CN105787727B - HCE (human computer interaction) offline payment system and implementation method - Google Patents
HCE (human computer interaction) offline payment system and implementation method Download PDFInfo
- Publication number
- CN105787727B CN105787727B CN201610102257.7A CN201610102257A CN105787727B CN 105787727 B CN105787727 B CN 105787727B CN 201610102257 A CN201610102257 A CN 201610102257A CN 105787727 B CN105787727 B CN 105787727B
- Authority
- CN
- China
- Prior art keywords
- hce
- dispersion
- client
- background server
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07G—REGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
- G07G1/00—Cash registers
- G07G1/12—Cash registers electronically operated
- G07G1/14—Systems including one or more distant stations co-operating with a central processing unit
Abstract
The application provides an HCE off-line payment system and an implementation method thereof, wherein the system comprises an HCE client, a POS machine and a background server, the HCE client communicates with the POS machine through NFC, and the background server communicates with the HCE client through HTTP; according to the HCE offline payment system and the implementation method, pseudo-random number verification is added in a common offline transaction process, so that soft card transaction safety based on HCE is improved, and further the safety of a transaction process is guaranteed. And by setting the pseudo random number to be a fixed number of times or a fixed term, loss can be reduced as much as possible even if lost.
Description
Technical Field
The application relates to the field of mobile payment, in particular to an HCE (personal computer) offline payment system and an implementation method.
Background
HCE (Host-based Card Emulation) is a system service API added to Android 4.4.2 kit kat released by Google in 2013. The HCE provides an NFC solution based on a virtual SE of an NFC handset terminal, also known as a "soft card" solution. The HCE enables the NFC mobile phone to adopt mobile phone App software to simulate a chip card to realize functions of payment, identity recognition and the like (card information is encrypted and stored in the mobile phone App software) under the condition that no hardware SE exists, so that the mobile phone has an NFC card swiping function.
Currently, the market only provides online transactions in commercial HCE-based payment systems, that is, all transactions must be forwarded to a background transaction processing system by a POS, and there is no good solution in offline transaction modes (such as public transport, campus, enterprise internal systems, etc.) where NFC payment is most used.
The existing off-line transaction processing flow is to finish transaction verification by interaction between a chip card with a security unit and a POS terminal. On the card side, the keys used in the transaction are protected by the chip card, while on the POS terminal side also the security is in terms of hardware. At present, no formal and commercial off-line transaction system based on the HCE technology exists in the market, when the soft card based on the HCE technology is used for carrying out transaction verification according to the original business process, the transaction safety in the aspect of the POS terminal is still guaranteed, and the data is protected through software in the aspect of the HCE client side, so that the safety guarantee is insufficient. Once the client is cracked and the transaction information is stolen and copied, the security of the whole system is threatened.
Disclosure of Invention
In order to solve the above problems, the present application provides an HCE offline payment system and an implementation method.
The application provides an HCE off-line payment system, which comprises an HCE client, a POS machine and a background server,
the HCE client communicates with the POS machine through NFC, and the background server communicates with the HCE client through HTTP;
the HCE client is used for receiving the pseudo-random number and the transaction serial number sent by the background server, sending the transaction serial number and the pseudo-random number to the POS machine at the same time, and verifying by the POS machine to complete the payment process;
the POS machine is used for receiving the transaction serial number sent by the HCE client, comparing and verifying a pseudo-random number generated by calculation according to the transaction serial number, the card number and other information with the pseudo-random number sent by the HCE client and finishing a subsequent payment process;
and the background server is used for generating a pseudo random number and sending the pseudo random number to the HCE client requesting updating.
Preferably, the HCE client is a mobile phone terminal or other analog card devices.
The application also provides an implementation method of the HCE offline payment system, which comprises the following steps:
step S1: a background server generates a pseudo-random number;
step S2: the background server establishes communication with the HCE client and updates the pseudo-random number in the HCE client;
step S3: the POS verifies the HCE client legitimacy using the pseudo-random number to effect subsequent transactions.
