CN107464109A - Credible mobile payment device, system and method - Google Patents
Credible mobile payment device, system and method Download PDFInfo
- Publication number
- CN107464109A CN107464109A CN201710630013.0A CN201710630013A CN107464109A CN 107464109 A CN107464109 A CN 107464109A CN 201710630013 A CN201710630013 A CN 201710630013A CN 107464109 A CN107464109 A CN 107464109A
- Authority
- CN
- China
- Prior art keywords
- transaction
- payment
- credible
- information
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/325—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3821—Electronic credentials
- G06Q20/38215—Use of certificates or encrypted proofs of transaction rights
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Abstract
The present invention provides credible mobile payment device, system and method, this is credible mobile payment device using intelligent mobile terminal as carrier, including:Credible execution module, secure storage module and mobile payment module;Wherein, credible execution module is used for:Installation and operation secure payment trusted application, transaction payment information is encrypted according to the first key obtained from the secure storage module, generates dynamic verification code, the dynamic verification code is sent to the mobile payment module;Secure storage module is used for:Store secure payment trusted application and first key;Mobile payment module is used for:Transaction payment information is sent to the credible execution module;The dynamic verification code is sent to external equipment;The transaction payment information is sent to the mobile payment module by external equipment, or is generated by credible mobile payment device when user is traded.Paid using the device, payment information, fund security can be ensured, without carrying extras.
Description
Technical field
The present invention relates to mobile payment technical field, more particularly to a kind of credible mobile payment device, system and method.
Background technology
With the development of ecommerce, the mobile payment application scenarios based on open platform smart mobile phone are more and more,
In open mobile payment application environment, the safety of on-line payment turns into the major issue of mobile payment research.Current mobile branch
Pay and apply when solving the problems, such as mobile payment security, it is dynamically close mainly by introducing double factor authentication such as short message verification code
Code device or by using the U-shield for possessing hardware signature function.
On the intelligent mobile terminal of current open platform, because short message has the risk for forwarding of being held as a hostage, based on short message
The certification existing defects of identifying code;Using special dynamic cipher device equipment, due to needing extra carrying dynamic cipher device, and grasp
Make dynamic cipher device and inconvenience be present using upper, while above-mentioned identification authentication mode is only limitted to authentication, to Transaction Information
Signature is completed by APP softwares, the risk that Transaction Information is held as a hostage and distorted be present;On an open platform using possessing hardware signature
U-shield equipment, because it has difficulties on hardware adaptation, at the same carry using exist inconvenience, deposited in large-scale application
In obstacle.
The content of the invention
In order to ensure the safety of user's mobile payment information, user's fund security is ensured, without carrying extra equipment, this
Inventive embodiments provide following solution:
The embodiments of the invention provide a kind of credible mobile payment device, and this is credible, and mobile payment device is whole with intelligent mobile
Hold as carrier, including:Credible execution module, secure storage module and mobile payment module;
Wherein, the credible execution module is used for:Installation and operation secure payment trusted application, according to from the peace
Transaction payment information is encrypted the first key that full memory module obtains, and dynamic verification code is generated, by the dynamic authentication
Code is sent to the mobile payment module;
The secure storage module is used for:Store secure payment trusted application and first key;
The mobile payment module is used for:Transaction payment information is sent to the credible execution module;By the dynamic
Identifying code is sent to external equipment;
The transaction payment information is sent to the mobile payment module by external equipment, or by credible mobile payment device
Generated when user is traded.
The embodiment of the present invention additionally provides a kind of credible mobile-payment system, and this is credible, and mobile-payment system includes:Transaction
Terminal, trading server, mobile payment server and credible mobile payment device described above;
The transaction terminal is used for:The transaction payment information of generation is sent to trading server, receives user's input
First dynamic verification code, first dynamic verification code is sent to trading server;Receive the transaction payment result;
The trading server is used for:The transaction payment information and first dynamic verification code are sent to mobile branch
Pay server;The transaction payment result of reception is sent to the transaction terminal;
The mobile payment server is used for:The transaction payment information is sent to the credible mobile payment device;
Transaction payment information is encrypted, the second dynamic verification code is obtained, in the first dynamic verification code and the second dynamic authentication code-phase
With in the case of, transaction payment is completed, transaction payment result is obtained, the transaction payment result is sent to the transactional services
Device;
The credible mobile payment device is used for:The transaction payment information is received, is tested to user's ID authentication information
After card passes through, the transaction payment information is encrypted, obtains the first dynamic verification code;
Method and the credible mobile branch used by transaction payment information is encrypted the mobile payment server
It is identical to pay method used by transaction payment information is encrypted device.
The embodiment of the present invention additionally provides a kind of credible method of mobile payment, and this is credible, and method of mobile payment includes:
Transaction terminal sends the transaction payment information of generation to credible shifting by trading server, mobile payment server
Dynamic payment mechanism;
Credible mobile payment device receives the transaction payment information, after being verified to user's ID authentication information,
The transaction payment information is encrypted, obtains the first dynamic verification code;
Transaction terminal receives first dynamic verification code of user's input, and first dynamic verification code is passed through into transaction
Server is sent to mobile payment server;
Transaction payment information is encrypted mobile payment server, obtains the second dynamic verification code, is tested in the first dynamic
In the case of demonstrate,proving code and the second dynamic verification code identical, transaction payment is completed, transaction payment result is obtained, by the transaction payment
As a result sent by the trading server to transaction terminal;
Transaction terminal receives the transaction payment result;
Method and the credible mobile branch used by transaction payment information is encrypted the mobile payment server
It is identical to pay method used by transaction payment information is encrypted device.
The embodiment of the present invention additionally provides another credible mobile-payment system, and this is credible, and mobile-payment system includes:On
State described credible mobile payment device, trading server, mobile payment server;
Wherein, the credible mobile payment device is used for:After being verified to user's ID authentication information, to generation
Transaction payment information is digitally signed, and obtains the first trading signature information, the transaction payment information is encrypted, and is obtained
First dynamic verification code, the first trading signature information, the first dynamic verification code and the transaction payment information are passed through into friendship
Easy server is sent to the mobile payment server;Receive the transaction payment result;
The mobile payment server is used for:The transaction payment information of reception is digitally signed, generation second
Trading signature information, the transaction payment information is encrypted, the second dynamic verification code is obtained, in the first trading signature information
In the case of the second trading signature information and the first dynamic verification code and the second dynamic verification code all same, according to the transaction
Payment information completes transaction payment, obtains transaction payment result, the transaction payment result is sent out by the trading server
Deliver to the credible mobile payment device;
Method and described used by the mobile payment server is digitally signed and encrypted to transaction payment information
Method is identical used by credible mobile payment device is digitally signed to transaction payment information with encryption.
The embodiment of the present invention additionally provides another credible method of mobile payment, and this is credible, and method of mobile payment includes:
Credible mobile payment device enters after being verified to user's ID authentication information to the transaction payment information of generation
Row digital signature, the first trading signature information is obtained, the transaction payment information is encrypted, obtain the first dynamic authentication
Code, the first trading signature information, the first dynamic verification code and the transaction payment information are sent by trading server
To the mobile payment server;
Mobile payment server is digitally signed to the transaction payment information of reception, generation the second trading signature letter
Breath, the transaction payment information is encrypted, and obtains the second dynamic verification code, in the first trading signature information and the second transaction
It is complete according to the transaction payment information in the case of signing messages and the first dynamic verification code and the second dynamic verification code all same
Into transaction payment, obtain transaction payment result, by the transaction payment result by the trading server send to it is described can
Believe mobile payment device;
Credible mobile payment device receives the transaction payment result;
Method and described credible used by mobile payment server is digitally signed and encrypted to transaction payment information
Method is identical used by mobile payment device is digitally signed to transaction payment information with encryption.
The embodiment of the present invention additionally provides a kind of computer equipment, including memory, processor and storage are on a memory
And the computer program that can be run on a processor, above-mentioned credible movement is realized described in the computing device during computer program
Method of payment.
The embodiment of the present invention additionally provides a kind of computer-readable recording medium, the computer-readable recording medium storage
There is the computer program for performing above-mentioned credible method of mobile payment.
In embodiments of the present invention, the credible mobile payment device of proposition, system and method are by integrated use intelligence
These bases such as credible performing environment TEE credible execution module, secure storage module and mobile payment module of mobile terminal
Facility ensures the safety of payment of user.User produces safety when moving delivery operation, by credible execution module
Dynamic verification code, user are paying page input dynamic verification code, you can complete transaction.The method provided by the invention can be with
The safety of user's mobile payment information is ensured, ensures user's fund security.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
There is the required accompanying drawing used in technology description to be briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is a kind of credible mobile payment device structural representation provided in an embodiment of the present invention;
Fig. 2 is a kind of secure payment trusted program initialization installation method flow chart provided in an embodiment of the present invention;
Fig. 3 is a kind of credible mobile-payment system structural representation one provided in an embodiment of the present invention;
Fig. 4 is a kind of credible method of mobile payment flow chart one provided in an embodiment of the present invention;
Fig. 5 is a kind of credible mobile-payment system structural representation two provided in an embodiment of the present invention.
Fig. 6 is a kind of credible method of mobile payment flowchart 2 provided in an embodiment of the present invention.
Fig. 7 is a kind of credible method of mobile payment flow chart 3 provided in an embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Based on this
Embodiment in invention, the every other reality that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example is applied, belongs to the scope of protection of the invention.
In embodiments of the present invention, there is provided a kind of credible mobile payment device, as shown in figure 1, the credible mobile payment
Device is carrier with intelligent mobile terminal 501, and this is credible, and mobile payment device includes:Credible execution module 502, safety storage mould
Block 503 and mobile payment module 507;
Wherein, the credible execution module 502 is used for:Installation and operation secure payment trusted application 504, according to from
The first key (i.e. dynamic verification code generation key) that the secure storage module 503 obtains adds to transaction payment information
It is close, dynamic verification code is generated, the dynamic verification code is sent to the mobile payment module 507;
The secure storage module 503 is used for:Store secure payment trusted application 504 and first key;
The mobile payment module 507 is used for:Transaction payment information is sent to the credible execution module 502;By institute
Dynamic verification code is stated to send to external equipment;
The transaction payment information is sent to the mobile payment module 507, or by credible mobile payment by external equipment
Device generates when user is traded.
When it is implemented, credible execution module 507 is specifically used for:Transaction payment information is added as follows
It is close:
The transaction hash values of transaction payment information are determined, use the first key obtained from the secure storage module 503
Transaction hash values are encrypted together with the current time factor, generate dynamic verification code.
When it is implemented, secure storage module 503 is additionally operable to:Store the second key (private key mentioned below);
The credible execution module 502 is additionally operable to:According to from the second key that the secure storage module 503 obtains to hand over
Easy payment information is digitally signed, and generates trading signature information, the trading signature information is sent to the mobile payment
Module 507;
The mobile payment module 507 is additionally operable to:The trading signature information is sent to external equipment.
When it is implemented, as shown in figure 1, the credible mobile payment device can also include:Credible display module 505 and can
Believe input module 506;
The credible execution module 502 is additionally operable to:The transaction payment information and the dynamic verification code are sent to institute
State credible display module 505;When carrying out payment transaction, the user's ID authentication information that will be stored in secure storage module 503
Compared with the user's ID authentication information that user inputs again, user identity is determined according to comparative result;
The credible display module 505 is used for:Show the transaction payment information and the dynamic verification code;
The credible input module 506 is used for:Receive the user's ID authentication information of user's input;
The secure storage module 503 is additionally operable to:Store user's ID authentication information.
Credible mobile payment device proposed by the present invention is described in detail below in conjunction with the accompanying drawings.
Confirm when it is implemented, the credible mobile payment device is the Transaction Information based on credible performing environment, merchandise and sign
Name and identifying code typing, allow user's payment transaction key element to reach finding and are signed, the input i.e. effect of encryption.Credible execution ring
Border (Trust Execute Environment hereinafter referred to as TEE) is that one kind is integrated in intelligent mobile terminal and and intelligent mobile
The stand-alone utility performing environment that terminal operating system is mutually isolated in hardware resource, TEE environment pass through in specific hardware
The hardware resource of disconnecting pipe intelligent mobile terminal, realizes the physical isolation of hardware resource and intelligent mobile terminal system, and its CPU exists
By designing the running environment being relatively isolated with cell phone system during core design, intelligent mobile terminal hardware is provided to realize
The adapter in source, intelligent mobile terminal equipment can lift mobile device safety by using this technology.
When it is implemented, intelligent mobile terminal 501 can be any intelligent sliding such as smart mobile phone, PAD, intelligent watch
Dynamic terminal, the device by button, touch-screen, display screen, CPU, storage chip, main control board, battery, wireless network except being led to
Basic hardware necessary to interrogate the mobile intelligent terminals such as module is formed outer, and another outstanding feature is exactly to be internally integrated TEE supports
Credible execution module 502.
Credible execution module 502, the module can be by SOC (System on Chip, system level chip, it is intended that it
It is a product, is an integrated circuit for having application-specific target, wherein comprising holonomic system and having a full content of embedded software)
It is integrated in inside the CPU of intelligent mobile terminal 501, or by adjunct circuit and integrated chip in intelligent mobile terminal 501
On mainboard, and the executable system of the hardware logic independently of intelligent mobile terminal 501, including but not limited to processor, RAM,
The modules such as storage, clock, power supply, dedicated bus.Credible execution module 502 passes through dedicated bus and intelligent mobile terminal 501
Peripheral hardware devices interact, in secure launch process with the other parts phase such as the operating system of intelligent mobile terminal 501
Isolation.Execution module 502 that this is credible ensure must authorized fail-safe software can just obtain safe execution, this fail-safe software
It is " trusted application " (TA).It is responsible in credible execution module 502 in the TEE environment of calculating, trusted application is all
Independent individual, in the case of without permission, any one trusted application can not pass through another trusted application
Carry out the resource of access safety;Simultaneously credible execution module also can ensure that resource in trusted application and data degree of protection,
Confidentiality, integrality and access rights;In order to ensure the confidence level of credible execution module 502, credible execution module 502 is arranged on
The installation and operation stage of trusted application is both provided with verifying link, to ensure the peace of trusted application in TEE environment
Row for the national games.
Secure storage module 503, the module can be by SOC be integrated in TEE kernels secure storage circuit or with
The connected external chip circuit of the safety bus of credible execution module 502.That is secure storage module 503 and credible execution
Module 502 can be integrated on same chip, and secure storage module 503 is secure storage circuit;Or, secure storage module
503 are not integrated on same chip with credible execution module 502, and secure storage module 503 is external chip circuit, and credible
The safety bus of execution module 502 is connected.The mainly responsible secure payment trusted application 504 of the module and key certificate etc.
The storage of data, the module only allow credible execution module 502 to store and read data by safety bus in access control,
Mobile operating system with intelligent mobile terminal 501 in data channel is isolated.
Secure payment trusted application 504, is the trusted application developed by payment services provider, and process is credible
After manager's security evaluation signature of execution module 502, authorize to download by way of safety and be installed to secure storage module 503
It is interior.Secure payment trusted application 504 is first in use, need to download and install by mobile communications network after installing successfully
Initial public key certificate and the dynamic verification code computation key issued through mobile payment server, it is specific to initialize installation method such as
Shown in Fig. 2.Secure payment trusted application 504 obtains the resources control authority of credible execution module 502, controls credible display
The input and output of module 505, credible input module 506, and by a kind of credible mobile-payment system proposed by the present invention with moving
Dynamic payment module 507 interacts, and reaches the purpose of secure payment.
Credible display module 505, the module is the display screen of intelligent mobile terminal 501, when intelligent mobile terminal 501 is caught
When receiving the hardware interrupts of credible execution module 502, the module controls the safety bus for transferring to credible execution module 502, intelligence
The data of the display output of the screen of energy mobile terminal 501 are controlled by secure payment trusted application 504, display screen
The information of output is genuine and believable information.
Credible input module 506, the module be intelligent mobile terminal 501 input equipment, can be keyboard, touch-screen,
One or more of which in camera, Fingerprint Identification Unit, when intelligent mobile terminal 501 captures credible execution module 502
During hardware interrupts, the module controls the safety bus for transferring to credible execution module 502, the information that user inputs on the touchscreen
It could only be received by the secure payment trusted application 504 authorized.
Mobile payment module 507, can be that a mobile payment APP or a movement realized with plug-in unit should
Use module.Main realize to user shows transaction payment information, prompts user's typing Transaction Information, submits and pays the users such as request
Interactive controlling;Also realized simultaneously by wireless network and establish network security passage with paying application server, pass through credible execution
The safe computing of module 504 performs and interaction, so as to ensure that credible mobile payment device normally completes payment transaction.
Used above, term " unit " or " module " can realize the software of predetermined function and/or the group of hardware
Close.Although device described by above example is preferably realized with software, hardware, or the combination of software and hardware
Realization and may and be contemplated.
In addition, there may be a Mobile solution installation module on mobile intelligent terminal 501, the module can be one
Mobile APP (such as download program APP) or a basic function for being integrated in the operating system of intelligent mobile terminal 501
Module, download and installation of the main responsible mobile applications in intelligent mobile terminal 501.Specific in this programme, mainly bear
Blame installment work of the secure payment trusted application 504 in credible execution link.
Based on the Mobile solution installation module on mobile intelligent terminal 501, this is credible mobile payment device, peace is described in detail
The full initialization installation method flow chart for paying trusted application 504, as shown in Fig. 2 including:
Step S201:Mobile payment service provider is by the secure payment Jing Guo the credible manager's certification of execution module 502
Trusted application 504 is signed, and signature configuration processor is packed into mobile payment module 507, issued together.The safety
Pay trusted application 504 endorsement method it is as follows, the installation kit use to secure payment trusted application 504 include but
Any one algorithm being not limited in SHA-256/SM3 calculates generating routine hash value, and uses including but not limited to SM2/
Any one of the asymmetric key algorithms such as RSA/ECC, said procedure hash value is signed, and by signed data and safety
Pay trusted application 504 and be packed into installation kit jointly.
Step S202:For user when downloading installation mobile payment module 507, Mobile solution installation module passes through system break
Arouse credible execution module 502, the installation certification of secure payment trusted application 504 is sent to credible execution module 502
Initialization directive, obtain initialization information include but is not limited to the algorithm of ID authentication, key version number, channel counter, with
The information such as machine number, ciphertext, Mobile solution install module and calculate generation safety certification ciphertext by above-mentioned initialization information, and will be upper
State ciphertext and be sent to the credible execution of execution module 502 certification, certification using installation key and is set up safe logical by rear generation
Road.Mobile solution installs module and secure payment trusted application 504 is encrypted using using installation key, passes through safety
Passage downloads to credible execution module 502, and notifies it to be installed.Credible execution module 502 is in erection stage, to safety support
The signature for paying trusted application 504 is verified that the content acknowledged receipt of belongs to the trusted application of mechanism authorized signature, then
For the application distribution secure memory space, application installation is performed.
Step S203:User inputs authentication information on mobile payment module 507 and logs in mobile payment server, enters
Enter initialization step, mobile payment server identifies according to user, mobile phone IMEI code (International Mobile
Equipment Identity) be international mobile equipment identification number abbreviation.It is commonly called as " mobile phone string number ", " mobile phone string code ", " mobile phone
Sequence number ", for identifying each independent mobile phone in GSM mobile networks, equivalent to the ID card No. of mobile phone.) etc. letter
Breath etc. generates unique mark for the distribution of secure payment trusted application 504 of the equipment.
Step S204:Mobile payment module 507 wakes up secure payment trusted application 504 according to TEE interactive standards
Flow is initialized, and the unique mark that previous step is generated is added to secure payment trusted application 504, the unique mark quilt
It is stored in secure storage module 503 and starts initialization flow.
Step S205:Secure payment trusted application 504 goes to the display reminding on credible display module 505 and believed
Breath, reminds user's typing user's ID authentication information as requested, the user's ID authentication information can be fingerprint, image or
One kind of numerical ciphers etc., user's typing finish, by above-mentioned user's ID authentication information storage to secure storage module 503.
Step S206:Secure payment trusted application 504 goes to local unsymmetrical key generation instruction, generation safety
The public private key pair for paying trusted application 504 is deposited in local secure storage 503, and with the private key of above-mentioned generation to public key
Signature Generates Certificate demand file.
Step S207:Mobile payment server server certificate, please to the certificate of secure payment trusted application 504
Ask file to be signed, and signing certificate is returned into secure payment trusted application 504;Mobile payment server obtains dynamic
State identifying code seed key, the unique mark that payment trusted application 504 safe to use is gone to carry out key and disperseed, generate
The dynamic verification code generation key of the secure payment trusted application 504, and payment trusted application 504 safe to use
Public key encryption.
Step S208:From the payment certificate after the download signed of mobile payment server 4 and dynamic verification code generation key, and
Payment certificate after signature and dynamic verification code generation key are stored in trusted storage module 503.
Step S209:Initialization is completed, and termination of security pays the initialization flow of trusted application 504.
Based on same inventive concept, a kind of credible method of mobile payment is additionally provided in the embodiment of the present invention, as following
Described in embodiment.The principle for solving problem due to credible method of mobile payment is similar to credible mobile payment device therefore credible
The implementation of method of mobile payment may refer to the implementation of credible mobile payment device, repeats part and repeats no more.
This method includes:Transaction payment information is encrypted, generates dynamic verification code;
The dynamic verification code is sent to external equipment.
When it is implemented, transaction payment information is encrypted as follows:
The transaction hash values of transaction payment information are determined, using first key to transaction hash values together with the current time factor
It is encrypted, generates dynamic verification code.
When it is implemented, this method also includes:
Transaction payment information is digitally signed using the second key, generates trading signature information;
The trading signature information is sent to external equipment.
When it is implemented, this method also includes:
When carrying out payment transaction, the user's ID authentication information stored and the user identity that user inputs again are recognized
Card information is compared, and user identity is determined according to comparative result.
When it is implemented, based on credible mobile payment device above, the embodiment of the present invention additionally provides a kind of credible shifting
Dynamic payment system, including transaction terminal 1, mobile communications network 2, trading server 3, mobile payment server 4 and credible movement
Payment mechanism 5.Wherein, credible mobile payment device 5 can be transaction terminal 1 in the system or independently of transaction
The equipment of terminal 1.
When equipment of the credible mobile payment device 5 independently of transaction terminal 1, the structure of this is credible mobile-payment system is such as
Shown in Fig. 3, this is credible, and mobile-payment system includes transaction terminal 1, mobile communications network 2, trading server 3, mobile payment clothes
Business device 4 and credible mobile payment device 5.Wherein, transaction terminal 1 passes through cable network/mobile communications network 2 and trading server
3 carry out data interaction;Trading server 3 carries out data interaction by cable network and mobile payment server 4;Credible mobile branch
Pay device 5 and data interaction is carried out by mobile communications network 2 and mobile payment server 4.
The transaction terminal 1 is used for:The transaction payment information of generation is sent to trading server 3, receives user's input
The first dynamic verification code, first dynamic verification code is sent to trading server 3;Receive the transaction payment result;
The trading server 3 is used for:The transaction payment information and first dynamic verification code are sent to movement
Paying server 4;The transaction payment result of reception is sent to the transaction terminal 1;
The mobile payment server 4 is used for:The transaction payment information is sent to the credible mobile payment device
5;Transaction payment information is encrypted, the second dynamic verification code is obtained, in the first dynamic verification code and the second dynamic verification code
In the case of identical, transaction payment is completed, obtains transaction payment result, the transaction payment result is sent to the transaction and taken
Business device 3;
The credible mobile payment device 5 is used for:The transaction payment information is received, is tested to user's ID authentication information
After card passes through, the transaction payment information is encrypted, obtains the first dynamic verification code;
Method and the credible mobile branch used by transaction payment information is encrypted the mobile payment server 4
It is identical to pay method used by transaction payment information is encrypted device 5.
The various pieces of the credible mobile-payment system are described in detail below.
When it is implemented, transaction terminal 1, can be smart mobile phone, tablet personal computer, intelligent television, PC or other can be with
Any equipment of internet is accessed, is mainly interacted by internet and trading server 3, typing pay invoice, pays and wants
The effect of the information such as element.
Mobile operator networks 2 are attached by wireless network mobile payment device 5 credible with transaction terminal 1/, are passed through
Cable network carries out data interaction with trading server 3 and mobile payment server 4, plays wireless network communication effect.
Trading server 3 such as can be to provide mobile or PC ends electric business, pay the fees, transfer accounts at the trading server, by mutual
Network for transaction terminal 1 provide generation order placement service, and by the sequence information received and it is corresponding payment request forwarded or
It is redirected to mobile payment server 4.
Mobile payment server 4, data friendship is carried out by cable network and mobile operator networks 2, trading server 5
Mutually.Mobile payment server possesses pay invoice processing, payment data certification, pays the functions such as accounting processing.
Credible mobile payment device 5, the device are accessed with mobile payment server 4 by internet, are propped up when receiving
When paying request, the payment account information of order requirements and dealing money are sent and show user to confirm, and prompt user by will
Input authentication information is sought, payment authentication information is sent to by mobile payment server by internet, so as to complete to pay
Process.
When it is implemented, credible mobile payment device 5 is specifically used for:
Transaction payment information is encrypted as follows:
The transaction hash values of transaction payment information are determined, are given birth to using the dynamic verification code stored in credible mobile payment device
Transaction hash values are encrypted together with the current time factor into key (first key), generate the first dynamic verification code.
Mobile payment server 4 is additionally operable to:In the case where the first dynamic verification code and the second dynamic verification code differ,
The transaction of generation first does not complete result, and the described first transaction is not completed into result sends to the trading server;
The trading server 3 is additionally operable to:Described first transaction is not completed into result to send to the transaction terminal;
The transaction terminal 1 is additionally operable to:Receive the not complete rear result of first transaction.
When it is implemented, credible mobile payment device 5 is specifically used for:
User's ID authentication information is verified as follows:
The user's ID authentication information of user's typing is received, the user's ID authentication information and credible mobile payment are filled
The user's ID authentication information for putting middle storage is compared, when in the user's ID authentication information and credible mobile payment device
When the user's ID authentication information of storage is identical, then subscriber authentication passes through;
When the user's ID authentication information and the user's ID authentication information that is stored in credible mobile payment device not phase
Meanwhile receive the user's ID authentication information that re-types of user, the user's ID authentication information of preset times typing with can
When the user's ID authentication information stored in letter mobile payment device differs, subscriber authentication is not by the way that identity is tested
Card failure information is sent to the mobile payment server 4;
The mobile payment server 4 is additionally operable to:Do not completed according to the transaction of authentication failure information generation second
As a result, the described second transaction is not completed into result to send to the trading server 3;
The trading server 3 is additionally operable to:Described second transaction is not completed into result to send to the transaction terminal;
The transaction terminal 1 is additionally operable to:Receive the not complete rear result of second transaction.
When it is implemented, credible mobile payment device 5 is additionally operable to:
After the transaction payment information is received, by the transaction payment information in the credible mobile payment device can
Letter display module shown, receive user's input to the transaction payment validation of information result, when the confirmation result is
Confirm that the payment information is correct, then user's ID authentication information is verified;When the confirmation result is the confirmation branch
Information errors are paid, then are sent the confirmation result to the mobile payment server 4;
The mobile payment server 4 is additionally operable to:Result is not completed according to the transaction of confirmation result generation the 3rd, by institute
The unfinished result of the 3rd transaction is stated to send to the trading server 3;
The trading server 3 is additionally operable to:Described 3rd transaction is not completed into result to send to the transaction terminal;
The transaction terminal 1 is additionally operable to:Receive and show the not complete rear result of the 3rd transaction.
Based on same inventive concept, a kind of credible method of mobile payment is additionally provided in the embodiment of the present invention, as following
Described in embodiment.The principle for solving problem due to credible method of mobile payment is similar to credible mobile-payment system therefore credible
The implementation of method of mobile payment may refer to the implementation of credible mobile-payment system, repeats part and repeats no more.
Fig. 4 is the flow chart of the credible method of mobile payment of the embodiment of the present invention, as shown in figure 4, the credible mobile payment
Method includes:
Step S401:Transaction terminal sends out the transaction payment information of generation by trading server, mobile payment server
Deliver to credible mobile payment device;
Step S402:Credible mobile payment device receives the transaction payment information, is tested to user's ID authentication information
After card passes through, the transaction payment information is encrypted, obtains the first dynamic verification code;
Step S403:Transaction terminal receives first dynamic verification code of user's input, by first dynamic authentication
Code is sent to mobile payment server by trading server;
Step S404:Transaction payment information is encrypted mobile payment server, obtains the second dynamic verification code, the
In the case of one dynamic verification code and the second dynamic verification code identical, transaction payment is completed, obtains transaction payment result, by described in
Transaction payment result is sent to transaction terminal by the trading server;
Step S405:Transaction terminal receives the transaction payment result;
Method and the credible mobile branch used by transaction payment information is encrypted the mobile payment server
It is identical to pay method used by transaction payment information is encrypted device.
When it is implemented, the credible mobile payment device transaction payment information is encrypted as follows (step
Rapid S420 and step S404):
The transaction hash values of transaction payment information are determined, are given birth to using the dynamic verification code stored in credible mobile payment device
Transaction hash values are encrypted together with the current time factor into key, generate the first dynamic verification code.
When it is implemented, this method also includes:
Mobile payment server is in the case where the first dynamic verification code and the second dynamic verification code differ, generation first
Transaction does not complete result, and the described first transaction is not completed into result is sent to the transaction terminal by the trading server;
Transaction terminal receives the not complete rear result of first transaction.
When it is implemented, the credible mobile payment device is verified to user's ID authentication information as follows
(step S402):
The user's ID authentication information of user's typing is received, the user's ID authentication information and credible mobile payment are filled
The user's ID authentication information for putting middle storage is compared, when in the user's ID authentication information and credible mobile payment device
When the user's ID authentication information of storage is identical, then subscriber authentication passes through;
When the user's ID authentication information and the user's ID authentication information that is stored in credible mobile payment device not phase
Meanwhile receive the user's ID authentication information that re-types of user, the user's ID authentication information of preset times typing with can
When the user's ID authentication information stored in letter mobile payment device differs, subscriber authentication is not by the way that identity is tested
Card failure information is sent to the mobile payment server;
The mobile payment server is additionally operable to:Knot is not completed according to the transaction of authentication failure information generation second
Fruit, the described second transaction is not completed into result and sent by the trading server to the transaction terminal;
The transaction terminal receives the not complete rear result of second transaction.
When it is implemented, this method also includes:
The credible mobile payment device is after the transaction payment information is received, by the transaction payment information described
The credible display module of credible mobile payment device is shown, receives the confirmation to the transaction payment information of user's input
As a result, result is confirmed to confirm that the payment information is correct when described, then user's ID authentication information is verified;When described
Result is confirmed to confirm the payment information mistake, then is sent the confirmation result to the mobile payment server;
The mobile payment server does not complete result according to the transaction of confirmation result generation the 3rd, and the described 3rd is handed over
Easily unfinished result is sent to the transaction terminal by the trading server;
The transaction terminal is additionally operable to:Receive and show the not complete rear result of the 3rd transaction.
When it is implemented, when credible mobile payment device 5 is the transaction terminal 1 in the system, the embodiment of the present invention carries
Supply credible mobile-payment system structural representation as shown in figure 5, including:Mobile communications network 2, credible mobile payment device
5th, trading server 3, mobile payment server 4;Wherein, credible mobile payment device 5 passes through cable network/mobile communications network
2 carry out data interaction with trading server 3;Trading server 3 carries out data friendship by cable network and mobile payment server 4
Mutually.
The credible mobile payment device 5 is used for:After being verified to user's ID authentication information, the transaction to generation
Payment information is digitally signed, and obtains the first trading signature information, the transaction payment information is encrypted, and obtains first
Dynamic verification code, the first trading signature information, the first dynamic verification code and the transaction payment information are taken by merchandising
Business device 3 is sent to the mobile payment server 4;Receive the transaction payment result;
The mobile payment server 4 is used for:The transaction payment information of reception is digitally signed, generation second
Trading signature information, the transaction payment information is encrypted, the second dynamic verification code is obtained, in the first trading signature information
In the case of the second trading signature information and the first dynamic verification code and the second dynamic verification code all same, according to the transaction
Payment information completes transaction payment, obtains transaction payment result, the transaction payment result is sent out by the trading server
Deliver to the credible mobile payment device 5;
Method and described used by the mobile payment server 4 is digitally signed and encrypted to transaction payment information
Method is identical used by credible mobile payment device 5 is digitally signed to transaction payment information with encryption.
When it is implemented, credible mobile payment device 5 is specifically used for:
The transaction payment information of generation is digitally signed as follows:
The transaction payment information of generation is digitally signed using the private key stored in credible mobile payment device, obtained
First trading signature information;
Transaction payment information is encrypted as follows:
The transaction hash values of transaction payment information are determined, are given birth to using the dynamic verification code stored in credible mobile payment device
Transaction hash values are encrypted together with the current time factor into key, generate the first dynamic verification code.
When it is implemented, the mobile payment server 4 is additionally operable to:Signed in the first trading signature information and the second transaction
In the case that name information differs, or, the first dynamic verification code and the second dynamic verification code differ, the transaction of generation first is not complete
Into result, the described first transaction is not completed into result and sent by the trading server 3 to the credible mobile payment device
5;
The credible mobile payment device 5 is additionally operable to:Receive the not complete rear result of first transaction.
