Background technology
Cryptographic technique is divided into symmetric cryptographic technique and asymmetric cryptographic technique.
Asymmetric cryptographic technique is public key cryptography technology again, and in common key cryptosystem, the user has two saw spoons, one open (PKI), another user privately owned (private key) is difficult to release another from one, and communicating pair need not prior interchange key just can set up secure communication.A problem in the public key cryptosyst is how user's PKI and user's identity effectively to be mapped, and traditional public key cryptosyst generally all adopts certificate mechanism to realize that user's identity and user's the safety of key is corresponding.Certificate mechanism generally all adopts PKIX (Public Key Infrastructure:PKI) technology.It has comprehensively used multinomial safe practices and such as digital digest, digital signature to overlap complete certificate management mechanism security service is provided.The authentication center (Certification Authority:CA) that system need build public credibility identifies user identity, signs and issues digital certificate for the user then.Digital certificate binds together user identity and user key safely.The user exchanges certificate earlier in operation system, use public and private key to finish operations such as user's authentication, access control, information security transmission then.
Public key system based on certificate faces problems in application, particularly the complexity of certificate use makes that the domestic consumer that does not possess relevant knowledge is heavy in hand.In order to reduce the complexity of key management and use in the public key cryptosyst, Shamir is at 1984[S84] year the cryptographic technique (Identity-Based Cryptography:IBC) based on sign has been proposed: promptly user's sign just can be used as user's PKI (PKI that more precisely is the user can calculate from user's a sign and a method of system's appointment).In this case, the user does not need application and exchange certificate, thereby has greatly simplified the complexity of cryptographic system management.User's private key uses sign private key generating algorithm to calculate by a third party who is trusted in the system (key generation center) and generates.Such system has natural password and entrusts function, is suitable for having the applied environment of supervision.
Mobile-phone payment is in mobile payment again, promptly realizes transferring and paying of fund by mobile phone, is divided into small amount payment and wholesale payment according to the big I of business funds.No matter be the payment of small amount payment or wholesale, mobile-phone payment is identical with every other payment transaction, and promptly safety problem is one of the key factor that whether can successfully carry out of this business.
Stored value card (Electronic Purse), a kind of financial IC card application for making things convenient for the consumption of holder's small amount to design.It supports transaction such as circle is deposited, consumption.
Existing mobile payment is to adopt wireless communication technology, but does not adopt encryption technology, and therefore, can there be potential safety hazard in data transmission aloft.
Summary of the invention
In view of above-mentioned the deficiencies in the prior art part, the object of the present invention is to provide a kind of short message consumption method and server that utilizes cryptographic technique that mobile payment is encrypted, carrying out short message consumption, and improve the fail safe of mobile payment.
In order to achieve the above object, the present invention has taked following technical scheme:
A kind of short message consumption method comprises step:
Server generates consumption initialization command message;
Server sends described message by short message channel to terminal so that described terminal show and carry out described consumption initialization command after return first response message by short message channel to described server;
Server is verified described terminal according to described first response message;
Server generates consumption command message;
Server sends by short message channel described consumption command message to terminal, so that described terminal is returned second response message by short message channel to described server after carrying out described consumption command message;
Server is verified described terminal according to described second response message;
Server returns the account amount of money that response message is reduced described terminal according to described terminal.
Wherein, described server generates after the consumption initialization command message, further comprises:
Server becomes first ciphertext with key with described consumption initialization command message encryption;
Server sends by short message channel described first ciphertext to terminal.
Wherein, described server generates after the consumption command message, further comprises;
The server by utilizing key is encrypted to second ciphertext with described consumption command message;
Server sends by short message channel described second ciphertext to terminal.
Wherein, described server is verified described terminal according to described second response message, reduces after the account amount of money of described terminal, also comprises: the described businessman of described server notification draws account and withholds successfully.
Wherein, described terminal is to have the RF mobile phone of electronic purse function or the regular handset of binding bank account, and described server is electronic purse system or banking processing center.
A kind of server comprises:
Initialization unit is used for generating consumption initialization command message;
Packet sending unit is used for by short message channel described message being sent to terminal so that described terminal show and carry out described consumption initialization command after return first response message by note to described server;
First authentication unit is used for verifying described terminal according to described first response message;
The order generation unit is used to generate consumption command message;
Command sending unit is used for described consumption command message is sent to terminal by short message channel, so that described terminal is returned second response message by short message channel to described server after carrying out described consumption command message;
Second authentication unit is used for verifying described terminal according to described second response message;
Processing unit is used for returning the account amount of money that second response message is reduced described terminal according to described terminal.
Wherein, this system also comprises: the message encryption unit;
Described message encryption unit is used for: utilize key that described consumption initialization command message encryption is become first ciphertext;
Packet sending unit is used for described first ciphertext and signature are sent to terminal by short message channel.
Wherein, this system also comprises: the order ciphering unit;
Described order ciphering unit is used for: utilize key that described consumption command message is encrypted to second ciphertext;
Command sending unit is used for described second ciphertext is sent to terminal by short message channel.
Wherein, this system also comprises: notification unit is used for processing unit and notifies described businessman to draw account after account is handled to withhold successfully drawing.
The invention provides a kind of stored value card consuming method and server, utilize cryptographic technique that mobile payment is encrypted, improved the fail safe of mobile payment based on cryptographic technique.
Embodiment
The embodiment of the invention provides a kind of short message consumption method and server that utilizes public-key technology that mobile payment is encrypted, and carrying out short message consumption, and improves the fail safe of mobile payment.
The embodiment of the invention provides a kind of short message consumption method, is used for consumption and payment, and present embodiment mainly is to be that example is described technical scheme of the present invention in detail with the stored value card.In other embodiment, also can mobile phone nation fixed bank account and with handle the account relevant system and equipment realize this method.As shown in Figure 1, the method comprising the steps of:
101, electronic purse system generates consumption initialization command message, with key described consumption initialization command message encryption is become first ciphertext, in the present embodiment, this electronic purse system utilizes stored value card public key encryption consumption initialization command message to become ciphertext again, and with the electronic purse system private key described ciphertext is signed, more described ciphertext and signature are sent to electronic purse terminal by short message channel.In other embodiment, also can encrypt or sign, directly send this consumption initialization command message to electronic purse terminal by short message channel.
This electronic purse system is server in the present embodiment, and this server can comprise the system that or multiple computers are formed etc.Among other the embodiment, also can be the banking processing center.This electronic purse system comprises generation information, consumption information, consumption initialization command message when generating consumption initialization command message.
This electronic purse terminal is to have the RF mobile phone of electronic purse function or the regular handset of binding bank account, promptly be integrated in the safety chip that has RF (Radio Frequence radio frequency) on SIM (the Subscriber Identity Module client identification module) card of mobile phone, pack in the mobile phone by this SIM chip; The mobile phone that also can have the NFC chip functions, this electronic purse terminal can enclose and deposit, enclose and get, and also can carry out consumption and payment.In other embodiment, can not be electronic purse terminal also, but the fixed bank account of mobile phone nation and with handle relevant system and equipment of the account.
102, described electronic purse terminal receives this ciphertext and signature by short message channel, and verifies by signature, and deciphering this ciphertext then becomes expressly.If in other embodiment,, then directly receive consumption initialization command message if not to consumption initialization command message encryption and signature.
103, described electronic purse terminal shows above-mentioned information and consumption information, and whether the inquiry user pays.
If 104 users agree payment, then carry out step 105, if the user confirm to disagree with payment or do not confirm that then execution in step 112, do corresponding failure and handle.
105, carry out above-mentioned consumption initialization command, generate first response message, execution result is back to electronic purse system by first response message is encrypted to the 3rd ciphertext.
106, electronic purse system becomes first response message with the 3rd decrypt ciphertext.
107, electronic purse system is verified described terminal according to described first response message.
108, electronic purse system generates consumption command message, utilizes key that described consumption command message is encrypted to second ciphertext.In the present embodiment example, utilize the described consumption command message of public key encryption of electronic purse terminal, and with the electronic purse system private key described consumption command message is signed, then consumption command message after the described encryption and signature are sent to electronic purse terminal.In other embodiment, also can encrypt or sign, directly send this consumption command message to electronic purse terminal by short message channel.
109, described electronic purse terminal according to signature verification after, deciphering and carry out described consumption command message becomes expressly; If in other embodiment, consumption command message is not encrypted and signature, then directly receive consumption command message.
110, described electronic purse terminal is carried out described consumption command message.
That is: electronic purse terminal shows the information of consumption command message, requires the user to confirm that Zhi Zhihang pays.
If 111 users confirm that then execution in step 112, if do not confirm, perhaps confirm to disagree with that then execution in step 116, do corresponding failure and handle.
112, described electronic purse terminal is carried out the consumption order of above-mentioned consumption command message, generates second response message, and execution result is back to electronic purse system by second response message is encrypted to the 4th ciphertext.
113, described electronic purse system becomes second response message with the 4th decrypt ciphertext.
114, described electronic purse system returns second response message according to described electronic purse terminal and verifies described terminal, and reduces the account amount of money of described electronic purse terminal from described terminal.
115, do accordingly successfully processing.
116, doing corresponding failure handles.
In a further embodiment, also comprise step: described electronic purse system is notified described businessman to draw account and is withholdd successfully, so that this method can be handled consumption more rapidly.
In other embodiment, if the fixed bank account of banking processing center and corresponding mobile phone nation also can be realized the short message consumption of safety according to above-mentioned steps.
The embodiment of the invention also provides a kind of server, and as shown in Figure 2, this system comprises:
Initialization unit 201 is used for generating consumption initialization command message;
Packet sending unit 202 is used for by short message channel described message being sent to terminal so that described terminal show and carry out described consumption initialization command after return first response message by note to described server;
First authentication unit 203 is used for verifying described terminal according to described first response message;
Order generation unit 204 is used to generate consumption command message;
Command sending unit 205 is used for described consumption command message is sent to terminal by short message channel, so that described terminal is returned second response message by short message channel to described server after carrying out described consumption command message;
Second authentication unit 206 is used for verifying described terminal according to described second response message;
Processing unit 207 is used for returning the account amount of money that second response message is reduced described terminal according to described terminal.
Further among the embodiment, this system also comprises message encryption unit 208;
Described message encryption unit 208 is used for: utilize key that described consumption initialization command message encryption is become first ciphertext;
Packet sending unit 202 is used for described first ciphertext and signature are sent to terminal by short message channel.
Further among the embodiment, this system also comprises order ciphering unit 209;
Described order ciphering unit 209 is used for: utilize key that described consumption command message is encrypted to second ciphertext;
Command sending unit 205 is used for described second ciphertext is sent to terminal by short message channel.
Further among the embodiment, this system also comprises: notification unit 210 is used for processing unit 207 and notifies described businessman to draw account after drawing the account processing to withhold successfully.
Should be understood that, for those of ordinary skills, can be improved according to the above description or conversion, and all these improvement and conversion all should belong to the protection range of claims of the present invention.