CN104700268B

CN104700268B - A kind of method of mobile payment and mobile device

Info

Publication number: CN104700268B
Application number: CN201510144903.1A
Authority: CN
Inventors: 杨光; 王四军
Original assignee: ThunderSoft Co Ltd
Current assignee: ThunderSoft Co Ltd
Priority date: 2015-03-30
Filing date: 2015-03-30
Publication date: 2018-10-16
Anticipated expiration: 2035-03-30
Also published as: CN104700268A

Abstract

The embodiment of the invention discloses a kind of method of mobile payment and mobile devices, for the effectively storage of enhancing mobile payment and operational capability.Present invention method includes：RF SIM cards in mobile device receive the payment request that payment request side is sent, and include payment data in the payment request；Payment data is obtained in the RF SIM cards in payment processing unit slave mobile device in mobile device；Payment processing unit in mobile device carries out payment processing according to payment data and user information and gets paid processing data, which obtains from the memory of TEE；Payment processing unit in RF SIM card slave mobile devices in mobile device obtains payment processing data；Payment processing data are sent to payment request side.To realize that some storages by RF SIM cards are put into operational capability in the TEE environment of safety of mobile device, storage and the operational capability of secure payment are effectively enhanced.

Description

A kind of method of mobile payment and mobile device

Technical field

The present invention relates to the communications field more particularly to a kind of method of mobile payment and mobile devices.

Background technology

At present there are mainly three types of technical solutions used in mobile payment, one is near-field communication (NFC, Near Field Communication) serial, including NFC and eNFC, the greatest drawback of this mode is user to use mobile-phone payment, The mobile phone with NFC function must be replaced；Second is the SIMPASS standards based on 13.56MHz；The third is then based on SIM card of new generation (RFID-SIM, Radio the Frequency Identification-based on RFID technique of 2.4GHz SIM), abbreviation RF-SIM cards.It is compared with NFC, RF-SIM technologies only need user to replace SIM card, eliminate the trouble for replacing mobile phone, So RF-SIM mobile payments scheme is widely recognized as in the industry, three China Mobile, China Unicom, China Telecom operators The pilot of large area is carried out in the whole nation, wherein common scene is the applications such as all-in-one campus card, enterprise's all-purpose card.

RF-SIM cards are communicated by the way that the chip of RF to be embedded in the SIM card of standard, are carried out using the CPU in SIM card The application program of operation, payment function runs directly in RF-SIM cards.RF-SIM cards both had common SIM cards the same Functionality mobile communication, and wireless near field communication can be carried out by antenna attached thereto, there is mobile phone on-site payment and body Part authentication function.

With the enhancing of mobile device capability, the demand that more secure payments are completed in mobile device terminal can be increasingly It is more, and since in traditional RF-SIM means of payment, storage and operation in payment process are directly to complete on the sim card , therefore will appear the problem of storage and operational capability deficiency.

Invention content

An embodiment of the present invention provides a kind of method of mobile payment and mobile devices, can be on the basis for ensureing high security On, effectively enhance storage and the operational capability of mobile payment.

In a first aspect, an embodiment of the present invention provides a kind of method of mobile payment, including：

RF-SIM clamping revenues and expenditures in mobile device pay requesting party's payment request sent, include payment in the payment request Data；Payment data is obtained in the RF-SIM cards in payment processing unit slave mobile device in mobile device, the payment processing Unit is the payment application operated in trusted execution environments TEE；Payment processing unit in mobile device is according to branch It pays data and user information carries out payment processing and gets paid processing data, which obtains from the memory of TEE；It is mobile Payment processing unit in RF-SIM card slave mobile devices in equipment obtains payment processing data；RF-SIM in mobile device Block to payment request side and sends payment processing data.

With reference to first aspect, in the first possible realization method of first aspect, the payment processing in mobile device Payment data is obtained in RF-SIM cards in unit slave mobile device includes：RF-SIM cards in mobile device protect payment data It deposits to safe shared drive；Payment processing unit in mobile device reads payment data from safe shared drive.

With reference to first aspect, in second of possible realization method of first aspect, the RF-SIM cards in mobile device Payment processing unit in slave mobile device obtains payment processing data：Payment processing unit in mobile device will be paid Processing data are preserved to safe shared drive；RF-SIM cards in mobile device obtain payment processing number from safe shared drive According to.

With reference to first aspect, in the third possible realization method of first aspect, the method further includes：Movement is set It is standby that RF-SIM cards in mobile device are initialized；The initialization includes：Payment processing unit in mobile device is from shifting Private key and user information are obtained in RF-SIM cards in dynamic equipment；Payment processing unit in mobile device believes private key and user Breath is preserved into the memory of TEE.

The third possible realization method with reference to first aspect, in the 4th kind of possible realization method of first aspect In, the payment processing unit in mobile device carries out payment processing according to payment data and user information and gets paid processing data Including：Payment processing unit in mobile device, which is encrypted payment data and user information using private key, to be got paid Handle data.

The third possible realization method with reference to first aspect, in the 5th kind of possible realization method of first aspect In, it obtains private key in the RF-SIM cards in payment processing unit slave mobile device in mobile device and user information includes：It moves RF-SIM cards in dynamic equipment preserve private key and user information to safe shared drive；Payment processing unit in mobile device Private key and user information are read from safe shared drive.

Second aspect, an embodiment of the present invention provides a kind of mobile devices, including：

RF-SIM cards, the payment request for receiving the transmission of payment request side include payment data in the payment request；

The memory of credible performing environment TEE；

Payment processing unit is carried out for obtaining payment data from RF-SIM cards according to payment data and user information Payment processing gets paid processing data, which is the payment application operated in TEE, the user information It is obtained from the memory of TEE；

RF-SIM cards are additionally operable to obtain payment processing data from payment processing unit, described in the transmission of payment request side The processing data.

In conjunction with second aspect, in the first possible realization method of second aspect, RF-SIM cards include：First receives Module, for receiving payment request；Second receiving module, for obtaining payment processing data from payment processing unit；It sends Module, for sending payment processing data to payment request side；Payment processing unit includes：First acquisition module is used for from RF- Payment data is obtained in SIM card；Second acquisition module, for obtaining user information from the memory of TEE；Processing module is used for Payment processing, which is carried out, according to payment data and user information gets paid processing data.

In conjunction with the first possible realization method of second aspect, in second of possible realization method of second aspect In, mobile device further includes：Safe shared drive；RF-SIM cards further include：First preserving module, for preserving payment data To safe shared drive；First acquisition module is specifically used for obtaining payment data from safe shared drive.

In conjunction with the first possible realization method of second aspect, in the third possible realization method of second aspect In, mobile device further includes：Safe shared drive；Payment processing unit further includes：Second preserving module is used for payment processing Data are preserved to safe shared drive；Second receiving module is specifically used for obtaining payment processing data from safe shared drive.

In conjunction with the first possible realization method of second aspect, in the 4th kind of possible realization method of second aspect In, payment processing unit further includes：Third acquisition module, for obtaining private key and user information from RF-SIM cards；Third is protected Storing module, for preserving private key and user information into the memory of TEE.

In conjunction with the first possible realization method of second aspect, in the 5th kind of possible realization method of second aspect In, processing module is specifically used for that payment data and user information is encrypted using private key to get paid processing data.

In conjunction with the first possible realization method of second aspect, in the 6th kind of possible realization method of second aspect In, mobile device further includes：Safe shared drive；RF-SIM cards further include：Third preserving module, for believing private key and user Breath is preserved to safe shared drive；Third acquisition module is specifically used for reading the private key and the use from safe shared drive Family information.

As can be seen from the above technical solutions, the scheme of the embodiment of the present invention has the advantages that：

In the embodiment of the present invention, after the RF-SIM clamping revenues and expenditures in mobile device pay the payment request that requesting party sends, and Total data and payment operation are not placed in the CPU of SIM card and are run, by the payment processing unit in mobile device from In RF-SIM cards obtain payment request in payment data, the payment processing unit be operate in trusted execution environments (TEE, Trusted Execution Environment) in payment application, later, the payment processing unit in mobile device Payment processing is carried out according to payment data and user information and gets paid processing data, and wherein user information is from the memory of TEE It obtains, later, the RF-SIM cards in mobile device obtain the payment processing data from payment processing unit, and to payment request Side sends the payment processing data.The safety of mobile device is put into realize some storages by RF-SIM cards with operational capability TEE environment in, on the basis of ensureing high security, effectively enhance storage and the operational capability of secure payment.

Description of the drawings

Fig. 1 is a kind of flow chart of method of mobile payment in the embodiment of the present invention；

Fig. 2 is another flow chart of method of mobile payment in the embodiment of the present invention；

Fig. 3 is another flow chart of method of mobile payment in the embodiment of the present invention；

Fig. 4 is the information exchange flow chart of method of mobile payment in the embodiment of the present invention；

Fig. 5 is the embodiment schematic diagram of mobile device in the embodiment of the present invention；

Fig. 6 is another embodiment schematic diagram of mobile device in the embodiment of the present invention；

Fig. 7 is another embodiment schematic diagram of mobile device in the embodiment of the present invention；

Fig. 8 is another embodiment schematic diagram of mobile device in the embodiment of the present invention；

The structural schematic diagram of mobile device in Fig. 9 embodiment of the present invention.

Specific implementation mode

An embodiment of the present invention provides a kind of method of mobile payment and mobile payment device, for by RF-SIM cards some Storage and operational capability are put into the TEE environment of safety of mobile device, on the basis of ensureing high security, are effectively enhanced The storage of secure payment and operational capability.It is described in detail separately below.

In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The every other embodiment that member is obtained without making creative work should all belong to the model that the present invention protects It encloses.

Term " first ", " second ", " third " " in description and claims of this specification and above-mentioned attached drawing The (if present)s such as four " are for distinguishing similar object, without being used to describe specific sequence or precedence.It should manage The data that solution uses in this way can be interchanged in the appropriate case, so that the embodiments described herein can be in addition to illustrating herein Or the sequence other than the content of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that Cover it is non-exclusive include, for example, containing the process of series of steps or unit, method, system, product or equipment need not limit In those of clearly listing step or unit, but may include not listing clearly or for these processes, method, production The intrinsic other steps of product or equipment or unit.

The major function of RF-SIM cards includes：The functions such as the SIM mobile communication of standard, authentication, electronic purse function, remotely Payment function, super vip card function etc..The SIM card part of RF-SIM cards is used for normal mobile communication, and embedded software is for managing RF-ID, built-in e-credit e-credit, EMV stored value cards and the VIP member cards for managing high degree of safety, use RF modules And pass through built-in antenna and peripheral device communication.

Trusted execution environments (TEE, Trusted Execution Environment) are believable running environment, are With trustless performing environment (REE, Rich Execution Environment) independent operating system, such as Android For REE.When program inside TEE is run, its code and region of memory is controlled by access control unit, cannot It is accessed by the program in REE.Program inside TEE generally can only passively be called, and the mobile device overwhelming majority time is all Operate in REE environment.

In current mobile device market, many equipment have had been provided with the function of supporting TEE, with ARM's TrustZone technologies are representative, which has been integrated into high pass, MTK, in many chips of the chips such as apple manufacturer, these Chip also supports that a TEE system environments, two environment are isolation while supporting REE (Android, IOS). TrustZone technologies are closely integrated with Cortex-A processors, and are passed throughAXI buses and specific TrustZone system IP blocks are extended in systems.This systems approach means that secure memory, cryptographic block, key can be protected The peripheral hardwares such as disk and screen, to can ensure that them from software attacks.

The embodiment of the present invention is to combine the TEE system environments in RF-SIM cards and mobile device, a kind of movement provided Method of payment and corresponding mobile device, in actual application scenarios, this method can be applied to mobile phone, tablet etc. and carry RF-SIM cards and the mobile device for supporting TEE system environments.

In the present embodiment, there are two kinds of operating modes of REE and TEE in mobile device, it can be according to different needs at this Switch in both of which.Application program medium security level requires low part to may operate in REE environment, to safety requirements height Part may operate in TEE environment, particularly for the present embodiment payment application for, with user by the interfaces UI into The program of row interactive portion is executed in REE, and the part interacted with payment data executes in TEE, the branch executed in TEE It is payment processing unit to pay application program.

In conjunction with Fig. 1, one embodiment of method of mobile payment of the embodiment of the present invention includes：

101, the RF-SIM clamping revenues and expenditures in mobile device pay requesting party's payment request sent；

When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field, RF-SIM cards and payment request side in mobile device establish connection, and the RF-SIM cards in the mobile device of payment request direction are sent Payment request includes payment data in the payment request.

It should be noted that specifically, the payment request in the embodiment of the present invention can be with certain for transmission payment request A near field payment services can also be other services or the equipment that can send payment request, not limit herein.

In practical applications, payment data is the transaction data that payment request is sent, and be can specifically include：Transaction odd numbers, The information such as trade name, transaction amount, do not limit specifically herein.

102, payment data is obtained in the RF-SIM cards in the payment processing unit slave mobile device in mobile device；

After RF-SIM clampings in a mobile device receive the payment request of payment request side's transmission, the branch in mobile device Pay processing unit from RF-SIM cards acquisition the payment request in payment data.Payment processing unit is to operate in mobile device In TEE environment with pay relevant application program.

103, the payment processing unit in mobile device is propped up according to payment data and user information progress payment processing Pay processing data；

After payment processing unit in mobile device gets payment data, is read from TEE and be stored in advance in TEE memories In user information, then the payment data got and user information are subjected to payment processing, processing number are got paid after processing According to.

It should be noted that the user information being stored in advance in TEE refers to the individual needed in process of exchange herein Information may include：Information of mobile user (such as：International mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number)), bank account information (such as：Bank card account number, payment cipher) etc., It does not limit herein specifically.

In practical applications, it includes only above-mentioned that payment processing unit, which carries out the data used when payment processing not necessarily, The payment data and user information of description can also include other more data, not limit herein specifically.

104, payment processing unit obtains payment processing data in the RF-SIM card slave mobile devices in mobile device；

Payment processing unit in a mobile device carries out payment processing to payment data and user data and gets paid place After managing data, RF-SIM cards obtain the payment processing data.

105, the RF-SIM cards in mobile device send payment processing data to payment request side.

RF-SIM in mobile device is stuck in get payment processing data after, send the payment processing to payment request side Data.

In the embodiment of the present invention, after the RF-SIM clamping revenues and expenditures in mobile device pay the payment request that requesting party sends, and Total data and payment operation are not placed in the CPU of SIM card and are run, by the payment processing unit in mobile device from The payment data in payment request is obtained in RF-SIM cards, which is the payment application operated in TEE, Later, the payment processing unit in mobile device carries out payment processing according to payment data and user information and gets paid processing number According to wherein user information is obtained from the memory of TEE, and later, the RF-SIM cards in mobile device are obtained from payment processing unit The payment processing data are taken, and the payment processing data are sent to payment request side.Some of RF-SIM cards are deposited to realize Storage and operational capability are put into the TEE environment of safety of mobile device, on the basis of ensureing high security, are effectively enhanced The storage of secure payment and operational capability.

In a mobile device, it is not direct communication between RF-SIM cards and TEE, but uses safe shared drive logical Letter, the method for mobile payment combined below to RF-SIM cards and TEE based on safe shared drive are described in detail.

Incorporated by reference to Fig. 2, another embodiment that method of mobile payment of the embodiment of the present invention provides, including：

201, the RF-SIM clamping revenues and expenditures in mobile device pay requesting party's payment request sent；

202, the RF-SIM cards in mobile device preserve payment data to safe shared drive；

It, will be in payment request after RF-SIM in mobile device is stuck in the payment request for receiving the transmission of payment request side Payment data is preserved into the safe shared drive of mobile device.

Safe shared drive is one piece of storage in mobile device, this is interior, and there are the controls of the access control unit of mobile device Under system, it can only be accessed by TEE and with the discrete cell of RF-SIM cards connection.Under the support of safe shared drive, RF-SIM cards Data interaction can be realized in the case where REE is not involved between TEE, process of guaranteeing payment core data safety.

In practical applications, which it is shared interior to may be used the safety that ARM TrustZone technologies are realized It deposits, other technologies can also be used to realize, do not limited herein specifically.

203, the payment processing unit in mobile device reads payment data from safe shared drive；

RF-SIM cards in a mobile device preserve payment data to the safe shared drive of mobile device, payment Processing unit reads payment data from safe shared drive, and payment processing unit is the payment application executed in TEE.

204, the payment processing unit in mobile device is propped up according to payment data and user information progress payment processing Pay processing data；

Payment processing unit in mobile device in safe shared drive after reading payment data, then from the memory of TEE RF-SIM cards private key and the user information being stored in when middle reading RF-SIM card initializations in TEE memories, further according to payment data Payment processing, which is carried out, with user information gets paid processing data.

It should be noted that the user information being stored in advance in TEE memories refers to being needed in process of exchange herein Personal information may include：Information of mobile user (such as：International mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number)), bank account information (such as：Bank card account number, payment are close Code) etc., it does not limit herein specifically.

205, the payment processing unit in mobile device preserves payment processing data to safe shared drive；

Payment processing unit in mobile device carries out payment processing according to payment data and user information and gets paid place After managing data, payment processing data are preserved to the safe shared drive of mobile device.

206, the RF-SIM cards in mobile device obtain payment processing data from safe shared drive；

Payment processing unit in mobile device preserves payment processing data to the safe shared drive of mobile device, RF-SIM cards in mobile device get the payment processing data from safe shared drive.

207, the RF-SIM cards in mobile device send payment processing data to payment request side.

RF-SIM cards in mobile device are sent out after obtaining payment processing data in safe shared drive to payment request side Give the payment processing data.

After payment request side receives the payment processing data, the payment such as withhold can be carried out according to the payment processing data Operation, and payment result is returned into the payment application in REE, to inform user's payment result, to complete entire branch The process of paying.

In the embodiment of the present invention, for the high security for the process of guaranteeing payment, in a mobile device, RF-SIM cards and TEE Between using safe shared drive communicate, under the support of safe shared drive, between RF-SIM cards and TEE can REE not Data interaction is realized in the case of intervention, process of guaranteeing payment core data safety.So that some by RF-SIM cards are deposited After storage and operational capability are put into the TEE of mobile device, while storage and the operational capability for effectively enhancing payment, protect The high security of payment process is demonstrate,proved.

In the scheme based on RF-SIM cards and TEE, RF-SIM be stuck in before use, need carry out security initialization, below The process initialized to RF-SIM cards is described in detail.

In conjunction with Fig. 3, another embodiment that the method for mobile payment in the embodiment of the present invention provides, including：

301, the RF-SIM cards in mobile device preserve private key and user information into safe shared drive；

Certain mobile device is used for the first time in user, when RF-SIM card insertions are entered the mobile device, in the REE of mobile device Application program can detect the RF-SIM cards of insertion, to trigger RF-SIM card initialization flows, the initialization of RF-SIM cards Flow is as follows：

RF-SIM cards in mobile device, which preserve the private key being preset in RF-SIM cards and user information to safety, to be shared In memory.

Wherein, private key can be the private key of the unsymmetrical key generated inside RF-SIM cards, for preventing data from transmitting It is stolen or distorts with storing process, can also be the preset private key of other modes, do not limit herein specifically.

It, can be with it should be noted that the user information in RF-SIM cards refers to the personal information needed in payment process Including：Information of mobile user (such as：International mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number)), bank account information (such as：Bank card account number, payment cipher) etc., It does not limit herein specifically.

302, the payment processing unit in mobile device reads private key and user information from safe shared drive；

RF-SIM cards in a mobile device, which preserve the private key being preset in RF-SIM cards and user information to safety, to be total to After enjoying in memory, the payment processing unit in mobile device reads private key and user information from safe shared drive, payment Processing unit is the payment application executed in TEE.

303, the payment processing unit in mobile device preserves private key and user information into the memory of TEE；

Payment processing unit in mobile device in safe shared drive after reading private key and user information, at payment Reason unit preserves private key and user information into the memory of TEE, to complete the initialization procedure of RF-SIM cards.

Above step 301 to step 303 is the process of RF-SIM card security initializations, it should be noted that RF-SIM cards When initialization, other than the private key and user information that read RF-SIM cards, it can also read and need in other payment process RF-SIM card informations, do not limit specifically herein.

In addition, it is necessary to explanation, step 301 to step 303 is that a kind of more common RF-SIM card safety is initial Change process, in practical applications, possible there are many methods of initialization RF-SIM cards, as long as can guarantee the private in RF-SIM cards On the basis of not contacting REE environment, in storage to TEE, the method specifically initialized is not done herein for key and user information It limits.

In the present embodiment, step 304 to step 306 is identical to step 203 as the step 201 in embodiment illustrated in fig. 2, this Place does not repeat.

307, the payment processing unit in mobile device is encrypted payment data and user information using private key Get paid processing data；

Payment processing unit in mobile device in safe shared drive after reading payment data, then from the memory of TEE RF-SIM cards private key and the user information being stored in when middle reading RF-SIM card initializations in TEE memories, later, payment processing list Member is encrypted payment data and user information using private key, to generate encrypted payment processing data.

It should be noted that in practical applications, the information that payment processing unit is read includes only not necessarily private key, payment Data, user information can also include other kinds of information required for payment；Private key encryption is used during payment processing Data not necessarily only include payment data and user information, can also include other kinds of information required for payment, it is specific this Place does not limit.

In addition, in practical applications, the mode that data are carried out with payment processing is not necessarily using private key to payment data It is encrypted with user information, data can also be handled using other modes, not limited herein specifically.

Optionally, before step 307, living things feature recognition certification can be carried out, detailed process is as follows：

When user opens payment in application, the physical characteristics collecting device in mobile device acquires the first biological characteristic of user Information after physical characteristics collecting device successful acquisition to the first biological information, operates in the bio-identification trusted application in TEE Program is by collected first biological information and is stored in advance in the second biological information in TEE and is compared.If the When one biological information and consistent the second biological information, illustrate that the user of delivery operation is legal, then allows RF-SIM The private key for the RF-SIM cards that TEE is obtained during card initialization is in available mode, so that the payment processing unit in TEE The private key of RF-SIM cards can be used to carry out payment processing to payment data and user information.Such as：User opens the branch in REE It pays using when being paid, payment application can prompt user to carry out fingerprint recognition certification, and user, which puts finger to mobile phone, to be referred to On line collector, fingerprint inductor will acquire the finger print information of user, be compared with the biological information stored in TEE It is right.Wherein biological information includes the human body physiological characteristics such as fingerprint, face, iris, retina, sound, pulse, auricle, is removed Except this, the physiological characteristic of other human bodies can also be included, do not limited herein specifically.

It should be noted that the combination of living things feature recognition authentication techniques and this programme, needs mobile device biological support Characteristic information acquisition, user have the support for opening the conditions such as biometric authentication function.So biometric authentication step exists It is optional execution step in the method for payment that RF-SIM cards and TEE are combined.

In the present embodiment, step 308 to step 310 is identical to step 207 as the step 205 in embodiment illustrated in fig. 2, this Place does not repeat.

In the embodiment of the present invention, RF-SIM is stuck in before use, by private key required for payment and user information in RF-SIM cards It preserves into the memory of TEE, to ensure the information being stored in RF-SIM cards on the basis of not contacting REE environment, storage is arrived In TEE, to complete the initialization of RF-SIM cards, the payment information of safety is provided to the payment processing unit in TEE.So that After some storages and operational capability by RF-SIM cards are put into the TEE environment of mobile device, payment is effectively being enhanced While storage and operational capability, the high security of payment process ensure that.

Secondly, in this embodiment of the present invention, payment processing unit adds payment data and user information using private key It is close to carry out payment processing, improve the realizability of scheme.

In addition, in embodiments of the present invention, as optional implementation steps, the payment processing unit in TEE is to payment Before data are handled, is combined with biological identification technology and carry out biometric authentication, by the storage of biological characteristic and authenticated Journey is placed in TEE security contexts and completes, and so that it is had enough storages and computing capability to realize living things feature recognition certification, changes There is no enough storages and operational capability to carry out the situation of biological support identification certification in traditional RF-SIM cards, and greatly carries The high safety of mobile payment.

In a mobile device, it is communicated by Modem between RF-SIM cards and safe shared drive, RF-SIM Block the data transmission between the payment processing unit that operates in TEE and need to first pass through Modem and is forwarded to safe shared drive, Payment processing unit is communicated with safe shared drive again.The information of method of mobile payment in the embodiment of the present invention is handed over below Mutually it is described in detail.

Incorporated by reference to Fig. 4, another embodiment that method of mobile payment of the embodiment of the present invention provides, including：

401, Modem receives initialization RF-SIM card commands；

Certain mobile payment device, when RF-SIM card insertions are entered the mobile device, mobile device are used for the first time in user Application program in REE can detect the RF-SIM cards of insertion, triggering initialization flow, to send out RF-SIM card initializations life It enables and receives this order to Modem, Modem.

Wherein, Modem is the modem of the communication between other units in RF-SIM cards and mobile device.

402, Modem reads the private key and user information of RF-SIM cards from RF-SIM cards；

After Modem receives RF-SIM card initialization orders, the program in Modem reads RF-SIM cards from RF-SIM cards The private key of middle payment authentication and the user information being stored in RF-SIM cards.

It should be noted that the user information in the RF-SIM cards read herein refers to the individual needed in payment process Information may include：Information of mobile user (such as：International mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number)), bank account information (such as：Bank card account number, payment cipher) etc., It does not limit herein specifically.

403, Modem preserves private key and user information to safe shared drive；

Modem preserves the private key of RF-SIM cards and user information after the private key and user information for reading RF-SIM cards Into safe shared drive.

Wherein, safe shared drive is one piece of storage in mobile device, this is interior, and there are the access control lists of mobile device Under the control of member, it can only be accessed by TEE and with the Modem of RF-SIM cards connection.Under the support of safe shared drive, RF-SIM Data interaction can be realized in the case where REE is not involved between card and the application program of TEE, process of guaranteeing payment core data Safety.

404, payment processing unit reads the private key and user information of RF-SIM cards from safe shared drive；

Modem preserves the private key of RF-SIM cards and user information to safe shared drive, payment processing unit from The private key and user information of RF-SIM cards are read in safe shared drive, payment processing unit is that the payment executed in TEE is answered Use program.

405, payment processing unit preserves private key and user information into the memory of TEE；

Payment processing unit is saved to after reading private key and the user information of RF-SIM cards in safe shared drive In the memory of TEE, the initialization procedure of RF-SIM cards is completed.

Above step 401 to step 405 is the process of RF-SIM card security initializations, it should be noted that RF-SIM cards When initialization, other than the private key and user information that read RF-SIM cards, it can also read and need in other payment process RF-SIM card informations, do not limit specifically herein.

In addition, it is necessary to explanation, step 401 to step 405 is that a kind of more common RF-SIM card safety is initial Change process, in practical applications, possible there are many methods of initialization RF-SIM cards, as long as can guarantee the private in RF-SIM cards On the basis of not contacting REE environment, in storage to TEE, the method specifically initialized is not done herein for key and user information It limits.

406, payment request is received in RF-SIM clampings；

When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field, RF-SIM cards and payment request side in mobile device establish connection, and payment request direction RF-SIM cards send payment request, should Include payment request order and payment data in payment request.In fact, receive is carrier wave for RF-SIM clampings, which carries Payment request.

407, payment request is sent to Modem by RF-SIM cards；

RF-SIM is stuck in receive payment request after, which is sent to Modem.

408, Modem preserves the payment data in payment request to safe shared drive；

After Modem receives the payment request of RF-SIM cards transmission, payment data therein is preserved shared interior to safety It deposits.

409, payment request order is transmitted to payment processing unit by Modem；

After Modem receives the payment request of RF-SIM cards transmission, payment request order therein is transmitted in REE Application program, later, mobile device is from REE pattern switchings to TEE patterns, while mobile device again sends out the payment request order The payment processing unit operated in TEE is given, payment processing unit is the payment application operated in TEE.

410, payment processing unit reads payment data from safe shared drive；

After payment processing unit receives payment request order, payment data is read from safe shared drive.

411, payment processing unit reads the private key and user information of RF-SIM cards from TEE；

Payment processing unit is deposited after receiving payment request order when reading RF-SIM card initializations from TEE memories Store up RF-SIM cards private key and user information in TEE memories.

412, payment processing unit is encrypted to generate at payment payment data and user information using private key Manage data；

Payment data is read from safe shared drive in payment processing unit, RF-SIM cards are read from the memory of TEE Private key and user information after, payment data and user information are encrypted using private key, to generate at encrypted payment Manage data.

413, payment processing unit preserves payment processing data to safe shared drive；

Payment processing unit payment data and user information are encrypted get paid processing data after, at payment Reason data are preserved to safe shared drive.

414, Modem reads payment processing data from safe shared drive；

Payment processing data are preserved to safe shared drive, and Modem reads the payment processing from safe shared drive Data.

415, payment processing data are sent to RF-SIM cards by Modem；

The payment processing data are sent to RF-SIM by Modem after reading payment processing data in safe shared drive Card.

416, RF-SIM cards send payment processing data to payment request sender.

RF-SIM clampings receive the payment processing data of Modem transmissions, by the RF modules of RF-SIM cards itself by the branch It pays processing data and is sent to payment request side.

After payment request side receives the payment processing data, the payment behaviour such as withhold is carried out according to the payment processing data Make, and payment result is returned into the payment application in REE, to inform user's payment result, to complete entire payment Process.

It in the embodiment of the present invention, is communicated by Modem between RF-SIM cards and safe shared drive, by RF-SIM cards The payment data of reception, the private key of RF-SIM cards and user information are stored by Modem to safe shared drive, and RF-SIM cards Payment processing data are read from safe shared drive by Modem, to improve the realizability of scheme.

That the method for mobile payment of the combination of RF-SIM cards and TEE in mobile device is described above, below it is right The mobile device that RF-SIM cards and TEE are combined is described.

In conjunction with Fig. 5, a kind of mobile device provided in an embodiment of the present invention, including：

RF-SIM cards 501, the payment request for receiving the transmission of payment request side include payment number in the payment request According to；

Memory 502 in trusted execution environments TEE；

Payment processing unit 503, for obtaining payment data from RF-SIM cards, according to payment data and user information into Row payment processing gets paid processing data, and payment processing unit is the payment application operated in TEE, user information from It is obtained in the memory of TEE；

RF-SIM cards 504, are additionally operable to obtain payment processing data from payment processing unit, and branch is sent to payment request side Pay processing data.

In the embodiment of the present invention, after the RF-SIM cards 501 in mobile device receive the payment request that payment request side is sent, It is not that total data and payment operation are placed in the CPU of SIM card and run, but by the payment processing unit in mobile device 503 from the payment data obtained in RF-SIM cards 501 in payment request, which is the branch operated in TEE Application program is paid, later, the payment processing unit 503 in mobile device carries out payment processing according to payment data and user information Get paid processing data, wherein user information is obtained from the memory of TEE, later, RF-SIM cards 501 in mobile device from The payment processing data are obtained in payment processing unit 503, and send the payment processing data to payment request side.To realize Some storages and operational capability by RF-SIM cards are put into the TEE environment of safety of mobile device, are ensureing high security On the basis of, effectively enhance storage and the operational capability of secure payment.

The structure in RF-SIM cards and payment processing unit is described in detail below.

In conjunction with Fig. 6, a kind of mobile device provided in an embodiment of the present invention, including：

RF-SIM cards 601, the payment request for receiving the transmission of payment request side include payment number in the payment request According to；

Memory 602 in trusted execution environments TEE；

Payment processing unit 603, for obtaining payment data from RF-SIM cards, according to payment data and user information into Row payment processing gets paid processing data, and payment processing unit is the payment application operated in TEE, user information from It is obtained in the memory of TEE；

RF-SIM cards 604, are additionally operable to obtain payment processing data from payment processing unit, and branch is sent to payment request side Pay processing data.

Wherein, RF-SIM cards 601 include：

First receiving module 6011, for receiving payment request；

First acquisition module 6012, for obtaining payment processing data from payment processing unit；

Sending module 6013, for sending payment processing data to payment request side；

Wherein, payment processing unit 603 includes：

Second acquisition module 6031, for obtaining payment data from RF-SIM cards；

Third acquisition module 6032, for obtaining user information from the memory of TEE；

Processing module 6033 gets paid processing data for carrying out payment processing according to payment data and user information.

In addition, mobile device further includes：Safe shared drive 604；

RF-SIM cards 601 further include：First preserving module 6014, for preserving payment data to safe shared drive 604；Second acquisition module 6031 is specifically used for obtaining payment data from safe shared drive 604.

Payment processing unit 603 further includes：Second preserving module 6034, is total to for preserving payment processing data to safety Enjoy memory 604；First acquisition module 6012 is specifically used for obtaining payment processing data from safe shared drive 604.

It is described below with interaction of the specific application scenarios between each module of mobile device of the present invention：

When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field, RF-SIM cards 601 and payment request side in mobile device establish connection, the RF-SIM cards in the mobile device of payment request direction 601 send payment request, include payment data in the payment request.

The first receiving module 6011 in RF-SIM cards 601 in mobile device is in the branch for receiving the transmission of payment request side After paying request, the first preserving module 6014 in RF-SIM cards 601 preserves the payment data in payment request to mobile device Safe shared drive 604 in.

Safe shared drive 604 is one piece of storage in mobile device, this is interior, and there are the access control units of mobile device Control under, can only by TEE and with RF-SIM cards connection discrete cell access.Under the support of safe shared drive 604, Data interaction can be realized between RF-SIM cards and TEE in the case where REE is not involved in, process of guaranteeing payment core data peace Entirely.

In practical applications, it is shared interior that the safety that ARM TrustZone technologies are realized may be used in safe shared drive 604 It deposits, other technologies can also be used to realize, do not limited herein specifically.

RF-SIM cards 601 in a mobile device by payment data preserve to mobile device safe shared drive 604 it Afterwards, the first acquisition module 6031 in payment processing unit 603 reads payment data from safe shared drive 604, at payment It is the payment application executed in TEE to manage unit 603.

The first acquisition module 6031 in payment processing unit 603 after reading payment data in safe shared drive 604, Second acquisition module 6032 is again from the RF- being stored in when reading RF-SIM card initializations in the memory of TEE 602 in TEE memories 602 SIM card private key and user information, processing module 6033 carry out payment processing further according to payment data and user information and get paid Handle data.

It should be noted that the user information being stored in advance in the memory 602 of TEE refers to being needed in process of exchange herein The personal information wanted may include：Information of mobile user (such as：International mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number)), bank account information (such as：Bank card account number, payment are close Code) etc., it does not limit herein specifically.

In practical applications, it includes only above-mentioned that processing module 6033, which carries out the data used when payment processing not necessarily, The payment data and user information of description can also include other more data, not limit herein specifically.

Processing module 6033 in payment processing unit 603 carries out payment processing according to payment data and user information and obtains After payment processing data, the second preserving module 6034 in payment processing unit 603, which preserves payment processing data to movement, to be set Standby safe shared drive.

The second preserving module 6034 in payment processing unit 603 preserves payment processing data to the safety of mobile device After shared drive 604, the first acquisition module 6012 in RF-SIM cards 601 gets the payment from safe shared drive 604 Handle data.

The first acquisition module 6012 in RF-SIM cards 601 after obtaining payment processing data in safe shared drive 604, Sending module 6013 sends the payment processing data to payment request side.

In the embodiment of the present invention, for the high security for the process of guaranteeing payment, in a mobile device, 601 He of RF-SIM cards Payment processing unit 603 in TEE is communicated using safe shared drive, under the support of safe shared drive, RF-SIM cards 601 Data interaction is realized in the case where REE is not involved in the payment processing unit 603 in TEE, process of guaranteeing payment core data Safety.So that after some storages and operational capability by RF-SIM cards 601 are put into the TEE of mobile device, effective While enhancing storage and the operational capability of payment, the high security of payment process ensure that.

In conjunction with Fig. 7, a kind of mobile device provided in an embodiment of the present invention, including：

RF-SIM cards 701, the payment request for receiving the transmission of payment request side include payment number in the payment request According to；

Memory 702 in trusted execution environments TEE；

Payment processing unit 703, for obtaining payment data from RF-SIM cards, according to payment data and user information into Row payment processing gets paid processing data, and payment processing unit is the payment application operated in TEE, user information from It is obtained in the memory of TEE；

RF-SIM cards 704, are additionally operable to obtain payment processing data from payment processing unit, and branch is sent to payment request side Pay processing data.

Wherein, RF-SIM cards 701 include：

First receiving module 7011, for receiving payment request；

First acquisition module 7012, for obtaining payment processing data from payment processing unit；

Sending module 7013, for sending payment processing data to payment request side；

Wherein, payment processing unit 703 includes：

Second acquisition module 7031, for obtaining payment data from RF-SIM cards；

Third acquisition module 7032, for obtaining user information from the memory of TEE；

Processing module 7033 gets paid processing data for carrying out payment processing according to payment data and user information.

In addition, mobile device further includes：Safe shared drive 704；

RF-SIM cards 701 further include：First preserving module 7014, for preserving payment data to safe shared drive 704；Second acquisition module 7031 is specifically used for obtaining payment data from safe shared drive 704.

Payment processing unit 703 further includes：Second preserving module 7034, is total to for preserving payment processing data to safety Enjoy memory 704；First acquisition module 7012 is specifically used for obtaining payment processing data from safe shared drive 704.

Payment processing unit 703 further includes：4th acquisition module 7035, for from RF-SIM cards 701 obtain private key with User information；Third preserving module 7036, for preserving private key and user information into the memory 702 of TEE.

Processing module 7033 is specifically used for that payment data and user information is encrypted using private key to get paid Handle data.

RF-SIM cards 701 further include：4th preserving module 7015, for preserving private key and the user information to safety Shared drive 704；Third acquisition module 7035 is specifically used for reading the private key and described from the safe shared drive 704 User information.

When user uses certain mobile device for the first time, and RF-SIM cards 701 are inserted into the mobile device, mobile device Application program in REE can detect the RF-SIM cards 701 of insertion, to trigger RF-SIM card initialization flows, RF-SIM cards Initialization flow it is as follows：

The 4th preserving module 7015 in RF-SIM cards 701 will be preset at the private key in RF-SIM cards and user information preserves Into safe shared drive 704.

Wherein, private key can be the private key for the unsymmetrical key that 701 inside of RF-SIM cards generates, for preventing data from passing Defeated and storing process is stolen or distorts, and can also be the preset private key of other modes, does not limit herein specifically.

It should be noted that the user information in RF-SIM cards 701 refers to the personal information needed in payment process, it can To include：Information of mobile user (such as：International mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number)), bank account information (such as：Bank card account number, payment cipher) etc., It does not limit herein specifically.

Safe shared drive 704 is one piece of storage in mobile device, this is interior, and there are the access control units of mobile device Control under, can only by TEE and with RF-SIM cards connection discrete cell access.Under the support of safe shared drive 704, Application program in RF-SIM cards 701 and TEE can realize data interaction in the case where REE is not involved in, process of guaranteeing payment Core data safety.

In practical applications, which it is shared to may be used the safety that ARM TrustZone technologies are realized Memory can also use other technologies to realize, not limit herein specifically.

The 4th preserving module 7015 in RF-SIM cards 701 will be preset at the private key in RF-SIM cards and user information is protected After depositing into safe shared drive 704, the 4th acquisition module 7035 in payment processing unit 703 is from safe shared drive It is the payment application executed in TEE that private key and user information, payment processing unit 703 are read in 704.

The 4th acquisition module 7035 in payment processing unit 703 reads private key and user information from safe shared drive Later, third preserving module 7036 preserves private key and user information into the memory 702 of TEE, to complete RF-SIM cards Initialization procedure.

Above step is the process of RF-SIM card security initializations, it should be noted that when RF-SIM cards 701 initialize, Other than the private key and user information that read RF-SIM cards, the RF-SIM cards letter needed in other payment process can also be read Breath, does not limit specifically herein.

In addition, it is necessary to explanation, above only a kind of more common RF-SIM card secure initialization procedures, in reality In, possible there are many methods of initialization RF-SIM cards, as long as can guarantee the private key and user information in RF-SIM cards On the basis of not contacting REE environment, in storage to TEE, the method specifically initialized does not limit herein.

When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field, RF-SIM cards 701 and payment request side in mobile device establish connection, the RF-SIM cards in the mobile device of payment request direction 701 send payment request, include payment data in the payment request.

The first receiving module 7011 in RF-SIM cards 701 in mobile device is in the branch for receiving the transmission of payment request side After paying request, the first preserving module 7014 in RF-SIM cards 701 preserves the payment data in payment request to mobile device Safe shared drive 704 in.

RF-SIM cards 701 in a mobile device by payment data preserve to mobile device safe shared drive 704 it Afterwards, the first acquisition module 7031 in payment processing unit 703 reads payment data from safe shared drive 704, at payment It is the payment application executed in TEE to manage unit 703.

The second acquisition module 7031 in payment processing unit in safe shared drive 704 after reading payment data, and the Three acquisition modules 7032 are again from the RF- being stored in when reading RF-SIM card initializations in the memory of TEE 702 in the memory 704 of TEE The private key and user information of SIM card, later, processing module 7033 is encrypted payment data and user information using private key, To generate encrypted payment processing data.

It should be noted that in practical applications, information that payment processing unit 703 is read include only not necessarily private key, Payment data, user information can also include other kinds of information required for payment；Processing module 7033 is in payment processing mistake Payment data and user information are not necessarily only included using the data of private key encryption in journey, can also include other kinds of payment Required information, does not limit specifically herein.

In addition, in practical applications, the mode that processing module 7033 carries out data payment processing is not necessarily using private Payment data and user information is encrypted in key, can also be handled data using other modes, not done herein specifically It limits.

Optionally, the processing module 7033 in payment processing unit 703 uses private key to payment data and user information Before being encrypted, bio-identification unit can carry out living things feature recognition certification, and detailed process is as follows：

Processing module 7033 in payment processing unit 703 is encrypted payment data and user information using private key To after payment processing data, the second preserving module 7034 in payment processing unit 703 preserves payment processing data to movement The safe shared drive 704 of equipment.

The second preserving module 7034 in payment processing unit 703 preserves payment processing data to the safety of mobile device After shared drive 704, the first acquisition module 7012 in RF-SIM cards 701 gets the payment from safe shared drive 704 Handle data.

The first acquisition module 7012 in RF-SIM cards 701 after obtaining payment processing data in safe shared drive 704, Sending module 7013 sends the payment processing data to payment request side.

Optionally, as another embodiment, the second acquisition module 7031 in payment processing unit reads payment number According to before, living things feature recognition certification can be carried out, detailed process is as follows：

In the embodiment of the present invention, RF-SIM cards 701 are before use, by private key required for payment and use in RF-SIM cards 701 In family information preservation to the memory 702 of TEE, to ensure the information being stored in RF-SIM cards 701 in the base for not contacting REE environment On plinth, in storage to the memory 702 of TEE, to complete the initialization of RF-SIM cards, provided to the payment processing unit 703 in TEE The payment information of safety.So that some storages and operational capability by RF-SIM cards 701 are put into the TEE environment of mobile device In after, while storage and the operational capability for effectively enhancing payment, ensure that the high security of payment process.

Secondly, in this embodiment of the present invention, the processing module 7033 in payment processing unit 703 is using private key to paying number Payment processing is carried out according to being encrypted with user information, improves the realizability of scheme.

In addition, in embodiments of the present invention, as the optional structure element of mobile device, bio-identification unit exists Payment processing unit in TEE utilizes biological identification technology progress biometric authentication, general before being handled payment data The storage of biological characteristic and verification process are placed in TEE security contexts and complete, and make it have enough storages and computing capability real Existing living things feature recognition certification, changing does not have enough storages and operational capability to carry out biological support knowledge in traditional RF-SIM cards The not situation of certification, and greatly improve the safety of mobile payment.

In conjunction with Fig. 8, a kind of mobile device provided in an embodiment of the present invention, including：

RF-SIM cards 801, the payment request for receiving the transmission of payment request side include payment number in the payment request According to；

Memory 802 in trusted execution environments TEE；

Payment processing unit 803, for obtaining payment data from RF-SIM cards, according to payment data and user information into Row payment processing gets paid processing data, and payment processing unit is the payment application operated in TEE, user information from It is obtained in the memory of TEE；

RF-SIM cards 804, are additionally operable to obtain payment processing data from payment processing unit, and branch is sent to payment request side Pay processing data.

Wherein, RF-SIM cards 801 include：

First receiving module 8011, for receiving payment request；

First acquisition module 8012, for obtaining payment processing data from payment processing unit；

Sending module 8013, for sending payment processing data to payment request side；

Wherein, payment processing unit 803 includes：

Second acquisition module 8031, for obtaining payment data from RF-SIM cards；

Third acquisition module 8032, for obtaining user information from the memory of TEE；

Processing module 8033 gets paid processing data for carrying out payment processing according to payment data and user information.

In addition, mobile device further includes：Safe shared drive 804；

RF-SIM cards 801 further include：First preserving module 8014, for preserving payment data to safe shared drive 804；Second acquisition module 8031 is specifically used for obtaining payment data from safe shared drive 804.

Payment processing unit 803 further includes：Second preserving module 8034, is total to for preserving payment processing data to safety Enjoy memory 804；First acquisition module 8012 is specifically used for obtaining payment processing data from safe shared drive 804.

Payment processing unit 803 further includes：4th acquisition module 8035, for from RF-SIM cards 801 obtain private key with User information；Third preserving module 8036, for preserving private key and user information into the memory 802 of TEE.

Processing module 8033 is specifically used for that payment data and user information is encrypted using private key to get paid Handle data.

RF-SIM cards 801 further include：4th preserving module 8015, for preserving private key and the user information to safety Shared drive 804；Third acquisition module 8035 is specifically used for reading the private key and described from the safe shared drive 804 User information.

In addition, mobile device further includes：Modem 805, for being connected with RF-SIM cards, RF-SIM cards pass through Modem 805 are communicated with other modules in mobile device.

When user uses certain mobile payment device for the first time, and RF-SIM cards 801 are inserted into the mobile device, mobile device REE in application program can detect the RF-SIM cards 801 of insertion, triggering initialization flow, at the beginning of sending out RF-SIM cards Beginningization order receives this order to Modem 805, Modem 805.

After Modem 805 receives RF-SIM card initialization orders, the 4th preserving module 8015 in RF-SIM cards passes through Modem 805 is from reading in RF-SIM cards 801 private key of payment authentication and be stored in RF-SIM cards 801 in RF-SIM cards 801 In user information.

It should be noted that the user information in the RF-SIM cards 801 read herein refers to being needed in payment process Personal information may include：Information of mobile user (such as：International mobile subscriber identity (IMSI, International Mobile Subscriber Identification Number)), bank account information (such as：Bank card account number, payment are close Code) etc., it does not limit herein specifically.

The 4th preserving module 8015 in RF-SIM cards reads private key and the user of RF-SIM cards 801 by Modem 805 After information, the private key of RF-SIM cards 801 and user information are preserved into safe shared drive 804 by Modem 805.

Wherein, safe shared drive 804 is one piece of storage in mobile device, this is interior, and there are the access controls of mobile device Under the control of unit, can only by TEE application program and with RF-SIM cards connection Modem 805 access.It is shared in safety Under the support of memory 804, data can be realized between RF-SIM cards 801 and the application program of TEE in the case where REE is not involved in Interaction, process of guaranteeing payment core data safety.

The 4th preserving module 8015 in RF-SIM cards is believed the private key of RF-SIM cards 801 and user by Modem 805 Breath is preserved to after safe shared drive 804, and the 4th acquisition module 8035 in payment processing unit 803 is from safe shared drive It is the payment application journey executed in TEE that the private key of RF-SIM cards 801 and user information, payment processing unit 803 are read in 804 Sequence.

4th acquisition module 8035 after reading private key and the user information of RF-SIM cards 801 in safe shared drive 804, Third preserving module 8036 is saved in the memory 802 of TEE, completes the initialization procedure of RF-SIM cards.

Above step is the process of 801 security initialization of RF-SIM cards, it should be noted that RF-SIM801 card initializations When, other than the private key and user information that read RF-SIM cards 801, the RF- needed in other payment process can also be read SIM card information does not limit specifically herein.

In addition, it is necessary to explanation, above step is a kind of more common RF-SIM card secure initialization procedures, In practical application, possible there are many methods of initialization RF-SIM cards, as long as can guarantee the private key in RF-SIM cards and user On the basis of not contacting REE environment, in storage to TEE, the method specifically initialized does not limit information herein.

When there is the generation of near field payment transaction, user can first open the payment application in mobile device, be contacted by near field, First receiving module 8011 of the RF-SIM cards 801 in mobile device and payment request side establish connection, payment request direction the One receiving module 8011 sends payment request, includes payment request order and payment data in the payment request.In fact, first What receiving module 8011 received is carrier wave, which carries payment request.

For RF-SIM cards 801 after receiving payment request, the first preserving module 8014 in RF-SIM cards 801 can be by the branch It pays request and is sent to Modem 805.

After Modem 805 receives payment request, payment data therein is preserved to safe shared drive 804.

After Modem 805 receives payment request, payment request order therein is transmitted to the application program in REE, Later, mobile device is from REE pattern switchings to TEE patterns, while the payment request order is sent to operation by mobile device again Payment processing unit 803 in TEE, payment processing unit 803 are the payment application operated in TEE.

After payment processing unit 803 receives payment request order, the second acquisition module 8031 is from safe shared drive Payment data is read in 804.

Second acquisition module 8031 is after receiving payment request order, and third acquisition module 8032 is from TEE memories 802 Read RF-SIM cards private key and the user information being stored in when RF-SIM cards 801 initialize in TEE memories 802.

Second acquisition module 8031 reads payment data from safe shared drive 804, and third acquisition module 8032 is from TEE Memory 802 in read RF-SIM cards private key and user information after, processing module 8033 use private key to payment data and use Family information is encrypted, to generate encrypted payment processing data.

It should be noted that in practical applications, information that payment processing unit 803 is read include only not necessarily private key, Payment data, user information can also include other kinds of information required for payment；Added using private key during payment processing Close data not necessarily only include payment data and user information, can also include other kinds of information required for payment, tool Body does not limit herein.

In addition, in practical applications, the mode that processing module 8033 carries out data payment processing is not necessarily using private Payment data and user information is encrypted in key, can also be handled data using other modes, not done herein specifically It limits.

Processing module 8033 payment data and user information are encrypted get paid processing data after, second preserve Module 8034 preserves payment processing data to safe shared drive 804.

Second preserving module 8034 preserves payment processing data to safe shared drive 804, and Modem805 is from safety The payment processing data are read in shared drive 804.

The payment processing data are sent to by Modem 805 after reading payment processing data in safe shared drive 804 First acquisition module 8012 of RF-SIM cards 801.

After first acquisition module 8012 of RF-SIM cards 801 receives the payment processing data of the transmissions of Modem 805, send The payment processing data are sent to payment request side by module 8013 by the RF modules of RF-SIM cards 801 itself.

In the embodiment of the present invention, communicated by Modem805 between RF-SIM cards 801 and safe shared drive 804, The payment data of the reception of RF-SIM cards 801, the private key of RF-SIM cards 801 and user information are stored by Modem 805 to peace Full shared drive, and RF-SIM cards 801 read payment processing data by Modem 805 from safe shared drive 804, to Improve the realizability of scheme.

The above is that the mobile device in the embodiment of the present invention is described from the angle of modular functionality entity, and here is The mobile device in the embodiment of the present invention is described from the angle of hardware handles, referring to Fig. 9, in the embodiment of the present invention Another embodiment of mobile device includes：

Input interface 901, output interface 902, processor 903, memory 904, display 905 and RF-SIM cards 906, The quantity of processor 903 can be one or more in mobile device in middle the present embodiment, in Fig. 9 by taking a processor 903 as an example, The quantity of memory 904 can be one or more, in Fig. 9 by taking a memory 904 as an example.In some embodiments of the present invention In, input interface 901, output interface 902, processor 903, memory 904, display 905 and RF-SIM cards 906 can be by total Line or other means connects, wherein in Fig. 9 for being connected by bus.

Wherein, RF-SIM cards 906 receive the payment request data and payment request order that near field payment services are sent, input Interface 901 receives instruction of the user by the operation application of display 905, passes through the operational order for calling memory 904 to store, place Device 903 is managed, for executing following steps：

Payment data is obtained from RF-SIM cards 906, user information is obtained from memory 904；According to payment data and User information carries out payment processing and gets paid processing data, and payment processing data are stored into memory 904.

In the embodiment of the present invention, processor 903 is additionally operable to execute following steps：Drive RF-SIM cards 906 from memory Payment processing data are obtained in 904, and payment processing data are sent to payment request side.

In the embodiment of the present invention, processor 903 is additionally operable to execute following steps：Drive RF-SIM cards 906 by payment data It preserves into memory 904, payment data is obtained from memory 904.

In the embodiment of the present invention, processor 903 is additionally operable to execute following steps：Payment processing data are preserved to memory In 904；RF-SIM cards 906 are driven to obtain payment processing data from memory 904.

In the embodiment of the present invention, processor 903 is additionally operable to execute following steps：From RF-SIM cards 906 obtain private key and User information preserves private key and user information into memory 904.

In the embodiment of the present invention, processor 903 carries out payment processing according to payment data and user information and gets paid place Reason data are specially that payment data and user information are encrypted using private key to get paid processing data.

In the embodiment of the present invention, processor 903 is additionally operable to execute following steps：Drive RF-SIM cards by private key and the use In family information preservation to memory 904, private key and user information are read from memory 904.

In the embodiment of the present invention, after the RF-SIM cards 906 in mobile device receive the payment request that payment request side is sent, It is not that total data and payment operation are placed in the CPU of SIM card and are run, but is obtained from RF-SIM cards by processor 903 The payment data in payment request is taken, later, processor 903 carries out payment processing according to payment data and user information and propped up Processing data are paid, wherein user information obtains by processor 903 from memory 904, and later, RF-SIM cards 906 are from memory The payment processing data are obtained in 904, and send the payment processing data to payment request side.To realize RF-SIM cards Some storages and operational capability are put into the TEE environment of safety of mobile device, on the basis of ensureing high security, effectively Enhance storage and the operational capability of secure payment.

It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.

In several embodiments provided herein, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of division of logic function, formula that in actual implementation, there may be another division manner, such as multiple units or component It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be the indirect coupling by some interfaces, device or unit It closes or communicates to connect, can be electrical, machinery or other forms.

The unit illustrated as separating component may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, you can be located at a place, or may be distributed over multiple In network element.Some or all of unit therein can be selected according to the actual needs to realize the mesh of this embodiment scheme 's.

In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.

If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can be stored in a computer read/write memory medium.Based on this understanding, technical scheme of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention Portion or part steps.And storage medium above-mentioned includes：USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.

The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations；Although with reference to before Stating embodiment, invention is explained in detail, it will be understood by those of ordinary skill in the art that：It still can be to preceding The technical solution recorded in each embodiment is stated to modify or equivalent replacement of some of the technical features；And these Modification or replacement, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution.

Claims

1. a kind of method of mobile payment, which is characterized in that including：

RF-SIM clamping revenues and expenditures in mobile device pay requesting party's payment request sent, include payment number in the payment request According to；

Payment processing unit in mobile device obtains the payment data from the RF-SIM cards in the mobile device, described Payment processing unit is the payment application operated in trusted execution environments TEE；

Payment processing unit in the mobile device carries out payment processing according to the payment data and user information and is propped up Processing data are paid, the user information is obtained from the memory of the TEE；

RF-SIM cards in the mobile device obtain the payment processing number from the payment processing unit in the mobile device According to；

RF-SIM cards in the mobile device send the payment processing data to the payment request side；

Payment processing unit in the mobile device obtains the payment data from the RF-SIM cards in the mobile device Including：

RF-SIM cards in the mobile device preserve the payment data to safe shared drive, the safe shared drive It can only be accessed by TEE and with the discrete cell of RF-SIM cards connection；

Payment processing unit in the mobile device reads the payment data from the safe shared drive；

RF-SIM cards in the mobile device obtain the payment processing number from the payment processing unit in the mobile device According to including：

Payment processing unit in the mobile device preserves the payment processing data to safe shared drive；

RF-SIM cards in the mobile device obtain the payment processing data from the safe shared drive.

2. method of mobile payment according to claim 1, which is characterized in that the method further includes：

The mobile device initializes the RF-SIM cards in the mobile device；

The mobile device carries out initialization to the RF-SIM cards in the mobile device：

Payment processing unit in the mobile device obtains private key and the use from the RF-SIM cards in the mobile device Family information；

Payment processing unit in the mobile device preserves the private key and the user information to the memory of the TEE In.

3. method of mobile payment according to claim 2, which is characterized in that the payment processing unit in the mobile device Getting paid processing data according to the payment data and user information progress payment processing includes：

Payment processing unit in the mobile device carries out the payment data and the user information using the private key Encryption gets paid processing data.

4. method of mobile payment according to claim 2, which is characterized in that the payment processing unit in the mobile device Private key is obtained from the RF-SIM cards in the mobile device and the user information includes：

RF-SIM cards in the mobile device preserve the private key and the user information to the safe shared drive；

Payment processing unit in the mobile device reads the private key and user letter from the safe shared drive Breath.

5. a kind of mobile device, which is characterized in that including：

The memory of credible performing environment TEE；

Payment processing unit, for obtaining the payment data from the RF-SIM cards, according to the payment data and user Information carries out payment processing and gets paid processing data, and the payment processing unit is the payment application operated in the TEE Program, the user information are obtained from the memory of the TEE；

The RF-SIM cards are additionally operable to obtain the payment processing data from the payment processing unit, be asked to the payment The side of asking sends the payment processing data；

Wherein, the RF-SIM cards include：

First receiving module, for receiving the payment request；

First acquisition module, for obtaining the payment processing data from the payment processing unit；

Sending module, for sending the payment processing data to the payment request side；

The payment processing unit includes：

Second acquisition module, for obtaining the payment data from the RF-SIM cards；

Third acquisition module, for obtaining the user information from the memory of the TEE；

Processing module gets paid processing data for carrying out payment processing according to the payment data and user information；

The mobile device further includes：

Safe shared drive, the safe shared drive can only be accessed by TEE and with the discrete cell of RF-SIM cards connection；

The RF-SIM cards further include：

First preserving module, for preserving the payment data to the safe shared drive；

Second acquisition module is specifically used for obtaining the payment data from the safe shared drive；

The payment processing unit further includes：

Second preserving module, for preserving the payment processing data to the safe shared drive；

First acquisition module is specifically used for obtaining the payment processing data from the safe shared drive.

6. mobile device according to claim 5, which is characterized in that the payment processing unit further includes：

4th acquisition module, for obtaining private key and the user information from the RF-SIM cards；

Third preserving module, for preserving the private key and the user information into the memory of the TEE.

7. mobile device according to claim 6, which is characterized in that the processing module is specifically used for using the private key The payment data and the user information are encrypted and get paid processing data.

8. mobile device according to claim 6, which is characterized in that

The RF-SIM cards further include：

4th preserving module, for preserving the private key and the user information to the safe shared drive；

The third acquisition module is specifically used for reading the private key and the user information from the safe shared drive.