CN106209383B - A kind of method and device of mobile payment security certification - Google Patents
A kind of method and device of mobile payment security certification Download PDFInfo
- Publication number
- CN106209383B CN106209383B CN201610557060.2A CN201610557060A CN106209383B CN 106209383 B CN106209383 B CN 106209383B CN 201610557060 A CN201610557060 A CN 201610557060A CN 106209383 B CN106209383 B CN 106209383B
- Authority
- CN
- China
- Prior art keywords
- signature
- message
- key
- payment app
- safety chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Business, Economics & Management (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses a kind of method and device of mobile payment security certification, method, which includes: secure payment APP, obtains KEY ID from safety chip;Pre- front end processor of planting binds the name of KEY ID and user, type of credential and certificate number, and sends pre- plant server for binding information and save, the pre- secure payment APP for planting server and binding success result being returned to mobile terminal;User issues payment request in the secure payment APP of mobile terminal, and after inputting PIN code, transaction message is sent safety chip by secure payment APP;After safety chip is verified PIN code, digital signature processing is done to transaction message, and send signature verification service device for signature value and carry out sign test, when confirmation is to trade in person, then pays successfully and payment result is returned into secure payment APP.The present invention is able to achieve the higher digital certificate of addition security level or electronic signature, the safety that can guarantee mobile payment.
Description
Technical field
The present invention relates to mobile payment field, in particular to a kind of method and device of mobile payment security certification.
Background technique
In message transmitting procedure, the simple confidentiality for guaranteeing data using encryption, actually there is also defects, if
Sender goes back on one's word suddenly after sending some information, and stating this information not is that oneself sends, and is denied, although data pass
It is secrecy during defeated, but can not proves sender's identity of this information, is unfavorable for the management of communication in this way.
In the prior art, general by the way of signature, make information non-repudiation, for example, contract negotiation, bank debits
Deng all using the form of user's signature, it was demonstrated that this information occurred really, then, in network communications, usually using number
Word signature realizes the non-repudiation of information.
Central Bank in 2015 has issued " non-banking payment mechanism network payment service management method (exposure draft) ", this,
" method " provide payment mechanism as verified element using being no less than two classes, and including the higher digital certificate of security level or
Electronic signature then can voluntarily arrange single with client, the odd-numbered day adds up limit;Payment mechanism is no less than two class elements as used,
It but does not wherein include digital certificate, electronic signature, " method " is referring to the People's Bank for business bank, bank card liquidation organization
Regulator requires, it is specified that the odd-numbered day adds up 5000 yuan of limits.Therefore, the limitation that break defined in " method ", needs
When mobile payment, the higher digital certificate of addition security level or electronic signature.However, being had not been achievable in current technology
The higher digital certificate of security level or electronic signature are added in mobile payment, it cannot be guaranteed that the safety of mobile payment.
Summary of the invention
The technical problem to be solved in the present invention is that not being able to achieve addition in mobile payment for the above-mentioned of the prior art
The higher digital certificate of security level or electronic signature, it cannot be guaranteed that the safety of mobile payment defect, a kind of energy is provided
It realizes the higher digital certificate of addition security level or electronic signature, can guarantee that the mobile payment of the safety of mobile payment is pacified
The method and device authenticated entirely.
The technical solution adopted by the present invention to solve the technical problems is: constructing a kind of side of mobile payment security certification
Method includes the following steps:
A) user installs secure payment APP, and the safety by the secure payment APP into bracelet in the terminal
Chip initiates to obtain pre- plant certificate KEY ID request, and KEY ID is sent to the secure payment APP by the safety chip;
B) the secure payment APP sends name, type of credential and the certificate number of the KEY ID and user to pre-
It plants front end processor to bind, the pre- plant front end processor sends pre- plant server for binding information and saves, the pre- plant service
Binding success result is returned to the secure payment APP simultaneously by device;
C) user issues payment request in the secure payment APP of its mobile terminal, and searches the KEY ID,
The secure payment APP prompt input PIN code, after the user inputs the PIN code, the secure payment APP reports transaction
Text is sent to the safety chip;
D) safety chip verifies the PIN code, and judges whether by verifying, if so, by payment amount
It is shown on the display screen of the bracelet, and user described in vibration reminding, executes step E);Otherwise, the safety chip will be handed over
The information easily to fail is sent to the secure payment APP;
E) safety chip does digital signature processing to the transaction message, and sends signature verification clothes for signature value
Device progress sign test of being engaged in then pays successfully when confirmation is to trade in person and payment result is returned to the secure payment APP.
In the method for mobile payment security of the present invention certification, the step E) further comprise:
E1) bracelet temporarily generates RSA key pair;The RSA key is to including private key and public key;
E2) private key is stored in the safety chip, and the public key and transaction message are assembled into signature report
Text;
E3) bracelet using preset algorithm to the signature message by the report that a fixed digit is calculated
Literary digest value, and digital signature will be obtained after the message digest value of the fixed digit private key encryption;
E4) digital signature and signature message are sent to the signature verification service device, the signature by the bracelet
Authentication server calculates the first message digest value to the signature message using preset algorithm, then with the public key
The digital signature is decrypted to obtain the second message digest value;
E5) the first message digest value and the second message digest value are compared, and judge whether it is equal, if so,
Determine the transaction message from the user;Otherwise, it determines the transaction message is not from the user.
In the method for mobile payment security of the present invention certification, the digit of the RSA key pair is 1028.
In the method for mobile payment security of the present invention certification, the preset algorithm is HASH (Hash)
Algorithm.
Mobile payment security of the present invention certification method in, the secure payment APP wirelessly with
The safety chip is communicated.
The invention further relates to a kind of devices of method for realizing above-mentioned mobile payment security certification, comprising:
Request transmitting unit: for making user install secure payment APP in the terminal, and pass through the secure payment
Safety chip of the APP into bracelet initiates to obtain pre- plant certificate KEY ID request, and KEY ID is sent to institute by the safety chip
State secure payment APP;
Information binding unit: for making the secure payment APP by name, the type of credential of the KEY ID and user
It is sent to pre- plant front end processor with certificate number to bind, the pre- plant front end processor sends pre- plant server for binding information and protects
It deposits, binding success result is returned to the secure payment APP simultaneously by the pre- plant server;
Transaction message transmission unit: for making the user issue payment in the secure payment APP of its mobile terminal
Request, and the KEY ID is searched, the secure payment APP prompt input PIN code, after the user inputs the PIN code, institute
It states secure payment APP and sends the safety chip for transaction message;
Verifying judging unit: for verifying that the safety chip to the PIN code, and judge whether by testing
Card, if so, payment amount is shown on the display screen of the bracelet, and user described in vibration reminding;Otherwise, the safe core
The information of Fail Transaction is sent the secure payment APP by piece;
Signature unit: it is sent out for making the safety chip do digital signature processing to the transaction message, and by signature value
It is sent to signature verification service device and carries out sign test, when confirmation is to trade in person, then pays successfully and payment result is returned into institute
State secure payment APP.
In the device of the method for the present invention for realizing the certification of above-mentioned mobile payment security, the signature unit is into one
Step includes:
RSA key is to generation module: for making the bracelet temporarily generate RSA key pair;The RSA key is to including private
Key and public key;
It saves assembling module: being reported for the private key to be stored in the safety chip, and by the public key and transaction
Text is assembled into signature message;
Digital signature obtains module: for making the bracelet use preset algorithm to the signature message by calculating
The message digest value of a fixed digit is obtained, and will be obtained after the message digest value of the fixed digit private key encryption
Digital signature;
Calculate deciphering module: for making the bracelet that the digital signature and signature message are sent to the signature verification
Server, the signature verification service device calculate the first message digest to the signature message using preset algorithm
Value, is then decrypted the digital signature with the public key to obtain the second message digest value;
Message digest comparison module: for the first message digest value and the second message digest value to be compared, and
Judge whether it is equal, if so, determining that the transaction message comes from the user;Otherwise, it determines the transaction message is not from
The user.
In the device of the method for the present invention for realizing above-mentioned mobile payment security certification, the RSA key pair
Digit is 1028.
In the device of the method for the present invention for realizing above-mentioned mobile payment security certification, the preset calculation
Method is HASH algorithm.
In the device of the method for the present invention for realizing above-mentioned mobile payment security certification, the secure payment APP
Wirelessly communicated with the safety chip.
The method and device for implementing mobile payment security certification of the invention, has the advantages that due to safe core
Sector-meeting does digital signature processing to transaction message, and sends signature verification service device for signature value and carry out sign test, when confirmation is
When I trades, then pay successfully and by payment result back to secure payment APP, thus its be able to achieve addition security level compared with
High digital certificate or electronic signature, the safety that can guarantee mobile payment.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art
To obtain other drawings based on these drawings.
Fig. 1 is the flow chart of the method in method and device one embodiment of mobile payment security of the present invention certification;
Fig. 2 is that safety chip does digital signature processing to transaction message in the embodiment, and sends label for signature value
Name authentication server carries out the specific flow chart of sign test;
Fig. 3 is the structural schematic diagram of device in the embodiment.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
In the method and device embodiment of mobile payment security of the present invention certification, the method for mobile payment security certification
Flow chart it is as shown in Figure 1.In Fig. 1, the method for mobile payment security certification includes the following steps:
Step S01 user installs secure payment APP in the terminal, and passes through peace of the secure payment APP into bracelet
Full chip initiates to obtain pre- plant certificate KEY ID request, and KEY ID is sent to secure payment APP: the present embodiment by safety chip
In, the safety chip (i.e. SE) containing the certification of a CFCA (China's finance authentication center) in bracelet, in each safety chip
Face has unique KEY ID.In this step, user installs secure payment APP in the terminal, and passes through the secure payment
Safety chip of the APP into bracelet initiates to obtain pre- plant certificate KEY ID request, after safety chip receives the request, by safe core
KEY ID in piece is sent to secure payment APP.It is noted that mobile terminal can be mobile phone, plate in the present embodiment
Computer, notebook or PDA etc..
Before the name of KEY ID and user, type of credential and certificate number are sent pre- plant by step S02 secure payment APP
The machine of setting is bound, and pre- plant front end processor sends pre- plant server for binding information and saves, and pre- server of planting will be bound simultaneously
Successful result returns to secure payment APP: in this step, secure payment APP is by the name of KEY ID and user, type of credential
It is sent to pre- plant front end processor with certificate number to bind, after binding success, pre- plant front end processor sends pre- plant for binding information and services
Device is saved, and binding success result is returned to secure payment APP simultaneously by pre- server of planting.In this way, each bracelet with
User has done uniqueness binding.
Step S03 user issues payment request in the secure payment APP of its mobile terminal, and searches KEYID, secure payment
APP prompt input PIN code, after user inputs PIN code, transaction message is sent safety chip: this step by secure payment APP
In, user issues payment request in the secure payment APP of its mobile terminal, and secure payment APP searches the bracelet of user, if with
The bracelet at family user at one's side, then on secure payment APP prompt input PIN code, user input PIN code after, secure payment APP
Safety chip is sent by transaction message.
Step S04 safety chip verifies PIN code, and judges whether to pass through verifying: in this step, safety chip pair
PIN code is verified, and is judged whether through verifying, that is, judge whether the PIN code is correct, if so, executing step S06;
Otherwise, step S05 is executed.
The information of Fail Transaction is sent secure payment APP by step S05 safety chip: if above-mentioned steps S04's sentences
Disconnected result be it is no, then execute this step.In this step, the information of Fail Transaction is sent secure payment APP by safety chip.
Step S06 shows payment amount on the display screen of bracelet, and vibration reminding user: if above-mentioned steps S04
Judging result be it is yes, then execute this step.In this step, payment amount will be shown on the display screen of bracelet, and shake
Remind user.This step has been executed, step S07 is executed.
Step S07 safety chip does digital signature processing to transaction message, and sends signature verification service for signature value
Device carries out sign test, when confirmation is to trade in person, then pays successfully and payment result is returned to secure payment APP: this step
In, safety chip in bracelet does digital signature processing to transaction message, and by signature value be sent to signature verification service device into
Row sign test then pays successfully when confirmation is that user trades and payment result is returned to secure payment APP.So its
It is able to achieve the higher digital certificate of addition security level or electronic signature, the safety that can guarantee mobile payment.
For the present embodiment, above-mentioned steps S07 can also be refined further, refinement after flow chart as shown in Fig. 2,
In Fig. 2, above-mentioned steps S07 further comprises:
Step S71 bracelet temporarily generates RSA key pair: in this step, when bracelet transact business verify when, can temporarily generate
RSA key pair, the RSA key is to including private key and public key.In the present embodiment, the digit of RSA key pair is 1028.Certainly,
Under some cases of the present embodiment, the digit of RSA key pair may be other values.
Private key is stored in safety chip by step S72, and public key and transaction message are assembled into signature message: this step
In, private key is stored in safety chip, and public key and transaction message are assembled into signature message.
Step S73 bracelet is plucked signature message by the message that a fixed digit is calculated using preset algorithm
Be worth, and will obtain digital signature after the message digest value private key encryption of fixed digit: in this step, bracelet using setting in advance
Fixed algorithm to signature message by the message digest value that a fixed digit is calculated, and by the message digest of the fixation digit
Digital signature is obtained after value private key encryption.It is noted that needing for calculated message digest value in mathematics
As long as any message digest value one, recalculated will not be consistent with original value in upper guarantee change signature message.
The unalterable feature of transaction message is ensured that in this way.Above-mentioned preset algorithm can be HASH algorithm, naturally it is also possible to
Using other algorithms.
Digital signature and signature message are sent to signature verification service device by step S74 bracelet, and signature verification service device makes
The first message digest value is calculated to signature message with preset algorithm, then digital signature is decrypted with public key
To the second message digest value: in this step, digital signature and signature message are sent to signature verification service device by bracelet, and signature is tested
After card server receives, the first message digest value is calculated to signature message using above-mentioned preset algorithm, then with public affairs
Key is decrypted digital signature to obtain the second message digest value.
First message digest value and the second message digest value are compared by step S75, and are judged whether equal: this step
In, the first message digest value and the second message digest value are compared, and judge whether it is equal, if so, i.e. both it is equal, then
Execute step S77;Otherwise, step S76 is executed.
Step S76 determines that transaction message is not from user: if the judging result of above-mentioned steps S75 be it is no, i.e., both
It is unequal, then execute this step.In this step, determine that transaction message is not from user.
Step S77 determines transaction message from user: if the judging result of above-mentioned steps S75 be it is yes, execute this step
Suddenly.In this step, determine transaction message from user.Signer due to only possessing private key can be by " decryption " message digest
Value generates signature, therefore has safety and non repudiation.
It is noted that, when secure payment APP is communicated with safety chip, being by wireless in the present embodiment
What mode was communicated.Such as: bluetooth, wifi etc..When using bluetooth approach, bracelet transact business verify when, safety support
Signature message can be given to the Bluetooth chip in bracelet by the privately owned news agreement of bluetooth by paying APP, and Bluetooth chip will be according in agreement
Hold, sends corresponding instruction to safety chip, safety chip executes dependent instruction again, and returns result to Bluetooth chip, bluetooth
The resultant content of return is returned to secure payment APP by bluetooth proprietary protocol again by chip.Its is flexible to operation.
The present embodiment further relates to a kind of device of method for realizing above-mentioned mobile payment security certification, and structural schematic diagram is such as
Shown in Fig. 3.In Fig. 3, which includes request transmitting unit 1, information binding unit 2, transaction message transmission unit 3, verifies and sentence
Disconnected unit 4 and signature unit 5;Wherein, request transmitting unit 1 is used to that user to be made to install secure payment APP in the terminal, and
By safety chip of the secure payment APP into bracelet initiate to obtain it is pre- plant certificate KEY ID request, safety chip is by KEY ID
It is sent to secure payment APP;Information binding unit 2 is for making secure payment APP by the name of KEY ID and user, certificate class
Type and certificate number are sent to pre- plant front end processor and bind, and pre- plant front end processor sends pre- plant server for binding information and protects
It deposits, binding success result is returned to secure payment APP simultaneously by pre- server of planting;Transaction message transmission unit 3 is for making user
Payment request is issued in the secure payment APP of its mobile terminal, and searches KEY ID, secure payment APP prompt input PIN code,
After user inputs PIN code, transaction message is sent safety chip by secure payment APP;Verifying judging unit 4 is for making safe core
Piece verifies PIN code, and judges whether if so, showing payment amount on the display screen of bracelet, and to shake by verifying
It is dynamic to remind user;Otherwise, the information of Fail Transaction is sent secure payment APP by safety chip;Signature unit 5 is for making safety
Chip does digital signature processing to transaction message, and sends signature verification service device for signature value and carry out sign test, when confirmation is
When I trades, then pays successfully and payment result is returned into secure payment APP.So its be able to achieve addition security level compared with
High digital certificate or electronic signature, the safety that can guarantee mobile payment.It is noted that in the present embodiment, safety
Payment APP is wirelessly communicated with safety chip.
In the present embodiment, signature unit 5 further comprises RSA key to generation module 51, preservation assembling module 52, number
Signature obtains module 53, calculates deciphering module 54 and message digest comparison module 55;Wherein, RSA key uses generation module 51
In making bracelet temporarily generate RSA key pair;For RSA key to including private key and public key, the digit of RSA key pair is 1028,
It can be other values;Assembling module 52 is saved for private key to be stored in safety chip, and public key and transaction message are assembled
For message of signing;Digital signature obtain module 53 for make bracelet using preset algorithm to signature message by being calculated
The message digest value of one fixed digit, and digital signature will be obtained after the message digest value private key encryption of fixed digit;On
Stating preset algorithm is HASH algorithm, or other algorithms.Deciphering module 54 is calculated for signing bracelet by number
Name is sent to signature verification service device with signature message, and signature verification service device is using preset algorithm to signature message meter
The first message digest value is calculated, then digital signature is decrypted with public key to obtain the second message digest value;Message digest ratio
Be used to for the first message digest value and the second message digest value being compared compared with module 55, and judge whether it is equal, if so, determining
Transaction message comes from user;Otherwise, it determines transaction message is not from user.Signer due to only possessing private key can pass through
" decryption " message digest value generates signature, therefore has safety and non repudiation.
In short, in the present embodiment, the signature process of digital signature is exactly sender according to information to be sent, with certainly
Body private key forms digital signature after encrypting to message digest value.Namely user is subject to message digest value using the private key of oneself
Processing, since key is only that I am all, this creates the terminal the files that others can not generate, and are also formed digital signature,
Using digital signature, it is ensured that information is to be signed to send by signer oneself, and signer cannot be denied or be difficult to deny.It connects
Debit can not make any modification from after signing and issuing with verification information until receiving, and the file signed and issued is authentic document.Therefore,
It ensure that the safety of payment.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (8)
1. a kind of method of mobile payment security certification, which comprises the steps of:
A) user installs secure payment APP, and the safety chip by the secure payment APP into bracelet in the terminal
It initiates to obtain pre- plant certificate KEY ID request, KEY ID is sent to the secure payment APP by the safety chip;
B before) name, type of credential and the certificate number of the KEY ID and user are sent pre- plant by the secure payment APP
The machine of setting is bound, and the pre- plant front end processor sends pre- plant server for binding information and saves, and the pre- plant server is same
When binding success result returned into the secure payment APP;
C) user issues payment request in the secure payment APP of its mobile terminal, and searches the KEY ID, described
Secure payment APP prompt input PIN code, after the user inputs the PIN code, the secure payment APP sends out transaction message
It is sent to the safety chip;
D) safety chip verifies the PIN code, and judges whether by verifying, if so, payment amount is shown
On the display screen of the bracelet, and user described in vibration reminding, execute step E);Otherwise, the safety chip loses transaction
The information lost is sent to the secure payment APP;
E) safety chip does digital signature processing to the transaction message, and sends signature verification service device for signature value
Sign test is carried out, when confirmation is to trade in person, then pays successfully and payment result is returned into the secure payment APP;
The step E) further comprise:
E1) bracelet temporarily generates RSA key pair;The RSA key is to including private key and public key;
E2) private key is stored in the safety chip, and the public key and transaction message are assembled into signature message;
E3) bracelet carries out the message that a fixed digit is calculated to the signature message using preset algorithm
Digest value, and digital signature will be obtained after the message digest value of the fixed digit private key encryption;
E4) digital signature and signature message are sent to the signature verification service device, the signature verification by the bracelet
Server calculates the first message digest value to the signature message using preset algorithm, then with the public key to institute
Digital signature is stated to be decrypted to obtain the second message digest value;
E5) the first message digest value and the second message digest value are compared, and judge whether it is equal, if so, determine
The transaction message comes from the user;Otherwise, it determines the transaction message is not from the user.
2. the method for mobile payment security certification according to claim 1, which is characterized in that the position of the RSA key pair
Number is 1028.
3. the method for mobile payment security certification according to claim 1, which is characterized in that the preset algorithm
For HASH algorithm.
4. according to claim 1 to the method that mobile payment security described in 3 any one authenticates, which is characterized in that the peace
Full payment APP is wirelessly communicated with the safety chip.
5. a kind of device for the method for realizing mobile payment security certification as described in claim 1 characterized by comprising
Request transmitting unit: for making user install secure payment APP in the terminal, and pass through the secure payment APP
Safety chip into bracelet initiates to obtain pre- plant certificate KEY ID request, and KEY ID is sent to the peace by the safety chip
Full payment APP;
Information binding unit: for making the secure payment APP by the KEY ID and name, type of credential and the card of user
Piece number is sent to pre- plant front end processor and binds, and the pre- plant front end processor sends pre- plant server for binding information and saves,
Binding success result is returned to the secure payment APP simultaneously by the pre- plant server;
Transaction message transmission unit: for making the user issue payment request in the secure payment APP of its mobile terminal,
And the KEY ID is searched, and the secure payment APP prompt input PIN code, after the user inputs the PIN code, the peace
Transaction message is sent the safety chip by full payment APP;
It verifies judging unit: for verifying that the safety chip to the PIN code, and judging whether by verifying, such as
It is to show payment amount on the display screen of the bracelet, and user described in vibration reminding;Otherwise, the safety chip will
The information of Fail Transaction is sent to the secure payment APP;
Signature unit: it is sent to for making the safety chip do digital signature processing to the transaction message, and by signature value
Signature verification service device carries out sign test, when confirmation is to trade in person, then pays successfully and payment result is returned to the peace
Full payment APP;
The signature unit further comprises:
RSA key is to generation module: for making the bracelet temporarily generate RSA key pair;The RSA key to include private key and
Public key;
Save assembling module: for the private key to be stored in the safety chip, and by the public key and transaction message group
Dress is signature message;
Digital signature obtains module: for making the bracelet calculate to the signature message using preset algorithm
To the message digest value of a fixed digit, and will be counted after the message digest value of the fixed digit private key encryption
Word signature;
Calculate deciphering module: for making the bracelet that the digital signature and signature message are sent to the signature verification service
Device, the signature verification service device calculate the first message digest value to the signature message using preset algorithm, so
The digital signature is decrypted with the public key afterwards to obtain the second message digest value;
Message digest comparison module: for the first message digest value and the second message digest value to be compared, and judge
It is whether equal, if so, determining that the transaction message comes from the user;Otherwise, it determines the transaction message be not from it is described
User.
6. device according to claim 5, which is characterized in that the digit of the RSA key pair is 1028.
7. device according to claim 5, which is characterized in that the preset algorithm is HASH algorithm.
8. according to device described in claim 5 to 7 any one, which is characterized in that the secure payment APP passes through wireless parties
Formula is communicated with the safety chip.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610557060.2A CN106209383B (en) | 2016-07-13 | 2016-07-13 | A kind of method and device of mobile payment security certification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610557060.2A CN106209383B (en) | 2016-07-13 | 2016-07-13 | A kind of method and device of mobile payment security certification |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106209383A CN106209383A (en) | 2016-12-07 |
CN106209383B true CN106209383B (en) | 2019-08-23 |
Family
ID=57475917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610557060.2A Expired - Fee Related CN106209383B (en) | 2016-07-13 | 2016-07-13 | A kind of method and device of mobile payment security certification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106209383B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483210B (en) * | 2017-08-08 | 2021-03-16 | 中国银行股份有限公司 | Data verification method and system |
CN107633402B (en) * | 2017-09-14 | 2020-06-23 | 深圳市华付信息技术有限公司 | Method and system for aggregation authentication |
CN109560932A (en) * | 2017-09-25 | 2019-04-02 | 北京云海商通科技有限公司 | The recognition methods of identity data, apparatus and system |
CN108846662A (en) * | 2018-05-29 | 2018-11-20 | 数字乾元科技有限公司 | wireless payment method and wearable device |
CN108449185A (en) * | 2018-06-04 | 2018-08-24 | 贵州数据宝网络科技有限公司 | A kind of data signature security certification system |
CN109284635B (en) * | 2018-11-07 | 2020-08-07 | 数字钱包(北京)科技有限公司 | Method, hardware equipment and system applied to zero-knowledge proof |
CN109544159A (en) * | 2018-11-12 | 2019-03-29 | 东莞市大易产业链服务有限公司 | A kind of method of quick authority to pay |
CN111275432A (en) * | 2020-01-18 | 2020-06-12 | 北京随手精灵科技有限公司 | Security authentication method, device and system |
CN111710110B (en) * | 2020-06-08 | 2022-07-05 | 福建慧捷通科技有限公司 | Two-dimensional code safety payment equipment |
CN113393237B (en) * | 2021-05-28 | 2024-08-16 | 中国银联股份有限公司 | Secure payment method, positioning terminal, device, system and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101778380A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Identity authentication method, device and system |
CN104331796A (en) * | 2014-11-04 | 2015-02-04 | 北京握奇智能科技有限公司 | Wearable device and working method thereof |
CN104850990A (en) * | 2015-05-27 | 2015-08-19 | 拉卡拉支付有限公司 | Payment method and system thereof, key terminal and key support system |
CN105162605A (en) * | 2015-09-28 | 2015-12-16 | 东南大学 | Digital signature and authentication method |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140149742A1 (en) * | 2012-11-28 | 2014-05-29 | Arnold Yau | Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors |
EP2929671B1 (en) * | 2012-12-07 | 2017-02-22 | Microsec Szamitastechnikai Fejlesztö Zrt. | Method and system for authenticating a user using a mobile device and by means of certificates |
-
2016
- 2016-07-13 CN CN201610557060.2A patent/CN106209383B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101778380A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Identity authentication method, device and system |
CN104331796A (en) * | 2014-11-04 | 2015-02-04 | 北京握奇智能科技有限公司 | Wearable device and working method thereof |
CN104850990A (en) * | 2015-05-27 | 2015-08-19 | 拉卡拉支付有限公司 | Payment method and system thereof, key terminal and key support system |
CN105162605A (en) * | 2015-09-28 | 2015-12-16 | 东南大学 | Digital signature and authentication method |
Also Published As
Publication number | Publication date |
---|---|
CN106209383A (en) | 2016-12-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106209383B (en) | A kind of method and device of mobile payment security certification | |
RU2710897C2 (en) | Methods for safe generation of cryptograms | |
CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
CN105243313B (en) | For the method whenever confirmed to verifying token | |
US10846694B2 (en) | Offline authentication | |
RU2638741C2 (en) | Method and user authentication system through mobile device with usage of certificates | |
US8898749B2 (en) | Method and system for generating one-time passwords | |
JP5601729B2 (en) | How to log into a mobile radio network | |
CN104618116B (en) | A kind of cooperative digital signature system and its method | |
TW201741922A (en) | Biological feature based safety certification method and device | |
US10504109B2 (en) | Method for the mutual authentication of entities having previously initiated an online transaction | |
US12088733B1 (en) | Systems and methods for privacy preserving distributed ledger consensus | |
CN105608577A (en) | Method for performing non-repudiation, and payment managing server and user device therefor | |
CA2355928C (en) | Method and system for implementing a digital signature | |
JP2015537399A (en) | Application system for mobile payment and method for providing and using mobile payment means | |
US20150310441A1 (en) | Transaction system method, electronic signature tool, and network bank server authentication | |
CN110321682B (en) | Unified identity authentication method and device based on UAF (Universal authentication framework) and IBC (identity based communication) | |
KR100815072B1 (en) | Electronic value exchange system and electronic value exchange method | |
KR101176023B1 (en) | Repudiation Checking System for e-Commerce | |
CN103746802B (en) | A kind of data processing method and mobile phone based on arranging key | |
JPH1165443A (en) | Management element system for individual authentication information | |
EP3188104A1 (en) | Peer-to-peer transaction authorization | |
KR101388439B1 (en) | Device and method of authentication management based on e-mail | |
CN112016926A (en) | User identity verification method for secure transaction environment | |
EP4250208B1 (en) | Devices, methods and a system for secure electronic payment transactions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190823 Termination date: 20210713 |
|
CF01 | Termination of patent right due to non-payment of annual fee |