CN104348812B - A kind of method and apparatus of NFC terminal on-line authentication - Google Patents
A kind of method and apparatus of NFC terminal on-line authentication Download PDFInfo
- Publication number
- CN104348812B CN104348812B CN201310338261.XA CN201310338261A CN104348812B CN 104348812 B CN104348812 B CN 104348812B CN 201310338261 A CN201310338261 A CN 201310338261A CN 104348812 B CN104348812 B CN 104348812B
- Authority
- CN
- China
- Prior art keywords
- imsi
- pos machine
- nfc terminal
- result
- sim card
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/69—Identity-dependent
- H04W12/72—Subscriber identity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a kind of method and apparatus of NFC terminal on-line authentication.NFC terminal asks certification to POS machine, and POS machine instruction NFC terminal obtains IMSI;IMSI is fed back to POS machine by NFC terminal by the IMSI of the interface reading SIM card between SIM card;IMSI is uploaded to application system by POS machine, uploads to access system by application system, and send aaa server to by access system;Aaa server is authenticated IMSI, if IMSI is legal, authentication information is returned to SIM card by access system, application system, POS machine and NFC terminal;SIM card is authenticated calculating according to authentication information, and result of calculation is uploaded to aaa server by NFC terminal, POS machine, application system and access system and is authenticated.The present invention can realize the NFC terminal safety certification based on mobile network.
Description
Technical field
The present invention relates to mobile Internet and field of terminal, more particularly to a kind of method and dress of NFC terminal on-line authentication
Put.
Background technology
NFC(Near Field Communication)It is a kind of short-range wireless communication technique, it is allowed to electronic equipment
Between carry out non-contact data transmission.
NFC terminal has three kinds of operating modes:Simulate mode card(Card emulation), ad hoc mode(P2P
mode), card reader pattern(Reader/writer mode).Wherein:
Simulation mode card refers to that equipment can be used as a non-contact card, can there is many as normal card
Using just as our mass transit card, money can be stored into the inside and carry out bankcard consumption.
Ad hoc mode is carried out data transmission by the associated communication agreement of NFC between equipment, as infrared and bluetooth, only
It is that mode is different, it is only necessary to which two equipment, which are touched, can just transmit.
Card reader pattern is that NFC device is used as a card reader, can read the data on contactless card,
Then applied in NFC device or upper layer software (applications).
The content of the invention
More than in view of, the present invention proposes a kind of method and apparatus of NFC terminal on-line authentication.
According to an aspect of the present invention, a kind of NFC terminal on-line authentication method is proposed, wherein:NFC terminal is asked to POS machine
Certification, POS machine instruction NFC terminal obtain IMSI;NFC terminal by the IMSI of the interface reading SIM card between SIM card, and
IMSI is fed back into POS machine;IMSI is uploaded to application system by POS machine, and access system is uploaded to by application system, and by connecing
Enter system and send aaa server to;Aaa server is authenticated IMSI, if IMSI is legal, by authentication information by connecing
Enter system, application system, POS machine and NFC terminal and return to SIM card;SIM card is authenticated calculating according to authentication information, and
Result of calculation is uploaded to aaa server by NFC terminal, POS machine, application system and access system to be authenticated.
In one embodiment of the invention, aaa server is returned to POS machine by access system and application system and recognized
Demonstrate,prove result.
In one embodiment of the invention, aaa server is calculated according to the authentication information for being sent to SIM card, and
The result of calculation of SIM card is received, if result is consistent, certification is by the way that otherwise, certification does not pass through.
In one embodiment of the invention, authentication information includes IMSI, random number and encryption key.
According to a further aspect of the invention, a kind of NFC terminal on-line authentication device, including SIM card, NFC terminal, POS are proposed
Machine, application system, access system and aaa server, wherein:SIM card provides IMSI to NFC terminal, is returned according to NFC terminal
Authentication information be authenticated calculating, and result of calculation is sent to NFC terminal;NFC terminal asks certification to POS machine, passes through
The IMSI of interface reading SIM card between SIM card, feeds back to POS machine by IMSI, and authentication information is returned to SIM card, will
Result of calculation is sent to POS machine;POS machine instruction NFC terminal obtains IMSI, IMSI is uploaded to application system, and certification is believed
Breath returns to NFC terminal, and result of calculation is sent to application system;IMSI is uploaded to access system by application system, by certification
Information returns to POS machine, and result of calculation is sent to access system;Access system sends IMSI to aaa servers, by certification
Information returns to application system, and result of calculation is sent to aaa server;Aaa server is authenticated IMSI, if IMSI
It is legal, then authentication information is returned into access system, receive the result of calculation that SIM card returns, be authenticated.
In one embodiment of the invention, aaa server is to access system return authentication result;Access system is to application
System return authentication result;Application system is to POS machine return authentication result;POS machine receives the authentication result that application system returns.
In one embodiment of the invention, aaa server is calculated according to the authentication information for being sent to SIM card, and
The result of calculation of SIM card is received, if result is consistent, certification is by the way that otherwise, certification does not pass through.
In one embodiment of the invention, authentication information includes IMSI, random number and encryption key.
The present invention proposes the mobile network based on SIM card and the method and apparatus of NFC system hybrid authentication, can improve
The versatility of NFC system.The present invention is suitable for all and NFC system of Mobile Network Operator cooperation, can realize based on shifting
The NFC terminal safety certification of dynamic network.
Brief description of the drawings
Attached drawing described herein is used for providing a further understanding of the present invention, forms the part of the present invention, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 show a kind of structure diagram of NFC terminal on-line authentication device in one embodiment of the invention.
Fig. 2 show a kind of method flow diagram of NFC terminal on-line authentication in one embodiment of the invention.
Embodiment
Carry out the various exemplary embodiments of detailed description of the present invention now with reference to attached drawing.It should be noted that:Unless in addition have
Body illustrates that the component and the positioned opposite and numerical value of step otherwise illustrated in these embodiments does not limit the scope of the invention.
At the same time, it should be appreciated that for the ease of description, the size of the various pieces shown in attached drawing is not according to reality
Proportionate relationship draw.
The description only actually at least one exemplary embodiment is illustrative to be never used as to the present invention below
And its application or any restrictions that use.
It may be not discussed in detail for technology, method and apparatus known to person of ordinary skill in the relevant, but suitable
In the case of, the technology, method and apparatus should be considered as authorizing part for specification.
In shown here and discussion all examples, any occurrence should be construed as merely exemplary, without
It is as limitation.Therefore, the other examples of exemplary embodiment can have different values.
It should be noted that:Similar label and letter represents similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined, then it need not be further discussed in subsequent attached drawing in a attached drawing.
Existing NFC authentication modes are, authentication module can in NFC terminal, can also on the sim card, authentication module by
NFC service operation sides are authenticated.Existing NFC system is authenticated using independent Verification System, and the Verification System is in network
Side, is loose coupling relation with mobile network, i.e. not related with operator.
The present invention passes through mobile network authentication system pair using the SIM card of mobile network as the core of NFC system certification
NFC terminal is authenticated.
For the object, technical solutions and advantages of the present invention are more clearly understood, below in conjunction with specific embodiment, and reference
Attached drawing, the present invention is described in more detail.
Fig. 1 show a kind of structure diagram of NFC terminal on-line authentication device in one embodiment of the invention.The system
Including:SIM card, NFC terminal, POS machine, application system, access system and aaa server.Wherein:
SIM card provides IMSI to NFC terminal(International Mobile Subscriber Identity, it is international
Mobile identification number), it is authenticated calculating according to the authentication information that NFC terminal returns, which includes IMSI, random
Number and encryption key, and result of calculation is sent to NFC terminal.
NFC terminal realizes that SIM card is interacted with the non-contact of POS machine.On the one hand NFC terminal possesses NFC RF capabilities, can
Realize that the radio frequency of the information exchange between POS machine carries;On the other hand after realizing APDU or the encapsulation between SIM card
Authentication interface, can obtain the essential information and authentication information of SIM card.Specially:NFC terminal asks certification to POS machine,
By the IMSI of the interface reading SIM card between SIM card, IMSI is fed back into POS machine, and authentication information is returned into SIM
Card, POS machine is sent to by result of calculation.
Non-contact POS machine is supported to interact with the non-contact of NFC terminal.POS machine instruction NFC terminal obtains IMSI, by IMSI
Application system is uploaded to, and authentication information is returned into NFC terminal, result of calculation is sent to application system, receives application system
The authentication result that system returns.
IMSI is uploaded to access system by application system, and authentication information is returned to POS machine, result of calculation is sent to and is connect
Enter system, to POS machine return authentication result.
Access system is as mobile network and the authentication management center of NFC system.Access system realizes recognizing for aaa server
Card ability opens, and is responsible for accessing legal NFC application systems and non-contact POS machine.That is, access system is mainly responsible for transparent transmission and answers
With the data between system and AAA, its main function is exactly that the legitimacy of application system is authenticated, and is ensured of and operator
The application system of cooperation just may be coupled to AAA and be authenticated.Specially:Access system sends IMSI to aaa servers, will
Authentication information returns to application system, and result of calculation is sent to aaa server, to application system return authentication result.
Aaa server uses original mobile network authentication flow, supports the opening of authentication capability.Aaa server is to IMSI
It is authenticated, if IMSI is legal, authentication information is returned into access system, receives the result of calculation that SIM card returns, is carried out
Certification and to access system return authentication result.
Wherein, aaa server is calculated according to the authentication information for being sent to SIM card, and receives the calculating knot of SIM card
Fruit, if result is consistent, certification is by the way that otherwise, certification does not pass through.
The present invention is identified by certification of SIM card, using aaa server as authentication center.SIM card is as NFC system certification
Core.Authentication data of original SIM card authentication data as NFC system, it is not necessary to modify the software and hardware of original SIM card, mirror
Power identifying algorithm continues to use the original authentication algorithm of mobile network, such as:A3A8, CAVE or MD5 etc..
Mobile network authentication system of the invention based on SIM card, carries out NFC terminal authentication.Do not changing original shifting
On the premise of dynamic network authentication system, the aaa authentication ability in mobile network is opened.Newly-increased access system, access system will
The certification request that application system is sent is converged to be connect to AAA system, NFC application systems and non-contact POS machine by access system
Enter AAA.Authentication information is delivered to AAA and is authenticated by NFC terminal by calling the authentication capability of SIM card.
Fig. 2 show a kind of method flow diagram of NFC terminal on-line authentication in one embodiment of the invention.This method includes
Following steps:
Step 21, NFC terminal asks certification to POS machine, and POS machine instruction NFC terminal obtains IMSI.
Step 22, NFC terminal is by the IMSI of the interface reading SIM card between SIM card, and IMSI is fed back to POS
Machine.
Step 23, IMSI is uploaded to application system by POS machine, uploads to access system by application system, and pass through access
System sends aaa server to.
Step 24, aaa server is authenticated IMSI, if IMSI is legal, by authentication information by access system,
Application system, POS machine and NFC terminal return to SIM card, which includes IMSI, random number and encryption key.
Step 25, SIM card is authenticated calculating according to authentication information, and by result of calculation by NFC terminal, POS machine, should
Aaa server is uploaded to system and access system to be authenticated.
The key of IMSI, RAND and encryption storage are authenticated algorithm to calculate, used algorithm is existing algorithm,
It can be A3A8, CAVE, MD5 algorithm, to be consistent with present mobile network authentication algorithm.
In another embodiment of the invention, further include:
Step 26, after certification, aaa server is by access system and application system to POS machine return authentication result.
Wherein, aaa server is calculated according to the authentication information for being sent to SIM card, and receives the calculating knot of SIM card
Fruit, if result is consistent, certification is by the way that otherwise, certification does not pass through.
Certification is by rear, and AAA notices POS can carry out other operations, for example, certification is successfully prompted.Certification does not pass through
Then prompting certification does not pass through.Specific subsequent operation can be determined by application system.
Current NFC system is established one's own system, and using each independent authentication system, is independently of mobile network, intercommunication
Property is poor.
The present invention proposes the mobile network based on SIM card and the method and apparatus of NFC system hybrid authentication, can improve
The versatility of NFC system.The present invention is suitable for all and NFC system of Mobile Network Operator cooperation, can realize based on shifting
The NFC terminal safety certification of dynamic network, expands to NFC system, such as gate inhibition, member by the authentication capability of SIM card from mobile network
Card, payment etc..If gate inhibition, then certification is by the way that can not swipe the card entrance.If payment process, for the application of mandate
System, can directly carry out small amount and deduct fees, be included in telephone expenses.
So far, the present invention is described in detail.In order to avoid the design of the masking present invention, it is public that this area institute is not described
Some details known.Those skilled in the art as described above, can be appreciated how to implement technology disclosed herein completely
Scheme.
The method and device of the present invention may be achieved in many ways.For example, can by software, hardware, firmware or
Person's software, hardware, firmware any combinations come realize the present invention method and device.The step of for the method it is above-mentioned
Order is merely to illustrate, and the step of method of the invention is not limited to order described in detail above, unless with other sides
Formula illustrates.In addition, in certain embodiments, the present invention can be also embodied as recording program in the recording medium, these
Program includes the machine readable instructions for being used for realization the method according to the invention.Thus, the present invention also covering storage is used to perform
The recording medium of the program of the method according to the invention.
Although some specific embodiments of the present invention are described in detail by example, the skill of this area
Art personnel it should be understood that above example merely to illustrating, the scope being not intended to be limiting of the invention.The skill of this area
Art personnel are it should be understood that without departing from the scope and spirit of the present invention can modify above example.This hair
Bright scope is defined by the following claims.
Claims (4)
- A kind of 1. NFC terminal on-line authentication method, it is characterised in that:NFC terminal asks certification to POS machine, and POS machine instruction NFC terminal obtains international mobile subscriber identity (IMSI);IMSI is fed back to POS machine by NFC terminal by the IMSI of the interface reading SIM card between SIM card;IMSI is uploaded to application system by POS machine, uploads to access system by application system, and send to by access system Aaa server, wherein, access system realizes that the authentication capability of aaa server opens, and be responsible for the legal application system of access and POS machine;Aaa server is authenticated IMSI, if IMSI is legal, by authentication information by access system, application system, POS machine and NFC terminal return to SIM card;SIM card is authenticated calculating according to authentication information, and by result of calculation by NFC terminal, POS machine, application system and Access system uploads to aaa server and is authenticated;Aaa server is calculated according to the authentication information for being sent to SIM card, and receives the result of calculation of SIM card, if result Unanimously, certification is by the way that otherwise, certification does not pass through;After certification, aaa server is by access system and application system to POS machine return authentication result.
- 2. NFC terminal on-line authentication method according to claim 1, it is characterised in that:Authentication information includes IMSI, random number and encryption key.
- 3. a kind of NFC terminal on-line authentication device, it is characterised in that including SIM card, NFC terminal, POS machine, application system, connect Enter system and aaa server, wherein:SIM card provides IMSI to NFC terminal, is authenticated calculating according to the authentication information that NFC terminal returns, and by result of calculation It is sent to NFC terminal;NFC terminal asks certification to POS machine, and by the IMSI of the interface reading SIM card between SIM card, IMSI is fed back to POS machine, and authentication information is returned into SIM card, result of calculation is sent to POS machine;POS machine instruction NFC terminal obtains IMSI, and IMSI is uploaded to application system, and authentication information is returned to NFC terminal, Result of calculation is sent to application system, receives the authentication result that application system returns;IMSI is uploaded to access system by application system, and authentication information is returned to POS machine, and result of calculation is sent to access system System, to POS machine return authentication result;Access system sends IMSI to aaa servers, and authentication information is returned to application system, result of calculation is sent to Aaa server, to application system return authentication as a result, wherein, access system realizes that the authentication capability of aaa server opens, and It is responsible for access legal application system and POS machine;Aaa server is authenticated IMSI, if IMSI is legal, authentication information is returned to access system, receives SIM card The result of calculation of return, is authenticated and to access system return authentication as a result, wherein, and aaa server is according to being sent to SIM card Authentication information calculated, and receive the result of calculation of SIM card, if result is consistent, certification is by the way that otherwise, certification is obstructed Cross, and to access system return authentication result;Wherein, access system is to application system return authentication result;Application system is to POS Machine return authentication result;POS machine receives the authentication result that application system returns.
- 4. NFC terminal on-line authentication device according to claim 3, it is characterised in that:Authentication information includes IMSI, random number and encryption key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310338261.XA CN104348812B (en) | 2013-08-06 | 2013-08-06 | A kind of method and apparatus of NFC terminal on-line authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310338261.XA CN104348812B (en) | 2013-08-06 | 2013-08-06 | A kind of method and apparatus of NFC terminal on-line authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104348812A CN104348812A (en) | 2015-02-11 |
CN104348812B true CN104348812B (en) | 2018-05-15 |
Family
ID=52503618
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310338261.XA Active CN104348812B (en) | 2013-08-06 | 2013-08-06 | A kind of method and apparatus of NFC terminal on-line authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104348812B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109005155B (en) * | 2018-07-04 | 2021-11-12 | 奇安信科技集团股份有限公司 | Identity authentication method and device |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1932274A1 (en) * | 2005-10-03 | 2008-06-18 | Nokia Corporation | System, method and computer program product for authenticating a data agreement between network entities |
CN101819702A (en) * | 2009-02-27 | 2010-09-01 | 中华电信股份有限公司 | Transaction system and method taking mobile telephone as mobile card reader |
CN102088353A (en) * | 2011-03-11 | 2011-06-08 | 道里云信息技术(北京)有限公司 | Two-factor authentication method and system based on mobile terminal |
CN102932333A (en) * | 2012-10-07 | 2013-02-13 | 潘铁军 | Safety equipment with mobile payment function, system and method |
-
2013
- 2013-08-06 CN CN201310338261.XA patent/CN104348812B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1932274A1 (en) * | 2005-10-03 | 2008-06-18 | Nokia Corporation | System, method and computer program product for authenticating a data agreement between network entities |
CN101819702A (en) * | 2009-02-27 | 2010-09-01 | 中华电信股份有限公司 | Transaction system and method taking mobile telephone as mobile card reader |
CN102088353A (en) * | 2011-03-11 | 2011-06-08 | 道里云信息技术(北京)有限公司 | Two-factor authentication method and system based on mobile terminal |
CN102932333A (en) * | 2012-10-07 | 2013-02-13 | 潘铁军 | Safety equipment with mobile payment function, system and method |
Also Published As
Publication number | Publication date |
---|---|
CN104348812A (en) | 2015-02-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101809977B (en) | Updating mobile devices with additional elements | |
CN104602224B (en) | It is a kind of that chucking method is opened based on NFC mobile phone SWP-SIM cards in the air | |
KR102130726B1 (en) | Method, device and secure element for conducting a secured financial transaction on a device | |
CN102404025B (en) | A kind of terminal and the method processing payment transaction | |
CN102469081B (en) | Method, equipment and system for operating smart card | |
CN103269326A (en) | Safety equipment, multi-application system and safety method for ubiquitous networks | |
US20150142669A1 (en) | Virtual payment chipcard service | |
CN103577983A (en) | Load method of electronic currency for off-line consumption | |
CN102810189A (en) | Near field payment and payment completion confirming method for NFC (Near Field Communication) functional mobile phone | |
CN103107888B (en) | The identity identifying method that the dynamic multi-attribute of facing moving terminal is multi-level | |
Çavdar et al. | A practical NFC relay attack on mobile devices using card emulation mode | |
CN105704092A (en) | User identity authentication method, device and system | |
CN106372898A (en) | Mobile communication device and cloud computer system | |
CN103544114A (en) | Multiple M1 card control system based on single CPU card and control method thereof | |
CN104102934A (en) | Portable IC card read-write device, system and method | |
CN104348812B (en) | A kind of method and apparatus of NFC terminal on-line authentication | |
KR20090021887A (en) | The integrative method and system which use an id card and a mobile phone for electronic payment | |
CN105103180B (en) | Method for handling the distribution of mobile credit card | |
Pourghomi et al. | Ecosystem scenarios for cloud-based NFC payments | |
KR101288288B1 (en) | Method for Providing Collective Application of Module Type | |
KR20160093197A (en) | Method for Processing Mobile Payment by using Contactless Media | |
CN207352619U (en) | One kind card key access system for computer and a kind of card key | |
EP2889823A1 (en) | Method for securing a completion step of an online transaction | |
CN111222864A (en) | Internet of vehicles safety payment method, system, storage medium and vehicle machine | |
CN205486512U (en) | Automatic ticket selling machine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |