SECURE DATA INTERACTION METHOD AND SYSTEM
First Claim
1. A secure data interactive method, comprising:
- scanning, by a terminal, an intelligent cipher token in a signal coverage range and obtaining identification information of the intelligent cipher token;
conducting a mutual authentication between the terminal and a background system server, and/or conducting a mutual authentication between the terminal and the intelligent cipher token;
obtaining, by the terminal, user information corresponding to the intelligent cipher token based on the identification information of the intelligent cipher token; and
storing, by the terminal, the user information into a pre-established current user list.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are a secure data interaction method and system, the method comprising: a terminal scans an intelligent cryptographic device within signal coverage, and acquires the identifier information of the scanned intelligent cryptographic device; the terminal and a background system server authenticate each other, and/or the terminal and the intelligent cryptographic device authenticate each other; the terminal acquires user information corresponding to the intelligent cryptographic device according to the identifier information of the scanned intelligent cryptographic device; and the terminal stores the user information in a pre-established current user list. Thus, the present invention constructs a method system of mutually authenticating the background system server, the terminal and the intelligent cryptographic device, and establishes security channels there between to prevent phishing risks and transaction risks such as transaction information tampering, remote hijacking and middle-man attacks, thus effectively ensuring fund security of a user possessing the intelligent cryptographic device and a merchant possessing the terminal.
-
Citations
32 Claims
-
1. A secure data interactive method, comprising:
-
scanning, by a terminal, an intelligent cipher token in a signal coverage range and obtaining identification information of the intelligent cipher token; conducting a mutual authentication between the terminal and a background system server, and/or conducting a mutual authentication between the terminal and the intelligent cipher token; obtaining, by the terminal, user information corresponding to the intelligent cipher token based on the identification information of the intelligent cipher token; and storing, by the terminal, the user information into a pre-established current user list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
2. The method according to claim 1, wherein obtaining by the terminal user information corresponding to the intelligent cipher token based on the identification information of the intelligent cipher token comprises:
-
sending, by the terminal, the identification information of the intelligent cipher token and a user information reading request to the background system server; obtaining, by the background system server, the user information corresponding to the intelligent cipher token based on the identification information of the intelligent cipher token, after the background system server receives the identification information of the intelligent cipher token and the user information reading request; obtaining, by the background system server, response information of the user information reading request based on the user information and sending the response information of the user information reading request to the terminal; and obtaining, by the terminal, the user information based on the response information of the user information reading request, after the terminal receives the response information of the user information reading request.
-
-
3. The method according to claim 1, wherein obtaining by the terminal user information corresponding to the intelligent cipher token based on the identification information of the intelligent cipher token comprises:
-
sending, by the terminal, a user information reading request to the intelligent cipher token, based on the identification information of the intelligent cipher token; obtaining, by the intelligent cipher token, pre-stored user information, obtaining response information of the user information reading request based on the pre-stored user information, and sending the response information of the user information reading request to the terminal; and obtaining, by the terminal, the user information based on the response information of the user information reading request, after the terminal receives the response information of the user information reading request.
-
-
4. The method according to any one of claims 1 to 3, wherein conducting a mutual authentication between the terminal and a background system server comprises:
-
generating, by the terminal, first information to be signed; sending, by the terminal, the first information to be signed and first authentication request information to the background system server; generating, by the background system server, second information to be signed after the background system server receives the first information to be signed and the first authentication request information; sending, by the background system server, the second information to be signed and a background system server certificate to the terminal; verifying, by the terminal, whether the background system server certificate is legitimate by using a pre-stored root certificate corresponding to the background system server certificate, after the terminal receives the second information to be signed and the background system server certificate; signing, by the terminal, the first information to be signed and the second information to be signed by using a private key of the terminal to generate first signature information, after the background system server certificate is verified to be legitimate; sending, by the terminal, the first signature information and a terminal certificate to the background system server; verifying, by the background system server, whether the terminal certificate is legitimate by using a pre-stored root certificate corresponding to the terminal certificate; verifying, by the background system server, the first signature information by using a public key in the terminal certificate, after the terminal certificate is verified to be legitimate; generating, by the background system server, a background authentication completion message and sending the background authentication completion message to the terminal, after the first signature information is verified successfully; verifying, by the terminal, the background authentication completion message after the terminal receives the background authentication completion message; generating, by the terminal, a first terminal authentication completion message and sending the first terminal authentication completion message to the background system server, after the background authentication completion message is verified successfully; verifying, by the background system server, the first terminal authentication completion message after the background system server receives the first terminal authentication completion message; and completing the mutual authentication between the terminal and the background system server, after the first terminal authentication completion message is successfully verified by the background system server.
-
-
5. The method according to any one of claims 1 to 4, wherein conducting a mutual authentication between the terminal and the intelligent cipher token comprises:
-
generating, by the terminal, third information to be signed; sending, by the terminal, the third information to be signed and second authentication request information to the intelligent cipher token; generating, by the intelligent cipher token, fourth information to be signed after the intelligent cipher token receives the third information to be signed and the second authentication request information; signing, by the intelligent cipher token, the third information to be signed by using a private key of the intelligent cipher token to generate second signature information and sending the fourth information to be signed, the second signature information and an intelligent cipher token certificate to the terminal; verifying, by the terminal, whether the intelligent cipher token certificate is legitimate by using a pre-stored root certificate corresponding to the intelligent cipher token certificate, after the terminal receives the fourth information to be signed, the second signature information and the intelligent cipher token certificate; verifying, by the terminal, the second signature information by using a public key in the intelligent cipher token certificate, after the intelligent cipher token certificate is verified to be legitimate; signing, by the terminal, the third information to be signed and the fourth information to be signed by using a private key of the terminal to generate third signature information, after the second signature information is successfully verified; sending, by the terminal, the third signature information and a terminal certificate to the intelligent cipher token; verifying, by the intelligent cipher token, whether the terminal certificate is legitimate by using a pre-stored root certificate corresponding to the terminal certificate, after the intelligent cipher token receives the third signature information and the terminal certificate; verifying, by the intelligent cipher token, the third signature information by using a public key in the terminal certificate, after the terminal certificate is verified to be legitimate; generating, by the intelligent cipher token, an intelligent cipher token authentication completion message after the third signature information is successfully verified; sending, by the intelligent cipher token, the intelligent cipher token authentication completion message to the terminal; verifying, by the terminal, the intelligent cipher token authentication completion message, after the terminal receives the intelligent cipher token authentication completion message; generating, by the terminal, a second terminal authentication completion message and sending the second terminal authentication completion message to the intelligent cipher token, after the intelligent cipher token authentication completion message is successfully verified; verifying, by the intelligent cipher token, the second terminal authentication completion message, after the intelligent cipher token receives the second terminal authentication completion message; and completing the mutual authentication between the terminal and the intelligent cipher token, after the second terminal authentication completion message is successfully verified by the intelligent cipher token.
-
-
6. The method according to any one of claims 1 to 5, after scanning by a terminal an intelligent cipher token in a signal coverage range and obtaining identification information of the intelligent cipher token, further comprising:
-
generating, by the terminal, a real-time identification list, after the terminal obtains identification information of all intelligent cipher tokens in the signal coverage range of the terminal; comparing, by the terminal, each piece of identification information in the real-time identification list with all the identification information in the pre-established current user list, at a predetermined time interval; executing, by the terminal, the step of obtaining user information corresponding to an scanned intelligent cipher token respectively based on identification information included in the real-time identification list but not included in the pre-established current user list;
deleting, from the pre-established current user list, user information corresponding to each intelligent cipher token with the identification information included in the pre-established current user list but not included in the real-time identification list.
-
-
7. The method according to any one of claims 1 to 5, after scanning by a terminal an intelligent cipher token in a signal coverage range and obtaining identification information of the intelligent cipher token, further comprising:
-
generating, by the terminal, a real-time identification list, after the terminal obtains identification information of all intelligent cipher tokens in the signal coverage range of the terminal; comparing, by the terminal, each piece of identification information in the real-time identification list with all the identification information in the pre-established current user list, at a predetermined time interval; executing, by the terminal, the step of obtaining user information corresponding to an scanned intelligent cipher token respectively based on identification information included in the real-time identification list but not included in the pre-established current user list, and storing obtained user information into the real-time identification list;
copying user information corresponding to each intelligent cipher token with the identification information included in the real-time identification list and included in the pre-established current user list from the pre-established current user list to the real-time identification list; andtaking the real-time identification list as an updated current user list.
