable program code Device, CD-ROM, optical memory etc.) on implement computer program product form.
The present invention is with reference to method according to embodiments of the present invention, device (device) and computer program product Flow chart and/or block diagram describe.It should be understood that can by computer program instructions realize flow chart and/or Flow in each flow and/or square frame and flow chart and/or block diagram and/or square frame in block diagram With reference to.These computer program instructions to all-purpose computer, special-purpose computer, Embedded Processor can be provided Or the processor of other programmable data processing units is producing a machine so that by computer or other The instruction of the computing device of programmable data processing unit produce for realizing in one flow of flow chart or The device of the function of being specified in one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions may be alternatively stored in can guide computer or other programmable datas treatment dress In putting the computer-readable memory for working in a specific way so that storage is in the computer-readable memory Instruction produce include the manufacture of command device, the command device realization in one flow of flow chart or multiple The function of being specified in one square frame of flow and/or block diagram or multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing units, made Obtain and perform on the computer or other programmable apparatus series of operation steps to produce computer implemented place Reason, so that the instruction for performing on the computer or other programmable apparatus is provided for realizing in flow chart one The step of function of being specified in flow or multiple one square frame of flow and/or block diagram or multiple square frames.
, but those skilled in the art once know base although preferred embodiments of the present invention have been described This creative concept, then can make other change and modification to these embodiments.So, appended right will Ask and be intended to be construed to include preferred embodiment and fall into having altered and changing for the scope of the invention.
Obviously, those skilled in the art can carry out various changes and modification without deviating from this hair to the present invention Bright spirit and scope.So, if it is of the invention these modification and modification belong to the claims in the present invention and Within the scope of its equivalent technologies, then the present invention is also intended to comprising these changes and modification.

Claims (10)

1. a kind of method of payment, it is characterised in that including:
After SOS receives the startup information that open operation system sends, the preset of intelligent terminal is obtained The exclusive control of peripheral module;Wherein, intelligent terminal includes SOS and open operation system; Open operation system is used to install various applications;During SOS has and does not allow open operation system The function of the data in any application access safety operating system;Preset peripheral module at least includes providing user It is input into the module of informational function;And,
Single system foundation is received with backstage to be connected, and receive single system with backstage consult encryption rule and decryption rule;
The payment information of preset peripheral module input is obtained, and is sent out after payment information is encrypted according to encryption rule Give backstage and receive single system;The payment information at least including paying party smart card information, dealing money with And the accounts information of beneficiary;
Receive backstage and receive the result that single system is returned;Wherein, result be backstage receive single system according to Decrypt the result after rule is decrypted and processed to payment information.
2. method according to claim 1, it is characterised in that described to receive single system with backstage and set up Connection, specifically includes:
Single system is received with backstage set up virtual private network.
3. method according to claim 1, it is characterised in that the preset peripheral module also includes Card reading unit;The card reading unit includes the short distance wireless communication technology NFC module or card reader;
The payment information for obtaining preset peripheral module input, specifically includes:
The smart card information of paying party is obtained from smart card by card reading unit;And,
The dealing money of input is received, and obtains the accounts information of beneficiary.
4. method according to claim 1, it is characterised in that the startup information includes encryption Identification authentication data;
Before the exclusive control of the preset peripheral module for obtaining intelligent terminal, methods described also includes:
Identification authentication data is decrypted, and the identification authentication data compared after decryption is recognized with the identity for prestoring Whether card data are consistent;
If consistent, the step of perform the exclusive control of the preset peripheral module for obtaining intelligent terminal;
If inconsistent, authentication failure message is sent to open operation system.
5. method according to claim 1, it is characterised in that if preset peripheral module at least includes There is provided user input informational function module be touch screen, it is described payment information is encrypted according to encryption rule after send out Before giving backstage receipts single system, methods described also includes:
Random keyboard is generated and shown, and asks to be input into trading password;
The trading password of input is received and sent to smart card authentication, and determines to receive the friendship of smart card transmission Easy password authentification passes through information;Or, trading password is sent to backstage and being received single system and being determined to receive backstage The trading password for receiving single system transmission is verified information.
6. a kind of SOS, it is characterised in that including:
Start message processing module, for after the startup information for receiving the transmission of open operation system, obtaining intelligence The exclusive control of the preset peripheral module of device;Wherein, intelligent apparatus include SOS and open Put operating system;Open operation system is used to install various applications;SOS has not to be allowed to open The function of the data in any application access safety operating system in operating system;Preset peripheral module is at least Module including providing user input informational function;And,
Link block, is connected for receiving single system foundation with backstage, and receives single system negotiation encryption rule with backstage Then with decryption rule;
Payment information processing module, the payment information for obtaining preset peripheral module input, and according to encryption Rule is sent to backstage and receives single system after payment information is encrypted;The payment information at least includes paying party The accounts information of smart card information, dealing money and beneficiary;
Result receiver module, the result that single system is returned is received for receiving backstage;Wherein, process Result is that the result after single system is decrypted and processed according to decryption rule to payment information is received on backstage.
7. SOS according to claim 6, it is characterised in that the link block, Virtual private network is set up specifically for receiving single system with backstage.
8. SOS according to claim 6, it is characterised in that the preset peripheral hardware mould Block also includes card reading unit;The card reading unit includes the short distance wireless communication technology NFC module or Card Reader Device;
The payment information processing module, specifically includes:
Smart card information acquiring unit, the smart card for obtaining paying party from smart card by card reading unit Information;And,
Other acquiring units, for receiving the dealing money of input, and obtain the accounts information of beneficiary.
9. SOS according to claim 6, it is characterised in that in the startup information Including the identification authentication data encrypted;The SOS also includes:
Authentication module, for the preset peripheral module for starting message processing module acquisition intelligent apparatus only Before one control, identification authentication data is decrypted, and compare decryption after identification authentication data with it is pre- Whether the identification authentication data deposited is consistent;
First performing module, if identification authentication data and the identification authentication data one for prestoring after for decrypting Cause, then triggering performs the preset peripheral module for starting message processing module execution acquisition intelligent apparatus only The step of one control;
Second performing module, if differing with the identification authentication data for prestoring for the identification authentication data after decrypting Cause, then send authentication failure message to open operation system.
10. SOS according to claim 6, it is characterised in that if preset peripheral module The module at least including providing user input informational function is touch screen, and the SOS also includes:
Random keyboard generation module, for the payment information processing module according to encryption rule by payment information Before backstage receipts single system is sent to after encryption, random keyboard is generated and shown, and ask to be input into trading password;
Confirm module, for receiving and send the trading password of input and received to smart card authentication, and determination The trading password that smart card sends is verified information;Or, trading password is sent to backstage receiving single system simultaneously It is determined that the trading password for receiving backstage receipts single system transmission is verified information.
CN201510997423.XA 2015-12-25 2015-12-25 A kind of method of payment and SOS Pending CN106920091A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510997423.XA CN106920091A (en) 2015-12-25 2015-12-25 A kind of method of payment and SOS

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510997423.XA CN106920091A (en) 2015-12-25 2015-12-25 A kind of method of payment and SOS

Publications (1)

Publication Number Publication Date
CN106920091A true CN106920091A (en) 2017-07-04

Family

ID=59455652

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510997423.XA Pending CN106920091A (en) 2015-12-25 2015-12-25 A kind of method of payment and SOS

Country Status (1)

Country Link
CN (1) CN106920091A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108401494A (en) * 2018-02-27 2018-08-14 福建联迪商用设备有限公司 A kind of method and system of transmission data
WO2022073336A1 (en) * 2020-10-09 2022-04-14 平安科技(深圳)有限公司 Secure payment method and apparatus, electronic device, and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202150070U (en) * 2010-12-14 2012-02-22 深圳市中成汇实业有限公司 Personal on-line transaction terminal
US20130311382A1 (en) * 2012-05-21 2013-11-21 Klaus S. Fosmark Obtaining information for a payment transaction
CN103699989A (en) * 2013-12-27 2014-04-02 福建联迪商用设备有限公司 Payment platform and payment method on basis of intelligent equipment
CN104143065A (en) * 2014-08-28 2014-11-12 北京握奇智能科技有限公司 Safety intelligent terminal equipment and information processing method
CN105184567A (en) * 2015-08-26 2015-12-23 宇龙计算机通信科技(深圳)有限公司 Information processing method, processing device and mobile terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202150070U (en) * 2010-12-14 2012-02-22 深圳市中成汇实业有限公司 Personal on-line transaction terminal
US20130311382A1 (en) * 2012-05-21 2013-11-21 Klaus S. Fosmark Obtaining information for a payment transaction
CN103699989A (en) * 2013-12-27 2014-04-02 福建联迪商用设备有限公司 Payment platform and payment method on basis of intelligent equipment
CN104143065A (en) * 2014-08-28 2014-11-12 北京握奇智能科技有限公司 Safety intelligent terminal equipment and information processing method
CN105184567A (en) * 2015-08-26 2015-12-23 宇龙计算机通信科技(深圳)有限公司 Information processing method, processing device and mobile terminal

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108401494A (en) * 2018-02-27 2018-08-14 福建联迪商用设备有限公司 A kind of method and system of transmission data
WO2019165571A1 (en) * 2018-02-27 2019-09-06 福建联迪商用设备有限公司 Method and system for transmitting data
CN108401494B (en) * 2018-02-27 2020-10-30 福建联迪商用设备有限公司 Method and system for transmitting data
WO2022073336A1 (en) * 2020-10-09 2022-04-14 平安科技(深圳)有限公司 Secure payment method and apparatus, electronic device, and storage medium

Similar Documents

Publication Publication Date Title
KR101759193B1 (en) Network authentication method for secure electronic transactions
CA2972895C (en) Security for mobile payment applications
US20170364911A1 (en) Systems and method for enabling secure transaction
US8996867B2 (en) Method and device for end-user verification of an electronic transaction
US20110103586A1 (en) System, Method and Device To Authenticate Relationships By Electronic Means
EP3401866A1 (en) System and method for secure transaction process via mobile device
US20120078735A1 (en) Secure account provisioning
US20140214688A1 (en) System and method for secure transaction process via mobile device
CN101221641B (en) On-line trading method and its safety affirmation equipment
CN105308898B (en) For executing system, the method and apparatus of password authentification
US20130246268A1 (en) Method and system for dedicated secure processors for handling secure processing in a handheld communication device
US11636276B2 (en) Augmented reality information display and interaction via NFC based authentication
CN105631655A (en) HCE-based mobile payment method, device and mobile terminal
CN105825149A (en) Switching method for multi-operation system and terminal equipment
CN105635164B (en) The method and apparatus of safety certification
CN110100411B (en) Cryptographic system management
CN102665208B (en) Mobile terminal, terminal banking safety certifying method and system
CN106920091A (en) A kind of method of payment and SOS
CN107563209A (en) Touch-screen PIN input methods and device based on Android
CN108924822B (en) Card-contained secure communication method based on trusted environment and mobile terminal
CN102184354A (en) Method for preventing data from being falsified and hijacked in online payment
CN103854172B (en) A kind of data safe processing terminal and system based on IC-card
KR101009913B1 (en) Method for providing online payment service, payment module and payment approval server
US20230028625A1 (en) Method and system for operating a mobile point-of-sales application
Van Damme et al. A PKI-based mobile banking demonstrator

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170704