CN102694780A - Digital signature authentication method, payment method containing the same and payment system - Google Patents

Digital signature authentication method, payment method containing the same and payment system Download PDF

Info

Publication number
CN102694780A
CN102694780A CN2011100728513A CN201110072851A CN102694780A CN 102694780 A CN102694780 A CN 102694780A CN 2011100728513 A CN2011100728513 A CN 2011100728513A CN 201110072851 A CN201110072851 A CN 201110072851A CN 102694780 A CN102694780 A CN 102694780A
Authority
CN
China
Prior art keywords
client terminal
data
service server
wap site
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011100728513A
Other languages
Chinese (zh)
Inventor
邹勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua Tongfang Co Ltd
Tongfang Co Ltd
Original Assignee
Tongfang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tongfang Co Ltd filed Critical Tongfang Co Ltd
Priority to CN2011100728513A priority Critical patent/CN102694780A/en
Publication of CN102694780A publication Critical patent/CN102694780A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention discloses a digital signature authentication method, a payment method containing the same and a payment system. The digital signature authentication method comprises the following steps that: a service server sends a transaction confirmation request to a client; after the client receives the transaction confirmation request, transaction confirmation data are generated and then a digital certificate is used to carry out digital signing on the transaction confirmation data to obtain signature data; the transaction confirmation data are sent to the service server by a short message server and the signature data are sent to the service data through a WAP website; and after the service data receives the transaction confirmation data and the signature data, verification is carried out; if the transaction confirmation data are proved to be valid, the transaction server carries out follow-up transaction processing; and if the transaction confirmation data are proved to be invalid, the transaction server feedbacks error information or other explanation information to the client. According to the above-mentioned technical scheme in the invention, two communication links are employed to respectively send the signature data and the confirmation data; therefore, not only can limitation from the content sizes of short messages of various mobile phones be eliminated, but also malicious modification is less likely to occur.

Description

A kind of digital signature authentication method and comprise the method for payment and the system of this method
Technical field
The present invention relates to the mobile payment field, relate in particular to the digital signature authentication method in a kind of mobile-payment system and comprise the method for payment and the system of this method.
Background technology
Fast development along with financial business; Need the various expenses of payment in people's life; Perhaps accept the payment of expense, mode commonly used is to handle or handle through Web bank through bank's cabinet face, handles to bank counter and need expend a lot of times of user; And because work, the user is often not free to go to bank to pay the fees.Pay the fees through Web bank; Then brought very big convenience to the user really, but because last the Internet can only have the place of network to use, and on the computer of public Internet bar, use and also be absolutely unsafe; Can't use Web bank to pay when therefore, the user is inconvenient to surf the Net.
Surfing Internet with cell phone adopts the mode of landing WAP site to carry out usually, and WAP page is plaintext transmission basically, can't accomplish safe transmission; WAP site can't directly call hardware, accomplishes the digital signature of similar USBKey type, so; Traditional WAP page in use can only use the mode of ID encrypted code to confirm user identity, under this pattern; Username and password is owing to be expressly to propagate; Communication port is absolutely unsafe, and can't accomplish the encipherment protection to information, can not forbid assailant's eavesdropping and distorts and user's malice is denied.
Along with improving constantly of cell phone network speed and popularizing that smart mobile phone is used; Use the application demand of surfing Internet with cell phone strong day by day; The development and the application of mobile payment technology are also arisen at the historic moment; For example publication number is: CN101072384A, denomination of invention: a kind of hand set paying method and system and publication number based on Mobile banking is: CN101730023A, denomination of invention: the payment scheme of all having put down in writing Mobile banking in the Chinese patent document of the method and system of payment by using short messages.In order to prevent to deny; Denomination of invention is: utilize short message to carry out the method for authentication, publication number has been put down in writing the certificate scheme that in mobile payment, carries out digital signature for the Chinese patent document of CN101742504A; But this scheme is not considered: digital signature is made up of the data that will sign and signature two parts; Signature be the data that will sign through Hash (for example: MD5, SHA1), encrypt hash result through AES again and form.Usually, the result of Hash takies more than 16 bytes at least, and for safety, the used RSA cryptographic algorithms key of signing should use 1024, so encrypted result is at least 1024, and both 128 bytes.In addition, note of the CMPP of China Telecom protocol definition is sent 140 bytes at most, so the data that will sign can only have 12 bytes (140-128) at most.Therefore, use a note can not realize carrying out in the mobile payment demand of digital signature.
Summary of the invention
The object of the invention just provides a kind of digital signature authentication method and comprises the method for payment and the system of this method, and is compatible strong to mobile phone, and safer, prevents to deny.
The present invention provides the digital signature authentication method in a kind of mobile-payment system, and this system comprises client terminal and service server, step specific as follows:
Step 1, service server 4 send the trade confirmation request through WAP site 2 or short message server 3 to client terminal 1;
After step 2, client terminal 1 receive said trade confirmation request; The affirmation information of user's input is formed the trade confirmation data together with other data; Use the digital certificate of storage inside that said trade confirmation data are carried out digital signature then, obtain signed data; And said trade confirmation data are sent to said service server 4 through short message server 3, through WAP site 2 said signed data is sent to said service server 4;
After step 3, service server 4 receive said trade confirmation data and signed data; Said trade confirmation data are generated summary with the HASH function, and will make a summary and the summary of deciphering said signed data acquisition with PKI compares, if unanimity; It is legal then to explain, gets into step 4; If inconsistent, explain that the trade confirmation data are illegal, get into step 5;
Step 4, trading server 4 carry out follow-up trading processing, and the back that finishes is sent transaction results through WAP site 2 or short message server 3 to client terminal 1;
Step 5, trading server 4 through WAP site 2 or short message server 3 to client terminal 1 feedback error or other explanation.
As another preferred version; Encrypt to form before client terminal is signed said trade confirmation data in the said step 2 and confirm packet; To the said encrypted validation packet acquisition signed data of signing, after service server 4 receives said affirmation packet and signed data in the said step 3, said affirmation packet is generated summary with the HASH function then; And will make a summary and decipher the summary that said signed data obtains with PKI and compare; If consistent, it is legal then to explain, gets into said step 4; If inconsistent, explain that the trade confirmation data are illegal, get into said step 5.
As another preferred version, in the said step 2, said trade confirmation data are sent to said service server 4 and/or said signed data is sent to before the said service server 4 through WAP site 2 through short message server 3, data are encrypted.
The present invention also provides a kind of method of mobile payment that comprises above-mentioned digital signature authentication method, before said step 1, also comprises the steps:
Steps A, client terminal 1 send transaction request through WAP site 2 to service server 4; At least comprise type of service, Customer ID in the said transaction request and be used to verify the dynamic password OTP of client terminal legitimacy;
Said client's corresponding dynamic password seed that step B, service server 4 are stored according to this locality; Calculate dynamic password; Compare the legitimacy of judging the client with the dynamic dynamic password that receives, if legal, with the seed of this dynamic password as next dynamic password computing; Send the professional page through WAP site 2 to client terminal 1, get into step C; If illegal, get into step 5;
Step C, client carry out business operation, and the back client terminal 1 that finishes sends the business operation data through WAP site 2 or short message server 3 to trading server 4.
As the replacement scheme of another kind of mobile payment, before said step 1, comprise the steps:
Steps A, client terminal 1 send transaction request through WAP site 2 to service server 4;
Step B, service server 4 push the checking page through WAP site 2 to client terminal;
Step C, client click and ask for the identifying code menu button, and client terminal 1 sends identifying code through WAP site 2 to service server 4 and asks for request;
Step D, service server 4 generate a random number as identifying code, send to client terminal 1 through short message server (3);
Step e, client's identifying code that input receives on the checking page also confirm that client terminal 1 sends identifying code through WAP site 2 to trading server 4;
After step F, service server 4 were received identifying code, more whether consistent with the identifying code of step D generation, if consistent, checking was passed through, and then sends the business operation page through WAP site to client terminal, gets into step G; Otherwise to client terminal 1 feedback error page notice identifying code mistake, forward step D to through WAP site 2;
Step G, client terminal 1 receive this business operation page, and the client is engaged in operating in the enterprising industry of the business operation page, and after the affirmation, client terminal 1 sends to service server 4 with the business operation data.
The present invention also provides a kind of mobile-payment system, comprising:
Client terminal; Receive the trade confirmation request that service server 4 sends through WAP site 2 or short message server 3; The affirmation information of user's input is formed the trade confirmation data together with other data; Use the digital certificate of storage inside that said trade confirmation data are carried out digital signature then, obtain signed data; And said trade confirmation data are sent to said service server 4 through short message server 3, through WAP site 2 said signed data is sent to said service server 4;
Service server 4; Send the trade confirmation request through WAP site 2 or short message server 3 to client terminal 1; After receiving said trade confirmation data that client terminal sends and signed data, said trade confirmation data are generated summary with the HASH function, and will make a summary and compare with the summary that PKI is deciphered said signed data acquisition; If it is consistent; It is legal then to explain, carries out follow-up trading processing, and the back that finishes is sent transaction results through WAP site 2 or short message server 3 to client terminal 1; If inconsistent, explain that the trade confirmation data are illegal, trading server 4 through WAP site 2 or short message server 3 to client terminal 1 feedback error or other explanation.
As another preferred payment system scheme; Client terminal is encrypted said trade confirmation data earlier before signing to form and is confirmed packet, and then to the said encrypted validation packet acquisition signed data of signing, after service server 4 receives said affirmation packet and signed data; Said affirmation packet is generated summary with the HASH function; And will make a summary and compare with decipher the summary that said signed data obtains with PKI, if consistent, it is legal then to explain; If inconsistent, explain that the trade confirmation data are illegal.
As another preferred payment system scheme, said trade confirmation data are sent to said service server 4 and/or said signed data is sent to before the said service server 4 through short message server 3 through WAP site 2, data are encrypted.
As another preferred payment system scheme, client terminal also is used for before signature authentication, sending transaction request through WAP site to service server, comprises type of service, Customer ID in the request at least and is used to verify the dynamic password OTP of client terminal legitimacy; After receiving the professional page of service server transmission, the client carries out business operation, and the back client terminal 1 that finishes sends the business operation data through WAP site 2 or short message server 3 to trading server 4;
Service server 4 is according to said client's corresponding dynamic password seed of this locality storage; Calculate dynamic password; Compare the legitimacy of judging the client with the dynamic dynamic password that receives; If legal,, send the professional page to client terminal through WAP site 2 with the seed of this dynamic password as next dynamic password computing; If illegal, through WAP site 2 or short message server 3 to client terminal 1 feedback error or other explanation.
As another preferred payment system, client terminal also is used for before signature authentication, sending transaction request through WAP site 2 to service server; Receive the checking page that service server sends and client click ask for the identifying code menu button after, send identifying codes through WAP site 2 to service server 4 and ask for request; Receive identifying code and behind client's input validation, send identifying code to trading server 4 through WAP site 2; Receive the business operation page that service server sends through WAP site, the client sends to service server 4 with the business operation data after confirming;
After service server 4 receives said transaction request, push the checking page to client terminal through WAP site 2; Random number of generation is sent to client terminal through short message server as identifying code after receiving the identifying code request of asking for that client terminal sends; After receiving the identifying code of client terminal transmission, more whether consistent with the identifying code that generates, if consistent, checking is passed through, and then sends the business operation page through WAP site to client terminal; Otherwise notify the identifying code mistake to the client terminal 1 feedback error page through WAP site 2.
Adopt two communication links separately to send signed data and affirmation data in the technical scheme of the present invention, can not receive the restriction of various SMS content size, and littler by the possibility of malicious modification.
Through below in conjunction with the description of accompanying drawing to the preferred embodiment for the present invention, other characteristics of the present invention, purpose and effect will become clear more and easy to understand.
Description of drawings
Fig. 1 is a system configuration sketch map of the present invention;
Fig. 2 is the basic flow sheet of digital signature procedure of the present invention;
In all above-mentioned accompanying drawings, identical label representes to have identical, similar or corresponding feature or function.
Embodiment
As shown in Figure 1, system of the present invention comprises client terminal 1, short message server 3, WAP site 2 and service server 4, and client terminal 1 includes hardware safe unit; Can be paste card, also can be SIM, the SD card; TF cards etc., internal data can't be surveyed without Lawful access, guarantees safety.
Safe hardware unit is built-in with customer digital certificate and key; The information of digital certificate and phone number and machine master information are bound at service server 4 ends; Binding relationship is also in the safe hardware unit storage inside; Bound content can be: phone number, identity card, number of the account, hardware safe unit sequence number, certificate serial number etc., but be not limited to above-mentioned several kinds; The PKI of the also built-in renewable server identity digital certificates of safe hardware unit, so as the authentication server identity, the convenient bidirectional authentication.
The present invention is primarily aimed at the flow process of digital signature identification, and for other flow process, the identifying procedure that for example inserts in the request is not an emphasis of the present invention, and flow process of the present invention can be inserted into any needs and carry out in the flow process of signature authentication.Initiate because the signature authentication process generally all is a service server 4, therefore, send the trade confirmation request with service server 4 to client terminal 1 below and begin to describe.
As shown in Figure 2, this digital signature authentication method comprises the steps:
Step 1, service server 4 send the trade confirmation request through WAP site 2 or short message server 3 (also can be " WAP passage or short message channel ") to client terminal 1;
Step 2, client terminal 1 (send the trade confirmation request if pass through short message server after receiving said trade confirmation request; After then safe hardware unit is received; Show immediately and confirm the interface); User's input validation information, the sensitive information of cipher type for example, the affirmation information that client terminal 1 will be imported and some binding informations such as phone number, number of the account, hardware safe unit sequence number etc. form the trade confirmation data; Use the digital certificate of storage inside that said trade confirmation data are carried out digital signature then, obtain signed data; And said trade confirmation data are sent to said service server 4 through short message server 3, through WAP site 2 said signed data is sent to said service server 4; Said affirmation packet and signed data all have unique sign; User terminal identification+data type+serial number+date for example, be convenient to service server 4 and after different passages is received above-mentioned two data, can discern and make up or directly verify processing.
Sending the trade confirmation data through way of short messages here just need not introduce again; Execution mode through WAP site 2 sends signed data can be following: client terminal 1 is called out WAP site; The network address and the data content that comprise service server 4 in the call request are (for example: the network address & signed data of http://WAP site address/received content=trading server 4); After WAP site is received request, transmit data content to service server 4 according to the network address of trading server 4.
After step 3, service server 4 receive said trade confirmation data and signed data; Said trade confirmation data are generated summary with the HASH function, and will make a summary and the summary of deciphering said signed data acquisition with PKI compares, if unanimity; It is legal then to explain, gets into step 4; If inconsistent, explain that the trade confirmation data are illegal, get into step 5;
Step 4, trading server 4 carry out follow-up trading processing, and the back that finishes is sent transaction results through WAP site 2 or short message server 3 to client terminal 1; Owing to just can accomplish verification process in the step 3, so this step gets into follow-up processing procedure;
Step 5, trading server 4 through WAP site 2 or short message server 3 to client terminal 1 feedback error or other explanation.For example perhaps send message or other explanations (for example wrong consequence that causes of affirmation and remedial measure, consulting telephone etc.) of confirming mistake to client terminal 1 to the client terminal 1 feedback error page or other pages (like browsing pages) through short message server 3 through WAP site 2.
As second preferred embodiment; First embodiment is done following variation: encrypt to form before client terminal is signed said trade confirmation data in the said step 2 and confirm packet; Then to the said encrypted validation packet acquisition signed data of signing; And said affirmation packet is sent to said service server 4 through short message server 3, through WAP site 2 said signed data is sent to said service server 4; After service server 4 receives said affirmation packet and signed data in the said step 3, said affirmation packet is generated summary with the HASH function, and will make a summary and compare with the summary that PKI is deciphered said signed data acquisition; If it is consistent; It is legal then to explain, gets into said step 4, in step 4; Because there is encryption the front to the trade confirmation data; Therefore, said follow-up trading processing has comprised the deciphering of trade confirmation data and checking of trade confirmation data, and the trading processing after checking; If inconsistent, explain that the trade confirmation data are illegal, get into said step 5.
As the 3rd preferred embodiment; First embodiment is done following variation: in the said step 2; Said trade confirmation data are sent to said service server 4 and/or said signed data is sent to before the said service server 4 through short message server 3, data are encrypted through WAP site 2.Corresponding, in step 4, have and carry out corresponding encryption and decryption.
Specify a mobile payment scheme that comprises signature authentication flow process of the present invention below, specific as follows:
Step 1, client terminal 1 send transaction request (hardware safe unit in the client terminal 1 stores specific WAP site URL, the rewriting that this URL can not authorized) through WAP site 2 to service server 4; Client terminal 1 sends transaction request message to WAP site, in the transaction request message except comprising necessary information, for example: type of service, web page address URL and Customer ID; Can also comprise: phone number, number of the account, hardware safe unit sequence number and dynamic password OTP, said dynamic password OTP is used to verify the legitimacy of client terminal;
Corresponding said service server 4 (also can directly transmit, as long as assurance service server 4 can be discerned and separate) is separated and sent to WAP site 2 according to type of service with Customer ID in the said transaction request data and dynamic password OTP;
Said client's corresponding dynamic password seed that step 2, service server 4 are stored according to this locality calculates dynamic password, judges client's legitimacy and feeds back judged result to client terminal; Said service server 4, after receiving the ID and dynamic password that said WAP site 2 transmits, according to its storage with client's corresponding dynamic password seed; With identical dynamic password algorithm, calculate a dynamic password, itself and the dynamic password that receives are compared; If consistent, it is legal then to explain, with the seed of this dynamic password as next dynamic password computing; Send the professional page through WAP site 2 to client terminal 1, get into step 3; If inconsistent, then explain illegally, get into step 8;
Step 3, client carry out business operation, and the back client terminal 1 that finishes sends the business operation data through WAP site 2 or short message server 3 to trading server 4;
Step 4, service server termination are received said business operation data, send the trade confirmation request to client terminal 1; The trade confirmation request can be sent through WAP site or short message server;
After step 5, client terminal 1 receive said trade confirmation request; User's input validation information; Client terminal 1 forms the trade confirmation data with the affirmation information of user's input with other data (like phone number, number of the account, hardware safe unit sequence number etc.) together; Use the digital certificate of storage inside that said trade confirmation data are carried out digital signature then, obtain signed data; And said trade confirmation data are sent to said service server 4 through short message server 3, through WAP site 2 said signed data is sent to said service server 4;
After step 6, service server 4 receive said trade confirmation data and signed data; Said trade confirmation data are generated summary with the HASH function, and will make a summary and the summary of deciphering said signed data acquisition with PKI compares, if unanimity; It is legal then to explain, gets into step 7; If inconsistent, explain and confirm that packet is illegal, get into step 8;
Step 7, trading server 4 carry out follow-up trading processing, and the back that finishes is sent transaction results through WAP site 2 or short message server 3 to client terminal 1;
Step 8, send to client terminal 1 to the client terminal 1 feedback error page or other pages (like browsing pages) or through short message server 3 through WAP site 2 and to confirm wrong message or other explanations (for example confirming consequence that mistake causes and remedial measure, consulting telephone etc.).
In the above-mentioned steps,, can carry out encryption so long as send information through note.
In the said step 1, client terminal 1 is initiated transaction request to WAP site 2, can realize through following dual mode:
Mode one: client terminal 1 to the transactional services interface, proposes transaction request to said WAP site 2 through the STK program chains through mobile communications operator's service page.
Mode two: client terminal is directly imported domain name access transaction service page, proposes transaction request to WAP site 2.
Specify an another one mobile payment scheme that comprises signature authentication flow process of the present invention below, specific as follows:
Step 1, client terminal 1 send transaction request through WAP site 2 to service server 4; For example comprise in the transaction request: type of service, web page address URL and ID;
Step 2, service server 4 push the checking page through WAP site 2 to client terminal; Can need input validation sign indicating number and cell-phone number,, then not need input handset number again if the checking page that pushes is bound phone number;
Step 3, user click and ask for the identifying code menu button, and client terminal 1 sends identifying code through WAP site 2 to service server 4 and asks for request;
Step 4, service server 4 generate a random number as identifying code, send to client terminal 1 through short message server 3; Note can encrypted transmission;
The identifying code that step 5, client show in the input note on the checking page and by affirmation, client terminal 1 sends identifying codes through WAP site 2 to trading server 4;
After step 6, service server 4 are received identifying code; Whether more consistent with the identifying code of generation in the step 4; If consistent, checking is passed through, and then sending the business operation page through WAP site to client terminal (can be the indication that service server 4 passes through to the checking of WAP site feedback; WAP site receives that this indication back is to the client terminal transmission business operation page), get into step 7; Otherwise to client terminal 1 feedback error page notice identifying code mistake, forward step 4 to through WAP site 2.
Step 7, client terminal 1 receive this business operation page, and the user is engaged in operating in the enterprising industry of the business operation page, and after the affirmation, client terminal 1 sends to service server 4 with the business operation data; This operating data can encrypted transmission;
Step 8, service server 4 receive said business operation data, send the trade confirmation request to client terminal 1; The trade confirmation request can be sent through WAP site or short message server;
After step 9, client terminal 1 receive said trade confirmation request; User's input validation information; Client terminal 1 forms the trade confirmation data with the affirmation information of user's input with other data (like phone number, number of the account, hardware safe unit sequence number etc.) together; Use the digital certificate of storage inside that said trade confirmation data are carried out digital signature then, obtain signed data; And said trade confirmation data are sent to said service server 4 through short message server 3, through WAP site 2 said signed data is sent to said service server 4;
After step 10, service server 4 receive said trade confirmation data and signed data; Said affirmation packet is generated summary with the HASH function, and will make a summary and the summary of deciphering said signed data acquisition with PKI compares, if unanimity; It is legal then to explain, gets into step 11; If inconsistent, explain and confirm that packet is illegal, get into step 12;
Step 11, trading server 4 carry out subsequent transaction to be handled, and the back that finishes is sent transaction results through WAP site 2 or short message server 3 to client terminal 1;
Step 12, send to client terminal 1 to the client terminal 1 feedback error page or other pages (like browsing pages) or through short message server 3 through WAP site 2 and to confirm wrong message or other explanations (for example confirming consequence that mistake causes and remedial measure, consulting telephone etc.).
Adopt two communication links separately to send signed data and affirmation data in the above embodiment of the present invention, can not receive the restriction of various SMS content size, and littler by the possibility of malicious modification.The method of mobile payment that comprises this authentication method has the characteristic of safety and non-repudiation more.
The above only is a preferred implementation of the present invention; Should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; Can also make some improvement and retouching, these improvement and retouching also should be regarded as protection scope of the present invention.

Claims (10)

1. the digital signature authentication method in the mobile-payment system, this system comprises client terminal and service server, step specific as follows:
Step 1, service server (4) send the trade confirmation request through WAP site (2) or short message server (3) to client terminal (1);
After step 2, client terminal (1) receive said trade confirmation request; The affirmation information of user's input is formed the trade confirmation data together with other data; Use the digital certificate of storage inside that said trade confirmation data are carried out digital signature then, obtain signed data; And said trade confirmation data are sent to said service server (4) through short message server (3), through WAP site (2) said signed data is sent to said service server (4);
After step 3, service server (4) receive said trade confirmation data and signed data; Said trade confirmation data are generated summary with the HASH function, and will make a summary and the summary of deciphering said signed data acquisition with PKI compares, if unanimity; It is legal then to explain, gets into step 4; If inconsistent, explain that the trade confirmation data are illegal, get into step 5;
Step 4, trading server (4) carry out follow-up trading processing, and the back that finishes is sent transaction results through WAP site (2) or short message server (3) to client terminal (1);
Step 5, trading server (4) through WAP site (2) or short message server (3) to client terminal (1) feedback error or other explanation.
2. the digital signature authentication method in a kind of mobile-payment system according to claim 1; It is characterized in that client terminal is encrypted said trade confirmation data before signing to form and confirmed packet in the said step 2, then to the said encrypted validation packet acquisition signed data of signing; After service server in the said step 3 (4) receives said affirmation packet and signed data; Said affirmation packet is generated summary with the HASH function, and will make a summary and the summary of deciphering said signed data acquisition with PKI compares, if unanimity; It is legal then to explain, gets into said step 4; If inconsistent, explain that the trade confirmation data are illegal, get into said step 5.
3. the digital signature authentication method in a kind of mobile-payment system according to claim 1 is characterized in that,
In the said step 2, said trade confirmation data are sent to said service server (4) and/or through WAP site (2) said signed data sent to said service server (4) before, data are encrypted through short message server (3).
4. a method of mobile payment that comprises each said digital signature authentication method in the claim 1 to 3 is characterized in that,
Before said step 1, also comprise the steps:
Steps A, client terminal (1) send transaction request through WAP site (2) to service server (4); At least comprise type of service, Customer ID in the said transaction request and be used to verify the dynamic password OTP of client terminal legitimacy;
Said client's corresponding dynamic password seed that step B, service server (4) are stored according to this locality; Calculate dynamic password; Compare the legitimacy of judging the client with the dynamic dynamic password that receives, if legal, with the seed of this dynamic password as next dynamic password computing; Send the professional page through WAP site (2) to client terminal (1), get into step C; If illegal, get into step 5;
Step C, client carry out business operation, and the back client terminal (1) that finishes sends the business operation data through WAP site (2) or short message server (3) to trading server (4).
5. a method of mobile payment that comprises each said digital signature authentication method in the claim 1 to 3 is characterized in that, before said step 1, also comprises the steps:
Steps A, client terminal (1) send transaction request through WAP site (2) to service server (4);
Step B, service server (4) push the checking page through WAP site (2) to client terminal;
Step C, client click and ask for the identifying code menu button, and client terminal (1) sends identifying code through WAP site (2) to service server (4) and asks for request;
Step D, service server (4) generate a random number as identifying code, send to client terminal (1) through short message server (3);
Step e, client's identifying code that input receives on the checking page also confirm that client terminal (1) sends identifying code through WAP site (2) to trading server (4);
After step F, service server (4) were received identifying code, more whether consistent with the identifying code of step D generation, if consistent, checking was passed through, and then sends the business operation page through WAP site to client terminal, gets into step G; Otherwise to client terminal (1) feedback error page notice identifying code mistake, forward step D to through WAP site (2);
Step G, client terminal (1) receive this business operation page, and the client is engaged in operating in the enterprising industry of the business operation page, and after the affirmation, client terminal (1) sends to service server (4) with the business operation data.
6. mobile-payment system comprises:
Client terminal; Receive the trade confirmation request that service server (4) sends through WAP site (2) or short message server (3); The affirmation information of user's input is formed the trade confirmation data together with other data; Use the digital certificate of storage inside that said trade confirmation data are carried out digital signature then, obtain signed data; And said trade confirmation data are sent to said service server (4) through short message server (3), through WAP site (2) said signed data is sent to said service server (4);
Service server (4); Send the trade confirmation request through WAP site (2) or short message server 3 to client terminal (1); After receiving said trade confirmation data that client terminal sends and signed data, said trade confirmation data are generated summary with the HASH function, and will make a summary and compare with the summary that PKI is deciphered said signed data acquisition; If it is consistent; It is legal then to explain, carries out follow-up trading processing, and the back that finishes is sent transaction results through WAP site (2) or short message server (3) to client terminal (1); If inconsistent, explain that the trade confirmation data are illegal, trading server (4) through WAP site (2) or short message server (3) to client terminal (1) feedback error or other explanation.
7. a kind of mobile-payment system according to claim 6 is characterized in that,
Encrypt earlier before client terminal is signed said trade confirmation data to form and confirm packet; And then to the said encrypted validation packet acquisition signed data of signing; After service server (4) receives said affirmation packet and signed data, said affirmation packet is generated summary with the HASH function, and will make a summary and compare with the summary that PKI is deciphered said signed data acquisition; If consistent, it is legal then to explain; If inconsistent, explain that the trade confirmation data are illegal.
8. a kind of mobile-payment system according to claim 6 is characterized in that,
Through short message server (3) said trade confirmation data are sent to said service server (4) and/or through WAP site (2) said signed data sent to said service server (4) before, data are encrypted.
9. according to each described mobile-payment system in the claim 6 to 8, it is characterized in that,
Client terminal also is used for before signature authentication, sending transaction request through WAP site to service server, comprises type of service, Customer ID in the request at least and is used to verify the dynamic password OTP of client terminal legitimacy; After receiving the professional page of service server transmission, the client carries out business operation, and the back client terminal (1) that finishes sends the business operation data through WAP site (2) or short message server (3) to trading server (4);
Service server (4) is according to said client's corresponding dynamic password seed of this locality storage; Calculate dynamic password; Compare the legitimacy of judging the client with the dynamic dynamic password that receives; If legal,, send the professional page to client terminal through WAP site (2) with the seed of this dynamic password as next dynamic password computing; If illegal, through WAP site (2) or short message server (3) to client terminal (1) feedback error or other explanation.
10. according to each described mobile-payment system in the claim 6 to 8, it is characterized in that,
Client terminal also is used for before signature authentication, sending transaction request through WAP site (2) to service server; Receive the checking page that service server sends and client click ask for the identifying code menu button after, send identifying code through WAP site (2) to service server (4) and ask for request; Receive identifying code and behind client's input validation, send identifying code to trading server (4) through WAP site (2); Receive the business operation page that service server sends through WAP site, the client sends to service server (4) with the business operation data after confirming;
After service server (4) receives said transaction request, push the checking page to client terminal through WAP site (2); Random number of generation is sent to client terminal through short message server as identifying code after receiving the identifying code request of asking for that client terminal sends; After receiving the identifying code of client terminal transmission, more whether consistent with the identifying code that generates, if consistent, checking is passed through, and then sends the business operation page through WAP site to client terminal; Otherwise notify the identifying code mistake to client terminal (1) the feedback error page through WAP site (2).
CN2011100728513A 2011-03-25 2011-03-25 Digital signature authentication method, payment method containing the same and payment system Pending CN102694780A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011100728513A CN102694780A (en) 2011-03-25 2011-03-25 Digital signature authentication method, payment method containing the same and payment system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011100728513A CN102694780A (en) 2011-03-25 2011-03-25 Digital signature authentication method, payment method containing the same and payment system

Publications (1)

Publication Number Publication Date
CN102694780A true CN102694780A (en) 2012-09-26

Family

ID=46860067

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011100728513A Pending CN102694780A (en) 2011-03-25 2011-03-25 Digital signature authentication method, payment method containing the same and payment system

Country Status (1)

Country Link
CN (1) CN102694780A (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103491533A (en) * 2013-09-23 2014-01-01 上海翰鑫信息科技有限公司 WAP gateway, user WAP terminal, WAP payment system and WAP payment method
CN103905624A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 Digital signature generation method and mobile phone terminal
CN104376466A (en) * 2014-11-25 2015-02-25 苏州迪云信息科技有限公司 Electronic payment method, device and terminal
CN104618399A (en) * 2015-03-05 2015-05-13 中国联合网络通信集团有限公司 Method and system for protecting data security in short message paying transaction
CN104639324A (en) * 2014-12-29 2015-05-20 芜湖乐锐思信息咨询有限公司 On-line transaction system based on address encoding authentication
CN105072080A (en) * 2015-07-01 2015-11-18 赛肯(北京)科技有限公司 Information verification method, device and system
CN106408301A (en) * 2016-09-30 2017-02-15 广东网金控股股份有限公司 Method and device for improving security of transaction command
CN106656499A (en) * 2015-07-15 2017-05-10 同方股份有限公司 Terminal equipment dependable authentication method and system in digital copyright protection system
CN106651366A (en) * 2015-11-03 2017-05-10 国民技术股份有限公司 Mobile terminal and transaction confirmation method and device thereof, and smart card
CN106851602A (en) * 2017-03-31 2017-06-13 武汉票据交易中心有限公司 A kind of transaction system short-message verification method and system
CN107231631A (en) * 2017-05-31 2017-10-03 广东网金控股股份有限公司 The method and mobile terminal of a kind of network security certification of mobile terminal
CN108449185A (en) * 2018-06-04 2018-08-24 贵州数据宝网络科技有限公司 A kind of data signature security certification system
CN108764912A (en) * 2018-06-21 2018-11-06 广东工业大学 A kind of method of payment and device based on short message verification code
CN111161056A (en) * 2018-11-07 2020-05-15 新明华区块链技术(深圳)有限公司 Method, system and equipment for improving transaction security of digital assets
CN113537985A (en) * 2021-07-16 2021-10-22 中国农业银行股份有限公司 Data verification method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101398870A (en) * 2007-09-24 2009-04-01 广州市百成科技有限公司 Electronic stamp system based on password layered system
CN101577917A (en) * 2009-06-16 2009-11-11 深圳市星龙基电子技术有限公司 Safe dynamic password authentication method based on mobile phone
CN101834946A (en) * 2010-05-11 2010-09-15 丁峰 Method for performing safe mobile phone payment and mobile phone for performing safe payment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101398870A (en) * 2007-09-24 2009-04-01 广州市百成科技有限公司 Electronic stamp system based on password layered system
CN101577917A (en) * 2009-06-16 2009-11-11 深圳市星龙基电子技术有限公司 Safe dynamic password authentication method based on mobile phone
CN101834946A (en) * 2010-05-11 2010-09-15 丁峰 Method for performing safe mobile phone payment and mobile phone for performing safe payment

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103905624B (en) * 2012-12-28 2016-05-18 中国电信股份有限公司 Generation method and the mobile phone terminal of digital signature
CN103905624A (en) * 2012-12-28 2014-07-02 中国电信股份有限公司 Digital signature generation method and mobile phone terminal
CN103491533A (en) * 2013-09-23 2014-01-01 上海翰鑫信息科技有限公司 WAP gateway, user WAP terminal, WAP payment system and WAP payment method
CN104376466A (en) * 2014-11-25 2015-02-25 苏州迪云信息科技有限公司 Electronic payment method, device and terminal
CN104639324B (en) * 2014-12-29 2018-07-17 北京创鑫旅程网络技术有限公司 Online trading system based on address coding certification
CN104639324A (en) * 2014-12-29 2015-05-20 芜湖乐锐思信息咨询有限公司 On-line transaction system based on address encoding authentication
CN104618399A (en) * 2015-03-05 2015-05-13 中国联合网络通信集团有限公司 Method and system for protecting data security in short message paying transaction
CN105072080A (en) * 2015-07-01 2015-11-18 赛肯(北京)科技有限公司 Information verification method, device and system
CN105072080B (en) * 2015-07-01 2018-04-13 广州密码科技有限公司 A kind of Information Authentication method, apparatus and system
CN106656499A (en) * 2015-07-15 2017-05-10 同方股份有限公司 Terminal equipment dependable authentication method and system in digital copyright protection system
CN106656499B (en) * 2015-07-15 2023-05-05 同方股份有限公司 Terminal equipment credibility authentication method in digital copyright protection system
CN106651366A (en) * 2015-11-03 2017-05-10 国民技术股份有限公司 Mobile terminal and transaction confirmation method and device thereof, and smart card
CN106408301A (en) * 2016-09-30 2017-02-15 广东网金控股股份有限公司 Method and device for improving security of transaction command
CN106851602A (en) * 2017-03-31 2017-06-13 武汉票据交易中心有限公司 A kind of transaction system short-message verification method and system
CN107231631A (en) * 2017-05-31 2017-10-03 广东网金控股股份有限公司 The method and mobile terminal of a kind of network security certification of mobile terminal
CN108449185A (en) * 2018-06-04 2018-08-24 贵州数据宝网络科技有限公司 A kind of data signature security certification system
CN108764912A (en) * 2018-06-21 2018-11-06 广东工业大学 A kind of method of payment and device based on short message verification code
CN108764912B (en) * 2018-06-21 2021-09-17 广东工业大学 Payment method and device based on short message verification code
CN111161056A (en) * 2018-11-07 2020-05-15 新明华区块链技术(深圳)有限公司 Method, system and equipment for improving transaction security of digital assets
CN113537985A (en) * 2021-07-16 2021-10-22 中国农业银行股份有限公司 Data verification method and device
CN113537985B (en) * 2021-07-16 2024-03-26 中国农业银行股份有限公司 Data verification method and device

Similar Documents

Publication Publication Date Title
CN102694780A (en) Digital signature authentication method, payment method containing the same and payment system
AU2021203184B2 (en) Transaction messaging
CN102801710B (en) A kind of network trading method and system
CN109039652B (en) Digital certificate generation and application method
WO2012155644A1 (en) Bill entrustment payment management method, device, and system
CN102789607A (en) Network transaction method and system
CN102790767B (en) Information safety control method, information safety display equipment and electronic trading system
CN101221641B (en) On-line trading method and its safety affirmation equipment
EP1142194B1 (en) Method and system for implementing a digital signature
CN110278180B (en) Financial information interaction method, device, equipment and storage medium
CN202854880U (en) SMS payment system based on fingerprint identification mobile phone
CN111861457B (en) Payment token application method, device, system and server
CN110149354A (en) A kind of encryption and authentication method and device based on https agreement
CN103761644A (en) Ordering processing method for mobile Internet online payment
CN103745352A (en) Method for placing order by calling payment plug-in on WAP (Wireless Application Protocol) merchant mobile platform
CN106656955A (en) Communication method and system and user terminal
CN115276978A (en) Data processing method and related device
CN104992329A (en) Method for safely issuing transaction message
KR101110777B1 (en) Method and terminal of preventing parameter from forging/alternating
TW200806002A (en) Message authentication system and message authentication method
CN105574720A (en) Secure information processing method and secure information processing apparatus
CN112712354A (en) Interaction method of digital currency wallet and digital currency server
JP2007116641A (en) Private information transmitting method
CN105678542A (en) Payment business interaction method, payment terminal and payment cloud terminal
Kisore et al. A secure SMS protocol for implementing digital cash system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120926