CN104348812B - A kind of method and apparatus of NFC terminal on-line authentication - Google Patents

A kind of method and apparatus of NFC terminal on-line authentication Download PDF

Info

Publication number
CN104348812B
CN104348812B CN201310338261.XA CN201310338261A CN104348812B CN 104348812 B CN104348812 B CN 104348812B CN 201310338261 A CN201310338261 A CN 201310338261A CN 104348812 B CN104348812 B CN 104348812B
Authority
CN
China
Prior art keywords
imsi
pos machine
nfc terminal
result
sim card
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310338261.XA
Other languages
Chinese (zh)
Other versions
CN104348812A (en
Inventor
刘向辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN201310338261.XA priority Critical patent/CN104348812B/en
Publication of CN104348812A publication Critical patent/CN104348812A/en
Application granted granted Critical
Publication of CN104348812B publication Critical patent/CN104348812B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0892Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/72Subscriber identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of method and apparatus of NFC terminal on-line authentication.NFC terminal asks certification to POS machine, and POS machine instruction NFC terminal obtains IMSI;IMSI is fed back to POS machine by NFC terminal by the IMSI of the interface reading SIM card between SIM card;IMSI is uploaded to application system by POS machine, uploads to access system by application system, and send aaa server to by access system;Aaa server is authenticated IMSI, if IMSI is legal, authentication information is returned to SIM card by access system, application system, POS machine and NFC terminal;SIM card is authenticated calculating according to authentication information, and result of calculation is uploaded to aaa server by NFC terminal, POS machine, application system and access system and is authenticated.The present invention can realize the NFC terminal safety certification based on mobile network.

Description

A kind of method and apparatus of NFC terminal on-line authentication
Technical field
The present invention relates to mobile Internet and field of terminal, more particularly to a kind of method and dress of NFC terminal on-line authentication Put.
Background technology
NFC(Near Field Communication)It is a kind of short-range wireless communication technique, it is allowed to electronic equipment Between carry out non-contact data transmission.
NFC terminal has three kinds of operating modes:Simulate mode card(Card emulation), ad hoc mode(P2P mode), card reader pattern(Reader/writer mode).Wherein:
Simulation mode card refers to that equipment can be used as a non-contact card, can there is many as normal card Using just as our mass transit card, money can be stored into the inside and carry out bankcard consumption.
Ad hoc mode is carried out data transmission by the associated communication agreement of NFC between equipment, as infrared and bluetooth, only It is that mode is different, it is only necessary to which two equipment, which are touched, can just transmit.
Card reader pattern is that NFC device is used as a card reader, can read the data on contactless card, Then applied in NFC device or upper layer software (applications).
The content of the invention
More than in view of, the present invention proposes a kind of method and apparatus of NFC terminal on-line authentication.
According to an aspect of the present invention, a kind of NFC terminal on-line authentication method is proposed, wherein:NFC terminal is asked to POS machine Certification, POS machine instruction NFC terminal obtain IMSI;NFC terminal by the IMSI of the interface reading SIM card between SIM card, and IMSI is fed back into POS machine;IMSI is uploaded to application system by POS machine, and access system is uploaded to by application system, and by connecing Enter system and send aaa server to;Aaa server is authenticated IMSI, if IMSI is legal, by authentication information by connecing Enter system, application system, POS machine and NFC terminal and return to SIM card;SIM card is authenticated calculating according to authentication information, and Result of calculation is uploaded to aaa server by NFC terminal, POS machine, application system and access system to be authenticated.
In one embodiment of the invention, aaa server is returned to POS machine by access system and application system and recognized Demonstrate,prove result.
In one embodiment of the invention, aaa server is calculated according to the authentication information for being sent to SIM card, and The result of calculation of SIM card is received, if result is consistent, certification is by the way that otherwise, certification does not pass through.
In one embodiment of the invention, authentication information includes IMSI, random number and encryption key.
According to a further aspect of the invention, a kind of NFC terminal on-line authentication device, including SIM card, NFC terminal, POS are proposed Machine, application system, access system and aaa server, wherein:SIM card provides IMSI to NFC terminal, is returned according to NFC terminal Authentication information be authenticated calculating, and result of calculation is sent to NFC terminal;NFC terminal asks certification to POS machine, passes through The IMSI of interface reading SIM card between SIM card, feeds back to POS machine by IMSI, and authentication information is returned to SIM card, will Result of calculation is sent to POS machine;POS machine instruction NFC terminal obtains IMSI, IMSI is uploaded to application system, and certification is believed Breath returns to NFC terminal, and result of calculation is sent to application system;IMSI is uploaded to access system by application system, by certification Information returns to POS machine, and result of calculation is sent to access system;Access system sends IMSI to aaa servers, by certification Information returns to application system, and result of calculation is sent to aaa server;Aaa server is authenticated IMSI, if IMSI It is legal, then authentication information is returned into access system, receive the result of calculation that SIM card returns, be authenticated.
In one embodiment of the invention, aaa server is to access system return authentication result;Access system is to application System return authentication result;Application system is to POS machine return authentication result;POS machine receives the authentication result that application system returns.
In one embodiment of the invention, aaa server is calculated according to the authentication information for being sent to SIM card, and The result of calculation of SIM card is received, if result is consistent, certification is by the way that otherwise, certification does not pass through.
In one embodiment of the invention, authentication information includes IMSI, random number and encryption key.
The present invention proposes the mobile network based on SIM card and the method and apparatus of NFC system hybrid authentication, can improve The versatility of NFC system.The present invention is suitable for all and NFC system of Mobile Network Operator cooperation, can realize based on shifting The NFC terminal safety certification of dynamic network.
Brief description of the drawings
Attached drawing described herein is used for providing a further understanding of the present invention, forms the part of the present invention, this hair Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 show a kind of structure diagram of NFC terminal on-line authentication device in one embodiment of the invention.
Fig. 2 show a kind of method flow diagram of NFC terminal on-line authentication in one embodiment of the invention.
Embodiment
Carry out the various exemplary embodiments of detailed description of the present invention now with reference to attached drawing.It should be noted that:Unless in addition have Body illustrates that the component and the positioned opposite and numerical value of step otherwise illustrated in these embodiments does not limit the scope of the invention.
At the same time, it should be appreciated that for the ease of description, the size of the various pieces shown in attached drawing is not according to reality Proportionate relationship draw.
The description only actually at least one exemplary embodiment is illustrative to be never used as to the present invention below And its application or any restrictions that use.
It may be not discussed in detail for technology, method and apparatus known to person of ordinary skill in the relevant, but suitable In the case of, the technology, method and apparatus should be considered as authorizing part for specification.
In shown here and discussion all examples, any occurrence should be construed as merely exemplary, without It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should be noted that:Similar label and letter represents similar terms in following attached drawing, therefore, once a certain Xiang Yi It is defined, then it need not be further discussed in subsequent attached drawing in a attached drawing.
Existing NFC authentication modes are, authentication module can in NFC terminal, can also on the sim card, authentication module by NFC service operation sides are authenticated.Existing NFC system is authenticated using independent Verification System, and the Verification System is in network Side, is loose coupling relation with mobile network, i.e. not related with operator.
The present invention passes through mobile network authentication system pair using the SIM card of mobile network as the core of NFC system certification NFC terminal is authenticated.
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with specific embodiment, and reference Attached drawing, the present invention is described in more detail.
Fig. 1 show a kind of structure diagram of NFC terminal on-line authentication device in one embodiment of the invention.The system Including:SIM card, NFC terminal, POS machine, application system, access system and aaa server.Wherein:
SIM card provides IMSI to NFC terminal(International Mobile Subscriber Identity, it is international Mobile identification number), it is authenticated calculating according to the authentication information that NFC terminal returns, which includes IMSI, random Number and encryption key, and result of calculation is sent to NFC terminal.
NFC terminal realizes that SIM card is interacted with the non-contact of POS machine.On the one hand NFC terminal possesses NFC RF capabilities, can Realize that the radio frequency of the information exchange between POS machine carries;On the other hand after realizing APDU or the encapsulation between SIM card Authentication interface, can obtain the essential information and authentication information of SIM card.Specially:NFC terminal asks certification to POS machine, By the IMSI of the interface reading SIM card between SIM card, IMSI is fed back into POS machine, and authentication information is returned into SIM Card, POS machine is sent to by result of calculation.
Non-contact POS machine is supported to interact with the non-contact of NFC terminal.POS machine instruction NFC terminal obtains IMSI, by IMSI Application system is uploaded to, and authentication information is returned into NFC terminal, result of calculation is sent to application system, receives application system The authentication result that system returns.
IMSI is uploaded to access system by application system, and authentication information is returned to POS machine, result of calculation is sent to and is connect Enter system, to POS machine return authentication result.
Access system is as mobile network and the authentication management center of NFC system.Access system realizes recognizing for aaa server Card ability opens, and is responsible for accessing legal NFC application systems and non-contact POS machine.That is, access system is mainly responsible for transparent transmission and answers With the data between system and AAA, its main function is exactly that the legitimacy of application system is authenticated, and is ensured of and operator The application system of cooperation just may be coupled to AAA and be authenticated.Specially:Access system sends IMSI to aaa servers, will Authentication information returns to application system, and result of calculation is sent to aaa server, to application system return authentication result.
Aaa server uses original mobile network authentication flow, supports the opening of authentication capability.Aaa server is to IMSI It is authenticated, if IMSI is legal, authentication information is returned into access system, receives the result of calculation that SIM card returns, is carried out Certification and to access system return authentication result.
Wherein, aaa server is calculated according to the authentication information for being sent to SIM card, and receives the calculating knot of SIM card Fruit, if result is consistent, certification is by the way that otherwise, certification does not pass through.
The present invention is identified by certification of SIM card, using aaa server as authentication center.SIM card is as NFC system certification Core.Authentication data of original SIM card authentication data as NFC system, it is not necessary to modify the software and hardware of original SIM card, mirror Power identifying algorithm continues to use the original authentication algorithm of mobile network, such as:A3A8, CAVE or MD5 etc..
Mobile network authentication system of the invention based on SIM card, carries out NFC terminal authentication.Do not changing original shifting On the premise of dynamic network authentication system, the aaa authentication ability in mobile network is opened.Newly-increased access system, access system will The certification request that application system is sent is converged to be connect to AAA system, NFC application systems and non-contact POS machine by access system Enter AAA.Authentication information is delivered to AAA and is authenticated by NFC terminal by calling the authentication capability of SIM card.
Fig. 2 show a kind of method flow diagram of NFC terminal on-line authentication in one embodiment of the invention.This method includes Following steps:
Step 21, NFC terminal asks certification to POS machine, and POS machine instruction NFC terminal obtains IMSI.
Step 22, NFC terminal is by the IMSI of the interface reading SIM card between SIM card, and IMSI is fed back to POS Machine.
Step 23, IMSI is uploaded to application system by POS machine, uploads to access system by application system, and pass through access System sends aaa server to.
Step 24, aaa server is authenticated IMSI, if IMSI is legal, by authentication information by access system, Application system, POS machine and NFC terminal return to SIM card, which includes IMSI, random number and encryption key.
Step 25, SIM card is authenticated calculating according to authentication information, and by result of calculation by NFC terminal, POS machine, should Aaa server is uploaded to system and access system to be authenticated.
The key of IMSI, RAND and encryption storage are authenticated algorithm to calculate, used algorithm is existing algorithm, It can be A3A8, CAVE, MD5 algorithm, to be consistent with present mobile network authentication algorithm.
In another embodiment of the invention, further include:
Step 26, after certification, aaa server is by access system and application system to POS machine return authentication result.
Wherein, aaa server is calculated according to the authentication information for being sent to SIM card, and receives the calculating knot of SIM card Fruit, if result is consistent, certification is by the way that otherwise, certification does not pass through.
Certification is by rear, and AAA notices POS can carry out other operations, for example, certification is successfully prompted.Certification does not pass through Then prompting certification does not pass through.Specific subsequent operation can be determined by application system.
Current NFC system is established one's own system, and using each independent authentication system, is independently of mobile network, intercommunication Property is poor.
The present invention proposes the mobile network based on SIM card and the method and apparatus of NFC system hybrid authentication, can improve The versatility of NFC system.The present invention is suitable for all and NFC system of Mobile Network Operator cooperation, can realize based on shifting The NFC terminal safety certification of dynamic network, expands to NFC system, such as gate inhibition, member by the authentication capability of SIM card from mobile network Card, payment etc..If gate inhibition, then certification is by the way that can not swipe the card entrance.If payment process, for the application of mandate System, can directly carry out small amount and deduct fees, be included in telephone expenses.
So far, the present invention is described in detail.In order to avoid the design of the masking present invention, it is public that this area institute is not described Some details known.Those skilled in the art as described above, can be appreciated how to implement technology disclosed herein completely Scheme.
The method and device of the present invention may be achieved in many ways.For example, can by software, hardware, firmware or Person's software, hardware, firmware any combinations come realize the present invention method and device.The step of for the method it is above-mentioned Order is merely to illustrate, and the step of method of the invention is not limited to order described in detail above, unless with other sides Formula illustrates.In addition, in certain embodiments, the present invention can be also embodied as recording program in the recording medium, these Program includes the machine readable instructions for being used for realization the method according to the invention.Thus, the present invention also covering storage is used to perform The recording medium of the program of the method according to the invention.
Although some specific embodiments of the present invention are described in detail by example, the skill of this area Art personnel it should be understood that above example merely to illustrating, the scope being not intended to be limiting of the invention.The skill of this area Art personnel are it should be understood that without departing from the scope and spirit of the present invention can modify above example.This hair Bright scope is defined by the following claims.

Claims (4)

  1. A kind of 1. NFC terminal on-line authentication method, it is characterised in that:
    NFC terminal asks certification to POS machine, and POS machine instruction NFC terminal obtains international mobile subscriber identity (IMSI);
    IMSI is fed back to POS machine by NFC terminal by the IMSI of the interface reading SIM card between SIM card;
    IMSI is uploaded to application system by POS machine, uploads to access system by application system, and send to by access system Aaa server, wherein, access system realizes that the authentication capability of aaa server opens, and be responsible for the legal application system of access and POS machine;
    Aaa server is authenticated IMSI, if IMSI is legal, by authentication information by access system, application system, POS machine and NFC terminal return to SIM card;
    SIM card is authenticated calculating according to authentication information, and by result of calculation by NFC terminal, POS machine, application system and Access system uploads to aaa server and is authenticated;
    Aaa server is calculated according to the authentication information for being sent to SIM card, and receives the result of calculation of SIM card, if result Unanimously, certification is by the way that otherwise, certification does not pass through;
    After certification, aaa server is by access system and application system to POS machine return authentication result.
  2. 2. NFC terminal on-line authentication method according to claim 1, it is characterised in that:
    Authentication information includes IMSI, random number and encryption key.
  3. 3. a kind of NFC terminal on-line authentication device, it is characterised in that including SIM card, NFC terminal, POS machine, application system, connect Enter system and aaa server, wherein:
    SIM card provides IMSI to NFC terminal, is authenticated calculating according to the authentication information that NFC terminal returns, and by result of calculation It is sent to NFC terminal;
    NFC terminal asks certification to POS machine, and by the IMSI of the interface reading SIM card between SIM card, IMSI is fed back to POS machine, and authentication information is returned into SIM card, result of calculation is sent to POS machine;
    POS machine instruction NFC terminal obtains IMSI, and IMSI is uploaded to application system, and authentication information is returned to NFC terminal, Result of calculation is sent to application system, receives the authentication result that application system returns;
    IMSI is uploaded to access system by application system, and authentication information is returned to POS machine, and result of calculation is sent to access system System, to POS machine return authentication result;
    Access system sends IMSI to aaa servers, and authentication information is returned to application system, result of calculation is sent to Aaa server, to application system return authentication as a result, wherein, access system realizes that the authentication capability of aaa server opens, and It is responsible for access legal application system and POS machine;
    Aaa server is authenticated IMSI, if IMSI is legal, authentication information is returned to access system, receives SIM card The result of calculation of return, is authenticated and to access system return authentication as a result, wherein, and aaa server is according to being sent to SIM card Authentication information calculated, and receive the result of calculation of SIM card, if result is consistent, certification is by the way that otherwise, certification is obstructed Cross, and to access system return authentication result;Wherein, access system is to application system return authentication result;Application system is to POS Machine return authentication result;POS machine receives the authentication result that application system returns.
  4. 4. NFC terminal on-line authentication device according to claim 3, it is characterised in that:
    Authentication information includes IMSI, random number and encryption key.
CN201310338261.XA 2013-08-06 2013-08-06 A kind of method and apparatus of NFC terminal on-line authentication Active CN104348812B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310338261.XA CN104348812B (en) 2013-08-06 2013-08-06 A kind of method and apparatus of NFC terminal on-line authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310338261.XA CN104348812B (en) 2013-08-06 2013-08-06 A kind of method and apparatus of NFC terminal on-line authentication

Publications (2)

Publication Number Publication Date
CN104348812A CN104348812A (en) 2015-02-11
CN104348812B true CN104348812B (en) 2018-05-15

Family

ID=52503618

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310338261.XA Active CN104348812B (en) 2013-08-06 2013-08-06 A kind of method and apparatus of NFC terminal on-line authentication

Country Status (1)

Country Link
CN (1) CN104348812B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109005155B (en) * 2018-07-04 2021-11-12 奇安信科技集团股份有限公司 Identity authentication method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1932274A1 (en) * 2005-10-03 2008-06-18 Nokia Corporation System, method and computer program product for authenticating a data agreement between network entities
CN101819702A (en) * 2009-02-27 2010-09-01 中华电信股份有限公司 Transaction system and method taking mobile telephone as mobile card reader
CN102088353A (en) * 2011-03-11 2011-06-08 道里云信息技术(北京)有限公司 Two-factor authentication method and system based on mobile terminal
CN102932333A (en) * 2012-10-07 2013-02-13 潘铁军 Safety equipment with mobile payment function, system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1932274A1 (en) * 2005-10-03 2008-06-18 Nokia Corporation System, method and computer program product for authenticating a data agreement between network entities
CN101819702A (en) * 2009-02-27 2010-09-01 中华电信股份有限公司 Transaction system and method taking mobile telephone as mobile card reader
CN102088353A (en) * 2011-03-11 2011-06-08 道里云信息技术(北京)有限公司 Two-factor authentication method and system based on mobile terminal
CN102932333A (en) * 2012-10-07 2013-02-13 潘铁军 Safety equipment with mobile payment function, system and method

Also Published As

Publication number Publication date
CN104348812A (en) 2015-02-11

Similar Documents

Publication Publication Date Title
CN101809977B (en) Updating mobile devices with additional elements
CN104602224B (en) It is a kind of that chucking method is opened based on NFC mobile phone SWP-SIM cards in the air
KR102130726B1 (en) Method, device and secure element for conducting a secured financial transaction on a device
CN102404025B (en) A kind of terminal and the method processing payment transaction
CN102469081B (en) Method, equipment and system for operating smart card
CN103269326A (en) Safety equipment, multi-application system and safety method for ubiquitous networks
US20150142669A1 (en) Virtual payment chipcard service
CN103577983A (en) Load method of electronic currency for off-line consumption
CN102810189A (en) Near field payment and payment completion confirming method for NFC (Near Field Communication) functional mobile phone
CN103107888B (en) The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level
Çavdar et al. A practical NFC relay attack on mobile devices using card emulation mode
CN105704092A (en) User identity authentication method, device and system
CN106372898A (en) Mobile communication device and cloud computer system
CN103544114A (en) Multiple M1 card control system based on single CPU card and control method thereof
CN104102934A (en) Portable IC card read-write device, system and method
CN104348812B (en) A kind of method and apparatus of NFC terminal on-line authentication
KR20090021887A (en) The integrative method and system which use an id card and a mobile phone for electronic payment
CN105103180B (en) Method for handling the distribution of mobile credit card
Pourghomi et al. Ecosystem scenarios for cloud-based NFC payments
KR101288288B1 (en) Method for Providing Collective Application of Module Type
KR20160093197A (en) Method for Processing Mobile Payment by using Contactless Media
CN207352619U (en) One kind card key access system for computer and a kind of card key
EP2889823A1 (en) Method for securing a completion step of an online transaction
CN111222864A (en) Internet of vehicles safety payment method, system, storage medium and vehicle machine
CN205486512U (en) Automatic ticket selling machine

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant