CN101499153A - Method and device for implementing security mobile payment - Google Patents
Method and device for implementing security mobile payment Download PDFInfo
- Publication number
- CN101499153A CN101499153A CNA2008102468487A CN200810246848A CN101499153A CN 101499153 A CN101499153 A CN 101499153A CN A2008102468487 A CNA2008102468487 A CN A2008102468487A CN 200810246848 A CN200810246848 A CN 200810246848A CN 101499153 A CN101499153 A CN 101499153A
- Authority
- CN
- China
- Prior art keywords
- mobile payment
- authority
- current application
- payment instrument
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Telephone Function (AREA)
Abstract
The invention provides a method and a device for realizing safe mobile payment which relates to the mobile payment technique field for ensuring security of mobile payment. The method includes steps as follows: obtaining a safe application authority applied in present of the mobile payment tool; when the mobile payment tool can not connect with the network or disconnect with the network, if the present application authority applied in present locates on the safe application authority range, the present application is allowed to use. The method and the device are mainly used for the mobile payment technique.
Description
Technical field
The present invention relates to the mobile payment technical field, relate in particular to a kind of method and device of realizing secured mobile payment.
Background technology
Mobile payment generally is meant binds client's phone number and bank card account number, by modes of operation such as mobile phone short message, voice, and personalized financial service of providing convenience for the cellphone subscriber who has a bank card and channel of disbursement whenever and wherever possible efficiently.That is to say that portable terminals such as mobile phone are also supported the application as non-telecommunications such as financial application, traffic application, social securities when finishing the various communication functions of telecom operators.
Present mobile payment means generally have following several mode:
Mode one: based on the mobile payment mode of S IM (Subscriber Identity Model, subscriber identification module) card or second safety chip, double-interface SIM card technique for example, SIM card and second safety chip technology etc.
Mode two: based on the mobile payment mode of mobile phone and SIM card, as NFC (Near FieldCommunication, close range wireless communication) technology, eNFC (enhanced Near FieldCommunication strengthens close range wireless communication) technology etc.
Mode three: utilize wireless communication technologys such as data SMS mode, general short message mode, GPRS (General Packet RadioService, GPRS) mode or BIP mode and background server to carry out the mobile payment mode of data transmission.
Because the power of mobile payment, it brings great convenience to daily life.But, because mobile payment itself is not disposed as yet on a large scale, for at present,, generally be to send instructions under the mobile payment instrument by the mode of mobile communication by mobile operator or main mobile payment operator when the situation that the mobile payment instrument is lost occurring.After the mobile payment instrument receives instruction, can some application of mobile payment be locked or permanent locking temporarily.
But, the inventor finds in realizing process of the present invention: after the mobile payment instrument is lost, may connect less than network or with network and disconnect, so like this, mobile operator or main mobile payment operator just can't send instructions under the mobile payment instrument by the mode of mobile communication, the possibility that still exists the mobile payment instrument illegally to be used.
In addition, in the normal use of mobile payment instrument, also may connect less than network or with network and disconnect, also will guarantee the suitable use of mobile payment instrument this moment.How both to have guaranteed that domestic consumer normally used in shutdown or when can not find network, prevent that again illegal user from illegally using others' Move tool to pay in shutdown or when can not find network behind the Move tool that illegally obtains others, also not having the corresponding techniques scheme at present.
Summary of the invention
The invention provides a kind of method and device of realizing secured mobile payment, to guarantee the security of mobile payment.
The present invention adopts following technical scheme:
A kind of method that realizes secured mobile payment comprises:
Obtain the Secure Application authority of the current application of mobile payment instrument;
When described mobile payment instrument connection disconnects less than network or with network,, then allow to use described current application if the current application authority of described current application is positioned at the scope of described Secure Application authority.
A kind of device of realizing secured mobile payment comprises:
Information acquisition unit is used to obtain the Secure Application authority of the current application of mobile payment instrument;
Operating unit is used for if the current application authority of described current application is positioned at the scope of described Secure Application authority, then allowing to use described current application when described mobile payment instrument connection disconnects less than network or with network.
The method of realization secured mobile payment provided by the invention and device, by when the connection of mobile payment instrument disconnects less than network or with network, with the current application control of authority of mobile payment in the Secure Application authority of described application, this has just limited the use of disabled user to the various application of mobile payment instrument, guarantee the normal use of domestic consumer simultaneously, thereby guaranteed the security of mobile payment.
Description of drawings
Fig. 1 is the process flow diagram that the embodiment of the invention one realizes the method for secured mobile payment;
Fig. 2 is the particular flow sheet that the embodiment of the invention one realizes the method for secured mobile payment;
Fig. 3 is the process flow diagram that the embodiment of the invention two realizes the method for secured mobile payment;
Fig. 4 is the schematic representation of apparatus that the embodiment of the invention three realizes secured mobile payment;
Fig. 5 is the structural drawing that the embodiment of the invention three realizes the device of secured mobile payment.
Embodiment
In order to be illustrated more clearly in technical scheme of the present invention, the accompanying drawing of required use is done an introduction simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Embodiment one
For guaranteeing the security of mobile payment, as shown in Figure 1, the invention provides a kind of method that realizes secured mobile payment, comprise the steps:
In actual applications, the mobile payment instrument can provide multiple application, as the public transport application of swiping the card, banking application etc.Therefore, under different application scenarios, the current application of mobile payment instrument can be different.For example when utilizing the mobile payment instrument to carry out public transport to swipe the card, corresponding current application just is the public transport application of swiping the card.
Described Secure Application authority is meant to the security that guarantees mobile payment and is provided with, be appreciated that becoming is a kind of assurance to the mobile payment security, use the highest authority of the various application of mobile payment, a kind of mobile payment validity verification or the like such as a kind of disabled user that can allow.Wherein, described Secure Application authority also can be provided with according to the application scenario of reality.For example, for the public transport application of swiping the card, can described Secure Application authority be set to swipe the card at most 10 times.That is to say, swipe the card after 10 times, just can not utilize described mobile payment instrument to swipe the card again when the disabled user utilizes described mobile payment instrument.When consuming, before sometime, at most payments are limited in 200 yuan etc.
For the mobile payment instrument, be example with the mobile phone, it connects less than network or with situation that network disconnects and may comprise: mobile phone shutdown, mobile phone feed, mobile phone do not have signal or mobile phone to can not find network etc.In these cases,, swipe the card after 10 times, just can not utilize described mobile payment instrument to swipe the card again when the user utilizes described mobile payment instrument for the public transport of being given an example in the step 11 application of swiping the card.That is to say that the present invention is in rights of using under the situation that connection disconnects less than network or with network by limited subscriber at the mobile payment instrument, guarantee the security of mobile payment instrument.
As seen from the above, the method of realization secured mobile payment provided by the invention, by when the connection of mobile payment instrument disconnects less than network or with network, with the current application control of authority of mobile payment in the Secure Application authority of described application, this has just limited the use of disabled user to the various application of mobile payment instrument, thereby has guaranteed the security of mobile payment.Simultaneously, returning validated user provides convenience at the normal feed of mobile phone, when not having mobile phone signal or can not find network.
In addition, as shown in Figure 2, after step 12, method of the present invention also comprises:
Embodiment two
Below in conjunction with embodiment two, describe the implementation procedure of the method for the described realization secured mobile payment of the embodiment of the invention in detail.As shown in Figure 3, the method for the embodiment of the invention two described realization secured mobile payments comprises the steps:
Wherein, described security policy information includes but not limited to: the status information of security strategy type, each security strategy and the precedence information of each security strategy.Wherein, described security strategy type can comprise: the number of times restriction strategy of swiping the card, the amount of money restriction strategy of swiping the card, the arbitrary or combination in any of restriction strategy effective time of swiping the card.The security strategy that certainly, in concrete the application, also can comprise other types.The status information of security strategy is meant whether this security strategy supports the various application of mobile payment instrument.And the precedence information of security strategy is meant, when needing certain application of mobile payment, which or which security strategy of being stored in the mobile payment instrument at first works.
When the priority of various security strategies was set, the technical priority of certain security strategy arbitrarily was set to the highest, all was the priority that security strategy is set according to the needs of practical application generally.The priority orders of for example above-mentioned three kinds of security strategies is: the number of times restriction strategy of swiping the card, the amount of money restriction strategy of swiping the card, restriction strategy effective time of swiping the card.Perhaps, can also be with certain the priority of two or more (greater than two kinds) security strategies be set up in parallel.For example swipe the card the number of times restriction strategy and the amount of money restriction strategy priority of swiping the card all can be set to the highlyest, and that the priority of restriction strategy effective time of swiping the card is set to is time high.In application, if the number of times restriction of swiping the card reaches earlier, the number of times restriction strategy of then swiping the card works; The amount restriction reaches earlier if swipe the card, and the amount of then swiping the card restriction strategy works.In this embodiment, suppose that the priority order from high to low of three kinds of Secure Application strategies is: the number of times restriction strategy of swiping the card, the amount of money restriction strategy of swiping the card, restriction strategy effective time of swiping the card.
In addition, for above-mentioned three kinds of security strategy types, Secure Application authority under can various security strategies is set to fixed value, also can be according to the difference of applied environment, come Secure Application authority under at any time the described three kinds of security strategies of modification by validated user by Counter service or aerial server.In this case, the technical scheme of utilizing this embodiment has also improved the convenience of mobile payment greatly in the security that has increased mobile payment.Simultaneously, returning validated user provides convenience at the normal feed of mobile phone, when not having mobile phone signal or can not find network.
When the described security policy information of storage, can in the security module operating system partly of mobile payment instrument, set up corresponding Secure Application file.Wherein, the representation of described Secure Application file can be as shown in table 1:
Table 1
Perhaps, also can represent the Secure Application authority of various application by for increasing the control of authority sign in the application file of the various application of mobile payment instrument.As shown in table 2, the application file that has increased the various application after control of authority identifies can be expressed as following form:
Table 2
| Data | File type | File size | Set up file permission | Wipe authority | The control of authority sign | Reserve bytes | Apply Names |
| Length (byte) | 1 | 2 | 1 | 1 | 2 | 2 | 5-16 |
| Value (HEX) | 38 | XXXX | XX | XX | XX | FFFF | Apply Names |
Certainly, the mode of storage security policy information is not limited at this cited.
In concrete the application, can read Secure Application file as table 1 form, which determines in the mobile payment instrument, to have plant security strategy, priority orders between each security strategy how, whether each security strategy supports the current application of mobile payment instrument, and whether the status information of each security strategy is to support all mobile payments to use or support certain several mobile payment application etc.According to the setting of being carried out in the step 21 as can be known, the priority of the number of times restriction strategy of swiping the card is the highest, and also promptly the swipe the card maximal value of number of times of the Secure Application authority of defined is 10 times in this security strategy.
Step 23, when described mobile payment instrument connects when disconnecting less than network or with network, if the current application authority of described current application is positioned at the scope of described Secure Application authority, then allow the described current application of use.
When the connection of mobile payment instrument disconnects less than network or with network, as feed or shutdown or when can not find network or not having signal, to swipe the card once at every turn, the number of times of swiping the card subtracts one, swipe the card after 10 times mobile payment instrument this mobile payment instrument of use that just no longer allows to swipe the card.
Again for example, if the priority orders that in step 22, obtains the security strategy of storing in the mobile payment instrument for the amount of money restriction strategy of swiping the card for the highest, the amount of money of also promptly swiping the card of the Secure Application authority under this security strategy is up to 100 yuan.When the mobile payment instrument connects when disconnecting less than network or with network, as feed or shutdown or when can not find network or not having signal, swipe the card once at every turn, just deduct the amount of money that this is swiped the card and is consumed with 100 yuan.When reducing to negative value or be zero, this mobile payment instrument of use just no longer allows to swipe the card once more.
For example, so long as mobile phone is at normal condition (non-feed, non-shutdown, non-do not have signal, non-when can not find situation such as network), after each mobile payment was swiped the card, the number of times of swiping the card restriction just was set to 10 times, after perhaps each mobile payment was swiped the card, the amount of money of swiping the card restriction just was set to 100 yuan etc.
As from the foregoing, the method of realization secured mobile payment provided by the invention, by when the connection of mobile payment instrument disconnects less than network or with network, with the current application control of authority of mobile payment in the Secure Application authority of described application, this has just limited the use of disabled user to the various application of mobile payment instrument, thereby has guaranteed the security of mobile payment.
One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
Embodiment three
The present invention also provides a kind of device of realizing secured mobile payment, as shown in Figure 4, comprising: information acquisition unit 41 is used to obtain the Secure Application authority of the current application of mobile payment instrument; Operating unit 42 is used for if the current application authority of described current application is positioned at the scope of described Secure Application authority, then allowing to use described current application when described mobile payment instrument connection disconnects less than network or with network.
For convenience the user uses, and as shown in Figure 5, described device also can comprise: authority processing unit 43 is used for again the current application authority of described current application being arranged to described Secure Application authority after described mobile payment instrument and network successfully connect.
As shown in Figure 5, described device also can comprise: security strategy determining unit 44 is used for determining the current safety strategy of described mobile payment instrument.At this moment, described information acquisition unit 41 specifically is used for obtaining the Secure Application authority of the current application of mobile payment instrument under described current safety strategy.Storage unit 45, the security policy information that is used to store described mobile payment instrument.
Wherein, described security policy information includes but not limited to: the status information of security strategy type, each security strategy and the precedence information of each security strategy.Wherein, described security strategy type can comprise: the number of times restriction strategy of swiping the card, the amount of money restriction strategy of swiping the card, the arbitrary or combination in any of restriction strategy effective time of swiping the card.The status information of security strategy is meant whether this security strategy supports the various application of mobile payment instrument.
With describe among the embodiment two identical, described storage unit can be according to the mode storage security policy information of describing in the step 21 of embodiment two and the Secure Application authority information of various application.When employing utilized the control of authority label manner to represent the Secure Application authority information of various application, described information acquisition unit 41 can comprise: information reading module is used to read the control of authority sign of described current application; The information acquisition module is used to obtain the Secure Application authority of described current application.
In sum, the method of realization secured mobile payment provided by the invention and device, by when the connection of mobile payment instrument disconnects less than network or with network, with the current application control of authority of mobile payment in the Secure Application authority of described application, this has just limited the use of disabled user to the various application of mobile payment instrument, thereby has guaranteed the security of mobile payment.Simultaneously, returning validated user provides convenience at the normal feed of mobile phone, when not having mobile phone signal or can not find network.
The above; only be the specific embodiment of the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; can expect easily changing or replacing, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by described protection domain with claim.
Claims (12)
1, a kind of method that realizes secured mobile payment is characterized in that, comprising:
Obtain the Secure Application authority of the current application of mobile payment instrument;
When described mobile payment instrument connection disconnects less than network or with network,, then allow to use described current application if the current application authority of described current application is positioned at the scope of described Secure Application authority.
2, the method for realization secured mobile payment according to claim 1 is characterized in that, also comprises:
After described mobile payment instrument and network successfully connected, the current application authority of described current application was set to described Secure Application authority again.
3, the method for realization secured mobile payment according to claim 1 and 2 is characterized in that, before the step of the Secure Application authority of the described current application of obtaining the mobile payment instrument, described method also comprises:
Determine the current safety strategy of described mobile payment instrument;
The step of the Secure Application authority of the described current application of obtaining the mobile payment instrument is specially:
Under described current safety strategy, obtain the Secure Application authority of the current application of mobile payment instrument.
4, the method for realization secured mobile payment according to claim 3 is characterized in that, before the step of the current safety strategy of determining described mobile payment instrument, described method also comprises:
Store the security policy information of described mobile payment instrument.
5, the method for realization secured mobile payment according to claim 4 is characterized in that, described security policy information comprises the precedence information of status information and each security strategy of security strategy type, each security strategy.
6, the method for realization secured mobile payment according to claim 5 is characterized in that, described security strategy type comprises: the number of times restriction strategy of swiping the card, the amount of money restriction strategy of swiping the card, the arbitrary or combination in any of restriction strategy effective time of swiping the card.
7, the method for realization secured mobile payment according to claim 1 is characterized in that, the step of the Secure Application authority of the described current application of obtaining the mobile payment instrument is specially:
Read the control of authority sign of described current application, obtain the Secure Application authority of described current application.
8, a kind of device of realizing secured mobile payment is characterized in that, comprising:
Information acquisition unit is used to obtain the Secure Application authority of the current application of mobile payment instrument;
Operating unit is used for if the current application authority of described current application is positioned at the scope of described Secure Application authority, then allowing to use described current application when described mobile payment instrument connection disconnects less than network or with network.
9, the device of realization secured mobile payment according to claim 8 is characterized in that, also comprises:
The authority processing unit is used for again the current application authority of described current application being arranged to described Secure Application authority after described mobile payment instrument and network successfully connect.
10, according to Claim 8 or the device of 9 described realization secured mobile payments, it is characterized in that, also comprise:
The security strategy determining unit is used for determining the current safety strategy of described mobile payment instrument;
Described information acquisition unit specifically is used for obtaining the Secure Application authority of the current application of mobile payment instrument under described current safety strategy.
11, the device of realization secured mobile payment according to claim 10 is characterized in that, also comprises:
Storage unit, the security policy information that is used to store described mobile payment instrument.
12, the device of realization secured mobile payment according to claim 8 is characterized in that, described information acquisition unit comprises:
Information reading module is used to read the control of authority sign of described current application;
The information acquisition module is used to obtain the Secure Application authority of described current application.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102468487A CN101499153A (en) | 2008-12-26 | 2008-12-26 | Method and device for implementing security mobile payment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2008102468487A CN101499153A (en) | 2008-12-26 | 2008-12-26 | Method and device for implementing security mobile payment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101499153A true CN101499153A (en) | 2009-08-05 |
Family
ID=40946218
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2008102468487A Pending CN101499153A (en) | 2008-12-26 | 2008-12-26 | Method and device for implementing security mobile payment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101499153A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102307344A (en) * | 2011-04-27 | 2012-01-04 | 武汉天喻信息产业股份有限公司 | Air card-locking method for mobile phone wallet |
| WO2015131747A1 (en) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | Method and system for security protection of near field communication card swiping |
| WO2018040972A1 (en) * | 2016-08-31 | 2018-03-08 | 福建联迪商用设备有限公司 | Method and system for improving application security of payment terminal |
| CN111222874A (en) * | 2020-01-15 | 2020-06-02 | 西安闻泰电子科技有限公司 | Short message payment method and device, payment terminal and storage medium |
| CN114448709A (en) * | 2022-02-16 | 2022-05-06 | 上海雾帜智能科技有限公司 | Information security policy generation method, system, device and medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008027621A1 (en) * | 2006-03-30 | 2008-03-06 | Obopay Inc. | Mobile person-to-person payment system |
-
2008
- 2008-12-26 CN CNA2008102468487A patent/CN101499153A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2008027621A1 (en) * | 2006-03-30 | 2008-03-06 | Obopay Inc. | Mobile person-to-person payment system |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102307344A (en) * | 2011-04-27 | 2012-01-04 | 武汉天喻信息产业股份有限公司 | Air card-locking method for mobile phone wallet |
| WO2015131747A1 (en) * | 2014-09-25 | 2015-09-11 | 中兴通讯股份有限公司 | Method and system for security protection of near field communication card swiping |
| WO2018040972A1 (en) * | 2016-08-31 | 2018-03-08 | 福建联迪商用设备有限公司 | Method and system for improving application security of payment terminal |
| CN111222874A (en) * | 2020-01-15 | 2020-06-02 | 西安闻泰电子科技有限公司 | Short message payment method and device, payment terminal and storage medium |
| CN111222874B (en) * | 2020-01-15 | 2024-04-09 | 西安闻泰电子科技有限公司 | Short message payment method, device, payment terminal and storage medium |
| CN114448709A (en) * | 2022-02-16 | 2022-05-06 | 上海雾帜智能科技有限公司 | Information security policy generation method, system, device and medium |
| CN114448709B (en) * | 2022-02-16 | 2024-03-12 | 上海雾帜智能科技有限公司 | Information security policy generation method, system, device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100440253C (en) | Method for loading data onto chip cards and devices adapted thereto | |
| CN101729502B (en) | Method and system for distributing key | |
| US8186591B2 (en) | Contactless management between a smart card and mobile terminal | |
| CN102202306B (en) | Mobile security authentication terminal and method | |
| CN102932333A (en) | Safety equipment with mobile payment function, system and method | |
| CN1904923A (en) | Method for implementing space transference and apparatus thereof | |
| CN103426084A (en) | Electronic payment system and remote-based or near-field-based payment method | |
| AU2002220939A1 (en) | Electronic payment and associated systems | |
| CN102411742A (en) | Mobile terminal | |
| CN101770669A (en) | Bank automatic warning system and method thereof | |
| CN101729503A (en) | Method and system for distributing key | |
| CN101499153A (en) | Method and device for implementing security mobile payment | |
| CN105184556A (en) | Bluetooth-based mobile payment system and payment method | |
| CN105631659A (en) | Payment request processing method, payment request processing device and terminal | |
| CN101222246A (en) | Method and device for implementing automatic charging by near-field communication terminal, and mobile communication terminal | |
| CN101166320B (en) | A mobile phone and method for realizing mobile phone true name system based on RF recognition technology | |
| EP2555145A1 (en) | Credit transaction system, apparatus and terminal for granting credit and method thereof | |
| CN101872454A (en) | Sales terminal transaction processing method, equipment and mobile terminal transaction processing method | |
| CN101901436A (en) | Method, device and system for implementing service payment | |
| CN103619053A (en) | Method for using user identification cards and communication system | |
| CN105631657A (en) | Payment method based on non-contact type mobile payment terminal | |
| CN102945334A (en) | Safety equipment with virtual on-chip operating system, safety device with virtual on-chip operating system, systems and methods | |
| CN104751326A (en) | Data processing method and related equipment and system | |
| CN103870958A (en) | Mobile payment method and mobile payment exclusive device | |
| CN101499152A (en) | Method, equipment and system for implementing security mobile payment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20090805 |
|
| RJ01 | Rejection of invention patent application after publication |