CN202230487U - Mobile paying code processor and system - Google Patents

Mobile paying code processor and system Download PDF

Info

Publication number
CN202230487U
CN202230487U CN2011202748216U CN201120274821U CN202230487U CN 202230487 U CN202230487 U CN 202230487U CN 2011202748216 U CN2011202748216 U CN 2011202748216U CN 201120274821 U CN201120274821 U CN 201120274821U CN 202230487 U CN202230487 U CN 202230487U
Authority
CN
China
Prior art keywords
password
account
access control
mobile payment
long
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2011202748216U
Other languages
Chinese (zh)
Inventor
邵军利
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN2011202748216U priority Critical patent/CN202230487U/en
Application granted granted Critical
Publication of CN202230487U publication Critical patent/CN202230487U/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The utility model discloses mobile paying code processor and system. The mobile paying code processor comprises a parameter presetting unit, a memorizer, a mobile paying code processing unit and a communicating unit; an access control code, a remote account code, and a control relation between the access control code and the remote account code are set by the parameter presetting unit in advance; the memorizer is used for storing the access control code and the control relation between the access control code and the remote account code; the mobile paying code processing unit is used for obtaining the remote account code according to the access control code and the control relation between the access control code and the remote account code, which are stored by the memorizer, and forming a strong secret key by utilizing the operation of the remote account code, thereby encrypting the sign data of transaction information; and the communicating unit is used for transmitting the encrypted sign data. According to the mobile paying code processor, the convenience of mobile paying is improved, the safety and the adaptability of the mobile paying are enhanced, and the use cost of the mobile paying is lowered.

Description

Mobile payment encryption processing apparatus and system
Technical field
The utility model relates to the E-Payment field, relates in particular to mobile payment encryption processing apparatus and system.
Background technology
The affirmation of existing bank paying information has three kinds of basic modes: credit payment mode, debit card account number cipher matching way, IC-card or USBKEY digital signature mode.
The condition and the cost of these three kinds of processing requirements have nothing in common with each other.Credit payment as long as generally number of the account is arranged, can not adopt the password payment, or also adopts the password payment; Debit card account number cipher matching way; Then to have number of the account; Also will have the holder to be only limited to the password of knowing in person, but the password payment strictly must be adopted the mode of the hardware encipher of code keypad, whenever password is occurred with form expressly with the place in system; IC-card or USBKEY digital signature mode, then requirement has the signature of special hardware handles number of the account, and prior USB KEY has display screen and button.But this mode payment cost is the highest, also requires to purchase independently hardware, and popularizes and also need expend certain hour.
Because Credit Card Payments do not need password, thus credit card number to have exposed then be danger close, in addition, more serious is that the name information that the coupling card number can occur is stolen together.
Existing America and Europe's bank paying system has adopted pin mode, and this mode has been mated special hardware encryption keyboard, adopts the cipher mode of 3DES, and in processing, need obtain the encryption key of daily operation.Obtain uploading to receiving bank after the password ciphertext, further deciphering is encrypted and is delivered to the EMV network and credit card issuer removes to compare password.
This be because receiving bank's code keypad can't with the enciphered message of so numerous credit card issuer exchange of management, can only be that the code keypad of receiving bank has been encrypted, after receiving bank's deciphering, in the EMV network, encrypt earlier again in transmission, up to being sent to credit card issuer.
This is the complicated security system of a cover.Moreover also have some theoretic leaks; That is exactly the transmission mandate system at receiving bank or EMV network (technology that the bank card that Europay, MasterCard and Visa initiate to formulate jointly shifts to intellective IC card from magnetic stripe card); Encrypting after password is deciphered again and transmit, is the personal identification number that can know the credit card issuer holder in receiving bank in other words.Problem is few certainly in this actual motion; What rely on is the trusting relationship between the system of EMV/ Unionpay, but the technical responsibility that is difficult to distinguish leakage really: that is exactly that password each processing links in system can know that all these links comprise receiving bank; Payment clearance network, credit card issuer.
A lot of when payment is discussed, perhaps mobile payment the time, do not consider how making things convenient for of this important parameter of password, handle safely.Like the payment of mobile phone NFC, be employed in the mode of input password on the bank POS terminal, this is extremely inconvenient.If can on mobile phone, input password, and not at the scene of payment input password, but can input password in advance, this also has privacy for the convenience that accesses to your password, and is very important.
Development along with technology; Mobile phone has been an opening; Instrument with powerful arithmetic capability, being different from the magnetic stripe card that uses in the past fully is exactly the carrier of a number of the account, and it not only can be used for handling the input of account password; The cryptographic calculation of password can also be carried out, computing can be accomplished with the credit card issuer coupling.Send the code keypad of oneself on such arithmetic logic just as credit card issuer separately, can define personal algorithm, key matees with credit card issuer fully and does not receive the restriction of receiving bank.The handling problem that solves password with regard to safe and complete ground like this, directly corresponding processing with credit card issuer, authorisation network is a transparent passage.
The utility model content
The purpose of the utility model provides mobile payment encryption processing apparatus and system, to solve the safety issue of utilizing scene input passwords such as mobile device such as mobile phone to bring in the prior art, offers safer, the payment easily of user.
To achieve these goals, the utility model provides a kind of mobile payment encryption processing apparatus, and said mobile payment encryption processing apparatus comprises: parameter is preset unit, storer, mobile payment cryptography processing units and communication unit;
The preset unit of said parameter is connected with said storer, and said storer is connected with said mobile payment cryptography processing units, and said mobile payment cryptography processing units is connected with said communication unit;
The preset unit of said parameter is provided with access control password, remote account password in advance, and the control relation between said access control password and the remote account password; Control relation between the said access control password of said memory stores and said access control password and the remote account password; Said mobile payment cryptographic processing is according to the said access control password of said memory stores and the control relation between said access control password and the remote account password; Obtain the said remote account password of storage; And with said remote account crypto-operation formation strong encryption keys, encrypted transaction message signed data; Signed data after said communication unit will be encrypted sends.
Said storer is permanent storage or scratchpad memory.
Said mobile payment cryptography processing units also comprises: key generation unit and remote account ciphertext unit; Said key generation unit respectively with said storer and remote account ciphertext unit be connected, said remote account ciphertext unit is connected with said communication unit; Said key generation unit will be encrypted the remote account password reduction that disperses, according to forming a strong encryption keys with long-range number of the account system corresponding algorithm computing; Said remote account ciphertext unit uses said strong encryption keys that the signed data of transaction payment information is encrypted, and forms and the relevant ciphertext of said long-range account number cipher, sends through said communication unit.
To achieve these goals, the utility model also provides a kind of mobile payment cryptographic processing system that comprises above-mentioned mobile payment encryption processing apparatus.
The utility model mobile payment encryption processing apparatus and system have improved the convenience of mobile payment, have strengthened the security of mobile payment, strengthen the adaptability of mobile payment, reduce the use cost of mobile payment.
Description of drawings
Fig. 1 is the process flow diagram of the utility model mobile payment cipher processing method;
Fig. 2 is the structural representation of the utility model mobile payment encryption processing apparatus;
Fig. 3 is the structural representation of the utility model mobile payment cryptographic processing system.
Embodiment
According to accompanying drawing and embodiment, the technical scheme of the utility model is done further detailed description below.
As shown in Figure 1, be the process flow diagram of the utility model mobile payment cipher processing method.This method comprises following process:
Step 11 is provided with in advance and password, remote account password are controlled in memory access, and the control relation between said access control password and the remote account password; Also comprise the controlled attribute that is provided with and stores said access control password and remote account password in advance at the same time;
Said storage remote account password is specially: the said remote account password that will be provided with in advance converts the first remote account ciphertext to; The said first remote account ciphertext is disperseed and encrypted, and the said first remote account ciphertext after will disperseing and encrypt is stored in the variable.
Long-range account number cipher is encrypted and disperseed to be stored in the transient memory, and is out of service, promptly destroys.The access control password belongs to local control password, can be stored in the storer, and can be nonvolatil storer, flash memory FLASH for example.
The occasion of password is controlled for the not high input reference that needs of security requirement in scene in transaction, and it is just passable only to need to press acknowledgement key.Reduce the chance that on-the-spot input reference control password makes it to expose, strengthened simplicity again.
If long-range account number cipher, then level security requires highlyer, in advance or the input down of the environment of secret, has also reduced the chance that has exposed at home, has increased security.For long-range account number cipher, control relation is set at needs instant input reference control password, even others has usurped user's mobile phone like this, even long-range account number cipher is in effective status, does not know that the access control password also can't usurp long-range account number cipher.The preparatory input of password mainly is the agility that has improved payment, simplicity, and security.
The access control password mainly is that the control id number uses, and the perhaps local security of using is such as electronic ticket; The access control password also can be controlled simultaneously the use of long-range account number cipher.When allowing to use this id number or electronic money, import this access control password authentification according to getting final product, such as electronic money and electronic ticket etc., when the access control password was effective, its safety of software control and management of balance got final product.Under the situation that long-range account number cipher has been imported in advance, at the scene of transaction processing, the access control password that input is corresponding need not be imported long-range account number cipher again, has reduced the chance that long-range account number cipher exposes, and has strengthened the convenience of using.
Can certainly select directly by long-range account number cipher state; And the controlled variable of long-range account number cipher; The long-range account number cipher of access control cipher control, the convenience of increase processing are like this can't help in the effectively processing of life span and two long-range account number ciphers of parameter determining of access times.
Control relation between said access control password and the remote account password is specially: the obtaining of said one or more said remote account passwords of access control cipher control.That is, access control password and long-range account number cipher can be many groups, and the relation between them is set up according to setting, one to one, and one-to-many, or the like, can be provided with.
Access control password and long-range account number cipher all can be imported in advance, but not in the input of transaction site instant, with the convenient and swift and secure private property that guarantees to handle.After the input, password promptly is in a state of activation in the payment processes module, can use in advance.Only need press simple button again confirms and can use.Its medium-long range account number cipher uses, and then can be set to once more the corresponding access control password of site instant input, uses the security of link to guarantee long-range number of the account, after losing such as portable terminal, also has the protection of access control password.
After access control password and the input of long-range account number cipher, be provided with two kinds of controlled attributes: activate life span, use limited number of times.These two kinds of attributes can be provided with, and activate security afterwards to guarantee the password input.After input reference control password and long-range account number cipher have arrived the time of setting, cryptogram destruction, no longer valid.After the inferior number of times of having counted to setting that accesses to your password, cryptogram destruction, no longer valid.Password after destroying need re-enter and could get into effective state of activation once more.With the contrast of storing, correctly come into force at once afterwards after the input of access control password.
Step 12; According to the control relation between said access control password and said access control password and the remote account password; Obtain said remote account password; The encryption key that utilizes said remote account cryptographic calculations to form comes the signed data of encrypted transaction message, and sends this signed data ciphertext;
In the step 12, the encryption key that utilizes said remote account cryptographic calculations to form comes the signed data of encrypted transaction message, and sends this signed data and specifically comprise:
Step 121 is with the remote account password reduction that encrypt to disperse, according to forming a strong encryption keys with long-range number of the account system corresponding algorithm computing;
Step 122 is used the signed data MAC encryption of said strong encryption keys to transaction payment information, forms the second remote account ciphertext relevant with said long-range account number cipher; The encryption computing method here relates to the algorithm of the one-way function of password input, obtains the algorithm of strong encryption keys by password, and the algorithm that MAC encrypts can have the version of different variations, along with the version of personal terminal changes and changes; Bank's end is then supported a plurality of versions simultaneously, and version is along with the time then constantly upgrades;
Step 123 is sent to long-range number of the account system with the said second remote account ciphertext.
The encryption computing method of the utility model is different from the method that traditional download key becomes the password plain text encryption ciphertext.The utility model is described to be a kind of cipher processing method of downloading key that do not have, and is that to obtain encryption key to long-range account number cipher according to certain algorithm be strong encryption keys, and ciphered data neither the password plaintext, but the signed data MAC of transaction payment information.Even know MAC plaintext and ciphertext so simultaneously, obtaining encryption key from mathematical theory also is a big number difficult problem.Even be cracked one also is the password of single bank's card number, rather than the encryption key downloaded of crucial code keypad.
After said step 12, also can comprise step 13,, said access control password and remote account password carried out validity control according to the controlled attribute of said access control password and remote account password with said remote account password encryption and transmission.
Access control password and remote account password have carried out being provided with in advance and storing, the most important control that will carry out security exactly to the use of password.At this, use the limited number of times controlled attribute to control according to activation life span controlled attribute of the password in the controlled attribute of said access control password and remote account password and password.
Behind input reference control password, just effective in password activates life span, surpass this time, cryptogram destruction is invalid.
Password access times controlled attribute, after this access control password of use reached this number of times restriction, cryptogram destruction was invalid.Such as just using 1 inefficacy.Promptly in step 13, find to have used one time the access control password, then access control cipher control was for losing efficacy.This method all can adopt access control password and long-range account number cipher.
The utility model can also be provided with the Rapid Combination key pin and ruin password, if desired, then can press the Rapid Combination key of setting, makes cryptogram destruction invalid.This can let the user thoroughly relieved simply.
When said access control password was made amendment or reset, said long-range account number cipher was destroyed.The access control password surpasses also not correctly input of limited number of times, then destroys long-range account number cipher.
After the long-range account number cipher input, promptly carry out the One-Way Encryption computing corresponding with bank and obtain the first remote account ciphertext, ciphertext disperses to be stored in the variable afterwards, and the deciphering combination is participated in calculating during use.Promptly destroy the input vestige after the long-range account number cipher input.Long-range account number cipher destruction is invalid to be meant that variable release is invalid.
The access control password is a local password, is kept among the FLASH, and input is than getting into effective status after the correct.The access control cryptogram destruction is invalid, is meant that it is in invalid state, and the storage in the FLASH still effectively.
Step 14; Said long-range number of the account system will be according to the algorithm that is complementary; Use the remote account code data stored in the long-range number of the account system database according to the strong encryption keys that corresponding algorithm forms, the signed data of receiving Transaction Information encrypted, and with the signed data password of receiving be the said second remote account ciphertext relatively; If consistent, then confirm to have obtained correct password; If inconsistent, think that then long-range account number cipher is not right.
Long-range number of the account system waits other related algorithm for algorithm and the encryption that password forms key; Support a plurality of versions simultaneously; And constantly upgrading new version, a version of terminal processes also upgrades in time, so just realizes that security algorithm constantly dynamically upgrades
Be illustrated in figure 2 as a kind of mobile payment encryption processing apparatus, this device 2 comprises:
Parameter is preset unit 21, is used for being provided with in advance access control password, remote account password, and the control relation between said access control password and the remote account password;
Storer 22 is connected with the preset unit 21 of said parameter, is used for the control relation between memory access control password and said access control password and the remote account password; Storer 22 can be permanent storage or scratchpad memory.
Mobile payment cryptography processing units 23; Be connected with said storer 22; Be used for according to the control relation between said access control password and said access control password and the remote account password; Obtain said remote account password, and form strong encryption keys, encrypted transaction message signed data with said remote account crypto-operation;
Communication unit 24 is connected with said mobile payment cryptography processing units 23, is used for the signed data after encrypting is sent.
The preset unit 21 of said parameter also comprises the controlled attribute that is used for being provided with in advance said access control password and remote account password; Said mobile payment cryptography processing units 23 also comprises: be used for the controlled attribute according to said access control password and remote account password, said access control password and remote account password are carried out validity control.Permanent storage can be flash memory Flash, is one of implementation certainly, also can be temporary storer.
Said mobile payment cryptography processing units 23 comprises: the first remote account password generation unit 231; The said remote account password that is used for being provided with in advance converts the first remote account ciphertext to; The said first remote account ciphertext is disperseed and encrypted, and the said first remote account ciphertext after will disperseing and encrypt is stored in the variable.Said mobile payment cryptography processing units also comprises:
Key generation unit 232 is used for the said dispersion that is stored in variable and the said first remote account ciphertext computing after encrypting obtains strong encryption keys;
The second remote account ciphertext unit 233 is connected with communication unit 24 with said key generation unit 232, is used to use the signed data MAC encryption of said strong encryption keys to transaction payment information, forms the second remote account ciphertext relevant with said long-range account number cipher; And the said second remote account ciphertext passed to communication unit.
Control relation between said access control password and the remote account password is specially: the obtaining of said one or more said remote account passwords of access control cipher control.The controlled attribute of said access control password and remote account password specifically comprises: activate the life span controlled attribute and use the limited number of times controlled attribute.
Described mobile payment encryption processing apparatus has following processing capacity: input; Storage; Show; Computing; Communication; Be provided with.Can use the Rapid Combination key pin to ruin password, promptly press single button certain time or a plurality of key combinations, make password useless.And long-range account number cipher is destroyed in variable, and make the access control password be in disarmed state.
The input number of the account, id number, the input password, information, or the like.Input item and other are kept at FLASH, perhaps in the variable.Particularly, with number of the account, id number, information, the access control password waits to be kept among the FLASH; With the Bank Account Number password is that long-range account number cipher etc. is kept in the variable, out of servicely promptly destroys, and next operation need be re-entered; In addition transaction record also is kept among the FLASH, so that inquiry.
Demonstration needs the information of demonstration, such as prompting, and element of transaction information, or the like, definitely can not expressly show any encrypted message, no matter be the access control password, or long-range account number cipher.These encrypted messages just can not show once input again.Show also to comprise the status information that shows different passwords, make the user understand the input password and whether handle effective state.When transaction takes place the time, show the status information of communicating by letter with banking terminal, and the specifying information of transaction, such as the time, the amount of money, the termination number of bank, bank number, or the like.The previous transaction record that takes place of query display.Computing mainly is the cryptographic calculation of password, specifically is exactly to follow certain algorithm, earlier the strong encryption key of a correspondence of computing acquisition from account number cipher; With this as encryption key; The signed data MAC sign indicating number of encrypted transaction message is delivered to issuing bank to Transaction Information and this signed codevector ciphertext simultaneously, and credit card issuer and account relating obtain password from database; Version algorithm according to coupling is verified, with the correctness of Confirm Bank's password.According to the NFC module of smart mobile phone and the POS terminal communication of bank, the principle of mutual authentication, coded communication is taked in this communication, to resist outside eavesdropping, guarantees the security of communication.Setting comprises the bank's card number to input, and perhaps id number is provided with the treatment characteristic of corresponding password, the activation life span that comprises password with use limited number of times.The quick key combination of cryptogram destruction is set, presses quick key combination, promptly destroy the password of having inputed, quick button can be the button on the soft keyboard.
Matching relationship between Bank Account Number password and the access control password is set, such as, want instant input reference control cipher control, by which access control cipher control.Can input password and many group access control password of many group Bank Account Numbers, and set up the corresponding relation between them.
Setting also comprises the replacement of access control password, if forgotten such as the access control password, then need reset.The Bank Account Number password of the correspondence of its control will be destroyed during replacement, after the replacement, the Bank Account Number password need be inputed again.Be provided with and also comprise number of the account that deletion sets and password etc.
When the mobile payment cryptography processing units is specifically used according to the smart mobile phone application download to mobile phone, from the angle of safe handling, its needs to upgrade termly, update algorithm and processing, this will form the Processing Algorithm of different versions.Corresponding therewith Bank Account Number system then supports to matching the operation of a plurality of version algorithms simultaneously, and after certain hour, cancels the support of version the earliest, cooperates with the processing of formation along with the version of the continual renovation of time variation.
The processing coupling of the AES of long-range account number cipher and long-range number of the account system, i.e. the synchronously change of the Processing Algorithm of processing remote account number cipher of system end.
Portable terminal is according to near-field communication, and wireless modes such as bluetooth are communicated by letter with long-range number of the account system terminal.The secure communication mode after the mutual authenticated key is taked in communication.
Banking terminal is delivered to the bank transaction information on the portable terminal, comprises dealing money, and terminal number etc. are presented on the portable terminal, and is confirmed by portable terminal holder button.After transaction was accomplished, Transaction Information automatically was stored in the storage space of portable terminal.
Portable terminal input reference in advance control password need not inputed password at the scene of carrying out transaction processing with long-range number of the account system terminal (perhaps electronic ticket terminal), confirms button as long as perhaps press.
Import long-range account number cipher in advance, when carrying out transaction processing with long-range number of the account system terminal, on-the-spot input reference control password, but not long-range account number cipher.The visit of number of the account and long-range account number cipher in the access control cipher control portable terminal.
After access control password and long-range number of the account are imported in advance, whether effectively to control it by the condition of setting.This comprises: activate life span and use limited number of times.When the activation life span that surpasses setting, after the access times of perhaps setting, relevant cryptogram destruction.Destruction refers to that code data has no the information that can obtain in the payment processes module, even hacker software also can't be detected its information.
Set up communicating by letter of safety encipher through communication with the mutual authentication of long-range number of the account system terminal, and obtain the Transaction Information that transmit at its terminal.Afterwards, obtaining key according to long-range account number cipher computing, the signed data MAC of Transaction Information is encrypted, is relevant information that the second long-range number of the account ciphertext passes to long-range number of the account system terminal.Long-range number of the account system terminal is delivered to the Transaction Information that comprises the password related data after the long-range number of the account system end; System's basis and payment processes module Matching Algorithm; Use the long-range account number cipher data of storing in the database according to the strong encryption keys that corresponding algorithm forms, the signed data of Transaction Information is encrypted, and promptly the second long-range number of the account ciphertext is relatively with the signed data password of receiving; If consistent, then confirm to have obtained correct long-range account number cipher; If inconsistent, think that then long-range account number cipher is not right.
Portable terminal forms the algorithm of encryption key for long-range account number cipher; Algorithmic match with long-range number of the account system; Can it constantly upgrades according to different version supports; System end is supported many versions, and the payment processes module is then constantly upgraded redaction, forms a security mechanism of bringing in constant renewal in algorithm.
Long-range account number cipher at first carries out unidirectional processing after input, be varied to the ciphertext that can't obtain clear-text passwords.Then ciphertext is disperseed to encrypt, leave in the variable.The long-range account number cipher in back out of service like this will be destroyed.
Traditional cryptographic processing is to use encryption keys to form ciphertext to password, transmits this ciphertext and goes checking to bank, to confirm the correctness of password.Such mode guarantees that encryption key security and transmission renewal timely and accurately are just extremely important, has therefore taked the code keypad of the hardware of performance difficulty with high costs.If in network or mobile the application, continue to use this way, then can't guarantee cipher safety, even adopt the mode of various communication encryptions also to be easy to by the mode of website fishing, perhaps the mode of data intercepting and capturing obtains long-range account number cipher.
The utility model is taked: use long-range account number cipher to obtain a strong encryption keys according to certain algorithm computing, use the signed data MAC encryption of this key to Transaction Information, form the ciphertext relevant with password.This ciphertext is delivered to long-range number of the account system, and corresponding computing is done with the terminal by long-range number of the account system, confirms the correctness of password.
Signed data MAC can't reverse gather into Transaction Information in theory, so transaction is difficult to use repeat attack.
Even use the AES of the AES of common maturation, know the plaintext of signed data MAC, and with its corresponding ciphertext, a pair of corresponding plaintext ciphertext, the key that obtains AES also is impossible, is the difficult problem on the mathematical theory.Even cracked, also only be the password of some numbers of the account, rather than the password encryption key in the conventional cipher algorithm.After the such password encryption key of tradition had been cracked, the password of every transaction all was easily to have deciphered.The inverse operation of doing encryption is just passable.Long-range account number cipher needs scheduled maintenance update according to the principle of cryptographic processing, and the cryptographic algorithm corresponding with long-range account number system of payment processes module also can regular update.These have all determined the tight security that the long-range account number cipher of said method uses.
Moreover; Because the password of payment processes module forms key algorithm and AES and long-range number of the account system is consistent; The terminal of long-range like this number of the account terminal system can realize transmitting through agency network; And the agency plant terminal of long-range number of the account system just can't be learned the code data of long-range number of the account system technically, also just need not coordinate relevant responsibility.Therefore the security of the utility model is superior to the cipher mode of traditional code keypad more.
The traditional bank cryptographic processing is used unified encryption key; Password is handled as ciphered data, is needed additional hardware and complicated coordination, the utility model with crypto-operation as encryption key; Signed data MAC (data signature) to transaction data encrypts; Innovated the treatment mechanism of conventional cipher, encryption key transmission and hardware that need not be complicated, and can guarantee that password uses higher security.
As shown in Figure 3, the structural representation of a kind of mobile payment cryptographic processing of the utility model system, this system comprises:
Mobile payment encryption processing apparatus 2, this mobile payment encryption processing apparatus 2 comprises:
Parameter is preset unit 21, is used for being provided with in advance access control password, remote account password, and the control relation between said access control password and the remote account password;
Storer 22 is connected with the preset unit 21 of said parameter, is used to store the control relation between said access control password and said access control password and the remote account password;
Mobile payment cryptography processing units 23; Be connected with said permanent storage 23; Be used for according to the control relation between said access control password and said access control password and the remote account password; Obtain said remote account password, the encryption key that utilizes said remote account cryptographic calculations to form comes the signed data of encrypted transaction message;
Communication unit 24 is connected with said mobile payment cryptography processing units 23, is used for the signed data of the said Transaction Information after encrypting is sent;
Long-range number of the account system 3 is connected with said communication unit 24, is used for receiving through long-range number of the account terminal 4 signed data of the said Transaction Information of encrypting, and carries out password matching and handles;
Said mobile payment cryptography processing units 23 comprises: the first remote account ciphertext generation unit 231; The said remote account password that is used for being provided with in advance converts the first remote account ciphertext to; The said first remote account ciphertext is disperseed and encrypted, and the said first remote account ciphertext after will disperseing and encrypt is stored in the variable.Said mobile payment cryptography processing units also comprises:
Key generation unit 232 is used for the remote account password reduction that encrypt to disperse, according to forming a strong encryption keys with long-range number of the account system corresponding algorithm computing;
The second remote account ciphertext unit 233 is connected with communication unit 24 with said key generation unit 232, is used to use the signed data MAC encryption of said strong encryption keys to transaction payment information, forms the second remote account ciphertext relevant with said long-range account number cipher; And the said remote account password transmission after will encrypting is given communication unit 24.
Control relation between said access control password and the remote account password is specially: the obtaining of said one or more said remote account passwords of access control cipher control.The controlled attribute of said access control password and remote account password specifically comprises: activate the life span controlled attribute and use the limited number of times controlled attribute.Long-range number of the account system 3 carries out password matching and handles; Be that said long-range number of the account system will be according to the algorithm that is complementary; Use the code data stored in the long-range number of the account system database according to the strong encryption keys that corresponding algorithm forms, the signed data of Transaction Information encrypted, and with the signed data password of receiving be the said second remote account ciphertext relatively; If consistent, then confirm to have obtained correct password; If inconsistent, think that then long-range account number cipher is not right.
The system of the utility model mobile payment cryptographic processing explains with the realization on the ANDROID intelligent mobile terminal of a support NFC near-field communication.Its system forms and comprises: comprise the intelligent mobile terminal of each unit shown in Figure 2, communication module, long-range number of the account system, long-range number of the account system terminal.Long-range number of the account system is the number of the account system of bank, and banking terminal is the POS terminal of bank.
Wherein, said smart mobile phone itself has the processing of the cryptographic algorithm of corresponding coupling with banking system according to NFC communication and banking terminal POS exchange Transaction Information, and regular and banking system is synchronously upgraded version, the renewal cryptographic algorithm.
On the smart mobile phone of supporting NFC; Set the access control password; Setting bank cipher is the remote account password, sets the control relation between access control password and the bank cipher, and the control characteristic of these passwords is set: activate life span and use limited number of times.
Go out or the payment time of lining up, the control of input reference in advance password, and bank cipher make password be in state of activation.
On-the-spot in payment, when smart mobile phone is pressed close to banking terminal, from smart mobile phone, can watch Transaction Information, bank information, banking terminal information, bank card information, the amount of money, the time, or the like.In automatic treatment scheme, payment processes module prompting input reference control password, perhaps directly button is confirmed, such as pressing OK affirmation payment, follows operation and promptly accomplishes payment.
After payment was accomplished, banking terminal returned payment affirmation information and gives smart mobile phone, and such as authorization code or the like, the smart mobile phone record is concluded the business in FLASH.The inquiry that can conclude the business afterwards, with the banking terminal comparison, or the like.
So just accomplish transaction, not be used in input bank card personal identification number on the bank POS terminal.Do not need on-the-spot input bank card personal identification number.
The payment processes module of a version is used and is surpassed certain hour, and banking system requires to download new version, upgrades new algorithm.This time ratio is as saying so half a year.This also is the process arrangement of a kind of continual renovation of safe handling.
The utility model also can directly be connected communication with banking system, revise password, inquiry account information, and transfer of payment.Adopt described cryptosecurity disposal route, and do not use hardware security modes such as USBKEY.The situation that fishing website was cracked account number cipher when this method can be abolished the conventional cipher processing.
The described payment processes module of the utility model can be taked the mode and bank POS terminal, the mutual authentication of banking system end of now ripe certificate verification, directly communicates by letter safely.
The described password encryption algorithm of the utility model comprises the one-way function after the password input, and cryptographic transformation becomes the algorithm of strong encryption keys, and the AES of MAC data etc.As long as follow described processing mode, be not limited to described AES scheduling algorithm.The mode of the utility model is to take the pattern of the corresponding processing encrypted of portable terminal and bank, and does not have the secret key encryption of download method.
Even the conventional cipher keyboard also can adopt the described cipher encrypting method of the utility model.
The utility model is said just with the means of NFC (Near Field Communication, near-field communication) as communication, and characteristics such as or not the NFC control circuit is not relevant storage, safety are as the basis of using, so do not rely on the function of NFC control circuit.Be convenient to like this to pay use and NFC hardware control circuit control between relatively independent, be convenient to rapport between draw bank and the mobile operator.
The same support of said method of the utility model can be controlled the payment of using NFC circuit and SIM circuit and use, such as being stored in card number in NFC, the SIM hardware circuit.
The utility model is on the basis of said cryptographic processing, and support realizes similarly application of payment with form of software, by the processing of software realization electronic money data, such as electronic ticket.
Import if be directed against the password of the external hardware of NFC smart mobile phone, safety requirements is low, and such as the USBKEY password, then directly expressly input and plaintext transmission get final product.
The utility model has improved the convenience of mobile payment, has strengthened the security of mobile payment, strengthens the adaptability of mobile payment, reduces the use cost of mobile payment, will greatly advance carrying out of mobile payment application.
Above-described embodiment; Purpose, technical scheme and beneficial effect to the utility model have carried out further explain, it should be understood that the above is merely the embodiment of the utility model; And be not used in the protection domain that limits the utility model; All within the spirit and principle of the utility model, any modification of being made, be equal to replacement, improvement etc., all should be included within the protection domain of the utility model.

Claims (4)

1. a mobile payment encryption processing apparatus is characterized in that, said mobile payment encryption processing apparatus comprises: parameter is preset unit, storer, mobile payment cryptography processing units and communication unit;
The preset unit of said parameter is connected with said storer, and said storer is connected with said mobile payment cryptography processing units, and said mobile payment cryptography processing units is connected with said communication unit;
2. mobile payment encryption processing apparatus according to claim 1 is characterized in that, said storer is permanent storage or scratchpad memory.
3. mobile payment encryption processing apparatus according to claim 1; It is characterized in that; Said mobile payment cryptography processing units also comprises: key generation unit and remote account ciphertext unit; Said key generation unit respectively with said storer and remote account ciphertext unit be connected, said remote account ciphertext unit is connected with said communication unit;
Said key generation unit will be encrypted the remote account password reduction that disperses, according to forming a strong encryption keys with long-range number of the account system corresponding algorithm computing; Said remote account ciphertext unit uses said strong encryption keys that the signed data of transaction payment information is encrypted, and forms and the relevant ciphertext of said long-range account number cipher, sends through said communication unit.
4. a mobile payment cryptographic processing system is characterized in that, said mobile payment cryptographic processing system comprises the described mobile payment encryption processing apparatus of above-mentioned arbitrary claim.
CN2011202748216U 2011-07-29 2011-07-29 Mobile paying code processor and system Expired - Fee Related CN202230487U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011202748216U CN202230487U (en) 2011-07-29 2011-07-29 Mobile paying code processor and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011202748216U CN202230487U (en) 2011-07-29 2011-07-29 Mobile paying code processor and system

Publications (1)

Publication Number Publication Date
CN202230487U true CN202230487U (en) 2012-05-23

Family

ID=46081069

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011202748216U Expired - Fee Related CN202230487U (en) 2011-07-29 2011-07-29 Mobile paying code processor and system

Country Status (1)

Country Link
CN (1) CN202230487U (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102937899A (en) * 2012-08-20 2013-02-20 北京金山安全软件有限公司 Management method and device for mobile application setting information
WO2014063575A1 (en) * 2012-10-23 2014-05-01 国民技术股份有限公司 Password key, security authentication system and security authentication method
CN103973455A (en) * 2014-05-28 2014-08-06 天地融科技股份有限公司 Information interaction method
CN103986581A (en) * 2014-05-28 2014-08-13 天地融科技股份有限公司 Information interaction system
CN106412045A (en) * 2016-09-22 2017-02-15 中国联合网络通信集团有限公司 Identity information storage method and system
CN107261502A (en) * 2017-05-10 2017-10-20 珠海金山网络游戏科技有限公司 A kind of anti-external store system of game on line based on procotol and method
CN103984906B (en) * 2014-05-28 2018-01-16 天地融科技股份有限公司 A kind of electronic key equipment of no button

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102937899B (en) * 2012-08-20 2015-03-11 北京金山安全软件有限公司 Management method and device for mobile application setting information
CN102937899A (en) * 2012-08-20 2013-02-20 北京金山安全软件有限公司 Management method and device for mobile application setting information
WO2014063575A1 (en) * 2012-10-23 2014-05-01 国民技术股份有限公司 Password key, security authentication system and security authentication method
CN103780384A (en) * 2012-10-23 2014-05-07 国民技术股份有限公司 Cipher key, security authentication system and security authentication method
CN103984906B (en) * 2014-05-28 2018-01-16 天地融科技股份有限公司 A kind of electronic key equipment of no button
CN103986581A (en) * 2014-05-28 2014-08-13 天地融科技股份有限公司 Information interaction system
CN103986581B (en) * 2014-05-28 2018-01-16 天地融科技股份有限公司 A kind of information interaction system
CN103973455A (en) * 2014-05-28 2014-08-06 天地融科技股份有限公司 Information interaction method
CN108319870A (en) * 2014-05-28 2018-07-24 天地融科技股份有限公司 A kind of electronic key equipment of no button
CN103973455B (en) * 2014-05-28 2018-09-18 天地融科技股份有限公司 A kind of information interacting method
CN108319870B (en) * 2014-05-28 2021-08-17 天地融科技股份有限公司 Electronic key equipment without keys
CN106412045A (en) * 2016-09-22 2017-02-15 中国联合网络通信集团有限公司 Identity information storage method and system
CN106412045B (en) * 2016-09-22 2019-08-16 中国联合网络通信集团有限公司 A kind of identity information storage method and system
CN107261502A (en) * 2017-05-10 2017-10-20 珠海金山网络游戏科技有限公司 A kind of anti-external store system of game on line based on procotol and method

Similar Documents

Publication Publication Date Title
US11647385B1 (en) Security system for handheld wireless devices using time-variable encryption keys
US11195174B2 (en) Systems and methods for cryptographic authentication of contactless cards
CN202230487U (en) Mobile paying code processor and system
CN103701609B (en) A kind of server and the method and system operating terminal two-way authentication
CA2880608C (en) Method for generating a code, authorization method and authorization system for authorizing an operation
CN103501191B (en) A kind of mobile payment device based on NFC technology and method thereof
EP3861704A1 (en) Systems and methods for cryptographic authentication of contactless cards
US20200184463A1 (en) Systems and methods for cryptographic authentication of contactless cards
CN107077670A (en) Transaction message is sent
CN105046488A (en) Method, apparatus, and system for generating transaction-signing one-time password
CN103136668A (en) Terminal payment method, terminal and payment platform
Husni et al. Efficient tag-to-tag near field communication (NFC) protocol for secure mobile payment
CN112889046A (en) System and method for password authentication of contactless cards
CA3115064A1 (en) Systems and methods for cryptographic authentication of contactless cards
CN104318436A (en) Safety payment method and system based on mobile terminal and mobile terminal
CN102904720B (en) Method and system for mobile payment password processing
CN103077460A (en) System and method for financial certificate transaction by mobile device
CN103560890A (en) Networked transaction system and method based on mobile terminal
KR20150144366A (en) Method for Processing Payment at Affiliate Coupled End-To-End Medium Ownership Authentication and One Time Code Authentication
CN102737309A (en) Method and system of card transaction
KR101394147B1 (en) How to use Certificate safely at Mobile Terminal
KR20150144361A (en) Method for Processing Payment by using 2-channel Authentication Coupled End-To-End Medium Ownership Authentication and One Time Code Authentication
KR20150144363A (en) Method for Processing Payment by using Authentication Coupled End-To-End Medium Ownership Authentication and One Time Code Authentication
KR20150144362A (en) Method for Processing Payment at Affiliate by using End-To-End Medium Ownership Authentication and One Time Code Authentication
JP2017534961A (en) User authentication method, corresponding terminal and authentication system

Legal Events

Date Code Title Description
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120523

Termination date: 20200729

CF01 Termination of patent right due to non-payment of annual fee