CN103236011A - Electronic currency transaction monitoring method - Google Patents

Electronic currency transaction monitoring method Download PDF


Publication number
CN103236011A CN2013100548134A CN201310054813A CN103236011A CN 103236011 A CN103236011 A CN 103236011A CN 2013100548134 A CN2013100548134 A CN 2013100548134A CN 201310054813 A CN201310054813 A CN 201310054813A CN 103236011 A CN103236011 A CN 103236011A
Prior art keywords
Prior art date
Application number
Other languages
Chinese (zh)
Original Assignee
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 郁晓东 filed Critical 郁晓东
Priority to CN2013100548134A priority Critical patent/CN103236011A/en
Publication of CN103236011A publication Critical patent/CN103236011A/en



A safety method allows for direct transaction with electronic currency with no need of special POS (point of sale) card readers. According to the method, data are transmitted by NFC (near field communication), and safety of electronic currency processing is guaranteed by SE (secure element); transactions are done using ISO7814 (international standard organization 7814) commands; ACID (atomicity, consistency, isolation and durability) of the data is guaranteed by 2phaseCommit method; the data is guaranteed resistant to altering in transmission by using a secure channel; dynamic key generation guarantees key safety in long-term operation. A monitor module introduced to the program structure is used for recording the transactions, and the transaction recording is submitted to a transaction recording server by the safety communication method. Therefore, overall safety is realized, separation from POS and a central server is realized, and free and direct payment with electronic currency is allowed.


一种电子货币交易监视的方法 An electronic money transaction monitoring approach

技术领域 FIELD

[0001] 本发明涉及计算机、通信、安全领域,尤其涉及NFC通信中的电子货币安全交易领域。 [0001] The present invention relates to computers, communications, security, and in particular relates to the field of secure electronic money transaction NFC communication.

背景技术 Background technique

[0002] 1.背景技术 [0002] 1. Background of the Invention

[0003] 1.1电子货币背景 [0003] 1.1 electronic money background

[0004] 电子货币已经在世界各国普及,用户可以直接享受到电子货币带来的安全和便利。 [0004] e-money has been popular in various countries of the world, users can enjoy the security and convenience of electronic money directly brought about. 电子货币比普通货币具有更环保、更难以伪造,更便于携带,更难以进行非法交易的特征,因此今后电子货币会有完全代替普通货币可能。 Electronic money than ordinary currency more environmentally friendly and more difficult to counterfeit, more portable and more difficult to characterize illegal transactions, so in the future will be completely replaced by electronic money may be common currency. 然而目前的电子货币在交易中必须通过被安全认证后的POS端末装置,依存于POS的使用条件制约了电子货币的流通性。 However, the current electronic money transactions through POS terminal ends of the device must be certified after the safety, depends on the conditions of use of POS restricted the circulation of electronic money.

[0005] 1.2智能卡技术 [0005] 1.2 smart card technology

[0006] 智能卡是运用在电子货币上最重要的技术。 [0006] A smart card is the most important in the use of electronic money on technology. 智能片(Smart Card)是一种1.具有微处理器,2.具有被安全控制元件加密的存储领域。 Intelligent sheet (Smart Card) is a microprocessor having 1, 2 having the storage area is encrypted security control element. 在智能卡片中能够运行简单程序,并保存重要数据。 In the smart card capable of running simple programs and save important data. 智能卡片一般遵从GlobalPlatform(http://globalplatform.0rg)标准。 Smart cards are generally comply with GlobalPlatform (http: //globalplatform.0rg) standard.

[0007]目前,智能卡需要和基于POS端末的读卡器一起工作,才能够完成电子货币交易过程。 [0007] Currently, smart cards and need to work together Duanmo based POS card reader to be able to complete the electronic money transaction.

[0008] 1.3 NFC 技术 [0008] 1.3 NFC technology

[0009] NFC (http://www.nfc-forum.0rg/)是RFID上发展出来的通过转换电磁波作为电源的近距离通信技术,和传统的RFID相比,NFC不仅提供识别功能,更能够提供各种形式的数据交换。 [0009] NFC (http: //www.nfc-forum.0rg/) is developed by converting the electromagnetic wave as power source RFID short-range communication techniques, and compared to conventional RFID, not only provides the NFC identification function, can be more various forms of data exchange. NFC读卡器专门术语是TCD,载有NFC的装置专门术语为PICC,P⑶和PICC的通信基于在13.56MHz的带域,国际标准IS014443和IS018092制定了其中的通信协议。 NFC reader technical terms are the TCD, contains a specific term for the NFC apparatus and the PICC PICC P⑶ communication, based on a band of 13.56MHz, the international standard IS014443 and IS018092 developed wherein the communication protocol.

[0010] NFC目前最主要的运用,在交通票、电子货币方面。 [0010] NFC currently the most important application in the transport tickets, electronic money aspect. 在NFC标准的应用层的规格中,制定了3种通信方式,通过其中的P2P交信方式,两台载有NFC芯片的装置可以直接交换数据。 In the NFC standard specification in the application layer, we developed three kinds of communication, through the cross-channel manner in which the P2P, two NFC chip carrying means can directly exchange data.

[0011] Paypal在2011年7月在美国首先推出了,采用android所提供的NFC中P2P方法实现了不需要POS的电子货币交易方式的服务,然而目前该方式不通过安全元件SecureElement,而采用Android (一种RichOS)控制,因此当数据通过RichOS时,无法保证其数据不被恶意程序篡改伪造,为弥补该缺陷,Paypal采用本身的第三方支付系统的服务器来保证交易金额的正确性;安全认证,金额完整性处理都都在中央式服务器中完成,中央服务器可以看成POS的等价代替。 [0011] Paypal in July 2011 launched the first in the United States, using the P2P method android NFC implementation provided a service does not require POS electronic money transactions, but does not present the way through the security element SecureElement, while the use of Android (a kind of RichOS) control, so when the data RichOS, can not guarantee that data is not tampered with forgery malicious programs, to compensate for the defect, Paypal server itself using third-party payment system to ensure the correctness of the transaction amount; safety certification amount integrity processing are completed in the central server, the central server can be regarded as equivalent in place of the POS.

[0012] 2.现有研究 [0012] 2. Existing research

[0013]发表于 IEEE CS, 2010年3 月,pl91_p200 RNAkram, K.Markantonakis, andK.Mayer, “A paradigm Shift in Smart Card Ownership Model, ”(电子货币卡所有权模型的转变)的论文,阐述了由于时代的变迁,电子货币卡和其中的货币之所有者应该转为拥有卡的用户,而不再应该是银行等金融发行机构或电信业、交通业等发行机构。 [0013] published in IEEE CS, 2010 Nian 3 Yue, pl91_p200 RNAkram, K.Markantonakis, andK.Mayer, "A paradigm Shift in Smart Card Ownership Model," (change of ownership model of the electronic money card) papers, elaborated due changing times, the electronic money card and one of the owners of money into the user should have the card, but should no longer be issuing banks and other financial institutions or telecommunications, transportation and other issuers. 该论文通过模型逻辑地论证了电子货币的控制权的归属。 The paper by model logically demonstrated control over the ownership of electronic money. 并得出不依赖发行机构POS端的处理,不通过发行机构的服务器,而直接允许电子货币卡持有人自行处理自己的电子货币从法律和伦理上是合理并且进步的。 And draw does not depend on the POS terminal issuer, not by the issuer server, and allow direct electronic money card holders handle their own electronic money legally and ethically reasonable and progress. 该论文主要不是解决技术课题,而是通过逻辑论证,扫除阻碍技术发展的不合理的固有观念,并为技术发展指出了方向。 The thesis is not a technical problem to solve, but by logical argument, eliminate unreasonable stereotype hinder technological development, and pointed out the direction for technology development. 该论文观点不仅得到了计算机科学界(CS)和工商界的普遍支持,而且也得到了权力机构承认。 The paper point of view has not only been a computer science (CS) and general support for the business community, but also by the authorities admit.

[0014] W02010/036863 A2 的专利New Beneficiary Initiated P2P, P2B PaymentModel (由P2P,P2B发起的新收款方式的支付模型)提出了一个P2P的支付模式,由于是金融专家提出的模型,所以该申请专利是一种支付方式和操作画面的设计,虽然其文字生动地描述了一种智力活动,然而说明中不涉及具体的系统实现方法,特别是本发明专注的安全问题。 [0014] W02010 / 036863 A2 patent New Beneficiary Initiated P2P, P2B PaymentModel (new model of payment paid by P2P, P2B initiated) proposed a P2P payment model, as is the model of financial experts, so that application patent and design a payment operation screen, although text graphic description of an intellectual activity, but the description does not involve particular system implementation, the present invention addresses the particular problem of safety.

[0015] US2010/0250439 Al Apparatus and Method for Protecting Contents StreamedThrough Re-transmission,(一种保护在再传送时的信息内容的装置和方法)这部发明申请专利和其同族专利提出了一种安全数据的保护方法,特别涉及了在英特网上P2P传送过程中路经不特定第三者再传送过程的保护步骤,在过程中第三者不能阅读和篡改信息,但是能够为信息的真伪作证,这种方式吸引了业界的注意,然而其方式始终还是基于英特网而无法实现网下支付。 [0015] US2010 / 0250439 Al Apparatus and Method for Protecting Contents StreamedThrough Re-transmission, (apparatus and method for an information content when a protective retransmission) of this invention and its patent application cognate patent proposes a safety data protection method, and more particularly to a protection step are not specific to a third party, the re-transmission process P2P path during transmission on the Internet, the third party can not tamper with the information read and in the process, but can testify to the authenticity of the information, such way to attract the industry's attention, but it is still the way to Internet-based payment network can not be achieved.

[0016] 综上所述,虽然网下不使用POS进行电子货币交易具有进步性,但目前尚无具体实现方法。 [0016] In summary, although not at the POS network for electronic money transactions have progress, but there is no specific method.

[0017] 3.专门术语 [0017] 3. The specific terms

由于业界国际化和世界标准化的进行,许多业界专门术语习惯用略语表述,为方便阅读将本说明书的常用略语列举如下: As the international standardization of the industry and the world progresses, many of the industry's practice of using specialized terminology abbreviation expressed for easy reading of the specification commonly used abbreviations are listed below:

Figure CN103236011AD00051

[0018] 1.发明目标课题 [0018] 1. The object of the invention certain

[0019] 本发明主要目标是,使得电子货币交易脱离POS和中央式服务器,实现电子货币直接传送; [0019] The main object of the present invention is such that the electronic money transaction from the POS and the central server, to achieve direct transfer of electronic money;

[0020] 本发明又一目标是,在整个交易中在NFC的基础上完成数据安全传送; [0020] A further object of the present invention has been completed on the basis of secure data transmission over the entire the NFC transaction;

[0021] 本发明又一目标是,在整个交易中通过安全元件(Secure Element,最常见的SE为SM和闪存)保证被处理的敏感数据的安全; [0021] A further object of the present invention is that the whole transaction (Secure Element, is the most common SE and SM flash) to ensure the security of sensitive data to be processed by the security element;

[0022] 本发明又一目标是,交易以后的交易双方的总额,一定等于交易前交易双方的总额(balance); [0022] Another object of the invention is that the total amount of the transaction after the parties to the transaction, must be equal to the total (balance) pre-trade deal between the two sides;

[0023] 本发明又一目标是,交易记录通过非同期的方式,保留于交易记录服务器。 [0023] A further object of the present invention, asynchronous transactions by way remains in the transaction server.

[0024] 2.发明内容概要 [0024] 2. Summary of the Invention SUMMARY

[0025] 不通过RichOS,不使用RichOS的NFC的P2P通信模式,而直接在数据会话层通过NCI建立NFC连接; [0025] By not RichOS, RichOS not using the P2P communication mode of the NFC, NFC connection is established directly in the NCI data session layer;

[0026] 不通过RichOS,在SE中实现数据保存和数据交换程序的运行;[0027] 通过本发明提出的安全方式实现数据访问控制,保证电子货币不会被篡改伪造; [0026] By not RichOS, implement data storage and data exchange operation procedure in the SE; [0027] The data access control in a safe manner proposed by the invention, electronic money can not be tampered with to ensure that forgery;

[0028] 通过本发明提出的基于SE的安全监视方式为交易的合法性提供证明。 [0028] proposed by the invention based on SE security monitoring mode to provide proof of the legality of the transaction.

[0029] 3.本发明的进步性在于: Progressive [0029] 3. The present invention is:

1.实现电子货币作为货币的最后一个未被解决的特征,脱离专门的P0S,和中央式服务器; 1. money for electronic money as the last unresolved features, from specialized P0S, and a central server;

2.基于安全元件Secure Element的处理方式,保证电子货币在收取、保存、以及支付的全过程中的安全性; 2. Based on the handling of security elements Secure Element to ensure that electronic money in the collection, storage, and security in the whole process of payment;

3.建立NFC通信的安全通路SecureChannel,保证电子货币在传送过程中不会被盗窃篡改。 3. establishing a secure communication path SecureChannel NFC ensure that electronic money can not be tampered with during transmission stolen.

4.采用非同期方式记录交易结果,保存于交易记录服务器。 4. Using asynchronous mode record trading results, transaction records stored in the server.

本发明最终实现了一种不需要P0S,不依存中央式服务器的安全交易方式,使得电子货币能够更加便捷地被最终用户所接受。 The present invention does not require a P0S ultimately, the security does not depend on a central server of the transactions, the electronic money that can be more easily accepted by the end user. 本发明提出了安全监控方法来保证交易和原先使用POS方式同样安全。 The present invention provides a method of monitoring to ensure transaction security and security the same way as the original use of POS.


[0030] 图1交易系统概要图 [0030] Fig 1 a schematic view of the trading system

[0031] 图2载有NFC装置内部构造图 [0031] Figure 2 contains the internal configuration of the NFC device of FIG.

[0032] 图3 NFC通信处理方法 [0032] FIG. 3 NFC communication processing method

[0033] 图4安全要素元件的构造图 [0033] FIG 4 is a configuration diagram of the safety element component

[0034] 图5安全要素元件数据、程序保存结构 [0034] The security element of FIG. 5 element data, program storage structure

[0035] 图6 master文件钥匙的结构和保存方法 [0035] FIG 6 master key file structure and method for storing

[0036] 图7动态钥匙生成方法 [0036] FIG. 7 dynamic key generation method

[0037] 图8所需文件的取得方法 Method of acquiring [0037] FIG 8 files required

[0038] 图9SE中部署的程序结构图 [0038] FIG program structure deployed 9SE

[0039] 图10交易过程流程图 [0039] FIG. 10 flowchart transaction

具体实施方式 Detailed ways

[0040] 1.发明概要以及主要构成 [0040] 1. Summary of the Invention and the main constituent

[0041] 本发明所需要设备为两台载有NFC标准芯片的携带端末,在两台端末间建立起NFC通信,NFC通信模式以Card Simulator模式,彼此的交易数据存储在安全元件SE中,没有中央服务器也同样可以保证交易的安全。 [0041] The present invention is required to carry equipment contains two terminal ends of the chip NFC standard, the NFC communication established between two terminal ends, the NFC communication mode Card Simulator mode, another transaction data stored in the secure element SE, without the central server also can guarantee the security of the transaction. 代替中央服务器功能的是部署于SecureElement中安全监视模块(Security Monitor),通过相互证明合法性的方式,实现交易结果不可篡改性。 Instead of a central server functionality is deployed in SecureElement safety monitoring module (Security Monitor), by each other to prove the legality of the way to achieve trade results are not tampered with nature. 为了杜绝可能发生的恶意使用,安全监视模块将交易结果数据传给交易记录服务器,通过交易记录服务器进一步监测交易。 In order to prevent malicious use may occur, security monitoring module will result transaction data to the transaction server, further monitoring transactions through transaction server.

[0042] 图1交易系统概要图 [0042] Fig 1 a schematic view of the trading system

[0043] 如图所示,系统为两台载有NFC芯片,和安全芯片的智能装置,一台作为NFC启动者(initiator) I, —台作为NFC启动对象(target) 2。 [0043] As shown, the system contains two smart device chip, and the security chip NFC, NFC as an initiator (initiator) I, - starting station as NFC target (target) 2. 在每台装置中部署,监视管理程序8,通过监视管理程序8监视交易过程。 On each device to deploy, monitor management program 8, 8 by monitoring management program to monitor transaction process. 交易时刻不需要网络和其他中央型服务。 No network transaction time and other central services. 交易后,通过网络,将交易记录到交易记录服务器9。 After the transaction, through the network, record the transaction in the transaction server 9. [0044] 在实际服务中角色可以互相转换。 [0044] In actual service role can be interchangeable. 在本说明中仅举以付款者为NFC启动者(initiator) I。 In this description to name a person to pay for the NFC initiator (initiator) I. 受取者为NFC启动者(initiator) I的实例在技术实现上基本相同,因此不加以赘述。 NFC is a subject taken by the initiator (initiator) I in the Examples is substantially the same technology, and therefore not be described herein.

[0045] 虽然RichOS,诸如Android,iOS已经有计划支持NFC的3种通信方式,通过RichOS提供的SDK,中等程度的技术者可以容易地开发出P2P通信方式。 [0045] Although RichOS, such as Android, iOS already have plans to support three kinds of communication NFC by RichOS provided SDK, moderate skill can easily develop a P2P communication. 本发明为保证传输数据的安全性,不采用依赖于RichOS的P2P方式,而采用Card Simultor模式直接处理NDEF通信,不将敏感数据Critical Date通过RichOS,以此避免从RichOS的memory中窃取到敏感数据。 The present invention is to ensure the security of data transmission, it does not depend on the use of P2P RichOS manner, while the use of Card Simultor NDEF communication mode directly with no sensitive data through RichOS Critical Date, thereby avoiding theft from RichOS of sensitive data in the memory . 该方案通过NCI (NFC Control Interface)(—种最接近标准的方式为SWP),交换Smart Card支付命令,和充值命令。 The program by NCI (NFC Control Interface) (- species closest to the standard way for SWP), Smart Card exchange payment order, and recharge command.

[0046] 避免数据通过RichOS原因是,目前主流的智能OS例如Android和iOS,都是基于Linux Core开发出来具有丰富友好界面的系统,然而Linux的设计框架中拥有root权限就可以控制整个系统。 [0046] avoid data RichOS reason is that the current mainstream smart OS such as Android and iOS, are based on the Linux Core has developed a rich system-friendly interface, however, have root privileges in Linux design framework can control the entire system. 目前在(美国)法律上root权限是属于装置的所有者,而在技术上也无法阻止用户拥有root权限,因此没有任何手段可以阻止用户通过JailBreak等软件轻易获得RichOS的root权限。 Currently in the (US) law belongs to the owner of the device root privileges, and technically can not prevent a user with root privileges, so there is no means to prevent users from easily gain root privileges RichOS by JailBreak and other software. 拥有root权限的恶意用户,在理论上就能够截取通过RichOS的所有数据,因此在本发明中采用将程序和数据保存于SecureElement,这样即使用户拥有root权限,也没有能力修改本发明的程序和数据。 With root privileges malicious users, it is theoretically possible to intercept all data through the RichOS, thus using the programs and data stored in SecureElement In the present invention, so that even if a user with root privileges, there is no ability to modify the programs and data according to the present invention .

[0047] NFC启动者(initiator) I和NFC启动对象(target) 2采用同样的构造,部署相同的程序,通过应用程序来进行角色转换。 [0047] NFC initiator (initiator) I promoter and NFC objects (target) 2 using the same structure, the same deployment procedure, character conversion is performed by the application.

[0048] 在两部端末中,还同时部署独立的安全监视模块8,通过安全监视模块8建立安全通信通道(Secure Channel),通过安全通信通道交换数据,并组织数据在传送时被窃取篡改。 [0048] In the two terminal ends, it is also deploy a separate safety monitoring module 8, a safety monitoring module 8 is established by a secure communication channel (Secure Channel), exchange data through a secure communication channel, and organize data theft tampered during transmission. 安全监视模块8作为部署于Secure Element上的程序,保证了一般用户无法篡改该领域的数据。 Safety monitoring module 8 as deployed on the Secure Element to ensure that general users can not tamper with the data in the field. 并通过安全全监视模块8记录交易中所使用的APDU命令,记录金额和数据。 And safety monitoring module 8 full transaction record APDU command used by record amounts and data. 并通过部署于RichOS上的通信模块,作为同等替换也可以用SMS,传送记录到交易记录服务器9中。 And deployed on RichOS through a communication module, it can be recorded in the transaction with the SMS server 9, the same as the alternative transmission.

[0049] 图2载有NFC装置内部构造图 [0049] Figure 2 contains the internal configuration of the NFC device of FIG.

[0050] 如图所示,载有NFC装置内部构造由 [0050] As shown, internal configuration of the NFC device contains a

1.安全元件21:用于保存、运行独立于RichOS的程序和数据; 1. Security element 21: for holding, runs independently RichOS programs and data;

1.1部署于SE中的应用程序51,在本发明的实施方法中,程序使用JavaCardFramework。 1.1 deployed in application SE 51, in the embodiment of the method of the present invention, the program uses JavaCardFramework.

1.2部署于SE中的应用程序和部署于RichOS的应用程序24(AEE Application)之间交互方式,在Android 下,米用RMI (Remote Method Invocation)来完成接口。 1.2 SE deployed and deployment of applications in the application 24 between RichOS (AEE Application) interactively, in Android, rice with RMI (Remote Method Invocation) to complete the interface. 2.NFC芯片22:用于进行NFC通信 2.NFC chip 22: for NFC communication

3.应用程序运行环境23 (Application Execution Environment):用于提供应用程序的运行环境 3. Application runtime environment 23 (Application Execution Environment): used to provide an application execution environment

3.1 RichOS 25,提供各种画面API 3.1 RichOS 25, offers a variety of screen API

3.2 RichOS上运行的应用程序24:利用OS的画面API,开发出用户界面(RichOS上界面程序的开发,为中初级技术员所掌握,故不赘述。) An application running on a 3.2 RichOS 24: API OS using the screen, the user interface is developed (the development RichOS interface program, the primary technician is grasped, it is not described herein.)

其中在安全元件中还部署程序和数据,该部分的说明在以下章节中予以说明。 Wherein the security element is further deployed in the program and data, indicating that the part be explained in the following sections.

[0051] 2.NFC通信方法[0052] 图3 NFC通信处理方法 [0051] 2.NFC communication method [0052] FIG. 3 NFC communication processing method

[0053] 如图所示,NFC通信处理如下 [0053] As shown, NFC communication processing is as follows

nl: NFC启动者,发出SNEP(Simply NDEF Exchange Protocol)NFC数据交换协议要求 nl: NFC initiator, issued SNEP (Simply NDEF Exchange Protocol) NFC data exchange protocol requirements

电文 Message

n2: NFC的接受者,发出SNEP接受电文 n2: NFC recipients, receiving messages sent SNEP

n3:可优选的,NFC的接受者,收到接受电文后,发出确认电文 n3: After be preferred, the NFC recipient, to accept the received message, a confirmation message

电文的格式如图所示,由两个部分 The message format is shown, it consists of two parts

1.SNEP的header部,在电文的header中包含NFC所定义的版本号11、电文区分12、电文长度13 1.SNEP the header portion, the header message contained in the version number defined NFC 11, 12 to distinguish the message, message length 13

2.信息部14其中信息部分由NDEF电文组成 2. The information section 14 wherein the information portion of the message consisting NDEF

[0054] NFC所定义的版本号11,指NFC启动者(initiator) I的处理能力,以及NFC启动者(initiator) I所用的是哪个版本的协议,这个项目由两个4位的整数integer,第一个为主要协议版本号,第二个为次要版本。 [0054] The version number NFC as defined in 11, refers to NFC initiator (Initiator) I processing capability, and an NFC initiator (Initiator) which version of the protocol I used is, this project consists of two 4-bit integer integer, The first major protocol version number, the second is a minor version.

[0055] 电文区分12,分别为Request要求、Response回复、这个项目为一个8位无符号整数8_bit unsigned integer,从00h_7Fh 的代表值,表不Request 要求,80h_FFh 表不Response 的值。 [0055] 12 to distinguish messages, respectively, in claim Request, Response replies, this item is an 8-bit unsigned integer 8_bit unsigned integer, 00h_7Fh representative values ​​of tables are not required Request, Response not 80h_FFh value table.

[0056] 其中Request要求,指NFC启动者(initiator) I希望NFC启动对象(target) 2所进行的处理,其内容分别为·值 代码 内容 [0056] wherein Request claims, refers to NFC initiator (initiator) I want to start NFC target (target) process 2 performed, the contents of which are content-value code

Continue OOh 当电文的1I1贞(fragment)的长度超过规定值、我们将电文分割,该字段表示以后电文力继续; Continue OOh when the message length 1I1 Ching (the fragment) exceeds a predetermined value, the message will be split, this field indicates the force to continue after the message;

Get Olh 要求NFC启动者(initktor)l返回一个NDEF电文,当k分为Get的时候,在信息部给出能 Get OLH claim NFC initiator (initktor) l Returns a NDEF message, when k is divided into Get, the information can be given portion

够接受电文的长度,和需要什么样的电文Put 02li ft送-个NDEF电文,要求NFC启动对象(target)2接受 Enough to accept the message length, and what kind of message to send Put 02li ft - NDEF message is a request to start NFC target (target) 2 acceptable

Reject 7Fh 当NFC启动者(mitiator)l无法继续接受来自亍NFC启动者(mitmtor)l的回复时,发出该电 Reject 7Fh when the NFC initiator (mitiator) l can not continue to accept the right foot from the NFC initiator (mitmtor) l reply, the issue of the electricity


其他 03h-7Eh, SOh-FFh 以及其他预留处理。 Other 03h-7Eh, SOh-FFh and other reservation process. 在S3的确认电文,就是使用其预留处理04h代码。 In the confirmation message to S3, which is to use the code 04h reservation process.

[0057] 其中长度13为后续信息部14的长度,信息部为NDEF电文,NDEF电文的格式,按照NFC Forum定义格式设定。 [0057] wherein a length of length 13, the subsequent information portion 14 is the information portion NDEF message, the NDEF message format, according to NFC Forum defined formatting. 其内部信息内容为APDU指令(Command APDU)具体可以参考以下定义 Content of the interior APDU command (the Command APDU) specifically refer to the following definitions

http://www.1s0.0rg/iso/iso_catalogue/catalogue_tc/catalogue_detai1.htm?csnumber=36134 http:? //www.1s0.0rg/iso/iso_catalogue/catalogue_tc/catalogue_detai1.htm csnumber = 36134

Figure CN103236011AD00091

[0058] 其中Response回复电文,指NFC启动对象(target) 2理解并满足NFC启动者(initiator) I的处理要求的回复,其具体内容为 [0058] wherein Response message reply, NFC means starts the object (target) 2 understand and satisfy NFC initiator (Initiator) processing requirements of the I response, the specific content

Figure CN103236011AD00092

[0059] 同要求电文一样,其中长度13为后续信息部14的长度,信息部为NDEF电文,NDEF电文的格式,按照NFC Forum定义格式设定。 [0059] the same as the request message, wherein the length 13 is the length of the subsequent information portion 14, portions of information NDEF message, the NDEF message format, according to NFC Forum defined formatting. 其内部信息内容为APDU回复电文(ResponseAPDU),其电文格式如下 Content of the interior APDU reply message (ResponseAPDU), which message format is as follows

Figure CN103236011AD00093

通过以上定义的电文,和传输方法,实现相当于OSI会话层的通信处理。 By messages, and transmission method as defined above, to realize a communication process corresponding to the OSI Session Layer. 注OSI在这里仅仅为便于理解所使用的理论上解释。 Note here merely as OSI facilitate understanding theoretically used. 在实装上通过NFC Forum定义的NCI或者HCI处理通信过程。 On the mounting defined by the NFC Forum NCI process or communication process HCI. NCI和HCI为NFCForum定义的标准,因此不属于本发明的权力范围。 And HCI to NCI standards defined NFCForum therefore outside the scope of the present invention powers.

[0060] 3.安全兀素(Secure Element以下简称SE)的构成以及安全处理方法 Configuration and security processing method [0060] 3. The security element Wu (Secure Element hereinafter referred to as SE) of

[0061] 图4安全要素元件的构造图 [0061] FIG 4 is a configuration diagram of the safety element component

[0062] 安全元素SE,基本特征由金融技术标准化组织GlobalPlatform定义和建议,并在第一第二代金融业使用的IC卡中得到实践。 [0062] The secure element SE, the basic characteristics of the financial and technical standardization organization defines GlobalPlatform recommendations, and with the practice of the second generation of the first IC card used in the financial industry. 其通常是以芯片的形式,具体实现方法和GP无关,如图所示,用于本发明的SE芯片由以下主要单元构成: Usually in the form of chips, regardless of the specific method and GP, as shown in FIG, SE chip used in the present invention consists of the following main units:

1.处理器(210),对底层要求进行运算处理; 1. The processor (210), the underlying requirement for arithmetic processing;

2.加密数字逻辑电路AES (AdvancedEncyptionStandad),DES (DataEncyptionStandad) (211),高级加密标准,数据加密标准的数字电路,SHA-1处理电路;电路的设计为公众知识,若有需要可以提供参考文献,因此该部分不为本发明权利申请范围,根据加密技术的发展,本部分可以更新到最新技术,这些变更可以视为等价替换, 2. encrypted digital logic AES (AdvancedEncyptionStandad), DES (DataEncyptionStandad) (211), Advanced Encryption Standard Data Encryption Standard digital circuitry, SHA-1 processing circuit; public knowledge for circuit design, reference may be provided if necessary , this part does not apply the scope of the present invention as claimed, according to the development of encryption, this portion may be updated to the latest technology, these changes can be regarded as equivalent alternatives,

3.乱数生成电路(212):用于生产一次性密码等,安全认证步骤(可优选项) 3. The random number generating circuit (212): for the production of one-time passwords, secure authentication step (available preference)

4.数据交换单元电路(213):用于和NFC和HCC/SIM相连接的电路,电路遵从SffP (Single Wire Protocol) > HCI (Host Control Interface)等标准(可优选项) 4. The data exchange unit circuit (213): and for NFC and HCC / SIM is connected to a circuit, circuit compliance SffP (Single Wire Protocol)> HCI (Host Control Interface) standards (available preference)

5.ROM, RAM, EEPROM 等记忆体(必须项)(214) 5.ROM, RAM, EEPROM memory, etc. (Must) (214)

6.内存管理单元Memory Management Unit (215),用于内存的读写管理,包括权限管理,认证管理(可优选项) 6. Memory Management Unit Memory Management Unit (215), to read and write memory management, rights management including the authentication manager (available preference)

[0063] 安全元素中的数据程序保存方法,如下图所示, [0063] The method of data programs stored in the secure element, as shown below,

[0064] 图5安全要素元件数据、程序保存结构 [0064] The security element of FIG. 5 element data, program storage structure

[0065] 如果使用同一钥匙管理所有资源,或者使用固定钥匙永远管理一台资源,这样实现方法虽然简单,但会导致巨大的安全漏洞而造成无法估计的损失。 [0065] If you use the same key management of all resources, or use a fixed key never manage resources, so implementation is simple, but can cause huge security hole caused the loss can not be estimated. 因此在本发明中,采用阶层式钥匙管理构架用数把钥匙来管理不同的资源,并且采用动态钥匙生成方法来生成真正的钥匙。 Therefore, in the present invention, a hierarchical key management structure with several different keys to manage resources and dynamic key generation method to generate a real key.

[0066] 如图所示,SE的根节点为一Master文件(50),该文件中保存整个SE的控制钥匙,拥有这个钥匙者有操作SE所有权限,这把钥匙由SE的发行者所掌握,通常SE是以硬体形式存在,SE可以搭载于SM卡,NFC芯片,SD卡或者内嵌在手机的母版上,Master文件的结构在后续章节中说明。 [0066] As shown, root node SE is a Master File (50), the entire file saving control key SE, with the key operation by SE has all rights, this key is in the hands of the issuer SE generally SE is present in the form of hardware, can be mounted in SE SM card, the NFC chip, SD card or embedded on the master phone, Master file structure described in the following sections.

[0067] 和Master文件同处于root节点的还有Master程序59,Master程序可是看成SE的简易操作系统,Master程序管理所有文件,保证文件的访问权限,记录文件的地址。 [0067] Master and Master File with the program as well as in root node 59, Master program, but as a simple operating system SE, the Master program to manage all files to ensure access to files, records the address of the file. 其实现方法采用Linux的kernel中的文件系统,相关知识可以参考http://en.wikipedia.0rg/wiki/Ext2等公众知识。 This is accomplished by using the Linux kernel file system, knowledge can refer http: //en.wikipedia.0rg/wiki/Ext2 public knowledge and so on. 和Ext2略有不同的是inode的物理文件还经过加密,为保证本发明的安全性,具体缺乏创造性的实现方法不在说明书中披露,也没有相关权利要求。 And Ext2 slightly different physical file inode is also encrypted to ensure security of the present invention, in particular the lack of inventive implementations disclosed in the specification is not, nor dependent claims.

[0068] Master文件下具有若干程序(51),目录个数可以是从I到理论上的无穷大。 Having a plurality of programs (51) under [0068] Master file, the directory number may be from I to infinity theoretically. 这里所谓的树形结构仅仅是一个便于理解的逻辑结构,而并非物理结构。 Here, the term is merely a logical tree structure facilitates understanding, rather than physical structure. 运行程序(AccessRight)也需要钥匙,其钥匙在上位的Master文件,或者程序中保存。 Run the program (AccessRight) also need the key, that key is stored in the host's Master file, or program.

[0069] 程序下具有独立的子程序(511),和程序所需要的文件(53),访问子程序和文件均需要钥匙,其钥匙在上位程序中保存。 File (53) under [0069] A subroutine (511) having separate, and the procedures required, and file access routines require keys, which keys stored in the host program.

[0070] —个程序可以拥有数个文件,文件的个数可以是从O到理论上的无穷大,需要安全操作的文件具有密码(511),通过该密码可以访问并操作文件中的数据。 [0070] - a program can have several files, the file number may be from O to infinity theoretically, documents having safe operation code (511) can access and manipulate the data files by a password.

[0071] 图6 master文件钥匙的结构和保存方法 [0071] FIG 6 master key file structure and method for storing

[0072] 如图所示在master文件中,包含一 [0072] As shown in the master file, comprising a

1.master钥匙(501),该钥匙用于初始化SE各领域,该钥匙的所有权在SE的生产厂商,或者SE的发行商 1.master key (501), the key is used to initialize the SE in various fields, ownership of the key manufacturers in SE or SE publisher

2.Application Master钥匙,用于安装更新程序,该钥匙的所有权属于用户 2.Application Master key, used to install the update, the ownership of the key belongs to the user

3.Application钥匙,用于管理各应用程序,该钥匙的所有权属于程序以及服务提供 3.Application key for each application management, ownership of the key part of the program and service delivery


[0073] 上述方法实现了阶层式钥匙管理方式,即使其中的一把钥匙由于其提供商的责任被泄露,也不会造成SE中保存的其他不相关的第三方的损失。 [0073] above method to achieve a hierarchical key management, other third-party losses irrelevant even if a key to its due responsibilities provider is compromised, it will not cause preservation of the SE. 在后述章节中,说明如何诊断出钥匙泄露,和动态钥匙生成的方法,保护当个别钥匙泄露发生下,弥补的方法。 In later sections, describes how to diagnose a key leakage, and a method for dynamic key generation, key protection method in individual leakage occurs when the make up.

[0074] 图7动态钥匙生成方法 [0074] FIG. 7 dynamic key generation method

[0075] 如果使用上述钥匙直接用于各资源加密/解密,那么在长期使用对称钥匙的时候,很难保证钥匙不被破解。 [0075] If the above key resources directly for each encryption / decryption, so when long-term use of symmetric keys, it is difficult to ensure that the key is not to be cracked. 这样脆弱的方式将无法保证货币服务的安全性,有鉴于此在本发明中采用动态钥匙的方法。 Such fragile way can not guarantee the security of currency services, key dynamic view of this method of the present invention. 如图所示,真正开启程序所需资源的动态钥匙(DynamicKey) 64,由钥匙生成器6 (KeyMaker)来动态生成,钥匙生成器需要 As shown, the dynamic key really opens (DynamicKey) resource requirements program 64, the key is dynamically generated by the generator 6 (KeyMaker), the key generation requires

1.程序钥匙(503)程序提供商所定钥匙,其特征是程序和服务提供商所有,并对此负责 1. The program key (503) set out the key program providers, which are programs and services suppliers and is responsible

2.用户密码(61),也可使用用户身体特征、安装日等其他项目代替,其原则是用户为该项目负责。 2. The user password (61), the user can also use physical characteristics, installation and Japan, instead of other items, the principle is the user responsible for the project.

3.日期时间,可以是芯片clock的周波数来代替 3. The date and time, number of cycles may be used instead of the chip clock

4.其他动态项目 4. Other dynamic project

作为输入条件;然后通过SHA-1等Message Digest算法来计算。 As the input conditions; then calculated by SHA-1, etc. Message Digest Algorithm. 关于SHA-1的算法,为一般公开知识,在本发明中,采用硬件SHA-1协处理器芯片集成到SE、母版、或者SD上。 About SHA-1 algorithm, general knowledge disclosed in the present invention, a hardware coprocessor SHA-1 chips into the SE, the master, or SD.

[0076] 如上所述,如果程序钥匙、用户密码单独,或者最坏情况下的全部泄露,恶意用户仍旧无法通过RichOS上的恶意程序获得SE上资源的访问权。 [0076] As noted above, if the program key, user password leak at all alone, or at worst, malicious users are still unable to gain access to resources on the SE by malicious programs on RichOS. SE上资源的开启方法如下图所述 The method of opening SE of the resources below the

[0077] 图8所需文件的取得方法 Method of acquiring [0077] FIG 8 files required

[0078] 如图所示, [0078] As shown,

51.用户(O),输入密码,启动部署于RichOS上的应用程序(24); 51. User (O), password, start RichOS deployed on the application (24);

52.RichOS上的应用程序(24)通过RMI调用SE上的应用程序(51),并将上述步骤获得的用户密码传送之; Application (24) on 52.RichOS calling application (51) on the SE through the RMI, and transmits the user password obtained in the above step;

53.SE应用程序,具体为数据操作模块(83)将1.自身持有的ApplicationKey (503), 53.SE applications, particularly for the data operation modules (83) will itself hold 1. ApplicationKey (503),

2.上述步骤中获得的用户密码(61),加上时间(62),以及其他任意项目(63),传给钥匙生成器(6);钥匙生成器生成钥匙动态钥匙I ; 2. The user password obtained in the above step (61), plus the time (62), and any other item (63), passed to the key generator (6); the key generator generates a key dynamic key I;

54.数据操作模块(83)将读写请求和钥匙动态钥匙1,提交SE上的Master程序(59); 54. The data operation module (83) to read and write requests dynamic key and the key 1, submitted Master program (59) on the SE;

55.Master 程序(59)使用保存在Master 文件中的1.ApplicationKey (503),用户密码(61),时间(62),以及其他任意项目(63),传给钥匙生成器(6);钥匙生成器生成钥匙动态钥匙2 ;Master程序(59)比较动态钥匙I和动态钥匙2,如果一致,则证明程序的ApplicationKey (503)和用户输入的密码是正确的; 1.ApplicationKey 55.Master program (59) saved in the Master file (503), the user code (61), time (62), and any other item (63), passed to the key generator (6); Key dynamic key generator generates a key 2; Master program (59) comparing the dynamic and dynamic key key 2 I, if yes, the program proved ApplicationKey (503) and a user-entered password is correct;

S6.上述处理结构正常的情况下,Master程序(59)完成认证处理,允许数据操作模块(83)读写文件;同时发行通行证Token,在以后的会话Session中,无需再进行同样的认证。 . S6 Under normal circumstances the above-described process configuration, Master program (59) to complete the authentication process, allows the data operation modules (83) to read and write files; pass the Token issued simultaneously, after the Session session, the same authentication no longer necessary. 会话具有时限timeOut的设定,空闲超过时限则Token失效,需要重新进行认证处理; Session has a set time timeOut, Token idle time limit is exceeded the failure, need to re-authentication processing;

[0079] 如上述步骤S4, ApplicationKey (503),和用户密码都没有直接被传送,因此当用户丢失手机的情况下,恶意者也无法通过在SE中,安装恶意程序来窃取ApplicationKey (503),和用户密码。 [0079] The above-described step S4, ApplicationKey (503), and the user password are not directly transmitted, and therefore when the user lost the mobile phone, person with malicious intent can not pass in the SE, install malicious code to steal ApplicationKey (503), and user password.

[0080] 如上述步骤S5,动态钥匙I中含有时间项目,因此即使恶意者通过某种手段窃取到了动态钥匙,也无法有机会使用第二次。 [0080] The step S5, the dynamic key items I contained in the time, and therefore the dynamic key stolen by some means even if a malicious person can not have access to a second.

[0081] 如上述步骤S5,Master程序(59)可以判断动态钥匙I的正确性,当要求时动态钥匙I错误的时候,可以诊断出是否有恶意攻击(Fraud detection),当诊断出有数次异常操作时,可以在上述步骤中再追加死锁文件,自动销毁文件的处理。 [0081] The above-described steps S5, Master program (59) based on the correctness of the dynamic key I, when the key I require dynamic errors, can diagnose whether there is a malicious attack (Fraud detection), when diagnosed with several abnormal in operation, the file may be further added in the above step a deadlock, the processing of the file automatically destroyed.

[0082] 如上述步骤SI〜S6保证了文件的安全处理。 [0082] The processing steps to ensure the safety SI~S6 document. 最终Master程序(59)使用AES等对称钥匙的手段对文件加/解密,由于采用改良式EXT2文件系统和高强度AES加密手段,破解难度和强度达到并超过了金融界通常的标准。 Symmetric key means the final Master program (59) like the document using AES encryption / decryption, the use of modified high intensity EXT2 file system and AES encryption methods, and the difficulty of guessing the financial strength to meet and exceed the usual standards.

[0083]上述 Master 文件(50)中保存application Master Key 和Master Key,所保存的钥匙由第三者发行管理,如果SE是内嵌在SIM或者nCC卡中,那么该第三者可以是电信业SIM卡的发行者,如果该SE是嵌入在SD卡,那么该钥匙由SD卡的发行者(通常情况下是该电子货币的发行者)管理。 [0083] The Master Files (50) to save application Master Key and Master Key, saved by a third party key management issue, and if SE is embedded in the SIM card or nCC, then the third party may be the telecommunications industry SIM card issuer, if the SE is embedded in the SD card, then the key by the issuer of the SD card (is that electronic money issuer usually) management. 关于钥匙的发行和管理,需要有专门的机制(Mechanism),虽然这部分对安全性也至关重要但并非本发明的申请的权利范围。 About distribution and management of keys, the need for a special mechanism (Mechanism), although this part of the application is also crucial, but not the invention of the safety of the scope of rights.

[0084] 4.应用程序的框架和核心部分的处理方法 [0084] 4. A method of processing frame and the core of the application

[0085] 安全元素中的程序,采用JavaCard 程序方式,在IC芯片的上加载VM,提供JCRE(JavaCard Runtime Environment)。 [0085] Security elements in the program, the program mode using JavaCard, VM is loaded on an IC chip, there is provided JCRE (JavaCard Runtime Environment). 和J2ME 以及其他标准的JAVA 不同,运行在JCRE上的程序不使用GC,没有MultiThread支持。 And other standard JAVA J2ME and different programs running on JCRE not use GC, no MultiThread support.

[0086] 发明人根据SE的硬件定义编写描述硬件的代码,并使用GCC编译器生成VM,提供customized的JavaCard VM。 [0086] The inventors prepared a hardware description of the hardware definition of the SE code and using the GCC compiler generates VM, bringing the customized JavaCard VM. 假设SE被设置在SM上,那么发行SM的移动服务提供商,或者SM卡的制造商负责安装JCRE。 SE is provided on the assumption SM, then the manufacturer issued SM mobile service provider, or SM card is responsible for installing JCRE. JCRE被安装在有限的SE中的MEM上。 JCRE is mounted on the SE limited MEM.

[0087] 采用当JCRE被安装以后,开发者在开发环境下,编译好基于基于java的Class文件和其他输出文件,通过Converter工具生成CAP文件。 [0087] When using JCRE is installed, developers in the development environment, based on compiled java-based Class files and other output files generated by CAP file Converter tools.

[0088] 本发明提供者,公布在RichOS上的安装工具,提供用户下载,用户通过安装到RichOS上的安装工具,启动SE中的电子货币程序的下载,为保证SE中电子货币的安全性,通常采用移动运营商MNO的TSM进行下载,并通过MNO发布GlobalPlatform的安装命令。 [0088] The present invention provides a person, published installation tool on RichOS, providing users to download, the user to the mounting tools on RichOS, start downloading the electronic money program in the SE, in order to ensure the security of the SE electronic money, usually mobile operator MNO TSM to download and install command GlobalPlatform released by MNO.

[0089] 为更好地说明电子货币的程序模式,给出以下标准代码作为参考。 [0089] To better illustrate the program mode of the electronic money, gave the following code as a reference standard. 在实际运行中为保证代码的质量和安全性在实装中会进一步地进行修改。 To ensure the quality and safety of the code will be modified further in the mounting, in actual operation. 首先是GlobalPlatform平台的,程序安装-选用-初期化处理代码例: First GlobalPlatform platform installation - Selection - Example initialization processing code:

Figure CN103236011AD00131

[0090] 在GlobalPlatform平台上,进一步程序安装_选用_初期化处理代码的实装例: [0090] On the platform GlobalPlatform further installed mounting _ _ selected embodiment of initialization processing code:

Figure CN103236011AD00141
Figure CN103236011AD00151

[0091] 在key() Method中实装动态钥匙的生成方法,在本例中仅提供框架。 [0091] The mounting method of generating a dynamic key in key () Method provided only in the frame in the present embodiment.

[0092] 在registerO Method中实装敏感数据的记录方式。 [0092] In the mounting registerO Method sensitive recording data. 根据上述SE中文件构成,VM根据Master程序提供的功能,提供出,文件处理的方法。 According to the above-mentioned SE configuration file, the VM functional Master Program, there is provided a process of document processing.

[0093] 5.解决数据一贯性和秘密通信路的方法 [0093] The method and solve the data consistency for secret communication channel

[0094] 通过上述说明,能够实现安全的交易,杜绝恶意者利用恶意方式,盗窃或者非法篡改数据。 [0094] From the above description, to achieve security of transactions and eliminate malicious exploit in a malicious manner, theft or illegal tampering with the data. 然而在实际运用中,却无法避免交易双方共同诈骗服务提供商的恶意行为。 However, in practice, we can not avoid mutual trade fraud malicious behavior service provider. 例如, E.g,

1.由于程序被分离在两台端末上独自执行,所以交易无法辨别出,当支付方支出金额不等于收取方收到的金额的情况。 1. Since the program is executed solely on two separate Duanmo, so the transaction can not identify, when payers spend equal amounts received are not charged situation.

2.又例如,当交易中NFC通信发生障碍,支付方完成支付处理,而接收方尚未收到金额的时候,这笔交易金额将无法被确认,而使得服务失去可信性(reliability)。 2. As another example, when the transaction takes place in the NFC communication barriers payer payment processing is completed, and the receiver has not received the amount of the transaction amount will not be confirmed, so that the service lose credibility (reliability).

3.在两台端末进行互相通信的时候,没有机制(Mechanism)能够防止恶意者通过某种手段在通信中加入中介,来盗窃或篡改通信内容。 3 communicate with each other when the two terminal ends, there is no mechanism (Mechanism) can be prevented by some means by addition of malicious intermediary in communication, to steal or tamper with the contents of the communication. 目前的NFC通信没有安全通路Security Channel机制,因此,在NFC允许的IOcm距离中,有可能被插入恶意机制,在POS处理的情况下,该问题并不严重,但省去POS的话,将无人监视交易,这样无法避免恶意用户欺骗交易程序。 No current NFC communication passage Security Channel security mechanisms, thus allowing the NFC IOcm distance, there may be inserted malicious mechanism, in the case of the POS processing, this problem is not serious, but omitted POS, it will no monitoring transactions, this does not prevent a malicious user spoof trading program.

若不解决上述该问题,本发明将没有实用性可言。 Without addressing the problem above, the present invention is not practical at all.

[0095] 背景技术提到的,Paypal采用中央控制的方法,支付方将金额上传给服务器,然后由服务器转发给受取方,通过即时记录于中央服务器以保证最终金额的一致性。 [0095] BACKGROUND mentioned, Paypal method of central control, the amount paid will be uploaded to the server side, and then forwarded by the server to take by the parties, through real-time recording to a central server in order to ensure consistency of the final amount.

[0096] 本发明提出不同的解决方案,通过中间件来为交易双方作证,如下图所示,本发明在交易时,可以脱离中央服务器。 [0096] The present invention proposes a different solution, for the transaction evidence to the middleware by the parties, as shown below, the present invention is in the transaction, the central server can be detached. 交易后在一定期限之内确认并记入与交易。 After confirming the transaction within a certain period and credited with the transaction.

[0097] 图9SE中部署的程序和系统结构图 [0097] FIG processes and systems deployed configuration diagram 9SE

[0098] 如图所示本发明在原有的程序上,追加监视管理程序(8),部署于交易双方的端末。 [0098] As shown in the present invention, the original program, the additional monitoring management program (8), deployed in Duanmo parties to the transaction. 通过监视管理程序,来记录交易金额,并保证交易的ACID,监视管理程序,由以下模块构成: By monitoring management program, to record the transaction amount, and to ensure that the transaction ACID, monitoring management program consists of the following modules:

1.NFC安全通信路生成模块81用以建立NFC的安全通路(Security Channel)。 1.NFC secure communication path generating module 81 to establish the secure NFC (Security Channel). 目前NFC通信协议中缺乏安全通路之定义,因此Secure Channel需要自己建立,今后当NFC安全标准通过Security Channel的时候,可以利用NFC标准提供的功能,而不再需要自己实装。 Currently NFC communication protocol defined in the lack of safe passage, and therefore needs its own Secure Channel to establish, in the future when the NFC security standards by Security Channel, you can use standard functions provided by the NFC, but no longer needs its own mounting.

2.监视模块82,用以监视交易,记录交易金额。 2. The monitoring module 82 for monitoring transactions, recording the transaction amount. 3.和交易记录服务器的通信模块88,用以和交易记录服务器9进行通信。 3. The transaction server and a communication module 88, and to communicate transaction server 9.

[0099] 如图所示同时部署于SE中的程序还有,交易应用程序51,数据操作程序83,在实装中可以将,交易应用程序51和数据操作程序83的功能同时集中在一个类(Class)文件中,这些微小的变化可以根据中等水平的专业技术者的喜好判断。 Deployed in the program as well as the SE, the transaction application 51, data manipulation program 83, the mounting can be, and the transaction application 51 program 83 data manipulation features while focusing [0099] In one class shown in FIG. (Class) file, these small changes can be judged according to the preferences of professional and technical persons of moderate level.

[0100] 监视管理程序(8),利用其中的监视模块,记录每次通过NFC传送的APDU,记录下下APDU中的交易数据,暂时保存于SE领域。 [0100] Monitoring management program (8), wherein the APDU using the monitoring module, each time by the NFC transport of the recording, the recorded transaction data of the APDU, temporarily stored in SE field. 作为同等替换也可以保存于SE外的智能手机存储领域。 As a replacement can be stored in the same outer SE smartphone storage. 在交易结束后的一定时间内,通过通信模块88将记录上传于交易记录服务器9。 Within a certain time after the end of the transaction, the record via the communication module 88 to upload transaction server 9.

[0101] 所述交易记录服务器9,包含记录DB,或者文件方式记录各个监视管理程序8,上传的记录。 The [0101] transaction server 9, comprising a DB record, or the file management program recorded each monitor 8, the uploaded records. 交易记录服务器9为通常使用的WEB应用服务器,后台链接数据服务器。 9 is a transaction server WEB application server commonly used, the background link data server. WEB应用服务器中部署接受电文模块,内部监视模块,数据整合模块和报警模块。 WEB application server deployment module receiving the message, internal monitoring module, alarm module and the data integration module. 交易记录服务器9主要目的是防止非法洗钱和偷税漏税行为,在技术上没有先进性,因此交易记录服务器9,的内部构造不作为权利申请。 Transaction server 9 main purpose is to prevent money laundering and tax evasion, there is no advancement in technology, so the transaction server 9, the internal structure is not a right to apply.

[0102] 所述上传方法,需要采用安全通信方式,如SMS短信传送或者基于https的传送。 The [0102] method for uploading, need secure communication, such as SMS text messaging, or based on transmitted https. 使用SMS短信传送方式时,前提是采用SM作为SE,在SM上部署的监视管理程序(8),通信模块88利用SMS channel,以OTA模式传送SMS至交易记录服务器9。 When using SMS text messaging mode, the premise is adopted as SM SE, SM deployed on monitoring manager (8), a communication module 88 using the SMS Channel, send SMS to the transaction server 9 OTA mode.

[0103] 作为同等替换,可以使用https方式,这时候,只需要将通信模块88部署于RichOS中,利用智能手机的通信功能和交易记录服务器9安全通信。 [0103] As an equivalent alternative, use https way, this time, just to be deployed in RichOS communication module 88, the communication functions using a smart phone and transaction server 9 secure communications.

[0104] 图10交易过程流程图 [0104] FIG. 10 process flow diagram of the transaction

[0105] 如图所示,交易中采用双重提交管理(2 phase commit)的方法,(A端末,B端末分别为启动者I和启动对象2,角色可以互换) [0105] As shown, the method of double submittal manager (2 phase commit) using transactions, (Duanmo A, B respectively Duanmo initiator I 2 and start the object, role interchangeable)

Ml.A端末的交易程序也称应用程序(51)通过RMI提交准备交易金额,给监视程序 Ml.A Duanmo trading program, also known as application program (51) ready to submit the transaction amount through RMI, to monitor

(8); (8);

M2.A端末的监视程序,通过CLF,发出NFC通信,并被B端末的监视程序收到; M2.A Duanmo the monitoring program, by the CLF, the NFC communication sent, and B Duanmo watchdog received;

M3.B端末的监视程序,通过RMI提交准备交易金额给交易程序,交易程序处理并返回结果; M3.B Duanmo monitoring program, ready to be submitted to the transaction amount of the transaction program through RMI, transaction processing program and return results;

M4.监视程序发出准备Commit金额的给数据保存模块,数据保存模块记录下准备commit的金额,并返回结果; . M4 monitor the amount of emitted prepared Commit to data storage modules, data storage modules commit record the amount of preparation, and returns the result;

M5.A端末的监视程序收到正常结束结果后,发出准备Commit金额的给A端末的数据保存模块,数据保存模块记录下准备commit的金额,并返回结果; After the monitoring program is received M5.A Duanmo normal end result, the amount issued to prepare Commit Duanmo A data storage modules, data storage modules commit record the amount of preparation, and returns the result;

M6.准备commit处理全部正常结束后,A端末发出正式Commit处理要求给B端末的监视程序; . M6 commit preparation processing ends normally after all, A Duanmo formal Commit processing request issued to the B-terminal ends of the monitoring program;

M7.B端末的监视程序发出Commit要求给B端末的交易程序,交易程序处理并返回结 M7.B Duanmo monitoring program sends request to B Duanmo Commit transaction procedures, transaction procedures and the processing returns results

果; fruit;

M8.A端末的监视程序发出commit要求给数据保存模块,数据保存模块commit金额,并返回结果; M8.A Duanmo monitoring program sends commit request to a data storage module, the amount of data storage modules commit, and returns the result;

[0106] 在收到最后成功结果之前,若处理过程中出现了故障,那么所有处理rollback到初始状态。 [0106] Prior to receipt of the final successful outcome, if the process fails, then all processing rollback to the initial state. 由于在处理过程中不允许多线程多程序同时运行,因此双重提交管理的方法中不会产生死锁问题。 Since the program does not allow multiple threads to run simultaneously in a multi-process, and therefore the method of double submission management does not produce deadlock. 通过以上2PhaseCommit的处理步骤,保证交易的ACID,解决了数据一贯性的问题。 Through the above 2PhaseCommit processing steps to ensure ACID transactions, solve the problem of consistent data.

[0107] 监视程序,由服务提供商开发提供,在下载时提供程序的认证,具体方法可以是CA发行的电子证明书等各种本领域常用的方法。 [0107] monitoring program, offering certification programs when downloading provided by the service providers to develop specific methods can be used such as CA electronic certificate issued by a variety of methods in the art. 在程序内为防止被恶意篡改,对程序使用SHA-1等防止篡改检查手法,该方法也为本领域常用方法。 To prevent tampering within the program, using the SHA-1 and other techniques to prevent tampering check program, which is also present art conventional method.

[0108] 监视程序中的运行结果可以作为交易的合法性的凭证,通过本方法,恶意用户同时攻击交易程序和监视程序难度被提高,也无法通过截取和篡改通信结果来进行恶意行为;当交易中广生障碍时,交易会被退回到初始状态ACID将被保证。 [0108] operation results of the monitoring program can be used as proof of the legitimacy of the transaction, by this method, a malicious user simultaneous attacks transaction procedures and the monitoring program is to improve the degree of difficulty can not be malicious behavior by intercepting communications and tampering with the results; when the transaction when the Guangsheng obstacles, the deal would be returned to its original state ACID will be guaranteed.

[0109] 安全通信路生成模块中Secure Channel建立步骤 [0109] generating a secure communication path establishment step Secure Channel module

1.启动者A发送出2个质数P和G给启动对象; 1. A starter transmitted two prime numbers P and G to start the object;

2.启动者利用乱数生成器(212)生成随机数A ; 2. Start by using a random number generator (212) generates a random number A;

3.启动对象利用乱数生成器(212)生成随机数B; 3. Start the object B generates a random number using a random number generator (212);

4.启动者将G A mod P的结果传给启动对象; 4. Start will result A mod P G promoter passed to the object;

5.启动对象将G~B mod P的结果传给启动者; 5. Start object B mod P G ~ results passed to the initiator;

6.启动者计算出(G~B mod P)~A mod P的结果,作为秘密钥匙,加密/解密NFC电文除header部分以外的数据NDEF(H); 6. Start the results were calculated (G ~ B mod P) ~ A mod P as a secret key, to encrypt / decrypt data NFC NDEF message other than the header portion (H);

7.启动对象计算出(G~A mod P)'B mod P的结果,作为秘密钥匙,进行同样的加密/解密; 7. Start the object calculated results (G ~ A mod P) 'B mod P as a secret key, the same encryption / decryption;

由于随机数A,B没有直接传送,所以即使在IOcm的距离中加入窃听手段,公开传送数据被恶意者盗窃,恶意者也无·法在短时间内计算出秘密钥匙,由此确保了Secure Channel的数据不会被盗窃,因而也不会被篡改。 Because of the random numbers A, B is not directly transmitted, so that even if the distance is added IOcm eavesdropping, the transmission data is stolen disclosed malicious persons, who no malicious · Method secret key is calculated in a short time, thereby ensuring the Secure Channel the data will not be stolen, and thus can not be tampered with.

[0110] 连立上述方程式,秘密钥匙需要使用离散对数才能得到解,而离散对数的解法到目前为止尚未被数学领域提出,所以即使使用并行高速试算方法也需要相当时间,在NFC通信所限时间内(通常为I秒),计算出秘密钥匙实际是可能的。 [0110] even stand above equation, the secret key is required to get the solution of the discrete number talents, and the discrete logarithm solution so far has not been proposed areas of mathematics, so even with a high-speed parallel spreadsheet method also requires considerable time, in the NFC communication within a limited time (usually in seconds I), to calculate the secret key is actually possible.

[0111] 由于在启动者和启动对象中加载了监视模块,监视模块中有相互认证的机制,因此伪装为启动对象也是不可能的。 [0111] Since the monitoring module loaded in the initiator and start the object, the monitoring module has a mechanism for mutual authentication, so disguised as to start the object is impossible. 以上说明,实现了安全秘密通信路(Secure Channel),确保了通信的安全。 Described above, to achieve a secure secret communication channel (Secure Channel), to ensure a secure communication.

[0112] 6.实施例 [0112] 6. EXAMPLES

[0113] 实施例1 一支付者启动 [0113] Example 1 starting a payor

1.支付者启动打开携带电话电源,输入自己的PIN,启动诸如Android的RichOS (23) 1. Open the Start payer cellular phone power, enter their PIN, such as the launch of Android RichOS (23)

2.支付者启动RichOS(23)中的本发明的直接支付应用程序(24)中的画面处理 2. Start direct payer payment application RichOS (23) of the present invention, a screen process (24)

3.支付者在直接支付应用程序(24)中,输入货币数额,按下传送键 3. In the direct payer payment application (24), the input amount of money, transfer key press

4.支付应用程序24启动NFC通信,并启动位于SE领域的支付应用程序(51),这时支付者携带电话成为NFC启动者(initiator) I 4. Payment application 24 starts the NFC communication, and starts the payment application (51) located in the field of SE, then the portable telephone becomes payer NFC initiator (initiator) I

5.NFC启动者(initiator) I发射13.56Mhz的电波,启动对象(target) 2被电波激活 5.NFC initiator (initiator) I 13.56Mhz emission of radio waves, the initiation object (target) 2 is activated wave

6.启动对象的NFC芯片通过CLF/SWP等NCI方式,启动位于SE上的监视程序(8) 6. Start NFC chip object by CLF / SWP NCI like manner, the start monitor program is located on the SE (8)

7.NFC启动者(initiator) I发送NFC通信请求, 7.NFC initiator (initiator) I transmits the NFC communication request,

8.启动启动对象(target) 2发送NFC通信请求回答 8. Start Start the object (target) 2 transmits the NFC communication request is answered

9.NFC启动者(initiator) I和启动启动对象(target) 2建立起NFC通信 9.NFC initiator (initiator) I promoter and promoter objects (target) 2 established NFC communication

10.通信双方根据说明书中所述钥匙交换步骤建立起安全通信路SecureChannel,11.位于SE的监视程序、交易程序、数据保存模块,根据说明书所述交易过程完成交 The communication parties in accordance with the specification key exchange step establish secure communication channels SecureChannel, 11. SE located in the monitor, the transaction program, data storage module to complete the description of the deposit transaction process

易; easy;

12.所述交易过程步骤中,数据管理模块(83)在处理数据读写的时候,根据说明书所述所需文件取得方法,取得读写文件的权力; 12. The transaction process step, the data management module (83) in processing data read and write, the description of the method of obtaining the desired file, file read and write access to power;

13.所述取得读写文件权力步骤中,根据说明书所述动态钥匙生成方法,生成动态钥匙。 13. The power acquisition step of reading and writing files, instructions based on the method of generating a dynamic key, to generate the dynamic key.

14.交易结束后,在一定时间内,和交易记录服务器的通信模块88,将交易状况上传于交易记录服务器9。 14. After completion of the transaction, within a certain time, and the communication module 88 of the transaction server, the transaction status upload transactions to the server 9.

[0114] 7.总结 [0114] 7. Summary

[0115] 通过以上实施方法,本发明在遵守标准劝告的前提下,实现了新的交易方法,该方法不仅使得用户脱离P0S,并可以在线下使用电子货币,而且能够保证交易方法的安全性。 [0115] By the above embodiment of the method, the present invention Subject to the standard advice to achieve a new transaction, the method not only enables a user from P0S, electronic money under and online, and can guarantee the security of the transaction process.

[0116] 以上使用了具体个例对本发明的具体实施例进行了描述,该实施例的说明只是用于帮助理解本发明的方法及核心思想;同时对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有变改之处,比如 [0116] above using specific examples of specific embodiments of the present invention have been described, this embodiment will be described only to help understand the method of the present invention and the core idea; while for those of ordinary skill in the art, according to the present invention. thought, in the embodiments and application scopes becomes the corrections, such as

1.将芯片中的逻辑电路单纯的集成或者分离,这样的改变仅是封装的不同; 1. The simple integrated circuits or discrete logic chips, such changes are merely different packages;

2.实施步骤顺序的微调整,如将没有先后顺序的处理调换; 2. The embodiment of the fine adjustment sequence of steps, as will be no process of exchange sequence;

3.取消认证或者必要的安全处理,单纯地提供劣质服务; 4.无意义地更换启动者和启动对象角色; 3. decertification or necessary for safe handling, simply provide poor service; 4. meaningless to replace those who start and startup objects role;

因此,本说明书内容不应理解为对本发明的限制,凡在本发明的精神和原则之内所作的任何修改、同等替换、删减附加步骤的改进,均包含在本发明的包含范围内。 Accordingly, the present specification shall not be construed as limiting the present invention, any modifications within the spirit and principle of the present invention, equivalent replacement, improvement deletion additional steps, are included within the scope of the present invention comprises.

Claims (2)

1.一种电子货币交易的监视方法,其特征在于(1)交易直接在两台智能装直中完成(2)交易中使用NFC方式(3)使用监视管理程序记录交易状态(4)交易结束后将交易状况传给交易记录服务器。 CLAIMS 1. A method of monitoring electronic money transactions, characterized in that (1) two smart completion means directly in a straight (2) the transaction using the NFC method (3) using the management program to monitor the state of the transaction record (4) End Transaction after the transaction status to pass transaction server.
2.如权利要求1所述智能装置,其特征在于包含(1) NFC标准芯片(2) Secure Element 芯片。 1 The smart device as claimed in claim 2, characterized in that it comprises (1) the NFC standard chip (2) Secure Element chips.
CN2013100548134A 2013-02-20 2013-02-20 Electronic currency transaction monitoring method CN103236011A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2013100548134A CN103236011A (en) 2013-02-20 2013-02-20 Electronic currency transaction monitoring method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2013100548134A CN103236011A (en) 2013-02-20 2013-02-20 Electronic currency transaction monitoring method

Publications (1)

Publication Number Publication Date
CN103236011A true CN103236011A (en) 2013-08-07



Family Applications (1)

Application Number Title Priority Date Filing Date
CN2013100548134A CN103236011A (en) 2013-02-20 2013-02-20 Electronic currency transaction monitoring method

Country Status (1)

Country Link
CN (1) CN103236011A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103984896A (en) * 2014-05-19 2014-08-13 联想(北京)有限公司 Information processing method and electronic equipment
CN103984892A (en) * 2014-05-19 2014-08-13 联想(北京)有限公司 Information processing method and electronic equipment
CN103984730A (en) * 2014-05-19 2014-08-13 联想(北京)有限公司 Information processing method and electronic equipment
WO2016045042A1 (en) * 2014-09-25 2016-03-31 华为技术有限公司 Method and device for managing content in secure element
CN106920081A (en) * 2017-02-24 2017-07-04 济南汉泰信息科技有限公司 Payment method, system and electronic device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101027699A (en) * 2004-08-13 2007-08-29 意大利电信股份公司 Method and system for safety managing data stored on electronic label
CN101546407A (en) * 2009-02-11 2009-09-30 广州杰赛科技股份有限公司 Electronic commerce system and management method thereof based on digital certificate
CN102204111A (en) * 2008-08-12 2011-09-28 维沃科技公司 Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices
CN102460520A (en) * 2009-05-03 2012-05-16 洛格摩提公司 A payment terminal using a mobile communication device, such as a mobile phone
CN102722813A (en) * 2012-04-21 2012-10-10 郁晓东 Hierarchical multiple electronic currency device and multiple electronic currency management method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101027699A (en) * 2004-08-13 2007-08-29 意大利电信股份公司 Method and system for safety managing data stored on electronic label
CN102204111A (en) * 2008-08-12 2011-09-28 维沃科技公司 Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices
CN101546407A (en) * 2009-02-11 2009-09-30 广州杰赛科技股份有限公司 Electronic commerce system and management method thereof based on digital certificate
CN102460520A (en) * 2009-05-03 2012-05-16 洛格摩提公司 A payment terminal using a mobile communication device, such as a mobile phone
CN102722813A (en) * 2012-04-21 2012-10-10 郁晓东 Hierarchical multiple electronic currency device and multiple electronic currency management method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
孙欢: ""基于NFC的P2P新一代移动支付解决方案"", 《华南金融电脑》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103984896A (en) * 2014-05-19 2014-08-13 联想(北京)有限公司 Information processing method and electronic equipment
CN103984892A (en) * 2014-05-19 2014-08-13 联想(北京)有限公司 Information processing method and electronic equipment
CN103984730A (en) * 2014-05-19 2014-08-13 联想(北京)有限公司 Information processing method and electronic equipment
CN103984892B (en) * 2014-05-19 2017-11-24 联想(北京)有限公司 An information processing method and an electronic device
CN103984896B (en) * 2014-05-19 2018-04-27 联想(北京)有限公司 An information processing method and an electronic device
WO2016045042A1 (en) * 2014-09-25 2016-03-31 华为技术有限公司 Method and device for managing content in secure element
CN106920081A (en) * 2017-02-24 2017-07-04 济南汉泰信息科技有限公司 Payment method, system and electronic device

Similar Documents

Publication Publication Date Title
US8646059B1 (en) Wallet application for interacting with a secure element application without a trusted server for authentication
AU2015319804B2 (en) Remote server encrypted data provisioning system and methods
Hansmann et al. Smart card application development using Java
US10108409B2 (en) Systems and methods for updatable applets
EP2885904B1 (en) User-convenient authentication method and apparatus using a mobile authentication application
CN102057386B (en) Trusted service manager (TSM) architectures and methods
US8528067B2 (en) Anytime validation for verification tokens
CN102314576B (en) Method of performing security applications in nfc devices
EP2477165B1 (en) Multi-application smart card, and system and method for multi-application management of smart card
EP1710980B1 (en) Authentication services using mobile device
CN101394615B (en) Mobile payment terminal and payment method based on PKI technique
US20110103586A1 (en) System, Method and Device To Authenticate Relationships By Electronic Means
US8881977B1 (en) Point-of-sale and automated teller machine transactions using trusted mobile access device
RU2537795C2 (en) Trusted remote attestation agent (traa)
US7882208B2 (en) Information management apparatus, information management method, and program for managing an integrated circuit
US9607298B2 (en) System and method for providing secure data communication functionality to a variety of applications on a portable communication device
US8266436B2 (en) Service providing system, service providing server and information terminal device
US9071963B2 (en) Methods, systems, and computer readable media for secure near field communication of a non-secure memory element payload
US9467292B2 (en) Hardware-based zero-knowledge strong authentication (H0KSA)
RU2523304C2 (en) Trusted integrity manager (tim)
KR101510784B1 (en) How to personalize the secure nfc chipset
US9135424B2 (en) Secure identity binding (SIB)
US20130054473A1 (en) Secure Payment Method, Mobile Device and Secure Payment System
US9779399B2 (en) Multi user electronic wallet and management thereof
US20130060618A1 (en) Method and System for Electronic Wallet Access

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination