Background technology
NFC is that a kind of (Radio Frequency Identification RFID) and merge the new technology that develops and come on the basis of interconnection technique, is a kind of short-distance wireless communication technology in radio frequency identification.It is integrated Non-contact Media Reader, contact type intelligent card and point-to-point function on one chip, may operate in the frequency range of 13.56MHz, can the connection between the apparatus for establishing in the scope of about 10cm, and transfer rate can reach 106Kbit/s, 212Kbit/s or 424Kbit/s, estimates future and can bring up to more than the 848Kbit/s.
The NFC terminal mainly contains three kinds of mode of operations: (1) aggressive mode: the NFC terminal is initiatively sent the radiofrequency signal of oneself and is removed identification and other NFC equipment of read/write as a card reader under this pattern; (2) Passive Mode: under this pattern, the NFC terminal can be modeled to a card by read/write, and it is passive response in the radio-frequency field that other equipment send only; (3) two-way mode: under this pattern, both sides initiatively send radiofrequency signal and set up point-to-point communication.
NFC can set up the radio communication between the various device apace in short-range, can be used as a kind of dummy connector, and it can satisfy the exchanges data between any two wireless devices.It can also be by the bluetooth on the initialization apparatus, wireless protocols such as 802.11, and equipment can be communicated by letter on farther distance or with higher rate transmission data.So except information transmission, NFC equipment can be as the gateway of a safety in the networking world, allow the user no matter be at home or in moving, can both store or receive various information at any time.As long as two NFC equipment are drawn close, they just can start network communicating function automatically, and the user need not to set separately installation procedure, thereby realize stored value card and I.D. functions such as non-contact mobile payment, identification.Along with portable terminals such as mobile phone popularize and 3G (the 3
RdGeneration, the third generation) epoch are moved carrying out of new business, adopt the NFC non-contact mobile payment to also become a kind of trend on portable terminals such as mobile phone.
When using the NFC portable terminal to carry out mobile payment based on the NFC technology, need to use user's personal information usually, like this, just the security to use has proposed high requirement.When using the NFC payment, can run into security threats such as data corruption, data tampering, data insertion and third party's insertion type attack usually, the personal information of NFC mobile phone users side is easy to be stolen.
In order to solve when using the NFC portable terminal to carry out the mobile payment of NFC technology, the problem that user's personal information is stolen easily mainly adopts the software cryptography mode at present, that is, by cryptographic algorithm the data that transmit are encrypted.But, the implementation of this software is easy to be cracked, for example just can get access to employed cryptographic algorithm at an easy rate by decryption software, thereby still can crack the personal information (being user profile) that obtains the user at an easy rate, thereby can cause user's personal information to be stolen, even cause whole NFC system all can be attacked.
Summary of the invention
Fundamental purpose of the present invention is to provide the implementation method of a kind of NFC portable terminal and NFC secure payment thereof, carries out in the mobile payment process of NFC technology the problem that user's personal information is stolen easily to solve above-mentioned use NFC portable terminal at least.
According to an aspect of the present invention, a kind of NFC portable terminal is provided, comprise: baseband processing chip, NFC module and hardware encryption chip, wherein: hardware encryption chip, be connected between baseband processing chip and the NFC module, be used for using baseband processing chip and NFC module to carry out the process of NFC payment, use cryptographic algorithm that the communication data between baseband processing chip and the NFC module is encrypted at the NFC portable terminal; Wherein, cryptographic algorithm after writing hardware encryption chip automatically fusing be readable state not.
Further, hardware encryption chip comprises: data memory module, be used to store the enciphered message that presets, wherein, the enciphered message that presets pre-postpone automatically fusing be readable state not; Monitoring program module is used to monitor the communication data after the encryption; Central processing module is used for judging according to the enciphered message that presets whether the communication data after encrypting is legal, and under the illegal situation of communication data after determining encryption, the communication between blocking-up baseband processing chip and the NFC module.
Further, monitoring program module is used for also judging whether the communication data after the encryption includes user profile; Whether central processing module is used for whether mating the communication data of judging after the encryption by the enciphered message of judging user profile and the enciphered message that presets legal.
Further, central processing module also is used under the enciphered message of determining user profile and the unmatched situation of enciphered message that presets, by closing hardware encryption chip first interface that is connected with baseband processing chip and second interface that hardware encryption chip is connected with the NFC module, block the communication between baseband processing chip and the NFC module.
Further, central processing module also is used under the situation that the enciphered message of determining user profile and the enciphered message that presets are mated, the communication data after the encryption between control monitoring program module continuation monitoring baseband processing chip and the NFC module.
Further, second interface that is connected with the NFC module of first interface that is connected with baseband processing chip of hardware encryption chip and hardware encryption chip is the SDIO interface or is the SPI interface.
Further, hardware encryption chip has non-reproduction.
According to a further aspect in the invention, a kind of implementation method of NFC secure payment of NFC portable terminal is provided, comprise: use baseband processing chip and NFC module to carry out in the process of NFC payment at the NFC portable terminal, hardware encryption chip uses cryptographic algorithm that the communication data between baseband processing chip and the NFC module is encrypted; Wherein, hardware encryption chip is connected between baseband processing chip and the NFC module; Cryptographic algorithm after writing hardware encryption chip automatically fusing be readable state not.
Further, in above-mentioned method, also comprise: the enciphered message that hardware encryption chip presets according to this locality judges whether the communication data after encrypting legal, wherein, the enciphered message that presets pre-postpone automatically fusing be readable state not; Determining that the communication data after the encryption is under the illegal situation, the communication between hardware encryption chip blocking-up baseband processing chip and the NFC module.
Further, the enciphered message that presets according to this locality of hardware encryption chip is judged communication data legal the comprising whether after encrypting: hardware encryption chip judges in the communication data after encrypting whether include user profile; When hardware encryption chip is determined to include user profile in the communication data, whether legal by judging whether enciphered message in the user profile and the enciphered message that presets mate the communication data of judging after the encryption.
By the present invention; by between terminal user's side (being baseband processing chip) and NFC module, adding hardware encryption chip; go up the encryption that realizes communication data at hardware circuit (being hardware chip); promptly fusing is not readable automatically for these data after writing any data (comprising cryptographic algorithm) to arrive this hardware encryption chip; solved the problem that the personal information of user in using the NFC payment process easily is stolen; thereby it is safe more and reliable than the software cryptography mode; even under the situation that the NFC system is attacked, can guarantee that also user's personal information still can be protected effectively.
Embodiment
Hereinafter will describe the present invention with reference to the accompanying drawings and in conjunction with the embodiments in detail.Need to prove that under the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Fig. 1 is according to the synoptic diagram of the NFC portable terminal of the embodiment of the invention, comprising: baseband processing chip 10, NFC module 20 and hardware encryption chip 30, wherein:
Hardware encryption chip 30, be connected between baseband processing chip 10 and the NFC module 20, be used for using baseband processing chip 10 and NFC module 20 to carry out the process of NFC payment (being the NFC non-contact mobile payment), use the cryptographic algorithm that writes this locality in advance that the communication data between baseband processing chip 10 and the NFC module 20 is encrypted at the NFC portable terminal; Wherein, cryptographic algorithm write hardware encryption chip 30 back promptly automatically fusing be readable state not.
Present embodiment is by adding hardware encryption chip between terminal user's side (being baseband processing chip) and NFC module, go up the encryption that realizes communication data at hardware circuit (being hardware chip), write any data (comprising cryptographic algorithm) behind this hardware encryption chip these data promptly fusing is not readable automatically, solved the problem that the personal information of user in using the NFC payment process easily is stolen.The hardware encipher mode of use present embodiment more safely with reliable, even under the situation that the NFC system is attacked, can guarantee that also user's personal information still can be protected effectively than the software cryptography mode.
Above-mentioned NFC portable terminal can be mobile phone etc.
In order further to avoid the NFC portable terminal in the process of carrying out the NFC payment, relevant communication data, particularly user profile (comprising personal information such as user identification code, payment accounts) destroyed, distort, insertion etc., as shown in Figure 2, hardware encryption chip 30 can further include: data memory module 302, be used to store the enciphered message that presets, wherein, the enciphered message that presets pre-postpone automatically fusing be readable state not; Monitoring program module 304 is used for after the NFC portable terminal is encrypted the communication data that receives, the communication data after monitoring is encrypted; Central processing module 306, be used for judging communication data whether legal (judging promptly whether the communication between baseband processing chip 10 and the NFC module 20 is legal) after the above-mentioned encryption according to the enciphered message that presets of data memory module 302 storage, and determining under this illegal situation of communication data after encrypting the communication between blocking-up baseband processing chip 10 and the NFC module 20 (be between baseband processing chip 10 and the NFC module 20 illegal communication block).
In NFC portable terminal as shown in Figure 1, monitoring program module 304 is used for also judging whether the communication data after the above-mentioned encryption includes user profile; Then whether central processing module 306 enciphered message that presets that is used for storage in enciphered message by judging this user profile and the data memory module 302 whether to mate the communication data of judging after the encryption legal.Obviously, under the situation that is defined as mating, think that user profile meets the encryption requirement, think that promptly the communication data after encrypting is legal, otherwise, think that user profile does not meet the encryption requirement, think that promptly the communication data after encrypting is illegal.
Whether mate by the enciphered message that presets of judging storage in enciphered message in this user profile and the data memory module 302 in the whether legal preferred embodiment of communication data after judging encryption above-mentioned, at this moment, under the unmatched situation of the enciphered message that presets that central processing module 306 also is used for storing in the enciphered message of determining this user profile and data memory module 302 (communication data after promptly encrypting is illegal), by closing hardware encryption chip 30 first interface that is connected with baseband processing chip 10 and second interface that hardware encryption chip 30 is connected with NFC module 20, block the communication between baseband processing chip 10 and the NFC module 20.Particularly, clock signal between physics blocking-up interface or data line etc. prevent that the user's of terminal user's side personal information from being read by illegal NFC system.
And, under the situation that central processing module 306 also is used for storing in the enciphered message of determining this user profile and data memory module 302 the enciphered message that presets is mated, communication data after the encryption that control monitoring program module 304 continues between monitoring baseband processing chip 10 and the NFC module 20 keeps the normal communication between the two.
Obviously, by the above embodiments as can be known: hardware encryption chip 30 can be operated under normal mode of operation or the blocking mode according to the monitoring situation.Wherein, when being operated in blocking mode following time, the communication between baseband processing chip 10 and the NFC module 20 is blocked; Be operated in normal mode of operation following time, hardware encryption chip 30 plays the effect (i.e. monitoring communication data between the two) that communication is monitored between baseband processing chip 10 and NFC module 20, whether monitoring data transmission between the two meets the requirement (it is illegal to that is to say) of enciphered message.
For the ease of communicating with baseband processing chip 10 and NFC module 20, the interface of above-mentioned hardware encryption chip: first interface that is connected with baseband processing chip 10 and second interface that is connected with NFC module 20 can be existing general SDIO (Secure Digital Input and Output, the secure digital input and output) interface also can be existing general SPI (high-speed synchronous serial) interface.
Monitoring program module in the foregoing description can be selected to use software program to realize when reality is implemented, and also can select to use hardware to realize.Can optionally implement according to the actual requirements.
The storage of the cryptographic algorithm in the hardware encryption chip 30, the storage of monitoring program module and the enciphered message that presets should have anti-attack ability, program and the data content that is stored in wherein can't be learnt and be changed in the back from chip exterior in being written to hardware encryption chip, and hardware encryption chip 30 has not reproducible characteristic.
In the process that reality is implemented, when above-mentioned monitoring program module is a kind of software of watchdog routine, can also comprise watchdog routine memory module and interface module in the hardware encryption chip 30.Wherein, the watchdog routine memory module is used to store this watchdog routine; Interface module promptly comprises the first above-mentioned interface and second interface, links to each other with the interface of base band control chip 10 and the interface of NFC module 20 respectively.Hardware encryption chip 30 is behind the communication data that receives from baseband processing chip 10 or NFC module 20, at first use local cryptographic algorithm that this communication data is encrypted, be stored in watchdog routine in the watchdog routine memory module by operation then, carry out related data and handle and control and treatment work, and by the communication between interface module control baseband processing chip 10 and the NFC module 20.When hardware encryption chip 30 listens to the communication between baseband processing chip 10 and the NFC module 20 and therefrom get access to the relevant data (being user profile) of User Recognition, just itself and the data (being enciphered message) that are preset in the data memory module 302 are differentiated, controlled the normal communication of NFC module 20 according to identification result.
In conjunction with NFC portable terminal as shown in Figure 1, according to the process flow diagram of the implementation method of the NFC secure payment of the NFC portable terminal of the embodiment of the invention as shown in Figure 3, this implementation method may further comprise the steps:
Step S302 uses baseband processing chip and NFC module to carry out in the process of NFC payment at the NFC portable terminal, and hardware encryption chip uses the cryptographic algorithm that writes this locality in advance that the communication data between baseband processing chip and the NFC module is encrypted; Wherein, hardware encryption chip is connected between baseband processing chip and the NFC module; Cryptographic algorithm after writing hardware encryption chip automatically fusing be readable state not;
The enciphered message that step S304, hardware encryption chip preset according to this locality judges whether the communication data after encrypting legal, wherein, the enciphered message that presets pre-postpone automatically fusing be readable state not;
Step S306 is determining that the communication data after the encryption is under the illegal situation, the communication between hardware encryption chip blocking-up baseband processing chip and the NFC module.
Wherein, step S304 comprises: whether include user profile in the communication data after the hardware encryption chip judgement is encrypted; When hardware encryption chip is determined to include user profile in the communication data, whether legal by judging whether enciphered message in the user profile and the enciphered message that presets mate the communication data of judging after the encryption.
Then step S306 comprises: under the enciphered message and the unmatched situation of the above-mentioned enciphered message that presets in determining above-mentioned user profile, second interface that hardware encryption chip is connected with the NFC module by first interface of closing hardware encryption chip and being connected with baseband processing chip and hardware encryption chip, the communication between blocking-up baseband processing chip and the NFC module.
And, under the situation of enciphered message in determining above-mentioned user profile and the above-mentioned enciphered message coupling that presets, the communication data after the encryption between continuation monitoring baseband processing chip and the NFC module.
Introduce NFC portable terminal according to the above embodiment of the present invention below in detail and in carrying out the NFC payment process, realize the process of NFC safety precaution, as shown in Figure 4, comprise following several steps:
Step S402, hardware encryption chip powers on, and the watchdog routine that is stored in the watchdog routine memory module on the hardware encryption chip brings into operation;
Step S404, watchdog routine is operated under the normal mode of operation, and watchdog routine is opened communication interface (comprising first interface and second interface), allows the normal communication between NFC module and the baseband processing chip;
Step S406, hardware encryption chip use and are pre-written into local cryptographic algorithm encryption NFC module and the communication data between the baseband processing chip;
Step S408, watchdog routine is monitored the communication data after the above-mentioned encryption;
Step S410, watchdog routine judges in the communication data after the encryption whether comprise user identification code or personal information related data (being user profile) by the type of the communication data after judge encrypting, if then enter step S412, if not, then return step S408 and continue monitoring;
Step S412, central processing module is differentiated user profile and the data (enciphered message that promptly presets) that are preset in the data memory module, is controlled the normal communication of NFC module according to identification result; If identification result for not meeting the encryption requirement, then enters step S414, otherwise, return step S408 and continue monitoring;
Particularly, judge whether the enciphered message in the user profile mates with the enciphered message that is preset in the data memory module.
Step S414; judge that the NFC system is illegal; watchdog routine enters blocking mode; communication between the hardware encryption chip docking port is blocked; will normal communication between NFC module and the baseband processing chip; the use conductively-closed of NFC module, terminal user's personal information also just can obtain safeguard protection.
From above description; as can be seen; the present invention has realized following technique effect: by add hardware encryption chip between terminal user's side (being baseband processing chip) and NFC module; go up the encryption that realizes communication data at hardware circuit (being hardware chip); promptly fusing is not readable automatically for these data after writing any data (comprising cryptographic algorithm) to arrive this hardware encryption chip; solved the problem that the personal information of user in using the NFC payment process easily is stolen; thereby it is safe more and reliable than the software cryptography mode; even under the situation that the NFC system is attacked, can guarantee that also user's personal information still can be protected effectively.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with the general calculation device, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation element forms, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the memory storage and carry out by calculation element, and in some cases, can carry out step shown or that describe with the order that is different from herein, perhaps they are made into each integrated circuit modules respectively, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of being done, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.