CN104348812A - Method and device for on-line certification of NFC (Near Field Communication) terminal - Google Patents
Method and device for on-line certification of NFC (Near Field Communication) terminal Download PDFInfo
- Publication number
- CN104348812A CN104348812A CN201310338261.XA CN201310338261A CN104348812A CN 104348812 A CN104348812 A CN 104348812A CN 201310338261 A CN201310338261 A CN 201310338261A CN 104348812 A CN104348812 A CN 104348812A
- Authority
- CN
- China
- Prior art keywords
- imsi
- authentication
- nfc terminal
- pos
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a device for on-line certification of an NFC (Near Field Communication) terminal. The method comprises the steps that: an NFC terminal requests for certification to a POS (Point of Sale) machine; the POS machine indicates the NFC terminal to acquire an IMSI (International Mobile Subscriber Identity); the NFC terminal reads the IMSI of an SIM (Subscriber Identity Module) card through an interface with the SIM card and feeds back the IMSI to the POS machine; the POS machine uploads the IMSI to an application system, wherein the IMSI is uploaded to an access system by the application system and is transmitted to an AAA (Authentication, Authorization and Accounting) server through the access system; the AAA server certificates the IMSI and returns certification information to the SIM card through the access system, the application system, the POS machine and the NFC terminal if the IMSI is legal; the SIM card performs certification calculation according to the certification information and uploads a calculation result to the AAA server for certification through the NFC terminal, the POS machine, the application system and the access system. According to the method and the device, safe certification of the NFC terminal based on a mobile network is realized.
Description
Technical field
The present invention relates to mobile Internet and field of terminal, particularly relate to a kind of method and apparatus of NFC terminal on-line authentication.
Background technology
NFC(Near Field Communication) be a kind of short-range wireless communication technology, allow to carry out non-contact data transmission between electronic equipment.
NFC terminal has three kinds of mode of operations: analog card pattern (Card emulation), ad hoc mode (P2P mode), card reader pattern (Reader/writer mode).Wherein:
Analog card pattern refers to that equipment as a non-contact card, equally with normal card can can have many application, and just as our mass transit card, money can be stored into the inside and carry out bankcard consumption.
Ad hoc mode is that the associated communication agreement by NFC between equipment carries out transfer of data, and as infrared and bluetooth, just mode is different, only needs two equipment to touch just can transmit.
Card reader pattern NFC device is used as a card reader used, and can read the data on contactless card, then apply in NFC device or upper layer software (applications).
Summary of the invention
In view of more than, the present invention proposes a kind of method and apparatus of NFC terminal on-line authentication.
According to an aspect of the present invention, a kind of NFC terminal on-line authentication method is proposed, wherein: NFC terminal is to POS request authentication, and POS instruction NFC terminal obtains IMSI; IMSI by the IMSI of the interface reading SIM card between SIM card, and is fed back to POS by NFC terminal; IMSI is uploaded to application system by POS, uploads to connecting system by application system, and sends aaa server to by connecting system; Aaa server carries out certification to IMSI, if IMSI is legal, then authentication information is turned back to SIM card by connecting system, application system, POS and NFC terminal; SIM card carries out authentication calculations according to authentication information, and result of calculation is uploaded to aaa server by NFC terminal, POS, application system and connecting system carries out certification.
In one embodiment of the invention, aaa server by connecting system and application system to POS return authentication result.
In one embodiment of the invention, aaa server calculates according to sending to the authentication information of SIM card, and receives the result of calculation of SIM card, if result is consistent, certification is passed through, otherwise certification is not passed through.
In one embodiment of the invention, authentication information comprises IMSI, random number and encryption key.
According to a further aspect of the invention, a kind of NFC terminal on-line authentication device is proposed, comprise SIM card, NFC terminal, POS, application system, connecting system and aaa server, wherein: SIM card provides IMSI to NFC terminal, carry out authentication calculations according to the authentication information that NFC terminal returns, and result of calculation is sent to NFC terminal; IMSI, to POS request authentication, by the IMSI of the interface reading SIM card between SIM card, is fed back to POS, and authentication information is turned back to SIM card, result of calculation is sent to POS by NFC terminal; POS instruction NFC terminal obtains IMSI, IMSI is uploaded to application system, and authentication information is turned back to NFC terminal, result of calculation is sent to application system; IMSI is uploaded to connecting system by application system, and authentication information is turned back to POS, and result of calculation is sent to connecting system; Connecting system sends IMSI to aaa server, and authentication information is turned back to application system, and result of calculation is sent to aaa server; Aaa server carries out certification to IMSI, if IMSI is legal, then authentication information is turned back to connecting system, receives the result of calculation that SIM card returns, carries out certification.
In one embodiment of the invention, aaa server is to connecting system return authentication result; Connecting system is to application system return authentication result; Application system is to POS return authentication result; POS receives the authentication result that application system returns.
In one embodiment of the invention, aaa server calculates according to sending to the authentication information of SIM card, and receives the result of calculation of SIM card, if result is consistent, certification is passed through, otherwise certification is not passed through.
In one embodiment of the invention, authentication information comprises IMSI, random number and encryption key.
The present invention proposes the method and apparatus of mobile network based on SIM card and NFC system hybrid authentication, the versatility of NFC system can be improved.The present invention is applicable to NFC system that is all and Mobile Network Operator cooperation, can realize the NFC terminal safety certification based on mobile network.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, forms a part of the present invention, and schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Figure 1 shows that the structural representation of a kind of NFC terminal on-line authentication device in one embodiment of the invention.
Figure 2 shows that the method flow diagram of a kind of NFC terminal on-line authentication in one embodiment of the invention.
Embodiment
Various exemplary embodiment of the present invention is described in detail now with reference to accompanying drawing.It should be noted that: unless specifically stated otherwise, otherwise the positioned opposite and numerical value of the parts of setting forth in these embodiments and step does not limit the scope of the invention.
Meanwhile, it should be understood that for convenience of description, the size of the various piece shown in accompanying drawing is not draw according to the proportionate relationship of reality.
Illustrative to the description only actually of at least one exemplary embodiment below, never as any restriction to the present invention and application or use.
May not discuss in detail for the known technology of person of ordinary skill in the relevant, method and apparatus, but in the appropriate case, described technology, method and apparatus should be regarded as a part of authorizing specification.
In all examples with discussing shown here, any occurrence should be construed as merely exemplary, instead of as restriction.Therefore, other example of exemplary embodiment can have different values.
It should be noted that: represent similar terms in similar label and letter accompanying drawing below, therefore, once be defined in an a certain Xiang Yi accompanying drawing, then do not need to be further discussed it in accompanying drawing subsequently.
Existing NFC authentication mode is, authentication module can in NFC terminal, also can on the sim card, and authentication module carries out certification by NFC service operation side.Existing NFC system utilizes independently Verification System to carry out certification, and this Verification System is at network side, and be loose coupling relation with mobile network, that is, it doesn't matter with operator.
The present invention, using the core of the SIM card of mobile network as NFC system certification, carries out certification by mobile network authentication system to NFC terminal.
For making the object, technical solutions and advantages of the present invention clearly understand, below in conjunction with specific embodiment, and with reference to accompanying drawing, the present invention is described in more detail.
Figure 1 shows that the structural representation of a kind of NFC terminal on-line authentication device in one embodiment of the invention.This system comprises: SIM card, NFC terminal, POS, application system, connecting system and aaa server.Wherein:
SIM card provides IMSI(International Mobile Subscriber Identity to NFC terminal, international mobile subscriber identity), authentication calculations is carried out according to the authentication information that NFC terminal returns, this authentication information comprises IMSI, random number and encryption key, and result of calculation is sent to NFC terminal.
The noncontact that NFC terminal realizes SIM card and POS is mutual.NFC terminal possesses NFC RF capabilities on the one hand, can realize the radio frequency carrying of the information interaction between POS; The APDU between SIM card or the authentication interface after encapsulation to be realized on the other hand, essential information and the authentication information of SIM card can be obtained.Be specially: IMSI, to POS request authentication, by the IMSI of the interface reading SIM card between SIM card, is fed back to POS, and authentication information is turned back to SIM card, result of calculation is sent to POS by NFC terminal.
Noncontact POS is supported with the noncontact of NFC terminal mutual.POS instruction NFC terminal obtains IMSI, IMSI is uploaded to application system, and authentication information is turned back to NFC terminal, result of calculation is sent to application system, receive the authentication result that application system returns.
IMSI is uploaded to connecting system by application system, and authentication information is turned back to POS, and result of calculation is sent to connecting system, to POS return authentication result.
Connecting system is as the authentication management center of mobile network and NFC system.The authentication capability that connecting system realizes aaa server is open, and is responsible for the legal NFC application system of access and noncontact POS.That is, the data between connecting system primary responsibility transparent transmission application system and AAA, its Main Function is exactly carry out certification to the legitimacy of application system, and guarantee just can be connected to AAA with the application system of operators in co-operation to carry out certification.Be specially: connecting system sends IMSI to aaa server, authentication information is turned back to application system, result of calculation is sent to aaa server, to application system return authentication result.
Aaa server adopts original mobile network authentication flow process, supports the opening of authentication capability.Aaa server carries out certification to IMSI, if IMSI is legal, then authentication information is turned back to connecting system, receives the result of calculation that returns of SIM card, carries out certification and to connecting system return authentication result.
Wherein, aaa server calculates according to sending to the authentication information of SIM card, and receives the result of calculation of SIM card, if result is consistent, certification is passed through, otherwise certification is not passed through.
The present invention is that certification identifies with SIM card, take aaa server as authentication center.SIM card is as the core of NFC system certification.Original SIM card authentication data are as the verify data of NFC system, and without the need to revising the software and hardware of original SIM card, authentication algorithm continues to use the original authentication algorithm of mobile network, as: A3A8, CAVE or MD5 etc.
The present invention is based on the mobile network authentication system of SIM card, carry out NFC terminal authentication.Under the prerequisite not changing original mobile network authentication system, the aaa authentication ability in mobile network is open.Newly-increased connecting system, the authentication request that application system is sent by connecting system converges to AAA system, and NFC application system and noncontact POS access AAA by connecting system.Authentication information, by calling the authentication capability of SIM card, is delivered to AAA and carries out certification by NFC terminal.
Figure 2 shows that the method flow diagram of a kind of NFC terminal on-line authentication in one embodiment of the invention.The method comprises the following steps:
Step 21, NFC terminal is to POS request authentication, and POS instruction NFC terminal obtains IMSI.
Step 22, IMSI by the IMSI of the interface reading SIM card between SIM card, and is fed back to POS by NFC terminal.
Step 23, IMSI is uploaded to application system by POS, uploads to connecting system by application system, and sends aaa server to by connecting system.
Step 24, aaa server carries out certification to IMSI, if IMSI is legal, then authentication information is turned back to SIM card by connecting system, application system, POS and NFC terminal, this authentication information comprises IMSI, random number and encryption key.
Step 25, SIM card carries out authentication calculations according to authentication information, and result of calculation is uploaded to aaa server by NFC terminal, POS, application system and connecting system carries out certification.
The key of IMSI, RAND and cryptographic storage is carried out identifying algorithm calculating, and the algorithm adopted is existing algorithm, can be A3A8, CAVE, MD5 algorithm, will be consistent with present mobile network authentication algorithm.
In another embodiment of the invention, also comprise:
Step 26, after certification, aaa server by connecting system and application system to POS return authentication result.
Wherein, aaa server calculates according to sending to the authentication information of SIM card, and receives the result of calculation of SIM card, if result is consistent, certification is passed through, otherwise certification is not passed through.
After certification is passed through, AAA notifies that POS can carry out other operations, such as, and authentication success prompting etc.Certification is not by then pointing out certification not pass through.Concrete subsequent operation can be determined by application system.
Current NFC system is established one's own system, and adopt separately independently authentication system, independent of mobile network, interoperability is poor.
The present invention proposes the method and apparatus of mobile network based on SIM card and NFC system hybrid authentication, the versatility of NFC system can be improved.The present invention is applicable to NFC system that is all and Mobile Network Operator cooperation, can realize the NFC terminal safety certification based on mobile network, the authentication capability of SIM card is expanded to NFC system from mobile network, as gate inhibition, member card, payment etc.If gate inhibition, then certification is not passed through, and cannot swipe the card and enter.If payment process, for the application system of authorizing, can directly carry out small amount and deduct fees, count telephone expenses.
So far, the present invention is described in detail.In order to avoid covering design of the present invention, details more known in the field are not described.Those skilled in the art, according to description above, can understand how to implement technical scheme disclosed herein completely.
Method of the present invention and device may be realized in many ways.Such as, any combination by software, hardware, firmware or software, hardware, firmware realizes method of the present invention and device.Said sequence for the step of described method is only to be described, and the step of method of the present invention is not limited to above specifically described order, unless specifically stated otherwise.In addition, in certain embodiments, can be also record program in the recording medium by the invention process, these programs comprise the machine readable instructions for realizing according to method of the present invention.Thus, the present invention also covers the recording medium stored for performing the program according to method of the present invention.
Although be described in detail specific embodiments more of the present invention by example, it should be appreciated by those skilled in the art, above example is only to be described, instead of in order to limit the scope of the invention.It should be appreciated by those skilled in the art, can without departing from the scope and spirit of the present invention, above embodiment be modified.Scope of the present invention is limited by claims.
Claims (8)
1. a NFC terminal on-line authentication method, is characterized in that:
NFC terminal is to POS request authentication, and POS instruction NFC terminal obtains international mobile subscriber identity (IMSI);
IMSI by the IMSI of the interface reading SIM card between SIM card, and is fed back to POS by NFC terminal;
IMSI is uploaded to application system by POS, uploads to connecting system by application system, and sends aaa server to by connecting system;
Aaa server carries out certification to IMSI, if IMSI is legal, then authentication information is turned back to SIM card by connecting system, application system, POS and NFC terminal;
SIM card carries out authentication calculations according to authentication information, and result of calculation is uploaded to aaa server by NFC terminal, POS, application system and connecting system carries out certification.
2. NFC terminal on-line authentication method according to claim 1, is characterized in that:
After certification, aaa server by connecting system and application system to POS return authentication result.
3. NFC terminal on-line authentication method according to claim 1 or 2, is characterized in that:
Aaa server calculates according to sending to the authentication information of SIM card, and receives the result of calculation of SIM card, if result is consistent, certification is passed through, otherwise certification is not passed through.
4. NFC terminal on-line authentication method according to claim 1 or 2, is characterized in that:
Authentication information comprises IMSI, random number and encryption key.
5. a NFC terminal on-line authentication device, is characterized in that, comprises SIM card, NFC terminal, POS, application system, connecting system and aaa server, wherein:
SIM card provides IMSI to NFC terminal, carries out authentication calculations, and result of calculation is sent to NFC terminal according to the authentication information that NFC terminal returns;
IMSI, to POS request authentication, by the IMSI of the interface reading SIM card between SIM card, is fed back to POS, and authentication information is turned back to SIM card, result of calculation is sent to POS by NFC terminal;
POS instruction NFC terminal obtains IMSI, IMSI is uploaded to application system, and authentication information is turned back to NFC terminal, result of calculation is sent to application system, receive the authentication result that application system returns;
IMSI is uploaded to connecting system by application system, and authentication information is turned back to POS, and result of calculation is sent to connecting system, to POS return authentication result;
Connecting system sends IMSI to aaa server, and authentication information is turned back to application system, and result of calculation is sent to aaa server, to application system return authentication result;
Aaa server carries out certification to IMSI, if IMSI is legal, then authentication information is turned back to connecting system, receives the result of calculation that returns of SIM card, carries out certification and to connecting system return authentication result.
6. NFC terminal on-line authentication device according to claim 5, is characterized in that:
Aaa server is to connecting system return authentication result;
Connecting system is to application system return authentication result;
Application system is to POS return authentication result;
POS receives the authentication result that application system returns.
7. NFC terminal on-line authentication device according to claim 5 or 6, is characterized in that:
Aaa server calculates according to sending to the authentication information of SIM card, and receives the result of calculation of SIM card, if result is consistent, certification is passed through, otherwise certification is not passed through.
8. NFC terminal on-line authentication device according to claim 5 or 6, is characterized in that:
Authentication information comprises IMSI, random number and encryption key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310338261.XA CN104348812B (en) | 2013-08-06 | 2013-08-06 | A kind of method and apparatus of NFC terminal on-line authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310338261.XA CN104348812B (en) | 2013-08-06 | 2013-08-06 | A kind of method and apparatus of NFC terminal on-line authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104348812A true CN104348812A (en) | 2015-02-11 |
| CN104348812B CN104348812B (en) | 2018-05-15 |
Family
ID=52503618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310338261.XA Active CN104348812B (en) | 2013-08-06 | 2013-08-06 | A kind of method and apparatus of NFC terminal on-line authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104348812B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109005155A (en) * | 2018-07-04 | 2018-12-14 | 北京奇安信科技有限公司 | Identity identifying method and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1932274A1 (en) * | 2005-10-03 | 2008-06-18 | Nokia Corporation | System, method and computer program product for authenticating a data agreement between network entities |
| CN101819702A (en) * | 2009-02-27 | 2010-09-01 | 中华电信股份有限公司 | Transaction system and method taking mobile telephone as mobile card reader |
| CN102088353A (en) * | 2011-03-11 | 2011-06-08 | 道里云信息技术(北京)有限公司 | Two-factor authentication method and system based on mobile terminal |
| CN102932333A (en) * | 2012-10-07 | 2013-02-13 | 潘铁军 | Safety equipment with mobile payment function, system and method |
-
2013
- 2013-08-06 CN CN201310338261.XA patent/CN104348812B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1932274A1 (en) * | 2005-10-03 | 2008-06-18 | Nokia Corporation | System, method and computer program product for authenticating a data agreement between network entities |
| CN101819702A (en) * | 2009-02-27 | 2010-09-01 | 中华电信股份有限公司 | Transaction system and method taking mobile telephone as mobile card reader |
| CN102088353A (en) * | 2011-03-11 | 2011-06-08 | 道里云信息技术(北京)有限公司 | Two-factor authentication method and system based on mobile terminal |
| CN102932333A (en) * | 2012-10-07 | 2013-02-13 | 潘铁军 | Safety equipment with mobile payment function, system and method |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109005155A (en) * | 2018-07-04 | 2018-12-14 | 北京奇安信科技有限公司 | Identity identifying method and device |
| CN109005155B (en) * | 2018-07-04 | 2021-11-12 | 奇安信科技集团股份有限公司 | Identity authentication method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104348812B (en) | 2018-05-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102737308B (en) | The method and system of a kind of mobile terminal and inquiry smart card information thereof | |
| JP5964499B2 (en) | System and method for enabling secure transactions with mobile devices | |
| CN104050565B (en) | Intelligent payment system and its mobile terminal based on PBOC payment networks | |
| US20120166337A1 (en) | Near field communication terminal for performing secure payment and secure payment method using the same | |
| KR20180017222A (en) | Online payments using a secure element of an electronic device | |
| CN102204111A (en) | Systems, methods, and computer readable media for providing for secure offline data transfer between wireless smart devices | |
| CN101853453A (en) | System and method for realizing mobile payment | |
| CN103577983A (en) | Load method of electronic currency for off-line consumption | |
| CN103559756A (en) | System and method for recharging contactless IC (Integrated Circuit) card by using NFC (Near Field Communication) mobile phone | |
| CN103366140A (en) | Card writing method and card writing device based on NFC (Near Field Communication) | |
| CN104240073A (en) | Offline payment method and offline payment system on basis of prepaid cards | |
| CN105704092A (en) | User identity authentication method, device and system | |
| CN104574653A (en) | Method and system for realizing online recharging of electronic purse IC (Integrated Circuit) card based on OBU (on board unit) | |
| CN105184556A (en) | Bluetooth-based mobile payment system and payment method | |
| CN103107888B (en) | The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level | |
| JP2023539633A (en) | Use of NFC field from phone to power card to phone Bluetooth communication | |
| CN104881781A (en) | Method, system, and client based on secure transaction | |
| CN103559523A (en) | Contactless read-write equipment and method achieved on basis of SWP SE | |
| CN103955974A (en) | ATM electronic lock system based on near field communication (NFC) smartphone and management method | |
| US9836618B2 (en) | System and method of authentication of a first party respective of a second party aided by a third party | |
| CN105608568A (en) | Device integrating functions of finance card payment and settlement and finance card payment and settlement method | |
| CN102789660B (en) | Method and the device thereof of financial wireless transactions is realized by mobile communication terminal | |
| CN104102934A (en) | Portable IC card read-write device, system and method | |
| CN104376343A (en) | Card writing method for radio frequency SIM card based on mobile phone | |
| CN103077457B (en) | A kind of intelligent RFID payment terminal and method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |