CN103619020B - Mobile payment security system for wireless data private network physical isolation internet - Google Patents

Mobile payment security system for wireless data private network physical isolation internet Download PDF

Info

Publication number
CN103619020B
CN103619020B CN201310660556.9A CN201310660556A CN103619020B CN 103619020 B CN103619020 B CN 103619020B CN 201310660556 A CN201310660556 A CN 201310660556A CN 103619020 B CN103619020 B CN 103619020B
Authority
CN
China
Prior art keywords
mobile
internet
mobile payment
networking
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310660556.9A
Other languages
Chinese (zh)
Other versions
CN103619020A (en
Inventor
朱雄关
刘晓岩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Longyan Rongchuang Information Technology Co.,Ltd.
Original Assignee
Chengdu Daxintong Communications Equipment Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Daxintong Communications Equipment Co ltd filed Critical Chengdu Daxintong Communications Equipment Co ltd
Priority to CN201310660556.9A priority Critical patent/CN103619020B/en
Publication of CN103619020A publication Critical patent/CN103619020A/en
Priority to PCT/CN2014/087307 priority patent/WO2015085809A1/en
Application granted granted Critical
Publication of CN103619020B publication Critical patent/CN103619020B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • G06Q20/425Confirmation, e.g. check or permission by the legal debtor of payment using two different networks, one for transaction and one for security confirmation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3229Use of the SIM of a M-device as secure element
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/326Payment applications installed on the mobile devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • H04W12/102Route integrity, e.g. using trusted paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a mobile payment security system for the wireless data private network physical isolation internet and aims to provide a mobile payment security system which has the advantages that interactivity is strong, internet invasion can be evaded, payment information is not prone to being stolen by a trojan, internal network data transmission is secure and reliable, internet access is not affected, an SIM card can be prevented from being copied. According to the technical scheme, application systems including a payment server and an authentication device are established in a mobile payment security data network which is isolated from the internet, the mobile payment security data network links with an APN or a VPDN, wherein the APN or the VPDN is isolated from the internet and connected with a GSN mobile gateway, the payment sever account establishment, mobile phone number, IMSI number and password four-in-one binding multiple authentication through a password authentication device and a mobile phone number authentication device; when the mobile payment security data network is networked, an internet access channel is automatically disconnected; after physical isolation of the internet succeeds, graphical verification code information interaction is performed between the mobile payment security system and the mobile payment server through a base station.

Description

The mobile payment safe system of wireless data private network physical isolation the Internet
Technical field
The present invention is with regard to the Internet physically-isolated wireless data construction of professional network mobile payment security application system, ensures Information and transaction security, and realize internet access passage and secure payment application switching networking passage on mobile terminals System.
Background technology
Mobile payment is that mobile network is combined with financial sector, using mobile communications network as realizing mobile payment Instrument and means, provide the financial services such as commodity transaction, payment, Bank Account Number management for client.Mobile-payment system is each Cell phone customer sets up a payment account with phone number binding, and client can carry out transferring and propping up of cash by mobile phone Pay.The mobile terminal that mobile payment is used can be mobile phone, PDA, mobile PC etc., and its means includes SMS, interactive The various ways such as voice answer-back, WAP.In mobile payment industry, whole system is by consumer, commercial undertaking, payment platform fortune Multiple link composition such as battalion business, bank, mobile operator, cardinal principle is to build a movement on mobile operation supporting platform Dats services with increment, the phone number of mobile client as association payment account, makes mobile client can carry out by mobile phone Identity validation and transaction.Mobile payment access way mainly has five kinds:The first is to utilize note(STK)Mode;Second Planting is voice mode IVR(Interactive Voice Response interactive voice response);The third is using USSD side Formula;4th kind is to be realized using wap protocol;5th kind is to be realized using WEB mode.Mainly use at present voice, STK and WEB mode is realized.According to the difference of transmission means, mobile payment is broadly divided near field and pays and remote payment, and so-called near field is propped up Pay it is simply that with the mode of mobile phone card-brushing by bus, do shopping, very convenient.Remote payment refers to:By sending payment instruction(As Net silver, telephone bank, mobile-phone payment etc.)Or by the means of payment(As by mailing, remittance)The means of payment carrying out, in such as slapping Pay electric business in the palm released, supplement with money in the palm, in the palm, video etc. belongs to remote payment.Payment standards disunity gives related pushing away at present Wide work causes much puzzles.It is using technology such as radio frequency, infrared or bluetooths that near field pays, and realizes mobile phone and other intelligence The communication of terminal is exchanged with information, and then completes transaction payment, implements technology as follows:(1)Infrared (IR) and bluetooth:The former Low cost, be difficult disturbed;Farther out, and signal does not have directivity to the transmission range of the latter.(2)Radio RF recognition technology (RFID) technical security is high, speed is fast and amount of storage is big, but its infrastructure to put into big, high cost, demanding terminal higher.
Remote payment is to utilize wireless network, by mobile phone to certain commodity of offer(Or service)Businessman send transaction Shen Please, and complete transaction payment, implement technology as follows:(1)Interaction Voice Response technology(IVR):Real with mobile phone dialing phone Existing payment process.Preferably, but because complex operation leads to time-consuming longer, communication fee is higher, peace for its stability and real-time Full performance is not good, is only applicable to small amount payment.(2)Short Message Service technology(SMS):Complete to pay by sending note.This The customer group of mode is broad-based, and expense is low, and it is easy to operate, regular handset is all achievable, but poor stability is it is impossible to determine short The response time that letter sends and receives.(3)Unstructured supplementary data traffic technology(USSD):Communication network uses handss in user Machine sends after numeral predetermined in advance or symbol to network, provides the user corresponding service.This technical operation is simple, concludes the business into Basis is low, have higher safety, but higher to demanding terminal, needs particular terminal to support.(4)Wireless application protocol technology (WAP):Connect Internet using mobile phone to complete to pay.The method interactivity is strong, but due to unstable networks, causes instruction Response speed not can determine that, cost of use is higher, and needs terminal to support.(5)K.Java/Brew(J2ME/ radio binary is transported Row environment):Connect Internet by downloading K.Java/Brew.It is portable by force, consumption of network resources is low, server is negative Carry low, interface is susceptible to user acceptance, but need terminal unit to support.No matter mobile payment adopts which kind of technology is realized, its safety Property be all the impact key factor that can develop of payment transaction.The safety of mobile payment is related to the secrecy of user profile, user Fund and the security problems of payment information, the security risk that it faces mostlys come from wireless link, service network and terminal. For solving the safety problem that faces of mobile payment, for management is, limit is typically adopted to control and contract mechanism;Technically For, typically so that the Transaction Information in payment is not obtained by disabled user and distort, recognized using identity Card technology realizes the authentication to Trading parties, realizes secrecy of information etc. using digital signature technology.In order to ensure to hand over Safety in network transmission for the data during easily, the Security Mechanism of Intra-Network of mobile-payment system palpus Erecting and improving, including fire prevention Wall system, virus prevention system etc.;System using the networking structures of double nets, prevent singlepoint devices fault and link failure it is ensured that Whole network unimpeded;System hardware double copies, have redundancy and load balancing mechanism, and data transmission security mechanism;Right Be linked into the entities such as each bank, the mobile communication network element of system make the network segment isolation it is ensured that heterogeneous networks because all with mobile payment system System is connected and intercommunication.The transaction security mechanism of currently available technology is to open an account flow process to user identity by mobile payment service Certification, sets up the binding relationship of user identity and phone number;Mobile operator guarantees the certification to user mobile phone, and to order Relation legitimacy authentication, for incomplete transaction it is desirable to commercial undertaking or payment platform operator send punching just ask, take Disappear incomplete transactional operation.For preventing the invasion to main frame for the unauthorized person, mobile payment center is deployed in mobile operator After the IP-based fire wall of network;Realize control mechanism, setting pays limit;Realize the safety management to account;Realize The security module of AES, key length, key secure exchange, cipher code renewal time, signature algorithm etc. is managed;Real The security audit of existing transaction record is followed the tracks of, it is provided that complete, accurate and believable transaction is remembered so when there is dispute Record is verified.
WEB and WAP web page safety:Whether detecting system is using login anti-exhaustion measure, if provide safe control, numeral Certificate and independent payment cipher, whether the page takes SQL injection, cross-site scripting attack, source code exposure and hacker's extension horse Take precautions against, and anti-tamper and anti-fishing measure;Coded safety:Whether security screening has been carried out to system source code and plug-in unit, Check its examination report, if there is coding criterion constraint system, if source code and version are effectively managed, checks it Management system;Digital certificate is applied:Whether internal and external business and key business, using electronic third-party certification authority certificate, are No use is effectively signed electronically, if carry out effective protection to server certificate private key;Offline data certification:Check whether and make With meeting key and certificate, static data certification and Dynamic Data Authentication etc. of business need;Application cryptogram and card sending mechanism are recognized Card:Check application cryptogram generation, card sending mechanism certification and key management etc.;Safe packet:Whether detection messages form conforms to Ask, checking message integrity, message privacy, how to manage key;Card security:Whether the detection safety of card, key There is independence, card internal security system, the species of key, key and PIN deposits in card;Terminal security: Examine the security requirement of terminal data and equipment, and key management requires, and check whether application terminal is strict on request Execution;Key management system:How detection enters line pipe to authentication center's public key, card sending mechanism public key and card sending mechanism symmetric key Reason;The algorithm of accreditation:System employs which kind of symmetric encipherment algorithm, rivest, shamir, adelman or hash algorithm etc., and these Algorithm applies which function in system, and detects correspondence system function;Client-side program safety:How to protect client application Program and configuration file, check its version whether up-to-date it is ensured that the safety of login password and payment cipher.With mobile Internet High speed development, mobile interchange financial business assumes great market demand, but the various illegal handss such as hacker attacks, fishing website All the time not in the safety of infringement the Internet finance, various pre-installed softwares, virus packing etc. threaten cell phone network safety to section Problem becomes increasingly conspicuous, and gradually forms Dark Industry Link.The safety of Internet application system, is increasingly becoming Jiao of concern Point.After prism door it has been found that, in face of the U.S. government having powerful technical strength, any Internet firm include work as Before have Internet technology the most top science and technology Fructus Mali pumilae and Google, as long as the information system set up on the internet, even if Have all kinds of safety prevention measures, all cannot avoid the security breaches that information is stolen.Safety problem is in mobile-phone payment business All the time in occupation of extremely important position.On the one hand, bank needs the trading password of user is done the encryption process, such as to some heavy Data is wanted to do hardware encryption and corresponding log management.On the other hand, common carrier need to strengthen the safety in signal transmission Problem, anti-stop signal is trapped.Mobile payment is typically many applications, needs to manage multiple applications using multichannel, determines The various states of application, application life cycles etc., that emphasis ensures different application and deposit, concurrently and apply itself safe, Safety exchanged visits between application etc..Rise with virtualization transaction proportion, security risk has also become the problem generally worried.Mobile phone props up Pay tool operation system and nonstandard application is downloaded, fishing website, trojan horse program occur frequently, and have a strong impact on the terminal of mobile payment Security context.If additionally, once losing for the mobile phone that near field pays, the probability stealing brush is high.The safety of mobile payment Problem be always mobile payment can Rapid Popularization a bottleneck.The confidentiality of information, integrity, non repudiation, truly Property, payment mode, authentication, payment terminal(Mobile phone)Safety, each link of mobile payment legal assurance unsound(Close With sign, delivery, payment, promise breaking, after sale responsibility, return goods, pay taxes, invoice issuing, pay audit etc..
In conventional art field, physical isolation is to ensure the most important maximally effective behave of internal network security, no matter bank Information system or government information system is all ensured information safety using internal network physically-isolated with the Internet.Make With internal network physically-isolated with the Internet due to having prevented the networking passage of the Internet, any hacker all cannot be carried out into Invade.For domestic consumer, APN(Access Point Name, APN)Be intended merely to online and in mobile phone terminal On be pre-configured with or the manual one group of parameter setting.And for mobile network, APN is used to realize user's Internet protocol IP message routing to corresponding GPRS network router GGSN and external network requisite mark, its effect specifically includes: APN is as Route Distinguisher:GPRS serving GPRS support node SGSN, according to APN, inquires about this APN to certain domain name system dns server Corresponding GGSN IP address, to determine the GGSN that user should access;APN is as business domain identifier:GGSN is different according to APN, will The business of user streams to different business domains, and different business domains have then corresponded to different service bearer networking modes, use Family mark acquisition modes, charge mode etc..Serving GPRS support node SGSN is as GPRS/TD-SCDMA (WCDMA) core network packet Domain equipment important component part, mainly completes the routing forwarding of packet data package, mobile management, session management, logical links The functions such as management, authentication and encryption, ticket generation and output.SGSN is GPRS serving GPRS support node, and it is provided by Gb Interface With the connection of packet radio controller PCU, move the management of data, such as user identity identification, encryption, the function such as compression; It is connected with HLR by Gr interface, carry out access and the Access Control of customer data base;It is connected with GGSN also by gn interface, The functions such as the transmission channel between radio-cell for the IP packet and protocol conversion are provided;SGSN may also provide the Gs with MSC Interface connects and the Gd interface between SMSC is connected, in order to support collaborative work and the note of data service and Circuit Service The functions such as transmitting-receiving.SGSN and GGSN coordinates, the PS function of shared TD-SCDMA (WCDMA).When as the one of GPRS network During individual basic composition network element, it is connected with BSS by Gb Interface.Its main effect is exactly that the MS for this SGSN coverage enters Row mobile management, and forward the IP of input/output to be grouped, its status is similar to the VMSC in GSM circuit network.Additionally, SGSN In be also integrated with function similar to VLR in GSM network, when user is in GPRS Attach(GPRS adheres to)During state, SGSN In store with being grouped related user profile and positional information.When SGSN is as the ps domain of TD-SCDMA (WCDMA) core net Functional node, it is connected with UTRAN by Iu_PS interface, the main routing forwarding providing ps domain, mobile management, session pipe The functions such as reason, authentication and encryption.GGSN9811 mainly carries to be provided earliest with China Mobile, be also current user using the widest two As a example individual APN CMWAP, CMNET:
1)CMWAP APN
CMWAP and CMNET is that artificial two GPRS dividing of China Mobile access passage.The former is for mobile phone WAP online And set up, the latter is mainly then that PC, notebook computer, PDA etc. utilize GPRS service on net.CMWAPAPN is at the beginning of design It is mainly directed towards the business based on http protocol, such as WAP surfs the web, multimedia message etc..With the continuous development of data service, in order to prop up Hold the business of non-HTML (Hypertext Markup Language) HTTP being gradually introduced, WAP WAP domain is by carrying out upgrading and joining Put, evolve as the acquiescence business domains towards most self-operated business and cooperative business, user oriented provide multimedia message, PIM, The business such as Streaming Media, general download, news flash, music walkman, game.CMWAPAPN employs WAP gateway and accesses as HTTP Agent node, some miscellaneous functions can be provided by user oriented simultaneously, for example exempt from defeated phone number, Content Transformation, adaptation anticipation Deng.
2)CMNET APN
CMNET is the APN in order to carry out open Internet access service setting, and user can be mutual using any protocol access Networking, does not have any control and restriction strategy, but does not provide other miscellaneous functions simultaneously yet.During using CMNET APN, mobile whole GGSN is accessed nearby by accessing ground SGSN in end, and business data flow is after the corresponding fire wall of GGSN carries out NAT address conversion Access the Internet.
VPDN is virtual private dial-up network(VirtualPrivateDialupNetwork)Abbreviation, it be based on dialing The Virtual Private Dialup Network business of user, using the bearing function of IP and other networks, in conjunction with corresponding certification and licensing scheme, Safe VPN (virtual private network) can be set up.VPDN business is mainly directed towards enterprise and government administration section.Enterprise applies for this industry It is only necessary to its intranet be passed through an access via telephone line to internet, user can Anywhere dial at home after business Number entered in this Virtual Private Network using VPDN business, be securely accessed by oneself required information resources.User can be square Just neatly voluntarily affiliated dial user is carried out opening an account, cancellation, the operation such as setting user right.
The current VPDN network built in operator is divided into fixed network VPDN and two kinds of wireless VPDN, both VPDN networks Physical location be different.Fixed network VPDN network sets on the internet, and all terminals are all addressable;Wireless VPDN network sets In the wireless data network of operator, it is isolation with the Internet, cannot be accessed by WIFI network;Mobile terminal connects wireless VPDN network, first has to connect the APN network that this wireless VPDN is carried, the user of other APN networks or networking passage cannot Access this VPDN network.
Wireless VPDN network is the VPN (virtual private network) building on APN network, the connection flow process of wireless VPDN network It is first to connect the APN passage carrying VPDN network, then carry out VPDN dialing, set up VPDN network.The networking parameters of VPDN network Including the networking parameters of APN network carrying and the networking parameters of VPDN.
After VPDN connects, mobile terminal can only connect VPDN network, and this is that system routing management in network management is realized A kind of restriction.Master-hand can realize APN and VPDN and network simultaneously by changing the routing table of mobile terminal operating system, with When the APN that networks must be VPDN carrying APN network.
Because VPDN network is not data isolation physically, it is the isolation realized on software, its safety is compared with APN net Network is low.The safety of VPDN network depends on the safety of the APN network of carrying, if the APN network carrying is that physical isolation is mutual Networking, VPDN network is exactly safe.
Although designated lane can ensure information and system safety, today that internet, applications become increasingly popular, people Need to take into account internet, applications and two kinds of application models of safety applications on mobile terminals.Particularly in mobile payment field, people On the one hand need to browse commodity in network shopping mall, on the one hand need thoroughly to ensure the safety of transaction again.
But, current mobile terminal operating system, the either browser or api interface of application program all provides only Single pass internet access pattern, meanwhile, the intelligence system of mobile terminal lacks the interface of different passage networkings of automatically switching, Make troubles to different service application.Public network how is relied on to realize the secure communication sum between mobile terminal and bank's Intranet Become currently each big business problem demanding prompt solution according to exchange.Remotely access and be usually directed to three parts:Access terminal, access are logical Road and Intranet application, all will bring safety hidden to the process that entirely remotely accesses the not in place of any one protection of these three parts Suffer from.Traditional foundation paying close attention to secure transmission tunnel based on the mobile terminal access scheme of VPN, although in certain journey Guarantee is provided to Security Data Transmission on degree, but the needs in internet browsing commodity for the mobile payment needs can not be solved, The requirement that mobile subscriber should access the Internet Transaction Safety again cannot be met.
Traditional bank paying pattern includes bank card and UKEY payment system, is all account, password, bank card or UKEY Trinitarian binding it can be ensured that pay uniqueness.Current Internet payment system is substantially using note dynamic code Come as confirmation, note dynamic code exist certain ageing so that fishing website is after stealing the dynamic code of user, can To be paid by other terminal.Thus causing the potential safety hazard of account.
Thereby, it is ensured that the uniqueness paying, it is the requirement of safety of payment.
In addition, the technological means of the current many copying SIM cards of mobile phones of online exposure, the payment industry of single binding phone number There is larger potential safety hazard in business.
Being becoming increasingly rampant of current Virus in Smart Phone, the simple password being made up of numeral of mobile phone wooden horse theft holds very much Easily, mobile payment must be taken precautions against wooden horse and numerical ciphers are stolen.
In sum, the safety of mobile payment is related to two large divisions:
1st, the safety of network and system
2nd, the safety of mobile terminal
Content of the invention
The purpose of the present invention is part in view of the shortcomings of the prior art, mobile payment network and system with mobile eventually End two is most of to provide safety applications guarantees, on network and system, provides that a kind of interactivity is strong, can evade the Internet enters Invade, payment information is difficult by wooden horse steal, and Intranet application system data transmission security is reliable, and does not affect internet access, and Can anti-SIM be replicated, the wireless data private network physical isolation that account, phone number, IMSI number, password quaternity are bound is mutual The mobile payment safe system of networking.
The above-mentioned purpose of the present invention can be reached by following measures, a kind of wireless data private network physical isolation the Internet Mobile payment safe system, including paying server, phone number authentication device, code authentication equipment and with GSN mobile network Network gateway device be connected APN network or VPDN network it is characterised in that:Paying server, authentication device are in interior application system System builds in the mobile payment security data network being isolated with the Internet, mobile payment security data network link and interconnection The APN network being connected with GSN mobile gateway of net isolation or VPDN network, paying server passes through code authentication equipment, mobile phone Number authentication equipment, sets up account, phone number, IMSI number, password quaternity binding multiple authentication;Mobile terminal is in networking During mobile payment security data network, automatically shut down internet access passage, after the success of physical isolation the Internet, by base station with Mobile payment server carries out graphical verification code information exchange.
The present invention has the advantages that compared to prior art:
On mobile terminals, application layer is directed to different demands to the present invention, by the method for switching networking passage, to meet net Network business and the handoff-security demand of secure payment different application;Online in mobile interchange, using completely and the Internet physics every From wireless data private network, provide phone number authentication and code authentication double authentication build mobile security payment system, and The method that mobile terminal automatically switches networking between internet access passage and special safety of payment passage is provided.Thoroughly prevent From the invasion of the Internet, and ensure the safety of mobile payment by dual safety certification.
The mobile terminal application layer that mobile terminal comprises browser, client or application software monitors the net that user uses Page, business and function, when needing to carry out payment transaction, by browser plug-in or client and the application of embedded passage switching The channel switching module that program embeds, carries out the switching of passage of networking, and ensures that mobile terminal uniquely joins during delivery operation Net special mobile secure payment data network is it is ensured that the safety of mobile-payment system.
The present invention is protected using including APN or VPDN data channel with the Internet physically-isolated special mobile data network The information and date safety of barrier application system.It is real in terms of access terminal secure transmission tunnel and Intranet application system protect three The three-level depth protection that existing mobile terminal safety accesses, improves Terminal security, ensures the safety accessing from source;Provide The Security Data Transmission passage of high intensity, ensures the safety of data transmission procedure;Be ensure that interior using safe access control technology The safety of net application system.
Application server, authentication device are built in interior application system and are being propped up with the movement that the Internet is isolated by the present invention Pay in secure data network, phone number authentication guarantees phone number, IMSI number, bank account with the double authentication of code authentication Binding relationship with password quaternity;Mobile payment security data is using APN the or VPDN special line and shifting with the Internet isolation The Gateway GPRS Support Node GGSN of dynamic network is connected it is ensured that with the physical isolation of the Internet and entering row information with mobile terminal and hand over Mutually;Guarantee that Transaction Information is not stolen by wooden horse using graphical verification code in process of exchange;Mobile payment uses graphical verification code true Protect payment information not by wooden horse steal.
Mobile security payment system uses phone number authentication dual with password it is ensured that phone number is separated with password, Avoid the risk that SIM cards of mobile phones is replicated, guarantee simultaneously account, phone number, IMSI, the binding relationship of password quaternity and Unique payment relation;
On mobile terminal, browser, client or application program can carry out cutting of networking passage according to different applications Change.This connection mode can avoid private data network to be directly connected to the Internet, thus thoroughly evading from interconnection The invasion of net, ensures that the internet access of mobile terminal is unaffected simultaneously, can meet mobile terminal and browse shopping in use The technology needs switching over during with the different application paying.
Brief description
For making the object, technical solutions and advantages of the present invention become more apparent, below in conjunction with accompanying drawing to the present invention's Embodiment is described in detail.It should be noted that in the case of not conflicting, in embodiment in the application and embodiment Feature can mutual combination in any.
Fig. 1 is the mobile payment safe system model schematic of wireless data private network physical isolation the Internet of the present invention.
Fig. 2 is that mobile terminal of the present invention is shown using the system model of the different passage networking interface of special browser automatic switchover It is intended to.
Fig. 3 is that mobile terminal of the present invention is shown using the system model of the different passage networking interface of general browser automatic switchover It is intended to.
Fig. 4 is the system mould using the different passage networking interface of embedded passage changeover program module automatic switchover for the mobile terminal Type schematic diagram.
Fig. 5 is that mobile terminal is shown using the system model of the different passage networking interface of autonomous channel changeover program automatic switchover It is intended to.
Specific embodiment:
Embodiment 1:
Refering to Fig. 1.In a most preferred embodiment described below, the movement of wireless data private network physical isolation the Internet Safety of payment system, includes paying server, phone number authentication device, code authentication equipment, mobile payment security number successively Include APN the or VPDN network being connected with GSN gateway with the Internet isolation according to network.Including paying server, authentication device Application system build in the mobile payment security data network being isolated with the Internet, paying server pass through code authentication Equipment, phone number authentication device, set up account, phone number, IMSI number, the multiple authentication mould of password quaternity binding Formula, moves through mobile payment security data network access points title APN special line and/or the link of Virtual Private Dialup Network VPDN special line Network gateway GSN;Mobile terminal, when using mobile payment service, automatically shuts down internet access passage, mobile payment of networking Secure network, after the success of physical isolation the Internet, carries out graphical verification code information exchange by base station and mobile payment server; Make mobile payment operate switch in all the time the unique networking of mobile terminal wireless data private network security payment data network process it In.Wherein, GGSN(Gateway GSN, gateway GSN)It has been mainly gateway effect, it can be with multiple different data networks Connect, such as ISDN, PSPDN and LAN etc..In some documents, GGSN is referred to as GPRS router.During GGSN can net GSM GPRS packet data package carries out protocol conversion, such that it is able to these packet data package are sent to TCP/IP or the X.25 net of far-end Network.SGSN is the abbreviation of English Serving GPRS SUPPORT NODE.SGSN is as GPRS/TD-SCDMA (WCDMA) core Net packet domain equipment important component part, mainly completes the routing forwarding of packet data package, mobile management, session management, patrols Collect the functions such as link management, authentication and encryption, ticket generation and output.SGSN is GPRS serving GPRS support node, and it is connect by Gb Mouth provides the connection with packet radio controller PCU, moves the management of data, such as user identity identification, encryption, compress etc. Function;It is connected with HLR by Gr interface, carry out access and the Access Control of customer data base;It is also by gn interface and GGSN It is connected, the functions such as the transmission channel between radio-cell for the IP packet and protocol conversion are provided;SGSN may also provide and MSC Gs interface connect and the Gd interface between SMSC is connected, in order to support the collaborative work of data service and Circuit Service with The functions such as short message receiving-transmitting.GGSN and SGSN (being collectively referred to as GSN) uses UDP2123 port snooping GTP-C message, and udp port 2152 is detectd Listen GTP-U message.This connection mode of above-described embodiment description can avoid private data network and the Internet to carry out directly Connect, thus thoroughly evading the invasion from the Internet.
Embodiment 2:Phone number binds Account Features
In Fig. 1, in the mobile payment safe system of wireless data private network physical isolation the Internet, tied up using phone number Determine the system model of function, phone number binding function system model, include GSN equipment and phone number authentication device successively. Mobile phone turns off internet access passage, mobile payment security network of networking, and sets up communication tunnel with phone number authentication device, During setting up communication tunnel, when mobile phone sends during domain request, mobile phone sends time domain session(Session refers to an end The time interval that end subscriber is communicated with interactive system, is often referred to from registration entrance system to logging off institute's warp system The time crossing);GGSN or SGSN first passes through APN APN special line and/or the link of Virtual Private Dialup Network VPDN special line Mobile network gateway GSN, is stored in SIM international mobile subscriber identity IMSI as a digital call user automatically Calling-number paging request parameter issues phone number authentication device, realizes IMSI by phone number authentication device and recognizes Card and address binding, then communicated with paying server through password authentication device.IMSI number is in phone number authentication device The attribute calling number Calling-Station-Id domain of the object Request bag of request that sent of client in, work as handss When machine number authentication device server receives Request bag, it is taken out user name, password and IMSI number, realize three one The certification of body.
The IMSI number that phone number authentication uses derives from the bottom access information of chip for cell phone, is on GGSN or SGSN SIM cards of mobile phones authentication information, unrelated with the application layer communication of mobile terminal.
IMSI is the whole network and globally unique mobile identification number, is divided by one mobile subscriber of unique identification in the world The number joined.SIM authentication belongs to mobile terminal bottom hardware communication category, be all built in chip hardware internal it is impossible to quilt Software modification.The fake registrations that wooden horse, virus or hacker are carried out can effectively be shielded using such authentication pattern.
Embodiment 3:Code authentication pattern
Refering to Fig. 1.In above-described embodiment 1, the pattern of code authentication includes numerical ciphers, or biometrics password such as fingerprint, Face or pupil etc..Code authentication can be single a kind of form as numeral or variform superposition.As numeral adds The form of fingerprint.
Embodiment 4:Graphical verification code
In Fig. 1.In the mobile payment safe system of wireless data private network physical isolation the Internet, using graphical verification code The mobile security payment system model of certification, mobile security payment system model includes mobile terminal, special data channel, authentication Equipment and paying server.Paying server, when each mobile terminal sends transaction request, issues a random safety Graphical verification code, as the label of transaction, submits in mobile terminal payment request.Can using the graphical verification code gradually concluded the business Not reproducible to ensure identifying code.Wooden horse or virus can effectively be evaded to system using the graphical verification code of random safety Invasion.
Mobile terminal is directed to internet access and carries out the switch mode of passage of networking, bag with two kinds of different application of mobile payment Include following four system model:
Embodiment 5:Special browser switch mode
Refering to Fig. 2.In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal uses Special browser carries out the system model of passage automatic switchover of networking, special browser networking passage automatic switchover system model bag Include special browser and/or embedded passage changeover program client and application program and the mobile terminal of embedded passage changeover program Networking subsystems.The special browser of embedded passage changeover program or client pass through mobile terminal networking subsystem with application program System networking passage, networking the Internet or mobile security payment data network.
The special browser of embedded passage changeover program or client monitor, with application program, the page, the business that user uses With function, when run into need using mobile payment service when, the passage that browser or client are embedded with application call is cut Change program, sendaisle switching command, and pass through mobile terminal networking subsystem networking passage, networking the Internet or mobile security Payment data network.
After embedded passage changeover program receives special browser or client and the order of application program, close current networking Network, the networking parameters of mobile terminal is revised as browser or client and is specified with application program or default APN or VPDN Networking parameters, initiate the request of networking mobile payment security data network to mobile terminal networking subsystem, after networking success, to Browser or client feed back success message with application program, network unsuccessfully, feed back with application program to browser or client Failed message.
Special browser or client receive after networking success message with application program, using mobile payment security data network Network passage, carries out information exchange with mobile payment safe system;Special browser or client terminate mobile with application program After the business of paying, call embedded passage changeover program, mobile terminal networking passage is switched back into internet access passage.
Mobile terminal networking subsystem refers to comprise the storage of mobile terminal networking parameter and modification, network management, networking behaviour The functions such as work are in interior software and hardware system.
Embodiment 6:General browser plug-in unit pattern
Refering to Fig. 3.In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal uses General browser plug-in unit carries out the system model of passage automatic switchover of networking;Automatically switched with general browser plug-in unit networking passage System model, the general special browser including the plug-in unit of embedded passage changeover program and mobile terminal networking subsystem.Embedded The general special browser of the plug-in unit of passage changeover program passes through mobile terminal networking subsystem, networking the Internet or mobile security Payment data network.
General browser monitors the page, business and the function that user uses, when run into need using mobile payment service when, Browser calls embedded passage to switch plug-in unit, sendaisle switching command, and embedded passage switching plug-in unit receives general browsing After device order, close current intranet network, by the networking parameters of mobile terminal be revised as browser specify or default APN or VPDN networking parameters, initiate the request of networking mobile payment security data network, network successfully to mobile terminal networking subsystem Afterwards, feed back success message to browser, network unsuccessfully, to browser feeding back unsuccessful message.
After general browser receives networking success message, using mobile payment security data network passage, with mobile payment Security system carries out information exchange;After general browser completes mobile payment service, call embedded passage to switch plug-in unit, will move Dynamic terminal networking passage switches back into internet access passage.
Embodiment 7:Embedded channel switching module mode
Refering to Fig. 4.In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal uses The channel switching module that mobile terminal embeds carries out the system model of passage automatic switchover of networking, passage automatic switchover system of networking Model includes application layer and mobile terminal operating system, and comprises channel switching module and move eventually with mobile terminal operating system End Networking subsystems;Application layer comprises browser, browser plug-in, client or application program;Application layer passes through application program DLL API links channel switching module, connects mobile terminal networking subsystem through channel switching module.
Channel switching module is to be built in mobile terminal operating system to link with mobile terminal networking subsystem, and execution is logical The module of road handover operation function.
Application layer monitors the page, business and the function that user uses, when run into need using mobile payment service when, call Passage switches plug-in unit, sendaisle switching command.After application layer receives the message of passage handover success, using mobile payment security Data network carries out information exchange.After application layer completes mobile payment security business, call channel switching module, passage of networking Switch back into internet access passage.
Embodiment 8:Independent passage switching software mode
Refering to Fig. 5.In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal uses Independent passage switches software and carries out the system model of passage automatic switchover of networking, and switching software networking passage in autonomous channel is automatic Switched system model, including application layer, passage changeover program software and mobile terminal operating system, wherein, application layer comprises clear Look at device, browser plug-in or client and application program, mobile terminal operating system comprises mobile terminal networking subsystem, application Layer links passage by application programming interface API and switches software, and passage switches software link mobile terminal networking subsystem With mobile terminal operating system interaction data.
Passage switching is one section and needs start-up by hand, independent of mobile terminal operating system outside application program.When logical Road switching software be started manually after, reside in internal memory, to application layer provide application programming interface API, and according to should Instructed into row of channels handover operation with layer;Passage switching after the startup of application programming interface API Calls for the application layer is soft Part carries out the switching of different networking passages;Application layer program DLL API after passage switching software exits internal memory, in internal memory Disappear.
Above-described is only the preferred embodiments of the present invention.It should be pointed out that coming for those of ordinary skill in the art Say, under the premise without departing from the principles of the invention, some deformation can also be made and improve, such as described mobile payment security should Can apply to mailbox, the business of OA or other needs guarantee safety or application system with system, in addition described program is permissible It is stored in mobile terminal readable storage medium storing program for executing, alternatively, each module/unit of above-described embodiment terminal can adopt the shape of hardware Formula is realized, and the form that software function module may also be employed is realized.The present invention is not restricted to the hardware and software of any particular form Combination, also belong to scope of the invention, these alterations and modifications should be regarded as belonging to protection scope of the present invention.

Claims (12)

1. a kind of mobile payment safe system of wireless data private network physical isolation the Internet, including paying server, cell-phone number Code authentication device, code authentication equipment and the APN network being linked with GSN mobile network gateway equipment or VPDN network, it is special Levy and be:Application system including paying server, authentication device is built in the mobile payment peace being isolated with the Internet In full data network, the APN network being connected with GSN mobile gateway that mobile payment security data network link is isolated with the Internet Or VPDN network, paying server pass through code authentication equipment, phone number authentication device, set up account, phone number, IMSI Number, password quaternity binding multiple authentication;Mobile terminal, when networking mobile payment security data network, automatically shuts down interconnection Net access path, after the success of physical isolation the Internet, carries out graphical verification code information friendship by base station and mobile payment server Mutually.
2. the mobile payment safe system of wireless data private network physical isolation the Internet as claimed in claim 1, its feature exists In:In the mobile payment safe system of wireless data private network physical isolation the Internet, using phone number binding function it is System model, mobile phone turns off internet access passage, mobile payment security data network of networking, and sets up with phone number authentication device Communication tunnel, during setting up communication tunnel, when mobile phone sends during domain request, GGSN or SGSN first passes through Access Point Name Claim APN special line and/or Virtual Private Dialup Network VPDN special line link mobile network gateway GSN, user is stored in SIM International mobile subscriber identity IMSI issues phone number as a digital call calling-number paging request parameter Authentication device, realizes IMSI certification and address binding by phone number authentication device, then takes with paying through password authentication device Business device is communicated.
3. the mobile payment safe system of wireless data private network physical isolation the Internet as claimed in claim 1, its feature exists In:The pattern of code authentication includes numerical ciphers, or biometrics password.
4. the mobile payment safe system of wireless data private network physical isolation the Internet as claimed in claim 1, its feature exists In:In the mobile payment safe system of wireless data private network physical isolation the Internet, using the movement of graphic verification code authentication Safety payment system model, mobile security payment system model includes mobile terminal, special data channel, authentication device and payment Server.
5. the mobile payment safe system of wireless data private network physical isolation the Internet as claimed in claim 4, its feature exists In:Paying server, when each mobile terminal sends transaction request, issues the graphical verification code of a random safety, as The label of transaction, submits in mobile terminal payment request, ensures that identifying code can not be answered using the graphical verification code gradually concluded the business System.
6. the mobile payment safe system of wireless data private network physical isolation the Internet as claimed in claim 1, its feature exists In:In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal is entered using special browser The system model that row networking passage automatically switches, special browser networking passage automatic switchover system model includes embedded passage and cuts Change the special browser of program and/or the client of embedded passage changeover program and application program and mobile terminal networking subsystem System.
7. the mobile payment safe system of wireless data private network physical isolation the Internet as claimed in claim 6, its feature exists In:The special browser of embedded passage changeover program or client monitor, with application program, the page, business and the work(that user uses Can, when run into need using mobile payment service when, the passage switching journey that browser or client are embedded with application call Sequence, sendaisle switching command, and by mobile terminal networking subsystem networking passage, networking the Internet or mobile security pay Data network.
8. the mobile payment safe system of wireless data private network physical isolation the Internet as claimed in claim 7, its feature exists In:After embedded passage changeover program receives special browser or client and the order of application program, close current net of networking Network, the networking parameters of mobile terminal is revised as browser or client and is specified with application program or default APN or VPDN connection Network parameters, initiate the request of networking mobile payment security data network to mobile terminal networking subsystem, after networking success, Xiang Liu Look at device or client and feed back success message with application program, network unsuccessfully, feed back mistake to browser or client with application program Lose message.
9. the mobile payment safe system of wireless data private network physical isolation the Internet as claimed in claim 8, its feature exists In:Special browser or client are received after networking success message with application program, are led to using mobile payment security data network Road, carries out information exchange with mobile payment safe system;After browser or client and application program terminate mobile payment service, Call embedded passage changeover program that mobile terminal networking passage is switched back into internet access passage.
10. the mobile payment safe system of wireless data private network physical isolation the Internet as claimed in claim 1, its feature exists In:In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal uses mobile terminal to embed Channel switching module carry out network passage automatically switch system model, networking passage automatic switchover system model include apply Layer and mobile terminal operating system, and mobile terminal operating system comprises channel switching module and mobile terminal networking subsystem; Application layer comprises browser, browser plug-in, client or application program;Application layer passes through application programming interface API chain Connect channel switching module, connect mobile terminal operating system through channel switching module.
The mobile payment safe system of 11. wireless data private network physical isolation the Internets as claimed in claim 1, its feature exists In:In the mobile payment safe system of wireless data private network physical isolation the Internet, mobile terminal is cut using independent passage Change software and carry out the system model of passage automatic switchover of networking, autonomous channel switching software networking passage automatic switchover system mould Type, including application layer, passage changeover program software and mobile terminal operating system, wherein, application layer comprises browser, browser Plug-in unit or client and application program, mobile terminal operating system comprises mobile terminal networking subsystem, and application layer passes through application Program Interfaces API link passage switching software, passage switching software link mobile terminal networking subsystem and mobile terminal Operating system interaction data.
The mobile payment safe system of 12. wireless data private network physical isolation the Internets as claimed in claim 11, its feature It is:After passage switching software starts, reside in internal memory, provide application programming interface API to application layer, and according to Application layer instructs into row of channels handover operation;Passage switching after the startup of application programming interface API Calls for the application layer Software carries out the switching of different networking passages;Application layer program DLL after passage switching software exits internal memory, in internal memory API disappears.
CN201310660556.9A 2013-12-09 2013-12-09 Mobile payment security system for wireless data private network physical isolation internet Active CN103619020B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201310660556.9A CN103619020B (en) 2013-12-09 2013-12-09 Mobile payment security system for wireless data private network physical isolation internet
PCT/CN2014/087307 WO2015085809A1 (en) 2013-12-09 2014-09-24 Mobile payment security system with wireless data private network physically isolated from internet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310660556.9A CN103619020B (en) 2013-12-09 2013-12-09 Mobile payment security system for wireless data private network physical isolation internet

Publications (2)

Publication Number Publication Date
CN103619020A CN103619020A (en) 2014-03-05
CN103619020B true CN103619020B (en) 2017-02-08

Family

ID=50169724

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310660556.9A Active CN103619020B (en) 2013-12-09 2013-12-09 Mobile payment security system for wireless data private network physical isolation internet

Country Status (2)

Country Link
CN (1) CN103619020B (en)
WO (1) WO2015085809A1 (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103619020B (en) * 2013-12-09 2017-02-08 成都达信通通讯设备有限公司 Mobile payment security system for wireless data private network physical isolation internet
WO2015188718A1 (en) * 2014-06-10 2015-12-17 北京奇虎科技有限公司 Mobile terminal-based payment method and apparatus, and mobile terminal
CN104821992B (en) * 2015-05-25 2018-01-19 广东欧珀移动通信有限公司 A kind of method and device of mobile phone automatically switching network connection type
CN105550577A (en) * 2015-12-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 Security control method and system for terminal container
CN107274178B (en) * 2017-07-21 2020-07-17 Oppo广东移动通信有限公司 Network switching method and related product
CN107528739B (en) * 2017-09-21 2021-04-16 中国银联股份有限公司 Terminal monitoring management method and device
CN108769959A (en) * 2018-04-11 2018-11-06 南京熊猫通信科技有限公司 A kind of communication terminal near field identifying system and method based on microcell base station
US11785013B2 (en) 2018-05-18 2023-10-10 Telefonaktiebolaget Lm Ericsson (Publ) Application program access control
CN109246104B (en) * 2018-09-12 2021-06-08 安徽中科数盾科技有限公司 Security mobile police service system oriented to high-confidentiality environment
CN109754270B (en) * 2019-03-08 2023-04-07 重庆市微导科技有限公司 One-stop vehicle terminal
CN109981816B (en) * 2019-03-21 2023-04-18 上海风汇网络科技有限公司 Value transmission system and method based on DNS (Domain name System) and DNS server
CN111490988B (en) * 2020-04-10 2022-07-15 海南简族信息技术有限公司 Data transmission method, device, equipment and computer readable storage medium
US11928665B2 (en) 2020-07-21 2024-03-12 Mastercard International Incorporated Methods and systems for facilitating a payment transaction over a secure radio frequency connection
CN112073375B (en) * 2020-08-07 2023-09-26 中国电力科学研究院有限公司 Isolation device and isolation method suitable for client side of electric power Internet of things
CN112327736B (en) * 2020-09-14 2022-05-31 广东联凯智能科技有限公司 Embedded programmable module for electronic products

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778173A (en) * 1996-06-12 1998-07-07 At&T Corp. Mechanism for enabling secure electronic transactions on the open internet
CN1578487A (en) * 2003-07-28 2005-02-09 华为技术有限公司 Method for mobile terminal switching in packet network
CN101923757A (en) * 2010-08-05 2010-12-22 中国科学院深圳先进技术研究院 Mobile payment management system
CN201846357U (en) * 2010-07-30 2011-05-25 杭州茵缌特科技有限公司 Security network architecture for non-field industries
CN103093346A (en) * 2011-10-31 2013-05-08 深圳光启高等理工研究院 Mobile terminal payment method and mobile terminal

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20110069911A (en) * 2009-12-18 2011-06-24 에스케이 텔레콤주식회사 Finance settlement service method and system using a sticker card
CN103347273A (en) * 2013-07-02 2013-10-09 北京播思无线技术有限公司 Device and method for automatically selecting optimal transmission mode according to service requirements
CN103619020B (en) * 2013-12-09 2017-02-08 成都达信通通讯设备有限公司 Mobile payment security system for wireless data private network physical isolation internet
CN103618736A (en) * 2013-12-09 2014-03-05 成都达信通通讯设备有限公司 Safety application system for mobile terminal to automatically switch between different channel networking interfaces

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778173A (en) * 1996-06-12 1998-07-07 At&T Corp. Mechanism for enabling secure electronic transactions on the open internet
CN1578487A (en) * 2003-07-28 2005-02-09 华为技术有限公司 Method for mobile terminal switching in packet network
CN201846357U (en) * 2010-07-30 2011-05-25 杭州茵缌特科技有限公司 Security network architecture for non-field industries
CN101923757A (en) * 2010-08-05 2010-12-22 中国科学院深圳先进技术研究院 Mobile payment management system
CN103093346A (en) * 2011-10-31 2013-05-08 深圳光启高等理工研究院 Mobile terminal payment method and mobile terminal

Also Published As

Publication number Publication date
CN103619020A (en) 2014-03-05
WO2015085809A1 (en) 2015-06-18

Similar Documents

Publication Publication Date Title
CN103619020B (en) Mobile payment security system for wireless data private network physical isolation internet
CN104158824B (en) Genuine cyber identification authentication method and system
US6915124B1 (en) Method and apparatus for executing secure data transfer in a wireless network
CN102006271B (en) IP address secure multi-channel authentication for online transactions
CN103618736A (en) Safety application system for mobile terminal to automatically switch between different channel networking interfaces
CN102480486B (en) Method, device and system for verifying communication session
CN103973700A (en) Mobile terminal preset networking address firewall isolation application system
CN102202306B (en) Mobile security authentication terminal and method
CN106302391A (en) A kind of enciphered data transmission method and proxy server
CN103297437A (en) Safety server access method for mobile intelligent terminal
KR102299865B1 (en) Method and system related to authentication of users for accessing data networks
CN105551120A (en) Building intercommunication method, near field communication (NFC) unlocking device and building intercommunication system
CN101986598B (en) Authentication method, server and system
CN103905194B (en) Identity traceability authentication method and system
CN106789834A (en) Method, gateway, PCRF network elements and system for identifying user identity
CN103973642A (en) Method and device for realizing JS API security access control
CN104735027A (en) Safety authentication method and authentication certification server
WO2014177938A2 (en) Digital credential with embedded authentication instructions
TW201729562A (en) Server, mobile terminal, and internet real name authentication system and method
RU2625949C2 (en) Method and system using cyber identifier for ensuring protected transactions
CN104168565A (en) Method for controlling safe communication of intelligent terminal under undependable wireless network environment
CN103795736B (en) Firewall networking system for different networking channels of mobile terminal
CN101022576A (en) Method and system for realizing air selecting number
CN104703183A (en) Special line APN (Access Point Name) security-enhanced access method and device
CN101511086A (en) Wireless safety networking system and method for financial grid point terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20201221

Address after: No. 305, 3 / F, building 1, Cambridge business district, No. 6, Longgong Road, Longyan economic and Technological Development Zone, Longyan City, Fujian Province

Patentee after: Longyan Rongchuang Information Technology Co.,Ltd.

Address before: No.1302, 1st floor, building 13, no.282, Jinji North Road, Wuhou District, Chengdu City, Sichuan Province 610041

Patentee before: CHENGDU DAXINTONG COMMUNICATIONS EQUIPMENT Co.,Ltd.