Background technology
Modern cryptographic technique is divided into two classes according to the characteristics of key: symmetric cryptographic technique and asymmetric cryptographic technique:
One: symmetric cryptographic technique
Symmetric cryptographic technique is that decruption key is identical with encryption key, and in this system, the distribution of key is a difficult point in using.
Two: asymmetric cryptographic technique
Asymmetric cryptographic technique is public key cryptography technology again, and in common key cryptosystem, the user has two keys, one open (PKI), another user privately owned (private key) is difficult to release another from one, and communicating pair need not prior interchange key just can set up secure communication.A problem in the public key cryptosyst is how user's PKI and user's identity effectively to be mapped, and traditional public key cryptosyst generally all adopts certificate mechanism to realize that user's identity and user's the safety of key is corresponding.Certificate mechanism generally all adopts PKIX (Public Key Infrastructure:PKI) technology.It has comprehensively used multinomial safe practices and such as digital digest, digital signature to overlap complete certificate management mechanism security service is provided.The authentication center (Certification Authority:CA) that system need build public credibility identifies user identity, signs and issues digital certificate for the user then.Digital certificate binds together user identity and user key safely.The user exchanges certificate earlier in operation system, use public and private key to finish operations such as user's authentication, access control, information security transmission then.
Public key system based on certificate faces problems in application, particularly the complexity of certificate use makes that the domestic consumer that does not possess relevant knowledge is heavy in hand.In order to reduce the complexity of key management and use in the public key cryptosyst, Shamir is at 1984[S84] year the cryptographic technique (Identity-Based Cryptography:IBC) based on sign has been proposed: promptly user's sign just can be used as user's PKI (PKI that more precisely is the user can calculate from user's a sign and a method of system's appointment).In this case, the user does not need application and exchange certificate, thereby has greatly simplified the complexity of cryptographic system management.User's private key uses sign private key generating algorithm to calculate by a third party who is trusted in the system (key generation center) and generates.Such system has natural password and entrusts function, is suitable for having the applied environment of supervision.
Wireless communication technology is used more and more widely, prior art realizes the electronic remote payment system by the payment system of portable terminal (as: mobile phone), operation system and this terminal of support and operation system, this electronic remote payment system adopts the SMS passage to send miscellaneous service request msg, confirmation etc., because adopt wireless communication technology, can there be potential safety hazard in the transmission aloft of various information datas.
Summary of the invention
In view of above-mentioned the deficiencies in the prior art part, the object of the present invention is to provide a kind of consuming method based on portable terminal and note, portable terminal and operation system that realizes the security information transfer of data by the mode of encrypting.
In order to achieve the above object, the present invention has taked following technical scheme:
A kind of consuming method based on portable terminal and note is applied to the electronic remote consume system, comprises portable terminal, operation system and payment system, wherein, comprises step:
Portable terminal receives the service request data of user's input;
Described portable terminal is encrypted to described service request data first ciphertext that has authentication;
Described portable terminal sends to operation system with described first ciphertext;
Described operation system receives and deciphers described first ciphertext;
The service request data of described operation system after with described deciphering is encrypted to second ciphertext that has authentication, and described second ciphertext is sent to described portable terminal by note;
Described portable terminal receives, deciphers and shows described second ciphertext;
Described portable terminal receives and encrypts the affirmation information of described user's input, and sends described confirmation by note to described operation system;
Described operation system receives and deciphers described confirmation, and sends the payment request to this user.
Described consuming method based on portable terminal and note, wherein, described operation system receives and deciphers described confirmation, and proposes the payment requirement to the payment system of supporting this user, afterwards, further comprises step:
After finishing payment, described operation system sends service evidence information to described portable terminal.
A kind of portable terminal wherein, comprising:
The request receiving element is used to receive the service request data that the user imports;
First ciphering unit is used for described service request data is encrypted to first ciphertext that has authentication;
First transmitting element is used for described first ciphertext is sent to operation system, so that described operation system receives and decipher described first ciphertext;
The service request data of described operation system after with described deciphering is encrypted to second ciphertext that has authentication, and described second ciphertext is sent to described portable terminal by note;
Second ciphering unit is used to receive, decipher and shows that the service request data after described operation system is with described deciphering is encrypted to second ciphertext that has authentication;
Second transmitting element is used to receive and encrypt the affirmation information that described user imports, and sends described confirmation by note to described operation system, so that described operation system receives and decipher described confirmation, and sends payment to this user and asks.
Described portable terminal wherein, also comprises:
Second receiving element is used to receive the service evidence information that described operation system sends.
A kind of operation system wherein, comprising:
The ciphertext receiving element is used for receiving and deciphering described first ciphertext, and wherein: described first ciphertext is that described portable terminal receives and be encrypted to the service request data that has authentication;
Ciphering unit is used for the service request data after the described deciphering is encrypted to second ciphertext that has authentication, and described second ciphertext is sent to described portable terminal by note, so that described portable terminal receives, deciphers and show described second ciphertext;
Confirm receiving element, be used to receive the affirmation information that described portable terminal receives and encrypts and sends over by note;
The payment request unit is used to decipher described confirmation, and sends the payment request according to described confirmation to this user's payment system, and after finishing payment, sends service evidence information to described portable terminal then.
The invention provides a kind of consuming method, portable terminal and operation system based on portable terminal and note, use public key cryptography technology, information transmitted data content between portable terminal and the operation system is had the encryption of authentication, simply realized safe information data transmission.
Embodiment
The embodiment of the invention provides a kind of consuming method based on portable terminal and note, portable terminal and operation system, use public key cryptography technology, information transmitted data content between portable terminal and the operation system is had the encryption of authentication, in the electronic remote process of consumption, simply realized safe information data transmission.For making purpose of the present invention, technical scheme and advantage clearer, clear and definite, below the utility model is further described with reference to the accompanying drawing embodiment that develops simultaneously.
The embodiment of the invention provides a kind of consuming method based on portable terminal and note, and as shown in Figure 1, the method comprising the steps of:
101, user's incoming traffic request msg on mobile terminal remote.
102, portable terminal receives the service request data of user's input, utilize the secret of the RSA key centering on the described portable terminal, described business datum is encrypted to first ciphertext that has authentication, by note described first ciphertext is sent to operation system then.
103, after described operation system received described first ciphertext, with described first decrypt ciphertext, and whether checking had corresponding customer service request msg in the operation system with the PKI in the RSA key of portable terminal.If the corresponding business request msg is arranged in the operation system, then execution in step 104; Otherwise carry out 112.
104, the service request data of described operation system after with described deciphering adds verification msg, and becomes second ciphertext of band with authentication with the operation system encrypted private key, by note described second ciphertext sent to described portable terminal then.
105, described portable terminal receives described second ciphertext, and after deciphering described second decrypt ciphertext with the operation system PKI, shows described second ciphertext.
106, mobile subscriber's input validation information.
107, described portable terminal receives the affirmation information of described user's input, and described confirmation being encrypted to the 3rd ciphertext with the private key of the RSA key centering of portable terminal, the 3rd ciphertext that will have this confirmation by note sends to described operation system then.
108, described operation system receives described confirmation, and behind the decryption verification, propose the payment requirement or propose to pay requirement to this user to the payment system of supporting this user,, perhaps pay the bill by the mode of bank transfer as directly scene payment of user by other modes.
109, the user requires the corresponding expense of payment according to described payment.
110, after described user finished payment, described operation system generated service evidence information, and this service evidence information is become the 4th ciphertext with the operation system encrypted private key, and the 4th ciphertext is sent to described portable terminal.
111, described portable terminal receives the 4th ciphertext with service evidence information, and deciphers described the 4th ciphertext with the operation system PKI, then with the service evidence information stores that obtains in described portable terminal.
If there is not the corresponding business request msg in 112 operation systems, and to the corresponding failure of portable terminal transmission process information.
Below so that to order train ticket be preferred embodiment the application of this method is described in detail:
The first step, user select " order train ticket ", input train ticket date and train number on mobile phone STK (the STK full name is: SIM TOOL KIT, abbreviation " STK ") menu.Become to have first ciphertext of authentication mobile phone is organized it by form such as 20090808T108 after with the encrypted private key of the RSA key centering on the mobile phone, and described first ciphertext is sent to the train ticket remote ordering system by note;
After second step, train ticket remote ordering system are received first ciphertext, with the PKI of user mobile phone RSA key centering with first decrypt ciphertext, and in order system, search whether also have required train ticket, if any then adding authorization information: " you order one of train ticket; the date train number is ", and become to have second ciphertext of authentication with train ticket remote ordering system encrypted private key, send to mobile phone by just described second ciphertext of note; As not having, then send " train ticket that you will order is out of print ".
After the 3rd step, user's mobile phone is received described second ciphertext, with train ticket remote ordering system PKI deciphering back display business information " you order one of train ticket, and the date train number is 20090808T108 ".
The 4th step, cellphone subscriber's input validation information, mobile phone is organized into " YES20090808T108 " back private key with the RSA key centering on the mobile phone described confirmation is encrypted to the 3rd ciphertext, and by note the 3rd ciphertext is sent to train ticket order remote system.
The 5th step, the train ticket remote ordering system receives described confirmation, and deciphers after the 3rd ciphertext obtains described confirmation, and the payment system of supporting to the user proposes the payment requirement, perhaps requires the user to pass through other modes and supports;
After the 6th step, user require payment to finish according to described payment, the train ticket remote ordering system generates service evidence, service evidence comprises electronic railway ticket 20090808T108C08Z008S and ticket identifying code, with train ticket remote ordering system private key electronic railway ticket and identifying code are encrypted to the 4th ciphertext, the 4th ciphertext is sent to mobile phone by note, the user according to mobile phone with train ticket remote ordering system PKI with the deciphering of electronic railway ticket and identifying code after, be stored in the mobile phone.
Based on said method, the embodiment of the invention is corresponding to provide a kind of portable terminal, and as shown in Figure 2, it comprises:
Request receiving element 201 is used to receive the service request data that the user imports;
First ciphering unit 202 is used for described service request data is encrypted to first ciphertext that has authentication;
First transmitting element 203 is used for described first ciphertext is sent to operation system, so that described operation system receives and decipher described first ciphertext; The service request data of described operation system after with described deciphering is encrypted to second ciphertext that has authentication, and described second ciphertext is sent to described portable terminal by note;
Second ciphering unit 204 is used to receive, decipher and shows that the service request data after described operation system is with described deciphering is encrypted to second ciphertext that has authentication;
Second transmitting element 205, be used to receive and encrypt the affirmation information of described user's input, and send described confirmation to described operation system by note, so that described operation system receives and deciphers described confirmation, and to this user's the payment request of sending.
In a further embodiment, this terminal also comprises: second receiving element 206 is used to receive the service evidence information that described operation system sends.
Based on said method, the embodiment of the invention also provides a kind of operation system, and as shown in Figure 3, it comprises:
Ciphertext receiving element 301 is used for receiving and deciphering described first ciphertext, and wherein: described first ciphertext is that described portable terminal receives and be encrypted to the service request data that has authentication;
Ciphering unit 302, be used for the service request data after the described deciphering is encrypted to second ciphertext that has authentication, and described second ciphertext sent to described portable terminal by note, so that described portable terminal receives, deciphers and shows described second ciphertext;
Confirm receiving element 303, be used to receive the affirmation information that described portable terminal receives and encrypts and sends over by note;
Payment request unit 304 is used to decipher described confirmation, and sends the payment request according to described confirmation to this user's payment system, and after finishing payment, sends service evidence information to described portable terminal then.
A kind of consuming method based on portable terminal and note provided by the invention, portable terminal and related system place an order, pay moving on to finish on the terminal, obtain service evidence or get the voucher of product, have realized the convenience that the user carries out long-range consumption.Simultaneously, the present invention uses public key cryptography technology, and information transmitted data content between portable terminal and the operation system is had the encryption of authentication, has simply realized safe information data transmission.
Should be understood that, for those of ordinary skills, can be improved according to the above description or conversion, and all these improvement and conversion all should belong to the protection range of claims of the present invention.