CN102521777B - A kind of method and system realizing remote credit - Google Patents
A kind of method and system realizing remote credit Download PDFInfo
- Publication number
- CN102521777B CN102521777B CN201110376573.0A CN201110376573A CN102521777B CN 102521777 B CN102521777 B CN 102521777B CN 201110376573 A CN201110376573 A CN 201110376573A CN 102521777 B CN102521777 B CN 102521777B
- Authority
- CN
- China
- Prior art keywords
- credit
- request
- smart card
- ciphertext
- service device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of method and system realizing remote credit, to realize remote credit on mobile terminals, to improve treatment effeciency and the flexibility of credit operation.Realize the system of remote credit, comprise: mobile terminal, the remote credit service request carrying license application password ARQC ciphertext, credit operation information, individual recognition code PIN ciphertext and digital signature is sent to mobile credit service device, mobile credit service device, digital signature information in remote credit service request is verified, and the rear credit request carrying ARQC ciphertext, PIN ciphertext and credit operation information to the transmission of credit operation processing server be verified; Credit operation processing server, when receiving credit request, carry out legitimate verification to the ARQC ciphertext in loan requests and PIN ciphertext, when being verified, the bank primary account number corresponding to credit smart card according to credit operation information carries out corresponding credit operation process.
Description
Technical field
The present invention relates to the communications field, particularly relate to a kind of method and system realizing remote credit.
Background technology
At present, along with the business high speed development of Deposits in Eastern Coastal China urban, large quantities of individual operators and entrepreneur are emerged in large numbers, good business environment facilitates the flourish of bank credit management (as business such as loan, refund), and becomes the main business resource of more and more bank gradually.In prior art, the major way realizing credit operation is: first, prepares sufficient material and consults to lobby and business personnel, and submit material to by user; Then wait for bank's examination & approval, approval process approximately needs multiple workaday time, and time delay is longer; Subsequently, user carries out formality such as loan agreement signing grade after examining successfully, and carries out capital turnover; Finally, user refunds according to the mode of repayment chosen, and after refund terminates, goes to lending bank to carry out the formalities such as withdrawal mortgage material.
, there is following defect in the existing mode realizing credit operation:
Handling of credit operation needs user to go lobby to handle, and except except handling in business hours section other times can not handle, limited larger; Can not realize carrying out handling of credit operation, very flexible anywhere or anytime.
Summary of the invention
For the above-mentioned technical problem that prior art exists, the embodiment of the present invention provides a kind of method and system realizing remote credit, to realize remote credit on mobile terminals.
Realize a system for remote credit, comprising:
Mobile terminal, sends remote credit service request to mobile credit service device, carries license application password ARQC ciphertext, credit operation information, individual recognition code PIN ciphertext and digital signature in described remote credit service request;
Mobile credit service device, digital signature information in described remote credit service request is verified, and after being verified, sending credit request to credit operation processing server, in described credit request, carry ARQC ciphertext, PIN ciphertext and credit operation information;
Credit smart card, is provided with bank's primary account number of individual;
Credit operation processing server, when receiving described credit request, legitimate verification is carried out to the ARQC ciphertext in described credit request and PIN ciphertext, when being verified, the bank primary account number corresponding to described credit smart card according to described credit operation information carries out corresponding credit operation process.
Realize a method for remote credit, comprising:
Mobile terminal sends remote credit service request to mobile credit service device, carries license application password ARQC ciphertext, credit operation information, individual recognition code PIN ciphertext and digital signature in described remote credit service request;
Mobile credit service device is verified the digital signature information in described remote credit service request, and after being verified, send credit request to credit operation processing server, in described credit request, carry ARQC ciphertext, PIN ciphertext and credit operation information;
Credit operation processing server is when receiving described credit request, legitimate verification is carried out to the ARQC ciphertext in described credit request and PIN ciphertext, when being verified, the bank primary account number corresponding to credit smart card according to described credit operation information carries out corresponding credit operation process; Described credit smart card is provided with bank's primary account number of individual.
In the embodiment of the present invention, mobile terminal sends remote credit service request to mobile credit operation server, carries ARQC ciphertext, credit operation information, PIN ciphertext and digital signature in described remote credit service request; Mobile credit service device is verified the digital signature information in described remote credit service request, and after being verified, send credit request to credit operation processing server, in described credit request, carry described ARQC ciphertext, PIN ciphertext and credit operation information; Credit operation processing server carries out legitimate verification to the ARQC ciphertext in described credit request and PIN ciphertext, and when being verified, the bank primary account number corresponding to credit smart card according to described credit operation information carries out corresponding credit operation process.Adopt technical solution of the present invention, remote credit can be realized at mobile terminal, therefore, as long as in the region of the network coverage, namely user can carry out the process of credit operation whenever and wherever possible by mobile terminal, do not need user to go lobby to handle, thus not only increase treatment effeciency and the flexibility of credit operation, and not by the restriction of lobby office hours, flexibility is better.
Accompanying drawing explanation
Fig. 1 is the system architecture diagram realizing credit operation process in the embodiment of the present invention;
Fig. 2 is the method flow diagram activating credit smart card in the embodiment of the present invention;
Fig. 3 is the method flow diagram generating ARQC ciphertext in the embodiment of the present invention at mobile terminal side;
Fig. 4 is the method flow diagram generating digital signature in the embodiment of the present invention at mobile terminal side;
Fig. 5 is the method flow diagram generating PIN ciphertext in the embodiment of the present invention at mobile terminal side;
Fig. 6 is the schematic diagram generating PIN ciphertext in the embodiment of the present invention;
Fig. 7 is the method flow diagram realizing credit operation in the embodiment of the present invention.
Embodiment
For the above-mentioned technical problem that prior art exists, the embodiment of the present invention provides a kind of method and system realizing remote credit, to realize remote credit on mobile terminals, improves treatment effeciency and the flexibility of credit operation.Realize the system of remote credit, comprise: mobile terminal, remote credit service request is sent to mobile credit service device, ARQC (Authorization Request Cryptogram is carried in described remote credit service request, license application password) ciphertext, credit operation information, PIN (Personal Identification Number, individual recognition code) ciphertext and digital signature; Mobile credit service device, digital signature information in described remote credit service request is verified, and after being verified, sending credit request to credit operation processing server, in described credit request, carry ARQC ciphertext, PIN ciphertext and credit operation information; Credit smart card, is provided with bank's primary account number of individual; Credit operation processing server, when receiving described credit request, legitimate verification is carried out to the ARQC ciphertext in described credit request and PIN ciphertext, when being verified, the bank primary account number corresponding to described credit smart card according to described credit operation information carries out corresponding credit operation process.
Below in conjunction with Figure of description, technical solution of the present invention is described in detail.
See Fig. 1, for realizing the system architecture diagram of remote credit process in the embodiment of the present invention, this system can comprise mobile terminal 1, credit smart card 11, credit operation processing server 3 with the mobile credit service device 2 of described mobile terminal 1 wireless connections, or wired connection wireless with mobile credit service device 2, wherein move the server that credit service device 2 is carrier side, credit operation processing server 3 is the server of the bank side of process credit operation, and described credit smart card 11 can be arranged on described mobile terminal 1; In the process of carrying out credit operation process, mobile credit service device 2 is when mobile terminal 1 needs to carry out credit operation process, need the credit card issuer (namely issuing the bank of this credit smart card) belonging to credit smart card 11 determined in mobile terminal 1, and set up the connection between mobile terminal 11 and the credit operation processing server 3 of credit card issuer side determined; Below the function of each equipment in said system is described in detail.
Mobile terminal 1, sends remote credit service request to mobile credit service device 2, carries ARQC ciphertext, credit operation information, PIN ciphertext and digital signature in this remote credit service request;
Mobile credit service device 2, digital signature information in described remote credit service request is verified, and after being verified, send credit request to credit operation processing server 3, carry described ARQC ciphertext, PIN ciphertext and credit operation information in described credit request;
Credit smart card 11, is provided with Private Banking's primary account number;
Credit operation processing server 3, when receiving described credit request, legitimate verification is carried out to the ARQC ciphertext in described credit request and PIN ciphertext, when being verified, the bank primary account number corresponding to described credit smart card according to described credit operation information carries out corresponding credit operation process.
Credit operation in the embodiment of the present invention can comprise loan transaction and reimbursement business, and when credit operation is loan transaction, credit operation information can comprise: the information such as loan period, the amount of the loan; When credit operation is reimbursement business, credit operation information can comprise: the information such as time, the refund amount of money of refunding.The amount of the loan or the refund amount of money can use the 9F02 label of PBOC2.0 (The People's Bank of China, People's Bank of China) regulation and stipulation, and loan period or payment period can use the rear 4-digit number of 9F03 label.
In the embodiment of the present invention, mobile credit service device 2 is when carrying out initialization, need to import CA (Certification Authority corresponding to each credit smart card, visa mechanism) (this CA root certificate refers in PKI security system root certificate, IC-card digital certificate and the issuing card public key digital certificate for verifying this credit smart card of the distribution of digital certificate issuing organization), registered application provider RID (Registered Application Provider Identifier, registered application provider identifier), CA PKI index, credit card issuer public key digital certificate, the information such as hair fastener mechanism coding, and set up smart card and CA root certificate thereof, registered application provider RID, CA PKI index, credit card issuer public key digital certificate, the corresponding relation of the information such as hair fastener mechanism coding, and store.
Preferably, in the embodiment of the present invention mobile terminal 1 also for, before sending remote credit service request to mobile credit service device 2, activate credit smart card 11 to mobile credit service device 2, activation can as shown in Figure 2, comprise:
Step 201, mobile terminal 1 send activation request to mobile credit service device 2, carry the static data (static data can comprise card number, the application term of validity, bank's primary account number etc. of credit smart card 11) of credit smart card 11, IC-card digital certificate and the first authorization information in this activation request, this first authorization information is that mobile terminal 1 calculates according to the static data in described activation request and IC-card digital certificate.
During the activation request that step 202, mobile credit service device 2 mobile terminal receive 1 send, static data in described activation request and IC-card digital certificate are recovered, and carries out calculating the second authorization information according to the static data after recovery and IC-card digital certificate.
In this step 202, mobile credit service device 2 obtains corresponding CA root certificate and credit card issuer public key digital certificate, and recovers the static data in described activation request and IC-card digital certificate according to the CA root certificate obtained and credit card issuer public key digital certificate.
Step 203, mobile credit service device 2, when described second authorization information is identical with described first authorization information, is determined the legal line activating of going forward side by side of IC-card digital certificate in activation request, and are stored the IC-card digital certificate in described activation request.
In the embodiment of the present invention, before the credit smart card 11 in mobile terminal 1 is activated, mobile credit service device 2 imports the information such as the CA root certificate corresponding with each credit smart card, registered application provider RID, CA PKI index, credit card issuer public key digital certificate and credit card issuer mechanism coding when initialization, and set up the corresponding relation of credit smart card and above-mentioned information, and store corresponding relation.Mobile credit service device 2, when receiving the activation request that mobile terminal 1 sends, obtains the CA root certificate corresponding with described credit smart card 11 and credit card issuer public key digital certificate from the corresponding relation stored.
In the embodiment of the present invention, when mobile terminal 1 is to after mobile credit service device 2 activates described credit smart card 11, mobile credit service device 2 is to credit operation actions menu (i.e. credit STK (the SIM Tool Kit in described mobile terminal 1, STK) menu) carry out unlocking (so-called unblock refers to and show this credit operation actions menu in mobile terminal 1, under the state do not unlocked in mobile terminal 1 invisible described credit operation actions menu).Mobile terminal 1 moves credit service device 2 by the credit STK menu item after unblock and initiates credit operation request.
In the embodiment of the present invention, mobile terminal 1 is before sending remote credit service request to mobile credit service device 2, also need to generate ARQC ciphertext, digital signature and PIN ciphertext, the process generating ARQC ciphertext, digital signature and PIN ciphertext can successively see Fig. 3, Fig. 4 and Fig. 5.
See Fig. 3, for generating the method flow diagram of ARQC ciphertext in the embodiment of the present invention at mobile terminal side, specifically comprise:
Step 301, mobile terminal 1 send credit operation information by credit smart card 11 to mobile credit service device 2.
Step 302, mobile terminal 1 receive the Transaction Information corresponding with described credit operation information that mobile credit service device 2 returns.
Transaction Information can comprise terminal country code, terminal authentication result TVB (forcing on-line transaction, as 0000040800), transaction currency code, trade date, type of transaction and random number.
Step 303, mobile terminal 1 are encrypted described Transaction Information and calculate ARQC ciphertext.
In this step 303, mobile terminal 1 according to PBOC2.0 specification online request ciphertext generating algorithm, can calculate described ARQC ciphertext to described Transaction Information.
Correspondingly, the legitimacy of credit operation processing server 3 to the ARQC ciphertext received is verified, can in the following ways:
Step 1, credit operation processing server 3 are according to bank's primary account number of described credit smart card 11, primary account number sequence number and 3DES algorithm, and hash goes out the sub-key of application cryptogram master key.
Step 2, the sub-key of application cryptogram master key obtained according to ATC and the step 1 of current transaction, hash goes out the process of exchange key corresponding with described sub-key.
Step 3, the process of exchange key adopting step 2 to obtain, the Transaction Information corresponding to credit operation information carries out DES calculating, obtains enciphered data.
Step 4, enciphered data step 3 obtained and ARQC ciphertext compare, if identical, are verified, if not identical, and authentication failed.
See Fig. 4, for generating the method flow diagram of digital signature in the embodiment of the present invention at mobile terminal side, specifically comprise:
Step 401, mobile terminal 1 send INTERNAL AUTHENTICATE order to credit smart card 11, to apply for generating dynamic signature.
Step 402, credit smart card 11 generate random number, and obtain dynamic application data ATC (Application Transaction Counter, application transaction counter) and terminal D DOL (Dynamic Data Authentication Object List, active data object list) data.
Step 403, credit smart card 11 adopt IC-card private key to carry out RSA digital signature to the random number of the dynamic application data ATC obtained, terminal D DOL data, generation and the 3rd authorization information, generate described data signature, described 3rd authorization information is that described credit smart card calculates according to described ATC and DDOL.
Correspondingly, digital signature in mobile credit service device 2 pairs of remote credit service request in the embodiment of the present invention is verified, can in the following ways: recover ATC, DDOL data in described digital signature and random number according to the described IC-card digital certificate stored, calculate according to ATC, DDOL of recovering and random number, obtain the 4th authorization information; And, when described 4th authorization information is identical with described 3rd authorization information, verify that described digital signature is legal.
See Fig. 5, for generating the method flow diagram of PIN ciphertext in the embodiment of the present invention at mobile terminal side, specifically comprise:
Step 501, mobile terminal 1 send PIN ciphertext to credit smart card 11 and generate request.
When step 502, credit smart card 11 receive described PIN ciphertext generation request, adopt the bank account trading password information of safe packet encryption key to described credit smart card 11 correspondence to be encrypted, obtain described PIN ciphertext.
In the embodiment of the present invention, the concrete mode generating PIN ciphertext see Fig. 6, can comprise the following steps:
Step 1, according to following formula (1), calculating is encrypted to the application transaction counter ATC in the DEK of 16 bytes and mobile terminal 1, obtain Skey (i.e. Session Key (session key)): SKey=DES_ECB (DEK, ' 000000000000 '+ATC)+DES_ECB (DEK, ' 000000000000 '+ATC ∧ ' FFFF ') formula (1);
Step 2, according to following formula (2) to PIN expressly (i.e. the bank account trading password of credit smart card) and PAN calculate, obtain PIN data:
PIN certificate=PAN.substr (L-13, L-1) ∧ (' 06 '+PIN plaintext+' FFFFFFFF) formula (2);
PIN in above-mentioned formula (2) is expressly the plaintext corresponding with bank's primary account number (i.e. PAN) of credit smart card 1.
The PIN data that step 3, the SKey obtained step 1 according to following formula (3) and step 2 obtain calculates, and obtains PIN ciphertext:
PIN ciphertext=DES_ECB (SKey, PIN data) formula (3).
Correspondingly, in the embodiment of the present invention, the legitimacy of credit operation processing server 3 to the PIN ciphertext received is verified, can in the following ways:
Step 1, credit operation processing server 3 are according to bank's primary account number of described credit smart card 11, primary account number sequence number and 3DES algorithm, and hash goes out the sub-key of safe packet encryption main key.
Step 2, obtain the sub-key of safe packet encryption main key according to current transaction ATC and step 1, hash goes out the process of exchange key DES_ECB corresponding with the sub-key of safe packet encryption main key.
Step 3, employing DES_ECB are decrypted the PIN ciphertext received, and obtain first after deciphering expressly.
Step 4, bank's primary account number (representing with PAN) by described credit smart card 11, (4) algorithm obtains second plaintext according to the following formula:
Second plaintext=PAN.substr (L-13, L-1) ∧ (' 06 '+PIN expressly+' FFFFFFFF ') formula (4)
In above-mentioned formula (4), PIN is expressly the PIN plaintext corresponding with the PAN of described credit smart card 11 that credit operation processing server 3 obtains from local data base according to PAN.
Step 5, second plaintext step 4 obtained and step 3 are deciphered the first plaintext obtained and are compared, if identical, then verify that PIN ciphertext is passed through, otherwise checking PIN ciphertext are not passed through.
Based on the same idea realizing remote credit system in previous embodiment one, technical solution of the present invention also provides a kind of method realizing remote credit, and the method see Fig. 7, specifically can comprise:
Step 701, mobile terminal send remote credit service request to mobile credit service device, carry ARQC ciphertext, credit operation information, PIN ciphertext and digital signature in described remote credit service request.
Step 702, mobile credit service device are verified the digital signature information in described remote credit service request, and after being verified, send credit request to credit operation processing server, in described credit request, carry ARQC ciphertext, PIN ciphertext and credit operation information.
Step 703, credit operation processing server are when receiving described credit request, legitimate verification is carried out to the ARQC ciphertext in described credit request and PIN ciphertext, when being verified, the bank primary account number corresponding to credit smart card according to described credit operation information carries out corresponding credit operation process; Described credit smart card is provided with bank's primary account number of individual.
In the embodiment of the present invention, in the step 701 of above-mentioned flow process, also comprise:
Mobile terminal is before sending remote credit service request to described mobile credit service device, described credit smart card is activated to mobile credit service device, activation comprises: described mobile terminal sends activation request to described mobile credit service device, carry the static data of described credit smart card, IC-card digital certificate and the first authorization information in described activation request, described first authorization information is that described mobile terminal calculates according to the static data in described activation request and IC-card digital certificate;
Described mobile credit service device is when receiving the activation request that described mobile terminal sends, static data in described activation request and IC-card digital certificate are recovered, and carries out calculating the second authorization information according to the static data after recovery and IC-card digital certificate; And, when described second authorization information is identical with described first authorization information, determines the legal line activating of going forward side by side of IC-card digital certificate in activation request, and store the IC-card digital certificate in described activation request.
Preferably, before above-mentioned process step 701, described mobile terminal generates described ARQC ciphertext, specifically comprises:
Described business information is sent to described mobile credit service device by mobile terminal, and receives the corresponding Transaction Information that described mobile credit service device returns according to described business information, and is encrypted calculating to described Transaction Information, obtains described ARQC ciphertext.
Preferably, before said method process step 701, described mobile terminal generates described digital signature, comprising:
Described mobile terminal sends inner qualification INTERNAL AUTHENTICATE order, to apply for generating dynamic signature to described credit smart card;
Described credit smart card generates random number when receiving described INTERNAL AUTHENTICATE order, and the dynamic application data ATC adopting the local IC-card private key stored to store this locality and terminal active data object list DDOL data, described random number and the 3rd authorization information carry out RSA digital signature, generate described digital signature, described 3rd authorization information is that described credit smart card calculates according to described ATC and DDOL;
Described mobile credit service device is verified the digital signature information in described remote credit service request, specifically comprise: recover ATC, DDOL data in described digital signature and random number according to the described IC-card digital certificate stored, calculate according to ATC, DDOL of recovering and random number, obtain the 4th authorization information; When described 4th authorization information is identical with described 3rd authorization information, verify that described digital signature is legal.
Preferably, before above-mentioned process step 701, mobile terminal generates described PIN ciphertext, specifically comprises:
Described mobile terminal sends PIN ciphertext to described credit smart card and generates request;
When described credit smart card receives described PIN ciphertext generation request, adopt the safe packet encryption key bank account trading password information corresponding to described credit smart card to be encrypted, generate described PIN ciphertext.
Preferably, described mobile terminal carries described remote credit service request in message, and sends to described mobile credit service device;
Described mobile terminal also comprises before sending message:
Choose a group encryption keys and carry out 3DES calculating to the request msg in described remote credit service request, obtain CIPHERING REQUEST data, described request data comprise described ARQC ciphertext, business information, PIN ciphertext and digital signature;
Message authentication code MAC digest calculations is carried out to the heading critical data of described CIPHERING REQUEST data and described message, and the MAC calculated summary is carried in described message.
Preferably, said method flow process also comprises: described mobile terminal, before the described message of transmission, arranges the first transaction counter in the heading of described message;
Described mobile credit service device, when receiving described message, judges whether described first transaction counter is greater than the second transaction counter of described mobile credit service device side, if then determine that described message is legal, otherwise determines that described message is illegal.
Preferably, said method flow process also comprises: described credit operation processing server is after the bank primary account number corresponding to described credit smart card carries out corresponding credit operation process, send credit operation process success message to described mobile credit service device, carry the credit receipt corresponding with this credit operation process in this credit operation process success message and number;
Described mobile credit service device is after receiving described Business Processing success message, the instruction of credit operation state updating is sent, to notify that described credit smart card upgrades the state of credit smart card according to described credit operation state updating instruction and records the described credit receipt numbering of carrying in the instruction of described credit operation state updating to described credit smart card.
In the embodiment of the present invention, remote credit service request the form of message can be sent to mobile credit service device 2, as carried remote credit service request in message by mobile terminal 1; Preferably, for improving fail safe and the integrality of message, mobile terminal 1 is before transmission carries the message of remote credit service request, random selecting one group encryption keys carries out 3DES calculating to the request msg (request msg comprises described ARQC ciphertext, business information, PIN ciphertext and digital signature) in described remote credit service request, obtains CIPHERING REQUEST data; Again MAC digest calculations is carried out to the heading critical data of CIPHERING REQUEST data and described message, and MAC (the Message Authentication Code that will calculate, message authentication code) summary is carried in described message, to guarantee the fail safe of described message in transmitting procedure and integrality.
Preferably, intercept and capture for avoiding disabled user or distort the request msg in message, transaction counter is set in described message; When mobile credit service device 2 is after the message receiving mobile terminal 1 transmission, the transaction counter of the transaction counter in this message and mobile credit service device 2 this locality is compared, if the transaction counter in message is greater than local transaction counter, then determine that this message received is legal, otherwise abandon this message and ask mobile terminal 1 to retransmit described message.
Preferably, credit service condition is better inquired about for ease of user, in the embodiment of the present invention, credit operation processing server 2 is further used for, after corresponding credit operation process is carried out to bank's primary account number of credit smart card 22 correspondence, send credit operation process success message to mobile credit service device 2, carry the credit receipt corresponding with this credit operation process in this credit operation process success message and number;
Mobile credit service device 2 is further used for, and after receiving described credit operation process success message, sends loan transaction state updating instruction (as PutData instruction) to described credit smart card 11;
When credit smart card 11 receives described credit operation state updating instruction, upgrade the state of credit smart card 11 according to described credit operation state updating instruction, and record the described loan receipt numbering of carrying in the instruction of described credit operation state updating.
In the embodiment of the present invention, on the one hand, remote credit can be realized on mobile terminals, therefore, as long as in the region of the network coverage, namely user can carry out the process of credit operation anywhere or anytime by mobile terminal, user is not needed to go lobby to handle, thus not only increase treatment effeciency and the flexibility of credit operation, and not by the restriction of lobby office hours, flexibility is larger; On the other hand, Transaction Information between credit smart card and credit operation processing server is encrypted and obtains ARQC ciphertext, RSA digital signature is carried out to dynamic application data ATC and terminal D DOL data and random number and generates described data signature, and bank account trading password information is encrypted generation PIN ciphertext, therefore from adding the difficulty cracking the data in credit operation processing procedure, distort largely, improve the safety and reliability of data interaction; Again on the one hand, when carrying remote credit service request in message, realizing the confidentiality (fail safe) to message and integrality, thus further improve the fail safe of the data interaction in credit operation processing procedure; Last aspect, after being successfully completed credit operation process, also sends to mobile terminal by credit operation result, and in mobile terminal records, thus better realize the management to credit operation deal with data.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (14)
1. realize a system for remote credit, it is characterized in that, comprising:
Mobile terminal, sends remote credit service request to mobile credit service device, carries license application password ARQC ciphertext, credit operation information, individual recognition code PIN ciphertext and digital signature in described remote credit service request;
Mobile credit service device, digital signature information in described remote credit service request is verified, and after being verified, sending credit request to credit operation processing server, in described credit request, carry ARQC ciphertext, PIN ciphertext and credit operation information;
Credit smart card, is provided with bank's primary account number of individual;
Credit operation processing server, when receiving described credit request, legitimate verification is carried out to the ARQC ciphertext in described credit request and PIN ciphertext, when being verified, the bank primary account number corresponding to described credit smart card according to described credit operation information carries out corresponding credit operation process;
Described mobile terminal is before sending remote credit service request to described mobile credit service device, and activate described credit smart card to mobile credit service device, activation comprises:
Activation request is sent to described mobile credit service device, carry the static data of described credit smart card, IC-card digital certificate and the first authorization information in described activation request, described first authorization information is that described mobile terminal calculates according to the static data in described activation request and IC-card digital certificate;
Described mobile credit service device also for, when receiving the activation request that described mobile terminal sends, static data in described activation request and IC-card digital certificate are recovered, and carries out calculating the second authorization information according to the static data after recovery and IC-card digital certificate; And, when described second authorization information is identical with described first authorization information, determines the legal line activating of going forward side by side of IC-card digital certificate in activation request, and store the IC-card digital certificate in described activation request.
2. the system as claimed in claim 1, is characterized in that, described mobile terminal is further used for, and before the described remote credit service request of transmission, generate described ARQC ciphertext, generative process is as follows:
Described credit operation information is sent to described mobile credit service device by mobile terminal, and receive the corresponding Transaction Information that described mobile credit service device returns according to described credit operation information, and calculating is encrypted to described Transaction Information, obtain described ARQC ciphertext.
3. the system as claimed in claim 1, is characterized in that, described mobile terminal is further used for, and before the described remote credit service request of transmission, generate described digital signature, generative process is as follows:
Described mobile terminal sends inner qualification INTERNAL AUTHENTICATE order, to apply for generating dynamic signature to described credit smart card;
Described credit smart card generates random number when receiving described INTERNAL AUTHENTICATE order, and the dynamic application data ATC adopting the local IC-card private key stored to store this locality and terminal active data object list DDOL data, described random number and the 3rd authorization information carry out RSA digital signature, generate described digital signature, described 3rd authorization information is that described credit smart card calculates according to described ATC and DDOL;
Described mobile credit service device is verified the digital signature in described remote credit service request, specifically for:
Recover ATC, DDOL data in described digital signature and random number according to the described IC-card digital certificate stored, calculate according to ATC, DDOL of recovering and random number, obtain the 4th authorization information; And, when described 4th authorization information is identical with described 3rd authorization information, verify that described digital signature is legal.
4. the system as claimed in claim 1, is characterized in that, described mobile terminal is further used for, and before the described remote credit service request of transmission, generate described PIN ciphertext, generative process is as follows:
Described mobile terminal sends PIN ciphertext to described credit smart card and generates request;
When described credit smart card receives described PIN ciphertext generation request, adopt the safe packet encryption key bank account trading password information corresponding to described credit smart card to be encrypted, generate described PIN ciphertext.
5. the system as claimed in claim 1, is characterized in that, described mobile terminal sends remote credit service request to described mobile credit service device, specifically for, in message, carry described remote credit service request, and send to described mobile credit service device;
Described mobile terminal is further used for, before transmission message, choose a group encryption keys and carry out 3DES calculating to the request msg in described remote credit service request, obtain CIPHERING REQUEST data, described request data comprise described ARQC ciphertext, business information, PIN ciphertext and digital signature; And, message authentication code MAC digest calculations is carried out to the heading critical data of described CIPHERING REQUEST data and described message, and the MAC calculated summary is carried in described message.
6. system as claimed in claim 5, it is characterized in that, described mobile terminal is further used for, and before the described message of transmission, arranges the first transaction counter in the heading of described message;
Described mobile credit service device is further used for, when receiving described message, judge whether described first transaction counter is greater than the second transaction counter of described mobile credit service device side, if then determine that described message is legal, otherwise determines that described message is illegal.
7. the system as claimed in claim 1, it is characterized in that, described credit operation processing server is further used for, after the bank primary account number corresponding to described credit smart card carries out corresponding credit operation process, send credit operation process success message to described mobile credit service device, carry the credit receipt corresponding with this credit operation process in this credit operation process success message and number;
Described mobile credit service device is further used for, after receiving described Business Processing success message, the instruction of credit operation state updating is sent, to notify that described credit smart card upgrades the state of credit smart card according to described credit operation state updating instruction and records the described credit receipt numbering of carrying in the instruction of described credit operation state updating to described credit smart card.
8. realize a method for remote credit, it is characterized in that, comprising:
Mobile terminal sends remote credit service request to mobile credit service device, carries license application password ARQC ciphertext, credit operation information, individual recognition code PIN ciphertext and digital signature in described remote credit service request;
Mobile credit service device is verified the digital signature information in described remote credit service request, and after being verified, send credit request to credit operation processing server, in described credit request, carry ARQC ciphertext, PIN ciphertext and credit operation information;
Credit operation processing server is when receiving described credit request, legitimate verification is carried out to the ARQC ciphertext in described credit request and PIN ciphertext, when being verified, the bank primary account number corresponding to credit smart card according to described credit operation information carries out corresponding credit operation process; Described credit smart card is provided with bank's primary account number of individual;
Described mobile terminal is before sending remote credit service request to described mobile credit service device, and activate described credit smart card to mobile credit service device, activation is specially:
Activation request is sent to described mobile credit service device, carry the static data of described credit smart card, IC-card digital certificate and the first authorization information in described activation request, described first authorization information is that described mobile terminal calculates according to the static data in described activation request and IC-card digital certificate;
Described mobile credit service device is when receiving the activation request that described mobile terminal sends, static data in described activation request and IC digital certificate are recovered, and carries out calculating the second authorization information according to the static data after recovery and IC-card digital certificate; And, when described second authorization information is identical with described first authorization information, determines the legal line activating of going forward side by side of IC-card digital certificate in activation request, and store the IC-card digital certificate in described activation request.
9. method as claimed in claim 8, is characterized in that, also comprise:
Described mobile terminal, before the described remote credit service request of transmission, generates described ARQC ciphertext, specifically comprises:
Described business information is sent to described mobile credit service device by mobile terminal, and receives the corresponding Transaction Information that described mobile credit service device returns according to described business information, and is encrypted calculating to described Transaction Information, obtains described ARQC ciphertext.
10. method as claimed in claim 8, is characterized in that, also comprise:
Described mobile terminal, before the described remote credit service request of transmission, generates described digital signature, comprising:
Described mobile terminal sends inner qualification INTERNAL AUTHENTICATE order, to apply for generating dynamic signature to described credit smart card;
Described credit smart card generates random number when receiving described INTERNAL AUTHENTICATE order, and the dynamic application data ATC adopting the local IC-card private key stored to store this locality and terminal active data object list DDOL data, described random number and the 3rd authorization information carry out RSA digital signature, generate described digital signature, described 3rd authorization information is that described credit smart card calculates according to described ATC and DDOL;
Described mobile credit service device is verified the digital signature information in described remote credit service request, specifically comprise: recover ATC, DDOL data in described digital signature and random number according to the described IC-card digital certificate stored, calculate according to ATC, DDOL of recovering and random number, obtain the 4th authorization information; When described 4th authorization information is identical with described 3rd authorization information, verify that described digital signature is legal.
11. methods as claimed in claim 8, is characterized in that, also comprise:
Mobile terminal, before the described remote credit service request of transmission, generates described PIN ciphertext, specifically comprises:
Described mobile terminal sends PIN ciphertext to described credit smart card and generates request;
When described credit smart card receives described PIN ciphertext generation request, adopt the safe packet encryption key bank account trading password information corresponding to described credit smart card to be encrypted, generate described PIN ciphertext.
12. methods as claimed in claim 8, it is characterized in that, described mobile terminal carries described remote credit service request in message, and sends to described mobile credit service device;
Described mobile terminal also comprises before sending message:
Choose a group encryption keys and carry out 3DES calculating to the request msg in described remote credit service request, obtain CIPHERING REQUEST data, described request data comprise described ARQC ciphertext, business information, PIN ciphertext and digital signature;
Message authentication code MAC digest calculations is carried out to the heading critical data of described CIPHERING REQUEST data and described message, and the MAC calculated summary is carried in described message.
13. methods as claimed in claim 12, is characterized in that, also comprise:
Described mobile terminal, before the described message of transmission, arranges the first transaction counter in the heading of described message;
Described mobile credit service device, when receiving described message, judges whether described first transaction counter is greater than the second transaction counter of described mobile credit service device side, if then determine that described message is legal, otherwise determines that described message is illegal.
14. methods as claimed in claim 8, is characterized in that, also comprise:
Described credit operation processing server is after the bank primary account number corresponding to described credit smart card carries out corresponding credit operation process, send credit operation process success message to described mobile credit service device, carry the credit receipt corresponding with this credit operation process in this credit operation process success message and number;
Described mobile credit service device is after receiving described Business Processing success message, the instruction of credit operation state updating is sent, to notify that described credit smart card upgrades the state of credit smart card according to described credit operation state updating instruction and records the described credit receipt numbering of carrying in the instruction of described credit operation state updating to described credit smart card.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110376573.0A CN102521777B (en) | 2011-11-23 | 2011-11-23 | A kind of method and system realizing remote credit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110376573.0A CN102521777B (en) | 2011-11-23 | 2011-11-23 | A kind of method and system realizing remote credit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102521777A CN102521777A (en) | 2012-06-27 |
| CN102521777B true CN102521777B (en) | 2015-08-05 |
Family
ID=46292682
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110376573.0A Expired - Fee Related CN102521777B (en) | 2011-11-23 | 2011-11-23 | A kind of method and system realizing remote credit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102521777B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2014246709B2 (en) * | 2013-04-05 | 2016-07-14 | Visa International Service Association | Systems, methods and devices for transacting |
| CN103745401A (en) * | 2013-12-19 | 2014-04-23 | 镇江锐捷信息科技有限公司 | Method for realizing remote credit and loan system on mobile terminal |
| CN106991339A (en) * | 2017-05-05 | 2017-07-28 | 国信嘉宁数据技术有限公司 | A kind of financial transaction data security method, server, client and system |
| CN110286983A (en) * | 2019-06-27 | 2019-09-27 | 苏宁消费金融有限公司 | Method for processing business and system based on front end system |
| CN111951095B (en) * | 2020-08-11 | 2023-07-25 | 中国工商银行股份有限公司 | Credit service processing method and device |
| CN112862588B (en) * | 2020-12-31 | 2024-09-24 | 重庆银行股份有限公司 | Comprehensive mobile interaction platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101770619A (en) * | 2008-12-31 | 2010-07-07 | 中国银联股份有限公司 | Multiple-factor authentication method for online payment and authentication system |
| CN101873333A (en) * | 2010-07-09 | 2010-10-27 | 中国工商银行股份有限公司 | Enterprise data maintenance method, device and system based on banking system |
| CN102118251A (en) * | 2011-01-24 | 2011-07-06 | 郑州信大捷安信息技术有限公司 | Security authentication method for internet banking remote payment based on multi-interface intelligent safety card |
| CN102196426A (en) * | 2010-03-19 | 2011-09-21 | 中国移动通信集团公司 | Method, device and system for accessing IMS (IP multimedia subsystem) network |
-
2011
- 2011-11-23 CN CN201110376573.0A patent/CN102521777B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101770619A (en) * | 2008-12-31 | 2010-07-07 | 中国银联股份有限公司 | Multiple-factor authentication method for online payment and authentication system |
| CN102196426A (en) * | 2010-03-19 | 2011-09-21 | 中国移动通信集团公司 | Method, device and system for accessing IMS (IP multimedia subsystem) network |
| CN101873333A (en) * | 2010-07-09 | 2010-10-27 | 中国工商银行股份有限公司 | Enterprise data maintenance method, device and system based on banking system |
| CN102118251A (en) * | 2011-01-24 | 2011-07-06 | 郑州信大捷安信息技术有限公司 | Security authentication method for internet banking remote payment based on multi-interface intelligent safety card |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102521777A (en) | 2012-06-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101098225B (en) | Safety data transmission method and paying method, paying terminal and paying server | |
| CN103716167B (en) | Method and device for safely collecting and distributing transmission keys | |
| CN105900375B (en) | Apparatus, system and method for protecting identity in authenticated transactions | |
| CN101300808B (en) | Method and arrangement for secure autentication | |
| WO2021008453A1 (en) | Method and system for offline blockchain transaction based on identifier authentication | |
| CN101866498B (en) | Electronic ticket implementation method and system based on intelligent card | |
| CN1831865B (en) | Electronic bank safety authorization system and method based on CPK | |
| CN102521777B (en) | A kind of method and system realizing remote credit | |
| WO2018133674A1 (en) | Method of verifying and feeding back bank payment permission authentication information | |
| CN107077670A (en) | Transaction message is sent | |
| JPH10327147A (en) | Electronic authenticating and notarizing method and its system | |
| EP1984890A2 (en) | A point-of-sale terminal transaction using mutating identifiers | |
| EP1277301A2 (en) | Method for transmitting payment information between a terminal and a third equipement | |
| JP2002259605A (en) | Device and method for information processing and storage medium | |
| CN101692277A (en) | Biometric encrypted payment system and method for mobile communication equipment | |
| CN101662469A (en) | Method and system based on USBKey online banking trade information authentication | |
| CN101860525A (en) | Realizing method of electronic authorization warrant, intelligent terminal, authorization system and verification terminal | |
| CN101162535B (en) | Method and system for realizing magnetic stripe card trading by IC card | |
| CN103971241A (en) | Two-channel payment method and system | |
| JP2015537399A (en) | Application system for mobile payment and method for providing and using mobile payment means | |
| CN106096947A (en) | Half off-line anonymous method of payment based on NFC | |
| CN105933338A (en) | Method and device for performing virtual card transaction | |
| CN106936588A (en) | A kind of trustship method, the apparatus and system of hardware controls lock | |
| CN102164128A (en) | Online payment system and online payment method for Internet television | |
| CN111798224A (en) | SGX-based digital currency payment method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee after: BEIJING WATCHDATA Co.,Ltd. Address before: 100015 Beijing city Chaoyang District Dongzhimen West eight Street No. 2 room Wanhong Yan Dong Business Garden Patentee before: BEIJING WATCH DATA SYSTEM Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150805 Termination date: 20211123 |