CN103236011A - Electronic currency transaction monitoring method - Google Patents
Electronic currency transaction monitoring method Download PDFInfo
- Publication number
- CN103236011A CN103236011A CN2013100548134A CN201310054813A CN103236011A CN 103236011 A CN103236011 A CN 103236011A CN 2013100548134 A CN2013100548134 A CN 2013100548134A CN 201310054813 A CN201310054813 A CN 201310054813A CN 103236011 A CN103236011 A CN 103236011A
- Authority
- CN
- China
- Prior art keywords
- transaction
- nfc
- data
- program
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A safety method allows for direct transaction with electronic currency with no need of special POS (point of sale) card readers. According to the method, data are transmitted by NFC (near field communication), and safety of electronic currency processing is guaranteed by SE (secure element); transactions are done using ISO7814 (international standard organization 7814) commands; ACID (atomicity, consistency, isolation and durability) of the data is guaranteed by 2phaseCommit method; the data is guaranteed resistant to altering in transmission by using a secure channel; dynamic key generation guarantees key safety in long-term operation. A monitor module introduced to the program structure is used for recording the transactions, and the transaction recording is submitted to a transaction recording server by the safety communication method. Therefore, overall safety is realized, separation from POS and a central server is realized, and free and direct payment with electronic currency is allowed.
Description
Technical field
The present invention relates to computing machine, communication, security fields, relate in particular to the electronic money Secure Transaction field in the NFC communication.
Background technology
1. background technology
1.1 electronic money background
Electronic money is popularized in countries in the world, and the user can directly enjoy safety and the facility that electronic money brings.Electronic money has more environmental protection, more is difficult to forge than common currency, is more convenient for carrying, and more is difficult to carry out black feature, and therefore electronic money has and replaces the common currency may fully from now on.Yet present electronic money must pass through by the POS window machine after the safety certification in transaction, and the service condition that exists with ... POS has restricted the circulation of electronic money.
1.2 smart card techniques
Smart card is to be used in most important technology on the electronic money.Intelligence sheet (Smart Card) is a kind of 1. to have microprocessor, 2. has the field of storage of being encrypted by the security control element.In intelligent cards, can move simple program, and preserve significant data.Intelligent cards is generally deferred to GlobalPlatform (http://globalplatform.org) standard.
At present, smart card needs and works together based on the card reader at POS end end, can finish the electronic money trading process.
1.3 NFC technology
NFC (http://www.nfc-forum.org/) is that passing through that development is come out on the RFID changed electromagnetic wave as the close range communication techniques of power supply, compares with traditional RFID, and NFC not only provides recognition function, more can provide various forms of exchanges data.NFC card reader buzzword is PCD, and the device buzzword that is loaded with NFC is PICC, and PCD and PICC communicate by letter based in the band territory of 13.56MHz, and international standard ISO14443 and ISO18092 have formulated communication protocol wherein.
The present topmost utilization of NFC is aspect traffic ticket, electronic money.In the specification of the application layer of NFC standard, formulated 3 kinds of communication modes, the P2P by wherein hands over the letter mode, and two devices that are loaded with the NFC chip are swap data directly.
Paypal at first released in the U.S. in July, 2011, adopt P2P method among the NFC that android provides not needing to realize the service of the electronic money trading mode of POS, yet this mode is not by safety element SecureElement at present, and employing Android(RichOS) control, therefore when data are passed through RichOS, can't guarantee that its data are not distorted forgery by rogue program, for remedying this defective, the server of third party's payment system of Paypal employing itself guarantees the correctness of dealing money; Safety certification, amount of money integrality is handled and is all finished in the central type server, and the equivalence that central server can be regarded POS as replaces.
2. existing research
Be published in IEEE CS, in March, 2010, p191-p200 R.N. Akram, K. Markantonakis, and K. Mayer, " A paradigm Shift in Smart Card Ownership Model; " the paper of (transformation of electric bank-note card entitlement model), set forth because transition of age, the owner of electric bank-note card and currency wherein should transfer the user who has card to, and no longer should be financial issuer or issuers such as telecommunications industry, communications such as bank.This paper has logically been proved the ownership of the control of electronic money by model.And draw the processing that does not rely on the POS of issuer end, the server by issuer not, and directly allow the electric bank-note card possessor by oneself own electronic money from law be reasonable ethically and improve.This paper master is if it were not for the technical solution problem, but by logical argumentation, cleaning hinders irrational intrinsic notion of technical development, and pointed out direction for technical development.This paper viewpoint has not only obtained the generally support of computerdom (CS) and business circles, and has obtained organ of power and admit.
The patent New Beneficiary Initiated P2P of WO2010/036863 A2, P2B Payment Model is (by P2P, the payment model of the new gathering mode that P2B initiates) payment mode of a P2P has been proposed, owing to be the model that moneyman proposes, so this application patent is the design of a kind of modes of payments and operation screen, though a kind of intellection vivo described in its literal, yet do not relate to the safety problem that concrete system's implementation method, particularly the present invention are absorbed in the explanation.
US2010/0250439 A1 Apparatus and Method for Protecting Contents Streamed Through Re-transmission; (apparatus and method of the information content of a kind of protection when transmitting again) this patent application patent and its patent families have proposed a kind of guard method of secure data; be particularly related on internet in the P2P transport process road through the not specific third party protection step of transport process again; the third party can not read and distort information during the course; but can testify for the true and false of information; this mode has attracted the attention of industry, yet its mode also is based on internet all the time and can't realizes payment off the net.
In sum, though off the netly do not use POS to carry out electronic money trading to have progressive, still do not have the specific implementation method at present.
3. buzzword
Because the carrying out of industry internationalization and world standardization, many industry buzzword customs are explained with abbreviation, for the commonly used abbreviation of easy-to-read with this instructions is listed below:
Summary of the invention
1. invention target problem
Main target of the present invention is, makes electronic money trading break away from POS and central type server, realizes that electronic money directly transmits;
The another target of the present invention is to finish data security on the basis of NFC and transmit in whole transaction;
The another target of the present invention is to guarantee the safety of processed sensitive data in whole transaction by safety element (Secure Element, modal SE are SIM and flash memory);
The another target of the present invention is the later both parties' that conclude the business total value, both parties' total value (balance) before necessarily equaling to conclude the business;
The another target of the present invention is that transaction record remaines in the transaction record server by noncontemporaneous mode.
2. summary of the invention summary
Not by RichOS, do not use the P2P communication pattern of the NFC of RichOS, connect and directly set up NFC at the data session layer by NCI;
Not by RichOS, realize that in SE data are preserved and the operation of data exchange program;
Realize data access control by the secured fashion that the present invention proposes, the assurance electronic money can not distorted forgery;
Witness for the legitimacy of transaction by the security monitoring mode based on SE that the present invention proposes.
3. progressive of the present invention is:
1. realize last feature that is not solved of electronic money monetization, break away from special POS and central type server;
2. based on the processing mode of safety element Secure Element, guarantee the security of electronic money in the overall process of collecting, preserving and paying;
3. set up the security path SecureChannel of NFC communication, the assurance electronic money can stolenly not distorted in transport process.
4. adopt non-synchronizing mode record transaction results, be stored in the transaction record server.
The present invention has finally realized a kind of POS that do not need, and the Secure Transaction mode of not interdependent central type server makes electronic money to be accepted by the final user more easily.The present invention proposes method for safety monitoring and guarantee transaction and original same safety of POS mode of using.
Description of drawings
Fig. 1 transaction system synoptic diagram
Fig. 2 is loaded with NFC device internal structural map
Fig. 3 NFC communication processing method
The structural map of Fig. 4 security factor element
Fig. 5 security factor component data, program storage configuration
Structure and the store method of Fig. 6 master file key
The dynamic key of Fig. 7 generation method
The adquisitiones of the required file of Fig. 8
The program structure diagram of disposing among Fig. 9 SE
Figure 10 process of exchange process flow diagram
Embodiment
1. brief summary of the invention and main composition
The equipment of wanting required for the present invention is two end ends of carrying that are loaded with the NFC standard chips, between two you ends, set up NFC communication, the NFC communication pattern is with Card Simulator pattern, and transaction data each other is stored among the safety element SE, does not have central server can guarantee the safety of concluding the business too.What replace central server function is to be deployed in security monitoring module among the Secure Element (Security Monitor), by the mode of mutual justify, realizes that transaction results can not distorting property.Use in order to stop contingent malice, the security monitoring module is passed to the transaction record server with the transaction results data, further monitors transaction by the transaction record server.
Fig. 1 transaction system synoptic diagram
As shown in the figure, system is two intelligent apparatus that are loaded with NFC chip and safety chip, and one starts object (target) 2 as 1, one of NFC startup person (initiator) as NFC.Dispose in every table apparatus, monitor management program 8 is by monitor management program 8 monitor transaction processes.Transaction does not need network and other central type services constantly.After the transaction, by network, transaction record is arrived transaction record server 9.
The role can change mutually in active service.Only lifting with payment person in this explanation is NFC startup person (initiator) 1.Being subjected to taker is that NFC startup person (initiator) 1 example is basic identical on technology realizes, is not therefore given unnecessary details.
Though RichOS, such as Android, iOS is 3 kinds of communication modes of planned support NFC, and by the SDK that RichOS provides, moderate operator can easily develop the P2P communication mode.The present invention is for guaranteeing the security of transmission data, do not adopt the P2P mode that depends on RichOS, and adopt Card Simultor pattern directly to handle NDEF communication, and sensitive data Critical Date is not passed through RichOS, avoid from the memory of RichOS, stealing sensitive data with this.This scheme is by NCI(NFC Control Interface) (a kind of mode that is near the mark most is SWP), exchange Smart Card pay warrant and supplement order with money.
Avoid data by the RichOS reason to be, the intelligent OS of present main flow is Android and iOS for example, all be based on Linux Core and develop and have the system that enriches friendly interface, just can control total system yet have the root authority in the design framework of Linux.At present (U.S.) legally the root authority be the owner who belongs to device, and also can't stop the user to have the root authority technically, therefore can stop the user to obtain the root authority of RichOS easily by softwares such as JailBreak without any means.The malicious user that has the root authority, in theory just can intercept all data by RichOS, therefore adopt in the present invention program and data are stored in SecureElement, even the user has the root authority like this, ability is not revised program of the present invention and data yet.
NFC startup person (initiator) 1 and NFC start object (target) 2 and adopt same structure, dispose identical program, carry out role transforming by application program.
In two end ends, also dispose independently security monitoring module 8 simultaneously, set up secured communication channel (Secure Channel) by security monitoring module 8, by the secured communication channel swap data, and organize data when transmitting, to be stolen and distort.Security monitoring module 8 has guaranteed that as the program that is deployed on the Secure Element general user can't distort the data in this field.And by employed APDU order in the full monitor module 8 record transaction of safety, the record amount of money and data.And by being deployed in the communication module on the RichOS, also can use SMS as equal replacement, transmission is recorded in the transaction record server 9.
Fig. 2 is loaded with NFC device internal structural map
As shown in the figure, be loaded with the internal structure of NFC device by
1. safety element 21: be used for preserving, moving the program and the data that are independent of RichOS;
1.1 be deployed in the application program 51 among the SE, in implementation method of the present invention, program is used JavaCard Framework.
1.2 be deployed in the application program among the SE and be deployed in interactive mode between the application program 24 (AEE Application) of RichOS, under Android, adopt RMI (Remote Method Invocation) to finish interface.
2.NFC chip 22: be used for carrying out NFC communication
3. application program running environment 23 (Application Execution Environment): the running environment that is used for providing application program
3.1 RichOS 25, and various picture API are provided
3.2 the application program 24 of the last operation of RichOS: utilize the picture API of OS, (the last interface of RichOS procedure development is by middle elementary skill person is grasped, so do not give unnecessary details to develop user interface.)
Wherein go back deployment program and data in safety element, the explanation of this part is illustrated in following chapters and sections.
2. NFC communication means
Fig. 3 NFC communication processing method
As shown in the figure, the NFC communication process is as follows
N1:NFC startup person sends SNEP (Simply NDEF Exchange Protocol) NFC data exchange agreement and requires text
The recipient of n2:NFC sends SNEP and accepts text
N3: can be preferred, the recipient of NFC, receive accept text after, send the affirmation text
The form of text as shown in the figure, by two parts
1.SNEP header portion, in the header of text, comprise
The defined version number 11 of NFC, text differentiation 12, text length 13
The defined version number 11 of NFC, the processing power that refers to NFC startup person (initiator) 1, and NFC startup person (initiator) 1 used be the agreement of which version, this project is by two 4 integer integer, first is main protocol version, and second is minor release.
Text distinguishes 12, is respectively that Request requires, Response replys, this project is one 8 signless integer 8-bit unsigned integer, from the typical value of 00h-7Fh, and expression Request requirement, 80h-FFh represents the value of Response.
Wherein Request requirement refers to that NFC startup person (initiator) 1 wishes that NFC starts the processing that object (target) 2 carries out, and its content is respectively
Wherein length 13 is the length of follow-up portion 14, and information portion is the NDEF text, and the form of NDEF text is set according to NFC Forum definition format.Its internal information content is that APDU instruction (Command APDU) specifically can be with reference to give a definition
http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=36134
Wherein Response replys text, refers to that NFC starts the answer that NFC startup person (initiator) 1 processing requirements is understood and satisfied to object (target) 2, and its particular content is
With requiring text the same, wherein length 13 is the length of follow-up portion 14, and information portion is the NDEF text, and the form of NDEF text is set according to NFC Forum definition format.Its internal information content is that APDU replys text (Response APDU), and its message format is as follows
By the text of above definition, and transmission method, realization is equivalent to the communication process of OSI session layer.Annotate OSI here only for ease of understanding employed theoretical explanation.Handle communication process at real NCI or the HCI that loads onto by NFC Forum definition.NCI and HCI are the standard of NFCForum definition, therefore do not belong to scope of authority of the present invention.
3. formation and the security processing of security element (Secure Element is hereinafter to be referred as SE)
The structural map of Fig. 4 security factor element
Security element SE, essential characteristic is defined and suggestion by the GlobalPlatform of financial technology standardization body, and obtains practice in the IC-card that first second generation financial circles are used.Normally with the form of chip, specific implementation method and GP are irrelevant for it, as shown in the figure, are used for SE chip of the present invention and are made of following formant:
1. processor (210) requires to carry out calculation process to bottom;
2. enciphered digital logical circuit AES (AdvancedEncyptionStandad), DES (DataEncyptionStandad) (211), Advanced Encryption Standard, the digital circuit of data encryption standards, SHA-1 treatment circuit; Circuit be designed to public's knowledge, can provide list of references if necessary, so this part is not right application range of the present invention, according to the development of encryption technology, this part can be updated to state-of-the-art technology, these changes can be considered as of equal value the replacement,
3. random number generative circuit (212): for the production of disposal password etc., safety certification step (but preference)
4. exchanges data element circuit (213): be used for the circuit that is connected with UICC/SIM with NFC, circuit is deferred to SWP (Single Wire Protocol), HCI standards (but preference) such as (Host Control Interface)
5. ROM, RAM, memory bodys such as EEPROM (must) (214)
6. memory management unit Memory Management Unit(215), be used for the read-write management of internal memory, comprise rights management, authentication management (but preference)
Data program store method in the security element, as shown below,
Fig. 5 security factor component data, program storage configuration
If use all resources of same key management, perhaps use fixedly key management one Taiwan investment source forever, though implementation method simply can cause huge security breaches and causes inestimable loss like this.Therefore in the present invention, adopt hierarchy type key management framework to manage different resources with several keys, and adopt the real key of dynamic key generation method one-tenth in next life.
As shown in the figure, the root node of SE is a Master file (50), preserve the control key of whole SE in this document, having this key person has all authorities of operation SE, and this key is grasped by the publisher of SE, and SE exists with the hardware form usually, SE can be equipped on SIM card, the NFC chip, SD card or be embedded on the mother matrix of mobile phone, the structure of Master file illustrates in follow-up chapters and sections.
Also have Master program 59 with the Master file is in the root node together, the Master program is regarded the ease of Use system of SE as, and Master program management All Files guarantees the access rights of file, the address of log file.File system among the kernel of its implementation employing Linux, relevant knowledge can be with reference to public's knowledge such as http://en.wikipedia.org/wiki/Ext2.Slightly different with Ext2 is the also process encryption of physical file of inode, and for guaranteeing security of the present invention, the implementation method that specifically lacks originality does not disclose in instructions, does not have the related right requirement yet.
Have some programs (51) under the Master file, the catalogue number can be to theoretic infinity from 1.Here so-called tree structure only is a logical organization of being convenient to understand, and is not physical arrangement.Working procedure (Access Right) also needs key, and its key is perhaps preserved in the program at upper Master file.
Have independently subroutine (511) and the needed file of program (53) under the program, visit subroutine and file all need key, and its key is preserved in upper program.
A program can have several files, and the number of file can be from 0 to theoretic infinity, needs the file of safe operation to have password (511), by this password can visit and operation file in data.
Structure and the store method of Fig. 6 master file key
In the master file, comprise one as shown in the figure
1. master key (501), this key is used for each field of initialization SE, and the entitlement of this key is in the production firm of SE, perhaps the publisher of SE
2. Application Master key is used for refresh routine is installed, and the entitlement of this key belongs to the user
3. the Application key is used for each application program of management, and the entitlement of this key belongs to program and service provider
Said method has been realized hierarchy type key management mode, even a key wherein can not caused other incoherent third-party losses of preserving among the SE because the responsibility of its provider reveals yet.In the aftermentioned chapters and sections, illustrate how to diagnose out the method that key is revealed and dynamic key generates, protection is worked as indivedual keys and is revealed generation down, the method that remedies.
The dynamic key of Fig. 7 generation method
If use above-mentioned key to be directly used in each resource encrypt/decrypt, in long-term use symmetrical keys, be difficult to guarantee that key is not cracked so.Cui Ruo mode can't guarantee the security of currency service like this, in view of this adopt the method for dynamic key in the present invention.As shown in the figure, the dynamic key (DynamicKey) 64 of real opening program resource requirement, (KeyMaker) dynamically generates by key maker 6, and the key maker needs
1. program key (503) program key that provider decides is characterized in that program and service provider own, and this is responsible for
2. user cipher (61) also can use sundry items such as user's body feature, installation day to replace, and its principle is that the user is responsible for for this project.
3. the time on date can be that the cycle of chip clock replaces
4. other dynamic item
As initial conditions; Calculate by Message Digest algorithms such as SHA-1 then.About the algorithm of SHA-1, be general openly knowledge, in the present invention, adopt hardware SHA-1 harmonizing processor chip to be integrated on SE, mother matrix or the SD.
As mentioned above, if program key, user cipher are independent, the perhaps whole leakages under the worst case, malicious user still can't obtain the access right that SE goes up resource by the rogue program on the RichOS.The open method of the last resource of SE is as described in figure below
The adquisitiones of the required file of Fig. 8
As shown in the figure,
S1. user (0) imports password, starts the application program (24) that is deployed on the RichOS;
Application program on the S2.RichOS (24) is called application program (51) on the SE by RMI, and the user cipher that above-mentioned steps is obtained transmits it;
The S3.SE application program, be specially data operation modules (83) with 1. ApplicationKey that self hold (503), 2. the user cipher that obtains in the above-mentioned steps (61) adds the time (62), and other any projects (63), pass to key maker (6); The key maker generates the dynamic key 1 of key;
S4. data operation modules (83) is submitted read-write requests and the dynamic key 1 of key on the SE Master program (59);
S5.Master program (59) is used 1. ApplicationKey (503) that are kept in the Master file, and user cipher (61), is passed to key maker (6) at time (62), and other any projects (63); The key maker generates the dynamic key 2 of key; The dynamic key 1 of Master program (59) and dynamic key 2, if consistent, then the password of the ApplicationKey of prover (503) and user input is correct;
S6. under the normal situation of above-mentioned processing structure, Master program (59) is finished authentication processing, allows data operation modules (83) reading and writing of files; Issue pass Token simultaneously, among the session Session afterwards, need not to carry out again same authentication.Session has the setting of time limit timeOut, and idle overstepping the time limit then Token lost efficacy, and need carry out authentication processing again;
As above-mentioned step S4, ApplicationKey (503) and user cipher all directly are not transmitted, therefore under the situation of user's lost mobile phone, the malicious person also can't install rogue program and steal ApplicationKey (503) by in SE, and user cipher.
As above-mentioned step S5, dynamically contain the time project in the key 1, even therefore the malicious person has stolen dynamic key by certain means, also can't have an opportunity to use for the second time.
As above-mentioned step S5, Master program (59) can be judged the correctness of dynamic key 1, when requiring dynamic key 1 mistake the time, whether can diagnose out has malicious attack (Fraud detection), when diagnosing out when abnormal operation is arranged for several times, can in above-mentioned steps, append deadlock file, the processing of auto-destruct file again.
Guaranteed the safe handling of file as above-mentioned step S1~S6.The means that final Master program (59) is used symmetrical keys such as AES, crack difficulty and intensity and have met and exceeded the common standard of financial world owing to adopt Improvement type EXT2 file system and high strength AES cryptographic means the file enciphering/deciphering.
Preserve application Master Key and Master Key in the above-mentioned Master file (50), the key of preserving is issued management by the third party, if SE is embedded in SIM or the UICC card, this third party can be the publisher of telecommunications industry SIM card so, if this SE is embedded in the SD card, this key is by publisher's (generally being the publisher of this electronic money) management of SD card so.About distribution and the management of key, special mechanism (Mechanism) need be arranged, though this part also most important to security be not the interest field of application of the present invention.
4. the disposal route of the framework of application program and core
Program in the security element adopts the JavaCard program mode (PM), at the VM that loads of IC chip, provides JCRE (JavaCard Runtime Environment).Different with the JAVA of J2ME and other standards, the program that operates on the JCRE is not used GC, does not have MultiThread to support.
The inventor writes the code of describing hardware according to the hardware definition of SE, and uses the GCC compiler to generate VM, and the JavaCard VM of customized is provided.Suppose that SE is arranged on the SIM, issue the mobile service provider of SIM so, perhaps the manufacturer of SIM card is responsible for installing JCRE.JCRE is installed on the MEM among the limited SE.
Adopt after JCRE is mounted, the developer is under development environment, and is compiled based on Class file and other output files based on java, generates the CAP file by the Converter instrument.
The person of the invention provides, be published in the erecting tools on the RichOS, provide the user to download, the user is by being installed to the erecting tools on the RichOS, start the download of the electronic money program among the SE, for guaranteeing the security of electronic money among the SE, adopt the TSM of mobile operator MNO to download usually, and issue the installation order of GlobalPlatform by MNO.
For the program schema of electronic money is described better, provide following standard code as a reference.In actual motion, can make amendment further in real dress for the quality and the security that guarantee code.At first be the GlobalPlatform platform, program is installed-is selected for use-initial stage processing code example:
On the GlobalPlatform platform, further program install-select for use-the real dress of initial stage processing code is routine:
The real generation method of adorning dynamic key only provides framework in this example in key () Method.
The recording mode of real dress sensitive data in register () Method.Constitute according to file among the above-mentioned SE, VM provides according to the function that the Master program provides, the method for file processing.
5. solve the method on data consistency and confidential corespondence road
By above-mentioned explanation, can realize safe transaction, stop the malicious person and utilize the malice mode, theft or illegal altered data.Yet in practice, but can't avoid both parties to swindle service provider's malicious act jointly.For example,
1. because program been separated in execution alone on the two you ends, so transaction can't pick out, be not equal to the situation of the amount of money of receiving the side of collecting when the payer amount paid.
2. again for example, obstacle takes place in NFC communication in transaction, and payer is finished payment processes, and the take over party is not when receiving the amount of money as yet, and this transaction amount of money can't be identified, and make service lose credibility (reliability).
3. when communicating by letter mutually in two you ends, do not have mechanism (Mechanism) can prevent that the malicious person from passing through certain means and adding intermediary in communication, steal or distort Content of Communication.Present NFC communication does not have security path Security Channel mechanism, therefore, in the 10cm distance that NFC allows, might be inserted into malice mechanism, under the situation that POS handles, this problem is also not serious, but saves the words of POS, with the unsupervised transaction, can't avoid malicious user deception transaction program like this.
If do not solve above-mentioned this problem, the present invention will not have practicality to say.
Background technology is mentioned, and Paypal adopts the method for central authorities' control, and payer is uploaded to server with the amount of money, gives the side of being got by server forwards then, by instant recording in central server to guarantee the consistance of the final amount of money.
The present invention proposes different solutions, comes for both parties testify by middleware, and is as shown below, and the present invention can break away from central server when transaction.Transaction back is confirmed within certain time limit and is charged to and conclude the business.
The program of disposing among Fig. 9 SE and system construction drawing
The present invention appends monitor management program (8) on original program as shown in the figure, is deployed in both parties' end end.By the monitor management program, record dealing money, and guarantee the ACID of transaction, the monitor management program, by constituting with lower module:
1. the security path (Security Channel) of NFC secure communication road generation module 81 in order to set up NFC.Lack at present the definition of security path in the NFC communication protocol, so Secure Channel needs own foundation, from now on when NFC safety standard by Security Channel the time, the function that can utilize the NFC standard to provide, and no longer need ownly to adorn in fact.
2. monitor module 82, in order to monitor transaction, and the record dealing money.
3. with the communication module 88 of transaction record server, in order to communicate with transaction record server 9.
The program that is deployed in simultaneously as shown in the figure among the SE also has, transaction application programs 51, data manipulation routine 83, in real dress can with, the function of transaction application programs 51 and data manipulation routine 83 concentrates in a class (Class) file simultaneously, and these small variations can be judged according to the professional technique person's of medium level hobby.
Monitor management program (8) is utilized monitor module wherein, and the APDU that record transmits by NFC at every turn notes down the transaction data among the APDU, temporarily is stored in the SE field.Also can be stored in the outer smart mobile phone field of storage of SE as equal replacement.In the certain hour after closing the transaction, by communication module 88 record is uploaded in transaction record server 9.
Described transaction record server 9 comprises record DB, and perhaps file mode records each monitor management program 8, the record of uploading.Transaction record server 9 is normally used WEB application server, backstage link data server.Dispose in the WEB application server and accept the text module, interior monitoring module, data integrate module and alarm module.Transaction record server 9 fundamental purposes are to prevent illegal money laundering and ways of going about tax evasion, do not have advance technically, so transaction record server 9, internal structure not as the right application.
Described method for uploading need to adopt the secure communication mode, transmits or based on the transmission of https as SMS messaging.When using the SMS messaging load mode, prerequisite is to adopt SIM as SE, and in the monitor management program (8) of SIM deploy, communication module 88 is utilized SMS channel, transmits SMS to transaction record server 9 with the OTA pattern.
As equal replacement, can use the https mode, at this time, only communication module 88 need be deployed among the RichOS, utilize communication function and 9 secure communications of transaction record server of smart mobile phone.
Figure 10 process of exchange process flow diagram
As shown in the figure, adopt the method for dual submission management (2 phase commit) in the transaction, (A holds the end, and B end end is respectively startup person 1 and starts object 2, and the role can exchange)
The transaction program at M1.A end end also claims application program (51) to submit the preparation dealing money to by RMI, gives supervisory programme (8);
The supervisory programme at M2.A end end by CLF, sends NFC communication, and is received by the supervisory programme at B end end;
The supervisory programme at M3.B end end submits to the preparation dealing money to give transaction program by RMI, and transaction program is handled and return results;
M4. supervisory programme send prepare the Commit amount of money preserve module to data, data are preserved the amount of money of preparing commit under the module records, and return results;
After the supervisory programme at M5.A end end is received the normal termination result, send the data to A end end of preparing the Commit amount of money and preserve module, data are preserved the amount of money of preparing commit under the module records, and return results;
M6. after preparing commit and handling whole normal terminations, formal Commit processing requirements is sent to the supervisory programme at B end end in A end end;
The supervisory programme at M7.B end end sends Commit and requires to the last transaction program of B end, and transaction program is handled and return results;
The supervisory programme at M8.A end end sends commit and requires to preserve module to data, and data are preserved the module commit amount of money, and return results;
Before receiving last successful result, if fault occurred in the processing procedure, all handle rollback to original state so.Since in processing procedure, do not allow the multithreading multiprogram to move simultaneously, can the produce of deadlock problem in the method for therefore dual submission management.By the treatment step of above 2PhaseCommit, guarantee the ACID of transaction, solved the problem of data consistencies.
Supervisory programme is provided by service provider's exploitation, and the authentication of program is provided when downloading, and concrete grammar can be various this areas such as electronic identification book method commonly used of CA distribution.Be maliciously tampered for preventing in program, use SHA-1 etc. to prevent from distorting the inspection gimmick to program, this method also is this area common method.
Operation result in the supervisory programme can be used as the voucher of the legitimacy of transaction, and by this method, malicious user attacks transaction program simultaneously and the supervisory programme difficulty is enhanced, and also can't and distort result of communication and carry out malicious act by intercepting; When producing obstacle in the transaction, trade fair is returned to original state ACID and will be guaranteed.
Secure Channel establishment step in the generation module of secure communication road
1. startup person A sends out 2 prime number P and G and gives and start object;
2. startup person utilizes random number maker (212) to generate random number A;
3. start the random number maker of object utilization (212) and generate random number B;
4. startup person passes to the startup object with the result of G^A mod P;
5. the startup object is passed to startup person with the result of G^B mod P;
6. startup person calculates the result of (G^B mod P) ^A mod P, as secret cryptographic key, and the data NDEF (14) of encrypt/decrypt NFC text except the header part;
7. start the result that calculation and object goes out (G^A mod P) ^B mod P, as secret cryptographic key, carry out same encrypt/decrypt;
Because random number A, B does not directly transmit, even so in the distance of 10cm, add the eavesdropping means, openly transmitting data is stolen by the malicious person, the malicious person also can't calculate secret cryptographic key at short notice, the data of having guaranteed Secure Channel thus can be not stolen, thereby can not distorted yet.
Connect upright aforesaid equation, secret cryptographic key need use discrete logarithm just can obtain separating, and up to the present the solution of discrete logarithm is not proposed by art of mathematics as yet, even so use the parallel high-speed calculation method also to need the reasonable time, in between NFC signal post prescribes a time limit (being generally 1 second), it is possible calculating secret cryptographic key actual.
Owing in startup person and startup object, loaded monitor module, the mechanism of mutual authentication is arranged in the monitor module, so disguise as startup object also is impossible.More than explanation has realized safe confidential corespondence road (Secure Channel), has guaranteed the safety of communication.
6. embodiment
Embodiment 1-disburser starts
1. the disburser activates to open the portable phone power supply, imports the PIN of oneself, starts the RichOS (23) such as Android
2. the picture that starts in the direct payment application program of the present invention (24) among the RichOS (23) of disburser is handled
3. the disburser is in direct payment application program (24), and the input amount of money is pressed transfer key
4. payment application 24 starts NFC communication, and starts the payment application (51) that is positioned at the SE field, and at this moment disburser's portable phone becomes NFC startup person (initiator) 1
5. the electric wave of NFC startup person (initiator) 1 emission 13.56Mhz starts object (target) 2 and is activated by electric wave
6. the NFC chip that starts object starts the supervisory programme (8) that is positioned on the SE by NCI modes such as CLF/SWP
7. NFC startup person (initiator) 1 sends the NFC communication request,
8. start object (target) 2 and send the answer of NFC communication request
NFC startup person (initiator) 1 with start to start object (target) 2 and set up NFC and communicate by letter
10. communicating pair is set up secure communication road SecureChannel according to the exchange step of key described in the instructions,
12. in the described process of exchange step, data management module (83) according to the described required file adquisitiones of instructions, is obtained the power of reading and writing of files in the deal with data read-write;
13. described obtaining in the reading and writing of files power step according to the described dynamic key generation method of instructions, generates dynamic key.
14. after the closing the transaction, within a certain period of time and the communication module 88 of transaction record server, the transaction situation is uploaded in transaction record server 9.
7. sum up
By above implementation method, the present invention has realized new method of commerce under the prerequisite that adherence to standard is advised, this method makes that not only the user breaks away from POS, and can onlinely use electronic money down, and can guarantee the security of method of commerce.
More than used specific case that specific embodiments of the invention are described, the explanation of this embodiment just is used for helping to understand method of the present invention and core concept; For one of ordinary skill in the art, according to thought of the present invention, all have change in specific embodiments and applications and change part simultaneously, such as
1. with simple integrated of the logical circuit in the chip or separate, such change only is the difference of encapsulation;
2. the inching of implementation step order will not be as will there being the processing transposing of sequencing;
3. cancellation authentication or necessary security are handled, and service inferior merely is provided;
4. change startup person meaninglessly and start the object role;
Therefore, this description should not be construed as limitation of the present invention, and all any modifications of doing within the spirit and principles in the present invention, the improvement of replacing, deleting additional step on an equal basis all are included in of the present invention comprising in the scope.
Claims (2)
1. the method for monitoring of an electronic money trading is characterized in that
(1) transaction is directly finished in two intelligent apparatus
(2) use the NFC mode in the transaction
(3) use monitor management program record stateful transaction
(4) after the closing the transaction transaction situation is passed to the transaction record server.
2. intelligent apparatus according to claim 1 is characterized in that comprising
(1) NFC standard chips
(2) Secure Element chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100548134A CN103236011A (en) | 2013-02-20 | 2013-02-20 | Electronic currency transaction monitoring method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100548134A CN103236011A (en) | 2013-02-20 | 2013-02-20 | Electronic currency transaction monitoring method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103236011A true CN103236011A (en) | 2013-08-07 |
Family
ID=48884050
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100548134A Pending CN103236011A (en) | 2013-02-20 | 2013-02-20 | Electronic currency transaction monitoring method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103236011A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103984892A (en) * | 2014-05-19 | 2014-08-13 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN103984730A (en) * | 2014-05-19 | 2014-08-13 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN103984896A (en) * | 2014-05-19 | 2014-08-13 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| WO2016045042A1 (en) * | 2014-09-25 | 2016-03-31 | 华为技术有限公司 | Method and device for managing content in secure element |
| CN106920081A (en) * | 2017-02-24 | 2017-07-04 | 济南汉泰信息科技有限公司 | A kind of method of payment, system and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101027699A (en) * | 2004-08-13 | 2007-08-29 | 意大利电信股份公司 | Method and system for safety managing data stored on electronic label |
| CN101546407A (en) * | 2009-02-11 | 2009-09-30 | 广州杰赛科技股份有限公司 | Electronic commerce system and management method thereof based on digital certificate |
| CN102204111A (en) * | 2008-08-12 | 2011-09-28 | 维沃科技公司 | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices |
| CN102460520A (en) * | 2009-05-03 | 2012-05-16 | 洛格摩提公司 | A payment terminal using a mobile communication device, such as a mobile phone |
| CN102722813A (en) * | 2012-04-21 | 2012-10-10 | 郁晓东 | Hierarchical multiple electronic currency device and multiple electronic currency management method |
-
2013
- 2013-02-20 CN CN2013100548134A patent/CN103236011A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101027699A (en) * | 2004-08-13 | 2007-08-29 | 意大利电信股份公司 | Method and system for safety managing data stored on electronic label |
| CN102204111A (en) * | 2008-08-12 | 2011-09-28 | 维沃科技公司 | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices |
| CN101546407A (en) * | 2009-02-11 | 2009-09-30 | 广州杰赛科技股份有限公司 | Electronic commerce system and management method thereof based on digital certificate |
| CN102460520A (en) * | 2009-05-03 | 2012-05-16 | 洛格摩提公司 | A payment terminal using a mobile communication device, such as a mobile phone |
| CN102722813A (en) * | 2012-04-21 | 2012-10-10 | 郁晓东 | Hierarchical multiple electronic currency device and multiple electronic currency management method |
Non-Patent Citations (1)
| Title |
|---|
| 孙欢: ""基于NFC的P2P新一代移动支付解决方案"", 《华南金融电脑》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103984892A (en) * | 2014-05-19 | 2014-08-13 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN103984730A (en) * | 2014-05-19 | 2014-08-13 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN103984896A (en) * | 2014-05-19 | 2014-08-13 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN103984892B (en) * | 2014-05-19 | 2017-11-24 | 联想(北京)有限公司 | A kind of information processing method and electronic equipment |
| CN103984896B (en) * | 2014-05-19 | 2018-04-27 | 联想(北京)有限公司 | A kind of information processing method and electronic equipment |
| WO2016045042A1 (en) * | 2014-09-25 | 2016-03-31 | 华为技术有限公司 | Method and device for managing content in secure element |
| CN106920081A (en) * | 2017-02-24 | 2017-07-04 | 济南汉泰信息科技有限公司 | A kind of method of payment, system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104380652B (en) | Many publisher's safety element subregion frameworks for NFC enabled devices | |
| CN107111500B (en) | Wireless provisioning of application libraries | |
| FI125071B (en) | Payment system | |
| US8196131B1 (en) | Payment application lifecycle management in a contactless smart card | |
| RU2537795C2 (en) | Trusted remote attestation agent (traa) | |
| TWI534731B (en) | Apparatus and methods for secure element transactions and management of assets | |
| RU2523304C2 (en) | Trusted integrity manager (tim) | |
| EP2893736B1 (en) | Method, apparatus, and system for providing and using a trusted tag | |
| EP3962020B1 (en) | Information sharing methods and systems | |
| EP3017580B1 (en) | Signatures for near field communications | |
| CN107278307A (en) | Software layer is mutually authenticated | |
| JP2014529964A (en) | System and method for secure transaction processing via a mobile device | |
| CN111770199B (en) | Information sharing method, device and equipment | |
| CN113704775B (en) | Service processing method and related device based on distributed digital identity | |
| Murdoch et al. | Security protocols and evidence: Where many payment systems fail | |
| Alattar et al. | Host-based card emulation: Development, security, and ecosystem impact analysis | |
| KR20130142864A (en) | Method for issuing mobile credit card in portable terminal using credit card and credit card for the same | |
| CN103236011A (en) | Electronic currency transaction monitoring method | |
| US20240104550A1 (en) | Mobile wallet with offline payment | |
| CN102722813A (en) | Hierarchical multiple electronic currency device and multiple electronic currency management method | |
| US11341483B1 (en) | Enhanced security for digital wallets in multiple devices | |
| CN102999839A (en) | Cloud platform and virtual SE (security element) based electronic currency security payment system and cloud platform and virtual SE based electronic currency security payment method | |
| Lohachab | A perspective on using blockchain for ensuring security in smart card systems | |
| Hassler | Java Card for e-payment Applications | |
| Chirico | Smart card programming |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130807 |