-
-
8. The method according to claim 4, wherein the first authentication request information comprises identification information of the terminal, and the method comprises:
-
judging, by the background system server, whether the identification information of the terminal is included in a terminal abnormality list pre-stored in the background system server, after the background system server receives the first information to be signed and the first authentication request information; after the background system server judges that the identification information of the terminal is included in the terminal abnormality list, obtaining, by the background system server, a terminal locking instruction, signing the terminal locking instruction by using a private key of the background system server to generate fourth signature information, and sending the terminal locking instruction and the fourth signature information to the terminal; verifying, by the terminal, the fourth signature information by using a public key in the background system server certificate pre-stored, after the terminal receives the terminal locking instruction and the fourth signature information; and executing, by the terminal, a terminal locking operation based on the terminal locking instruction, after the fourth signature information is successfully verified.
-
-
9. The method according to claim 2, after sending by the terminal the identification information of the intelligent cipher token and a user information reading request to the background system server, further comprising:
-
judging, by the background system server, whether the identification information of the intelligent cipher token is included in an intelligent cipher token abnormality list pre-stored in the background system server; after the background system server judges that the identification information of the intelligent cipher token is included in the intelligent cipher token abnormality list, obtaining, by the background system server, an intelligent cipher token locking instruction, signing the intelligent cipher token locking instruction by using a private key of the background system server to generate fifth signature information, and sending the intelligent cipher token locking instruction and the fifth signature information to the intelligent cipher token via the terminal; verifying, by the intelligent cipher token, the fifth signature information by using a public key in a pre-stored background system server certificate, after the intelligent cipher token receives the intelligent cipher token locking instruction and the fifth signature information; and executing, by the intelligent cipher token, an intelligent cipher token locking operation based on the intelligent cipher token locking instruction, after the fifth signature information is successfully verified.
-
-
10. The method according to any one of claims 1 to 9, further comprising:
-
receiving and checking, by the background system server, a terminal registration application; sending, by the background system server, a terminal key pair generating instruction to the terminal, after the terminal registration application is successfully checked; generating, by the terminal, a terminal key pair after the terminal receives the terminal key pair generating instruction; sending, by the terminal, a public key in the terminal key pair to the background system server; generating, by the background system server, a terminal certificate and sending the terminal certificate to the terminal, after the background system server receives the public key in the terminal key pair; storing, by the terminal, the terminal certificate; and receiving and checking, by the background system server, an intelligent cipher token registration application; sending, by the background system server, an intelligent cipher token key pair generating instruction to the intelligent cipher token, after the intelligent cipher token registration application is successfully checked; generating, by the intelligent cipher token, an intelligent cipher token key pair after the intelligent cipher token receives the intelligent cipher token key pair generating instruction; sending, by the intelligent cipher token, a public key in the intelligent cipher token key pair to the background system server; generating, by the background system server, an intelligent cipher token certificate and sending the intelligent cipher token certificate to the intelligent cipher token, after the background system server receives the public key in the intelligent cipher token key pair; and storing, by the intelligent cipher token, the intelligent cipher token certificate.
-
-
11. The method according to claim 10, further comprising:
-
obtaining, by the terminal, a terminal cancellation application, signing the terminal cancellation application by using a private key of the terminal to generate sixth signature information, and sending the terminal cancellation application and the sixth signature information to the background system server;
verifying, by the background system server, the sixth signature information by using a public key in the terminal certificate pre-stored, after the background system server receives the terminal cancellation application and the sixth signature information;
after the sixth signature information is successfully verified, deleting, by the background system server, the terminal certificate pre-stored, generating terminal cancellation completion information and sending the terminal cancellation completion information to the terminal;
deleting, by the terminal, the private key of the terminal after the terminal receives the terminal cancellation completion information;and/or obtaining, by the intelligent cipher token, an intelligent cipher token cancellation application, signing the intelligent cipher token cancellation application by using a private key of the intelligent cipher token to generate seventh signature information, and sending the intelligent cipher token cancellation application and the seventh signature information to the background system server;
verifying, by the background system server, the seventh signature information by using a public key in the intelligent cipher token certificate pre-stored, after the background system server receives the intelligent cipher token cancellation application and the seventh signature information;
after the seventh signature information is successfully verified, deleting, by the background system server, the intelligent cipher token certificate pre-stored, generating intelligent cipher token cancellation completion information and sending the intelligent cipher token cancellation completion information to the intelligent cipher token;
deleting, by the intelligent cipher token, the private key of the intelligent cipher token after the intelligent cipher token receives the intelligent cipher token cancellation completion information.
-
-
12. The method according to claim 2, after the background system server receives the identification information of the intelligent cipher token and the user information reading request, and before the background system server sends the response information of the user information reading request to the terminal, further comprising:
-
sending, by the background system server, user authorization request information to the intelligent cipher token via the terminal; generating, by the intelligent cipher token, authorization information and sending the authorization information to the background system server via the terminal, after the intelligent cipher token received the user authorization request information; executing, by the background system server, the step of sending the response information of the user information reading request to the terminal, after the background system server receives the authorization information.
-
-
13. The method according to claim 12, wherein, generating by the intelligent cipher token authorization information after the intelligent cipher token receives the user authorization request information comprises:
-
turning, by the intelligent cipher token, a sleep state into an awakened state after the intelligent cipher token receives the user authorization request information; and generating, by the intelligent cipher token in the awakened state, the authorization information.
-
-
14. The method according to claim 5, wherein, generating by the intelligent cipher token fourth information to be signed after the intelligent cipher token receives the third information to be signed and the second authentication request information comprises:
-
turning, by the intelligent cipher token, a sleep state into an awakened state after the intelligent cipher token receives the second authentication request information; and generating, by the intelligent cipher token in the awakened state, the fourth information to be signed.
-
-
15. The method according to any one of claims 1 to 14, before scanning by a terminal an intelligent cipher token in a signal coverage range, and obtaining identification information of the intelligent cipher token, further comprises:
entering a scannable state for the intelligent cipher token.
-
16. The method according to any one of claims 1 to 15, wherein information transmitted between the background system server and the terminal is transmitted after an encryption calculation and/or a check calculation via a first session key, wherein the first session key is pre-stored in the background system server and the terminal or generated through a negotiation of the background system server and the terminal;
- and/or
information transmitted between the terminal and the intelligent cipher token is transmitted after an encryption calculation and/or a check calculation via a second session key, wherein the second session key is pre-stored in the terminal and the intelligent cipher token or generated through a negotiation of the terminal and the intelligent cipher token.
- and/or
-
2. The method according to claim 1, wherein obtaining by the terminal user information corresponding to the intelligent cipher token based on the identification information of the intelligent cipher token comprises:
-
-
17. A secure data interactive system, comprising:
- a terminal, a background system server and an intelligent cipher token;
wherein,the terminal is configured to;
scan the intelligent cipher token in a signal coverage range, and obtain identification information of the intelligent cipher token;
conduct a mutual authentication with the background system server, and/or conduct a mutual authentication with the intelligent cipher token;
obtain user information corresponding to the intelligent cipher token based on the identification information of the intelligent cipher token; and
store the user information into a pre-established current user list. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
18. The system according to claim 17, wherein,
the terminal is further configured to: - send the identification information of the intelligent cipher token and a user information reading request to the background system server; and
receive response information of the user information reading request sent by the background system server and obtain the user information based on the response information of the user information reading request;the background system server is configured to;
receive the identification information of the intelligent cipher token and the user information reading request sent by the terminal, and obtain the user information corresponding to the intelligent cipher token based on the identification information of the intelligent cipher token; and
obtain the response information of the user information reading request based on the user information, and send the response information of the user information reading request to the terminal.
- send the identification information of the intelligent cipher token and a user information reading request to the background system server; and
-
19. The system according to claim 17, wherein,
the terminal is further configured to: - send a user information reading request to the intelligent cipher token based on the identification information of the intelligent cipher token;
receive response information of the user information reading request sent by the intelligent cipher token, and obtain the user information based on the response information of the user information reading request; andthe intelligent cipher token is configured to;
obtain pre-stored user information, obtain the response information of the user information reading request based on the pre-stored user information, and send the response information of the user information reading request to the terminal.
- send a user information reading request to the intelligent cipher token based on the identification information of the intelligent cipher token;
-
20. The system according to any one of claims 17 to 19, wherein,
the terminal is further configured to: - generate first information to be signed;
send the first information to be signed and first authentication request information to the background system server;
receive second information to be signed and a background system server certificate sent by the background system server, and verify whether the background system server certificate is legitimate by using a pre-stored root certificate corresponding to the background system server certificate;
sign the first information to be signed and the second information to be signed by using a private key of the terminal to generate first signature information, after the background system server certificate is verified to be legitimate;
send the first signature information and a terminal certificate to the background system server;
receive and verify a background authentication completion message sent by the background system server;
generate a first terminal authentication completion message and send the first terminal authentication completion message to the background system server, after the background authentication completion message is successfully verified; andthe background system server is further configured to;
receive the first information to be signed and the first authentication request information sent by the terminal and generate the second information to be signed;
send the second information to be signed and the background system server certificate to the terminal;
verify whether the terminal certificate is legitimate by using a pre-stored root certificate corresponding to the terminal certificate;
verify the first signature information by using a public key in the terminal certificate, after the terminal certificate is verified to be legitimate;
generate the background authentication completion message and send the background authentication completion message to the terminal, after the first signature information is successfully verified;
receive and verify the first terminal authentication completion message sent by the terminal;
complete the mutual authentication between the terminal and the background system server, after the first terminal authentication completion message is successfully verified.
- generate first information to be signed;
-
21. The system according to any one of claims 17 to 20, wherein,
the terminal is further configured to: - generate third information to be signed;
send the third information to be signed and second authentication request information to the intelligent cipher token;
receive fourth information to be signed, second signature information and an intelligent cipher token certificate sent by the intelligent cipher token, and verify whether the intelligent cipher token certificate is legitimate by using a pre-stored root certificate corresponding to the intelligent cipher token certificate;
verify the second signature information by using a public key in the intelligent cipher token certificate, after the intelligent cipher token certificate is verified to be legitimate;
sign the third information to be signed and the fourth information to be signed by using a private key of the terminal to generate third signature information, after the second signature information is successfully verified;
send the third signature information and a terminal certificate to the intelligent cipher token;
receive and verify an intelligent cipher token authentication completion message sent by the intelligent cipher token;
generate a second terminal authentication completion message and send the second terminal authentication completion message to the intelligent cipher token, after the intelligent cipher token authentication completion message is successfully verified; andthe intelligent cipher token is further configured to;
receive the third information to be signed and the second authentication request information sent by the terminal, and generate the fourth information to be signed;
sign the third information to be signed by using a private key of the intelligent cipher token to generate the second signature information, and send the fourth information to be signed, the second signature information and the intelligent cipher token certificate to the terminal;
receive the third signature information and the terminal certificate sent by the terminal, and verify whether the terminal certificate is legitimate by using a pre-stored root certificate corresponding to the terminal certificate;
verify the third signature information by using a public key in the terminal certificate, after the terminal certificate is verified to be legitimate;generate the intelligent cipher token authentication completion message after the third signature information is successfully verified;
send the intelligent cipher token authentication completion message to the terminal;
receive and verify the second terminal authentication completion message sent by the terminal;
complete the mutual authentication between the terminal and the intelligent cipher token, after the second terminal authentication completion message is successfully verified.
- generate third information to be signed;
-
22. The system according to any one of claims 17 to 21, wherein,
after scanning the intelligent cipher token in the signal coverage range and obtaining the identification information of the intelligent cipher token, the terminal is further configured to: - obtain identification information of all intelligent cipher tokens in the signal coverage range of the terminal and generate a real-time identification list;
compare each piece of identification information in the real-time identification list with all the identification information in the pre-established current user list, at a predetermined time interval;
obtain user information corresponding to an scanned intelligent cipher token respectively based on identification information included in the real-time identification list but not included in the pre-established current user list;
delete, from the pre-established current user list, user information corresponding to each intelligent cipher token with the identification information included in the pre-established current user list but not included in the real-time identification list.
- obtain identification information of all intelligent cipher tokens in the signal coverage range of the terminal and generate a real-time identification list;
-
23. The system according to any one of claims 17 to 21, wherein,
after scanning the intelligent cipher token in the signal coverage range and obtaining the identification information of the intelligent cipher token, the terminal is further configured to: - obtain identification information of all intelligent cipher tokens in the signal coverage range of the terminal and generate a real-time identification list;
compare each piece of identification information in the real-time identification list with all the identification information in the pre-established current user list, at a predetermined time interval;
obtain user information corresponding to an scanned intelligent cipher token respectively based on identification information included in the real-time identification list but not included in the pre-established current user list, and store obtained user information into the real-time identification list;
copy user information corresponding to each intelligent cipher token with the identification information included in the real-time identification list and included in the pre-established current user list from the pre-established current user list to the real-time identification list; and
take the real-time identification list as an updated current user list.
- obtain identification information of all intelligent cipher tokens in the signal coverage range of the terminal and generate a real-time identification list;
-
24. The system according to claim 20, wherein,
the background system server is further configured to: - receive the first information to be signed and the first authentication request information sent by the terminal, wherein the first authentication request information comprises identification information of the terminal;
judge whether the identification information of the terminal is included in a terminal abnormality list pre-stored in the background system server;
obtain a terminal locking instruction after the background system server judges that the identification information of the terminal is included in the terminal abnormality list, sign the terminal locking instruction by using a private key of the background system server to generate fourth signature information, and send the terminal locking instruction and the fourth signature information to the terminal; andthe terminal is further configured to;
receive the terminal locking instruction and the fourth signature information sent by the background system server, and verify the fourth signature information by using a public key in the background system server certificate pre-stored;
execute a terminal locking operation based on the terminal locking instruction, after the fourth signature information is successfully verified.
- receive the first information to be signed and the first authentication request information sent by the terminal, wherein the first authentication request information comprises identification information of the terminal;
-
25. The system according to claim 18, wherein,
after the terminal sends the identification information of the intelligent cipher token and the user information reading request to the background system server, the background system server is further configured to: - judge whether the identification information of the intelligent cipher token is included in an intelligent cipher token abnormality list pre-stored in the background system server;
obtain an intelligent cipher token locking instruction, sign the intelligent cipher token locking instruction by using a private key of the background system server to generate fifth signature information, and send the intelligent cipher token locking instruction and the fifth signature information to the intelligent cipher token via the terminal, after the background system server judges that the identification information of the intelligent cipher token is included in the intelligent cipher token abnormality list; and the intelligent cipher token is further configured to;
receive the intelligent cipher token locking instruction and the fifth signature information and verify the fifth signature information by using a public key in a pre-stored background system server certificate;
execute an intelligent cipher token locking operation based on the intelligent cipher token locking instruction, after the fifth signature information is successfully verified.
- judge whether the identification information of the intelligent cipher token is included in an intelligent cipher token abnormality list pre-stored in the background system server;
-
26. The system according to any one of claims 17 to 25, wherein,
the background system server is further configured to: - receive and check a terminal registration application;
send a terminal key pair generating instruction to the terminal, after the terminal registration application is successfully checked;
receive a public key in a terminal key pair sent by the terminal, generate a terminal certificate and send the terminal certificate to the terminal;
the terminal is further configured to;
receive the terminal key pair generating instruction sent by the background system server and generate the terminal key pair;
send the public key in the terminal key pair to the background system server;
store the terminal certificate;and the background system server is further configured to;
receive and check an intelligent cipher token registration application;
send an intelligent cipher token key pair generating instruction to the intelligent cipher token, after the intelligent cipher token registration application is successfully checked;
receive a public key in an intelligent cipher token key pair sent by the intelligent cipher token, generate an intelligent cipher token certificate and send the intelligent cipher token certificate to the intelligent cipher token;
the intelligent cipher token is further configured to;
receive the intelligent cipher token key pair generating instruction sent by the background system server and generate the intelligent cipher token key pair;
send the public key in the intelligent cipher token key pair to the background system server;
store the intelligent cipher token certificate.
- receive and check a terminal registration application;
-
27. The system according to claim 26, wherein,
the terminal is further configured to: - obtain a terminal cancellation application, sign the terminal cancellation application by using a private key of the terminal to generate sixth signature information, and send the terminal cancellation application and the sixth signature information to the background system server;
receive terminal cancellation completion information sent by the background system server and delete the private key of the terminal;
the background system server is further configured to;
receive the terminal cancellation application and the sixth signature information sent by the terminal and verify the sixth signature information by using a public key in the terminal certificate pre-stored;
after the sixth signature information is successfully verified, delete the terminal certificate pre-stored, generate the terminal cancellation completion information and send the terminal cancellation completion information to the terminal;and/or the intelligent cipher token is further configured to;
obtain an intelligent cipher token cancellation application, sign the intelligent cipher token cancellation application by using a private key of the intelligent cipher token to generate seventh signature information, and send the intelligent cipher token cancellation application and the seventh signature information to the background system server;
receive intelligent cipher token cancellation completion information sent by the background system server, and delete the private key of the intelligent cipher token;
the background system server is further configured to;
receive the intelligent cipher token cancellation application and the seventh signature information sent by the intelligent cipher token and verify the seventh signature information by using a public key in the intelligent cipher token certificate pre-stored;
after the seventh signature information is successfully verified, delete the intelligent cipher token certificate pre-stored, generate the intelligent cipher token cancellation completion information and send the intelligent cipher token cancellation completion information to the intelligent cipher token.
- obtain a terminal cancellation application, sign the terminal cancellation application by using a private key of the terminal to generate sixth signature information, and send the terminal cancellation application and the sixth signature information to the background system server;
-
28. The system according to claim 18, wherein,
the background system server is further configured to: - send user authorization request information to the intelligent cipher token via the terminal;
receive authorization information sent by the intelligent cipher token via the terminal and send the response information of the user information reading request to the terminal; andthe intelligent cipher token is further configured to;
receive the user authorization request information sent by the background system server via the terminal, generate the authorization information, and send the authorization information to the background system server via the terminal.
- send user authorization request information to the intelligent cipher token via the terminal;
-
29. The system according to claim 28, wherein,
the intelligent cipher token is further configured to: - turn a sleep state into an awakened state after receiving the user authorization request information; and
generate the authorization information in the awakened state.
- turn a sleep state into an awakened state after receiving the user authorization request information; and
-
30. The system according to claim 21, wherein,
the intelligent cipher token is further configured to: - turn a sleep state into an awakened state after receiving the second authentication request information; and
generate the fourth information to be signed in the awakened state.
- turn a sleep state into an awakened state after receiving the second authentication request information; and
-
31. The system according to any one of claims 17 to 30, wherein,
the intelligent cipher token is further configured to enter a scannable state before being scanned by the terminal. -
32. The system according to any one of claims 17 to 31, wherein information transmitted between the background system server and the terminal is transmitted after an encryption calculation and/or a check calculation via a first session key, wherein the first session key is pre-stored in the background system server and the terminal or generated through a negotiation of the background system server and the terminal;
- and/or
information transmitted between the terminal and the intelligent cipher token is transmitted after an encryption calculation and/or a check calculation via a second session key, wherein the second session key is pre-stored in the terminal and the intelligent cipher token or generated through a negotiation of the terminal and the intelligent cipher token.
- and/or
-
18. The system according to claim 17, wherein,
- a terminal, a background system server and an intelligent cipher token;
Specification
- Resources
-
Current AssigneeTendyron Corporation
-
Original AssigneeTendyron Corporation
-
InventorsLI, Dongsheng
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesG06Q 20/40 Authorisation, e.g. identif...H04L 2209/56 Financial cryptography, e.g...H04L 2209/805 Lightweight hardware, e.g. ...H04L 63/0869 for achieving mutual authen...H04L 63/101 Access control lists [ACL]H04L 9/088 Usage controlling of secret...H04L 9/32 including means for verifyi...H04L 9/3234 involving additional secure...H04L 9/3273 for mutual authentication n...H04W 12/068 using credential vaults, e....H04W 12/069 using certificates or pre-s...