CN102034321B - Authentication method and system used for wireless payment - Google Patents

Authentication method and system used for wireless payment Download PDF

Info

Publication number
CN102034321B
CN102034321B CN200910307741.3A CN200910307741A CN102034321B CN 102034321 B CN102034321 B CN 102034321B CN 200910307741 A CN200910307741 A CN 200910307741A CN 102034321 B CN102034321 B CN 102034321B
Authority
CN
China
Prior art keywords
key
identification code
payer
authentication
access device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN200910307741.3A
Other languages
Chinese (zh)
Other versions
CN102034321A (en
Inventor
张翌维
彭波
余运波
孙迎彤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nationz Technologies Inc
Original Assignee
Nationz Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nationz Technologies Inc filed Critical Nationz Technologies Inc
Priority to CN200910307741.3A priority Critical patent/CN102034321B/en
Publication of CN102034321A publication Critical patent/CN102034321A/en
Application granted granted Critical
Publication of CN102034321B publication Critical patent/CN102034321B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]

Abstract

The invention relates to an authentication method for wireless payment. When the distance between a mobile communication terminal (payer) with a radio frequency SIM (subscriber identity module) card and a radio frequency card reading device (payee) of a POS (Point Of Sale) machine and the like meets the distance control requirement, the mobile communication terminal is allowed to be communicated with the POS machine, and identity authentication and safety authentication are first carried out during the communication; and, after the mobile communication terminal confirms that the POS machine is a legal payee, the mobile communication terminal is subjected to wireless payment transaction with the POS machine. The authentication method and system for the wireless payment in the invention accord with the requirement for the wireless payment distance control, ensure the information safety during the wireless payment, eliminate the potential safety hazard, and avoid causing economic loss by the payer for the wireless payment.

Description

A kind of authentication method and system for wireless payment
Technical field
The present invention relates to the communications field, relate in particular to a kind of authentication method for wireless payment and system.
Background technology
The subscriber identification module of existing mobile communication technology (Subscriber Identity Model is called for short SIM card) is widely applied on the mobile communication terminal.Along with scientific technological advance, in the SIM card body of common mobile communication terminal, set up various smart circuit modules by the whole bag of tricks, make SIM card except having basic SIM card function, also increase other and more be close to the function of life, radio-frequency SIM card is exactly one of them, and the frequency of radio-frequency SIM card is generally 2.4G.Application number is the correlation technique content that 200710124354.7 Chinese patent application discloses radio-frequency SIM card, radio-frequency SIM card adopts active radio-frequency technique, make common SIM card can possess the wireless payment functions such as stored value card, the consumer applications function the such as perhaps gate inhibition is current.In the application scenario of some function of radio-frequency SIM card, in order to prevent the phenomenon of misreading card and mispronouncing card, the wireless communication distance of radio-frequency SIM card and radio frequency card reading device (such as point of sale POS machine) must be controlled in the very little scope, for example radio-frequency SIM card be used as public transport charge IC-card.But, radio-frequency SIM card is assemblied in the mobile communication terminal usually, affected by the shield effectiveness of mobile communication terminal, in the situation of the radio-frequency SIM card that assembles same wireless transmitting-receiving power, also different by the radiofrequency signal wireless receiving and dispatching power of different model mobile communication terminal.Therefore, must have to the mobile communication terminal customization of different model the radio-frequency SIM card of different radio transmitting-receiving power to control its wireless communication distance in suitable scope.For this reason, application number is that 200810142182.0 Chinese patent application discloses a kind of method and communication system by tag recognition control communication distance of radio frequency SIM card, its advantage is by the 13.56MHz electronic tag that is attached on the mobile communication terminal, utilize its near field characteristic to carry out distance control, mobile communication terminal to be confirmed is during enough near (being generally less than 10cm), label notice POS(Point Of Sale, point of sale) machine can with radio-frequency SIM card at the very high frequency(VHF) VHF that is not limited to 2.4GHz and carry out electronic transaction with super band.
Yet, because the ordinary electronic label construction is simple, only support certain encryption ciphertext of storage user identity numbering or numbering, so in case obtain label information by signal interception or other induction modes, rogue attacks person may hold the forgery label, follow radio-frequency SIM card holder (in several meters scopes) closely and seem to be the consumption of " legal " at the consumption terminal POS machine of authorizing, thereby cause the stored value card of radio-frequency SIM card carrying to suffer heavy economic losses.This mainly is attributed to very high frequency(VHF) VHF and reaches the more far-field characteristic of high frequency band signal, and it penetrates with transmission capacity strong, and is delivered to the mobile communication terminal outside in order to penetrate various different mediums, generally must make it have 1 to 5 meter communication distance of reaction.For example can provide following Attack Scenarios: the assailant can trail the radio-frequency SIM card holder, in case the holder arrives around the consumption terminal POS machine of mandate, adopt immediately the forgery label to induce access in HF frequency range (such as 13.56MHz), then electronic cash is reached by very high frequency(VHF) VHF and put the POS machine under with super band (such as 2.4GHz), the assailant can pay and illegally obtain commodity whereby.
As seen, existing utilization has in the wireless payment technology that the mobile communication terminal of radio-frequency SIM card carries out, and exists great potential safety hazard, thereby is utilized by rogue attacks person easily and cause the economic loss of wireless payment side.
Summary of the invention
Technical matters to be solved by this invention provides a kind of authentication method for wireless payment and system, eliminates the potential safety hazard in the existing wireless payment technology.
For solving the problems of the technologies described above, the present invention proposes a kind of authentication method for wireless payment, may further comprise the steps:
(a) wireless signal of the access device of payer by the first frequency range be subjected to pay after the side connects, the access device of described payer carries out the first authentication with being subjected to a pair side, after the first authentication is passed through, the access device of described payer is determined the first key with being subjected to a pair side, and described the first frequency range is in high frequency HF frequency range;
(b) access device of described payer with the first identification code of described payer and the second identification code with described the first secret key encryption after, wireless signal by described the first frequency range sends to the described side that is subjected to pay, describedly be subjected to pay the side with described the first secret key decryption, obtain the first identification code and second identification code of described payer;
(c) the described wireless signal that is subjected to pair square tube to cross the second frequency range sends broadcasting, the content of described broadcasting comprises the first identification code of described payer, after the traction equipment of described payer is received described broadcasting, the first identification code of comprising in the described broadcasting and the first identification code of self are compared, if the identical then wireless signal by described the second frequency range is subjected to pay the side and sends a response message to described, execution in step (d), described the second frequency range are in very high frequency(VHF) VHF, superfrequency UHF or the ultrahigh frequency SHF frequency range;
(d) traction equipment of described payer and the described pair side that is subjected to carry out the second authentication, after the second authentication is passed through, the traction equipment of described payer and describedly be subjected to pay the side and determine second key describedly is subjected to pay the traction equipment that the side sends to the second identification code of described payer after with described the second secret key encryption described payer;
(e) after the traction equipment of described payer goes out described the second identification code with described the second secret key decryption, compare with self the second identification code, if identically then be subjected to pay the side and carry out a payment transaction with described.
Further, said method also can have following characteristics, and in described step (a) and the step (d), one of symmetric key mode and this dual mode of unsymmetrical key mode are adopted in described the first authentication and/or described the second authentication.
Further, said method also can have following characteristics, and in the described step (a), definite mode of described the first key is one of following four kinds of modes:
(a1) access device of described payer be subjected to Fu Fangzhong to preserve symmetric key, both sides with this symmetric key as described the first key;
(a2) access device of described payer be subjected to Fu Fangzhong to preserve symmetric key, serve as reasons this symmetric key of described the first key is deduced and is obtained;
(a3) access device of described payer is preserved unsymmetrical key pair with being subjected to Fu Fangzhong, both sides respectively with this unsymmetrical key to one of as described the first key;
(a4) access device of described payer be subjected to pay a square tube and cross asymmetric key mechanisms and carry out key agreement and obtain described the first key.
Further, said method also can have following characteristics, in the described mode (a4), and the Diffie-Hellman key exchange method of described asymmetric key mechanisms for adopting large digital-to-analogue power or elliptic curve to realize.
Further, said method also can have following characteristics, and the first identification code of described payer and the second identification code are implanted in the access device and traction equipment of described payer when issuing described payer by consumption mechanism.
Further, said method also can have following characteristics, and in the described step (c), the first identification code of the described payer that comprises in the described broadcasted content is plaintext or ciphertext, and during for ciphertext, the key of this ciphertext is symmetric key or unsymmetrical key.
Further, said method also can have following characteristics, in the described step (d), definite method of described the second key is: the described pair side that is subjected to generates random number R, send to the traction equipment of described payer after the encryption, obtain described random number R after the described traction equipment deciphering, described random number R is described the second key.
For solving the problems of the technologies described above, the invention allows for a kind of Verification System for wireless payment, comprise payer and be subjected to pay the side, described payer comprises access device and traction equipment, the described pair side that is subjected to comprises the first module for reading and writing and the second module for reading and writing, wherein, described payer is the mobile communication terminal with radio-frequency SIM card, and described traction equipment is the radio-frequency SIM card of this mobile communication terminal:
Described access device is preserved the first identification code and second identification code of described payer, is used for connecting by wireless signal and described first module for reading and writing of the first frequency range; Then carry out the first authentication with described the first module for reading and writing; After the first authentication is passed through, determine the first key, with the first identification code of described payer and the second identification code with described the first secret key encryption after, the wireless signal by described the first frequency range sends to described the first module for reading and writing, described the first frequency range is in high frequency HF frequency range;
Described the first module for reading and writing is used for carrying out the first authentication with described access device; After the first authentication is passed through, determine the first key; Receive described access device with the information of described the first secret key encryption, decipher rear the first identification code and the second identification code that obtains described payer, send described the second module for reading and writing to;
Described the second module for reading and writing, for the first identification code and second identification code of the described payer that receives described the first module for reading and writing transmission, by the wireless signal transmission broadcasting of the second frequency range, the content of described broadcasting comprises the first identification code of described payer; With described traction equipment, carry out the second authentication; After the second authentication is passed through, determine the second key, the second identification code of described payer is sent to described traction equipment after with described the second secret key encryption; Carry out payment transaction with described traction equipment; Described the second frequency range is in very high frequency(VHF) VHF, superfrequency UHF or the ultrahigh frequency SHF frequency range;
Described traction equipment, preserve the first identification code and second identification code of described payer, be used for receiving the broadcasting that described the second module for reading and writing sends, compare with first identification code of self preserving after the first identification code that obtains to comprise in the broadcasting, if the identical then wireless signal by described the second frequency range sends response message to described the second module for reading and writing, then carry out the second authentication with described the second module for reading and writing, after the second authentication is passed through, determine the second key, receive described the second module for reading and writing with the information of described the second secret key encryption, deciphering obtains the second identification code of described payer, second identification code of preserving with self compares, if identically then carry out payment transaction with described the second module for reading and writing.
Further, said method also can have following characteristics, and described access device is attached to shell inboard or the shell outside or the battery surface of described mobile communication terminal.
Further, said method also can have following characteristics, and described access device is independent individual, and the distance between described access device and the described mobile communication terminal remains in the setting range.
Authentication method and system for wireless payment of the present invention had both met wireless payment apart from the needs of control, guaranteed again the information security of wireless payment process, had eliminated potential safety hazard, avoided the payer economic loss to wireless payment.
Description of drawings
Fig. 1 is the authentication method process flow diagram that the present invention is used for wireless payment;
Fig. 2 is the Verification System structural drawing that the present invention is used for wireless payment;
Fig. 3 is the configuration schematic diagram that the present invention is used for the Verification System mobile communication terminal of wireless payment;
Fig. 4 is that the present invention is used for the application layer that each parts of Verification System mobile communication terminal of wireless payment possess and connects and the mutual relationship synoptic diagram;
Fig. 5 is the reciprocal process synoptic diagram of the present invention's Verification System of being used for wireless payment.
Embodiment
Main design of the present invention is, when having distance between the radio frequency card reading devices such as the mobile communication terminal of radio-frequency SIM card (payer) and POS machine (be subjected to pay side) and satisfy distance control and require, just allow mobile communication terminal to communicate by letter with the POS machine, and at first carry out authentication and safety certification during communication, confirm that at mobile communication terminal the POS machine is after the side is paid in legal being subjected to, just to allow mobile communication terminal and POS machine to carry out the transaction of wireless payment.Wherein, identity identifying technology generally is used for the identification to article, and the information that can distinguish real information and forgery, be tampered, thereby makes communicating pair to separately identity information generation mutual trust, and then carries out sensitive information communication or sensitive operation.
The present invention sets the condition that radio-frequency SIM card carries out electronic transaction, the POS machine is determined the identity of the access device of mobile communication terminal in the access frequency range, then adopt encrypted link to obtain identification code ID1 and the ID2 of radio-frequency SIM card, send plaintext or the ciphertext of ID1, the radio-frequency SIM card that only meets this identification code responds, and carry out mutual authentication and key agreement with the POS machine, then the POS machine must send the ID2 of encryption, and then just permission is carried out electronic transaction according to certain standardization flow process.
Authentication method for wireless payment of the present invention uses two-band to authenticate, carry out user's access by access frequency range (being not limited to the high frequency HF frequency range of 13.56MHz), and carry out the information transmission of wireless payment by transaction frequency range (being not limited to very high frequency(VHF) VHF, ultrahigh frequency UHF, the extremely high frequency SHF frequency range of 2.4GHz).
Verification System for wireless payment of the present invention comprises mobile communication terminal (payer) and POS machine (being subjected to pay the side), wherein, mobile communication terminal has carried access device (being operated in the HF frequency range) and radio-frequency SIM card (be operated in very high frequency(VHF) VHF and with super band).Wherein, radio-frequency SIM card is used for loading electric currency information.Radio-frequency SIM card adopts active radio-frequency technique, makes common SIM card can possess the mobile payment functions such as stored value card.Radio-frequency SIM card can carry out electronic transaction operation with the POS machine, and its communication is adopted very high frequency(VHF) VHF and with super band.Because very high frequency(VHF) VHF and have good penetrability and propagated with the wireless signal of super band, radio-frequency SIM card generally places mobile communication terminal inner, and the POS machine can be sensed radio-frequency SIM card at remote (1 to 5 meter), will be unfavorable for that as not adopting closely induction control the safety of electronic transaction carries out.
The access device of mobile communication terminal is operated in the HF frequency range, because this frequency band signals is propagated poor, only can sense aerial signal closely (generally caning be controlled in the 10cm), and this characteristic is applicable to the transaction of radio-frequency SIM card just apart from control.Namely only have when the access device of mobile communication terminal and POS machine enough near the time, the POS machine just can be sensed the access device of mobile communication terminal, the radio-frequency SIM card that can control this moment on the terminal that access device therewith is complementary is implemented transaction.Because HF frequency range wireless signal penetrability relative mistake, but has good closely response characteristic, so the access device of mobile communication terminal can be attached to the shell of mobile communication terminal or near the position of shell, battery surface such as mobile communication terminal, shell is inboard, the shell outside, perhaps the access device of mobile communication terminal can be independent individual, distance between this access device and the mobile communication terminal remains in the setting range (this setting range should satisfy distance between access device and the POS machine and can be regarded as distance between mobile communication terminal and the POS machine), also can be connected with the shell of mobile communication terminal by rope.
The HF frequency range that is not limited to 13.56MHz is called access frequency range (i.e. the first frequency range) herein; Very high frequency(VHF) VHF, ultrahigh frequency UHF, the extremely high frequency SHF frequency range that is not limited to 2.4GHz is called transaction frequency range (i.e. the second frequency range).
Below, represent the payer of wireless payment with the mobile communication terminal with radio-frequency SIM card, with the POS machine represent wireless payment be subjected to pay the side, come the authentication method for wireless payment of the present invention and system are described.Certainly, authentication method and the system for wireless payment of the present invention is equally applicable to be subjected to pay the side beyond payer beyond the mobile communication terminal and the POS machine.
Below in conjunction with accompanying drawing principle of the present invention and feature are described, institute gives an actual example and only is used for explaining the present invention, is not be used to limiting scope of the present invention.
Fig. 1 is the authentication method process flow diagram that the present invention is used for wireless payment.As shown in Figure 1, the authentication method for wireless payment of the present invention comprises the steps:
Step 100, the incipient stage, mobile communication terminal not with the POS machine in correspondence with before, the access device of mobile communication terminal is responded to by the POS machine in short range (referring generally in the 10cm), this induction search is undertaken by the wireless signal of access frequency range;
The mobile communication terminal that the present invention is used for the authentication method of wireless payment not only has the radio-frequency SIM card that can carry out the wireless payment function, and being provided with portable terminal access device for authentication, this access device possesses identity authentication function, the data encryption/decryption function under the cryptography meaning.Simultaneously, the present invention is used for the standby module for reading and writing that can access the portable terminal access device of POS facility of the authentication method of wireless payment, this module for reading and writing is operated in the access frequency range, hereinafter referred to as the first module for reading and writing, be used for judging closely whether mobile communication terminal enters access profile (access profile can preset), and be used for accessing with the mobile communication terminal access device authentication of frequency range, and then obtain the identification code identification code of mobile communication terminal (for simplicity, hereinafter referred to as) of radio-frequency SIM card in the mobile communication terminal.The POS machine that the present invention is used for the authentication method of wireless payment also will possess the module for reading and writing that can access the radio-frequency SIM card of mobile communication terminal, this module for reading and writing is operated in the transaction frequency range, hereinafter referred to as the second module for reading and writing, this module for reading and writing can after the portable terminal access device provides the identification code of mobile communication terminal, carry out safe electronic transaction with radio-frequency SIM card at very high frequency(VHF) VHF and with super band.
Step 101, the access device of mobile communication terminal (being operated in the access frequency range) connects by wireless signal and the POS machine of access frequency range;
Step 102, the access device of mobile communication terminal and POS machine access the authentication of frequency range, confirm whether both sides' identity is legal, if authentication by (being that both sides' identity is legal through confirming) execution in step 103 then, otherwise is returned step 100;
In this step, can be by real random number generator, and symmetry or asymmetric cryptography mechanism are carried out both sides' authentication.Authentication in this step can be adopted one of following dual mode:
Mode one comprises the steps:
(11) be provided with symmetric key among authentication both sides A and the B, B sends request authentication information to A:
(12) A produces a word string Ra at random, returns to B;
(13) the B word string Ra that the secret key encryption of itself is received, and produce at random word string Rb, send in the lump A to;
(14) make comparisons with the word string Ra that itself produces after the A deciphering, if the identical identity of then confirming B sends to B after then Rb being encrypted;
(15) make comparisons with the word string Rb that itself produces after the B deciphering, if the identical identity of then confirming A.
Mode two comprises the signature verification technique of RSA-Based or elliptic curve etc. based on the signature verification technique of asymmetric public key system.
Step 103, the access device of mobile communication terminal and POS machine are determined the communication key of access frequency range;
In this step, the generating mode of the communication key of access frequency range can be one of following four kinds of modes:
(I) communicating pair (access device and the POS machine that refer to mobile communication terminal here) has the symmetric cryptography calculation function, the symmetric key that communication key directly has jointly for both sides, owing to adopt symmetric cryptography, the access device of mobile communication terminal has identical communication key with the POS facility, be secret keys, be to preserve symmetric key in the access device of mobile communication terminal and the POS machine, both sides are with the communication key of this symmetric key as the access frequency range;
(II) communicating pair has the symmetric cryptography calculation function, the symmetric key that communication key has is by both party jointly deduced, be called process key, process key all changes when carrying out the authentication of step 102 at every turn, but both sides guarantee to produce the symmetric cryptography of identical process key when communicating by letter, certain random number r that the symmetric key key_HF that process key Key_proc and both sides have jointly and communicating pair possess is relevant, be key_proc=F (key_HF, r), F (*) represents correlation function, so process key changes according to the difference of random number, be secret keys, be to preserve symmetric key in the access device of mobile communication terminal and the POS machine, the communication key of access frequency range is deduced and is obtained by this symmetric key;
(III) communicating pair has the asymmetric cryptography calculation function, communication key directly is unsymmetrical key pair, each tool one of mobile communication terminal access device and POS machine, but key is to regardless of public and private key, neither open, be secret keys, namely preserve unsymmetrical key pair in the access device of mobile communication terminal and the POS machine, both sides respectively with this unsymmetrical key to one of as the communication key of access frequency range;
(IV) communicating pair has the asymmetric cryptography calculation function, communication key carries out by both party key agreement and gets, described cryptographic key negotiation method adopts the asymmetric cryptography method, the method includes but not limited to adopt the Diffie-Hellman key change of large digital-to-analogue power or elliptic curve realization, the key agreement result is as communication key, be secret keys, namely the access device of mobile communication terminal and POS machine carry out the communication key that key agreement obtains accessing frequency range by asymmetric key mechanisms.
Step 104, the access device of mobile communication terminal and POS machine access the secret communication of frequency range, the POS machine obtains identification code ID1 and the ID2 of mobile communication terminal, be specially, the access device of mobile communication terminal is encrypted identification code ID1 and ID2 with the communication key of determining in the step 103, then the wireless signal by the access frequency range sends to the POS machine, gets access to identification code ID1 and the ID2 of mobile communication terminal after the POS machine is deciphered with the communication key of determining in the step 103;
Wherein, identification code ID1 can be consistent with the identity code of mobile communication terminal access device, also can be inconsistent.
The identification code of mobile communication terminal is divided into two parts ID1 and ID2, when the distribution mobile communication terminal, implant simultaneously radio-frequency SIM card and the access device of mobile communication terminal, be used for these two parts (radio-frequency SIM card and access device) are bound an E-consumer unit, when only possessing the radio-frequency SIM card of consistent identification code and access device simultaneously near legal consumption terminal POS machine, can carry out electronic transaction.
Step 105, the POS machine sends the broadcasting that contains ID1 plaintext or ciphertext with the wireless signal of transaction frequency range;
If ciphertext, key can be symmetric key on radio-frequency SIM card and the POS machine or unsymmetrical key pair, be very high frequency(VHF) VHF and with the root key of super band communication, this key can be inserted radio-frequency SIM card and POS machine in advance, or definite by key agreement.
Step 106, after the radio-frequency SIM card of mobile communication terminal is received broadcasting, obtain the identification code ID1 in the broadcasting, then with this identification code ID1 and preserve in self identification code ID1 compare, if identical, illustrate that then this radio-frequency SIM card is legal, this radio-frequency SIM card sends response message by the wireless signal of transaction frequency range to the POS machine, be that legal radio-frequency SIM card is responded broadcasting, if the not identical step 100 of then returning;
In fact, all radio-frequency SIM cards in the step 105 in the broadcasting area are received and are deciphered and obtain a radio-frequency SIM card identity code ID1, but the radio-frequency SIM card that only has this identification code responds.
The conclude the business authentication of frequency range of step 107, the radio-frequency SIM card of mobile communication terminal and POS machine confirms whether both sides' identity legal, if authentication by (being that both sides' identity is legal through confirming) execution in step 108 then, otherwise warning and return step 100;
Step 108, the radio-frequency SIM card of mobile communication terminal and POS machine both sides production process key, the communication key of the frequency range of namely concluding the business;
Can produce by following manner the communication key of transaction frequency range:
(ⅰ) produce secret random number R encryption at the POS machine and issue radio-frequency SIM card;
(ⅱ) the radio-frequency SIM card deciphering obtains random number R as process key.
Certainly, also can produce by other means the communication key of transaction frequency range.
Step 109, the transaction frequency range is anti-induces, the POS machine adopts the process key Encrypted-identification-code ID2 that produces in the step 108 to send to radio-frequency SIM card, radio-frequency SIM card is received and is obtained ID2 with the process key deciphering that produces in the step 108 afterwards, then with self in the ID2 that preserves compare, if the identical portable terminal access device of then determining legal pairing is near the POS machine, execution in step 110, otherwise return step 100;
Step 110, the radio-frequency SIM card of mobile communication terminal and POS machine are carried out legal electronic cash and are processed the electronic transactions (being wireless payment) such as access.
All keys in the transaction key that electronic transaction process adopts and above-mentioned safety certification stage are irrelevant.
Potential safety hazard for the electronic tag existence, the present invention adopts the mobile communication terminal access device (being in the HF frequency range that is not limited to 13.56MHz) with identity authentication function to substitute electronic tag, make access procedure not only carry out authentication but also carry out identification, and by the information interaction mechanism of safety whole process of exchange is combined, make mobile communication terminal terminal access link and electronic transaction link have the safe class of same levels, conscientiously ensured the information security of wireless mobile payment system.
The invention allows for a kind of Verification System for wireless payment, in order to carry out the above-mentioned authentication method that is used for wireless payment.Fig. 2 is the Verification System structural drawing that the present invention is used for wireless payment, as shown in Figure 2, Verification System for wireless payment of the present invention comprises mobile communication terminal 210(payer) and E-consumer terminal POS machine 220(be subjected to pay the side), wherein, mobile communication terminal 210 comprises the access device of access device 211(payer) and the traction equipment of radio-frequency SIM card 212(payer), POS machine 220 comprises the first module for reading and writing 221 and the second module for reading and writing 222, wherein:
Preserve the first identification code ID1 and the second identification code ID2 of mobile communication terminal 210 in the access device 211, be used for connecting by wireless signal and first module for reading and writing 221 of access frequency range; Then carry out the first authentication with the first module for reading and writing 221; After the first authentication is passed through, determine that the first key (is the communication key of aforesaid access frequency range, together lower), with the first identification code ID1 of mobile communication terminal 210 and the second identification code ID2 with this first secret key encryption after, wireless signal by the access frequency range sends to the first module for reading and writing 221, and the access frequency range is high frequency HF frequency range;
The first module for reading and writing 221 is used for carrying out the first authentication with access device 211; After the first authentication is passed through, determine the first key; Receive the information of this first secret key encryption of access device 211 usefulness, obtain the first identification code ID1 and the second identification code ID2 of mobile communication terminal 210 after the deciphering, send the second module for reading and writing 222 to;
The second module for reading and writing 222 is used for the first identification code ID1 and the second identification code ID2 of the mobile communication terminal 210 of reception the first module for reading and writing 221 transmission, wireless signal by the transaction frequency range sends broadcasting, and the content of broadcasting comprises the first identification code ID1 of mobile communication terminal 210; Carry out the second authentication with radio-frequency SIM card 212; After the second authentication is passed through, determine the second key (be the communication key of aforesaid transaction frequency range, lower with), the second identification code ID2 of mobile communication terminal 210 is sent to radio-frequency SIM card 212 after with this second secret key encryption; Carry out payment transaction with radio-frequency SIM card 212; The transaction frequency range comprises very high frequency(VHF) VHF, superfrequency UHF, ultrahigh frequency SHF frequency range;
Preserve the first identification code ID1 and the second identification code ID2 of mobile communication terminal 210 in the radio-frequency SIM card 212, be used for receiving the broadcasting that the second module for reading and writing 222 sends, the first identification code ID1 of ID1 and self preservation compares after the first identification code that obtains to comprise in the broadcasting, if the identical wireless signal that then passes through the transaction frequency range sends response messages to the second module for reading and writing 222, then carry out the second authentication with the second module for reading and writing 222, after the second authentication is passed through, determine the second key, receive the information of the second module for reading and writing 222 usefulness the second secret key encryption, deciphering obtains the second identification code ID2 of mobile communication terminal 210, the the second identification code ID2 that deposits with self compares, if identically then carry out payment transaction with the second module for reading and writing 222.
Wherein, access device 211 can be attached to shell inboard or the shell outside or the battery surface of mobile communication terminal 210, also can be independent individual, be connected by the shell of rope with mobile communication terminal 210, or being connected to mobile communication terminal 210 outsides by various material connectors, the distance between this moment access device 211 and the mobile communication terminal 210 remains in the setting range.
Fig. 3 is the configuration schematic diagram that the present invention is used for the Verification System mobile communication terminal of wireless payment, as shown in Figure 3, the present invention is used for having disposed access device 211 and radio-frequency SIM card 212 in the Verification System mobile communication terminal 210 of wireless payment, access device 211 is used for communication and the authentication of access frequency range, and radio-frequency SIM card 212 is used for communication and the authentication of transaction frequency range.
Fig. 4 is that the present invention is used for the application layer that each parts of Verification System mobile communication terminal of wireless payment possess and connects and the mutual relationship synoptic diagram, as shown in Figure 4, radio-frequency SIM card 212 is in mobile communication terminal 210 inside, access device 211 adheres to or the shell of connecting mobile communication terminal 210 or be in the shallow-layer gap of mobile communication terminal 210, the radio-frequency SIM card 212 that is bound to a mobile communication terminal 210 has identical identification code ID1 and ID2 with access device 211, implants at distribution phase.
Fig. 5 is the reciprocal process synoptic diagram of the present invention's Verification System of being used for wireless payment, as shown in Figure 5, the process such as closely search, the secret communication of authentication (access frequency range) and identification code is mutual between POS machine 220 and the access device 211, search more at a distance between POS machine 220 and the radio-frequency SIM card 212, authentication (transaction frequency range), anti-ly induce, the process such as mutual is maintained secrecy in electronic transaction.
The present invention is used for the Verification System of wireless payment, definite mode of the first key, the second key, and the method for the first authentication and the second authentication is all identical for the authentication method of wireless payment with aforementioned the present invention, repeats no more herein.It should be noted that, payer among the present invention can be not limited to mobile communication terminal, also can be other equipment with wireless payment function, as has personal digital assistant PDA of wireless payment function etc., equally, being subjected to pay the side and also can being not limited to the POS machine, also can be other devices with radio frequency card-reading function.
Verification System for wireless payment of the present invention meets wireless payment apart from the needs of control, has guaranteed the information security of wireless payment process, has eliminated potential safety hazard, avoids the payer economic loss to wireless payment.
Compared with prior art, beneficial effect of the present invention is:
1. the present invention replaces simple electronic tag with the mobile communication terminal access device with Password Operations ability, only after mobile communication terminal access device and POS machine carry out authentication on the cryptography meaning, can make POS machine and radio-frequency SIM card again carry out authentication, and then the operation such as consume, supplement with money, whole process possesses higher level of security;
2. except the authentication process, other message communicatings all adopt encrypted test mode, more help the security of wireless payment transaction system;
3. overcome the potential safety hazard that simple label identification may occur: tag recognition code victim playback (no matter being plaintext or ciphertext), in the accessible area around radio-frequency SIM card is in the POS machine (being generally 2-5 rice), radio-frequency SIM card will be cheated as stored value card and will be that the assailant pays;
4. radio-frequency SIM card adopts ID1 and ID2 two group identification codes, and wherein ID1 is used for the wallet search of transaction frequency range, can be plaintext or encrypted test mode transmission; When POS machine and radio-frequency SIM card after the authentication of transaction frequency range is finished, the POS machine sends ID2 and is used for radio-frequency SIM card and has triggered the POS machine with the mobile communication terminal access device of determining legal pairing and swipe the card, and the POS machine is legal.ID2 is necessary for encrypted test mode and sends, and adopts process key to encrypt to guarantee the key random variation of each transaction, effective like this avoided legal POS machine illegally transformed and to radio-frequency SIM card carry out Replay Attack may.
5. after the identification of mobile communication terminal access device is finished, the radio-frequency SIM card around if the POS machine is searched by ID1, under normal circumstances, guarantee to conclude the business and only have a legal radio-frequency SIM card that the POS machine is given a response in the frequency range induction range, reduced a plurality of radio-frequency SIM cards and be in simultaneously the interior anticollision expense of same induction range, around crowded public transport billing terminal;
6. authentication method of the present invention does not conflict with standardized electronic transaction process, but the pre-service before the electronic transaction, but the authentication in the electronic transaction or signature verification directly transplanting;
7. a whole set of security mechanism of the present invention and security system not only for the user has brought safety guarantee and safe consumption psychology, have also promoted continuous progress and the popularization of dual-band radio payment system.
The above only is preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.

Claims (10)

1. an authentication method that is used for wireless payment is characterized in that, may further comprise the steps:
(a) wireless signal of the access device of payer by the first frequency range be subjected to pay after the side connects, the access device of described payer carries out the first authentication with being subjected to a pair side, after the first authentication is passed through, the access device of described payer is determined the first key with being subjected to a pair side, and described the first frequency range is in high frequency HF frequency range;
(b) access device of described payer with the first identification code of described payer and the second identification code with described the first secret key encryption after, wireless signal by described the first frequency range sends to the described side that is subjected to pay, describedly be subjected to pay the side with described the first secret key decryption, obtain the first identification code and second identification code of described payer;
(c) the described wireless signal that is subjected to pair square tube to cross the second frequency range sends broadcasting, the content of described broadcasting comprises the first identification code of described payer, after the traction equipment of described payer is received described broadcasting, the first identification code of comprising in the described broadcasting and the first identification code of self are compared, if the identical then wireless signal by described the second frequency range is subjected to pay the side and sends a response message to described, execution in step (d), described the second frequency range are in very high frequency(VHF) VHF, superfrequency UHF or the ultrahigh frequency SHF frequency range;
(d) traction equipment of described payer and the described pair side that is subjected to carry out the second authentication, after the second authentication is passed through, the traction equipment of described payer and describedly be subjected to pay the side and determine second key describedly is subjected to pay the traction equipment that the side sends to the second identification code of described payer after with described the second secret key encryption described payer;
(e) after the traction equipment of described payer goes out described the second identification code with described the second secret key decryption, compare with self the second identification code, if identically then be subjected to pay the side and carry out a payment transaction with described.
2. the authentication method for wireless payment according to claim 1, it is characterized in that, in described step (a) and the step (d), one of symmetric key mode and this dual mode of unsymmetrical key mode are adopted in described the first authentication and/or described the second authentication.
3. the authentication method for wireless payment according to claim 1 is characterized in that, in the described step (a), definite mode of described the first key is one of following four kinds of modes:
(a1) access device of described payer be subjected to Fu Fangzhong to preserve symmetric key, both sides with this symmetric key as described the first key;
(a2) access device of described payer be subjected to Fu Fangzhong to preserve symmetric key, serve as reasons this symmetric key of described the first key is deduced and is obtained;
(a3) access device of described payer is preserved unsymmetrical key pair with being subjected to Fu Fangzhong, both sides respectively with this unsymmetrical key to one of as described the first key;
(a4) access device of described payer be subjected to pay a square tube and cross asymmetric key mechanisms and carry out key agreement and obtain described the first key.
4. the authentication method for wireless payment according to claim 3 is characterized in that, in the described mode (a4), and the Diffie-Hellman key exchange method of described asymmetric key mechanisms for adopting large digital-to-analogue power or elliptic curve to realize.
5. the authentication method for wireless payment according to claim 1 is characterized in that, the first identification code of described payer and the second identification code are implanted in the access device and traction equipment of described payer when issuing described payer by consumption mechanism.
6. the authentication method for wireless payment according to claim 1, it is characterized in that in the described step (c), the first identification code of the described payer that comprises in the described broadcasted content is plaintext or ciphertext, during for ciphertext, the key of this ciphertext is symmetric key or unsymmetrical key.
7. the authentication method for wireless payment according to claim 1 is characterized in that, in the described step (d), definite method of described the second key is:
The described pair side that is subjected to generates random number R, sends to the traction equipment of described payer after the encryption, obtains described random number R after the described traction equipment deciphering, and described random number R is described the second key.
8. Verification System that is used for wireless payment, it is characterized in that, comprise payer and be subjected to pay the side, described payer comprises access device and traction equipment, the described pair side that is subjected to comprises the first module for reading and writing and the second module for reading and writing, wherein, described payer is the mobile communication terminal with radio-frequency SIM card, and described traction equipment is the radio-frequency SIM card of this mobile communication terminal:
Described access device is preserved the first identification code and second identification code of described payer, is used for connecting by wireless signal and described first module for reading and writing of the first frequency range; Then carry out the first authentication with described the first module for reading and writing; After the first authentication is passed through, determine the first key, with the first identification code of described payer and the second identification code with described the first secret key encryption after, the wireless signal by described the first frequency range sends to described the first module for reading and writing, described the first frequency range is in high frequency HF frequency range;
Described the first module for reading and writing is used for carrying out the first authentication with described access device; After the first authentication is passed through, determine the first key; Receive described access device with the information of described the first secret key encryption, decipher rear the first identification code and the second identification code that obtains described payer, send described the second module for reading and writing to;
Described the second module for reading and writing, for the first identification code and second identification code of the described payer that receives described the first module for reading and writing transmission, by the wireless signal transmission broadcasting of the second frequency range, the content of described broadcasting comprises the first identification code of described payer; With described traction equipment, carry out the second authentication; After the second authentication is passed through, determine the second key, the second identification code of described payer is sent to described traction equipment after with described the second secret key encryption; Carry out payment transaction with described traction equipment; Described the second frequency range is in very high frequency(VHF) VHF, superfrequency UHF or the ultrahigh frequency SHF frequency range;
Described traction equipment, preserve the first identification code and second identification code of described payer, be used for receiving the broadcasting that described the second module for reading and writing sends, compare with first identification code of self preserving after the first identification code that obtains to comprise in the broadcasting, if the identical then wireless signal by described the second frequency range sends response message to described the second module for reading and writing, then carry out the second authentication with described the second module for reading and writing, after the second authentication is passed through, determine the second key, receive described the second module for reading and writing with the information of described the second secret key encryption, deciphering obtains the second identification code of described payer, second identification code of preserving with self compares, if identically then carry out payment transaction with described the second module for reading and writing.
9. the Verification System for wireless payment according to claim 8 is characterized in that, described access device is attached to shell inboard or the shell outside or the battery surface of described mobile communication terminal.
10. the Verification System for wireless payment according to claim 8 is characterized in that, described access device is independent individual, and the distance between described access device and the described mobile communication terminal remains in the setting range.
CN200910307741.3A 2009-09-25 2009-09-25 Authentication method and system used for wireless payment Active CN102034321B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200910307741.3A CN102034321B (en) 2009-09-25 2009-09-25 Authentication method and system used for wireless payment

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910307741.3A CN102034321B (en) 2009-09-25 2009-09-25 Authentication method and system used for wireless payment
PCT/CN2009/075753 WO2011035515A1 (en) 2009-09-25 2009-12-21 Identification method and system for wireless payment

Publications (2)

Publication Number Publication Date
CN102034321A CN102034321A (en) 2011-04-27
CN102034321B true CN102034321B (en) 2013-01-30

Family

ID=43795311

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200910307741.3A Active CN102034321B (en) 2009-09-25 2009-09-25 Authentication method and system used for wireless payment

Country Status (2)

Country Link
CN (1) CN102034321B (en)
WO (1) WO2011035515A1 (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9390414B2 (en) 2011-09-18 2016-07-12 Google Inc. One-click offline buying
CN103093541B (en) * 2011-10-31 2016-04-20 国民技术股份有限公司 A kind of mobile payment distant-control system and method
CN103136668A (en) * 2011-11-28 2013-06-05 中兴通讯股份有限公司 Terminal payment method, terminal and payment platform
CN103150583A (en) * 2011-12-07 2013-06-12 国民技术股份有限公司 Method and system of terminal communication
CN102542698B (en) * 2011-12-27 2014-03-12 浙江省电力公司 Safety protective method of electric power mobile payment terminal
US8774721B2 (en) * 2012-04-10 2014-07-08 Google Inc. Detecting a communication tap via signal monitoring
CN102750790A (en) * 2012-06-27 2012-10-24 福建联迪商用设备有限公司 Wireless POS (point of sale) location monitoring method
CN103679931A (en) * 2012-09-07 2014-03-26 中国移动通信集团贵州有限公司 Radio frequency signal transmission circuit, non-contact payment terminal and non-contact payment method
CN103686729B (en) * 2013-12-05 2016-12-07 何文秀 A kind of identity card carries out Mobile banking's authentication method and the system of self-help registration
CN104955030A (en) * 2014-03-31 2015-09-30 中国移动通信集团公司 Acquiring method through mobile phone and device and terminal thereof
CN103927803B (en) * 2014-04-21 2016-06-01 西南交通大学 Based on the Electrically operated gate lock control system of active radio frequency identification
JP6432231B2 (en) * 2014-09-11 2018-12-05 セイコーエプソン株式会社 Wireless communication setting method, wireless communication system, and recording apparatus
CN105681377B (en) * 2014-11-19 2019-07-16 腾讯科技(深圳)有限公司 A kind of data transfering method and relevant device, system
CN105913583A (en) * 2016-05-23 2016-08-31 北京孔方同鑫科技有限公司 Identity verification-based automated trading system capable of removing bacteria for paper currency
CN108429723B (en) * 2017-02-15 2021-08-20 百度在线网络技术(北京)有限公司 Access control method and device
CN110622466A (en) * 2018-03-23 2019-12-27 深圳市大疆创新科技有限公司 Control method, equipment and system
CN109754241B (en) * 2018-12-27 2022-02-22 恒宝股份有限公司 Hard wallet and verification method based on hard wallet
CN110912686A (en) * 2019-10-15 2020-03-24 福建联迪商用设备有限公司 Secure channel key negotiation method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004104725A2 (en) * 2003-05-20 2004-12-02 Ipdc, L.L.C. Method of disposable command encoding (dce) for security protection
CN101309142A (en) * 2008-05-20 2008-11-19 郝志勤 System and method supporting close and remote communication in the same time
CN101369365A (en) * 2008-06-17 2009-02-18 王美金 POS system for mobile phone based on built-in certificate and virtual credit card

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2457263A1 (en) * 2003-02-11 2004-08-11 Bahram Seyed Zahir Azami System facilitating a purchase transaction over a wireless network
KR100930457B1 (en) * 2004-08-25 2009-12-08 에스케이 텔레콤주식회사 Authentication and payment system and method using mobile communication terminal
CN1835007A (en) * 2006-04-07 2006-09-20 浙江通普通信技术有限公司 Mobile payment method based on mobile communication network
CN101458794A (en) * 2007-12-10 2009-06-17 国际商业机器公司 System for enhancing payment safety, method thereof and payment center
CN101359383A (en) * 2008-09-23 2009-02-04 中国移动通信集团广东有限公司 Non-contact card application management system and management method based on mobile communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004104725A2 (en) * 2003-05-20 2004-12-02 Ipdc, L.L.C. Method of disposable command encoding (dce) for security protection
CN101309142A (en) * 2008-05-20 2008-11-19 郝志勤 System and method supporting close and remote communication in the same time
CN101369365A (en) * 2008-06-17 2009-02-18 王美金 POS system for mobile phone based on built-in certificate and virtual credit card

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨小东 等.基于身份认证的手机支付系统的设计与实现.《计算机应用》.2007,第27卷(第3期),第584-586页. *

Also Published As

Publication number Publication date
WO2011035515A1 (en) 2011-03-31
CN102034321A (en) 2011-04-27

Similar Documents

Publication Publication Date Title
CN102034321B (en) Authentication method and system used for wireless payment
CN103001773B (en) Fingerprint authentication system and fingerprint authentication method based on near field communication (NFC)
CN104951937A (en) Authentication method and authentication system among mobile devices
CN104240074B (en) The online payment system of prepaid card and its method of payment of identity-based certification
US20110276802A1 (en) Methods and apparatus for peer-to-peer transfer of secure data using near field communications
CN101324942A (en) Payment system and method performing trade by identification card including IC card
KR101813658B1 (en) RFID based genuine product certification service system and method using cipher update algorithm for forgery prevention
CN201732388U (en) Credible intelligent card
CN102016891A (en) An electronic payment system
CN102521743B (en) Mobile phone safety payment method and system on basis of wireless channel
CN101276448A (en) Payment system and method performing trading with identification card including IC card
CN102186169A (en) Identity authentication method, device and system
CN201622584U (en) Electronic identification and information read-write device
CN104240073A (en) Offline payment method and offline payment system on basis of prepaid cards
CN101330675B (en) Mobile payment terminal equipment
CN103699997A (en) Method, device and electronic equipment for locking mobile payment service
CN103218633B (en) A kind of RFID safety authentication
CN102223630A (en) Remote control system and method
CN102547691A (en) Security electronic control system and method based on 2.4G radio frequency identification (RFID) smart card system
CN102542451A (en) Electronic paying method, system and device thereof
WO2006003562A1 (en) Method of choosing one of a multitude of data sets being registered with a device and corresponding device
US20220239156A1 (en) Using the nfc field from a phone to power card to phone bluetooth communications
WO2013001133A1 (en) Bank-card fraud detection and prevention for bank automats
CN102054313B (en) Transparent forwarding-based method and system for dual-band wireless payment authentication
AU2011288920A1 (en) System and method for converging RFID building security with PKI techniques

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant