CN104657855A - Mobile payment identity verification device with NFC interface - Google Patents
Mobile payment identity verification device with NFC interface Download PDFInfo
- Publication number
- CN104657855A CN104657855A CN201510104916.6A CN201510104916A CN104657855A CN 104657855 A CN104657855 A CN 104657855A CN 201510104916 A CN201510104916 A CN 201510104916A CN 104657855 A CN104657855 A CN 104657855A
- Authority
- CN
- China
- Prior art keywords
- authentication
- nfc
- authentication means
- server
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention relates to a mobile payment identity verification device with a NFC interface. The identity verification device comprises a NFC verification interface, a communication management module, a power management module, a secret key storage module, a time management module and a password generating module; the NFC verification interface, the input end of the time management module, and the output end of the password generating module are connected with the communication module, the NFC verification interface is further connected with the power management module, the output ends of the secret key storage module and the time management module are connected with the input end of the password generator. The device disclosed by the invention has the beneficial effect that a user can conveniently and safety use the mobile payment. The device is small in size, can be packed as a standard credit card form and is convenient to carry by the user; through the adoption of a wireless interface, a cable is unnecessary to connect a user verifier and mobile equipment, the device is convenient to use, the production cost is reduced, and the device is in favor of popularization and use.
Description
Technical field
The invention belongs to mobile payment identity validation technology field, be specifically related to a kind of mobile payment authentication means with NFC interface.
Background technology
Along with mobile device and the rapid of shopping at network are popularized, mobile payment gets most of the attention because it is convenient and swift.But even if through high speed development for many years, mobile payment is subject to the puzzlement of some factors all the time.One of them important factor is exactly that the security of mobile payment is general not high.Due to all security breaches and the Malware of conventional payment devices (as PC, mobile phone etc.), the destruction of network worm and virus, mobile payment usually causes user credit card information to be leaked and usurp.The safety issue of mobile payment hinders its further universal and development.
The mode of a kind of user's of protection bank information the most conventional is at present hardware user authentication.Just can complete online payment because user must hold unique authenticate device, even if credit card information is revealed, disabled user also cannot use the information of leakage to carry out illegal online payment.Now widely used identification authentication system has two kinds of implementation methods, is the identification authentication system of USBKey(and similar USBKey respectively), and dynamic password ID authentication device.USBKey is the similar USB flash disk of a kind of profile, with the hardware user identification authentication system of USB interface.As a kind of digital certificate identifying client identity, USBKey combines IC-card and the technology such as digital certificate, digital signature.USBKey is inserted payment devices by USB interface by user, USBKey directly and certificate server set up secure connection authenticated identity.The seed that dynamic password ID authentication device is shared by user and authentication server and key produce dynamic password and carry out identifying user identity.Current most of dynamic password ID authentication device adopts the time synchronous with authentication server to produce dynamic password as seed.The dynamic password produced is presented in the LCD screen of device, and the password of display is manually input to mobile device by user.These authenticate device securities are fine, and their birth largely solves the safety problem of online payment.But these two kinds of devices are also not suitable for mobile payment.USBKey needs to use USB interface to connect mobile device, and dynamic password ID authentication needs user manually to input password.This puts to no little inconvenience for user uses, and original conveniently mobile payment mode is lost its reliss.Secondly, due to the randomness in the place of user's mobile payment, user need carry with these devices, and these devices due to volume and shape reason and be not suitable for carrying with.
In sum, mobile payment in the urgent need to a kind of for mobile payment optimize, the hardware user authentication means of quick and safe.
Summary of the invention
The invention provides a kind of mobile payment authentication means with NFC interface, described identification authentication system (user authenticator) packs the profile carried with for the convenience of the user, as card, and use dynamic password technical identification user identity, user authenticator profile can define according to practical application, as may be defined as credit card profile, be convenient to put together with other credits card (as wallet etc.), be different from conventional dynamic password and produce equipment, the present invention is without keyboard, display screen, its unique extraneous interface is the passive NFC communication interface be encapsulated in user authenticator, be used for realizing and the exchanges data of mobile device.When carrying out mobile payment, user is without the need to inputting any instruction, also without the need to the password of generation is manually input to mobile device, only this user authenticator need be placed near mobile device NFC antenna, mobile device and user authenticator can complete checking by autonomous communication automatically.User does not even take out from wallet with by user authenticator.This user authenticator is inactive component, and the NFC radio-frequency radiation energy work relying on mobile device to produce, does not need battery without the need to charging yet, easy to maintenance.Because the present invention cannot disassemble without any physical interface (communication interface, power supply interface), there is higher security.
With a mobile payment authentication means for NFC interface, described authentication means comprises NFC and verifies interface, communication management module, power management module, cipher key storage block, time management module and secret generation module; Described NFC verifies that the output terminal of interface, time management module and secret generation module is all connected in communication management module, described NFC verifies that interface also connects power management module, and the output terminal of described cipher key storage block and the second output terminal of time administration module are all connected on password generator input end.
Further, described authentication means when carrying out authentication, its NFC verify interface by be wirelessly connected to there is NFC terminal interface mobile device on, described mobile device connectivity verification server.
Further, described authentication means does not have battery, rely on the radio-frequency (RF) energy work that the NFC terminal interface of mobile device sends, the NFC of described authentication means verifies the radio-frequency (RF) energy that interface is sent by the NFC terminal interface of mobile device, and radio-frequency (RF) energy is sent to power management module, described power management module is powered to authentication means after radio-frequency (RF) energy is carried out rectification and voltage stabilizing.
Further, the time that the key of described secret generation module reception cipher key storage block and time administration module provide, and use key and time to produce authentication dynamic password by password generating algorithm.
Further, the shape of described authentication means for ease of carrying, as card-like.
Apply a dual identity verification method for mobile payment, comprise the following steps:
A) mobile device for mobile payment connects authentication means, wherein said mobile device connectivity verification server, and authentication means and authentication server realize encrypting two-way communication by mobile device;
B) described authentication means and authentication server execution time synchronized algorithm, make authentication means local zone time substantially synchronous with authentication server local zone time, authentication means inspection local zone time, if local zone time is greater than the expired time T of authentication means
e,then stop authentication;
C) described mobile device sends server authentication request to authentication server, and comprise a time seed T verifying dynamic password for generation server specified by authentication means in request, T need be greater than the expired time T of authentication means
e, often send a server authentication request to authentication server, T is increased by 1 chronomere and is preserved by authentication means;
D) described authentication server sends to authentication means that one uses T, chronomere, start time and authentication means dispatch from the factory key, through the server authentication dynamic password that password generating algorithm is produced, wherein start time, chronomere and password generating algorithm are for presetting;
E) after described authentication means reception server checking dynamic password, three groups of dynamic passwords are produced into through password generating algorithm according to sending to the T of authentication server, be respectively T, T+1 chronomere, a T-1 chronomere, if it is identical with server authentication dynamic password that one of three groups of dynamic passwords are any, then complete server authentication;
F) described authentication means sends to authentication server that one uses local zone time, start time, chronomere and authentication means dispatch from the factory key, through the user rs authentication dynamic password that password generating algorithm is produced, wherein start time, chronomere and password generating algorithm are for presetting;
G) after described authentication server receives user rs authentication dynamic password, three groups of dynamic passwords are generated according to local zone time, be respectively local zone time, local zone time+1 chronomere, local zone time-1 chronomere, if it is identical with user rs authentication dynamic password that one of three groups of dynamic passwords are any, then completing user authentication;
A kind of for connecting authentication means and mobile device, and apply the NFC communication management method of above-mentioned verification method, comprise the following steps:
A () is opened NFC terminal interface for the mobile device of mobile payment and sent explore frame search around has NFC and verifies interfacing equipment;
B the NFC in () authentication means verifies that interface receives explore frame and replys;
C () mobile device and authentication means exchange respective ID by NFC communication;
D () mobile device reads first 4 pieces that authentication means NFC verifies interface internal storage structure, and determine whether legal identity demo plant;
E (), if not legal identity demo plant, mobile device stops authentication; If legal identity demo plant, the time synchronous with authentication server write authentication means NFC is verified the 4th to the 5th piece of interface internal storage structure by mobile device, and the 3rd of cyclic polling authentication means NFC internal storage structure the piece of the 3rd byte respective flag position;
Whether f () authentication means reads NFC and verifies the 4th to the 5th piece of interface internal storage structure and upgrade local zone time, and detect expired; If expired, stop authentication; If not out of date, will the 4th to the 5th piece that inside is used for the time seed T write authentication means NFC checking interface internal storage structure of authentication server identity be stored in, and upgrade the 3rd piece of the 3rd byte respective flag position that NFC verifies interface internal storage structure;
G () mobile device reads authentication means NFC and verifies that the 4th to the 5th piece of interface internal storage structure obtains T, and T is sent to authentication server;
H the server authentication dynamic password got from server is write the 6th to the 7th piece of authentication means NFC internal storage structure by () mobile device, and the 3rd of cyclic polling authentication means NFC internal storage structure the piece of the 3rd byte respective flag position;
If the unsuccessful authentication server identity of (i) authentication means, verify the 3rd piece of the 3rd byte respective flag position of interface internal storage structure at authentication means NFC, instruction server authentication failure; Mobile device notifies user rs authentication failure and stops checking after reading this zone bit; If good authentication server identity, then start to calculate the dynamic password for subscriber authentication;
J () authentication means completing user checking dynamic password calculates after, be mapped to the 8th to the 9th piece of NFC internal storage structure, and the 3rd piece of the 3rd byte respective flag position of interface internal storage structure is verified at NFC, indicating user checking dynamic password has calculated; Mobile device reads the 8th to the 9th piece that authentication means NFC verifies interface internal storage structure after reading this zone bit; NFC communication completes.
The invention has the beneficial effects as follows, user can facilitate, the use mobile payment of safety.Volume of the present invention is little, can be packaged as standard credit card form, facilitates user to carry.Adopting wave point, without the need to using cable to connect user authenticator and mobile device, being user-friendly to.User authenticator inside does not relate to encryption and decryption computing, without the need to adopting high-performance treatments chip, reducing production cost, contributing to promoting the use of.
Accompanying drawing explanation
Fig. 1 is the structural representation of authentication means of the present invention;
Fig. 2 is the internal storage structure schematic diagram that authentication means NFC of the present invention verifies interface.
Reference numeral: 1, authentication means; 2, NFC verifies interface; 3, communication management module; 4, power management module; 5, time management module; 6, cipher key storage block; 7, secret generation module; 8, mobile device; 9, NFC terminal interface; 10, operating system; 11, mobile-payment system; 12, internet interface.
Embodiment
In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is explained in further detail.Should be appreciated that specific embodiment described herein only for explaining the present invention, being not intended to limit the present invention.
On the contrary, the present invention is contained any by the substituting of making on marrow of the present invention and scope of defining of claim, amendment, equivalent method and scheme.Further, in order to make the public have a better understanding to the present invention, in hereafter details of the present invention being described, detailedly describe some specific detail sections.
As shown in Figure 1, mobile payment authentication means 1 provided by the invention comprises NFC checking interface 2, communication management module 3, power management module 4, cipher key storage block 6, time management module 5 and secret generation module 7; Described authentication means 1 carries out being connected and communicating with the mobile device 8 or mobile terminal with NFC function, described mobile device 8 or mobile terminal are by internet connectivity verification server, and described mobile device 8 or mobile terminal need have operating system 10 and mobile-payment system 11 simultaneously.
When authentication means 1 is placed near mobile device 8, NFC verifies that interface 2 receives the NFC signal of radio-frequency (RF) energy and the transmission produced by NFC terminal interface 9 on mobile device 8, radio-frequency (RF) energy is after NFC verifies that interface 2 receives, deliver to power management and carry out rectification and voltage stabilizing, whole device is powered, described NFC verifies that interface 2 is connected with mobile device 8 or mobile terminal, described communication management module 3 is for managing the exchanges data of authentication means 1 and mobile device 8 or mobile terminal, and be responsible for the work coordinating other module, described time management module 5 is used for realizing the time synchronized of authentication means 1 and authentication server, management local clock, and generation time seed, described time synchronized is conventional time synchronization protocol, such as NTP etc., described cipher key storage block 6 is for storing the secret key shared with authentication server, this secret key is protected by cipher key storage block 6, can not verify in other devices that interface 2 is sent to outside authentication means 1 by NFC, described secret generation module 7 generates dynamic password according to the secret key stored in the time seed obtained from time management module 5 and cipher key storage block 6, this dynamic password is via communication management module 3, NFC verifies that interface 2 is sent to mobile device 8 or mobile terminal, be forwarded to authentication server through internet interface 12 by encrypted tunnel by mobile-payment system 11 again and carry out authentication.
auth method:the present invention adopts dual-identity authentication to ensure transaction security, and namely authentication server needs identifying user identity, and user also needs authentication server identity simultaneously.The core that the present invention realizes dual-identity authentication is symmetric key K
a.This key K
afor the random bytes string of certain length, as 128bit or 256bit, and to be produced at random by key schedule when authentication means 1 is dispatched from the factory and in the cipher key storage block 6 being stored in user authenticator respectively and in the authentication server database of bank.The present invention uses time-based dynamic password, therefore the clock of authentication means 1 needs substantially synchronous with authentication server.Revise local clock because most mobile device uses NTP or similar agreement automatically to obtain the standard time from internet time synchronization server, authentication means 1 can pass through the acquisition for mobile terminal standard time easily.Therefore only need run NTP can keep synchronous with the general time of authentication means 1 on authentication server, enough meet authentication requirement.Below the method for server authentication and subscriber authentication is introduced respectively.
Server authentication: the first step of bidirectional identity authentication is server identity certification.Server identity certification is to prevent assailant from forging server, and illegally obtains user sensitive information, as payment information etc.First mobile device 8 sends server authentication request by encrypted tunnel to authentication server.A time seed T specified by authentication means 1 is comprised in this checking request.Authentication server uses K
aproduce one group of server authentication dynamic password with T, and the server authentication dynamic password of generation is sent to authentication means 1 by encrypted tunnel.Authentication means 1 makes to use the same method, and calculates with K
abe the dynamic password of seed with T, and compare with the server authentication dynamic password received, authentication server identity.Consider time synchronization error, authentication means 1 can calculate the dynamic password obtained by three times, is T, T+1 chronomere respectively, and T-1 chronomere, as long as the dynamic password that authentication server sends is identical with one of them, namely completes authentication.
Subscriber authentication: the second step of bidirectional identity authentication is authenticating user identification.Authentication means 1 uses local zone time and K
aas seed, generate user rs authentication dynamic password, send dynamic password to authentication server through encrypted tunnel by secret generation module 7, authentication server uses local zone time and K
aproduce one group of dynamic password in this locality, compare with the user rs authentication dynamic password received, identifying user identity.Consider time synchronization error, authentication server can calculate the dynamic password obtained by three times, is local zone time respectively, local zone time+1 chronomere, with local zone time-1 chronomere, as long as the dynamic password that authentication means 1 sends is identical with one of them, namely complete authentication.
Method for generating cipher code: dynamic password can adopt TOTP(Time-based One-time Password) or the generation of similar algorithm.Use TOTP to produce dynamic password and need two inputs: key K
a, and local zone time.Specifically, first secret generation module calculates the mistiming of local zone time and a start time (appointing with authentication server before authentication means 1 is dispatched from the factory) (with every 30 seconds, or every 60 seconds meters, appoint with authentication server before authentication means 1 is dispatched from the factory equally).Then secret generation module uses this mistiming and K
adynamic password is produced by SHA-1 hash algorithm.
Password generates safety practice: because authentication means 1 uses identical time dynamic password generator to produce user rs authentication password and server authentication password, for preventing assailant from utilizing the server identity certification of forgery to extract dynamic password for authenticating user identification, authentication means 1 is guaranteed not to be used in subscriber authentication for the dynamic password of server authentication.Authentication means 1 comprises an expired time T
e.Authentication means 1 can only use and be less than T
etime be that seed produces user rs authentication dynamic password, when local zone time is greater than T
etime, refusal is produced user rs authentication dynamic password by authentication means 1.Meanwhile, authentication means 1 uses and is greater than T
etime be seed T to server for services device checking dynamic password, guarantee that the password generated is not overlapping with user rs authentication dynamic password.
For the server and the local zone time that prevent assailant from using forgery, and the dynamic password stolen is out-tricked server identity certification, and authentication means 1 guarantees that any time seed T for generation server checking dynamic password only can use once.Authentication means 1 arranges T>T when dispatching from the factory
e, T
efor the expired time of authentication means 1.T is kept in internal non-volatile memory by authentication means 1, and after sending T to authentication server, T is increased a chronomere, i.e. T=T+1 chronomere at every turn.This method is guaranteed each all different for the time seed of authentication server identity, the dynamic password spoofed identity certification effectively preventing from assailant from using usurping.
communication means:nFC communication passes through NFC functional module and the authentication means 1NFC Interface realization of mobile device 8, the NFC functional module of mobile device 8 is managed by the operating system 10 of mobile device 8, mobile-payment system follows the API defining operation NFC functional module of this operating system, here highlight communication and the management method of authentication means 1 end NFC interface, NFC interface is managed by communication management module 3.NFC interface uses NFC-A physical layer protocol, and follow Type 2 NFC label agreement and communicate with mobile device 8, at mobile device 8, this authentication means 1 is Type 2 NFC label of a standard, authentication means 1 will need the data-mapping communicated with mobile device 8 on internal storage structure as shown in Figure 2, this internal storage structure comprises 64 bytes altogether, corresponds to respectively in 16 blocks.Block 0 to block 2 is mapped as unique ID of authentication means 14, block 3 is mapped as the descriptor of authentication means 1, as version, and the time of making the product etc., the byte 3 of block 3 is authentication means 1 state byte, and this byte packet is used to refer to authentication means 1 current state containing some zone bits.Block 4 and block 5 comprise temporal information, are read by mobile device 8 or are write, and are used for calculating dynamic password.The byte 3 of block 5 is the check code of block 4 and block 5, block 6 to block 7 is the dynamic password of authentication server identity, generated by authentication server, mobile device 8 writes, block 8 to block 9 is mapped as the dynamic password of generation, and block 10 to block 15 is reserved address, cannot write, also cannot read (reading is 0), NFC interface supports all orders of Type 2 label definition.
Authentication means 1 is as follows with the NFC communication step of mobile device 8, when identifying user identity, the NFC functional module of mobile device 8 is opened and broadcast probe frame detection other NFC device around, when authentication means 1 is placed near mobile device 8, NFC interface receives explore frame, and with mobile device 8 exchange id.Get the ID of authentication means 1 at mobile device 8 after, read front 16 byte of memorys of authentication means 1, the information that mobile device 8 uses description block 3 to comprise determines that this NFC label is for authentication means 1, instead of common NFC label, the byte 3 of block 3 describes the state of this authentication means 1 with zone bit, as whether lost efficacy, whether dynamic password produces, mobile device 8 is by date-time write-in block 4 to the block 5 after synchronous subsequently, and the byte 3 of query block 3 confirms that whether authentication means 1 is expired.Authentication means 1 uses the date-time in block 4 to block 5 to upgrade local zone time, and contrasts the expired time T of local zone time and authentication means 1
eif, out of date, then upgrade the respective flag position in block 3 byte 3, indicate out of date and stop checking, if still before the deadline, then will be stored in inner T write-in block 4 to block 5, and upgrade the respective flag position in block 3 byte 3.Mobile device reads block 4 to block 5 and obtains T, and send it to server calculating dynamic password, server authentication dynamic password write-in block 6 to the block 7 subsequently server returned, and the byte 3 of query block 3 is to determine whether user rs authentication dynamic password generates, authentication means 1 is authentication server identity first, if do not pass through, then upgrade the respective flag position in block 3 byte 3, instruction server authentication failure, as passed through then to calculate user rs authentication dynamic password, and be mapped to block 8 to block 9, and the respective flag position upgraded in block 3 byte 3, user rs authentication dynamic password is read by NFC interface by mobile device 8 subsequently, complete NFC communication.
Mobile payment authentication means 1 provided by the invention designs the profile carried with for the convenience of the user, such as card; The invention has the beneficial effects as follows, user can facilitate, the use mobile payment of safety, volume of the present invention is little, standard credit card form can be packaged as, facilitate user to carry, adopt wave point, user authenticator and mobile device 8 is connected without the need to using cable, be user-friendly to, user authenticator inside does not relate to encryption and decryption computing, without the need to adopting high-performance treatments chip, reduce production cost, contribute to promoting the use of.
Claims (7)
1. with a mobile payment authentication means for NFC interface, it is characterized in that, described authentication means comprises NFC and verifies interface, communication management module, power management module, cipher key storage block, time management module and secret generation module; Described NFC verifies that the output terminal of interface, time management module and secret generation module is all connected in described communication management module, described NFC verifies that interface also connects described power management module, and the output terminal of described cipher key storage block and another output terminal of time administration module are connected on password generator input end.
2. authentication means according to claim 1, it is characterized in that, described authentication means when carrying out authentication, its NFC verify interface by be wirelessly connected to there is NFC terminal interface mobile device on, described mobile device connectivity verification server.
3. authentication means according to claim 2, it is characterized in that, the NFC of described authentication means verifies the radio-frequency (RF) energy that interface is sent by the NFC terminal interface of mobile device, and radio-frequency (RF) energy is sent to power management module, described power management module is powered to authentication means after radio-frequency (RF) energy is carried out rectification and voltage stabilizing.
4. authentication means according to claim 1, it is characterized in that, the time that the key of described secret generation module reception cipher key storage block and time administration module provide, and use key and time to produce authentication dynamic password by password generating algorithm.
5. authentication means according to claim 1, is characterized in that, described authentication means is card-like for ease of what carry, but is not limited to above-mentioned card-like.
6. apply a dual identity verification method for mobile payment, the authentication means that one of the method application the claims 1-5 is described, it is characterized in that, comprise the following steps:
A) mobile device for mobile payment connects authentication means, wherein said mobile device connectivity verification server, and authentication means and authentication server realize encrypting two-way communication by mobile device;
B) described authentication means and authentication server execution time synchronized algorithm, make authentication means local zone time substantially synchronous with authentication server local zone time, authentication means inspection local zone time, if local zone time is greater than the expired time T of authentication means
e,then stop authentication;
C) described mobile device sends server authentication request to authentication server, and comprise a time seed T verifying dynamic password for generation server specified by authentication means in request, T is greater than the expired time T of authentication means
e, often send a server authentication request to authentication server, T is increased by 1 chronomere and is preserved by authentication means;
D) described authentication server sends to authentication means that one uses T, chronomere, start time and authentication means dispatch from the factory key, through the server authentication dynamic password that password generating algorithm is produced, wherein start time, chronomere and password generating algorithm are for presetting;
E) after described authentication means reception server checking dynamic password, three groups of dynamic passwords are produced into through password generating algorithm according to sending to the T of authentication server, be respectively T, T+1 chronomere, a T-1 chronomere, if it is identical with server authentication dynamic password that one of three groups of dynamic passwords are any, then complete server authentication;
F) described authentication means sends to authentication server that one uses local zone time, start time, chronomere and authentication means dispatch from the factory key, through the user rs authentication dynamic password that password generating algorithm is produced, wherein start time, chronomere and password generating algorithm are for presetting;
G) after described authentication server receives user rs authentication dynamic password, three groups of dynamic passwords are generated according to local zone time, be respectively local zone time, local zone time+1 chronomere, local zone time-1 chronomere, if it is identical with user rs authentication dynamic password that one of three groups of dynamic passwords are any, then completing user authentication.
7. for connecting authentication means and a mobile device, and application rights requires the NFC communication management method of the verification method described in 6, it is characterized in that, comprises the following steps:
A () is opened NFC terminal interface for the mobile device of mobile payment and sent explore frame search around has NFC and verifies interfacing equipment;
B the NFC in () authentication means verifies that interface receives explore frame and replys;
C () mobile device and authentication means exchange respective ID by NFC communication;
D () mobile device reads first 4 pieces that authentication means NFC verifies interface internal storage structure, and determine whether legal identity demo plant;
E (), if not legal identity demo plant, mobile device stops authentication; If legal identity demo plant, the time synchronous with authentication server write authentication means NFC is verified the 4th to the 5th piece of interface internal storage structure by mobile device, and the 3rd of cyclic polling authentication means NFC internal storage structure the piece of the 3rd byte respective flag position;
Whether f () authentication means reads NFC and verifies the 4th to the 5th piece of interface internal storage structure and upgrade local zone time, and detect expired; If expired, stop authentication; If not out of date, will the 4th to the 5th piece that inside is used for the time seed T write authentication means NFC checking interface internal storage structure of authentication server identity be stored in, and upgrade the 3rd piece of the 3rd byte respective flag position that NFC verifies interface internal storage structure;
G () mobile device reads authentication means NFC and verifies that the 4th to the 5th piece of interface internal storage structure obtains T, and T is sent to authentication server;
H the server authentication dynamic password got from server is write the 6th to the 7th piece of authentication means NFC internal storage structure by () mobile device, and the 3rd of cyclic polling authentication means NFC internal storage structure the piece of the 3rd byte respective flag position;
If the unsuccessful authentication server identity of (i) authentication means, verify the 3rd piece of the 3rd byte respective flag position of interface internal storage structure at authentication means NFC, instruction server authentication failure; Mobile device notifies user rs authentication failure and stops checking after reading this zone bit; If good authentication server identity, then start to calculate the dynamic password for subscriber authentication;
J () authentication means completing user checking dynamic password calculates after, be mapped to the 8th to the 9th piece of NFC internal storage structure, and the 3rd piece of the 3rd byte respective flag position of interface internal storage structure is verified at NFC, indicating user checking dynamic password has calculated; Mobile device reads the 8th to the 9th piece that authentication means NFC verifies interface internal storage structure after reading this zone bit; NFC communication completes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510104916.6A CN104657855B (en) | 2015-03-10 | 2015-03-10 | A kind of mobile payment authentication means with NFC interface |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510104916.6A CN104657855B (en) | 2015-03-10 | 2015-03-10 | A kind of mobile payment authentication means with NFC interface |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104657855A true CN104657855A (en) | 2015-05-27 |
| CN104657855B CN104657855B (en) | 2019-05-17 |
Family
ID=53248943
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510104916.6A Active CN104657855B (en) | 2015-03-10 | 2015-03-10 | A kind of mobile payment authentication means with NFC interface |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104657855B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108564367A (en) * | 2018-04-11 | 2018-09-21 | 郑鸿 | A kind of encrypted algorithm of payment |
| CN108665267A (en) * | 2018-07-05 | 2018-10-16 | 中国工商银行股份有限公司 | Safety certification device and system |
| CN110024207A (en) * | 2016-12-05 | 2019-07-16 | 三星Sdi株式会社 | Control unit for battery system |
| EP3535951A4 (en) * | 2016-11-26 | 2019-11-13 | Huawei Technologies Co., Ltd. | Password based key derivation function for ntp |
| CN112954662A (en) * | 2021-03-17 | 2021-06-11 | 讯翱(上海)科技有限公司 | Authentication method for recognizing digital certificate based on NFC |
| CN113780016A (en) * | 2020-05-21 | 2021-12-10 | 鉴正科技股份有限公司 | Verification system and verification method for preventing commodities and marked trademarks thereof from being imitated |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120221860A1 (en) * | 2011-02-25 | 2012-08-30 | Vasco Data Security, Inc. | Method and apparatus for encoding and decoding data transmitted to an authentication token |
| CN102868527A (en) * | 2012-08-17 | 2013-01-09 | 天地融科技股份有限公司 | Dynamic password generation system and device |
| CN103259664A (en) * | 2013-05-08 | 2013-08-21 | 北京昆腾微电子有限公司 | Nfc dynamic password chip and working method thereof |
| CN103326858A (en) * | 2013-05-27 | 2013-09-25 | 北京昆腾微电子有限公司 | NFC dynamic password chip based on time mode and working method of NFC dynamic password chip |
| CN104125072A (en) * | 2014-08-05 | 2014-10-29 | 上海众人科技有限公司 | Method and system for non-contact dynamic password authentication |
-
2015
- 2015-03-10 CN CN201510104916.6A patent/CN104657855B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120221860A1 (en) * | 2011-02-25 | 2012-08-30 | Vasco Data Security, Inc. | Method and apparatus for encoding and decoding data transmitted to an authentication token |
| CN102868527A (en) * | 2012-08-17 | 2013-01-09 | 天地融科技股份有限公司 | Dynamic password generation system and device |
| CN103259664A (en) * | 2013-05-08 | 2013-08-21 | 北京昆腾微电子有限公司 | Nfc dynamic password chip and working method thereof |
| CN103326858A (en) * | 2013-05-27 | 2013-09-25 | 北京昆腾微电子有限公司 | NFC dynamic password chip based on time mode and working method of NFC dynamic password chip |
| CN104125072A (en) * | 2014-08-05 | 2014-10-29 | 上海众人科技有限公司 | Method and system for non-contact dynamic password authentication |
Non-Patent Citations (1)
| Title |
|---|
| 郑智鹏: "动态密码器工作原理介绍及优化方案", 《中国金融电脑》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3535951A4 (en) * | 2016-11-26 | 2019-11-13 | Huawei Technologies Co., Ltd. | Password based key derivation function for ntp |
| US11374751B2 (en) | 2016-11-26 | 2022-06-28 | Huawei Technologies Co., Ltd. | Password based key derivation function for NTP |
| CN110024207A (en) * | 2016-12-05 | 2019-07-16 | 三星Sdi株式会社 | Control unit for battery system |
| CN108564367A (en) * | 2018-04-11 | 2018-09-21 | 郑鸿 | A kind of encrypted algorithm of payment |
| CN108564367B (en) * | 2018-04-11 | 2022-08-16 | 宋伟杰 | Payment encryption algorithm |
| CN108665267A (en) * | 2018-07-05 | 2018-10-16 | 中国工商银行股份有限公司 | Safety certification device and system |
| CN113780016A (en) * | 2020-05-21 | 2021-12-10 | 鉴正科技股份有限公司 | Verification system and verification method for preventing commodities and marked trademarks thereof from being imitated |
| CN113780016B (en) * | 2020-05-21 | 2024-03-12 | 鉴正科技股份有限公司 | Verification system and verification method for preventing commodity and marked trademark thereof from being imitated |
| CN112954662A (en) * | 2021-03-17 | 2021-06-11 | 讯翱(上海)科技有限公司 | Authentication method for recognizing digital certificate based on NFC |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104657855B (en) | 2019-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103501191B (en) | A kind of mobile payment device based on NFC technology and method thereof | |
| US10769628B2 (en) | Transaction messaging | |
| CN103259667B (en) | The method and system of eID authentication on mobile terminal | |
| CN102315942B (en) | Security terminal with Bluetooth and communication method thereof of security terminal and client end | |
| CN103714639B (en) | A kind of method and system that realize the operation of POS terminal security | |
| WO2015161699A1 (en) | Secure data interaction method and system | |
| CN104657855A (en) | Mobile payment identity verification device with NFC interface | |
| US20090259850A1 (en) | Information Processing Device and Method, Recording Medium, Program and Information Processing System | |
| US20160012272A1 (en) | Fingerprint authentication system and a fingerprint authentication method based on nfc | |
| CN101807994B (en) | Method and system for application data transmission of IC card | |
| US20150372813A1 (en) | System and method for generating a random number | |
| CN107784499B (en) | Secure payment system and method of near field communication mobile terminal | |
| CN105007274A (en) | Mobile terminal-based identity authentication system and method | |
| CN103955733B (en) | Electronic identity card chip card, card reader and electronic identity card verification system and method | |
| CN101483654A (en) | Method and system for implementing authentication and data safe transmission | |
| KR101385429B1 (en) | Method for authenticating individual of electronic contract using nfc, authentication server and terminal for performing the method | |
| US11329824B2 (en) | System and method for authenticating a transaction | |
| CN102202300A (en) | System and method for dynamic password authentication based on dual channels | |
| CN104008351A (en) | System, method and device for Windows application program integrity checking | |
| CN108683674A (en) | Verification method, device, terminal and the computer readable storage medium of door lock communication | |
| CN101741565A (en) | Method and system for transmitting IC (integrated circuit)-card application data | |
| CN103560890A (en) | Networked transaction system and method based on mobile terminal | |
| CN106027457A (en) | Identity card information transmission method and system | |
| CN104579659A (en) | Device for safety information interaction | |
| CN103596175A (en) | Mobile intelligent terminal certification system and method based on near field communication technology |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |