CN106408302A - Mobile user-oriented safe payment method and system - Google Patents
Mobile user-oriented safe payment method and system Download PDFInfo
- Publication number
- CN106408302A CN106408302A CN201610792492.1A CN201610792492A CN106408302A CN 106408302 A CN106408302 A CN 106408302A CN 201610792492 A CN201610792492 A CN 201610792492A CN 106408302 A CN106408302 A CN 106408302A
- Authority
- CN
- China
- Prior art keywords
- financial institution
- payment
- secure payment
- user
- secure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000007246 mechanism Effects 0.000 claims abstract description 13
- 230000005540 biological transmission Effects 0.000 claims description 16
- 210000004247 hand Anatomy 0.000 claims description 4
- PCHJSUWPFVWCPO-UHFFFAOYSA-N gold Chemical compound [Au] PCHJSUWPFVWCPO-UHFFFAOYSA-N 0.000 claims description 3
- 229910052737 gold Inorganic materials 0.000 claims description 3
- 239000010931 gold Substances 0.000 claims description 3
- 238000012795 verification Methods 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004913 activation Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 3
- 238000005538 encapsulation Methods 0.000 description 3
- 238000007689 inspection Methods 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000010137 moulding (plastic) Methods 0.000 description 2
- 229910052709 silver Inorganic materials 0.000 description 2
- 239000004332 silver Substances 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 241001085205 Prenanthella exigua Species 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3229—Use of the SIM of a M-device as secure element
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Computer Networks & Wireless Communication (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides a mobile user-oriented safe payment method and system that are safe and reliable and convenient in utilization and low in cost. The method comprises the following steps: in a step of initialization, safe payment application device registering operation is conducted via a safe payment platform device, and a safe channel is built; in a step of transaction information configuration, finance mechanism system registering and contract signing operation is conducted via the safe payment platform device, and a finance mechanism public key is saved; in a step where service is opened by a user, the finance mechanism public key is transmitted to a safe payment application device and then safety saved via the safe channel by the safe payment platform device; in a step of Internet bank transaction, transaction information is displayed to the user via the safe payment application device, the finance mechanism public key is used for encrypting a payment password input by the user, a payment password ciphertext can be obtained and then transferred to the a finance mechanism system via the safe payment platform device, and the finance mechanism system uses a corresponding finance mechanism private key for decrypting the payment password ciphertext, the payment password can be obtained, and verification operation can be conducted.
Description
Technical field
The present invention relates to computer and its software technology field, a kind of particularly secure payment towards mobile subscriber
Method and a kind of safety payment system towards mobile subscriber.
Background technology
U-shield, is also USB KEY, the typically material object of a similar USB flash disk.When user the operation such as is carried out transferring accounts using Net silver
When, Net silver can activate U-shield and eject a Password Input frame requirement user input e-Bank payment password to complete transfer operation.
The know-why of U-shield approximately as:First, financial institution system first gives U-shield one " impact ", and it contains at random
Number, and this random number HASH, all by public key encryption, they so ensure that only you can decipher this " impact ";So
Afterwards, U-shield calculates the HASH of this random number, and and the HASH that solved with private key, after both are identical, just can confirm that financial institution system
Identity;Then, only have the algorithm that U-shield and financial institution system are known, this random number of profit and some other information with one,
Generate " response " and corresponding HASH, then beam back financial institution system with after private key encryption.Now financial institution system is also with phase
Same algorithm calculates and is somebody's turn to do " response ";Finally, financial institution system public key decryptions, and verify that HASH is correct, next financial machine
Construction system compare two " responses " whether identical, identical if also it is confirmed that the identity of U-shield holder;Secrecy as private key
Property to be completed by U-shield.The control chip of U-shield is designed to write certificate it is impossible to read certificate, and all certificates of utility
The computing that (private key) is carried out is carried out all in U-shield.So, operation result can only be read from U-shield.
The safety measure of U-shield has following aspects:
1. hardware PIN code protection
U-shield employs using the individual client's certificate based on physical medium, sets up the individual based on public key PKI technology
Certificate verification system (PIN code).Hacker needs to obtain the U-shield hardware of user and the PIN code of user simultaneously, just can log in system
System.Even if the PIN code of user is revealed, U-shield is not lost, and the identity of validated user would not be counterfeit, if user's U-shield is lost
Lose, other people do not know the PIN code of user, and this is also the identity that cannot palm off validated user.
2. the key of safety is deposited
In internal intelligent chip, user cannot directly read the key storage of U-shield from outside, the reading to key file
Write and change and all must call corresponding program file execution by the CPU within U-shield, thus the outside of U-shield interface, not any
Article one, instruction can be read out, change, update and delete to the content of key zone, so can ensure that hacker cannot be using illegal
Modification of program key.
3. double-key cipher system
In order to improve the safety of transaction, U-shield employs conbined public or double key cipher system and ensures safety, when U-shield is initialized,
First cryptographic algorithm program is fired in ROM, then pass through to produce a pair of public and private key of Program Generating of public and private key pair, public and private
After key produces, key can export to outside U-shield, and private key is then stored in key zone, does not allow outside access.Carry out numeral to sign
During name and during asymmetric deciphering computing, every crypto-operation having private participation only can complete in chip internal, whole private key
U-shield medium can not be gone out, thus perfect in safety to ensure the digital certificate authentication with U-shield as storage medium.
4. AES realized by hardware
The built-in CPU of U-shield or intelligent card chip, it is possible to achieve the various algorithms of data summarization, data encrypting and deciphering and signature, plus
Deciphering computing is carried out it is ensured that user key does not appear in calculator memory in U-shield.
The shortcoming of U-shield has following two aspects:
1. with high costs:U-shield purchasing price carried out publicity currently without financial institution, and we are unknown.But it is in addition to
Outside the complimentary U-shield of financial institution, the U-shield price of each big banking mechanism is substantially between 30 to 60 yuan.
2. be not suitable for mobile service:U-shield, mainly using USB as I/O interface, is therefore compared PC end, is made on mobile phone at present
Seemed very redundancy and inconvenience with financial institution's U-shield.
Content of the invention
In view of this, the present invention provides a kind of safe payment method towards mobile subscriber and system, can solve existing
The problems referred to above in technology, have the advantages that with low cost, easy-to-use.
For achieving the above object, according to an aspect of the invention, it is provided a kind of secure payment towards mobile subscriber
Method.
The safe payment method towards mobile subscriber of the present invention includes:Secure payment stage apparatus receive secure payment
After the card registration request that application apparatus sends, preserve subscriber phone number and the terminal iidentification letter that described card registration request carries
Breath, then succeeds in registration notice to described security service card application apparatus sending card;Described secure payment stage apparatus receive
After financial institution's registration request that financial institution system sends, distribute security access code to described financial institution system;Described
Secure payment stage apparatus preserve the described financial institution system financial institution's public key submitted to and the Transaction Information template closing rule;Institute
State secure payment stage apparatus and receive the user that sends of described financial institution system and open request, described user opens request and carries
Security access code and subscriber phone number;Described secure payment stage apparatus confirm financial institution's body according to described security access code
Part legal, confirm that user identity is legal according to described subscriber phone number, using by secure short message passage by described finance machine
Structure public key encryption is transferred to described secure payment application apparatus and preserves;Described secure payment application apparatus generates described financial institution
Then described key identification encrypted transmission is put down to secure payment by the corresponding key identification of public key using described secure short message passage
Table apparatus preserve;Described secure payment stage apparatus receive transaction authentication request, and described transaction authentication request is described finance machine
Construction system sends after receiving user's network bank business application of arbitrary form originating end, and described transaction authentication request is safe to carry
Access code, subscriber phone number, Transaction Information variable data;Described secure payment stage apparatus are true according to described security access code
Recognize financial institution's identity legal, confirm that user identity is legal according to described subscriber phone number, then described Transaction Information is become
Amount data filling obtains complete transaction information in the Transaction Information template locally prestoring, and then passes through secure short message passage by institute
State complete transaction information and described key identification encrypted transmission to described secure payment application apparatus;Described secure payment application dress
Put and proactive command is sent to control mobile terminal to display to the user that transaction content and point out to use according to described complete transaction information
Family inputs payment cipher, then receives the payment cipher that the user of described mobile terminal return sends;Described secure payment application
Device retrieves corresponding financial institution public key according to described key identification, then adopts described in described financial institution public key encryption
Payment cipher gets paid cryptographic secret, is then sent to described payment cipher ciphertext encrypted transmission by secure short message passage
Secure payment stage apparatus;Described payment cipher ciphertext is sent to system of described financial institution by described secure payment stage apparatus
System.
Alternatively, described secure payment application apparatus is propped up using payment cipher described in described financial institution public key encryption
The step paying cryptographic secret includes:Described secure payment application apparatus calls the security algorithm API that smart chip card provides, and adopts
Payment cipher described in described financial institution public key encryption gets paid cryptographic secret.
Alternatively, described terminal identification information includes:International mobile subscriber identity IMSI, mobile terminal string code IMEI and
Integrated circuit card identification code ICCID.
For achieving the above object, according to an aspect of the invention, it is provided a kind of secure payment towards mobile subscriber
System.
The safety payment system towards mobile subscriber of the present invention includes:Secure payment stage apparatus and secure payment application
Device, secure payment stage apparatus are used for:After receiving the card registration request that secure payment application apparatus sends, preserve described
Subscriber phone number and terminal identification information that card registration request carries, then to described security service card application apparatus sending card
Succeed in registration notice;Described secure payment stage apparatus receive financial institution's registration request that financial institution system sends it
Afterwards, distribute security access code to described financial institution system;Preserve financial institution's public key that described financial institution system submits to and
Close the Transaction Information template of rule;Receive the user that described financial institution system sends and open request, described user opens request and takes
Band security access code and subscriber phone number;Confirm that financial institution's identity is legal according to described security access code, according to described use
Family phone number confirms that user identity is legal, using by secure short message passage, described financial institution public key encryption is transferred to institute
State secure payment application apparatus to preserve;Receive transaction authentication request, described transaction authentication request is that described financial institution system connects
Send after the user's network bank business application receiving arbitrary form originating end, described transaction authentication request access code safe to carry,
Subscriber phone number, Transaction Information variable data;Confirm that financial institution's identity is legal according to described security access code, according to described
Subscriber phone number confirms that user identity is legal, and then described Transaction Information variable data adds to the transaction letter locally prestoring
Obtain complete transaction information in breath template, then pass through secure short message passage and described complete transaction information is encrypted and described key
Identification transmission gives described secure payment application apparatus;Described payment cipher ciphertext is sent to described financial institution system;Described
Secure payment application apparatus is used for generating the corresponding key identification of described financial institution public key, then utilizes described secure short message to lead to
Described key identification encrypted transmission is preserved by road to secure payment stage apparatus;Sent active according to described complete transaction information
Order, to control mobile terminal to display to the user that transaction content and point out user input payment cipher, then receives described mobile whole
The payment cipher that the user that end returns sends;Corresponding financial institution public key is retrieved according to described key identification, then adopts
Payment cipher described in described financial institution public key encryption gets paid cryptographic secret, then passes through secure short message passage by described
Pay cryptographic secret encrypted transmission to secure payment stage apparatus.
Alternatively, described secure payment application apparatus is additionally operable to:The security algorithm API calling smart chip card to provide, adopts
Get paid cryptographic secret with payment cipher described in described financial institution public key encryption.
Alternatively, described terminal identification information includes:International mobile subscriber identity IMSI, mobile terminal string code IMEI and
Integrated circuit card identification code ICCID.
Technology according to the present invention scheme, at least has the advantages that.
(1) due to the homoorganicity of telecom intelligent card and financial smart card itself, and the plastic moulding of card application is so that lead to
The Mobile phone card crossing transformation operator is realized U shield for bank function and is possibly realized.It is reported that, the Java card of one 512K capacity of operator
Its procurement price is 6 to 8 yuan, and our financial institution's U-shield applies it to take up room about within 20K, remaining card space
Can continue other card applications are installed, therefore it is desired that the modality for co-operation shared by this card, can effectively reduce gold
Melt the input cost of mechanism's U-shield business.
(2) pass through integrated U-shield function in Mobile phone card, the worry with an entity " USB flash disk " more than user can be avoided.Use
In without any accessory inserted toward on mobile phone again, greatly lift the convenience of business, suitable mobile service demand.
Brief description
Accompanying drawing is used for more fully understanding the present invention, does not constitute inappropriate limitation of the present invention.Wherein:
Fig. 1 is the signal of the basic step according to embodiment of the present invention towards the safe payment method of mobile subscriber
Figure;
Fig. 2 is the signal of the main modular according to embodiment of the present invention towards the safety payment system of mobile subscriber
Figure;
Fig. 3 is the signal of the work process according to embodiment of the present invention towards the safety payment system of mobile subscriber
Figure.
Specific embodiment
Below in conjunction with accompanying drawing, the exemplary embodiment of the present invention is explained, including embodiment of the present invention
Various details are to help understanding it should they are thought only exemplary.Therefore, those of ordinary skill in the art should recognize
Know, various changes and modifications can be made to embodiment described herein, without departing from scope and spirit of the present invention.
Equally, for clarity and conciseness, eliminate the description to known function and structure in description below.
In order that those skilled in the art more fully understand, now part vocabulary of terms is explained as follows:
Secure payment application apparatus:It is the particular application on a safety chip card, this safety chip card is inserting
Pull out form or embedded chip form is arranged in mobile terminal and uses.This device is equivalent to corresponding to secure payment stage apparatus
Client.
Secure payment stage apparatus:Be equivalent to the server corresponding to secure payment application apparatus.
MSISDN:Mobile Subscriber International ISDN/PSTN number, i.e. user mobile phone number
Code.
IMSI:International Mobile Subscriber Identification Number, that is, international mobile
User identification code.
IMEI:International Mobile Equipment Identity, i.e. mobile terminal string code.
ICCID:Integrated Circuit Card Identifier, i.e. integrated circuit card identification code.
API:Application Programming Interface, i.e. application programming interface.
MAC:Message Authentication Code, message authentication code.
Fig. 1 is the signal of the basic step according to embodiment of the present invention towards the safe payment method of mobile subscriber
Figure.As shown in figure 1, the safe payment method towards mobile subscriber of this embodiment mainly includes the steps 101 to step
Rapid 111.
Step 101:After secure payment stage apparatus receive the card registration request that secure payment application apparatus sends, protect
Deposit subscriber phone number and the terminal identification information that card registration request carries, then note to security service card application apparatus sending card
Volume success notification.Wherein, terminal identification information can include:International mobile subscriber identity IMSI, mobile terminal string code IMEI
With integrated circuit card identification code ICCID.
It should be noted that can also comprise the steps after step 101:Secure payment application apparatus is mobile whole
In the case of holding start and card hot plug, whether detection mobile terminal changes and keeps information same with secure payment stage apparatus
Step.
Step 102:After secure payment stage apparatus receive financial institution's registration request that financial institution system sends,
Distribute security access code to financial institution system.This security access code can be used for verifying the identity of financial institution system, prevents
The underproof mechanism of qualification assumes another's name to realize illegal objective using secure payment platform.
Step 103:Secure payment stage apparatus preserve the financial institution system financial institution's public key submitted to and the friendship closing rule
Easily information model.It should be noted that " closing rule " means the transaction that secure payment stage apparatus are submitted to financial institution system
Information model has carried out auditing and auditing passing through.
Step 104:The user that secure payment stage apparatus reception financial institution system sends opens request, and user opens please
Ask access code safe to carry and subscriber phone number.
Step 105:According to security access code, secure payment stage apparatus confirm that legal (specific practice is for financial institution identity
The security access code user receiving opened in request is contrasted with the local security access code preserving, if consistent, says
Bright legal), confirm that legal (specific practice is to open the user receiving in request to user identity according to subscriber phone number
Subscriber phone number enters line retrieval in the local subscriber phone number list preserving, if there is this data record, it is legal to illustrate),
Using secure short message passage, financial institution's public key encryption is transferred to secure payment application apparatus to preserve.That is, now pacifying
Full payment platform device includes financial institution's public key to the descending safe packet of secure payment application apparatus.
It should be noted that encrypted transmission refers between secure payment application apparatus and secure payment application apparatus using about
Fixed signal code carries out data interaction, side's encryption then the opposing party's deciphering.Secure payment application apparatus and secure payment application
Can be using as the key of table 1 below in device.
Key used between table 1 secure payment application apparatus and secure payment application apparatus
Step 106:Secure payment application apparatus generates the corresponding key identification of financial institution's public key, then utilizes safety short
Key identification encrypted transmission is preserved by letter passage to secure payment stage apparatus.That is, now secure payment application apparatus
Include key identification to the up safe packet of secure payment stage apparatus.
Step 107:Secure payment stage apparatus receive transaction authentication request, and transaction authentication request is that financial institution system connects
Send after the user's network bank business application receiving arbitrary form originating end, transaction authentication request access code safe to carry, user
Phone number, Transaction Information variable data.
Step 108:According to security access code, secure payment stage apparatus confirm that financial institution's identity is legal, according to user's handss
Machine number confirms that user identity is legal, then adds to Transaction Information variable data in the Transaction Information template locally prestoring and obtains
To complete transaction information, then complete transaction information encryption and key identification are transferred to by secure payment by secure short message passage
Application apparatus.That is, now secure payment stage apparatus include to the descending safe packet of secure payment application apparatus
Complete transaction information encryption and key identification.
Step 109:Secure payment application apparatus sends proactive command to control mobile terminal according to complete transaction information
Display to the user that transaction content and point out user input payment cipher, then receive the payment that the user of mobile terminal return sends
Password.
Step 110:Secure payment application apparatus retrieves corresponding financial institution public key according to key identification, then adopts
Financial institution's public key encryption payment cipher gets paid cryptographic secret, is then added payment cipher ciphertext by secure short message passage
Close it is transferred to secure payment stage apparatus.That is, now secure payment application apparatus is up to secure payment stage apparatus
Safe packet include payment cipher ciphertext.
Preferably, during " encryption payment cipher gets paid cryptographic secret " in step 110, secure payment is applied
Device calls the security algorithm API that smart chip card provides executing ciphering process.Due to calling card underlying security algorithm API
The encryption technology carrying out belongs to hardware encryption it means that secure payment application apparatus does not directly participate in ciphering process, Ke Yibao
The confidentiality of card user's payment cipher.
Step 111:Payment cipher ciphertext is sent to financial institution system by secure payment stage apparatus.Financial institution system
After receiving payment cipher ciphertext, it is decrypted using financial institution's private key, get paid password, then financial institution pair
This payment cipher is verified, is such as verified then whole network bank business success.
Fig. 2 is the signal of the basic module according to embodiment of the present invention towards the safety payment system of mobile subscriber
Figure.As shown in Fig. 2 the safety payment system 20 towards mobile subscriber of this embodiment mainly includes safety service platform device
21 and security service application apparatus 22.
Safety service platform device 21 is used for:After receiving the card registration request that secure payment application apparatus sends, protect
Deposit subscriber phone number and the terminal identification information that card registration request carries, then note to security service card application apparatus sending card
Volume success notification;After secure payment stage apparatus receive financial institution's registration request that financial institution system sends, Xiang Jin
Melt train of mechanism distribution security access code;Preserve the financial institution system financial institution's public key submitted to and the Transaction Information mould closing rule
Plate;The user that reception financial institution system sends opens request, and user opens request access code safe to carry and user mobile phone number
Code;Confirm that financial institution's identity is legal according to security access code, confirm that user identity is legal according to subscriber phone number, using logical
Cross secure short message passage and financial institution's public key encryption is transferred to the preservation of secure payment application apparatus;Receive transaction authentication request,
Transaction authentication request is to send after financial institution system receives user's network bank business application of arbitrary form originating end, transaction
Certification request access code safe to carry, subscriber phone number, Transaction Information variable data;Financial machine is confirmed according to security access code
Structure identity is legal, confirms that user identity is legal according to subscriber phone number, then adds to locally Transaction Information variable data
Obtain complete transaction information in the Transaction Information template prestoring, then pass through secure short message passage by complete transaction information and key
Mark encrypted transmission is to secure payment application apparatus;Payment cipher ciphertext is sent to financial institution system.
Secure payment application apparatus 22 is used for:Generate the corresponding key identification of financial institution's public key, then utilize safety short
Key identification encrypted transmission is preserved by letter passage to secure payment stage apparatus;Proactive command is sent according to complete transaction information
To control mobile terminal to display to the user that transaction content and point out user input payment cipher, then receive what mobile terminal returned
The payment cipher that user sends;Corresponding financial institution public key is retrieved according to key identification, then adopts financial institution's public key
Encryption payment cipher gets paid cryptographic secret, then passes through secure short message passage by payment cipher ciphertext encrypted transmission to safety
Payment platform device.
Alternatively, secure payment application apparatus 22 is additionally operable to:Call the security algorithm API that smart chip card provides, adopt
Financial institution's public key encryption payment cipher gets paid cryptographic secret.
Alternatively, terminal identification information includes:International mobile subscriber identity IMSI, mobile terminal string code IMEI and integrated
Circuit card identification code ICCID.
Alternatively, secure payment application apparatus 22 is additionally operable to:In the case of mobile terminal-opening and card hot plug, inspection
Survey whether mobile terminal changes and keep synchronizing information with secure payment stage apparatus.
For making the public more fully understand, do concrete introduction with reference to specific embodiment.Fig. 3 is according to embodiment party of the present invention
The schematic diagram of the work process of the system of the order business of formula.As shown in figure 3, whole work process can be greatly classified into initially
Change stage, Transaction Information configuration phase, service release stage and transaction business stage, except relate to embodiment of the present invention
Towards outside the secure payment stage apparatus 21 in the safety payment system of mobile subscriber and secure payment application apparatus 22, also relate to
And financial institution system, mobile terminal and user.
First, initial phase
First it is ensured that having loaded secure payment application apparatus in smart card in mobile terminal.The start of user's plug-in card (is also wrapped
Situation containing start hot plug card), mobile terminal will be according to telecommunications international standard deexcitation card.
Secondly, card receives the startup notifying of mobile terminal, then the handss secure payment application apparatus in activation smart card.Should
After activation, start handling process (operating order in no particular order below) will be started:
A. check state of activation:Judged by one of application program status indicator.
B. check end message:Every time during plug-in card start, secure payment application apparatus all can send active life to terminal
Make that (a kind of bottom interactive instruction of machine cartoon letters, referring to telecommunications international standard《ETSI TS 102 223》), to obtain terminal
Identification information is (including but not limited to:IMEI, International Mobile Station Equipment Identification) and stored.As long as therefore to new acquisition every time
Terminal identification information is compared with the terminal identification information of storage in application, whether just can determine that out the mobile terminal of plug-in card twice
It is same.For unactivated secure payment application apparatus, its built-in terminal identification information is sky.
C. check card image:For un-activation secure payment application apparatus, can obtain from card when running first
Card identification is (including but not limited to:ICCID, IMSI etc.).Acquisition methods include but is not limited to:Read card file, lead to
Cross card API acquisition etc.;
Then, up card log-on message, makees following respective handling according to above-mentioned inspection result.
A. when application is in unactivated state:Then safe packet encapsulation is carried out to the card and terminal identification information obtaining
(being encrypted by card application preset key), and secure payment stage apparatus are gone upward to by short message channel.
B. when application is in terminal change state:Then the terminal identification information getting is carried out with safe packet encapsulation (logical
Cross card application preset key to be encrypted), and secure payment stage apparatus are gone upward to by short message channel.
Finally, after secure payment stage apparatus receive the up log-on message of card application, message is carried out by preset key
Parsing, and make following respective handling:
If A. new opplication active information, then pass through subscriber phone number, terminal identification information, card identification,
The corresponding relation of user, Mobile phone card and terminal three is built in platform database.Meanwhile, platform distributes one uniquely for this user
User identifier, and dynamically generate some business cipher keys.These data all can utilize secure short message technology, under shift user's onto
In secure payment application apparatus, and thus complete the initial work applied.
If B. terminal changes announcement information, then find the relation table of this user according to subscriber phone number, and update end
End identification information.
2nd, Transaction Information configuration phase
After secure payment stage apparatus receive financial institution's registration request that financial institution system sends, to financial machine
Construction system distributes security access code.
Secure payment stage apparatus preserve financial institution's public key that financial institution system is submitted to.In order to improve safety, build
View financial institution system configures many public keys, and in actual use, for each user, secure payment stage apparatus will select at random
Select wherein one public key and carry out Remote Installation.
The Transaction Information template that secure payment stage apparatus license financial institution system is submitted to, then preserves by examination & approval
Transaction Information template.Multiple element contents can be included, banking system can be provided by platform in this Transaction Information template
Interface variables (such as bank's card number, dealing money, the fee, exchange hour etc.), recall and dynamically fill in transaction letter during service
Breath template is to obtain complete Transaction Information.
3rd, the service release stage
User requires to open secure payment service to financial institution, and then financial institution system is to secure payment stage apparatus
Initiate request.
The user that secure payment stage apparatus reception financial institution system sends opens request, and user opens request and carries peace
Full access code and subscriber phone number.
According to security access code, secure payment stage apparatus confirm that financial institution's identity is legal, true according to subscriber phone number
Recognize user identity legal, using communication key, financial institution's public key is packaged into the first descending safe packet, then pass through safety
First descending safe packet is sent to secure payment application apparatus by short message channel.
Secure payment application apparatus parses the first safe packet using communication key and obtains financial institution's public key, then preserves
Financial institution's public key simultaneously generates the corresponding key identification of financial institution's public key.
Now, the text prompt of user response can also be given, for example " just according to the first descending safe packet obtaining
Installing XX bank certificate, please must not closing hand phone ... ", the display form of information includes following three kinds:Pop-up, input frame and
List.
Secure payment application apparatus is packaged into the first up safe packet, Ran Houtong using communication key just key identification
Cross secure short message passage and the first up safe packet is sent to secure payment stage apparatus.
Then secure payment stage apparatus decipher the first up safe packet to key identification, then preserve this key mark
Know.
Subsequently, can mutually notify and response between secure payment stage apparatus and financial institution system.
4th, the network bank business stage
Secure payment stage apparatus receive transaction authentication request, and transaction authentication request is that financial institution system receives arbitrarily
Send after user's webpage transaction application of form originating end, transaction authentication request access code safe to carry, subscriber phone number
With transaction variables information.
According to security access code, secure payment stage apparatus confirm that financial institution's identity is legal, true according to subscriber phone number
Recognize user identity legal, then transaction variables information addition Transaction Information template is obtained complete transaction information, close using communicating
Complete transaction information is packaged into the second descending safe packet by key, then passes through secure short message passage by the second descending safe packet
It is sent to secure payment application apparatus.
Secure payment application apparatus parses the second safe packet using communication key and obtains complete transaction information, then sends
Proactive command, to control mobile terminal to display to the user that complete transaction information, and points out user input payment cipher.
After secure payment application apparatus receives the user input payment cipher of mobile terminal return, public using financial institution
Key gets paid cryptographic secret to the encryption of user input payment cipher, then utilizes communication key just payment cipher ciphertext encapsulation
Become the second up safe packet, then the second up safe packet is sent to by secure payment platform dress by secure short message passage
Put.
Secure payment stage apparatus utilize communication key decipher the second up safe packet to payment cipher ciphertext, then
Payment cipher ciphertext is sent to financial institution system, so that financial institution system adopts financial institution's private key deciphering payment cipher
Ciphertext confirms payment process.
Follow-up operation by rely on the interactive operation with user for the financial institution system (as again verify, terminate this transaction,
Password replacement etc.), otherwise processed.
From the foregoing, it will be observed that the safe payment method towards mobile subscriber of the present invention and system at least have the advantage that:
(1) due to the homoorganicity of telecom intelligent card and financial smart card itself, and the plastic moulding of card application is so that lead to
The Mobile phone card crossing transformation operator is realized U shield for bank function and is possibly realized.It is reported that, the Java card of one 512K capacity of operator
Its procurement price is 6 to 8 yuan, and our financial institution's U-shield applies it to take up room about within 20K, remaining card space
Can continue other card applications are installed, therefore it is desired that the modality for co-operation shared by this card, can effectively reduce gold
Melt the input cost of mechanism's U-shield business.
(2) pass through integrated U-shield function in Mobile phone card, the worry with an entity " USB flash disk " more than user can be avoided.Use
In without any accessory inserted toward on mobile phone again, greatly lift the convenience of business, suitable mobile service demand.
Above-mentioned specific embodiment, does not constitute limiting the scope of the invention.Those skilled in the art should be bright
White, depending on design requirement and other factors, various modifications, combination, sub-portfolio and replacement can occur.Any
Modification, equivalent and improvement of being made within the spirit and principles in the present invention etc., should be included in the scope of the present invention
Within.
Claims (6)
1. a kind of safe payment method towards mobile subscriber is it is characterised in that include:
After secure payment stage apparatus receive the card registration request that secure payment application apparatus sends, preserve described card registration
Ask subscriber phone number and the terminal identification information carrying, then register to described security service card application apparatus sending card
Work(notifies;
After described secure payment stage apparatus receive financial institution's registration request that financial institution system sends, to described gold
Melt train of mechanism distribution security access code;
Described secure payment stage apparatus preserve the described financial institution system financial institution's public key submitted to and the transaction letter closing rule
Breath template;
The user that the described financial institution system of described secure payment stage apparatus reception sends opens request, and described user opens please
Ask access code safe to carry and subscriber phone number;
According to described security access code, described secure payment stage apparatus confirm that financial institution's identity is legal, according to described user's handss
Machine number confirms that user identity is legal, using by secure short message passage, described financial institution public key encryption is transferred to described peace
The full application apparatus that pays preserves;
Described secure payment application apparatus generates the corresponding key identification of described financial institution public key, then utilizes described safety short
Described key identification encrypted transmission is preserved by letter passage to secure payment stage apparatus;
Described secure payment stage apparatus receive transaction authentication request, and described transaction authentication request is that described financial institution system connects
Send after the user's network bank business application receiving arbitrary form originating end, described transaction authentication request access code safe to carry,
Subscriber phone number, Transaction Information variable data;
According to described security access code, described secure payment stage apparatus confirm that financial institution's identity is legal, according to described user's handss
Machine number confirms that user identity is legal, then described Transaction Information variable data is added to the Transaction Information template locally prestoring
In obtain complete transaction information, then pass through secure short message passage by described complete transaction information and described key identification encryption pass
It is defeated by described secure payment application apparatus;
Described secure payment application apparatus according to described complete transaction information send proactive command with control mobile terminal to
Family display transaction content simultaneously points out user input payment cipher, then receives the payment that the user of described mobile terminal return sends
Password;
Described secure payment application apparatus retrieves corresponding financial institution public key according to described key identification, then adopts described
Payment cipher described in financial institution's public key encryption gets paid cryptographic secret, and then passing through secure short message passage will be close for described payment
Code ciphertext encrypted transmission is sent to secure payment stage apparatus;
Described payment cipher ciphertext is sent to described financial institution system by described secure payment stage apparatus.
2. the safe payment method towards mobile subscriber according to claim 1 is it is characterised in that described secure payment should
Included using the step that payment cipher described in described financial institution public key encryption gets paid cryptographic secret with device:
Described secure payment application apparatus calls the security algorithm API that smart chip card provides, using described financial institution public key
Encrypt described payment cipher and get paid cryptographic secret.
3. the safe payment method towards mobile subscriber according to claim 1 is it is characterised in that described terminal iidentification is believed
Breath includes:International mobile subscriber identity IMSI, mobile terminal string code IMEI and integrated circuit card identification code ICCID.
4. a kind of safety payment system towards mobile subscriber is it is characterised in that include:Secure payment stage apparatus and safety support
Pay application apparatus,
Secure payment stage apparatus are used for:After receiving the card registration request that secure payment application apparatus sends, preserve described
Subscriber phone number and terminal identification information that card registration request carries, then to described security service card application apparatus sending card
Succeed in registration notice;Described secure payment stage apparatus receive financial institution's registration request that financial institution system sends it
Afterwards, distribute security access code to described financial institution system;Preserve financial institution's public key that described financial institution system submits to and
Close the Transaction Information template of rule;Receive the user that described financial institution system sends and open request, described user opens request and takes
Band security access code and subscriber phone number;Confirm that financial institution's identity is legal according to described security access code, according to described use
Family phone number confirms that user identity is legal, using by secure short message passage, described financial institution public key encryption is transferred to institute
State secure payment application apparatus to preserve;Receive transaction authentication request, described transaction authentication request is that described financial institution system connects
Send after the user's network bank business application receiving arbitrary form originating end, described transaction authentication request access code safe to carry,
Subscriber phone number, Transaction Information variable data;Confirm that financial institution's identity is legal according to described security access code, according to described
Subscriber phone number confirms that user identity is legal, and then described Transaction Information variable data adds to the transaction letter locally prestoring
Obtain complete transaction information in breath template, then pass through secure short message passage and described complete transaction information is encrypted and described key
Identification transmission gives described secure payment application apparatus;Described payment cipher ciphertext is sent to described financial institution system;
Described secure payment application apparatus is used for generating the corresponding key identification of described financial institution public key, then utilizes described peace
Described key identification encrypted transmission is preserved by full short message channel to secure payment stage apparatus;Sent out according to described complete transaction information
Send proactive command to control mobile terminal to display to the user that transaction content and point out user input payment cipher, then receive institute
State the payment cipher that the user of mobile terminal return sends;Corresponding financial institution public key is retrieved according to described key identification,
Then cryptographic secret is got paid using payment cipher described in described financial institution public key encryption, then pass through secure short message passage
By described payment cipher ciphertext encrypted transmission to secure payment stage apparatus.
5. the safety payment system towards mobile subscriber according to claim 4 is it is characterised in that described secure payment should
It is additionally operable to device:Call the security algorithm API that smart chip card provides, pay using described in described financial institution public key encryption
Password gets paid cryptographic secret.
6. the safety payment system towards mobile subscriber according to claim 4 is it is characterised in that described terminal iidentification is believed
Breath includes:International mobile subscriber identity IMSI, mobile terminal string code IMEI and integrated circuit card identification code ICCID.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610792492.1A CN106408302A (en) | 2016-08-31 | 2016-08-31 | Mobile user-oriented safe payment method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610792492.1A CN106408302A (en) | 2016-08-31 | 2016-08-31 | Mobile user-oriented safe payment method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106408302A true CN106408302A (en) | 2017-02-15 |
Family
ID=58001122
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610792492.1A Pending CN106408302A (en) | 2016-08-31 | 2016-08-31 | Mobile user-oriented safe payment method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106408302A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109344183A (en) * | 2018-01-30 | 2019-02-15 | 深圳壹账通智能科技有限公司 | Data interaction method, apparatus, computer equipment and storage medium |
| CN111311412A (en) * | 2020-02-24 | 2020-06-19 | 腾讯科技(深圳)有限公司 | Decentralized transaction confirmation method and device and server |
| CN114117400A (en) * | 2021-11-26 | 2022-03-01 | 深圳市洲明科技股份有限公司 | Registration method, verification method, client device, sending card and display screen |
| CN115033923A (en) * | 2022-06-28 | 2022-09-09 | 深圳怡化电脑科技有限公司 | Method, device, equipment and storage medium for protecting transaction privacy data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101206739A (en) * | 2006-12-19 | 2008-06-25 | 黄金富 | Cash register collection payment system using mobile phone as payment device and corresponding method |
| CN102625265A (en) * | 2011-01-31 | 2012-08-01 | 钒创科技股份有限公司 | System, communication device and transaction information processing method related to mobile transaction |
| US20150066745A1 (en) * | 2012-05-11 | 2015-03-05 | UBGreen CO., LTD | Payment relay system and method |
| CN105184557A (en) * | 2015-08-14 | 2015-12-23 | 中国联合网络通信集团有限公司 | Payment authentication method and system |
| CN105279647A (en) * | 2014-07-16 | 2016-01-27 | 中兴通讯股份有限公司 | Method, device and intelligent card for achieving remote payment |
| CN105359179A (en) * | 2013-05-15 | 2016-02-24 | 维萨国际服务协会 | Mobile tokenization hub |
-
2016
- 2016-08-31 CN CN201610792492.1A patent/CN106408302A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101206739A (en) * | 2006-12-19 | 2008-06-25 | 黄金富 | Cash register collection payment system using mobile phone as payment device and corresponding method |
| CN102625265A (en) * | 2011-01-31 | 2012-08-01 | 钒创科技股份有限公司 | System, communication device and transaction information processing method related to mobile transaction |
| US20150066745A1 (en) * | 2012-05-11 | 2015-03-05 | UBGreen CO., LTD | Payment relay system and method |
| CN105359179A (en) * | 2013-05-15 | 2016-02-24 | 维萨国际服务协会 | Mobile tokenization hub |
| CN105279647A (en) * | 2014-07-16 | 2016-01-27 | 中兴通讯股份有限公司 | Method, device and intelligent card for achieving remote payment |
| CN105184557A (en) * | 2015-08-14 | 2015-12-23 | 中国联合网络通信集团有限公司 | Payment authentication method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109344183A (en) * | 2018-01-30 | 2019-02-15 | 深圳壹账通智能科技有限公司 | Data interaction method, apparatus, computer equipment and storage medium |
| CN109344183B (en) * | 2018-01-30 | 2020-11-24 | 深圳壹账通智能科技有限公司 | Data interaction method, apparatus, computer equipment and storage medium |
| CN111311412A (en) * | 2020-02-24 | 2020-06-19 | 腾讯科技(深圳)有限公司 | Decentralized transaction confirmation method and device and server |
| CN114117400A (en) * | 2021-11-26 | 2022-03-01 | 深圳市洲明科技股份有限公司 | Registration method, verification method, client device, sending card and display screen |
| CN115033923A (en) * | 2022-06-28 | 2022-09-09 | 深圳怡化电脑科技有限公司 | Method, device, equipment and storage medium for protecting transaction privacy data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10595201B2 (en) | Secure short message service (SMS) communications | |
| US12051064B2 (en) | Transaction messaging | |
| US7362869B2 (en) | Method of distributing a public key | |
| CN103714639B (en) | A kind of method and system that realize the operation of POS terminal security | |
| JP6704919B2 (en) | How to secure your payment token | |
| CN109039652B (en) | Digital certificate generation and application method | |
| US20140358777A1 (en) | Method for secure atm transactions using a portable device | |
| CN102711101B (en) | Method and system for realizing distribution of smart cards | |
| US20170180136A1 (en) | Authentication system and method | |
| CN101300808A (en) | Method and arrangement for secure autentication | |
| CN109146468B (en) | Backup and recovery method for digital certificate | |
| CN109801069A (en) | A method of based on pad pasting card protection digital encryption currency purse data | |
| CN106033571A (en) | Trading method of electronic signature devices, electronic signature devices and trading system | |
| CN106408302A (en) | Mobile user-oriented safe payment method and system | |
| WO2012072022A1 (en) | Remote payment method | |
| TWI753102B (en) | Real-name authentication service system and real-name authentication service method | |
| Kisore et al. | A secure SMS protocol for implementing digital cash system | |
| US8819431B2 (en) | Methods and device for electronic entities for the exchange and use of rights | |
| CN103514540A (en) | USBKEY business realization method and system | |
| Dass et al. | Security framework for addressing the issues of trust on mobile financial services | |
| KR20040031434A (en) | Real Time Account Information Control System using on Mobile Device | |
| CN117787985A (en) | Resource transfer method, device, system, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170215 |
|
| RJ01 | Rejection of invention patent application after publication |