CN104376465A - Safe mobile payment method - Google Patents
Safe mobile payment method Download PDFInfo
- Publication number
- CN104376465A CN104376465A CN201410665808.1A CN201410665808A CN104376465A CN 104376465 A CN104376465 A CN 104376465A CN 201410665808 A CN201410665808 A CN 201410665808A CN 104376465 A CN104376465 A CN 104376465A
- Authority
- CN
- China
- Prior art keywords
- payment
- information
- cipher key
- key carrier
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
The invention discloses a safe mobile payment method. Payment information including prices is obtained by scanning two-dimensional codes or conducting inputting; modes of payment are selected; secret key carriers are inserted and connected and then work; payment passwords are input or payment two-dimensional codes are scanned, and the payment passwords or the payment two-dimensional codes are encrypted through the secret key carriers; encrypted information is transmitted to disbursement channels; if signature verification is successful, payment money deduction is successful, and payment is completed. The safe mobile payment method not only can guarantee individual payment information and fund security of users, but also is convenient to use and reliable and has a good extensible function; secret keys are added, anti-counterfeiting and authenticity identification can be conducted off line or on line through common handheld terminals, and the users do not need to go to special mechanisms for identification.
Description
Technical field
The present invention relates to a kind of safe method of mobile payment, be applicable to finance, traffic, business, hotel, tourism, aviation or other can use the field of mobile payment.
Background technology
Along with the development of economy, in payment, paid under upper thread by traditional, progressively move towards the line by internet pays.Along with the continuous progress of science and technology, IC industry obtains develop rapidly, and from strength to strength, volume is more and more less for IC chip functions, and price is more and more lower.Meanwhile, mechanics of communication is also in very fast development, and the application of smart mobile phone is very general, and the processing speed of smart mobile phone is also more and more faster, and function also from strength to strength.And wireless network covering is also progressively increase with the service traffics that can support.The development of these basic technologies, has promoted the further change of the modes of payments, based on the mode of mobile terminal payment, has been accepted gradually.
Meanwhile, having to face a new problem, how to guarantee the safety of the information security of mobile payment, particularly fund and personal information, will be a very large potential technical security problem.Internet is the network of an opening, by common technological means, is easy to obtain personal information and fund information.For mobile Internet, this problem is more obvious, because mobile Internet can not adopt the mode of special line to dock with financial institution, existing cipher mode is all software cryptography substantially, and the disadvantage of software cryptography easily to be caught by wooden horse by hacker and utilized by hacker.In terminal practical application, a large amount of APP (Application can be implanted unintentionally, third-party application software), the safe class of these APP is very different, be easy to be utilized by trojan horse, thus obtain personal information and fund information, and likely there will be some fund taking and carring aways.
Summary of the invention
Based on the demand, the present invention proposes a kind of safe method of mobile payment, the method can not only guarantee individual subscriber payment information and fund security, and easy to use, reliably, and has good extendable functions; Off-line can be made of common handheld terminal or online false proof Jianzhen identifies, and not need to go to special mechanism and do identification.
Technical scheme of the present invention is as follows:
A safe method of mobile payment, comprises the following steps:
Step one, by scanning Quick Response Code or input, obtains the payment information comprising price;
Step 2, selects the modes of payments;
Step 3, inserts cipher key carrier, connects cipher key carrier, cipher key carrier work;
Step 4, input payment cipher or scanning payment Quick Response Code, cipher key carrier is encrypted above-mentioned information;
Step 5, the information after Transmission Encryption is to channel of disbursement;
Step 6, sign test is passed through, and pay and withhold successfully, payment completes.
Its further technical scheme is: the modes of payments in described step 2 is e-bank or electronics collar.
Its further technical scheme is: the channel of disbursement in described step 5 is Third-party payment or bank.
Advantageous Effects of the present invention is:
(1) key resource is very abundant; Can adopt different rivest, shamir, adelmans, for the Conbined public or double key cryptographic algorithm based on ECC (oval encryption curve), spendable key reaches 10
48individual key, enough each user distributes a key.
(2) key does not need transmission; For the Conbined public or double key cryptographic algorithm of asymmetric encryption, key is divided into PKI and private key, paired, with encrypted private key, public key decryptions, writes in the safety chip of cipher key carrier, in whole payment process by the private key A of user and PKI B, do not need to transmit any key, only need transmission user to identify.
(3) key and key algorithm subsystem not can read in cipher key carrier (hardware security chip); The private key A of user and PKI B writes in the safety chip of cipher key carrier, and safety chip can only write, and can not read.And have security logic in safety chip, if read by violence or detect excitation, then all information can be erased by security logic.
(4) enciphering and deciphering algorithm completes in cipher key carrier; In order to information security, all encryption and decryption all complete in cipher key carrier, have cured enciphering and deciphering algorithm in cipher key carrier, and in the ROM of cipher key carrier programming controlling run software.
(5) cipher key carrier is separated with mobile terminal; Cipher key carrier, when use key and enciphering and deciphering algorithm, just can be connected with mobile terminal or PC terminal, when not using, is disconnect physically.Which ensure that the information security in cipher key carrier.
(6) cipher key carrier is easy to carry; Cipher key carrier is very little, and outward appearance can make various shape, and has hanging hole, can hang on key chain, also can be placed in pocket.
(7) cipher key carrier can with some terminal bindings of specifying; After key is connected with mobile terminal or PC terminal, the hardware identifier information of meeting active reading terminals, obtains the mark of hardware, the hard disk string number of such as mobile phone hardware string number, or PC; Whether selected to bind by user, after binding, cipher key carrier in several terminal works of binding, can only further increase security.
(8) if cipher key carrier is lost, only need to report the loss to make up, original key lost efficacy immediately; Just in case cipher key carrier is lost, only need phone to report the loss, go to the place of specifying to make up afterwards again, while reporting the loss, original key expires, background system does not re-recognize original key, improves the safety of mobile payment further.
(9) cipher key carrier has multiple interfaces mode, and except using on mobile terminals, cipher key carrier also can use in PC (PC) terminal; Owing to supporting multiple interfaces, can support USB, serial ports, audio port, therefore cipher key carrier can use in different terminals, not by the restriction of terminal.
(10) cipher key carrier is cheap, is applicable to universal; Compare with terminal, cipher key carrier is cheap, is applicable to popularization and application.
(11) content of cipher key carrier can be expanded as required, can be used for the function supporting the false proof Jianzhen of such as off-line; Except supporting safe mobile payment, different cipher key content can be write in cipher key carrier again, the function of the false proof Jianzhen of such as off-line can be realized.
Accompanying drawing explanation
Fig. 1 is the cipher key carrier structural drawing in the present invention.
Fig. 2 is the payment flow figure in the present invention.
Embodiment
Below in conjunction with accompanying drawing, the specific embodiment of the present invention is described further.
This safe method of mobile payment that the present invention proposes, relates to mobile cryptographic key subsystem, enciphering and deciphering algorithm subsystem, and supports cipher key carrier and the software systems of above-mentioned two subsystems.
Cipher key carrier structure as shown in Figure 1, comprises microprocessor, safety chip (comprising security logic, self-destruction unit), I/O interface (comprising USB/ serial ports/audio port), random access memory ram, read only memory ROM, the electronics formula of erasing can make carbon copies ROM (read-only memory) EEPROM.
The course of work of cipher key carrier comprises the steps:
Step one, by I/O interface (USB/ serial ports/audio port), or other safe read-write mouths, working procedure is solidificated in ROM in binary form, and the pseudo-random sequence that chaotic maps produces, fascination key, and private key is solidificated in the security logic of safety chip all in binary form;
Step 2, after having solidified, activation of microprocessor, RAM, ROM, EEPROM, security logic and self-destruction unit;
Step 3, is connected cipher key carrier with terminal, provides working power by I/O interface, and then starts microprocessor;
Step 4, is delivered to working procedure in microprocessor and RAM from ROM;
Step 5, reads in the information of the user spy in EEPROM, and the information that user is special is passed to security logic;
Step 6, the information of security logic to user spy identifies, completes authentication, and the work of information encryption and decryption;
Step 7, by I/O interface, is obtained external information, carries out encryption and decryption work, and result exported by I/O interface at security logic to external information;
Step 8, if continuous several times is not all by authentication in security logic, then thinks and None-identified user start self-destruction unit immediately, EEPROM is used for store the distinctive information of user all to destroy, meanwhile, in order to prevent reverse engineering, when continuous several times is not by authentication, start fascination key, follow-up authentication is all use fascination key to carry out authentication, even if reverse engineering success, the key obtained also is false.
The method of mobile payment of the safety that the present invention proposes, has boundless use scenes, such as in various small amount payment scene, and time qualification commodity comprise value card volume, certificate, can make in this way.The safe and reliable modes of payments is not only provided, simultaneously through expansion, also can provides the function of false proof Jianzhen.
Embodiment one:
To pay, step following (as shown in Figure 2):
Step one, obtains payment information (by scanning Quick Response Code or input), obtains pricing information;
Step 2, selects the modes of payments (other modes such as e-bank or electronics collar);
Step 3, inserts cipher key carrier, connects cipher key carrier, cipher key carrier work;
Step 4, input payment cipher or scanning payment Quick Response Code, cipher key carrier is encrypted above-mentioned information;
Step 5, the information after Transmission Encryption is to channel of disbursement (third party or bank);
Step 6, sign test is passed through, and withhold successfully, payment completes.
Embodiment two:
For the coupon/block of market distribution, buy on behalf and enclose/block, denomination generally can not be very large, and in order to control cost and false proof, can adopt cipher key carrier of the present invention, adopt the mode of off-line Jianzhen, step is as follows:
Step one, encrypted by Conbined public or double key and obtain unique mark, be printed on securities by this mark with the form of Quick Response Code, this enciphered message comprises the anti-counterfeiting information such as denomination, numbering, issuing date of securities;
Step 2, inserts terminal cipher key carrier (in cipher key carrier, corresponding public key information has been got well in programming in advance), and terminal obtains this identification information by scanning Quick Response Code, and the identification information obtained is sent into cipher key carrier;
Step 3, cipher key carrier is calculated by PKI after receiving this identification information, obtains the PKI of this mark, is decrypted computing;
Step 4, if successful decryption, then obtain the plain code information on securities that this mark should be corresponding, such as denomination, issuing date, issuer, forward step 6 to;
Step 5, if decipher unsuccessfully, then arrives step 8;
Step 6, according to the plain code information on security, compares with the information after deciphering, if having matched, then arrives step 7, if do not mated, then arrive step 8;
Step 7, information matches, then illustrate and be proved to be successful, be recorded in terminal, when waiting online, return to backstage by Jianzhen time place;
Step 8, if information is not mated or deciphered unsuccessfully, then illustrates authentication failed, Terminal Alert, and record failed content and address, time etc. online time, return to backstage.
Private key in cipher key carrier, adds the random series that produced by the chaotic maps secret variable as each private key combination in " the complex encryption computing " of the process produced at key, improves the ability of resistance against colluders.And Chaotic map sequence and private key are bundled in private key background data base.
" complex encryption computing ", includes the calculating of identity private key (isk), and the calculating of identity private key (isk) is carried out at KMC.If the i-th row row-coordinate wi used represents, make identity private key be isk, so private key realizes with the multiple addition on Galois field territory, then private key is:
Sc
ibe the pseudo-random sequence produced by chaotic maps, to be also the present invention be improves security performance, and prevent the measure of collusion attack, in systems in practice, can not have completely random sequence, be all pseudo-random sequence, and the pseudo-random sequence correlativity of different identification is the smaller the better.Due to the existence of Lyapunov exponent positive in chaos system, thus the fine difference between original state is amplified rapidly, finally become completely uncorrelated, therefore, by chaotic maps, such as logistic maps, according to the different id of user, configure different coefficients, produce different user, the pseudo-random sequence that cross correlation is minimum.
Sc
icarry out dot product with the element in " private key matrix ", get the mould of n after cumulative, n is the parameter representing exponent number.
Same, PKI calculates and realizes with the doubly some addition on elliptic curve E, and corresponding PKI is:
By different chaotic maps, according to user ID, the extraordinary Sci pseudo-random sequence of correlativity can be obtained.Bind with private key, these sequences are solidificated on private key carrier.
Above-described is only the preferred embodiment of the present invention, the invention is not restricted to above embodiment.Be appreciated that the oher improvements and changes that those skilled in the art directly derive without departing from the spirit and concept in the present invention or associate, all should think and be included within protection scope of the present invention.
Claims (3)
1. a method of mobile payment for safety, is characterized in that, comprises the following steps:
Step one, by scanning Quick Response Code or input, obtains the payment information comprising price;
Step 2, selects the modes of payments;
Step 3, inserts cipher key carrier, connects cipher key carrier, cipher key carrier work;
Step 4, input payment cipher or scanning payment Quick Response Code, cipher key carrier is encrypted above-mentioned information;
Step 5, the information after Transmission Encryption is to channel of disbursement;
Step 6, sign test is passed through, and pay and withhold successfully, payment completes.
2. safe method of mobile payment according to claim 1, is characterized in that: the modes of payments in described step 2 is e-bank or electronics collar.
3. safe method of mobile payment according to claim 1, is characterized in that: the channel of disbursement in described step 5 is Third-party payment or bank.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410665808.1A CN104376465A (en) | 2014-11-19 | 2014-11-19 | Safe mobile payment method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410665808.1A CN104376465A (en) | 2014-11-19 | 2014-11-19 | Safe mobile payment method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104376465A true CN104376465A (en) | 2015-02-25 |
Family
ID=52555358
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410665808.1A Pending CN104376465A (en) | 2014-11-19 | 2014-11-19 | Safe mobile payment method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104376465A (en) |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104867007A (en) * | 2015-03-31 | 2015-08-26 | 太仓云联信息科技有限公司 | Linkage type quick payment system |
CN105701659A (en) * | 2016-03-11 | 2016-06-22 | 广州云移信息科技有限公司 | Two-dimensional code-based network payment method and system |
CN106022756A (en) * | 2016-05-20 | 2016-10-12 | 武汉天喻信息产业股份有限公司 | Instant self-service shopping system and method based on intelligent device |
CN106875175A (en) * | 2016-06-28 | 2017-06-20 | 阿里巴巴集团控股有限公司 | A kind of method and apparatus for being easy to pay main body expansion |
CN108022097A (en) * | 2016-11-03 | 2018-05-11 | 中国移动通信有限公司研究院 | A kind of method of payment and device based on credible performing environment |
CN108475369A (en) * | 2015-11-19 | 2018-08-31 | 瑞可利控股有限公司 | Cash register device, program, payment auxiliary system and payment householder method |
WO2019019153A1 (en) * | 2017-07-28 | 2019-01-31 | 杭州复杂美科技有限公司 | Scheme for generating, storing and using private key |
CN110263882A (en) * | 2019-03-11 | 2019-09-20 | 北京奇艺世纪科技有限公司 | Image generating method, information acquisition method, device and electronic equipment |
CN110322237A (en) * | 2019-05-23 | 2019-10-11 | 平安银行股份有限公司 | A kind of method, apparatus and storage medium generating transaction code |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101576983A (en) * | 2009-06-16 | 2009-11-11 | 深圳市星龙基电子技术有限公司 | Electronic payment method and system based on mobile terminal |
CN101789152A (en) * | 2010-02-11 | 2010-07-28 | 黄志军 | Multipurpose contactless card supporting large amount payment and online recharge and application method thereof |
CN101841417A (en) * | 2010-03-12 | 2010-09-22 | 李勇 | Electronic signature device supporting short-distance wireless communication technology and method for ensuring safety of electronic transaction by applying same |
CN201638257U (en) * | 2010-03-25 | 2010-11-17 | 北京银达润和科技发展有限公司 | USB interface smart card capable of realizing cell phone payment |
CN201853285U (en) * | 2010-07-09 | 2011-06-01 | 北京银达润和科技发展有限公司 | Mobile payment terminal and payment system |
CN102779303A (en) * | 2012-08-07 | 2012-11-14 | 上海方付通商务服务有限公司 | Wireless payment system and method on basis of mobile phone |
CN202694458U (en) * | 2012-08-14 | 2013-01-23 | 山东财经大学 | Online payment system based on mobile intelligent communication equipment |
WO2014048990A1 (en) * | 2012-09-28 | 2014-04-03 | Bell Identification Bv | Method and apparatus for providing secure services using a mobile device |
CN104077511A (en) * | 2014-07-09 | 2014-10-01 | 上海象形通讯科技有限公司 | Non-contact processor card based on combined public key authentication and use method |
-
2014
- 2014-11-19 CN CN201410665808.1A patent/CN104376465A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101576983A (en) * | 2009-06-16 | 2009-11-11 | 深圳市星龙基电子技术有限公司 | Electronic payment method and system based on mobile terminal |
CN101789152A (en) * | 2010-02-11 | 2010-07-28 | 黄志军 | Multipurpose contactless card supporting large amount payment and online recharge and application method thereof |
CN101841417A (en) * | 2010-03-12 | 2010-09-22 | 李勇 | Electronic signature device supporting short-distance wireless communication technology and method for ensuring safety of electronic transaction by applying same |
CN201638257U (en) * | 2010-03-25 | 2010-11-17 | 北京银达润和科技发展有限公司 | USB interface smart card capable of realizing cell phone payment |
CN201853285U (en) * | 2010-07-09 | 2011-06-01 | 北京银达润和科技发展有限公司 | Mobile payment terminal and payment system |
CN102779303A (en) * | 2012-08-07 | 2012-11-14 | 上海方付通商务服务有限公司 | Wireless payment system and method on basis of mobile phone |
CN202694458U (en) * | 2012-08-14 | 2013-01-23 | 山东财经大学 | Online payment system based on mobile intelligent communication equipment |
WO2014048990A1 (en) * | 2012-09-28 | 2014-04-03 | Bell Identification Bv | Method and apparatus for providing secure services using a mobile device |
CN104077511A (en) * | 2014-07-09 | 2014-10-01 | 上海象形通讯科技有限公司 | Non-contact processor card based on combined public key authentication and use method |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104867007A (en) * | 2015-03-31 | 2015-08-26 | 太仓云联信息科技有限公司 | Linkage type quick payment system |
CN108475369A (en) * | 2015-11-19 | 2018-08-31 | 瑞可利控股有限公司 | Cash register device, program, payment auxiliary system and payment householder method |
CN105701659A (en) * | 2016-03-11 | 2016-06-22 | 广州云移信息科技有限公司 | Two-dimensional code-based network payment method and system |
CN106022756A (en) * | 2016-05-20 | 2016-10-12 | 武汉天喻信息产业股份有限公司 | Instant self-service shopping system and method based on intelligent device |
CN106875175A (en) * | 2016-06-28 | 2017-06-20 | 阿里巴巴集团控股有限公司 | A kind of method and apparatus for being easy to pay main body expansion |
CN106875175B (en) * | 2016-06-28 | 2020-07-24 | 阿里巴巴集团控股有限公司 | Method and device convenient for payment subject expansion |
US11531984B2 (en) | 2016-06-28 | 2022-12-20 | Advanced New Technologies Co., Ltd. | Method and device facilitating expansion of primary payment instruments |
CN108022097A (en) * | 2016-11-03 | 2018-05-11 | 中国移动通信有限公司研究院 | A kind of method of payment and device based on credible performing environment |
WO2019019153A1 (en) * | 2017-07-28 | 2019-01-31 | 杭州复杂美科技有限公司 | Scheme for generating, storing and using private key |
CN110263882A (en) * | 2019-03-11 | 2019-09-20 | 北京奇艺世纪科技有限公司 | Image generating method, information acquisition method, device and electronic equipment |
CN110263882B (en) * | 2019-03-11 | 2023-09-01 | 北京奇艺世纪科技有限公司 | Image generation method, information acquisition method, device and electronic equipment |
CN110322237A (en) * | 2019-05-23 | 2019-10-11 | 平安银行股份有限公司 | A kind of method, apparatus and storage medium generating transaction code |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20220116745A1 (en) | Methods and systems for asset obfuscation | |
CN104376465A (en) | Safe mobile payment method | |
CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
JP4739205B2 (en) | Method and system for generating dynamic verification values | |
KR102322118B1 (en) | Private key securing methods of decentralizedly storying keys in owner's device and/or blockchain nodes | |
CN101436280B (en) | Method and system for implementing electronic payment of mobile terminal | |
US20200106600A1 (en) | Progressive key encryption algorithm | |
CN103413159B (en) | A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK | |
CN107278307A (en) | Software layer is mutually authenticated | |
CN108780548A (en) | Using Elliptic Curve Cryptography for Personal Device Security to Share Secrets | |
CN104463001A (en) | Method for independently generating and storing encrypted digital currency private key and device for bearing encrypted digital currency private key | |
CN111492390A (en) | Cash equivalent device for digital currency | |
US20140289129A1 (en) | Method for secure contactless communication of a smart card and a point of sale terminal | |
CN103914913A (en) | Intelligent card application scene recognition method and system | |
WO1990014962A1 (en) | Ic card for security attestation and ic card service system using said ic card | |
CN112131601A (en) | Block chain privacy protection method and system based on ring signature and proxy re-encryption | |
Rezaeighaleh et al. | Deterministic sub-wallet for cryptocurrencies | |
CN104077511B (en) | A kind of contactless processor card based on Conbined public or double key certification and using method | |
CN104424568A (en) | Authentication false-proof traceability system employing circuit core chip ID number as identification | |
CA3107807A1 (en) | Systems and methods for signaling a potential attack on contactless cards | |
KR101110777B1 (en) | Method and terminal of preventing parameter from forging/alternating | |
CN111709747B (en) | Intelligent terminal authentication method and system | |
CN102609842A (en) | Payment cipher device based on hardware signature equipment, and application method of payment cipher device | |
CN104376464A (en) | Safe code scanning payment method | |
CN104091191A (en) | Fast and effective anti-fake identifying method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150225 |