Preferably, the step S1: generating pseudo random numbers is specifically:
step S101: the background server calls an authentication key;
step S102: the background server generates a restrictive dispersion factor;
step S103: the background server uses a limit dispersion factor to perform dispersion operation on the authentication key;
step S104: the background server truncates the result of the scattered operation to obtain a pseudo-random number;
step S105: and the background server sends the pseudo random number to the HCE client requesting to update.
More preferably, the step S103: the background server uses a limit dispersion factor to perform dispersion operation on the authentication key, and specifically comprises the following steps:
if multi-level dispersion is used, the following steps are performed,
step T1, the background server generates a restrictive dispersion factor 1;
step T2, performing a first dispersion operation on the authentication key by using a restrictive dispersion factor 1;
step T3, the background server generates a restrictive dispersion factor 2;
step T4, performing a second dispersion operation on the authentication key by using a restrictive dispersion factor 2;
step T5, the background server generates a restrictive dispersion factor n;
step T6, using a restrictive dispersion factor N to perform the Nth dispersion operation on the authentication key;
if the first-stage mixing dispersion is adopted, the following steps are carried out,
step R1, the background server generates a plurality of restrictive dispersion factors;
step R2, the background server calculates the plurality of restrictive dispersion factors to obtain composite dispersion factors;
a step R3 of performing a distributed operation on the authentication key using a composite dispersion factor;
if the mixing dispersion is adopted, a mode of sharing multi-stage dispersion and first-stage mixing dispersion is adopted, and the method specifically comprises the following steps:
step M1, the background server generates a plurality of restrictive dispersion factors;
step M2, the background server calculates a plurality of restrictive dispersion factors to obtain composite dispersion factors,
step M3, performing a first dispersion operation on the authentication key by using the composite dispersion factor;
and step M4, performing the Nth dispersion operation on the authentication key by the restrictive dispersion factor N.
More preferably, the operation on the plurality of restrictive dispersion factors includes, but is not limited to, one of an exclusive or operation, an MD5 digest operation, and a hash operation.
Preferably, the step S2: the method comprises the following steps that a background server establishes communication with an HCE client side and updates a pseudo-random number in the HCE client side, and specifically comprises the following steps:
step S201: the HCE client sends an updating request to the background server;
step S202: the background server generates a new pseudo random number;
step S203: the background server sends the new pseudo random number and the transaction serial number to the HCE client;
step S204: the HCE client replaces the old pseudo-random number with the new pseudo-random number;
step S205: and the HCE client sends the successful updating information to the background server.
Preferably, the step S3: the POS machine utilizes the pseudo-random number to verify the legitimacy of the HCE client so as to realize subsequent transactions, and specifically comprises the following steps:
step S301: the HCE client is close to the POS machine;
step S302: the POS machine sends a card number reading request to the HCE client;
step S303: the HCE client sends a card number and a card issuer identification to the POS machine;
step S304: the POS machine sends an initialization transaction instruction to the HCE client;
step S305: the HCE client sends a pseudo-random number, a transaction serial number, a key version, an algorithm identifier and other extension information to the POS machine;
step S306: the POS machine judges whether HCE transaction is carried out according to the card number and the card sender identification, if so, step S307 is executed, otherwise, step S308 is executed;
step S307: the POS machine judges whether the random number is legal or not, if so, the step S308 is executed, otherwise, the transaction is terminated;
step S308: calculating the dispersion of the transaction master key to the card number to obtain a card consumption sub-key;
step S309: calculating a process key according to the transaction information;
step S310: calculating MAC1 using the procedure key and sending to the HCE client;
step S311: calculating a process key using the restricted transaction key;
step S312: check MAC1 using the procedure key;
step S313: calculating MAC2 using the process key according to the transaction information and sending to the POS;
step S314: the POS verifies that MAC2 completes the transaction.
More preferably, the step S306: the POS machine judges whether HCE transaction is carried out according to the card number and the card sender identification, and the specific judgment comprises the following steps:
judging the card type according to the serial number of the user card; or the card type is determined based on one or both of the key version number or the algorithm identification field.
Preferably, the step S2: before updating the pseudo random number, the following steps are carried out:
at step S2', the HCE client verifies whether the pseudo random number expires or exceeds the usage number, and if so, performs step S2, otherwise performs step S3.
The HCE offline payment system and the implementation method provided by the invention have the following technical effects:
1. according to the HCE offline payment system and the implementation method, pseudo-random number verification is added in a common offline transaction process, so that soft card transaction safety based on HCE is improved, and further the safety of a transaction process is guaranteed.
2. According to the HCE offline payment system and the implementation method, the loss can be reduced as far as possible even if the pseudo-random number is lost by setting the pseudo-random number to be fixed times or fixed time limit.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a schematic diagram of the structure of the HCE offline payment system of the present application;
FIG. 2 is a schematic diagram of the payment from the HCE offline payment system of the present application;
FIG. 3 is a flow chart of an implementation method of the HCE offline payment system of the present application;
FIG. 4 is a flow diagram of a method of generating pseudo random numbers according to the present application;
FIG. 5 is a flow chart of a method of updating a pseudo random number according to the present application;
FIG. 6 is a flow diagram of a method for validating pseudorandom numbers to effect transactions according to the present application;
FIG. 7 is a flow chart of a method of the present application for multi-level scatter calculation;
FIG. 8 is a flow chart of a method for a first-level hybrid scatter calculation according to the present application.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
The application provides an HCE offline payment system, as shown in fig. 1, comprising an HCE client 2, a POS machine 1 and a background server 3, wherein the background server 3 is communicated with the HCE client 2 through HTTP.
As shown in fig. 2, the HCE client 2 communicates with the POS machine 1 through NFC;
specifically, the HCE client 2 is configured to receive a pseudo random number and a transaction serial number sent by the background server 3, send the transaction serial number and the pseudo random number to the POS machine 1 at the same time, and complete a payment process through verification by the POS machine 1;
more specifically, the HCE client 2 is a mobile phone terminal or other analog card devices.
The POS machine 1 is used for receiving a transaction serial number sent by the HCE client 2, comparing and verifying a pseudo-random number generated by calculation according to the transaction serial number, the card number and other information with the pseudo-random number sent by the HCE client 2, and finishing a subsequent payment process;
the background server 3 is configured to generate a pseudo random number and send the pseudo random number to the HCE client 2 that requests updating.
The method for generating the pseudo random number comprises the following steps:
if multi-level dispersion is used, the steps shown in figure 7 are performed,
step T1, the background server 3 generates a restrictive dispersion factor 1;
step T2, performing a first dispersion operation on the authentication key by using a restrictive dispersion factor 1;
step T3, the background server 3 generates a limiting dispersion factor 2;
step T4, performing a second dispersion operation on the authentication key by using a restrictive dispersion factor 2;
step T5, the background server 3 generates a limiting dispersion factor n;
step T6, using a restrictive dispersion factor N to perform the Nth dispersion operation on the authentication key;
if one-stage mixing and dispersing is adopted, the steps shown in figure 8 are executed,
step R1, the backend server 3 generates a plurality of restrictive dispersion factors;
step R2, the background server 3 calculates the plurality of restrictive dispersion factors to obtain composite dispersion factors;
more specifically, the operation on the plurality of restrictive dispersion factors includes, but is not limited to, one of an exclusive-or operation, an MD5 digest operation, and a hash operation.
A step R3 of performing a distributed operation on the authentication key using a composite dispersion factor;
if the mixing dispersion is adopted, a mode of sharing multi-stage dispersion and first-stage mixing dispersion is adopted, and the method specifically comprises the following steps:
example 1
And respectively carrying out decentralized operation on the authentication key by using the composite decentralized factor obtained by one-time compounding and other single restrictive decentralized factors, wherein the method specifically comprises the following steps:
step M1, the background server 3 generates a plurality of restrictive dispersion factors;
step M2, the background server 3 calculates a plurality of restrictive dispersion factors to obtain a composite dispersion factor,
step M3, performing a first dispersion operation on the authentication key by using the composite dispersion factor;
and step M4, performing the Nth dispersion operation on the authentication key by the restrictive dispersion factor N.
Example 2
Respectively carrying out dispersive operation on the authentication key by using a plurality of composite dispersion factors obtained by multiple compounding, which specifically comprises the following steps:
step M1', the backend server 3 generates a plurality of restrictive dispersion factors;
step M2', the background server 3 calculates a plurality of restrictive dispersion factors to obtain a composite dispersion factor M, and calculates another plurality of restrictive dispersion factors to obtain a composite dispersion factor k;
step M3', performing a first dispersion operation on the authentication key using a composite dispersion factor M;
step M4', a second scatter operation is performed on the authentication key using the composite scatter factor k.
Step S104: the background server 3 truncates the result of the dispersion operation to obtain a pseudo random number;
specifically, the result of performing the dispersion operation on the authentication key is an 8-bit PIN code, and the 8-bit PIN code is truncated to obtain a 4-bit PIN code, that is, a pseudo random number, and the truncation is specifically as follows:
example 1
Concealing the first 4 bits of the 8-bit result PIN code, wherein the obtained last 4 bits of PIN code are pseudo-random numbers;
example 2
Hiding odd bits of the 8-bit result PIN code, and obtaining a remaining 4-bit PIN code as a pseudo-random number;
example 3
And (3) supplementing a 16-system number after the last bit of the 8-bit result PIN code, and then hiding the first 5 bits to obtain the remaining 4-bit PIN code which is a pseudo-random number.
More specifically, the HCE offline payment system further includes a personalization information server, a personalization user side, and the like.
The personalization information server is used for storing information required for personalization, such as PIN1, PIN2, PUK1, PUK2, ADM1, ICCID, IMSI, Ki and the like.
The personalization user side is used to perform the necessary personalization process for the HCE client.
An HCE offline payment system proposed by the present application is described above with reference to fig. 1-2, and an implementation method of the HCE offline payment system proposed by the present application is described below with reference to fig. 3-8.
The application also provides an implementation method of the HCE offline payment system, as shown in fig. 3, including the following steps:
step S1: the background server 3 generates a pseudo random number;
specifically, as shown in fig. 4, the step S1: generating pseudo random numbers is specifically:
step S101: the background server 3 calls an authentication key;
step S102: the background server 3 generates a restrictive dispersion factor;
step S103: the background server 3 uses a limit dispersion factor to perform dispersion operation on the authentication key;
more specifically, the step S103: the background server 3 performs distributed operation on the authentication key by using the limiting distributed factor, specifically:
if multi-level dispersion is used, the steps shown in figure 7 are performed,
step T1, the background server 3 generates a restrictive dispersion factor 1;
step T2, performing a first dispersion operation on the authentication key by using a restrictive dispersion factor 1;
step T3, the background server 3 generates a limiting dispersion factor 2;
step T4, performing a second dispersion operation on the authentication key by using a restrictive dispersion factor 2;
step T5, the background server 3 generates a limiting dispersion factor n;
step T6, using a restrictive dispersion factor N to perform the Nth dispersion operation on the authentication key;
if one-stage mixing and dispersing is adopted, the steps shown in figure 8 are executed,
step R1, the backend server 3 generates a plurality of restrictive dispersion factors;
step R2, the background server 3 calculates the plurality of restrictive dispersion factors to obtain composite dispersion factors;
more specifically, the operation on the plurality of restrictive dispersion factors includes, but is not limited to, one of an exclusive-or operation, an MD5 digest operation, and a hash operation.
More specifically, the operation of the plurality of limiting dispersion factors is not limited to the above operation methods, and other similar algorithms for data transformation are within the scope of the present application.
A step R3 of performing a distributed operation on the authentication key using a composite dispersion factor;
if the mixing dispersion is adopted, a mode of sharing multi-stage dispersion and first-stage mixing dispersion is adopted, and the method specifically comprises the following steps:
example 1
And respectively carrying out decentralized operation on the authentication key by using the composite decentralized factor obtained by one-time compounding and other single restrictive decentralized factors, wherein the method specifically comprises the following steps:
step M1, the background server 3 generates a plurality of restrictive dispersion factors;
step M2, the background server 3 calculates a plurality of restrictive dispersion factors to obtain a composite dispersion factor,
step M3, performing a first dispersion operation on the authentication key by using the composite dispersion factor;
and step M4, performing the Nth dispersion operation on the authentication key by the restrictive dispersion factor N.
Example 2
Respectively carrying out dispersive operation on the authentication key by using a plurality of composite dispersion factors obtained by multiple compounding, which specifically comprises the following steps:
step M1', the backend server 3 generates a plurality of restrictive dispersion factors;
step M2', the background server 3 calculates a plurality of restrictive dispersion factors to obtain a composite dispersion factor M, and calculates another plurality of restrictive dispersion factors to obtain a composite dispersion factor k;
step M3', performing a first dispersion operation on the authentication key using a composite dispersion factor M;
step M4', a second scatter operation is performed on the authentication key using the composite scatter factor k.
Step S104: the background server 3 truncates the result of the dispersion operation to obtain a pseudo random number;
specifically, the result of performing the dispersion operation on the authentication key is an 8-bit PIN code, and the 8-bit PIN code is truncated to obtain a 4-bit PIN code, that is, a pseudo random number, and the truncation is specifically as follows:
example 1
Concealing the first 4 bits of the 8-bit result PIN code, wherein the obtained last 4 bits of PIN code are pseudo-random numbers;
example 2
Hiding odd bits of the 8-bit result PIN code, and obtaining a remaining 4-bit PIN code as a pseudo-random number;
example 3
And (3) supplementing a 16-system number after the last bit of the 8-bit result PIN code, and then hiding the first 5 bits to obtain the remaining 4-bit PIN code which is a pseudo-random number.
Step S105: the background server 3 sends the pseudo random number to the HCE client 2 requesting an update.
Step S2: the background server 3 establishes communication with the HCE client 2 and updates the pseudo random number in the HCE client 2;
specifically, as shown in fig. 5, the step S2: the background server 3 establishes communication with the HCE client 2, and updates the pseudo random number in the HCE client 2, specifically:
step S201: the HCE client 2 sends an updating request to the background server 3;
step S202: the background server 3 generates a new pseudo random number;
step S203: the background server 3 sends the new pseudo random number and the transaction serial number to the HCE client 2;
specifically, the transaction serial number corresponds to the pseudo random number, and is used for calculating the pseudo random number through the transaction serial number at the POS terminal, so as to verify the pseudo random number sent by the HCE client.
Step S204: HCE client 2 replaces the old pseudo random number with the new pseudo random number;
step S205: the HCE client 2 sends update success information to the background server 3.
Step S3: the POS machine 1 uses the pseudo-random number to verify the legitimacy of the HCE client 2 for subsequent transactions.
Specifically, as shown in fig. 6, the step S3: the POS machine 1 utilizes the pseudo-random number to verify the legality of the HCE client 2 so as to realize subsequent transactions, and specifically comprises the following steps:
step S301: the HCE client 2 is close to the POS machine 1;
step S302: the POS machine 1 sends a card number reading request to the HCE client 2;
step S303: the HCE client 2 sends the card number and the card sender identification to the POS machine 1;
step S304: the POS machine 1 sends an initialization transaction instruction to the HCE client 2;
step S305: the HCE client 2 sends a pseudo-random number, a transaction serial number, a key version, an algorithm identifier and other extension information to the POS machine 1;
step S306: the POS machine 1 judges whether HCE transaction is carried out according to the card number and the card sender identification, if so, the step S307 is executed, otherwise, the step S308 is executed;
more specifically, the step S306: the POS machine 1 judges whether HCE transaction is carried out according to the card number and the card sender identification, and the specific judgment comprises the following steps:
judging the card type according to the serial number of the user card; or the card type is determined based on one or both of the key version number or the algorithm identification field.
Example 1
The off-line transaction device judges the card type according to the serial number of the user card according to the service processing logic.
After the off-line transaction device receives the transaction response information, the serial number information of the user card in the transaction response information is analyzed, and the card type is judged according to the service processing logic of the user card.
Example 2
The off-line transaction device determines the card type based on the business processing logic.
After the off-line transaction device receives the transaction response information, the key version number and the algorithm identification field in the transaction response information are analyzed, and the card type is judged according to the service processing logic of the off-line transaction device.
Step S307: the POS machine 1 judges whether the random number is legal or not, if so, the step S308 is executed, otherwise, the transaction is terminated;
more specifically, the POS machine 1 receives the transaction serial number of the HCE client 2, calculates the transaction serial number to obtain a verification pseudo random number for verifying the transaction, judges whether the verification pseudo random number is consistent with the pseudo random number sent by the HCE client, if so, the POS machine considers that the random number is legal, and executes step S308, and if not, the transaction is terminated;
step S308: calculating the dispersion of the transaction master key to the card number to obtain a card consumption sub-key;
step S309: calculating a process key according to the transaction information;
step S310: MAC1 is calculated using the procedure key and sent to HCE client 2;
step S311: calculating a process key using the restricted transaction key;
step S312: check MAC1 using the procedure key;
step S313: calculating MAC2 using the process key according to the transaction information and sending to POS machine 1;
step S314: POS 1 verifies MAC2 completes the transaction.
More specifically, the step S2: before updating the pseudo random number, the following steps are carried out:
at step S2', the HCE client 2 verifies whether the pseudo random number expires or exceeds the usage number, and if so, performs step S2, otherwise performs step S3.
Although the present invention has been described with reference to a preferred embodiment, it should be understood that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (4)
1. An HCE off-line payment system is characterized by comprising an HCE client, a POS machine and a background server,
the HCE client communicates with the background server through HTTP when updating data online, and specifically includes:
the background server is used for generating a pseudo-random number according to an update request of the HCE client and sending a new pseudo-random number and a new transaction serial number to the HCE client requesting update;
the HCE client is used for receiving a new pseudo-random number and a new transaction serial number sent by the background server;
the HCE client communicates with the POS machine through NFC when executing HCE offline payment, and specifically comprises the following steps:
the HCE client is used for verifying whether the pseudo-random number is overdue or exceeds the using quantity when HCE off-line payment is executed, if so, sending an updating request to a background server, and executing an on-line data updating stage, otherwise, sending the card number, a new pseudo-random number and a new transaction serial number which are sent by the background server to the POS machine;
the POS machine is used for receiving a new transaction serial number, a card number and a new pseudo-random number sent by the HCE client, comparing and verifying the pseudo-random number generated by calculation according to the new transaction serial number and the card number with the new pseudo-random number sent by the HCE client and finishing the subsequent payment process;
the implementation method of the HCE offline payment system comprises a data online updating stage and an HCE offline payment stage, and specifically comprises the following steps:
and (3) a data online updating stage:
the HCE client communicates with the background server through HTTP;
the HCE client sends an updating request to the background server;
the background server generates a new pseudo-random number and sends the new pseudo-random number and a new transaction serial number to the HCE client;
the HCE client replaces the old pseudo-random number with the new pseudo-random number;
the HCE client sends update success information to the background server;
HCE off-line payment phase:
the method comprises the following steps that an HCE client side is close to a POS machine, and NFC communication connection is established between the HCE client side and the POS machine;
the HCE client verifies whether the pseudo random number is expired or exceeds the using quantity, if so, an updating request is sent to a background server, and a data online updating stage is executed, otherwise, the following operations are executed;
the HCE client sends the card number to the POS machine, and a new pseudo-random number and a new transaction serial number which are sent by the background server;
the POS machine compares and verifies the pseudo-random number generated according to the new transaction serial number and the card number with the new pseudo-random number sent by the HCE client side and completes the subsequent payment process;
the HCE off-line payment stage specifically comprises the following steps:
step S301: the HCE client is close to the POS machine;
step S302: the POS machine sends a card number reading request to the HCE client;
step S303: the HCE client sends a card number and a card issuer identification to the POS machine;
step S304: the POS machine sends an initialization transaction instruction to the HCE client;
step S305: the HCE client sends a new pseudo-random number, a new transaction serial number, a key version, an algorithm identifier and other extension information sent by the background server to the POS machine;
step S306: if the POS machine judges that the HCE transaction is carried out according to the card number and the card sender identification, executing a step S307;
step S307: the POS machine compares and verifies a pseudo-random number generated according to the new transaction serial number and the card number with a new pseudo-random number sent by the HCE client, and executes a subsequent payment process after the verification is passed;
the background server generates a new pseudo random number, specifically:
step S101: the background server calls an authentication key;
step S102: the background server generates a restrictive dispersion factor;
step S103: the background server uses a restrictive dispersion factor to perform dispersion operation on the authentication key;
step S104: the background server truncates the result of the scattered operation to obtain a new pseudo random number;
step S105: the background server sends a new pseudo random number to the HCE client requesting updating;
the step S103: the background server uses the restrictive dispersion factor to perform dispersion operation on the authentication key, and specifically comprises the following steps:
if multi-level dispersion is used, the following steps are performed,
step T1, the background server generates a restrictive dispersion factor 1;
step T2, performing a first dispersion operation on the authentication key by using a restrictive dispersion factor 1;
step T3, the background server generates a restrictive dispersion factor 2;
step T4, performing a second dispersion operation on the authentication key by using a restrictive dispersion factor 2;
step T5, the background server generates a restrictive dispersion factor n;
step T6, using a restrictive dispersion factor N to perform the Nth dispersion operation on the authentication key;
if the first-stage mixing dispersion is adopted, the following steps are carried out,
step R1, the background server generates a plurality of restrictive dispersion factors;
step R2, the background server calculates a plurality of restrictive dispersion factors to obtain composite dispersion factors;
a step R3 of performing a distributed operation on the authentication key using a composite dispersion factor;
if the mixing dispersion is adopted, a mode of sharing multi-stage dispersion and first-stage mixing dispersion is adopted, and the method specifically comprises the following steps:
step M1, the background server generates a plurality of restrictive dispersion factors;
step M2, the background server calculates a plurality of restrictive dispersion factors to obtain composite dispersion factors,
step M3, performing a first dispersion operation on the authentication key by using the composite dispersion factor;
and step M4, performing the Nth dispersion operation on the authentication key by the restrictive dispersion factor N.
2. The HCE offline payment system of claim 1, wherein said HCE client is a mobile phone end or an analog card device.
3. The HCE offline payment system of claim 1, wherein said operating a plurality of restrictive dispersion factors, in particular one of an exclusive or operation, an MD5 digest operation, and a hash operation, is performed on the plurality of restrictive dispersion factors.
4. The HCE offline payment system of claim 1, wherein said step S306: the POS machine judges whether HCE transaction is carried out according to the card number and the card sender identification, and the specific judgment comprises the following steps:
judging the card type according to the serial number of the user card; or the card type is determined based on one or both of the key version number or the algorithm identification field.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610102257.7A CN105787727B (en) | 2016-02-24 | 2016-02-24 | HCE (human computer interaction) offline payment system and implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610102257.7A CN105787727B (en) | 2016-02-24 | 2016-02-24 | HCE (human computer interaction) offline payment system and implementation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105787727A CN105787727A (en) | 2016-07-20 |
| CN105787727B true CN105787727B (en) | 2020-11-24 |
Family
ID=56402720
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610102257.7A Active CN105787727B (en) | 2016-02-24 | 2016-02-24 | HCE (human computer interaction) offline payment system and implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105787727B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106251132B (en) * | 2016-07-28 | 2020-03-31 | 恒宝股份有限公司 | HCE offline security improving system and implementation method |
| TWI599972B (en) * | 2016-07-29 | 2017-09-21 | Transaction Key Management Supplementary Methods | |
| CN106296174A (en) * | 2016-08-08 | 2017-01-04 | 东信和平科技股份有限公司 | A kind of small amount payment card device based on HCE technology and its implementation |
| CN106548338B (en) * | 2016-09-23 | 2020-04-24 | 深圳市微付充科技有限公司 | Method and system for transferring resource numerical value |
| KR101843660B1 (en) * | 2016-12-30 | 2018-03-29 | 브이피 주식회사 | Payment method for transportation fee by hce type using mobile terminal |
| CN111292089A (en) * | 2020-02-12 | 2020-06-16 | 北京智慧云测科技有限公司 | PSAM card protection management method and PSAM card |
| CN113256287B (en) * | 2021-07-05 | 2021-10-15 | 深圳市深圳通有限公司 | Offline consumption management method and system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105243542A (en) * | 2015-11-13 | 2016-01-13 | 广西米付网络技术有限公司 | System and method of dynamic electronic certificate authentication |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101996442A (en) * | 2009-08-25 | 2011-03-30 | 中国移动通信集团公司 | Method, device and system for recharging electronic purse |
| CN102081821B (en) * | 2009-11-27 | 2013-08-14 | 中国银联股份有限公司 | IC (integrated circuit) card paying system and method as well as multi-application IC card and payment terminal |
| CN104240073A (en) * | 2014-10-11 | 2014-12-24 | 上海众人科技有限公司 | Offline payment method and offline payment system on basis of prepaid cards |
-
2016
- 2016-02-24 CN CN201610102257.7A patent/CN105787727B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105243542A (en) * | 2015-11-13 | 2016-01-13 | 广西米付网络技术有限公司 | System and method of dynamic electronic certificate authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105787727A (en) | 2016-07-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105787727B (en) | HCE (human computer interaction) offline payment system and implementation method | |
| US11770369B2 (en) | System and method for identity verification across mobile applications | |
| US11877213B2 (en) | Methods and systems for asset obfuscation | |
| US11842350B2 (en) | Offline authentication | |
| CN107925572B (en) | Secure binding of software applications to communication devices | |
| CN107111500B (en) | Wireless provisioning of application libraries | |
| KR101544722B1 (en) | Method for performing non-repudiation, payment managing server and user device therefor | |
| CN102510333B (en) | Authorization method and system | |
| US20190087814A1 (en) | Method for securing a payment token | |
| US9734091B2 (en) | Remote load and update card emulation support | |
| US20150310427A1 (en) | Method, apparatus, and system for generating transaction-signing one-time password | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN105427106B (en) | Authorization processing method and payment processing method of electronic cash data and virtual card | |
| CN105847000A (en) | Token generation method and communication system based on same | |
| CN103248495A (en) | In-app paying method, server, client side and system | |
| CN108768941B (en) | Method and device for remotely unlocking safety equipment | |
| JPWO2004053664A1 (en) | Program execution control device, OS, client terminal, server, program execution control system, program execution control method, program execution control program | |
| CN110326011B (en) | Determining legal conditions at a computing device | |
| CN103107888A (en) | Dynamic multi-attribute multilevel identity authentication method for mobile terminal (MT) | |
| CN106251132B (en) | HCE offline security improving system and implementation method | |
| US10396989B2 (en) | Method and server for providing transaction keys | |
| CN104835038A (en) | Networking payment device and networking payment method | |
| WO2016123823A1 (en) | Data interaction method, apparatus and system | |
| EP3364329B1 (en) | Security architecture for device applications | |
| KR102026279B1 (en) | How to manage your application |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |