CN103337021A - Film card and secure transaction method based on same - Google Patents
Film card and secure transaction method based on same Download PDFInfo
- Publication number
- CN103337021A CN103337021A CN2013101673057A CN201310167305A CN103337021A CN 103337021 A CN103337021 A CN 103337021A CN 2013101673057 A CN2013101673057 A CN 2013101673057A CN 201310167305 A CN201310167305 A CN 201310167305A CN 103337021 A CN103337021 A CN 103337021A
- Authority
- CN
- China
- Prior art keywords
- information
- key
- short message
- user
- pad pasting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a film card and a secure transaction method based on the same. The method of the invention comprises the following steps: first, a network server generates and transmits a first short message based on a user transaction request; second, the film card generates and displays a to-be-confirmed interface based on transaction information of the received first short message, and further generates and transmits a second short message based on user confirmation information of the transaction information of the to-be-confirmed interface; third, the network server carries out subsequent transaction operations based on the confirmation information of the received second short message, so that the authenticity and reliability of the transaction are guaranteed; preferably, the network server acquires the user transaction request from an instant communication platform, so that the user is facilitated to carry out various bank operations through the instant communication platform; and furthermore, the film card is based on an identifying code technology to effectively prevent a "keyboard hook" action.
Description
Technical field
The present invention relates to communication field, particularly relate to a kind of pad pasting card and based on the method for secure transactions of pad pasting card.
Background technology
Fast development along with the communication technology, more and more users begin to do shopping by modes such as networks, because in whole process of exchange, do not authenticate based on hardware security, all be that algorithm by software guarantees, though payment systems such as bank usually can be informed the Transaction Information of relative users by modes such as short messages after transaction is finished, but the mode that this kind is informed afterwards still is difficult to effectively guarantee user's account safety, because the lawless person can conclude the business by the mode of hijack accounts password.
In addition, the information mobile e-business has become a direction of e-commerce development, and the extensive commercialization of mobile-phone payment will become the important payment and settlement mode of mobile e-business gradually.Present mobile-phone payment product category is various, such as: customer end A pp Mobile banking, telephone bank, Wap version Mobile banking etc. all are more common mobile phone end self-help payment products.These channels are in process of exchange, because factors such as product performance can not get involved relevant safety, so in when transaction, have some constraints and restriction, such as in telephone bank, can not carry out the inter-bank transaction, the trading limit maximum can only be 50,000 etc. in customer end A pp Mobile banking.Moreover, existing transaction system is encrypted the cipher mode that adopts to information and mostly is the SHA1+RSA algorithm, but this algorithm has several shortcomings, as: key produces trouble, can't accomplish one-time pad, in case will be found out the encryption rule after the client trading daily record is collected, and cryptographic calculation speed is too slow, feasible on computers, but the chip that is based on microcomputer development that mobile communication equipments such as mobile phone adopt then because resource consumption is too big, is difficult to be suitable for.
Have again, more existing softwares can the input process of recording user on keyboard, and under the incognizant situation of user the previous actuation of keys of analog subscriber, such software is referred to as the keyboard hook, it has increased the potential safety hazard of user account to a certain extent, because it can make the change of account fund in constantly certain transaction before the duplicate customer under the situation of not perception of user.
Summary of the invention
The shortcoming of prior art in view of the above the object of the present invention is to provide a kind of pad pasting card and based on the method for secure transactions of pad pasting card, carries out with the safety of guaranteeing to conclude the business.
Reach other relevant purposes for achieving the above object, the invention provides a kind of Transaction Information confirmation method based on the pad pasting card, it comprises at least:
1) forms interface to be confirmed based on the Transaction Information in the short message that receives and shown;
2) based on the user the relevant confirmation of the Transaction Information in the described interface to be confirmed is formed short message to be sent, in order to sent.
Preferably, described step 2) also comprise:
2-1) after the user confirms the Transaction Information in the described interface to be confirmed, again the authorization information that generates and the authorization information that the user imports are compared;
2-2) when the authorization information of the authorization information that generates and user input is identical, based on the user the relevant confirmation of the Transaction Information in the described interface to be confirmed is formed short message to be sent, in order to sent.
Preferably, described step 2) also comprise:
Based on determining one in a plurality of keys that prestore of random number cause as first key;
Based on described random number and operational factor described first key is carried out first computing to obtain second key;
First, employing first cryptographic algorithm based on second key are encrypted to obtain pending information to described relevant confirmation;
Second portion based on second key carries out second computing to obtain first authorization information to described pending information;
Form short message to be sent based on described first authorization information, described random number, described operational factor and described pending information
The present invention also provides a kind of Transaction Information based on the pad pasting card to confirm system, and it comprises at least:
First generation module is used for Transaction Information based on the short message that receives and forms interface to be confirmed and shown;
Second generation module is used for based on the user the relevant confirmation of the Transaction Information at described interface to be confirmed being formed short message to be sent, in order to sent.
Preferably, described second generation module also comprises:
Comparing unit is used for the authorization information that generates and the authorization information that the user imports being compared after the user confirms the Transaction Information at described interface to be confirmed again;
The first sub-generation unit is used for working as authorization information that the authorization information that generates and user import when identical, based on the user the relevant confirmation of the Transaction Information in the described interface to be confirmed is formed short message to be sent, in order to sent.
Preferably, described second generation module also comprises:
Selected cell is used for determining one as first key based on a plurality of keys that prestore of random number cause;
First arithmetic element is used for based on described random number and operational factor described first key being carried out first computing to obtain second key;
Ciphering unit, the first, employing first cryptographic algorithm that are used for based on second key are encrypted to obtain pending information to described relevant confirmation;
Second arithmetic element is used for based on the second portion of second key described pending information being carried out second computing to obtain first authorization information;
The second sub-generation unit is used for forming short message to be sent based on described first authorization information, described random number, described operational factor and described pending information.
The present invention also provides a kind of pad pasting card, and it comprises aforementioned Transaction Information affirmation system based on the pad pasting card at least.
The present invention also provides a kind of method for secure transactions based on the pad pasting card, and it comprises at least:
A) webserver forms first short message based on user's transaction request information, and is sent;
B) first generation module of pad pasting card forms interface to be confirmed based on the Transaction Information in first short message that receives and is shown;
C) second generation module of described pad pasting card forms second short message based on the user to the relevant confirmation of the Transaction Information in the described interface to be confirmed, in order to sent;
D) described pad pasting card corresponding device sends described second short message;
E) the described webserver carries out the subsequent transaction operation based on the relevant confirmation in second short message that receives.
Preferably, step a) also comprises: the webserver forms first short message based on the customer transaction solicited message from immediate communication platform, and is sent.
As mentioned above, the method for secure transactions based on the pad pasting card of the present invention has following beneficial effect: based on the affirmation that the pad pasting card is concluded the business, that can guarantee to conclude the business is true and reliable, and then ensures user's account safety.
Description of drawings
Fig. 1 is shown as a kind of preferred flow charts of the Transaction Information confirmation method based on the pad pasting card of the present invention.
A kind of preferred interface to be confirmed synoptic diagram that provides based on the Transaction Information confirmation method of pad pasting card of the present invention is provided Fig. 2.
A kind of preferred interface for password input synoptic diagram that provides based on the Transaction Information confirmation method of pad pasting card of the present invention is provided Fig. 3.
Fig. 4 is shown as the another kind of preferred flow charts of the Transaction Information confirmation method based on the pad pasting card of the present invention.
A kind of preferred identifying code inputting interface synoptic diagram that provides based on the Transaction Information confirmation method of pad pasting card of the present invention is provided Fig. 5.
Fig. 6 is shown as a kind of preferred synoptic diagram of confirming system based on the Transaction Information of pad pasting card of the present invention.
Fig. 7 is shown as the another kind of preferred synoptic diagram that the Transaction Information based on the pad pasting card of the present invention is confirmed system.
Fig. 8 is shown as the process flow diagram of the method for secure transactions based on the pad pasting card of the present invention.
The element numbers explanation
1 Transaction Information is confirmed system
11 first generation modules
12 second generation modules
121 comparing units
122 first sub-generation units
S11, S12, S121, S122 step
The S41-S45 step
Embodiment
Below by specific instantiation explanation embodiments of the present invention, those skilled in the art can understand other advantages of the present invention and effect easily by the disclosed content of this instructions.The present invention can also be implemented or be used by other different embodiment, and the every details in this instructions also can be based on different viewpoints and application, carries out various modifications or change under the spirit of the present invention not deviating from.
See also Fig. 1 to Fig. 8.Need to prove, the diagram that provides in the present embodiment only illustrates basic conception of the present invention in a schematic way, satisfy only show in graphic with the present invention in relevant assembly but not component count, shape and size drafting when implementing according to reality, kenel, quantity and the ratio of each assembly can be a kind of random change during its actual enforcement, and its assembly layout kenel also may be more complicated.
As shown in Figure 1, the invention provides a kind of Transaction Information confirmation method based on the pad pasting card.The method according to this invention, it is mainly finished by Transaction Information affirmation system, and this Transaction Information affirmation system includes but not limited to be installed in the pad pasting card of mobile communication equipment and can realize the present invention program's the device such as application module, operating system, processing controller etc.Wherein, this mobile communication equipment includes but not limited to: smart mobile phone etc.
In step S11, described Transaction Information confirms that system forms interface to be confirmed based on the Transaction Information in the short message that receives and shown.
Wherein, transaction includes but not limited to: do shopping, query the balance, inquire about the account detail, transfer accounts, remit money, buy finance product etc.; Described Transaction Information comprises any and the relevant information of transaction, preferably includes but is not limited to: transaction number, dealing money, the accounts information relevant with transaction, for example, the accounts information of remitting money, remittance accounts information etc.
Wherein, described interface to be confirmed comprises that any Transaction Information that can comprise is for the interface of user's affirmation, for example, as shown in Figure 2, it includes in this interface to be confirmed: the option of user's self accounts information, the accounts information of remittance, money transfer amount and affirmation or cancellation for a kind of interface to be confirmed that comprises the information of transferring accounts that described Transaction Information affirmation system generates.
Then, in step S12, described Transaction Information confirms that system forms short message to be sent based on the user to the relevant confirmation of the Transaction Information in the described interface to be confirmed, in order to sent.
Wherein, described relevant confirmation comprises and the information relevant to the affirmation of Transaction Information, preferably, includes but not limited to: the Transaction Information after the affirmation, payment cipher, account password etc.
For example, after described Transaction Information confirms that system clicks " acceptance " in the interface to be confirmed shown in Figure 2 based on the user, interface for password input shown in Figure 3 is provided again, and after the user imports payment cipher, form short message to be sent based on Transaction Information and the payment cipher confirmed, described Transaction Information confirms that the mobile communication equipment under the system should be sent by short message to be sent subsequently.
Fig. 4 shows the another preferred flow charts of the Transaction Information confirmation method based on the pad pasting card of the present invention.Wherein, step S11 is described in detail in the embodiment shown in fig. 1, and is contained in this by reference, no longer repeats at this.
In step S121, described Transaction Information confirms that system after the user confirms the Transaction Information in the described interface to be confirmed, compares the authorization information that generates and the authorization information that the user imports again.
Need to prove, those skilled in the art should understand that described Transaction Information affirmation system generates the mode of identifying code, so no longer described in detail at this.
For example, after described Transaction Information confirms that system imports password in user's interface for password input shown in Figure 3, identifying code inputting interface shown in Figure 5 is provided, and behind user's input validation sign indicating number, both is compared, if user's input error, then remind the user to import again, if the user is 3 equal mistakes of input continuously, then close the identifying code inputting interface, no longer carry out subsequent operation, if the user imports correctly, then enter step S122.
In step S122, when the authorization information of the authorization information that generates and user input is identical, described Transaction Information confirms that system forms short message to be sent based on the user to the relevant confirmation of the Transaction Information in the described interface to be confirmed, in order to sent.
For example, when described Transaction Information confirms that system is with the user identifying code of importing and the identifying code comparison that generates at random voluntarily in Fig. 5, determine both identical after, the Transaction Information shown in Figure 2 confirmed of the payment cipher of importing at Fig. 3 based on the user and user forms short message to be sent again, and described Transaction Information confirms that the mobile communication equipment under the system should be sent by short message to be sent subsequently.
As a kind of optimal way, the method according to this invention, abovementioned steps S12 or S122 also comprise step S31, S32, S33, S34 and S35.
In step S31, described Transaction Information confirms that system is based on determining one in a plurality of keys that prestore of random number cause as first key.
Wherein, the mode that described Transaction Information affirmation system obtains described random number comprises: generate voluntarily, provided by the mobile communication equipment under the described Transaction Information affirmation system etc., for example, after being generated by the application program in the SIM card of the mobile phone under the described Transaction Information affirmation system, the Transaction Information that offers in the pad pasting card that is arranged on this mobile phone is confirmed system.
For example, described Transaction Information confirms that system carries out modulo operation to random number G1, obtains operation result g1, again by selecting the cipher key number key identical with operation result g1 as first key in a plurality of keys that prestore.
Need to prove, those skilled in the art should understand that, described above is not limitation of the present invention, in fact, any based on determining the modes as first key in a plurality of keys that prestore of random number cause, for example, select the cipher key number key identical with random number as first key etc., all within the scope of the present invention.
Then, in step S32, described Transaction Information confirms that system carries out first computing to obtain second key based on described random number and operational factor to described first key.
Wherein, described second key comprises the key that can be split as at least one symmetric key, described operational factor comprises that any energy is used for carrying out the factor of key conversion, preferably, include but not limited to: the number information of short message to be generated etc., for example, described Transaction Information confirms that system had generated 8 short messages, then described Transaction Information confirms that system is 9 based on the number information of short message to be generated, determines that described operational factor also is 9.
Wherein, described first computing comprises anyly can be converted to the computing of second key with first key based on operational factor, preferably, includes but not limited to: disperse computing etc.
Need to prove, it should be appreciated by those skilled in the art that described abovely only just to list, but not limitation of the present invention, in fact, any energy is used for carrying out the factor of key conversion, for example, and the current time etc., all within the scope of the present invention.
For example, described Transaction Information confirms that system carries out twice dispersion computing based on operational factor A31 and random number G2 to the first key B31, obtains second ciphering key 31.
Then, in step S33, described Transaction Information confirms that system is encrypted to obtain pending information based on first, employing first cryptographic algorithm of second key to described relevant confirmation.
Wherein, described first cryptographic algorithm comprises the algorithm that any employing symmetric key is encrypted, and preferably, includes but not limited to: DES algorithm, 3DES algorithm, IDEA algorithm, FEAL algorithm, BLOWFISH algorithm etc.
Wherein, the symmetric key of the first of described second key for being split out by described second key, for example, 8 on the left side of second ciphering key 11 all can be used as symmetric key with right 8, and then described Transaction Information confirms that system can select 8 on the left side of second ciphering key 11 or right 8 to come the first information is encrypted.
For example, described Transaction Information obtains pending information E1 after confirming that system adopts the DES algorithm that relevant confirmation D1 is encrypted based on 8 on the right side of second ciphering key 11.
Then, in step S34, described Transaction Information confirms that system carries out second computing to obtain first authorization information based on the second portion of second key to described pending information.
Wherein, described second computing comprises any computing that can handle information, preferably, includes but not limited to: based on MAC computing of DES CBC algorithm etc.
Wherein, when described second computing comprises the cryptographic algorithm that adopts symmetric key, the second portion of described second key is a symmetric key for being split out by described second key also, for example, 8 on the left side of second ciphering key 11 all can be used as symmetric key with right 8, and then described Transaction Information confirms that system can select 8 on the left side of second ciphering key 11 or right 8 to come second information is carried out second computing; Wherein, described Transaction Information affirmation system be used for to the part of relevant confirmation second encrypted key be used for treating the part that process information carries out second key of second computing can be identical, also can be different, both differences preferably.
For example, described Transaction Information confirms that system based on 8 on the left side of second ciphering key 11, adopts DES CBC algorithm to treat process information E1 and carries out the MAC computing, obtains the first authorization information F1.
Then, in step S35, described Transaction Information confirms that system forms short message to be sent based on described first authorization information, described random number, described operational factor and described pending information.
Particularly, described Transaction Information affirmation system with described first authorization information, random number and operational factor be placed on message header region, pending information is formed short message to be sent as message.
As shown in Figure 6, the invention provides a kind of Transaction Information based on the pad pasting card and confirm system.This Transaction Information confirms that system 1 comprises at least: first generation module 11 and second generation module 12.
Described first generation module 11 forms interface to be confirmed based on the Transaction Information in the short message that receives and is shown.
Wherein, transaction includes but not limited to: do shopping, query the balance, inquire about the account detail, transfer accounts, remit money, buy finance product etc.; Described Transaction Information comprises any and the relevant information of transaction, preferably includes but is not limited to: transaction number, dealing money, the accounts information relevant with transaction, for example, the accounts information of remitting money, remittance accounts information etc.
Wherein, described interface to be confirmed comprises that any Transaction Information that can comprise is for the interface of user's affirmation, for example, as shown in Figure 2, it is a kind of interface to be confirmed that comprises the information of transferring accounts that first generation module 11 generates, and includes in this interface to be confirmed: the option of user's self accounts information, the accounts information of remittance, money transfer amount and affirmation or cancellation.
Then, described second generation module 12 forms short message to be sent based on the user to the relevant confirmation of the Transaction Information in the described interface to be confirmed, in order to sent.
Wherein, described relevant confirmation comprises and the information relevant to the affirmation of Transaction Information, preferably, includes but not limited to: the Transaction Information after the affirmation, payment cipher, account password etc.
For example, after described second generation module 12 clicks " acceptance " in the interface to be confirmed shown in Figure 2 based on the user, interface for password input shown in Figure 3 is provided again, and after the user imports payment cipher, form short message to be sent based on Transaction Information and the payment cipher confirmed, the mobile communication equipment under described second generation module 12 should be sent by short message to be sent subsequently.
Fig. 7 shows the another preferred synoptic diagram of confirming system based on the Transaction Information of pad pasting card of the present invention.Described Transaction Information confirms that system 1 comprises at least: first generation module 11 and second generation module 12; Described second generation module 12 comprises again: comparing unit 121 and the first sub-generation unit 122.Wherein, first generation module 11 is described in detail in the embodiment shown in fig. 6, and is contained in this by reference, no longer repeats at this.
After first generation module 11 executed operation, after Transaction Information in the interface to be confirmed that the user provides first generation module 11 was confirmed, described comparing unit 121 was compared the authorization information that generates and the authorization information that the user imports.
Need to prove, those skilled in the art should understand that described Transaction Information affirmation system generates the mode of identifying code, so no longer described in detail at this.
For example, described comparing unit 121 is imported password in user's interface for password input shown in Figure 3 after, identifying code inputting interface shown in Figure 5 is provided, and behind user's input validation sign indicating number, both are compared, if user's input error then reminds the user to import again, if the user imports 3 equal mistakes continuously, then close the identifying code inputting interface, no longer carry out subsequent operation.
When the authorization information of the authorization information that generates and user input was identical, the described first sub-generation unit 122 formed short message to be sent based on the user to the relevant confirmation of the Transaction Information in the described interface to be confirmed, in order to sent.
For example, when described comparing unit 121 is compared the user identifying code of importing and the identifying code that generates at random voluntarily in Fig. 5, determine both identical after, the Transaction Information shown in Figure 2 that the payment cipher that the described first sub-generation unit 122 is imported at Fig. 3 based on the user again and user confirm forms short message to be sent, and described Transaction Information confirms that the mobile communication equipment under the system 1 should be sent by short message to be sent subsequently.
As a kind of optimal way, aforementioned second generation module 12 or the first sub-generation unit 122 also comprise selected cell, first arithmetic element, ciphering unit, second arithmetic element and the second sub-generation unit.
Described selected cell is based on determining one in a plurality of keys that prestore of random number cause as first key.
Wherein, the mode that described selected cell obtains described random number comprises: generate voluntarily, provided by the mobile communication equipment under the described selected cell etc., for example, after the generation of the application program in the SIM card of the mobile phone under the described selected cell, offer the selected cell in the pad pasting card that is arranged on this mobile phone.
For example, described selected cell carries out modulo operation to random number G1, obtains operation result g1, again by selecting the cipher key number key identical with operation result g1 as first key in a plurality of keys that prestore.
Need to prove, those skilled in the art should understand that, described above is not limitation of the present invention, in fact, any based on determining the modes as first key in a plurality of keys that prestore of random number cause, for example, select the cipher key number key identical with random number as first key etc., all within the scope of the present invention.
Then, described first arithmetic element is carried out first computing to obtain second key based on described random number and operational factor to described first key.
Wherein, described second key comprises the key that can be split as at least one symmetric key, described operational factor comprises that any energy is used for carrying out the factor of key conversion, preferably, include but not limited to: the number information of short message to be generated etc., for example, described Transaction Information confirms that system 1 had generated 8 short messages, then described first arithmetic element is 9 based on the number information of short message to be generated, determines that described operational factor also is 9.
Wherein, described first computing comprises anyly can be converted to the computing of second key with first key based on operational factor, preferably, includes but not limited to: disperse computing etc.
Need to prove, it should be appreciated by those skilled in the art that described abovely only just to list, but not limitation of the present invention, in fact, any energy is used for carrying out the factor of key conversion, for example, and the current time etc., all within the scope of the present invention.
For example, described first arithmetic element is carried out twice dispersion computing based on operational factor A31 and random number G2 to the first key B31, obtains second ciphering key 31.
Then, described ciphering unit is encrypted to obtain pending information based on first, employing first cryptographic algorithm of second key to described relevant confirmation.
Wherein, described first cryptographic algorithm comprises the algorithm that any employing symmetric key is encrypted, and preferably, includes but not limited to: DES algorithm, 3DES algorithm, IDEA algorithm, FEAL algorithm, BLOWFISH algorithm etc.
Wherein, the symmetric key of the first of described second key for being split out by described second key, for example, 8 on the left side of second ciphering key 11 and 8 on the right side all can be used as symmetric key, and then described ciphering unit can select 8 on the left side of second ciphering key 11 or 8 on the right side to come the first information is encrypted.
For example, described ciphering unit obtains pending information E1 after adopting the DES algorithm that relevant confirmation D1 is encrypted based on 8 on the right side of second ciphering key 11.
Then, described second arithmetic element is carried out second computing to obtain first authorization information based on the second portion of second key to described pending information.
Wherein, described second computing comprises any computing that can handle information, preferably, includes but not limited to: based on MAC computing of DES CBC algorithm etc.
Wherein, when described second computing comprises the cryptographic algorithm that adopts symmetric key, the second portion of described second key is a symmetric key for being split out by described second key also, for example, 8 on the left side of second ciphering key 11 and 8 on the right side all can be used as symmetric key, and then described second arithmetic element can select 8 on the left side of second ciphering key 11 or 8 on the right side to come second information is carried out second computing; Wherein, described ciphering unit is used for that the part of relevant confirmation second encrypted key and second arithmetic element are used for treating the part that process information carries out second key of second computing can be identical, also can be different, and both differences preferably.
For example, described second arithmetic element adopts DES CBC algorithm to treat process information E1 and carries out the MAC computing based on 8 on the left side of second ciphering key 11, obtains the first authorization information F1.
Then, the described second sub-generation unit forms short message to be sent based on described first authorization information, described random number, described operational factor and described pending information.
Particularly, the described second sub-generation unit with described first authorization information, random number and operational factor be placed on message header region, pending information is formed short message to be sent as message.
Carry out method for secure transactions as shown in Figure 8 based on the aforementioned Transaction Information affirmation system that is arranged in the pad pasting card:
In step S41, the webserver forms first short message based on user's transaction request information, and is sent.
Wherein, the described webserver obtain manner that obtains described transaction request information includes but not limited to: provided, provided by immediate communication platform by the webserver that trading activities such as shopping are provided etc.
For example, after user U1 sets up instant messaging by the public number of the account of immediate communication platform and A bank, user U1 by the public number of the account of this A bank provide such as querying the balance, inquiry account detail, transfer accounts, remittance, select remittance in the types of transaction such as purchase finance product, and provide own accounts information based on this immediate communication platform, behind the accounts information and money transfer amount that imports, this immediate communication platform is with the accounts information of user U1, the accounts information and the money transfer amount that import send to the webserver, the described webserver forms first short message based on the information from this immediate communication platform subsequently, and is sent.
Then, in step S42, first generation module 11 of pad pasting card forms interface to be confirmed based on the Transaction Information in first short message that receives and is shown.
For example, the interface to be confirmed that forms based on the information of transferring accounts in first short message that receives of first generation module 11 as shown in Figure 2.
Then, in step S43, second generation module 12 of described pad pasting card forms second short message based on the user to the relevant confirmation of the Transaction Information in the described interface to be confirmed, in order to sent.
For example, after described second generation module 12 clicks " acceptance " in the interface to be confirmed shown in Figure 2 based on the user, interface for password input shown in Figure 3 is provided again, and after the user imports payment cipher, form second short message based on the accounts information of the user U1 that confirms, Lee's one accounts information, money transfer amount and the payment cipher of remittance.
Then, in step S44, described pad pasting card corresponding device sends described second short message.
For example, the mobile phone under the described pad pasting card sends second short message that second generation module 12 generates.
Then, in step S45, the described webserver carries out the subsequent transaction operation based on the relevant confirmation in second short message that receives.
For example, after encapsulating " accounts information of user U1, Lee of remittance one accounts information, money transfer amount and payment cipher " in second short message that receives, the described webserver sends to the server of corresponding bank, so that this bank finishes this remittance operation.
Preferably, in abovementioned steps S43, by comparing unit 121 authorization information that generates and the authorization information that the user imports are compared earlier, and the authorization information of working as the authorization information that generates and user's input is when identical, based on the user the relevant confirmation of the Transaction Information in the described interface to be confirmed is formed second short message by the first sub-generation unit 122 of described second generation module 12 again, in order to sent.
More preferably, in abovementioned steps S43, based on determining one in a plurality of keys that prestore of random number cause as first key, subsequently, first arithmetic element is carried out first computing to obtain second key based on described random number and operational factor to described first key by selected cell in elder generation; Then, ciphering unit based on the first of second key, adopt first cryptographic algorithm that described relevant confirmation is encrypted to obtain pending information, based on the second portion of second key described pending information is carried out second computing to obtain first authorization information by second arithmetic element again; Subsequently, the second sub-generation unit forms second short message based on described first authorization information, described random number, described operational factor and described pending information again
In sum, the method for secure transactions based on the pad pasting card of the present invention comes pending transaction is confirmed by the pad pasting card, guarantees the safety of concluding the business thus; In addition, can effectively avoid the behavior of " keyboard hook " by the mode of user's input validation sign indicating number, further protect user account safety; Have again, can make things convenient for exchanging between user and bank etc. by immediate communication platform, be convenient to the user and remit money, buy all kinds of bankings such as finance product.So the present invention has effectively overcome various shortcoming of the prior art and the tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not is used for restriction the present invention.Any person skilled in the art scholar all can be under spirit of the present invention and category, and above-described embodiment is modified or changed.Therefore, have in the technical field under such as and know that usually the knowledgeable modifies or changes not breaking away from all equivalences of finishing under disclosed spirit and the technological thought, must be contained by claim of the present invention.
Claims (11)
1. the Transaction Information confirmation method based on the pad pasting card is characterized in that, described Transaction Information confirmation method based on the pad pasting card comprises at least:
1) forms interface to be confirmed based on the Transaction Information in the short message that receives and shown;
2) based on the user the relevant confirmation of the Transaction Information in the described interface to be confirmed is formed short message to be sent, in order to sent.
2. the Transaction Information confirmation method based on the pad pasting card according to claim 1 is characterized in that described step 2) also comprise:
2-1) after the user confirms the Transaction Information in the described interface to be confirmed, again the authorization information that generates and the authorization information that the user imports are compared;
2-2) when the authorization information of the authorization information that generates and user input is identical, based on the user the relevant confirmation of the Transaction Information in the described interface to be confirmed is formed short message to be sent, in order to sent.
3. the Transaction Information confirmation method based on the pad pasting card according to claim 1 and 2 is characterized in that described step 2) also comprise:
Based on determining one in a plurality of keys that prestore of random number cause as first key;
Based on described random number and operational factor described first key is carried out first computing to obtain second key;
First, employing first cryptographic algorithm based on second key are encrypted to obtain pending information to described relevant confirmation;
Second portion based on second key carries out second computing to obtain first authorization information to described pending information;
Form short message to be sent based on described first authorization information, described random number, described operational factor and described pending information.
4. the Transaction Information based on the pad pasting card is confirmed system, it is characterized in that, described Transaction Information based on the pad pasting card confirms that system comprises at least:
First generation module is used for Transaction Information based on the short message that receives and forms interface to be confirmed and shown;
Second generation module is used for based on the user the relevant confirmation of the Transaction Information at described interface to be confirmed being formed short message to be sent, in order to sent.
5. the Transaction Information based on the pad pasting card according to claim 4 is confirmed system, it is characterized in that described second generation module also comprises:
Comparing unit is used for the authorization information that generates and the authorization information that the user imports being compared after the user confirms the Transaction Information at described interface to be confirmed again;
The first sub-generation unit is used for working as authorization information that the authorization information that generates and user import when identical, based on the user the relevant confirmation of the Transaction Information in the described interface to be confirmed is formed short message to be sent, in order to sent.
6. confirm system according to claim 4 or 5 described Transaction Informations based on the pad pasting card, it is characterized in that described second generation module also comprises:
Selected cell is used for determining one as first key based on a plurality of keys that prestore of random number cause;
First arithmetic element is used for based on described random number and operational factor described first key being carried out first computing to obtain second key;
Ciphering unit, the first, employing first cryptographic algorithm that are used for based on second key are encrypted to obtain pending information to described relevant confirmation;
Second arithmetic element is used for based on the second portion of second key described pending information being carried out second computing to obtain first authorization information;
The second sub-generation unit is used for forming short message to be sent based on described first authorization information, described random number, described operational factor and described pending information.
7. a pad pasting card is characterized in that, described pad pasting card comprises each described Transaction Information affirmation system based on the pad pasting card of claim 4 to 6 at least.
8. the method for secure transactions based on the pad pasting card is characterized in that, described method for secure transactions based on the pad pasting card comprises at least:
1) webserver forms first short message based on user's transaction request information, and is sent;
2) first generation module of pad pasting card forms interface to be confirmed based on the Transaction Information in first short message that receives and is shown;
3) second generation module of described pad pasting card forms second short message based on the user to the relevant confirmation of the Transaction Information in the described interface to be confirmed, in order to sent;
4) described pad pasting card corresponding device sends described second short message;
5) the described webserver carries out the subsequent transaction operation based on the relevant confirmation in second short message that receives.
9. the method for secure transactions based on the pad pasting card according to claim 8 is characterized in that, described step 3) also comprises:
The comparing unit of described second generation module is compared the authorization information of the authorization information that generates and user's input, and the authorization information of working as the authorization information that generates and user's input is when identical, the first sub-generation unit of described second generation module forms second short message based on the user to the relevant confirmation of the Transaction Information in the described interface to be confirmed, in order to sent.
10. according to Claim 8 or 9 described method for secure transactions based on the pad pasting card, it is characterized in that described step 3) also comprises:
The selected cell of described second generation module is based on determining one in a plurality of keys that prestore of random number cause as first key;
First arithmetic element of described second generation module is carried out first computing to obtain second key based on described random number and operational factor to described first key;
The ciphering unit of described second generation module is encrypted to obtain pending information based on first, employing first cryptographic algorithm of second key to described relevant confirmation;
Second arithmetic element of described second generation module is carried out second computing to obtain first authorization information based on the second portion of second key to described pending information;
The second sub-generation unit of described second generation module forms second short message based on described first authorization information, described random number, described operational factor and described pending information.
11. the method for secure transactions based on the pad pasting card according to claim 8 is characterized in that step 1) also comprises:
The webserver forms first short message based on the customer transaction solicited message from immediate communication platform, and is sent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101673057A CN103337021A (en) | 2013-05-08 | 2013-05-08 | Film card and secure transaction method based on same |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101673057A CN103337021A (en) | 2013-05-08 | 2013-05-08 | Film card and secure transaction method based on same |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103337021A true CN103337021A (en) | 2013-10-02 |
Family
ID=49245175
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013101673057A Pending CN103337021A (en) | 2013-05-08 | 2013-05-08 | Film card and secure transaction method based on same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103337021A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104022878A (en) * | 2014-05-21 | 2014-09-03 | 北京旅信顺捷软件科技有限公司 | Film-mounted SIM card and corresponding application authentication system and authentication method |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010114799A1 (en) * | 2009-03-30 | 2010-10-07 | Appsware Wireless, Llc | Method and system for securing a payment transaction with trusted code base |
| CN102054258A (en) * | 2010-12-16 | 2011-05-11 | 中国建设银行股份有限公司 | Electronic bank safety certificating method and system based on mobile equipment |
| CN201965648U (en) * | 2010-12-30 | 2011-09-07 | 国民技术股份有限公司 | Intelligent card |
| CN102184446A (en) * | 2011-04-19 | 2011-09-14 | 东信和平智能卡股份有限公司 | Mobile phone film card used for radio frequency-subscriber identity module (RF-SIM) card mobile phone payment |
| CN102325320A (en) * | 2011-09-14 | 2012-01-18 | 北京握奇数据系统有限公司 | A kind of wireless security communication means and system |
-
2013
- 2013-05-08 CN CN2013101673057A patent/CN103337021A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2010114799A1 (en) * | 2009-03-30 | 2010-10-07 | Appsware Wireless, Llc | Method and system for securing a payment transaction with trusted code base |
| CN102054258A (en) * | 2010-12-16 | 2011-05-11 | 中国建设银行股份有限公司 | Electronic bank safety certificating method and system based on mobile equipment |
| CN201965648U (en) * | 2010-12-30 | 2011-09-07 | 国民技术股份有限公司 | Intelligent card |
| CN102184446A (en) * | 2011-04-19 | 2011-09-14 | 东信和平智能卡股份有限公司 | Mobile phone film card used for radio frequency-subscriber identity module (RF-SIM) card mobile phone payment |
| CN102325320A (en) * | 2011-09-14 | 2012-01-18 | 北京握奇数据系统有限公司 | A kind of wireless security communication means and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104022878A (en) * | 2014-05-21 | 2014-09-03 | 北京旅信顺捷软件科技有限公司 | Film-mounted SIM card and corresponding application authentication system and authentication method |
| CN104022878B (en) * | 2014-05-21 | 2017-12-15 | 北京旅信顺捷软件科技有限公司 | A kind of pad pasting SIM card and corresponding weight discriminating system and method for authenticating |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11941620B2 (en) | Multi-path communication of electronic device secure element data for online payments | |
| US20170011395A1 (en) | Multi-path communication of electronic device secure element data for online payments | |
| US20060123465A1 (en) | Method and system of authentication on an open network | |
| CN108476227A (en) | System and method for equipment push supply | |
| CN107067251A (en) | It is traded using the electronic equipment with geographically limited non-local authority | |
| US20110103586A1 (en) | System, Method and Device To Authenticate Relationships By Electronic Means | |
| CN106462843A (en) | Master applet for secure remote payment processing | |
| CN105453483A (en) | Image based key derivation function | |
| CN109479001A (en) | Exit passageway is established | |
| Husni et al. | Efficient tag-to-tag near field communication (NFC) protocol for secure mobile payment | |
| CN104462949B (en) | The call method and device of a kind of plug-in unit | |
| CN106982220B (en) | Digital certificate calling method and system | |
| CN105723388A (en) | Generating transaction identifiers | |
| WO2017083961A1 (en) | Coordinator managed payments | |
| CN103745352A (en) | Method for placing order by calling payment plug-in on WAP (Wireless Application Protocol) merchant mobile platform | |
| CN103268436A (en) | Method and system for touch-screen based graphical password authentication in mobile payment | |
| CN102611702A (en) | System and method for ensuring safety of network payment | |
| CN104200365A (en) | Writing and paying method for electronic check | |
| CN103065241A (en) | Cloud credit card transaction system and transaction method thereof | |
| Fun et al. | Review of mobile macro-payments schemes | |
| CN107026826B (en) | Data processing method and device, server and cloud management system | |
| US10762558B1 (en) | System, method, and computer program for authorizing a payment using gesture data | |
| M'Raı̈hi et al. | E-commerce applications of smart cards | |
| RU2321060C1 (en) | Method for conduction of payments by users of mobile communications | |
| CN103337021A (en) | Film card and secure transaction method based on same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131002 |