When it is implemented, the credible mobile payment device 5 is specifically used for:
User's ID authentication information is verified as follows:
The user's ID authentication information of user's typing is received, the user's ID authentication information and credible mobile payment are filled
The user's ID authentication information for putting middle storage is compared, when in the user's ID authentication information and credible mobile payment device
When the user's ID authentication information of storage is identical, then subscriber authentication passes through;
When the user's ID authentication information and the user's ID authentication information that is stored in credible mobile payment device not phase
Meanwhile receive the user's ID authentication information that re-types of user, the user's ID authentication information of preset times typing with can
When the user's ID authentication information stored in letter mobile payment device differs, subscriber authentication is not by the way that identity is tested
Card failure information is sent to the mobile payment server 4 by the trading server 3;
The mobile payment server 4 is additionally operable to:Do not completed according to the transaction of authentication failure information generation second
As a result, the described second transaction is not completed into result to send to the credible mobile payment device 5 by the trading server 3;
The credible mobile payment device 5 is additionally operable to:Receive the not complete rear result of second transaction.
When it is implemented, the credible mobile payment device 5 is additionally operable to:
After the transaction payment information is generated, by the transaction payment information in the credible mobile payment device can
Letter display module is shown, the confirmation result to the transaction payment information of user's input is received, when the confirmation result
To confirm that the payment information is correct, then user's ID authentication information is verified;When the confirmation result is described in confirmation
Payment information mistake, then the confirmation result is sent to the mobile payment server 4 by the trading server 3;
The mobile payment server 4 is additionally operable to:Result is not completed according to the transaction of confirmation result generation the 3rd, by institute
The unfinished result of the 3rd transaction is stated to send to the credible mobile payment device 5 by the trading server 3;
The credible mobile payment device 5 is additionally operable to:Receive and show the not complete rear result of second transaction.
Based on same inventive concept, another credible method of mobile payment is additionally provided in the embodiment of the present invention, it is as follows
Described in the embodiment in face.It is similar to credible mobile-payment system to solve the principle of problem due to credible method of mobile payment, therefore
The implementation of credible method of mobile payment may refer to the implementation of credible mobile-payment system, repeats part and repeats no more.
Fig. 6 is the flow chart of the credible method of mobile payment of the embodiment of the present invention, as shown in fig. 6, the credible mobile payment
Method includes:
Step S601:Credible mobile payment device to user's ID authentication information after being verified, the transaction to generation
Payment information is digitally signed, and obtains the first trading signature information, the transaction payment information is encrypted, and obtains first
Dynamic verification code, the first trading signature information, the first dynamic verification code and the transaction payment information are taken by merchandising
Business device is sent to the mobile payment server;
Step S602:Mobile payment server is digitally signed to the transaction payment information of reception, generation second
Trading signature information, the transaction payment information is encrypted, the second dynamic verification code is obtained, in the first trading signature information
In the case of the second trading signature information and the first dynamic verification code and the second dynamic verification code all same, according to the transaction
Payment information completes transaction payment, obtains transaction payment result, the transaction payment result is sent out by the trading server
Deliver to the credible mobile payment device;
Step S603:Credible mobile payment device receives the transaction payment result;
Method and described credible used by mobile payment server is digitally signed and encrypted to transaction payment information
Method is identical used by mobile payment device is digitally signed to transaction payment information with encryption.
When it is implemented, (step S601 and step are digitally signed to the transaction payment information of generation as follows
Rapid S602):
Line number is entered to the transaction payment information of generation using the private key (the second key) stored in credible mobile payment device
Word is signed, and obtains the first trading signature information;
Transaction payment information is encrypted as follows (step S601 and step S602):
The transaction hash values of transaction payment information are determined, are given birth to using the dynamic verification code stored in credible mobile payment device
Transaction hash values are encrypted together with the current time factor into key, generate the first dynamic verification code.
When it is implemented, this method also includes:
The mobile payment server differs in the first trading signature information and the second trading signature information, or, first
In the case that dynamic verification code and the second dynamic verification code differ, the transaction of generation first does not complete result, and described first is handed over
Easily unfinished result is sent to the credible mobile payment device by the trading server;
The credible mobile payment device is additionally operable to:Receive the not complete rear result of first transaction.
When it is implemented, the credible mobile payment device is verified to user's ID authentication information as follows
(step S601):
The user's ID authentication information of user's typing is received, the user's ID authentication information and credible mobile payment are filled
The user's ID authentication information for putting middle storage is compared, when in the user's ID authentication information and credible mobile payment device
When the user's ID authentication information of storage is identical, then subscriber authentication passes through;
When the user's ID authentication information and the user's ID authentication information that is stored in credible mobile payment device not phase
Meanwhile receive the user's ID authentication information that re-types of user, the user's ID authentication information of preset times typing with can
When the user's ID authentication information stored in letter mobile payment device differs, subscriber authentication is not by the way that identity is tested
Card failure information is sent to the mobile payment server by the trading server;
The mobile payment server is not complete not by the transaction of information generation second according to the authentication failure information
Into result, the described second transaction is not completed into result and sent by the trading server to the credible mobile payment device;
The credible mobile payment device receives the not complete rear result of second transaction.
When it is implemented, this method also includes:
The credible mobile payment device is after the transaction payment information is generated, by the transaction payment information described
The credible display module of credible mobile payment device is shown, receives the confirmation to the transaction payment information of user's input
As a result, result is confirmed to confirm that the payment information is correct when described, then user's ID authentication information is verified;When described
Result is confirmed to confirm the payment information mistake, then is sent the confirmation result to the shifting by the trading server
Dynamic paying server;
The mobile payment server does not complete result according to the transaction of confirmation result generation the 3rd, and the described 3rd is handed over
Easily unfinished result is sent to the credible mobile payment device by the trading server;
The credible mobile payment device receives and shows the not complete rear result of second transaction.
Above-mentioned method is the transaction terminal 1 in clearly knowing that credible mobile payment device 5 is the system, or solely
The equipment for standing on transaction terminal 1.When can not clearly know that credible mobile payment device 5 is the transaction terminal 1 in the system, or
Independently of transaction terminal 1 equipment when, the method that is illustrated in fig. 7 shown below can be used to move payment.
As shown in fig. 7, being somebody's turn to do the method for mobile payment based on TEE and dynamic password includes:
Step S701:User is traded on transaction terminal, produces trading order form to be paid, and selects to pass through movement
Payment module 507 carries out order payment.
Step S702:Transaction terminal judges whether present terminal is credible mobile payment device when selecting the means of payment,
If it is step S703 is continued, if otherwise jumping to step S713.
Step S703:When user is paid the bill using mobile payment module, mobile payment module is adjusted by system break
It is deployed in the secure payment trusted application of TEE environment.
Step S704:Credible execution module 502 performs secure payment trusted application, using local key, to paying
APP (mobile payment module 507) carries out safety certification, and establishes transaction data escape way.
Step S705:Pay the transaction branch that this payment transaction is needed to sign and confirm by APP (mobile payment module 507)
Pay information include but is not limited to name of firm, O/No., dealing money, trade date, opponent's accounts information, opponent's name in an account book,
Whether the machine transaction etc. information, by S704 establish escape way be sent to credible execution module 502, credible execution module
502 perform secure payment TA decrypts payment information by S704 channel keys.
Step S706:Credible execution module 502 is by the transaction payment information after above-mentioned decryption, by controlling credible display mould
This transaction confirmation is presented to safely user by block.
Step S707:User is confirmed on the secure and trusted display module of mobile phone under then continuing after transaction payment information is errorless
One step, otherwise it is assumed that the transaction has the risk being tampered, selection is closed the trade.
Step S708:For credible execution module 502 after receiving user and confirming operating result, performing secure payment TA controls can
Letter display module enters authenticating user identification, and user believes according in the default authenticating user identifications of initialization link step S205
Breath, user's ID authentication information corresponding to typing include but is not limited to the modes such as fingerprint, iris, password, figure.Credible execution mould
Block 502 performs the identity information of secure payment TA checking user, is verified, continues next step, more than failing to complete three times
Then close the trade.
Step S709:Credible execution module 502 performs secure payment TA, judges whether current transaction is that this equipment is initiated,
If it is step S710 is continued executing with, otherwise performs step S715.
Step S710:Credible execution module 502 performs secure payment TA, using the private key deposited in TEE to mobile payment
The transaction payment information that module is submitted is signed, and obtains trading signature information, it is ensured that the transaction payment information will not be usurped
Change.And using transaction hash value of the dynamic verification code generation key to the transaction payment information, enter together with the current time factor
Row encryption, generates dynamic verification code.Credible execution module 502 performs secure payment TA, by above-mentioned trading signature information, together with dynamic
State identifying code returns to mobile payment module by escape way.
Step S711:Trading signature information, dynamic verification code are submitted to mobile payment server and tested by mobile payment module
Card.
Step S712:Mobile payment server has verified trading signature information and dynamic verification code, is believed according to transaction payment
Breath is traded, and obtains transaction results, is sent transaction results to transaction terminal, is notified it to complete transaction.
In the case of transaction terminal and credible mobile payment device independence:
Step S713:Transaction terminal requests trading server, transaction payment request is transmitted to mobile payment service
Device, ask to carry out payment confirmation using credible mobile payment device.
Step S714:Transaction payment information is pushed to credible mobile payment device by mobile payment server, and passes through shifting
Dynamic payment module arouses the flow of payment authentication, performs step S703 to step S709.
Step S715:Credible execution module 502 performs secure payment TA, confirms that transaction payment information initiates non-equipment hair
Rise, then include but is not limited to O/No. to transaction payment information, pay serial number, dealing money, trade date, payment account
The information such as Hash calculate transaction hash value, and using dynamic verification code generation key to transaction hash value together with current time because
Son, generation dynamic verification code is calculated, secure payment TA is performed by credible execution module 502, calls credible display module to be presented on
Intelligent mobile terminal.
Step S716:The dynamic verification code that pays page input transaction of the user in transaction terminal.
Step S717:The dynamic that mobile payment server calculates generation using transaction payment information according to identical algorithm is tested
Code is demonstrate,proved, the dynamic verification code with paying page input is contrasted, and confirms whether the user initiates for transaction.Checking is completed to send and handed over
Easy result notice, completes transaction.
When it is implemented, the embodiment of the present invention also provides a kind of computer equipment, including memory, processor and it is stored in
Realized on memory and the computer program that can run on a processor, described in the computing device during computer program above-mentioned
Credible method of mobile payment.This is credible, and method of mobile payment refers to the method based on the proposition of credible mobile payment device.
The embodiment of the present invention also provides a kind of computer-readable recording medium, and the computer-readable recording medium storage has
Perform the computer program of above-mentioned credible method of mobile payment.This is credible, and method of mobile payment refers to being based on credible mobile payment
The method that device proposes.
In summary, credible mobile payment device proposed by the present invention, system and method (based on TEE and dynamic password),
The security and convenience of mobile payment can be effectively improved.Specific effect is as follows:
1st, the Transaction Information based on credible performing environment provided by the invention confirms, trading signature and identifying code are recorded
Enter, allow user's payment transaction key element to reach finding and signed, input is the effect of encryption, greatly improves the safety of transaction
Property.
2nd, applied by the invention, user departs from incredible short message activation identifying code and numerous and diverse safety verification is attached
Equipment, it is only necessary to which the secure payment TA and payment APP installed on intelligent mobile terminal can complete Secure Transaction, the facility of payment
Property can be improved.
3rd, the method for mobile payment provided by the invention, can compatible various terminal equipment, user any channel appoint
What position is paid, and can obtain safe guarantee.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can use the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can use the computer for wherein including computer usable program code in one or more
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processors of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which produces, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, so as in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the embodiment of the present invention can have various modifications and variations.Within the spirit and principles of the invention, made
Any modification, equivalent substitution and improvements etc., should be included in the scope of the protection.
Claims (24)
1. a kind of credible mobile payment device, this is credible mobile payment device is using intelligent mobile terminal as carrier, it is characterised in that
Including:Credible execution module, secure storage module and mobile payment module;
Wherein, the credible execution module is used for:Installation and operation secure payment trusted application, is deposited according to from the safety
Transaction payment information is encrypted the first key that storage module obtains, and generates dynamic verification code, the dynamic verification code is sent out
Deliver to the mobile payment module;
The secure storage module is used for:Store secure payment trusted application and first key;
The mobile payment module is used for:Transaction payment information is sent to the credible execution module;By the dynamic authentication
Code is sent to external equipment;
The transaction payment information is sent to the mobile payment module by external equipment, or by credible mobile payment device with
Generated when family is traded.
2. credible mobile payment device as claimed in claim 1, it is characterised in that the credible execution module is specifically used for:
Transaction payment information is encrypted as follows:
Determine the transaction hash values of transaction payment information, using from the first key that the secure storage module obtains to transaction
Hash values are encrypted together with the current time factor, generate dynamic verification code.
3. credible mobile payment device as claimed in claim 1, it is characterised in that the secure storage module is additionally operable to:Deposit
Store up the second key;
The credible execution module is additionally operable to:According to the second key obtained from the secure storage module to transaction payment information
It is digitally signed, generates trading signature information, the trading signature information is sent to the mobile payment module;
The mobile payment module is additionally operable to:The trading signature information is sent to external equipment.
4. credible mobile payment device as claimed in claim 1, it is characterised in that also include:Credible display module and credible
Input module;
The credible execution module is additionally operable to:The transaction payment information and the dynamic verification code are sent to described credible aobvious
Show module;When carrying out payment transaction, the user's ID authentication information stored in secure storage module is inputted again with user
User's ID authentication information be compared, user identity is determined according to comparative result;
The credible display module is used for:Show the transaction payment information and the dynamic verification code;
The credible input module is used for:Receive the user's ID authentication information of user's input;
The secure storage module is additionally operable to:Store user's ID authentication information.
A kind of 5. credible method of mobile payment, it is characterised in that including:
Transaction payment information is encrypted, generates dynamic verification code;
The dynamic verification code is sent to external equipment.
6. credible method of mobile payment as claimed in claim 5, it is characterised in that as follows to transaction payment information
It is encrypted:
The transaction hash values of transaction payment information are determined, transaction hash values are carried out together with the current time factor using first key
Encryption, generate dynamic verification code.
7. credible method of mobile payment as claimed in claim 5, it is characterised in that also include:
Transaction payment information is digitally signed using the second key, generates trading signature information;
The trading signature information is sent to external equipment.
8. credible method of mobile payment as claimed in claim 5, it is characterised in that also include:
When carrying out payment transaction, the authenticating user identification that the user's ID authentication information stored and user are inputted again is believed
Breath is compared, and user identity is determined according to comparative result.
A kind of 9. credible mobile-payment system, it is characterised in that including:Transaction terminal, trading server, mobile payment server
With the credible mobile payment device described in any one of Claims 1-4;
The transaction terminal is used for:The transaction payment information of generation is sent to trading server, receives the first of user's input
Dynamic verification code, first dynamic verification code is sent to trading server;Receive the transaction payment result;
The trading server is used for:The transaction payment information and first dynamic verification code are sent to mobile payment and taken
Business device;The transaction payment result of reception is sent to the transaction terminal;
The mobile payment server is used for:The transaction payment information is sent to the credible mobile payment device;To handing over
Easy payment information is encrypted, and the second dynamic verification code is obtained, in the first dynamic verification code and the second dynamic verification code identical
In the case of, transaction payment is completed, transaction payment result is obtained, the transaction payment result is sent to the trading server;
The credible mobile payment device is used for:The transaction payment information is received, it is logical being verified to user's ID authentication information
Later, the transaction payment information is encrypted, obtains the first dynamic verification code;
Method and the credible mobile payment dress used by transaction payment information is encrypted the mobile payment server
It is identical to put method used by transaction payment information is encrypted.
10. credible mobile-payment system as claimed in claim 9, it is characterised in that the credible mobile payment device is specific
For:
User's ID authentication information is verified as follows:
The user's ID authentication information of user's typing is received, by the user's ID authentication information and credible mobile payment device
The user's ID authentication information of storage is compared, when the user's ID authentication information in credible mobile payment device with storing
User's ID authentication information it is identical when, then subscriber authentication passes through;
When the user's ID authentication information stored in the user's ID authentication information and credible mobile payment device differs,
The user's ID authentication information that user re-types is received, in user's ID authentication information and the credible movement of preset times typing
When the user's ID authentication information stored in payment mechanism differs, subscriber authentication is not by the way that authentication is failed
Information is sent to the mobile payment server;
The mobile payment server is additionally operable to:Result is not completed according to the transaction of authentication failure information generation second,
Described second transaction is not completed into result to send to the trading server;
The trading server is additionally operable to:Described second transaction is not completed into result to send to the transaction terminal;
The transaction terminal is additionally operable to:Receive the not complete rear result of second transaction.
11. credible mobile-payment system as claimed in claim 9, it is characterised in that the credible mobile payment device is also used
In:
After the transaction payment information is received, by the transaction payment information in the credible aobvious of the credible mobile payment device
Show that module is shown, receive user's input to the transaction payment validation of information result, when the confirmation result to confirm
The payment information is correct, and user's ID authentication information is verified;When the confirmation result is the confirmation payment information
Mistake, then the confirmation result is sent to the mobile payment server;
The mobile payment server is additionally operable to:Result is not completed according to the transaction of confirmation result generation the 3rd, by described the
Three transaction do not complete result and sent to the trading server;
The trading server is additionally operable to:Described 3rd transaction is not completed into result to send to the transaction terminal;
The transaction terminal is additionally operable to:Receive and show the not complete rear result of the 3rd transaction.
A kind of 12. credible method of mobile payment, it is characterised in that including:
Transaction terminal sends the transaction payment information of generation to credible mobile branch by trading server, mobile payment server
Pay device;
Credible mobile payment device receives the transaction payment information, after being verified to user's ID authentication information, to institute
State transaction payment information to be encrypted, obtain the first dynamic verification code;
Transaction terminal receives first dynamic verification code of user's input, and first dynamic verification code is passed through into transactional services
Device is sent to mobile payment server;
Transaction payment information is encrypted mobile payment server, the second dynamic verification code is obtained, in the first dynamic verification code
In the case of the second dynamic verification code identical, transaction payment is completed, transaction payment result is obtained, by the transaction payment result
Sent by the trading server to transaction terminal;
Transaction terminal receives the transaction payment result;
Method and the credible mobile payment dress used by transaction payment information is encrypted the mobile payment server
It is identical to put method used by transaction payment information is encrypted.
13. credible method of mobile payment as claimed in claim 12, it is characterised in that the credible mobile payment device is by such as
Under type is verified to user's ID authentication information:
The user's ID authentication information of user's typing is received, by the user's ID authentication information and credible mobile payment device
The user's ID authentication information of storage is compared, when the user's ID authentication information in credible mobile payment device with storing
User's ID authentication information it is identical when, then subscriber authentication passes through;
When the user's ID authentication information stored in the user's ID authentication information and credible mobile payment device differs,
The user's ID authentication information that user re-types is received, in user's ID authentication information and the credible movement of preset times typing
When the user's ID authentication information stored in payment mechanism differs, subscriber authentication is not by the way that authentication is failed
Information is sent to the mobile payment server;
The mobile payment server is additionally operable to:Result is not completed according to the transaction of authentication failure information generation second,
Described second transaction is not completed into result to send to the transaction terminal by the trading server;
The transaction terminal receives the not complete rear result of second transaction.
14. credible method of mobile payment as claimed in claim 12, it is characterised in that also include:
The credible mobile payment device is after the transaction payment information is received, by the transaction payment information described credible
The credible display module of mobile payment device is shown, receives the confirmation knot to the transaction payment information of user's input
Fruit, result is confirmed to confirm that the payment information is correct when described, user's ID authentication information is verified;When the confirmation
As a result to confirm the payment information mistake, then the confirmation result is sent to the mobile payment server;
The mobile payment server does not complete result according to the transaction of confirmation result generation the 3rd, by the described 3rd transaction not
Result is completed to send to the transaction terminal by the trading server;
The transaction terminal is additionally operable to:Receive and show the not complete rear result of the 3rd transaction.
A kind of 15. credible mobile-payment system, it is characterised in that including:Credible movement described in any one of Claims 1-4
Payment mechanism, trading server, mobile payment server;
Wherein, the credible mobile payment device is used for:After being verified to user's ID authentication information, the transaction to generation
Payment information is digitally signed, and obtains the first trading signature information, the transaction payment information is encrypted, and obtains first
Dynamic verification code, the first trading signature information, the first dynamic verification code and the transaction payment information are taken by merchandising
Business device is sent to the mobile payment server;Receive the transaction payment result;
The mobile payment server is used for:The transaction payment information of reception is digitally signed, the transaction of generation second
Signing messages, the transaction payment information is encrypted, obtains the second dynamic verification code, in the first trading signature information and the
In the case of two trading signature information and the first dynamic verification code and the second dynamic verification code all same, according to the transaction payment
Information complete transaction payment, obtain transaction payment result, by the transaction payment result by the trading server send to
The credible mobile payment device;
Method and described credible used by the mobile payment server is digitally signed and encrypted to transaction payment information
Method is identical used by mobile payment device is digitally signed to transaction payment information with encryption.
16. credible mobile-payment system as claimed in claim 15, it is characterised in that the mobile payment server is also used
In:Differed in the first trading signature information and the second trading signature information, or, the first dynamic verification code and the second dynamic are tested
In the case that card code differs, the transaction of generation first does not complete result, and the described first transaction is not completed into result passes through the friendship
Easy server is sent to the credible mobile payment device;
The credible mobile payment device is additionally operable to:Receive the not complete rear result of first transaction.
17. credible mobile-payment system as claimed in claim 15, it is characterised in that the credible mobile payment device is specific
For:
User's ID authentication information is verified as follows:
The user's ID authentication information of user's typing is received, by the user's ID authentication information and credible mobile payment device
The user's ID authentication information of storage is compared, when the user's ID authentication information in credible mobile payment device with storing
User's ID authentication information it is identical when, then subscriber authentication passes through;
When the user's ID authentication information stored in the user's ID authentication information and credible mobile payment device differs,
The user's ID authentication information that user re-types is received, in user's ID authentication information and the credible movement of preset times typing
When the user's ID authentication information stored in payment mechanism differs, subscriber authentication is not by the way that authentication is failed
Information is sent to the mobile payment server by the trading server;
The mobile payment server is additionally operable to:Result is not completed according to the transaction of authentication failure information generation second,
Described second transaction is not completed into result to send to the credible mobile payment device by the trading server;
The credible mobile payment device is additionally operable to:Receive the not complete rear result of second transaction.
18. credible mobile-payment system as claimed in claim 15, it is characterised in that the credible mobile payment device is also used
In:
After the transaction payment information is generated, by the transaction payment information in the credible aobvious of the credible mobile payment device
Show that module is shown, receive the confirmation result to the transaction payment information of user's input, when the confirmation result is true
It is correct to recognize the payment information, then user's ID authentication information is verified;When the confirmation result is the confirmation payment
Information errors, then the confirmation result is sent to the mobile payment server by the trading server;
The mobile payment server is additionally operable to:Result is not completed according to the transaction of confirmation result generation the 3rd, by described the
Three transaction do not complete result and sent by the trading server to the credible mobile payment device;
The credible mobile payment device is additionally operable to:Receive and show the not complete rear result of second transaction.
A kind of 19. credible method of mobile payment, it is characterised in that including:
Credible mobile payment device enters line number after being verified to user's ID authentication information, to the transaction payment information of generation
Word is signed, and obtains the first trading signature information, the transaction payment information is encrypted, and obtains the first dynamic verification code, will
The first trading signature information, the first dynamic verification code and the transaction payment information are sent to described by trading server
Mobile payment server;
Mobile payment server is digitally signed to the transaction payment information of reception, generates the second trading signature information,
The transaction payment information is encrypted, obtains the second dynamic verification code, is signed in the first trading signature information and the second transaction
In the case of name information and the first dynamic verification code and the second dynamic verification code all same, completed according to the transaction payment information
Transaction payment, transaction payment result is obtained, the transaction payment result is sent to described credible by the trading server
Mobile payment device;
Credible mobile payment device receives the transaction payment result;
Method and the credible movement used by mobile payment server is digitally signed and encrypted to transaction payment information
Method is identical used by payment mechanism is digitally signed to transaction payment information with encryption.
20. credible method of mobile payment as claimed in claim 19, it is characterised in that also include:
The mobile payment server differs in the first trading signature information and the second trading signature information, or, the first dynamic
In the case that identifying code and the second dynamic verification code differ, the transaction of generation first does not complete result, by the described first transaction not
Result is completed to send to the credible mobile payment device by the trading server;
The credible mobile payment device is additionally operable to:Receive the not complete rear result of first transaction.
21. credible method of mobile payment as claimed in claim 19, it is characterised in that the credible mobile payment device is by such as
Under type is verified to user's ID authentication information:
The user's ID authentication information of user's typing is received, by the user's ID authentication information and credible mobile payment device
The user's ID authentication information of storage is compared, when the user's ID authentication information in credible mobile payment device with storing
User's ID authentication information it is identical when, then subscriber authentication passes through;
When the user's ID authentication information stored in the user's ID authentication information and credible mobile payment device differs,
The user's ID authentication information that user re-types is received, in user's ID authentication information and the credible movement of preset times typing
When the user's ID authentication information stored in payment mechanism differs, subscriber authentication is not by the way that authentication is failed
Information is sent to the mobile payment server by the trading server;
The mobile payment server does not complete result according to the transaction of authentication failure information generation second, by described the
Two transaction do not complete result and sent by the trading server to the credible mobile payment device;
The credible mobile payment device receives the not complete rear result of second transaction.
22. credible method of mobile payment as claimed in claim 19, it is characterised in that also include:
The credible mobile payment device is after the transaction payment information is generated, by the transaction payment information described credible
The credible display module of mobile payment device is shown, receives the confirmation knot to the transaction payment information of user's input
Fruit, result is confirmed to confirm that the payment information is correct when described, then user's ID authentication information is verified;When described true
Result is recognized to confirm the payment information mistake, then is sent the confirmation result to the movement by the trading server
Paying server;
The mobile payment server does not complete result according to the transaction of confirmation result generation the 3rd, by the described 3rd transaction not
Result is completed to send to the credible mobile payment device by the trading server;
The credible mobile payment device receives and shows the not complete rear result of second transaction.
23. a kind of computer equipment, including memory, processor and storage are on a memory and the meter that can run on a processor
Calculation machine program, it is characterised in that realize any side of claim 5 to 8 described in the computing device during computer program
Method.
24. a kind of computer-readable recording medium, it is characterised in that the computer-readable recording medium storage has perform claim
It is required that the computer program of 5 to 8 any methods describeds.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710630013.0A CN107464109B (en) | 2017-07-28 | 2017-07-28 | Trusted mobile payment device, system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710630013.0A CN107464109B (en) | 2017-07-28 | 2017-07-28 | Trusted mobile payment device, system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107464109A true CN107464109A (en) | 2017-12-12 |
| CN107464109B CN107464109B (en) | 2020-10-20 |
Family
ID=60547773
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710630013.0A Active CN107464109B (en) | 2017-07-28 | 2017-07-28 | Trusted mobile payment device, system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107464109B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108241980A (en) * | 2018-01-02 | 2018-07-03 | 中国工商银行股份有限公司 | Authorization and authentication method, system and the ebanking server of cross-terminal, Mobile Server |
| CN108449322A (en) * | 2018-02-13 | 2018-08-24 | 环球鑫彩(北京)彩票投资管理有限公司 | Identity registration, authentication method, system and relevant device |
| CN108647971A (en) * | 2018-07-18 | 2018-10-12 | 北京东方英卡数字信息技术有限公司 | Account safety method and smart card system in a kind of user payment |
| CN109063438A (en) * | 2018-08-06 | 2018-12-21 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | A kind of data access method, device, local data secure access equipment and terminal |
| CN109460991A (en) * | 2018-10-25 | 2019-03-12 | 孔文国 | Mobile device near field payment data exchange system and method based on safe unit |
| WO2019133769A1 (en) | 2017-12-29 | 2019-07-04 | Idee Limited | Single sign on (sso) using continuous authentication |
| CN110998581A (en) * | 2019-03-26 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Program execution and data attestation scheme using multiple key pairs for signatures |
| CN111917680A (en) * | 2019-05-07 | 2020-11-10 | 中国移动通信集团湖南有限公司 | Encryption system, method, server and storage medium |
| CN117593011A (en) * | 2024-01-18 | 2024-02-23 | 深圳市金百锐通信科技有限公司 | Secure payment method, device and equipment in mobile payment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB2366432A (en) * | 2000-09-04 | 2002-03-06 | Sonera Smarttrust Oy | Secure electronic payment system |
| CN102082664A (en) * | 2009-11-30 | 2011-06-01 | 腾讯科技(深圳)有限公司 | Network data safety transmission system and network data safety transmission method |
| CN104680376B (en) * | 2015-03-13 | 2017-11-07 | 中国工商银行股份有限公司 | A kind of Transaction Information verification method and device |
| CN106899552B (en) * | 2015-12-21 | 2020-03-20 | 中国电信股份有限公司 | Authentication method, authentication terminal and system |
| CN106506472B (en) * | 2016-11-01 | 2019-08-02 | 黄付营 | A kind of safe mobile terminal digital certificate method and system |
-
2017
- 2017-07-28 CN CN201710630013.0A patent/CN107464109B/en active Active
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019133769A1 (en) | 2017-12-29 | 2019-07-04 | Idee Limited | Single sign on (sso) using continuous authentication |
| EP3732599A4 (en) * | 2017-12-29 | 2021-09-01 | Idee Limited | Single sign on (sso) using continuous authentication |
| US11252142B2 (en) | 2017-12-29 | 2022-02-15 | Idee Limited | Single sign on (SSO) using continuous authentication |
| CN108241980A (en) * | 2018-01-02 | 2018-07-03 | 中国工商银行股份有限公司 | Authorization and authentication method, system and the ebanking server of cross-terminal, Mobile Server |
| CN108449322A (en) * | 2018-02-13 | 2018-08-24 | 环球鑫彩(北京)彩票投资管理有限公司 | Identity registration, authentication method, system and relevant device |
| CN108647971A (en) * | 2018-07-18 | 2018-10-12 | 北京东方英卡数字信息技术有限公司 | Account safety method and smart card system in a kind of user payment |
| CN109063438A (en) * | 2018-08-06 | 2018-12-21 | 中钞信用卡产业发展有限公司杭州区块链技术研究院 | A kind of data access method, device, local data secure access equipment and terminal |
| CN109460991A (en) * | 2018-10-25 | 2019-03-12 | 孔文国 | Mobile device near field payment data exchange system and method based on safe unit |
| CN110998581A (en) * | 2019-03-26 | 2020-04-10 | 阿里巴巴集团控股有限公司 | Program execution and data attestation scheme using multiple key pairs for signatures |
| CN111917680A (en) * | 2019-05-07 | 2020-11-10 | 中国移动通信集团湖南有限公司 | Encryption system, method, server and storage medium |
| CN117593011A (en) * | 2024-01-18 | 2024-02-23 | 深圳市金百锐通信科技有限公司 | Secure payment method, device and equipment in mobile payment |
| CN117593011B (en) * | 2024-01-18 | 2024-04-30 | 深圳市金百锐通信科技有限公司 | Secure payment method, device and equipment in mobile payment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107464109B (en) | 2020-10-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107464109A (en) | Credible mobile payment device, system and method | |
| US20200167775A1 (en) | Virtual pos terminal method and apparatus | |
| US10057763B2 (en) | Soft token system | |
| JP6092998B2 (en) | System and method for enhancing transaction security | |
| CN104778794B (en) | mobile payment device and method | |
| CN105391840B (en) | Automatically create destination application | |
| CN104115464B (en) | Control is accessed | |
| AU2016259459B2 (en) | Method for phone authentication in e-business transactions and computer-readable recording medium having program for phone authentication in e-business transactions recorded thereon | |
| CN111213171A (en) | Method and apparatus for secure offline payment | |
| JP6552714B2 (en) | Data processing method and system, and wearable electronic device | |
| EP2098985A2 (en) | Secure financial reader architecture | |
| JP2018515011A (en) | Method and apparatus for authenticating user, method and apparatus for registering wearable device | |
| US20090222383A1 (en) | Secure Financial Reader Architecture | |
| CN106716957A (en) | Efficient and reliable attestation | |
| US20090086980A1 (en) | Enabling a secure oem platform feature in a computing environment | |
| CN114465726B (en) | Digital wallet security framework system based on security unit and trusted execution environment | |
| WO2012126392A1 (en) | Internet based security information interaction apparatus and method | |
| US20230325178A1 (en) | Tokenized mobile device update systems and methods | |
| CN114462989A (en) | Method, device and system for starting digital currency hardware wallet application | |
| JP2022054439A (en) | Payment method and system for central bank digital currency | |
| CN105187447B (en) | A kind of terminal security login method | |
| WO2014151245A1 (en) | Personal authentication device and system for securing transactions on a mobile device | |
| CN104769628B (en) | Method, system and the computer-readable medium negotiated for the tranaction costs for currency remittance | |
| CN105208031B (en) | A kind of terminal authentication method | |
| WO2016124032A1 (en) | Data exchange method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |