It is a kind of intelligently to receive unit/terminal and its acquirer's methodTechnical field
The present invention relates to a kind of mobile payment field, especially a kind of intelligence with safety certification receives unit/terminal and its receiptsFolk prescription method.
Background technique
With the development of e-commerce and mobile device, mobile payment becomes a kind of universal means of payment, using commonMobile phone or smart phone complete payment or confirmation payment, rather than in cash, check or bank card payment.And NFC, it is a kind of baseThe technology of wireless near field communication is realized in mobile terminals such as mobile phones.NFC information is the electricity by radio frequency section in frequency spectrumThe transmitting of magnetic induction coupled modes.NFC realizes two electronic equipments (such as mobile phone, PDA, meters by quick and easy wireless connectionCalculation machine and payment terminal) between convenient, quick, safe short-range communication.Since NFC takes unique signal decaying skillArt has the characteristics that distance is close, bandwidth is high, low energy consumption relative to RFID, NFC.And NFC and existing contactless smart card skillArt is compatible, it has also become the official standard that more and more leading firms support.After in conjunction with non-contact technology, consumer be can be usedThe mobile device of NFC technique is supported to carry out the shopping of safety convenient and obtain relevant information from electronic tag.Common receiptsSingle system uses dedicated POS structure, at high cost, inconvenient for use.
Summary of the invention
The technical problem to be solved by the present invention is to a kind of intelligence to receive unit/terminal and its acquirer's method, embed SAM security module,For fast transaction but there is no the security risks such as be replicated or crack.
In order to solve the above-mentioned technical problems, the present invention provides a kind of intelligence to receive unit/terminal comprising NFC module for reading and writing,Backstage settlement system, comprising: SAM security module provides logical transaction, stores encryption communication digital certificate;Machine card secure bridgeRoad is connected, the data-interface of NFC module for reading and writing and the data-interface of SAM security module are connected, and the safe mould of SAM is providedThe ciphertext data-interface for the encryption data application program-oriented method that block has been handled realizes trading processing and data encryption;Preposition managementSystem, energy secure storage and the preset special-purpose terminal key of calling are simultaneously decrypted encryption data;Preposition management system will be dedicatedTerminal key carries out being dealt into the backstage settlement system, the preposition pipe by the packing of format needed for the settlement system of backstage after turning to encryptAfter the completion of reason system is according to the confirmation transaction of backstage settlement system return information, the message with digital signature is sent respectively to the receiptsSingle device and trade company's networked devices.
Further, the safe bridged appearances of machine card are that operating system bottom establishes the peace that application program can not be accessed directlyFull tunnel has the safety first secure virtual interface of connection NFC module for reading and writing and connects the second peace of the SAM security moduleFull virtual interface.
Further, the preposition management system uses the distribution service with load balancing and database synchronization,So that preposition management system copes with big concurrent services demand;Encryption is all made of to communication data and command information, onlyThere is specific recipient's node that can be decrypted correctly.
Further, have electron key interface in the preposition management system, only have legal electron key and useThe personnel of permission could operate or modify the configuration parameter in preposition management system.
Further, the intelligence receives unit/terminal and is also equipped with positioning unit, current location information can be obtained in real time, for limitingFixed intelligence receives the geographic range of unit/terminal work.
Further, the SAM security module has signal amplification unit, and intending working method in card mold being capable of better conductNon-contact subscriber card uses.
Another technical solution disclosed by the invention is: a kind of intelligence receives acquirer's method of unit/terminal comprising followingStep:
S1, logical transaction is provided using SAM security module, stores encryption communication digital certificate;
S2, operating system establish the safe bridged appearances of machine card between SAM security module and NFC module for reading and writing;
S3, the digital certificate in calling SAM security module or communication key simultaneously carry out secure network connection with preposition management systemAnd the preposition management system is sent by acquisition Transaction Information encryption;
S4, preposition management system are by being decrypted encryption data with preset key;And special-purpose terminal key is carried out turning to addThe backstage settlement system is dealt into after close;
After the completion of S5, preposition management system are according to the confirmation transaction of backstage settlement system return information, band digital signature is sent respectivelyMessage to receiving single device and trade company's networked devices.
Further, in the step S2 the safe bridged appearances of machine card method for building up are as follows:
S21, when application program by application interface issue control instruction when, control instruction by the second secure virtual interface transmissionSAM security module is given, logical transaction in SAM security module issues the instruction that indicates with NFC to the second secure virtual interface, theTwo secure virtual interfaces can filter NFC mark, and remaining data is transferred to the first secure virtual interface, controls NFC module for reading and writingIt is active;
Data by the first secure virtual interface, are connected to the second secure virtual interface, then send to by S22, NFC module for reading and writingSAM security module, the ciphertext data of SAM security module final output indicate not comprising NFC, then the second secure virtual interface can beCiphertext data switch carries out sending ciphertext data to application interface.
Further, SAM security module is embedded in inside mobile terminal or is inserted in SIM card slot.
Further, the NFC is global function operating mode, can either work in card mold simulation models, can also work and readTake the read-write mode of external NFC subscriber card, additionally it is possible to work in the NFC communication connection type of point-to-point.
The technical effects of the invention are that: intelligence of the invention receives the structure of unit/terminal, using SAM security module and NFCModule for reading and writing, which cooperates, realizes trading processing and data encryption by the safe bridged appearances of machine card.SAM security module passes through interiorThe logical transaction and data encryption logic set are cooperated via the safe bridged appearances of machine card with NFC module for reading and writing, and transaction is completedProcess and data encryption so that intelligence receive unit/terminal application program obtain be transaction ciphertext data, not will cause information and let outLeakage;The present invention is used to fast transaction but is not present the security risks such as be replicated or crack, additionally it is possible to the location information that links, electronic gateLock, acousto-optic electric equipment obtain more services.
Detailed description of the invention
Fig. 1 is that the invention discloses the structural schematic diagrams that a kind of intelligence receives unit/terminal.
Specific embodiment
The present invention will be further explained below with reference to the attached drawings and specific examples, so that those skilled in the art can be withIt better understands the present invention and can be practiced, but illustrated embodiment is not as a limitation of the invention.
The invention discloses a kind of intelligence to receive unit/terminal, is to have display screen, camera, NFC module for reading and writing 15, SAM peaceThe intelligent terminal of full module 14 and machine card exit passageway cooperates preposition management system to constitute complete acquiring system, and APP module is with afterPlatform settlement system is connected, can receiving bank's card payment, main sweep two dimensional code payment, swept two dimensional code payment, audio payment, bluetoothOne of payment and the near field the NFC means of payment are a variety of.Intelligence of the invention receives unit/terminal, additionally it is possible to support Citizen Card Item, public affairsHand over the hair fastener and recharging service of card and joint member card;Trade company can also inquire Transaction Information by trade company's networked devices.
As shown in Figure 1, receiving unit/terminal for present invention intelligence comprising NFC module for reading and writing 15, backstage settlement system 17, it shouldTerminal system further includes SAM security module 14, provides logical transaction and storage encryption communication digital certificate;Machine card secure bridgeRoad is connected, the data-interface of NFC module for reading and writing 15 and the data-interface of SAM security module 14 are connected, and SAM peace is providedThe ciphertext data-interface for the encryption data application program-oriented method that full module 14 has been handled, realizes trading processing and data encryption;BeforeIt sets 16 energy secure storage of management system and calls preset special-purpose terminal key and encryption data is decrypted.
Special-purpose terminal key be packaged after turning to encrypt by format needed for backstage settlement system 17 by preposition management system 16It is dealt into the backstage settlement system 17, the preposition management system 16 has been traded according to the confirmation of 17 return information of backstage settlement systemCheng Hou, system send the message with digital signature to the receipts single device and trade company's networked devices respectively, can also be according to quotientThe associated optoelectronic device of family setting networking control, electronic lock, executing agency and amusement equipment link.
The safe bridged appearances of machine card establish application program for the bottom framework of operating system APP module can not be directThe exit passageway of access has the safety first secure virtual interface 12 of connection NFC module for reading and writing 15 and connects the SAM safetySecond secure virtual interface 13 of module 14.
The method for building up of the safe bridged appearances of machine card are as follows: when application program issues control instruction by application interface, controlSystem instruction sends SAM security module 14 to by the second secure virtual interface 13, and the logical transaction in SAM security module 14 issuesInstruction with NFC mark is to the second secure virtual interface 13, and the second secure virtual interface 13 can filter NFC mark, remainderAccording to the first secure virtual interface 12 is transferred to, control NFC module for reading and writing 15 is active.NFC module for reading and writing 15 is dataBy the first secure virtual interface 12, it is connected to the second secure virtual interface 13, then sends SAM security module 14, SAM safety toThe ciphertext data of 14 final output of module indicate that then the second secure virtual interface 13 can arrive ciphertext data switch not comprising NFCApplication interface carries out sending ciphertext data, and ciphertext data switch to application interface, ciphertext data are passed through network by application programIt is sent to background service system.The data-interface of the NFC module for reading and writing 15 is I2C interface and/or SPI interface;The SAM peaceThe data-interface of full module is one of I2C interface, SPI interface, ISO-7816 interface, SWP interface or multiple combinations.NFCIt for global function operating mode, can either work in card mold simulation models, can also work in the read-write mould for reading external NFC subscriber cardFormula, additionally it is possible to work in the NFC communication connection type of point-to-point.
Further, have encryption equipment in preposition management system 16, it being capable of secure storage and calling special-purpose terminal key.
Preposition management system 16 is using the distribution service for having load balancing and database synchronization, so that preposition pipeReason system 16 copes with big concurrent services demand;Encryption is all made of to communication data and command information, it is only specific to connectDebit's node can be decrypted correctly.Have electron key interface in preposition management system 16, only has legal electron keyThe configuration parameter in preposition management system 16 could be operated or modified with the personnel of access right.Intelligence, which is received unit/terminal and is also equipped with, determinesBit location can obtain current location information in real time, and the geographic range of unit/terminal work is received for limiting intelligence.
Further, SAM security module 14 has signal amplification unit, and intending working method in card mold can be preferably as non-Subscriber card is contacted to use.SAM security module 14 is also equipped with built-in antenna, can also work in the case where no outer antennas.SAM security module 14 is also equipped with bluetooth connection component, can be connected by bluetooth with application program, without changing the SIM of terminalCard driver.
A kind of intelligence of the invention receives acquirer's method of unit/terminal, provides logical transaction using SAM security module 14 first,Store encryption communication digital certificate;SAM security module is embedded in inside mobile terminal or is inserted in SIM card slot.Mobile terminalOperating system pass through security customization, operating system app module establishes the machine between SAM security module 14 and NFC module for reading and writing 15Block safe bridged appearances;System call SAM security module 14 in digital certificate or communication key and with preposition management system 16It carries out secure network connection and sends the preposition management system 16 for acquisition Transaction Information encryption;Preposition management system 16 is logicalIt crosses and encryption data is decrypted with preset key;And special-purpose terminal key is carried out to be dealt into backstage clearing system after turning encryptionSystem 17;After the completion of preposition management system 16 is according to the confirmation transaction of 17 return information of backstage settlement system, band number label are sent respectivelyThe message of name is to receipts single device and trade company's networked devices.
Actual mechanical process is as follows: carrying out safe friendship when NFC subscriber card is close to mobile terminal, or using dedicated two dimensional codeYi Shi is through safety certification able to verify that the legitimacy of subscriber card and two dimensional code, while networking and carrying out with preposition management system 16Secure Transaction, backstage are withholdd after settling accounts service system confirmation Secure Transaction from user account, send confirmation message to preposition managementSystem 16, the preposition notice of management system 16 receive single device and trade company's networked devices, while the trade companies such as electronic lock and amusement equipmentNetworked devices can also coordination and response, more service functions are provided.
Intelligence of the invention, which receives unit/terminal, to be had the function of to prevent cracking and anti-brush machine, and electricity can be set by being provided simultaneously with positioning unitSub- fence, the trade company in addition to white list carry out limitation trading function.Preposition management system is used with network security protection, toolThe security server cluster of standby encryption equipment can accept extensive receipts single device concurrent transaction.
Embodiment described above is only to absolutely prove preferred embodiment that is of the invention and being lifted, protection model of the inventionIt encloses without being limited thereto.Those skilled in the art's made equivalent substitute or transformation on the basis of the present invention, in the present inventionProtection scope within.Protection scope of the present invention is subject to claims.