CN104700268B - A kind of method of mobile payment and mobile device - Google Patents
A kind of method of mobile payment and mobile device Download PDFInfo
- Publication number
- CN104700268B CN104700268B CN201510144903.1A CN201510144903A CN104700268B CN 104700268 B CN104700268 B CN 104700268B CN 201510144903 A CN201510144903 A CN 201510144903A CN 104700268 B CN104700268 B CN 104700268B
- Authority
- CN
- China
- Prior art keywords
- payment
- mobile device
- data
- sim cards
- payment processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Telephone Function (AREA)
Abstract
The embodiment of the invention discloses a kind of method of mobile payment and mobile devices, for the effectively storage of enhancing mobile payment and operational capability.Present invention method includes:RF SIM cards in mobile device receive the payment request that payment request side is sent, and include payment data in the payment request;Payment data is obtained in the RF SIM cards in payment processing unit slave mobile device in mobile device;Payment processing unit in mobile device carries out payment processing according to payment data and user information and gets paid processing data, which obtains from the memory of TEE;Payment processing unit in RF SIM card slave mobile devices in mobile device obtains payment processing data;Payment processing data are sent to payment request side.To realize that some storages by RF SIM cards are put into operational capability in the TEE environment of safety of mobile device, storage and the operational capability of secure payment are effectively enhanced.
Description
Technical field
The present invention relates to the communications field more particularly to a kind of method of mobile payment and mobile devices.
Background technology
At present there are mainly three types of technical solutions used in mobile payment, one is near-field communication (NFC, Near Field
Communication) serial, including NFC and eNFC, the greatest drawback of this mode is user to use mobile-phone payment,
The mobile phone with NFC function must be replaced;Second is the SIMPASS standards based on 13.56MHz;The third is then based on
SIM card of new generation (RFID-SIM, Radio the Frequency Identification-based on RFID technique of 2.4GHz
SIM), abbreviation RF-SIM cards.It is compared with NFC, RF-SIM technologies only need user to replace SIM card, eliminate the trouble for replacing mobile phone,
So RF-SIM mobile payments scheme is widely recognized as in the industry, three China Mobile, China Unicom, China Telecom operators
The pilot of large area is carried out in the whole nation, wherein common scene is the applications such as all-in-one campus card, enterprise's all-purpose card.
RF-SIM cards are communicated by the way that the chip of RF to be embedded in the SIM card of standard, are carried out using the CPU in SIM card
The application program of operation, payment function runs directly in RF-SIM cards.RF-SIM cards both had common SIM cards the same
Functionality mobile communication, and wireless near field communication can be carried out by antenna attached thereto, there is mobile phone on-site payment and body
Part authentication function.
With the enhancing of mobile device capability, the demand that more secure payments are completed in mobile device terminal can be increasingly
It is more, and since in traditional RF-SIM means of payment, storage and operation in payment process are directly to complete on the sim card
, therefore will appear the problem of storage and operational capability deficiency.
Invention content
An embodiment of the present invention provides a kind of method of mobile payment and mobile devices, can be on the basis for ensureing high security
On, effectively enhance storage and the operational capability of mobile payment.
In a first aspect, an embodiment of the present invention provides a kind of method of mobile payment, including:
RF-SIM clamping revenues and expenditures in mobile device pay requesting party's payment request sent, include payment in the payment request
Data;Payment data is obtained in the RF-SIM cards in payment processing unit slave mobile device in mobile device, the payment processing
Unit is the payment application operated in trusted execution environments TEE;Payment processing unit in mobile device is according to branch
It pays data and user information carries out payment processing and gets paid processing data, which obtains from the memory of TEE;It is mobile
Payment processing unit in RF-SIM card slave mobile devices in equipment obtains payment processing data;RF-SIM in mobile device
Block to payment request side and sends payment processing data.
With reference to first aspect, in the first possible realization method of first aspect, the payment processing in mobile device
Payment data is obtained in RF-SIM cards in unit slave mobile device includes:RF-SIM cards in mobile device protect payment data
It deposits to safe shared drive;Payment processing unit in mobile device reads payment data from safe shared drive.
With reference to first aspect, in second of possible realization method of first aspect, the RF-SIM cards in mobile device
Payment processing unit in slave mobile device obtains payment processing data:Payment processing unit in mobile device will be paid
Processing data are preserved to safe shared drive;RF-SIM cards in mobile device obtain payment processing number from safe shared drive
According to.
With reference to first aspect, in the third possible realization method of first aspect, the method further includes:Movement is set
It is standby that RF-SIM cards in mobile device are initialized;The initialization includes:Payment processing unit in mobile device is from shifting
Private key and user information are obtained in RF-SIM cards in dynamic equipment;Payment processing unit in mobile device believes private key and user
Breath is preserved into the memory of TEE.
The third possible realization method with reference to first aspect, in the 4th kind of possible realization method of first aspect
In, the payment processing unit in mobile device carries out payment processing according to payment data and user information and gets paid processing data
Including:Payment processing unit in mobile device, which is encrypted payment data and user information using private key, to be got paid
Handle data.
The third possible realization method with reference to first aspect, in the 5th kind of possible realization method of first aspect
In, it obtains private key in the RF-SIM cards in payment processing unit slave mobile device in mobile device and user information includes:It moves
RF-SIM cards in dynamic equipment preserve private key and user information to safe shared drive;Payment processing unit in mobile device
Private key and user information are read from safe shared drive.
Second aspect, an embodiment of the present invention provides a kind of mobile devices, including:
RF-SIM cards, the payment request for receiving the transmission of payment request side include payment data in the payment request;
The memory of credible performing environment TEE;
Payment processing unit is carried out for obtaining payment data from RF-SIM cards according to payment data and user information
Payment processing gets paid processing data, which is the payment application operated in TEE, the user information
It is obtained from the memory of TEE;
RF-SIM cards are additionally operable to obtain payment processing data from payment processing unit, described in the transmission of payment request side
The processing data.
In conjunction with second aspect, in the first possible realization method of second aspect, RF-SIM cards include:First receives
Module, for receiving payment request;Second receiving module, for obtaining payment processing data from payment processing unit;It sends
Module, for sending payment processing data to payment request side;Payment processing unit includes:First acquisition module is used for from RF-
Payment data is obtained in SIM card;Second acquisition module, for obtaining user information from the memory of TEE;Processing module is used for
Payment processing, which is carried out, according to payment data and user information gets paid processing data.
In conjunction with the first possible realization method of second aspect, in second of possible realization method of second aspect
In, mobile device further includes:Safe shared drive;RF-SIM cards further include:First preserving module, for preserving payment data
To safe shared drive;First acquisition module is specifically used for obtaining payment data from safe shared drive.
In conjunction with the first possible realization method of second aspect, in the third possible realization method of second aspect
In, mobile device further includes:Safe shared drive;Payment processing unit further includes:Second preserving module is used for payment processing
Data are preserved to safe shared drive;Second receiving module is specifically used for obtaining payment processing data from safe shared drive.
In conjunction with the first possible realization method of second aspect, in the 4th kind of possible realization method of second aspect
In, payment processing unit further includes:Third acquisition module, for obtaining private key and user information from RF-SIM cards;Third is protected
Storing module, for preserving private key and user information into the memory of TEE.
In conjunction with the first possible realization method of second aspect, in the 5th kind of possible realization method of second aspect
In, processing module is specifically used for that payment data and user information is encrypted using private key to get paid processing data.
In conjunction with the first possible realization method of second aspect, in the 6th kind of possible realization method of second aspect
In, mobile device further includes:Safe shared drive;RF-SIM cards further include:Third preserving module, for believing private key and user
Breath is preserved to safe shared drive;Third acquisition module is specifically used for reading the private key and the use from safe shared drive
Family information.
As can be seen from the above technical solutions, the scheme of the embodiment of the present invention has the advantages that:
In the embodiment of the present invention, after the RF-SIM clamping revenues and expenditures in mobile device pay the payment request that requesting party sends, and
Total data and payment operation are not placed in the CPU of SIM card and are run, by the payment processing unit in mobile device from
In RF-SIM cards obtain payment request in payment data, the payment processing unit be operate in trusted execution environments (TEE,
Trusted Execution Environment) in payment application, later, the payment processing unit in mobile device
Payment processing is carried out according to payment data and user information and gets paid processing data, and wherein user information is from the memory of TEE
It obtains, later, the RF-SIM cards in mobile device obtain the payment processing data from payment processing unit, and to payment request
Side sends the payment processing data.The safety of mobile device is put into realize some storages by RF-SIM cards with operational capability
TEE environment in, on the basis of ensureing high security, effectively enhance storage and the operational capability of secure payment.
Description of the drawings
Fig. 1 is a kind of flow chart of method of mobile payment in the embodiment of the present invention;
Fig. 2 is another flow chart of method of mobile payment in the embodiment of the present invention;
Fig. 3 is another flow chart of method of mobile payment in the embodiment of the present invention;
Fig. 4 is the information exchange flow chart of method of mobile payment in the embodiment of the present invention;
Fig. 5 is the embodiment schematic diagram of mobile device in the embodiment of the present invention;
Fig. 6 is another embodiment schematic diagram of mobile device in the embodiment of the present invention;
Fig. 7 is another embodiment schematic diagram of mobile device in the embodiment of the present invention;
Fig. 8 is another embodiment schematic diagram of mobile device in the embodiment of the present invention;
The structural schematic diagram of mobile device in Fig. 9 embodiment of the present invention.
Specific implementation mode
An embodiment of the present invention provides a kind of method of mobile payment and mobile payment device, for by RF-SIM cards some
Storage and operational capability are put into the TEE environment of safety of mobile device, on the basis of ensureing high security, are effectively enhanced
The storage of secure payment and operational capability.It is described in detail separately below.
In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention
Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people
The every other embodiment that member is obtained without making creative work should all belong to the model that the present invention protects
It encloses.
Term " first ", " second ", " third " " in description and claims of this specification and above-mentioned attached drawing
The (if present)s such as four " are for distinguishing similar object, without being used to describe specific sequence or precedence.It should manage
The data that solution uses in this way can be interchanged in the appropriate case, so that the embodiments described herein can be in addition to illustrating herein
Or the sequence other than the content of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that
Cover it is non-exclusive include, for example, containing the process of series of steps or unit, method, system, product or equipment need not limit
In those of clearly listing step or unit, but may include not listing clearly or for these processes, method, production
The intrinsic other steps of product or equipment or unit.
The major function of RF-SIM cards includes:The functions such as the SIM mobile communication of standard, authentication, electronic purse function, remotely
Payment function, super vip card function etc..The SIM card part of RF-SIM cards is used for normal mobile communication, and embedded software is for managing
RF-ID, built-in e-credit e-credit, EMV stored value cards and the VIP member cards for managing high degree of safety, use RF modules
And pass through built-in antenna and peripheral device communication.
Trusted execution environments (TEE, Trusted Execution Environment) are believable running environment, are
With trustless performing environment (REE, Rich Execution Environment) independent operating system, such as Android
For REE.When program inside TEE is run, its code and region of memory is controlled by access control unit, cannot
It is accessed by the program in REE.Program inside TEE generally can only passively be called, and the mobile device overwhelming majority time is all
Operate in REE environment.
In current mobile device market, many equipment have had been provided with the function of supporting TEE, with ARM's
TrustZone technologies are representative, which has been integrated into high pass, MTK, in many chips of the chips such as apple manufacturer, these
Chip also supports that a TEE system environments, two environment are isolation while supporting REE (Android, IOS).
TrustZone technologies are closely integrated with Cortex-A processors, and are passed throughAXI buses and specific
TrustZone system IP blocks are extended in systems.This systems approach means that secure memory, cryptographic block, key can be protected
The peripheral hardwares such as disk and screen, to can ensure that them from software attacks.
The embodiment of the present invention is to combine the TEE system environments in RF-SIM cards and mobile device, a kind of movement provided
Method of payment and corresponding mobile device, in actual application scenarios, this method can be applied to mobile phone, tablet etc. and carry
RF-SIM cards and the mobile device for supporting TEE system environments.
In the present embodiment, there are two kinds of operating modes of REE and TEE in mobile device, it can be according to different needs at this
Switch in both of which.Application program medium security level requires low part to may operate in REE environment, to safety requirements height
Part may operate in TEE environment, particularly for the present embodiment payment application for, with user by the interfaces UI into
The program of row interactive portion is executed in REE, and the part interacted with payment data executes in TEE, the branch executed in TEE
It is payment processing unit to pay application program.
In conjunction with Fig. 1, one embodiment of method of mobile payment of the embodiment of the present invention includes:
101, the RF-SIM clamping revenues and expenditures in mobile device pay requesting party's payment request sent;
When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field,
RF-SIM cards and payment request side in mobile device establish connection, and the RF-SIM cards in the mobile device of payment request direction are sent
Payment request includes payment data in the payment request.
It should be noted that specifically, the payment request in the embodiment of the present invention can be with certain for transmission payment request
A near field payment services can also be other services or the equipment that can send payment request, not limit herein.
In practical applications, payment data is the transaction data that payment request is sent, and be can specifically include:Transaction odd numbers,
The information such as trade name, transaction amount, do not limit specifically herein.
102, payment data is obtained in the RF-SIM cards in the payment processing unit slave mobile device in mobile device;
After RF-SIM clampings in a mobile device receive the payment request of payment request side's transmission, the branch in mobile device
Pay processing unit from RF-SIM cards acquisition the payment request in payment data.Payment processing unit is to operate in mobile device
In TEE environment with pay relevant application program.
103, the payment processing unit in mobile device is propped up according to payment data and user information progress payment processing
Pay processing data;
After payment processing unit in mobile device gets payment data, is read from TEE and be stored in advance in TEE memories
In user information, then the payment data got and user information are subjected to payment processing, processing number are got paid after processing
According to.
It should be noted that the user information being stored in advance in TEE refers to the individual needed in process of exchange herein
Information may include:Information of mobile user (such as:International mobile subscriber identity (IMSI, International Mobile
Subscriber Identification Number)), bank account information (such as:Bank card account number, payment cipher) etc.,
It does not limit herein specifically.
In practical applications, it includes only above-mentioned that payment processing unit, which carries out the data used when payment processing not necessarily,
The payment data and user information of description can also include other more data, not limit herein specifically.
104, payment processing unit obtains payment processing data in the RF-SIM card slave mobile devices in mobile device;
Payment processing unit in a mobile device carries out payment processing to payment data and user data and gets paid place
After managing data, RF-SIM cards obtain the payment processing data.
105, the RF-SIM cards in mobile device send payment processing data to payment request side.
RF-SIM in mobile device is stuck in get payment processing data after, send the payment processing to payment request side
Data.
In the embodiment of the present invention, after the RF-SIM clamping revenues and expenditures in mobile device pay the payment request that requesting party sends, and
Total data and payment operation are not placed in the CPU of SIM card and are run, by the payment processing unit in mobile device from
The payment data in payment request is obtained in RF-SIM cards, which is the payment application operated in TEE,
Later, the payment processing unit in mobile device carries out payment processing according to payment data and user information and gets paid processing number
According to wherein user information is obtained from the memory of TEE, and later, the RF-SIM cards in mobile device are obtained from payment processing unit
The payment processing data are taken, and the payment processing data are sent to payment request side.Some of RF-SIM cards are deposited to realize
Storage and operational capability are put into the TEE environment of safety of mobile device, on the basis of ensureing high security, are effectively enhanced
The storage of secure payment and operational capability.
In a mobile device, it is not direct communication between RF-SIM cards and TEE, but uses safe shared drive logical
Letter, the method for mobile payment combined below to RF-SIM cards and TEE based on safe shared drive are described in detail.
Incorporated by reference to Fig. 2, another embodiment that method of mobile payment of the embodiment of the present invention provides, including:
201, the RF-SIM clamping revenues and expenditures in mobile device pay requesting party's payment request sent;
When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field,
RF-SIM cards and payment request side in mobile device establish connection, and the RF-SIM cards in the mobile device of payment request direction are sent
Payment request includes payment data in the payment request.
It should be noted that specifically, the payment request in the embodiment of the present invention can be with certain for transmission payment request
A near field payment services can also be other services or the equipment that can send payment request, not limit herein.
In practical applications, payment data is the transaction data that payment request is sent, and be can specifically include:Transaction odd numbers,
The information such as trade name, transaction amount, do not limit specifically herein.
202, the RF-SIM cards in mobile device preserve payment data to safe shared drive;
It, will be in payment request after RF-SIM in mobile device is stuck in the payment request for receiving the transmission of payment request side
Payment data is preserved into the safe shared drive of mobile device.
Safe shared drive is one piece of storage in mobile device, this is interior, and there are the controls of the access control unit of mobile device
Under system, it can only be accessed by TEE and with the discrete cell of RF-SIM cards connection.Under the support of safe shared drive, RF-SIM cards
Data interaction can be realized in the case where REE is not involved between TEE, process of guaranteeing payment core data safety.
In practical applications, which it is shared interior to may be used the safety that ARM TrustZone technologies are realized
It deposits, other technologies can also be used to realize, do not limited herein specifically.
203, the payment processing unit in mobile device reads payment data from safe shared drive;
RF-SIM cards in a mobile device preserve payment data to the safe shared drive of mobile device, payment
Processing unit reads payment data from safe shared drive, and payment processing unit is the payment application executed in TEE.
204, the payment processing unit in mobile device is propped up according to payment data and user information progress payment processing
Pay processing data;
Payment processing unit in mobile device in safe shared drive after reading payment data, then from the memory of TEE
RF-SIM cards private key and the user information being stored in when middle reading RF-SIM card initializations in TEE memories, further according to payment data
Payment processing, which is carried out, with user information gets paid processing data.
It should be noted that the user information being stored in advance in TEE memories refers to being needed in process of exchange herein
Personal information may include:Information of mobile user (such as:International mobile subscriber identity (IMSI, International
Mobile Subscriber Identification Number)), bank account information (such as:Bank card account number, payment are close
Code) etc., it does not limit herein specifically.
In practical applications, it includes only above-mentioned that payment processing unit, which carries out the data used when payment processing not necessarily,
The payment data and user information of description can also include other more data, not limit herein specifically.
205, the payment processing unit in mobile device preserves payment processing data to safe shared drive;
Payment processing unit in mobile device carries out payment processing according to payment data and user information and gets paid place
After managing data, payment processing data are preserved to the safe shared drive of mobile device.
206, the RF-SIM cards in mobile device obtain payment processing data from safe shared drive;
Payment processing unit in mobile device preserves payment processing data to the safe shared drive of mobile device,
RF-SIM cards in mobile device get the payment processing data from safe shared drive.
207, the RF-SIM cards in mobile device send payment processing data to payment request side.
RF-SIM cards in mobile device are sent out after obtaining payment processing data in safe shared drive to payment request side
Give the payment processing data.
After payment request side receives the payment processing data, the payment such as withhold can be carried out according to the payment processing data
Operation, and payment result is returned into the payment application in REE, to inform user's payment result, to complete entire branch
The process of paying.
In the embodiment of the present invention, for the high security for the process of guaranteeing payment, in a mobile device, RF-SIM cards and TEE
Between using safe shared drive communicate, under the support of safe shared drive, between RF-SIM cards and TEE can REE not
Data interaction is realized in the case of intervention, process of guaranteeing payment core data safety.So that some by RF-SIM cards are deposited
After storage and operational capability are put into the TEE of mobile device, while storage and the operational capability for effectively enhancing payment, protect
The high security of payment process is demonstrate,proved.
In the scheme based on RF-SIM cards and TEE, RF-SIM be stuck in before use, need carry out security initialization, below
The process initialized to RF-SIM cards is described in detail.
In conjunction with Fig. 3, another embodiment that the method for mobile payment in the embodiment of the present invention provides, including:
301, the RF-SIM cards in mobile device preserve private key and user information into safe shared drive;
Certain mobile device is used for the first time in user, when RF-SIM card insertions are entered the mobile device, in the REE of mobile device
Application program can detect the RF-SIM cards of insertion, to trigger RF-SIM card initialization flows, the initialization of RF-SIM cards
Flow is as follows:
RF-SIM cards in mobile device, which preserve the private key being preset in RF-SIM cards and user information to safety, to be shared
In memory.
Wherein, private key can be the private key of the unsymmetrical key generated inside RF-SIM cards, for preventing data from transmitting
It is stolen or distorts with storing process, can also be the preset private key of other modes, do not limit herein specifically.
It, can be with it should be noted that the user information in RF-SIM cards refers to the personal information needed in payment process
Including:Information of mobile user (such as:International mobile subscriber identity (IMSI, International Mobile
Subscriber Identification Number)), bank account information (such as:Bank card account number, payment cipher) etc.,
It does not limit herein specifically.
Safe shared drive is one piece of storage in mobile device, this is interior, and there are the controls of the access control unit of mobile device
Under system, it can only be accessed by TEE and with the discrete cell of RF-SIM cards connection.Under the support of safe shared drive, RF-SIM cards
Data interaction can be realized in the case where REE is not involved between TEE, process of guaranteeing payment core data safety.
In practical applications, which it is shared interior to may be used the safety that ARM TrustZone technologies are realized
It deposits, other technologies can also be used to realize, do not limited herein specifically.
302, the payment processing unit in mobile device reads private key and user information from safe shared drive;
RF-SIM cards in a mobile device, which preserve the private key being preset in RF-SIM cards and user information to safety, to be total to
After enjoying in memory, the payment processing unit in mobile device reads private key and user information from safe shared drive, payment
Processing unit is the payment application executed in TEE.
303, the payment processing unit in mobile device preserves private key and user information into the memory of TEE;
Payment processing unit in mobile device in safe shared drive after reading private key and user information, at payment
Reason unit preserves private key and user information into the memory of TEE, to complete the initialization procedure of RF-SIM cards.
Above step 301 to step 303 is the process of RF-SIM card security initializations, it should be noted that RF-SIM cards
When initialization, other than the private key and user information that read RF-SIM cards, it can also read and need in other payment process
RF-SIM card informations, do not limit specifically herein.
In addition, it is necessary to explanation, step 301 to step 303 is that a kind of more common RF-SIM card safety is initial
Change process, in practical applications, possible there are many methods of initialization RF-SIM cards, as long as can guarantee the private in RF-SIM cards
On the basis of not contacting REE environment, in storage to TEE, the method specifically initialized is not done herein for key and user information
It limits.
In the present embodiment, step 304 to step 306 is identical to step 203 as the step 201 in embodiment illustrated in fig. 2, this
Place does not repeat.
307, the payment processing unit in mobile device is encrypted payment data and user information using private key
Get paid processing data;
Payment processing unit in mobile device in safe shared drive after reading payment data, then from the memory of TEE
RF-SIM cards private key and the user information being stored in when middle reading RF-SIM card initializations in TEE memories, later, payment processing list
Member is encrypted payment data and user information using private key, to generate encrypted payment processing data.
It should be noted that in practical applications, the information that payment processing unit is read includes only not necessarily private key, payment
Data, user information can also include other kinds of information required for payment;Private key encryption is used during payment processing
Data not necessarily only include payment data and user information, can also include other kinds of information required for payment, it is specific this
Place does not limit.
In addition, in practical applications, the mode that data are carried out with payment processing is not necessarily using private key to payment data
It is encrypted with user information, data can also be handled using other modes, not limited herein specifically.
Optionally, before step 307, living things feature recognition certification can be carried out, detailed process is as follows:
When user opens payment in application, the physical characteristics collecting device in mobile device acquires the first biological characteristic of user
Information after physical characteristics collecting device successful acquisition to the first biological information, operates in the bio-identification trusted application in TEE
Program is by collected first biological information and is stored in advance in the second biological information in TEE and is compared.If the
When one biological information and consistent the second biological information, illustrate that the user of delivery operation is legal, then allows RF-SIM
The private key for the RF-SIM cards that TEE is obtained during card initialization is in available mode, so that the payment processing unit in TEE
The private key of RF-SIM cards can be used to carry out payment processing to payment data and user information.Such as:User opens the branch in REE
It pays using when being paid, payment application can prompt user to carry out fingerprint recognition certification, and user, which puts finger to mobile phone, to be referred to
On line collector, fingerprint inductor will acquire the finger print information of user, be compared with the biological information stored in TEE
It is right.Wherein biological information includes the human body physiological characteristics such as fingerprint, face, iris, retina, sound, pulse, auricle, is removed
Except this, the physiological characteristic of other human bodies can also be included, do not limited herein specifically.
It should be noted that the combination of living things feature recognition authentication techniques and this programme, needs mobile device biological support
Characteristic information acquisition, user have the support for opening the conditions such as biometric authentication function.So biometric authentication step exists
It is optional execution step in the method for payment that RF-SIM cards and TEE are combined.
In the present embodiment, step 308 to step 310 is identical to step 207 as the step 205 in embodiment illustrated in fig. 2, this
Place does not repeat.
In the embodiment of the present invention, RF-SIM is stuck in before use, by private key required for payment and user information in RF-SIM cards
It preserves into the memory of TEE, to ensure the information being stored in RF-SIM cards on the basis of not contacting REE environment, storage is arrived
In TEE, to complete the initialization of RF-SIM cards, the payment information of safety is provided to the payment processing unit in TEE.So that
After some storages and operational capability by RF-SIM cards are put into the TEE environment of mobile device, payment is effectively being enhanced
While storage and operational capability, the high security of payment process ensure that.
Secondly, in this embodiment of the present invention, payment processing unit adds payment data and user information using private key
It is close to carry out payment processing, improve the realizability of scheme.
In addition, in embodiments of the present invention, as optional implementation steps, the payment processing unit in TEE is to payment
Before data are handled, is combined with biological identification technology and carry out biometric authentication, by the storage of biological characteristic and authenticated
Journey is placed in TEE security contexts and completes, and so that it is had enough storages and computing capability to realize living things feature recognition certification, changes
There is no enough storages and operational capability to carry out the situation of biological support identification certification in traditional RF-SIM cards, and greatly carries
The high safety of mobile payment.
In a mobile device, it is communicated by Modem between RF-SIM cards and safe shared drive, RF-SIM
Block the data transmission between the payment processing unit that operates in TEE and need to first pass through Modem and is forwarded to safe shared drive,
Payment processing unit is communicated with safe shared drive again.The information of method of mobile payment in the embodiment of the present invention is handed over below
Mutually it is described in detail.
Incorporated by reference to Fig. 4, another embodiment that method of mobile payment of the embodiment of the present invention provides, including:
401, Modem receives initialization RF-SIM card commands;
Certain mobile payment device, when RF-SIM card insertions are entered the mobile device, mobile device are used for the first time in user
Application program in REE can detect the RF-SIM cards of insertion, triggering initialization flow, to send out RF-SIM card initializations life
It enables and receives this order to Modem, Modem.
Wherein, Modem is the modem of the communication between other units in RF-SIM cards and mobile device.
402, Modem reads the private key and user information of RF-SIM cards from RF-SIM cards;
After Modem receives RF-SIM card initialization orders, the program in Modem reads RF-SIM cards from RF-SIM cards
The private key of middle payment authentication and the user information being stored in RF-SIM cards.
It should be noted that the user information in the RF-SIM cards read herein refers to the individual needed in payment process
Information may include:Information of mobile user (such as:International mobile subscriber identity (IMSI, International Mobile
Subscriber Identification Number)), bank account information (such as:Bank card account number, payment cipher) etc.,
It does not limit herein specifically.
403, Modem preserves private key and user information to safe shared drive;
Modem preserves the private key of RF-SIM cards and user information after the private key and user information for reading RF-SIM cards
Into safe shared drive.
Wherein, safe shared drive is one piece of storage in mobile device, this is interior, and there are the access control lists of mobile device
Under the control of member, it can only be accessed by TEE and with the Modem of RF-SIM cards connection.Under the support of safe shared drive, RF-SIM
Data interaction can be realized in the case where REE is not involved between card and the application program of TEE, process of guaranteeing payment core data
Safety.
In practical applications, which it is shared interior to may be used the safety that ARM TrustZone technologies are realized
It deposits, other technologies can also be used to realize, do not limited herein specifically.
404, payment processing unit reads the private key and user information of RF-SIM cards from safe shared drive;
Modem preserves the private key of RF-SIM cards and user information to safe shared drive, payment processing unit from
The private key and user information of RF-SIM cards are read in safe shared drive, payment processing unit is that the payment executed in TEE is answered
Use program.
405, payment processing unit preserves private key and user information into the memory of TEE;
Payment processing unit is saved to after reading private key and the user information of RF-SIM cards in safe shared drive
In the memory of TEE, the initialization procedure of RF-SIM cards is completed.
Above step 401 to step 405 is the process of RF-SIM card security initializations, it should be noted that RF-SIM cards
When initialization, other than the private key and user information that read RF-SIM cards, it can also read and need in other payment process
RF-SIM card informations, do not limit specifically herein.
In addition, it is necessary to explanation, step 401 to step 405 is that a kind of more common RF-SIM card safety is initial
Change process, in practical applications, possible there are many methods of initialization RF-SIM cards, as long as can guarantee the private in RF-SIM cards
On the basis of not contacting REE environment, in storage to TEE, the method specifically initialized is not done herein for key and user information
It limits.
406, payment request is received in RF-SIM clampings;
When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field,
RF-SIM cards and payment request side in mobile device establish connection, and payment request direction RF-SIM cards send payment request, should
Include payment request order and payment data in payment request.In fact, receive is carrier wave for RF-SIM clampings, which carries
Payment request.
It should be noted that specifically, the payment request in the embodiment of the present invention can be with certain for transmission payment request
A near field payment services can also be other services or the equipment that can send payment request, not limit herein.
In practical applications, payment data is the transaction data that payment request is sent, and be can specifically include:Transaction odd numbers,
The information such as trade name, transaction amount, do not limit specifically herein.
407, payment request is sent to Modem by RF-SIM cards;
RF-SIM is stuck in receive payment request after, which is sent to Modem.
408, Modem preserves the payment data in payment request to safe shared drive;
After Modem receives the payment request of RF-SIM cards transmission, payment data therein is preserved shared interior to safety
It deposits.
409, payment request order is transmitted to payment processing unit by Modem;
After Modem receives the payment request of RF-SIM cards transmission, payment request order therein is transmitted in REE
Application program, later, mobile device is from REE pattern switchings to TEE patterns, while mobile device again sends out the payment request order
The payment processing unit operated in TEE is given, payment processing unit is the payment application operated in TEE.
410, payment processing unit reads payment data from safe shared drive;
After payment processing unit receives payment request order, payment data is read from safe shared drive.
411, payment processing unit reads the private key and user information of RF-SIM cards from TEE;
Payment processing unit is deposited after receiving payment request order when reading RF-SIM card initializations from TEE memories
Store up RF-SIM cards private key and user information in TEE memories.
412, payment processing unit is encrypted to generate at payment payment data and user information using private key
Manage data;
Payment data is read from safe shared drive in payment processing unit, RF-SIM cards are read from the memory of TEE
Private key and user information after, payment data and user information are encrypted using private key, to generate at encrypted payment
Manage data.
It should be noted that in practical applications, the information that payment processing unit is read includes only not necessarily private key, payment
Data, user information can also include other kinds of information required for payment;Private key encryption is used during payment processing
Data not necessarily only include payment data and user information, can also include other kinds of information required for payment, it is specific this
Place does not limit.
In addition, in practical applications, the mode that data are carried out with payment processing is not necessarily using private key to payment data
It is encrypted with user information, data can also be handled using other modes, not limited herein specifically.
413, payment processing unit preserves payment processing data to safe shared drive;
Payment processing unit payment data and user information are encrypted get paid processing data after, at payment
Reason data are preserved to safe shared drive.
414, Modem reads payment processing data from safe shared drive;
Payment processing data are preserved to safe shared drive, and Modem reads the payment processing from safe shared drive
Data.
415, payment processing data are sent to RF-SIM cards by Modem;
The payment processing data are sent to RF-SIM by Modem after reading payment processing data in safe shared drive
Card.
416, RF-SIM cards send payment processing data to payment request sender.
RF-SIM clampings receive the payment processing data of Modem transmissions, by the RF modules of RF-SIM cards itself by the branch
It pays processing data and is sent to payment request side.
After payment request side receives the payment processing data, the payment behaviour such as withhold is carried out according to the payment processing data
Make, and payment result is returned into the payment application in REE, to inform user's payment result, to complete entire payment
Process.
It in the embodiment of the present invention, is communicated by Modem between RF-SIM cards and safe shared drive, by RF-SIM cards
The payment data of reception, the private key of RF-SIM cards and user information are stored by Modem to safe shared drive, and RF-SIM cards
Payment processing data are read from safe shared drive by Modem, to improve the realizability of scheme.
That the method for mobile payment of the combination of RF-SIM cards and TEE in mobile device is described above, below it is right
The mobile device that RF-SIM cards and TEE are combined is described.
In conjunction with Fig. 5, a kind of mobile device provided in an embodiment of the present invention, including:
RF-SIM cards 501, the payment request for receiving the transmission of payment request side include payment number in the payment request
According to;
Memory 502 in trusted execution environments TEE;
Payment processing unit 503, for obtaining payment data from RF-SIM cards, according to payment data and user information into
Row payment processing gets paid processing data, and payment processing unit is the payment application operated in TEE, user information from
It is obtained in the memory of TEE;
RF-SIM cards 504, are additionally operable to obtain payment processing data from payment processing unit, and branch is sent to payment request side
Pay processing data.
In the embodiment of the present invention, after the RF-SIM cards 501 in mobile device receive the payment request that payment request side is sent,
It is not that total data and payment operation are placed in the CPU of SIM card and run, but by the payment processing unit in mobile device
503 from the payment data obtained in RF-SIM cards 501 in payment request, which is the branch operated in TEE
Application program is paid, later, the payment processing unit 503 in mobile device carries out payment processing according to payment data and user information
Get paid processing data, wherein user information is obtained from the memory of TEE, later, RF-SIM cards 501 in mobile device from
The payment processing data are obtained in payment processing unit 503, and send the payment processing data to payment request side.To realize
Some storages and operational capability by RF-SIM cards are put into the TEE environment of safety of mobile device, are ensureing high security
On the basis of, effectively enhance storage and the operational capability of secure payment.
The structure in RF-SIM cards and payment processing unit is described in detail below.
In conjunction with Fig. 6, a kind of mobile device provided in an embodiment of the present invention, including:
RF-SIM cards 601, the payment request for receiving the transmission of payment request side include payment number in the payment request
According to;
Memory 602 in trusted execution environments TEE;
Payment processing unit 603, for obtaining payment data from RF-SIM cards, according to payment data and user information into
Row payment processing gets paid processing data, and payment processing unit is the payment application operated in TEE, user information from
It is obtained in the memory of TEE;
RF-SIM cards 604, are additionally operable to obtain payment processing data from payment processing unit, and branch is sent to payment request side
Pay processing data.
Wherein, RF-SIM cards 601 include:
First receiving module 6011, for receiving payment request;
First acquisition module 6012, for obtaining payment processing data from payment processing unit;
Sending module 6013, for sending payment processing data to payment request side;
Wherein, payment processing unit 603 includes:
Second acquisition module 6031, for obtaining payment data from RF-SIM cards;
Third acquisition module 6032, for obtaining user information from the memory of TEE;
Processing module 6033 gets paid processing data for carrying out payment processing according to payment data and user information.
In addition, mobile device further includes:Safe shared drive 604;
RF-SIM cards 601 further include:First preserving module 6014, for preserving payment data to safe shared drive
604;Second acquisition module 6031 is specifically used for obtaining payment data from safe shared drive 604.
Payment processing unit 603 further includes:Second preserving module 6034, is total to for preserving payment processing data to safety
Enjoy memory 604;First acquisition module 6012 is specifically used for obtaining payment processing data from safe shared drive 604.
It is described below with interaction of the specific application scenarios between each module of mobile device of the present invention:
When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field,
RF-SIM cards 601 and payment request side in mobile device establish connection, the RF-SIM cards in the mobile device of payment request direction
601 send payment request, include payment data in the payment request.
It should be noted that specifically, the payment request in the embodiment of the present invention can be with certain for transmission payment request
A near field payment services can also be other services or the equipment that can send payment request, not limit herein.
In practical applications, payment data is the transaction data that payment request is sent, and be can specifically include:Transaction odd numbers,
The information such as trade name, transaction amount, do not limit specifically herein.
The first receiving module 6011 in RF-SIM cards 601 in mobile device is in the branch for receiving the transmission of payment request side
After paying request, the first preserving module 6014 in RF-SIM cards 601 preserves the payment data in payment request to mobile device
Safe shared drive 604 in.
Safe shared drive 604 is one piece of storage in mobile device, this is interior, and there are the access control units of mobile device
Control under, can only by TEE and with RF-SIM cards connection discrete cell access.Under the support of safe shared drive 604,
Data interaction can be realized between RF-SIM cards and TEE in the case where REE is not involved in, process of guaranteeing payment core data peace
Entirely.
In practical applications, it is shared interior that the safety that ARM TrustZone technologies are realized may be used in safe shared drive 604
It deposits, other technologies can also be used to realize, do not limited herein specifically.
RF-SIM cards 601 in a mobile device by payment data preserve to mobile device safe shared drive 604 it
Afterwards, the first acquisition module 6031 in payment processing unit 603 reads payment data from safe shared drive 604, at payment
It is the payment application executed in TEE to manage unit 603.
The first acquisition module 6031 in payment processing unit 603 after reading payment data in safe shared drive 604,
Second acquisition module 6032 is again from the RF- being stored in when reading RF-SIM card initializations in the memory of TEE 602 in TEE memories 602
SIM card private key and user information, processing module 6033 carry out payment processing further according to payment data and user information and get paid
Handle data.
It should be noted that the user information being stored in advance in the memory 602 of TEE refers to being needed in process of exchange herein
The personal information wanted may include:Information of mobile user (such as:International mobile subscriber identity (IMSI, International
Mobile Subscriber Identification Number)), bank account information (such as:Bank card account number, payment are close
Code) etc., it does not limit herein specifically.
In practical applications, it includes only above-mentioned that processing module 6033, which carries out the data used when payment processing not necessarily,
The payment data and user information of description can also include other more data, not limit herein specifically.
Processing module 6033 in payment processing unit 603 carries out payment processing according to payment data and user information and obtains
After payment processing data, the second preserving module 6034 in payment processing unit 603, which preserves payment processing data to movement, to be set
Standby safe shared drive.
The second preserving module 6034 in payment processing unit 603 preserves payment processing data to the safety of mobile device
After shared drive 604, the first acquisition module 6012 in RF-SIM cards 601 gets the payment from safe shared drive 604
Handle data.
The first acquisition module 6012 in RF-SIM cards 601 after obtaining payment processing data in safe shared drive 604,
Sending module 6013 sends the payment processing data to payment request side.
After payment request side receives the payment processing data, the payment such as withhold can be carried out according to the payment processing data
Operation, and payment result is returned into the payment application in REE, to inform user's payment result, to complete entire branch
The process of paying.
In the embodiment of the present invention, for the high security for the process of guaranteeing payment, in a mobile device, 601 He of RF-SIM cards
Payment processing unit 603 in TEE is communicated using safe shared drive, under the support of safe shared drive, RF-SIM cards 601
Data interaction is realized in the case where REE is not involved in the payment processing unit 603 in TEE, process of guaranteeing payment core data
Safety.So that after some storages and operational capability by RF-SIM cards 601 are put into the TEE of mobile device, effective
While enhancing storage and the operational capability of payment, the high security of payment process ensure that.
In conjunction with Fig. 7, a kind of mobile device provided in an embodiment of the present invention, including:
RF-SIM cards 701, the payment request for receiving the transmission of payment request side include payment number in the payment request
According to;
Memory 702 in trusted execution environments TEE;
Payment processing unit 703, for obtaining payment data from RF-SIM cards, according to payment data and user information into
Row payment processing gets paid processing data, and payment processing unit is the payment application operated in TEE, user information from
It is obtained in the memory of TEE;
RF-SIM cards 704, are additionally operable to obtain payment processing data from payment processing unit, and branch is sent to payment request side
Pay processing data.
Wherein, RF-SIM cards 701 include:
First receiving module 7011, for receiving payment request;
First acquisition module 7012, for obtaining payment processing data from payment processing unit;
Sending module 7013, for sending payment processing data to payment request side;
Wherein, payment processing unit 703 includes:
Second acquisition module 7031, for obtaining payment data from RF-SIM cards;
Third acquisition module 7032, for obtaining user information from the memory of TEE;
Processing module 7033 gets paid processing data for carrying out payment processing according to payment data and user information.
In addition, mobile device further includes:Safe shared drive 704;
RF-SIM cards 701 further include:First preserving module 7014, for preserving payment data to safe shared drive
704;Second acquisition module 7031 is specifically used for obtaining payment data from safe shared drive 704.
Payment processing unit 703 further includes:Second preserving module 7034, is total to for preserving payment processing data to safety
Enjoy memory 704;First acquisition module 7012 is specifically used for obtaining payment processing data from safe shared drive 704.
Payment processing unit 703 further includes:4th acquisition module 7035, for from RF-SIM cards 701 obtain private key with
User information;Third preserving module 7036, for preserving private key and user information into the memory 702 of TEE.
Processing module 7033 is specifically used for that payment data and user information is encrypted using private key to get paid
Handle data.
RF-SIM cards 701 further include:4th preserving module 7015, for preserving private key and the user information to safety
Shared drive 704;Third acquisition module 7035 is specifically used for reading the private key and described from the safe shared drive 704
User information.
It is described below with interaction of the specific application scenarios between each module of mobile device of the present invention:
When user uses certain mobile device for the first time, and RF-SIM cards 701 are inserted into the mobile device, mobile device
Application program in REE can detect the RF-SIM cards 701 of insertion, to trigger RF-SIM card initialization flows, RF-SIM cards
Initialization flow it is as follows:
The 4th preserving module 7015 in RF-SIM cards 701 will be preset at the private key in RF-SIM cards and user information preserves
Into safe shared drive 704.
Wherein, private key can be the private key for the unsymmetrical key that 701 inside of RF-SIM cards generates, for preventing data from passing
Defeated and storing process is stolen or distorts, and can also be the preset private key of other modes, does not limit herein specifically.
It should be noted that the user information in RF-SIM cards 701 refers to the personal information needed in payment process, it can
To include:Information of mobile user (such as:International mobile subscriber identity (IMSI, International Mobile
Subscriber Identification Number)), bank account information (such as:Bank card account number, payment cipher) etc.,
It does not limit herein specifically.
Safe shared drive 704 is one piece of storage in mobile device, this is interior, and there are the access control units of mobile device
Control under, can only by TEE and with RF-SIM cards connection discrete cell access.Under the support of safe shared drive 704,
Application program in RF-SIM cards 701 and TEE can realize data interaction in the case where REE is not involved in, process of guaranteeing payment
Core data safety.
In practical applications, which it is shared to may be used the safety that ARM TrustZone technologies are realized
Memory can also use other technologies to realize, not limit herein specifically.
The 4th preserving module 7015 in RF-SIM cards 701 will be preset at the private key in RF-SIM cards and user information is protected
After depositing into safe shared drive 704, the 4th acquisition module 7035 in payment processing unit 703 is from safe shared drive
It is the payment application executed in TEE that private key and user information, payment processing unit 703 are read in 704.
The 4th acquisition module 7035 in payment processing unit 703 reads private key and user information from safe shared drive
Later, third preserving module 7036 preserves private key and user information into the memory 702 of TEE, to complete RF-SIM cards
Initialization procedure.
Above step is the process of RF-SIM card security initializations, it should be noted that when RF-SIM cards 701 initialize,
Other than the private key and user information that read RF-SIM cards, the RF-SIM cards letter needed in other payment process can also be read
Breath, does not limit specifically herein.
In addition, it is necessary to explanation, above only a kind of more common RF-SIM card secure initialization procedures, in reality
In, possible there are many methods of initialization RF-SIM cards, as long as can guarantee the private key and user information in RF-SIM cards
On the basis of not contacting REE environment, in storage to TEE, the method specifically initialized does not limit herein.
When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field,
RF-SIM cards 701 and payment request side in mobile device establish connection, the RF-SIM cards in the mobile device of payment request direction
701 send payment request, include payment data in the payment request.
It should be noted that specifically, the payment request in the embodiment of the present invention can be with certain for transmission payment request
A near field payment services can also be other services or the equipment that can send payment request, not limit herein.
In practical applications, payment data is the transaction data that payment request is sent, and be can specifically include:Transaction odd numbers,
The information such as trade name, transaction amount, do not limit specifically herein.
The first receiving module 7011 in RF-SIM cards 701 in mobile device is in the branch for receiving the transmission of payment request side
After paying request, the first preserving module 7014 in RF-SIM cards 701 preserves the payment data in payment request to mobile device
Safe shared drive 704 in.
RF-SIM cards 701 in a mobile device by payment data preserve to mobile device safe shared drive 704 it
Afterwards, the first acquisition module 7031 in payment processing unit 703 reads payment data from safe shared drive 704, at payment
It is the payment application executed in TEE to manage unit 703.
The second acquisition module 7031 in payment processing unit in safe shared drive 704 after reading payment data, and the
Three acquisition modules 7032 are again from the RF- being stored in when reading RF-SIM card initializations in the memory of TEE 702 in the memory 704 of TEE
The private key and user information of SIM card, later, processing module 7033 is encrypted payment data and user information using private key,
To generate encrypted payment processing data.
It should be noted that in practical applications, information that payment processing unit 703 is read include only not necessarily private key,
Payment data, user information can also include other kinds of information required for payment;Processing module 7033 is in payment processing mistake
Payment data and user information are not necessarily only included using the data of private key encryption in journey, can also include other kinds of payment
Required information, does not limit specifically herein.
In addition, in practical applications, the mode that processing module 7033 carries out data payment processing is not necessarily using private
Payment data and user information is encrypted in key, can also be handled data using other modes, not done herein specifically
It limits.
Optionally, the processing module 7033 in payment processing unit 703 uses private key to payment data and user information
Before being encrypted, bio-identification unit can carry out living things feature recognition certification, and detailed process is as follows:
When user opens payment in application, the physical characteristics collecting device in mobile device acquires the first biological characteristic of user
Information after physical characteristics collecting device successful acquisition to the first biological information, operates in the bio-identification trusted application in TEE
Program is by collected first biological information and is stored in advance in the second biological information in TEE and is compared.If the
When one biological information and consistent the second biological information, illustrate that the user of delivery operation is legal, then allows RF-SIM
The private key for the RF-SIM cards that TEE is obtained during card initialization is in available mode, so that the payment processing unit in TEE
The private key of RF-SIM cards can be used to carry out payment processing to payment data and user information.Such as:User opens the branch in REE
It pays using when being paid, payment application can prompt user to carry out fingerprint recognition certification, and user, which puts finger to mobile phone, to be referred to
On line collector, fingerprint inductor will acquire the finger print information of user, be compared with the biological information stored in TEE
It is right.Wherein biological information includes the human body physiological characteristics such as fingerprint, face, iris, retina, sound, pulse, auricle, is removed
Except this, the physiological characteristic of other human bodies can also be included, do not limited herein specifically.
It should be noted that the combination of living things feature recognition authentication techniques and this programme, needs mobile device biological support
Characteristic information acquisition, user have the support for opening the conditions such as biometric authentication function.So biometric authentication step exists
It is optional execution step in the method for payment that RF-SIM cards and TEE are combined.
Processing module 7033 in payment processing unit 703 is encrypted payment data and user information using private key
To after payment processing data, the second preserving module 7034 in payment processing unit 703 preserves payment processing data to movement
The safe shared drive 704 of equipment.
The second preserving module 7034 in payment processing unit 703 preserves payment processing data to the safety of mobile device
After shared drive 704, the first acquisition module 7012 in RF-SIM cards 701 gets the payment from safe shared drive 704
Handle data.
The first acquisition module 7012 in RF-SIM cards 701 after obtaining payment processing data in safe shared drive 704,
Sending module 7013 sends the payment processing data to payment request side.
After payment request side receives the payment processing data, the payment such as withhold can be carried out according to the payment processing data
Operation, and payment result is returned into the payment application in REE, to inform user's payment result, to complete entire branch
The process of paying.
Optionally, as another embodiment, the second acquisition module 7031 in payment processing unit reads payment number
According to before, living things feature recognition certification can be carried out, detailed process is as follows:
In the embodiment of the present invention, RF-SIM cards 701 are before use, by private key required for payment and use in RF-SIM cards 701
In family information preservation to the memory 702 of TEE, to ensure the information being stored in RF-SIM cards 701 in the base for not contacting REE environment
On plinth, in storage to the memory 702 of TEE, to complete the initialization of RF-SIM cards, provided to the payment processing unit 703 in TEE
The payment information of safety.So that some storages and operational capability by RF-SIM cards 701 are put into the TEE environment of mobile device
In after, while storage and the operational capability for effectively enhancing payment, ensure that the high security of payment process.
Secondly, in this embodiment of the present invention, the processing module 7033 in payment processing unit 703 is using private key to paying number
Payment processing is carried out according to being encrypted with user information, improves the realizability of scheme.
In addition, in embodiments of the present invention, as the optional structure element of mobile device, bio-identification unit exists
Payment processing unit in TEE utilizes biological identification technology progress biometric authentication, general before being handled payment data
The storage of biological characteristic and verification process are placed in TEE security contexts and complete, and make it have enough storages and computing capability real
Existing living things feature recognition certification, changing does not have enough storages and operational capability to carry out biological support knowledge in traditional RF-SIM cards
The not situation of certification, and greatly improve the safety of mobile payment.
In conjunction with Fig. 8, a kind of mobile device provided in an embodiment of the present invention, including:
RF-SIM cards 801, the payment request for receiving the transmission of payment request side include payment number in the payment request
According to;
Memory 802 in trusted execution environments TEE;
Payment processing unit 803, for obtaining payment data from RF-SIM cards, according to payment data and user information into
Row payment processing gets paid processing data, and payment processing unit is the payment application operated in TEE, user information from
It is obtained in the memory of TEE;
RF-SIM cards 804, are additionally operable to obtain payment processing data from payment processing unit, and branch is sent to payment request side
Pay processing data.
Wherein, RF-SIM cards 801 include:
First receiving module 8011, for receiving payment request;
First acquisition module 8012, for obtaining payment processing data from payment processing unit;
Sending module 8013, for sending payment processing data to payment request side;
Wherein, payment processing unit 803 includes:
Second acquisition module 8031, for obtaining payment data from RF-SIM cards;
Third acquisition module 8032, for obtaining user information from the memory of TEE;
Processing module 8033 gets paid processing data for carrying out payment processing according to payment data and user information.
In addition, mobile device further includes:Safe shared drive 804;
RF-SIM cards 801 further include:First preserving module 8014, for preserving payment data to safe shared drive
804;Second acquisition module 8031 is specifically used for obtaining payment data from safe shared drive 804.
Payment processing unit 803 further includes:Second preserving module 8034, is total to for preserving payment processing data to safety
Enjoy memory 804;First acquisition module 8012 is specifically used for obtaining payment processing data from safe shared drive 804.
Payment processing unit 803 further includes:4th acquisition module 8035, for from RF-SIM cards 801 obtain private key with
User information;Third preserving module 8036, for preserving private key and user information into the memory 802 of TEE.
Processing module 8033 is specifically used for that payment data and user information is encrypted using private key to get paid
Handle data.
RF-SIM cards 801 further include:4th preserving module 8015, for preserving private key and the user information to safety
Shared drive 804;Third acquisition module 8035 is specifically used for reading the private key and described from the safe shared drive 804
User information.
In addition, mobile device further includes:Modem 805, for being connected with RF-SIM cards, RF-SIM cards pass through Modem
805 are communicated with other modules in mobile device.
It is described below with interaction of the specific application scenarios between each module of mobile device of the present invention:
When user uses certain mobile payment device for the first time, and RF-SIM cards 801 are inserted into the mobile device, mobile device
REE in application program can detect the RF-SIM cards 801 of insertion, triggering initialization flow, at the beginning of sending out RF-SIM cards
Beginningization order receives this order to Modem 805, Modem 805.
After Modem 805 receives RF-SIM card initialization orders, the 4th preserving module 8015 in RF-SIM cards passes through
Modem 805 is from reading in RF-SIM cards 801 private key of payment authentication and be stored in RF-SIM cards 801 in RF-SIM cards 801
In user information.
It should be noted that the user information in the RF-SIM cards 801 read herein refers to being needed in payment process
Personal information may include:Information of mobile user (such as:International mobile subscriber identity (IMSI, International
Mobile Subscriber Identification Number)), bank account information (such as:Bank card account number, payment are close
Code) etc., it does not limit herein specifically.
The 4th preserving module 8015 in RF-SIM cards reads private key and the user of RF-SIM cards 801 by Modem 805
After information, the private key of RF-SIM cards 801 and user information are preserved into safe shared drive 804 by Modem 805.
Wherein, safe shared drive 804 is one piece of storage in mobile device, this is interior, and there are the access controls of mobile device
Under the control of unit, can only by TEE application program and with RF-SIM cards connection Modem 805 access.It is shared in safety
Under the support of memory 804, data can be realized between RF-SIM cards 801 and the application program of TEE in the case where REE is not involved in
Interaction, process of guaranteeing payment core data safety.
In practical applications, which it is shared to may be used the safety that ARM TrustZone technologies are realized
Memory can also use other technologies to realize, not limit herein specifically.
The 4th preserving module 8015 in RF-SIM cards is believed the private key of RF-SIM cards 801 and user by Modem 805
Breath is preserved to after safe shared drive 804, and the 4th acquisition module 8035 in payment processing unit 803 is from safe shared drive
It is the payment application journey executed in TEE that the private key of RF-SIM cards 801 and user information, payment processing unit 803 are read in 804
Sequence.
4th acquisition module 8035 after reading private key and the user information of RF-SIM cards 801 in safe shared drive 804,
Third preserving module 8036 is saved in the memory 802 of TEE, completes the initialization procedure of RF-SIM cards.
Above step is the process of 801 security initialization of RF-SIM cards, it should be noted that RF-SIM801 card initializations
When, other than the private key and user information that read RF-SIM cards 801, the RF- needed in other payment process can also be read
SIM card information does not limit specifically herein.
In addition, it is necessary to explanation, above step is a kind of more common RF-SIM card secure initialization procedures,
In practical application, possible there are many methods of initialization RF-SIM cards, as long as can guarantee the private key in RF-SIM cards and user
On the basis of not contacting REE environment, in storage to TEE, the method specifically initialized does not limit information herein.
When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field,
First receiving module 8011 of the RF-SIM cards 801 in mobile device and payment request side establish connection, payment request direction the
One receiving module 8011 sends payment request, includes payment request order and payment data in the payment request.In fact, first
What receiving module 8011 received is carrier wave, which carries payment request.
It should be noted that specifically, the payment request in the embodiment of the present invention can be with certain for transmission payment request
A near field payment services can also be other services or the equipment that can send payment request, not limit herein.
In practical applications, payment data is the transaction data that payment request is sent, and be can specifically include:Transaction odd numbers,
The information such as trade name, transaction amount, do not limit specifically herein.
For RF-SIM cards 801 after receiving payment request, the first preserving module 8014 in RF-SIM cards 801 can be by the branch
It pays request and is sent to Modem 805.
After Modem 805 receives payment request, payment data therein is preserved to safe shared drive 804.
After Modem 805 receives payment request, payment request order therein is transmitted to the application program in REE,
Later, mobile device is from REE pattern switchings to TEE patterns, while the payment request order is sent to operation by mobile device again
Payment processing unit 803 in TEE, payment processing unit 803 are the payment application operated in TEE.
After payment processing unit 803 receives payment request order, the second acquisition module 8031 is from safe shared drive
Payment data is read in 804.
Second acquisition module 8031 is after receiving payment request order, and third acquisition module 8032 is from TEE memories 802
Read RF-SIM cards private key and the user information being stored in when RF-SIM cards 801 initialize in TEE memories 802.
Second acquisition module 8031 reads payment data from safe shared drive 804, and third acquisition module 8032 is from TEE
Memory 802 in read RF-SIM cards private key and user information after, processing module 8033 use private key to payment data and use
Family information is encrypted, to generate encrypted payment processing data.
It should be noted that in practical applications, information that payment processing unit 803 is read include only not necessarily private key,
Payment data, user information can also include other kinds of information required for payment;Added using private key during payment processing
Close data not necessarily only include payment data and user information, can also include other kinds of information required for payment, tool
Body does not limit herein.
In addition, in practical applications, the mode that processing module 8033 carries out data payment processing is not necessarily using private
Payment data and user information is encrypted in key, can also be handled data using other modes, not done herein specifically
It limits.
Processing module 8033 payment data and user information are encrypted get paid processing data after, second preserve
Module 8034 preserves payment processing data to safe shared drive 804.
Second preserving module 8034 preserves payment processing data to safe shared drive 804, and Modem805 is from safety
The payment processing data are read in shared drive 804.
The payment processing data are sent to by Modem 805 after reading payment processing data in safe shared drive 804
First acquisition module 8012 of RF-SIM cards 801.
After first acquisition module 8012 of RF-SIM cards 801 receives the payment processing data of the transmissions of Modem 805, send
The payment processing data are sent to payment request side by module 8013 by the RF modules of RF-SIM cards 801 itself.
After payment request side receives the payment processing data, the payment behaviour such as withhold is carried out according to the payment processing data
Make, and payment result is returned into the payment application in REE, to inform user's payment result, to complete entire payment
Process.
In the embodiment of the present invention, communicated by Modem805 between RF-SIM cards 801 and safe shared drive 804,
The payment data of the reception of RF-SIM cards 801, the private key of RF-SIM cards 801 and user information are stored by Modem 805 to peace
Full shared drive, and RF-SIM cards 801 read payment processing data by Modem 805 from safe shared drive 804, to
Improve the realizability of scheme.
The above is that the mobile device in the embodiment of the present invention is described from the angle of modular functionality entity, and here is
The mobile device in the embodiment of the present invention is described from the angle of hardware handles, referring to Fig. 9, in the embodiment of the present invention
Another embodiment of mobile device includes:
Input interface 901, output interface 902, processor 903, memory 904, display 905 and RF-SIM cards 906,
The quantity of processor 903 can be one or more in mobile device in middle the present embodiment, in Fig. 9 by taking a processor 903 as an example,
The quantity of memory 904 can be one or more, in Fig. 9 by taking a memory 904 as an example.In some embodiments of the present invention
In, input interface 901, output interface 902, processor 903, memory 904, display 905 and RF-SIM cards 906 can be by total
Line or other means connects, wherein in Fig. 9 for being connected by bus.
Wherein, RF-SIM cards 906 receive the payment request data and payment request order that near field payment services are sent, input
Interface 901 receives instruction of the user by the operation application of display 905, passes through the operational order for calling memory 904 to store, place
Device 903 is managed, for executing following steps:
Payment data is obtained from RF-SIM cards 906, user information is obtained from memory 904;According to payment data and
User information carries out payment processing and gets paid processing data, and payment processing data are stored into memory 904.
In the embodiment of the present invention, processor 903 is additionally operable to execute following steps:Drive RF-SIM cards 906 from memory
Payment processing data are obtained in 904, and payment processing data are sent to payment request side.
In the embodiment of the present invention, processor 903 is additionally operable to execute following steps:Drive RF-SIM cards 906 by payment data
It preserves into memory 904, payment data is obtained from memory 904.
In the embodiment of the present invention, processor 903 is additionally operable to execute following steps:Payment processing data are preserved to memory
In 904;RF-SIM cards 906 are driven to obtain payment processing data from memory 904.
In the embodiment of the present invention, processor 903 is additionally operable to execute following steps:From RF-SIM cards 906 obtain private key and
User information preserves private key and user information into memory 904.
In the embodiment of the present invention, processor 903 carries out payment processing according to payment data and user information and gets paid place
Reason data are specially that payment data and user information are encrypted using private key to get paid processing data.
In the embodiment of the present invention, processor 903 is additionally operable to execute following steps:Drive RF-SIM cards by private key and the use
In family information preservation to memory 904, private key and user information are read from memory 904.
In the embodiment of the present invention, after the RF-SIM cards 906 in mobile device receive the payment request that payment request side is sent,
It is not that total data and payment operation are placed in the CPU of SIM card and are run, but is obtained from RF-SIM cards by processor 903
The payment data in payment request is taken, later, processor 903 carries out payment processing according to payment data and user information and propped up
Processing data are paid, wherein user information obtains by processor 903 from memory 904, and later, RF-SIM cards 906 are from memory
The payment processing data are obtained in 904, and send the payment processing data to payment request side.To realize RF-SIM cards
Some storages and operational capability are put into the TEE environment of safety of mobile device, on the basis of ensureing high security, effectively
Enhance storage and the operational capability of secure payment.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided herein, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be the indirect coupling by some interfaces, device or unit
It closes or communicates to connect, can be electrical, machinery or other forms.
The unit illustrated as separating component may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple
In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list
The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can be stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention
Portion or part steps.And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before
Stating embodiment, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to preceding
The technical solution recorded in each embodiment is stated to modify or equivalent replacement of some of the technical features;And these
Modification or replacement, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.
Claims (8)
1. a kind of method of mobile payment, which is characterized in that including:
RF-SIM clamping revenues and expenditures in mobile device pay requesting party's payment request sent, include payment number in the payment request
According to;
Payment processing unit in mobile device obtains the payment data from the RF-SIM cards in the mobile device, described
Payment processing unit is the payment application operated in trusted execution environments TEE;
Payment processing unit in the mobile device carries out payment processing according to the payment data and user information and is propped up
Processing data are paid, the user information is obtained from the memory of the TEE;
RF-SIM cards in the mobile device obtain the payment processing number from the payment processing unit in the mobile device
According to;
RF-SIM cards in the mobile device send the payment processing data to the payment request side;
Payment processing unit in the mobile device obtains the payment data from the RF-SIM cards in the mobile device
Including:
RF-SIM cards in the mobile device preserve the payment data to safe shared drive, the safe shared drive
It can only be accessed by TEE and with the discrete cell of RF-SIM cards connection;
Payment processing unit in the mobile device reads the payment data from the safe shared drive;
RF-SIM cards in the mobile device obtain the payment processing number from the payment processing unit in the mobile device
According to including:
Payment processing unit in the mobile device preserves the payment processing data to safe shared drive;
RF-SIM cards in the mobile device obtain the payment processing data from the safe shared drive.
2. method of mobile payment according to claim 1, which is characterized in that the method further includes:
The mobile device initializes the RF-SIM cards in the mobile device;
The mobile device carries out initialization to the RF-SIM cards in the mobile device:
Payment processing unit in the mobile device obtains private key and the use from the RF-SIM cards in the mobile device
Family information;
Payment processing unit in the mobile device preserves the private key and the user information to the memory of the TEE
In.
3. method of mobile payment according to claim 2, which is characterized in that the payment processing unit in the mobile device
Getting paid processing data according to the payment data and user information progress payment processing includes:
Payment processing unit in the mobile device carries out the payment data and the user information using the private key
Encryption gets paid processing data.
4. method of mobile payment according to claim 2, which is characterized in that the payment processing unit in the mobile device
Private key is obtained from the RF-SIM cards in the mobile device and the user information includes:
RF-SIM cards in the mobile device preserve the private key and the user information to the safe shared drive;
Payment processing unit in the mobile device reads the private key and user letter from the safe shared drive
Breath.
5. a kind of mobile device, which is characterized in that including:
RF-SIM cards, the payment request for receiving the transmission of payment request side include payment data in the payment request;
The memory of credible performing environment TEE;
Payment processing unit, for obtaining the payment data from the RF-SIM cards, according to the payment data and user
Information carries out payment processing and gets paid processing data, and the payment processing unit is the payment application operated in the TEE
Program, the user information are obtained from the memory of the TEE;
The RF-SIM cards are additionally operable to obtain the payment processing data from the payment processing unit, be asked to the payment
The side of asking sends the payment processing data;
Wherein, the RF-SIM cards include:
First receiving module, for receiving the payment request;
First acquisition module, for obtaining the payment processing data from the payment processing unit;
Sending module, for sending the payment processing data to the payment request side;
The payment processing unit includes:
Second acquisition module, for obtaining the payment data from the RF-SIM cards;
Third acquisition module, for obtaining the user information from the memory of the TEE;
Processing module gets paid processing data for carrying out payment processing according to the payment data and user information;
The mobile device further includes:
Safe shared drive, the safe shared drive can only be accessed by TEE and with the discrete cell of RF-SIM cards connection;
The RF-SIM cards further include:
First preserving module, for preserving the payment data to the safe shared drive;
Second acquisition module is specifically used for obtaining the payment data from the safe shared drive;
The payment processing unit further includes:
Second preserving module, for preserving the payment processing data to the safe shared drive;
First acquisition module is specifically used for obtaining the payment processing data from the safe shared drive.
6. mobile device according to claim 5, which is characterized in that the payment processing unit further includes:
4th acquisition module, for obtaining private key and the user information from the RF-SIM cards;
Third preserving module, for preserving the private key and the user information into the memory of the TEE.
7. mobile device according to claim 6, which is characterized in that the processing module is specifically used for using the private key
The payment data and the user information are encrypted and get paid processing data.
8. mobile device according to claim 6, which is characterized in that
The RF-SIM cards further include:
4th preserving module, for preserving the private key and the user information to the safe shared drive;
The third acquisition module is specifically used for reading the private key and the user information from the safe shared drive.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510144903.1A CN104700268B (en) | 2015-03-30 | 2015-03-30 | A kind of method of mobile payment and mobile device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510144903.1A CN104700268B (en) | 2015-03-30 | 2015-03-30 | A kind of method of mobile payment and mobile device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104700268A CN104700268A (en) | 2015-06-10 |
CN104700268B true CN104700268B (en) | 2018-10-16 |
Family
ID=53347360
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510144903.1A Active CN104700268B (en) | 2015-03-30 | 2015-03-30 | A kind of method of mobile payment and mobile device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104700268B (en) |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105631655A (en) * | 2015-07-23 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | HCE-based mobile payment method, device and mobile terminal |
CN106454528A (en) | 2015-08-07 | 2017-02-22 | 阿里巴巴集团控股有限公司 | Service processing method based on trusted execution environment and client side |
US20180260816A1 (en) * | 2015-09-01 | 2018-09-13 | Huawei Technologies Co., Ltd. | Payment authentication method and apparatus for mobile terminal and mobile terminal |
CN110457959B (en) * | 2015-09-10 | 2023-06-20 | 创新先进技术有限公司 | Information transmission method and device based on Trust application |
CN105356998B (en) * | 2015-09-28 | 2019-06-11 | 宇龙计算机通信科技(深圳)有限公司 | A kind of domain space switching system and method based on TrustZone |
CN105488679B (en) * | 2015-11-23 | 2019-12-03 | 北京小米支付技术有限公司 | Mobile payment device, method and apparatus based on biological identification technology |
CN109150548B (en) * | 2015-12-01 | 2021-10-08 | 神州融安科技(北京)有限公司 | Digital certificate signing and signature checking method and system and digital certificate system |
CN106899551B (en) * | 2015-12-21 | 2020-04-17 | 中国电信股份有限公司 | Authentication method, authentication terminal and system |
CN106899552B (en) * | 2015-12-21 | 2020-03-20 | 中国电信股份有限公司 | Authentication method, authentication terminal and system |
CN108475304B (en) | 2015-12-29 | 2021-08-13 | 华为技术有限公司 | Method and device for associating application program and biological characteristics and mobile terminal |
US20210240807A1 (en) * | 2016-06-30 | 2021-08-05 | Huawei Technologies Co., Ltd. | Authentication method for mobile terminal and mobile terminal |
CN106372891A (en) * | 2016-08-23 | 2017-02-01 | 努比亚技术有限公司 | Payment method and apparatus, and mobile terminal |
WO2018068228A1 (en) * | 2016-10-12 | 2018-04-19 | 华为技术有限公司 | Verification code processing method and mobile terminal |
CN106603229B (en) * | 2016-12-26 | 2019-11-26 | 北京小米支付技术有限公司 | Signing messages generation method and device |
CN107908957B (en) * | 2017-11-03 | 2021-09-17 | 北京邮电大学 | Safe operation management method and system of intelligent terminal |
CN108469962B (en) * | 2018-03-27 | 2020-03-17 | 恒宝股份有限公司 | Mobile terminal based on mobile phone shield and mobile phone shield management method |
CN108664772A (en) * | 2018-04-27 | 2018-10-16 | 北京可信华泰信息技术有限公司 | A method of ensureing security of system |
EP3608813A4 (en) | 2018-05-29 | 2020-07-22 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Verification system, electronic device, verification method, computer-readable storage medium, and computer apparatus |
CN114817895A (en) | 2018-05-29 | 2022-07-29 | Oppo广东移动通信有限公司 | Verification template generation method and generation system, terminal and computer equipment |
CN109034785B (en) * | 2018-07-03 | 2021-02-02 | 四川科道芯国智能技术股份有限公司 | Application switching method and device |
CN110688364A (en) * | 2019-09-05 | 2020-01-14 | Oppo(重庆)智能科技有限公司 | Data transfer method, device, storage medium and electronic equipment |
CN112533196A (en) * | 2020-12-21 | 2021-03-19 | 北京元心科技有限公司 | Trusted starting method and device for mobile terminal equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103714459A (en) * | 2013-12-26 | 2014-04-09 | 电子科技大学 | Secure payment system and method of intelligent terminal |
CN103793815A (en) * | 2014-01-23 | 2014-05-14 | 武汉天喻信息产业股份有限公司 | Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards |
CN103942678A (en) * | 2014-04-01 | 2014-07-23 | 武汉天喻信息产业股份有限公司 | Mobile payment system and method based on trusted execution environment |
-
2015
- 2015-03-30 CN CN201510144903.1A patent/CN104700268B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103714459A (en) * | 2013-12-26 | 2014-04-09 | 电子科技大学 | Secure payment system and method of intelligent terminal |
CN103793815A (en) * | 2014-01-23 | 2014-05-14 | 武汉天喻信息产业股份有限公司 | Mobile intelligent terminal acquirer system and method suitable for bank cards and business cards |
CN103942678A (en) * | 2014-04-01 | 2014-07-23 | 武汉天喻信息产业股份有限公司 | Mobile payment system and method based on trusted execution environment |
Non-Patent Citations (1)
Title |
---|
Enhancing the Security of Mobile Applications by using TEE and (U)SIM;Zaheer Ahmad 等;《2013 IEEE 10th International Conference on Ubiquitous Intelligence & Computing and 2013 IEEE 10th International Conference on Autonomic & Trusted Comupting》;20131231;第575-582页,摘要,图3,第579页第4.1节 * |
Also Published As
Publication number | Publication date |
---|---|
CN104700268A (en) | 2015-06-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104700268B (en) | A kind of method of mobile payment and mobile device | |
KR102622185B1 (en) | Mobile payment devices and mobile payment systems | |
US11743721B2 (en) | Protection of a communication channel between a security module and an NFC circuit | |
US11962616B2 (en) | Protection against rerouting a communication channel of a telecommunication device having an NFC circuit and a secure data circuit | |
Francis et al. | Practical relay attack on contactless transactions by using NFC mobile phones | |
CN101159008B (en) | Mutual authentication method between a communication interface and a host processor of an nfc chipset | |
US11963004B2 (en) | Detection of a rerouting of a communication channel of a telecommunication device connected to an NFC circuit | |
CN105450406B (en) | The method and apparatus of data processing | |
KR101354804B1 (en) | Updating mobile devices with additional elements | |
US20120291095A1 (en) | Independent secure element management | |
US20160086159A1 (en) | Application identifier (aid) prioritization of security module applications | |
US9185561B2 (en) | Protection against rerouting in an NFC circuit communication channel | |
US20130246268A1 (en) | Method and system for dedicated secure processors for handling secure processing in a handheld communication device | |
CN106922193A (en) | Apparatus and method for paying | |
CN102867157A (en) | Mobile terminal and data protecting method | |
CN110096881A (en) | Malice calls means of defence, device, equipment and computer-readable medium | |
CN104915588B (en) | The method for secret protection and device of electronic equipment | |
CN106529236A (en) | Unlocking method, apparatus and system | |
EP3336740A1 (en) | Dynamic secure messaging | |
CN104270342B (en) | The access method and system of virtual desktop | |
CN108271147A (en) | Implementation method, device, terminal and the network side equipment of virtual SIM card | |
CN108322907A (en) | One kind opening chucking method and terminal | |
KR101662947B1 (en) | Method for Providing Session Security by using Secure Operating System | |
CN108989998A (en) | A kind of information processing method and device | |
CN107358127A (en) | A kind of recognition methods of legal chip and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CP02 | Change in the address of a patent holder | ||
CP02 | Change in the address of a patent holder |
Address after: Room 101-105, floor 1, Chuangda building, No. 9, Qinghua East Road, Haidian District, Beijing 100083 (Dongsheng District) Patentee after: Thunder Software Technology Co., Ltd. Address before: 100191 Beijing Haidian District Lung Cheung Road No. 1 Tai Xiang business building 4 layer 401-409 Patentee before: Thunder Software Technology Co., Ltd. |