A kind of mobile phone with payment function supporting financial IC card
Technical field
The present invention relates to a kind of mobile phone with payment function supporting financial IC card.
Background technology
Existing mobile communication equipment, what quantity was maximum is mobile phone.Can by holding in one's own possession to carry out mobile communication, comprise a housing and be encapsulated in the circuit in this housing, this circuit comprises a processor module, a MIM message input module, an information display module and a wireless communication module.Mobile-phone payment is a new financial payment Business Processing form.It refers to that mobile phone is before payment, is passed through to authorize the depositor holding this mobile phone in advance, certainly, also will authorize commercial accounts/trade company by card issuer/bank.Mobile-phone payment mainly contains two kinds of modes in use: close to the means of payment and remote payment mode.Close to the means of payment, trade company's EFT-POS machine is improved, make mobile phone near when EFT-POS machine, pass through wireless communication means, such as: bluetooth, or 13.5MHz communication contactless IC card, or 2.4GHz communication etc., form path with EFT-POS machine and carry out identification and payment transaction, comprise book keeping operation and account transfer.Remote payment mode does not change trade company EFT-POS machine, on mobile phone, payment transfer information is initiated by paying party, by the mobile-phone payment gateway set up in WAP network, identification and payment transaction is carried out with card issuer/bank, then corresponding information is sent out on the EFT-POS machine of beneficiary/trade company by bank POS network, carry out confirming after beneficiary reads relevant information on EFT-POS machine, if beneficiary does not confirm, then whole payment is cancelled.Payment process in ecommerce, namely at electronic commerce network, such as: Taobao, both parties do not meet, and need again to confirm mutually identity and the amount of money, and this generally just must use remote payment mode.And common consumer psychology Ze Shi supermarket pays, seeing is believing for people's custom close to the means of payment, wishes that the EFT-POS machine in market can communicate with mobile phone, substitute traditional bank card.
No matter that means of payment, mobile phone be made can to carry out mobile communication and can carry out financial payment Business Processing again, must fully take into account the fail safe of transaction, the financial payment Business Processing of namely being undertaken by mobile phone meets the requirement that bank safety pays.This comprises several aspect: the data that, anti-communication network is attacked through network trading must adopt encryption, just can guarantee communication security, avoid network attack.This point, present mobile-phone payment has substantially been accomplished, bank's legacy network, such as: ATM, and POS and over-the-counter trading network) also do like this.Two, preserve bank's key what is called and preserve bank's key, it not simple depository bank key, but safety is preserved, therefore require that safety preserves the medium of bank's key, there is physical security and logical security feature, guarantee that unauthorized personnel can not obtain or use bank's key, such as: the sensitive informations such as the opening self-destruction key of physical security, the flow process restriction of physical security, time restrictions etc. resist external attack information; Three, PIN process holder is inputted when inputting the PIN encrypted message of oneself from mobile phone, information when guaranteeing that unauthorized personnel can not obtain PIN password.
Existing mobile-phone payment function, normally adopts general common smart mobile phone, and the software cryptography that it realizes by application program is encrypted relevant Transaction Information.But, because the software systems in common smart mobile phone may be invaded by wooden horse, viral supervisor, therefore finance data transmission in easily by the hack in the external world, existing especially its encryption and decryption of mobile phone are all encrypted by the cell phone processor of mobile phone or are deciphered, and cell phone processor often adopts general processor, as long as therefore crack, the data of buffer memory in real-time monitoring cell-phone processor, can obtain sensitive data.
Summary of the invention
For above-mentioned technological deficiency, the present invention proposes a kind of mobile phone with payment function supporting financial IC card, the data of these its encryption and decryption of mobile phone all adopt independently hardware security module, independently hardware security module and cell phone processor carry out communication to utilize this, and utilize the communications protocol of customization to carry out both-way communication, the sensitive data that can only obtain after encryption that cracks of monitoring mobile phone processor, therefore ensure that fail safe when carrying out mobile phone financial transaction.
Support a mobile phone with payment function for financial IC card, comprise
Information display module, wireless communication module, MIM message input module, cell phone processor module, finance processor module; Financial IC card processing module, hardware security module and magnetic stripe card processing module;
Described information display module, wireless communication module, MIM message input module communicate with cell phone processor model calling respectively; Cell phone processor module and finance processor module carry out being connected communication; Described financial IC card processing module, hardware security module and magnetic stripe card processing module carry out being connected communication with finance processor module respectively, and described information display module is used for the data message of display cell phone processor module transfer in real time; Described wireless communication module is used for the data of the data of cell phone processor module transfer being carried out wireless transmission or receiving the transmission of external financial platform;
Described MIM message input module is used for the information to the input of cell phone processor module transfer;
Described financial IC card processing module for read financial IC card information and by read information transmission to finance processor module;
Described magnetic stripe card processing module for read magnetic stripe card information and by read information transmission to finance processor module;
Described hardware security module is used for reading the data relevant with Financial Information from finance processor module, and again transfers to finance processor module after being encrypted it as required or deciphering;
Finance processor module is for receiving the finance data of the encryption of cell phone processor module transfer, the finance data of this encryption is sent to described hardware security module be decrypted, or the finance data after described hardware security module encryption is sent to cell phone processor module; Cryptographic protocol is adopted to transmit between finance processor module cellphone processor module.
Further, described financial IC card processing module comprises contact financial IC card processing module and contactless financial IC-card processing module.
Further, the data relevant with Financial Information comprise PIN encrypted message, the magnetic stripe card information of IC-card, encrypting module in described hardware security module comprises PIN computing module, the encryption processing module of magnetic strip information, digital certificates processing module and MAC computing module.
Further, described hardware security module also comprises cryptographic key protection circuit, and described cryptographic key protection circuit comprises safe self-destruction device.
Further, the communication between described finance processor module and cell phone processor module adopts the communication protocol of customization.
Beneficial effect of the present invention is: to the encryption and decryption processing and utilizing of financial sensitive data independently hardware security module process separately, then undertaken coordinating the communication between hardware security module and cell phone processor module by finance processor module, the communications protocol customized is taked in communication between finance processor module and mobile phone cell phone processor module, transmission data between it are also through the sensitive data after encryption, reside in cell phone processor even if therefore crack, due to communications protocol between cell phone processor module and finance processor module cannot be obtained, therefore the sensitive data after deciphering cannot be obtained, in addition because hardware security module adopts independently encrypted circuit and encryption chip, therefore the chip identification polishing off buying is only needed, hacker cannot crack encryption chip targetedly.
Accompanying drawing explanation
Fig. 1 is structural representation of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described further.
As shown in Figure 1, a kind of mobile phone with payment function supporting financial IC card, comprises information display module, wireless communication module, MIM message input module, cell phone processor module, finance processor module; Financial IC card processing module, hardware security module and magnetic stripe card processing module; Described information display module, wireless communication module, MIM message input module communicate with cell phone processor model calling respectively; Cell phone processor module and finance processor module carry out being connected communication; Described financial IC card processing module, hardware security module and magnetic stripe card processing module carry out being connected communication with finance processor module respectively.Above-mentioned module all adopts independently circuit module to carry out electrical connection communication, wherein said information display module is used for the data message of display cell phone processor module transfer in real time, comprise the UI of transaction interface, transaction operating process and process of exchange in real time information feedback, described MIM message input module be used for cell phone processor module transfer input information; Information display module described above and MIM message input module and combine, such as, adopt touch screen interface; Described wireless communication module is used for the data of the data of cell phone processor module transfer being carried out wireless transmission or receiving the transmission of external financial platform; This wireless communication module can adopt GSM network or 3G wireless network etc. based on existing mobile phone, information display module, described MIM message input module and described wireless communication module described in handset processes module coordination, be sent to finance processor module by MIM message input module with by the encrypted financial data from financial platform that wireless communication module receives by the communications protocol of customization, the communications protocol of this customization can carry out selecting or changing on existing basis according to different manufacturer based on existing cryptographic protocol; Adopting this cryptographic protocol to carry out communication is to prevent the monitoring invasion finance processor module that cracks;
Described financial IC card processing module for read financial IC card information and by read information transmission to finance processor module; Described magnetic stripe card processing module for read magnetic stripe card information and by read information transmission to finance processor module; Finance processor module is for receiving the finance data of the encryption of cell phone processor module transfer, the finance data of this encryption is sent to described hardware security module be decrypted, or the finance data after described hardware security module encryption is sent to cell phone processor module.Described hardware security module is used for reading the data relevant with Financial Information from finance processor module, and again transferring to finance processor module after as required it being encrypted or deciphering, wherein relevant with Financial Information data comprise the sensitive information such as PIN encrypted message, magnetic stripe card information of IC-card.Encrypting module in described hardware security module can comprise PIN computing module, the encryption processing module of magnetic strip information, digital certificates processing module and MAC computing module.In order to further safety, described hardware security module also comprises cryptographic key protection circuit, and described cryptographic key protection circuit comprises safe self-destruction device.
Embodiment one
First cell phone processor module receives instruction and sets up communication by wireless communication module and financial platform and be connected, operator uses financial IC card to carry out money transfer transactions, first financial IC card is read the account information of IC-card by financial IC card processing module, the IC card information of reading is sent to finance processor module by financial IC card processing module, this account information is encrypted by hardware security module by finance processor module, operator inputs encrypted message and the account needing to transfer accounts and the amount of money, finance processor module is sent to by the encryption communication of cell phone processor module, finance processor module transfer is encrypted to hardware security module, then the information after encryption is carried out packing through finance processor module and transfer to cell phone processor module, Information Pull wireless communication module after this packing is sent to financial platform by cell phone processor module, after Transaction Success, financial platform is fed back, even if wherein crack, invasion is to cell phone processor module, because finance processor module is independent, wherein it cannot obtain the account information of IC-card, finance processor module and hardware security module can adopt customization or general-purpose chip according to the needs of manufacturer in addition, if wherein adopt general-purpose chip only to need the outer mark polishing of chip, in the case, even if hacker obtains mobile phone, also the chip information of its finance processor module or hardware security module cannot be understood, therefore cannot crack targetedly.
Preferably, described financial IC card processing module comprises contact financial IC card processing module and contactless financial IC-card processing module.
The above is only the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, without departing from the inventive concept of the premise; can also make some improvements and modifications, these improvements and modifications also should be considered as in scope.