CN106209383B - A kind of method and device of mobile payment security certification - Google Patents

A kind of method and device of mobile payment security certification Download PDF

Info

Publication number
CN106209383B
CN106209383B CN201610557060.2A CN201610557060A CN106209383B CN 106209383 B CN106209383 B CN 106209383B CN 201610557060 A CN201610557060 A CN 201610557060A CN 106209383 B CN106209383 B CN 106209383B
Authority
CN
China
Prior art keywords
signature
message
key
payment app
safety chip
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610557060.2A
Other languages
Chinese (zh)
Other versions
CN106209383A (en
Inventor
罗胜豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Shang Lian Payment Network Technology Co Ltd
Original Assignee
Guangdong Shang Lian Payment Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Shang Lian Payment Network Technology Co Ltd filed Critical Guangdong Shang Lian Payment Network Technology Co Ltd
Priority to CN201610557060.2A priority Critical patent/CN106209383B/en
Publication of CN106209383A publication Critical patent/CN106209383A/en
Application granted granted Critical
Publication of CN106209383B publication Critical patent/CN106209383B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a kind of method and device of mobile payment security certification, method, which includes: secure payment APP, obtains KEY ID from safety chip;Pre- front end processor of planting binds the name of KEY ID and user, type of credential and certificate number, and sends pre- plant server for binding information and save, the pre- secure payment APP for planting server and binding success result being returned to mobile terminal;User issues payment request in the secure payment APP of mobile terminal, and after inputting PIN code, transaction message is sent safety chip by secure payment APP;After safety chip is verified PIN code, digital signature processing is done to transaction message, and send signature verification service device for signature value and carry out sign test, when confirmation is to trade in person, then pays successfully and payment result is returned into secure payment APP.The present invention is able to achieve the higher digital certificate of addition security level or electronic signature, the safety that can guarantee mobile payment.

Description

A kind of method and device of mobile payment security certification
Technical field
The present invention relates to mobile payment field, in particular to a kind of method and device of mobile payment security certification.
Background technique
In message transmitting procedure, the simple confidentiality for guaranteeing data using encryption, actually there is also defects, if Sender goes back on one's word suddenly after sending some information, and stating this information not is that oneself sends, and is denied, although data pass It is secrecy during defeated, but can not proves sender's identity of this information, is unfavorable for the management of communication in this way.
In the prior art, general by the way of signature, make information non-repudiation, for example, contract negotiation, bank debits Deng all using the form of user's signature, it was demonstrated that this information occurred really, then, in network communications, usually using number Word signature realizes the non-repudiation of information.
Central Bank in 2015 has issued " non-banking payment mechanism network payment service management method (exposure draft) ", this, " method " provide payment mechanism as verified element using being no less than two classes, and including the higher digital certificate of security level or Electronic signature then can voluntarily arrange single with client, the odd-numbered day adds up limit;Payment mechanism is no less than two class elements as used, It but does not wherein include digital certificate, electronic signature, " method " is referring to the People's Bank for business bank, bank card liquidation organization Regulator requires, it is specified that the odd-numbered day adds up 5000 yuan of limits.Therefore, the limitation that break defined in " method ", needs When mobile payment, the higher digital certificate of addition security level or electronic signature.However, being had not been achievable in current technology The higher digital certificate of security level or electronic signature are added in mobile payment, it cannot be guaranteed that the safety of mobile payment.
Summary of the invention
The technical problem to be solved in the present invention is that not being able to achieve addition in mobile payment for the above-mentioned of the prior art The higher digital certificate of security level or electronic signature, it cannot be guaranteed that the safety of mobile payment defect, a kind of energy is provided It realizes the higher digital certificate of addition security level or electronic signature, can guarantee that the mobile payment of the safety of mobile payment is pacified The method and device authenticated entirely.
The technical solution adopted by the present invention to solve the technical problems is: constructing a kind of side of mobile payment security certification Method includes the following steps:
A) user installs secure payment APP, and the safety by the secure payment APP into bracelet in the terminal Chip initiates to obtain pre- plant certificate KEY ID request, and KEY ID is sent to the secure payment APP by the safety chip;
B) the secure payment APP sends name, type of credential and the certificate number of the KEY ID and user to pre- It plants front end processor to bind, the pre- plant front end processor sends pre- plant server for binding information and saves, the pre- plant service Binding success result is returned to the secure payment APP simultaneously by device;
C) user issues payment request in the secure payment APP of its mobile terminal, and searches the KEY ID, The secure payment APP prompt input PIN code, after the user inputs the PIN code, the secure payment APP reports transaction Text is sent to the safety chip;
D) safety chip verifies the PIN code, and judges whether by verifying, if so, by payment amount It is shown on the display screen of the bracelet, and user described in vibration reminding, executes step E);Otherwise, the safety chip will be handed over The information easily to fail is sent to the secure payment APP;
E) safety chip does digital signature processing to the transaction message, and sends signature verification clothes for signature value Device progress sign test of being engaged in then pays successfully when confirmation is to trade in person and payment result is returned to the secure payment APP.
In the method for mobile payment security of the present invention certification, the step E) further comprise:
E1) bracelet temporarily generates RSA key pair;The RSA key is to including private key and public key;
E2) private key is stored in the safety chip, and the public key and transaction message are assembled into signature report Text;
E3) bracelet using preset algorithm to the signature message by the report that a fixed digit is calculated Literary digest value, and digital signature will be obtained after the message digest value of the fixed digit private key encryption;
E4) digital signature and signature message are sent to the signature verification service device, the signature by the bracelet Authentication server calculates the first message digest value to the signature message using preset algorithm, then with the public key The digital signature is decrypted to obtain the second message digest value;
E5) the first message digest value and the second message digest value are compared, and judge whether it is equal, if so, Determine the transaction message from the user;Otherwise, it determines the transaction message is not from the user.
In the method for mobile payment security of the present invention certification, the digit of the RSA key pair is 1028.
In the method for mobile payment security of the present invention certification, the preset algorithm is HASH (Hash) Algorithm.
Mobile payment security of the present invention certification method in, the secure payment APP wirelessly with The safety chip is communicated.
The invention further relates to a kind of devices of method for realizing above-mentioned mobile payment security certification, comprising:
Request transmitting unit: for making user install secure payment APP in the terminal, and pass through the secure payment Safety chip of the APP into bracelet initiates to obtain pre- plant certificate KEY ID request, and KEY ID is sent to institute by the safety chip State secure payment APP;
Information binding unit: for making the secure payment APP by name, the type of credential of the KEY ID and user It is sent to pre- plant front end processor with certificate number to bind, the pre- plant front end processor sends pre- plant server for binding information and protects It deposits, binding success result is returned to the secure payment APP simultaneously by the pre- plant server;
Transaction message transmission unit: for making the user issue payment in the secure payment APP of its mobile terminal Request, and the KEY ID is searched, the secure payment APP prompt input PIN code, after the user inputs the PIN code, institute It states secure payment APP and sends the safety chip for transaction message;
Verifying judging unit: for verifying that the safety chip to the PIN code, and judge whether by testing Card, if so, payment amount is shown on the display screen of the bracelet, and user described in vibration reminding;Otherwise, the safe core The information of Fail Transaction is sent the secure payment APP by piece;
Signature unit: it is sent out for making the safety chip do digital signature processing to the transaction message, and by signature value It is sent to signature verification service device and carries out sign test, when confirmation is to trade in person, then pays successfully and payment result is returned into institute State secure payment APP.
In the device of the method for the present invention for realizing the certification of above-mentioned mobile payment security, the signature unit is into one Step includes:
RSA key is to generation module: for making the bracelet temporarily generate RSA key pair;The RSA key is to including private Key and public key;
It saves assembling module: being reported for the private key to be stored in the safety chip, and by the public key and transaction Text is assembled into signature message;
Digital signature obtains module: for making the bracelet use preset algorithm to the signature message by calculating The message digest value of a fixed digit is obtained, and will be obtained after the message digest value of the fixed digit private key encryption Digital signature;
Calculate deciphering module: for making the bracelet that the digital signature and signature message are sent to the signature verification Server, the signature verification service device calculate the first message digest to the signature message using preset algorithm Value, is then decrypted the digital signature with the public key to obtain the second message digest value;
Message digest comparison module: for the first message digest value and the second message digest value to be compared, and Judge whether it is equal, if so, determining that the transaction message comes from the user;Otherwise, it determines the transaction message is not from The user.
In the device of the method for the present invention for realizing above-mentioned mobile payment security certification, the RSA key pair Digit is 1028.
In the device of the method for the present invention for realizing above-mentioned mobile payment security certification, the preset calculation Method is HASH algorithm.
In the device of the method for the present invention for realizing above-mentioned mobile payment security certification, the secure payment APP Wirelessly communicated with the safety chip.
The method and device for implementing mobile payment security certification of the invention, has the advantages that due to safe core Sector-meeting does digital signature processing to transaction message, and sends signature verification service device for signature value and carry out sign test, when confirmation is When I trades, then pay successfully and by payment result back to secure payment APP, thus its be able to achieve addition security level compared with High digital certificate or electronic signature, the safety that can guarantee mobile payment.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention without any creative labor, may be used also for those of ordinary skill in the art To obtain other drawings based on these drawings.
Fig. 1 is the flow chart of the method in method and device one embodiment of mobile payment security of the present invention certification;
Fig. 2 is that safety chip does digital signature processing to transaction message in the embodiment, and sends label for signature value Name authentication server carries out the specific flow chart of sign test;
Fig. 3 is the structural schematic diagram of device in the embodiment.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
In the method and device embodiment of mobile payment security of the present invention certification, the method for mobile payment security certification Flow chart it is as shown in Figure 1.In Fig. 1, the method for mobile payment security certification includes the following steps:
Step S01 user installs secure payment APP in the terminal, and passes through peace of the secure payment APP into bracelet Full chip initiates to obtain pre- plant certificate KEY ID request, and KEY ID is sent to secure payment APP: the present embodiment by safety chip In, the safety chip (i.e. SE) containing the certification of a CFCA (China's finance authentication center) in bracelet, in each safety chip Face has unique KEY ID.In this step, user installs secure payment APP in the terminal, and passes through the secure payment Safety chip of the APP into bracelet initiates to obtain pre- plant certificate KEY ID request, after safety chip receives the request, by safe core KEY ID in piece is sent to secure payment APP.It is noted that mobile terminal can be mobile phone, plate in the present embodiment Computer, notebook or PDA etc..
Before the name of KEY ID and user, type of credential and certificate number are sent pre- plant by step S02 secure payment APP The machine of setting is bound, and pre- plant front end processor sends pre- plant server for binding information and saves, and pre- server of planting will be bound simultaneously Successful result returns to secure payment APP: in this step, secure payment APP is by the name of KEY ID and user, type of credential It is sent to pre- plant front end processor with certificate number to bind, after binding success, pre- plant front end processor sends pre- plant for binding information and services Device is saved, and binding success result is returned to secure payment APP simultaneously by pre- server of planting.In this way, each bracelet with User has done uniqueness binding.
Step S03 user issues payment request in the secure payment APP of its mobile terminal, and searches KEYID, secure payment APP prompt input PIN code, after user inputs PIN code, transaction message is sent safety chip: this step by secure payment APP In, user issues payment request in the secure payment APP of its mobile terminal, and secure payment APP searches the bracelet of user, if with The bracelet at family user at one's side, then on secure payment APP prompt input PIN code, user input PIN code after, secure payment APP Safety chip is sent by transaction message.
Step S04 safety chip verifies PIN code, and judges whether to pass through verifying: in this step, safety chip pair PIN code is verified, and is judged whether through verifying, that is, judge whether the PIN code is correct, if so, executing step S06; Otherwise, step S05 is executed.
The information of Fail Transaction is sent secure payment APP by step S05 safety chip: if above-mentioned steps S04's sentences Disconnected result be it is no, then execute this step.In this step, the information of Fail Transaction is sent secure payment APP by safety chip.
Step S06 shows payment amount on the display screen of bracelet, and vibration reminding user: if above-mentioned steps S04 Judging result be it is yes, then execute this step.In this step, payment amount will be shown on the display screen of bracelet, and shake Remind user.This step has been executed, step S07 is executed.
Step S07 safety chip does digital signature processing to transaction message, and sends signature verification service for signature value Device carries out sign test, when confirmation is to trade in person, then pays successfully and payment result is returned to secure payment APP: this step In, safety chip in bracelet does digital signature processing to transaction message, and by signature value be sent to signature verification service device into Row sign test then pays successfully when confirmation is that user trades and payment result is returned to secure payment APP.So its It is able to achieve the higher digital certificate of addition security level or electronic signature, the safety that can guarantee mobile payment.
For the present embodiment, above-mentioned steps S07 can also be refined further, refinement after flow chart as shown in Fig. 2, In Fig. 2, above-mentioned steps S07 further comprises:
Step S71 bracelet temporarily generates RSA key pair: in this step, when bracelet transact business verify when, can temporarily generate RSA key pair, the RSA key is to including private key and public key.In the present embodiment, the digit of RSA key pair is 1028.Certainly, Under some cases of the present embodiment, the digit of RSA key pair may be other values.
Private key is stored in safety chip by step S72, and public key and transaction message are assembled into signature message: this step In, private key is stored in safety chip, and public key and transaction message are assembled into signature message.
Step S73 bracelet is plucked signature message by the message that a fixed digit is calculated using preset algorithm Be worth, and will obtain digital signature after the message digest value private key encryption of fixed digit: in this step, bracelet using setting in advance Fixed algorithm to signature message by the message digest value that a fixed digit is calculated, and by the message digest of the fixation digit Digital signature is obtained after value private key encryption.It is noted that needing for calculated message digest value in mathematics As long as any message digest value one, recalculated will not be consistent with original value in upper guarantee change signature message. The unalterable feature of transaction message is ensured that in this way.Above-mentioned preset algorithm can be HASH algorithm, naturally it is also possible to Using other algorithms.
Digital signature and signature message are sent to signature verification service device by step S74 bracelet, and signature verification service device makes The first message digest value is calculated to signature message with preset algorithm, then digital signature is decrypted with public key To the second message digest value: in this step, digital signature and signature message are sent to signature verification service device by bracelet, and signature is tested After card server receives, the first message digest value is calculated to signature message using above-mentioned preset algorithm, then with public affairs Key is decrypted digital signature to obtain the second message digest value.
First message digest value and the second message digest value are compared by step S75, and are judged whether equal: this step In, the first message digest value and the second message digest value are compared, and judge whether it is equal, if so, i.e. both it is equal, then Execute step S77;Otherwise, step S76 is executed.
Step S76 determines that transaction message is not from user: if the judging result of above-mentioned steps S75 be it is no, i.e., both It is unequal, then execute this step.In this step, determine that transaction message is not from user.
Step S77 determines transaction message from user: if the judging result of above-mentioned steps S75 be it is yes, execute this step Suddenly.In this step, determine transaction message from user.Signer due to only possessing private key can be by " decryption " message digest Value generates signature, therefore has safety and non repudiation.
It is noted that, when secure payment APP is communicated with safety chip, being by wireless in the present embodiment What mode was communicated.Such as: bluetooth, wifi etc..When using bluetooth approach, bracelet transact business verify when, safety support Signature message can be given to the Bluetooth chip in bracelet by the privately owned news agreement of bluetooth by paying APP, and Bluetooth chip will be according in agreement Hold, sends corresponding instruction to safety chip, safety chip executes dependent instruction again, and returns result to Bluetooth chip, bluetooth The resultant content of return is returned to secure payment APP by bluetooth proprietary protocol again by chip.Its is flexible to operation.
The present embodiment further relates to a kind of device of method for realizing above-mentioned mobile payment security certification, and structural schematic diagram is such as Shown in Fig. 3.In Fig. 3, which includes request transmitting unit 1, information binding unit 2, transaction message transmission unit 3, verifies and sentence Disconnected unit 4 and signature unit 5;Wherein, request transmitting unit 1 is used to that user to be made to install secure payment APP in the terminal, and By safety chip of the secure payment APP into bracelet initiate to obtain it is pre- plant certificate KEY ID request, safety chip is by KEY ID It is sent to secure payment APP;Information binding unit 2 is for making secure payment APP by the name of KEY ID and user, certificate class Type and certificate number are sent to pre- plant front end processor and bind, and pre- plant front end processor sends pre- plant server for binding information and protects It deposits, binding success result is returned to secure payment APP simultaneously by pre- server of planting;Transaction message transmission unit 3 is for making user Payment request is issued in the secure payment APP of its mobile terminal, and searches KEY ID, secure payment APP prompt input PIN code, After user inputs PIN code, transaction message is sent safety chip by secure payment APP;Verifying judging unit 4 is for making safe core Piece verifies PIN code, and judges whether if so, showing payment amount on the display screen of bracelet, and to shake by verifying It is dynamic to remind user;Otherwise, the information of Fail Transaction is sent secure payment APP by safety chip;Signature unit 5 is for making safety Chip does digital signature processing to transaction message, and sends signature verification service device for signature value and carry out sign test, when confirmation is When I trades, then pays successfully and payment result is returned into secure payment APP.So its be able to achieve addition security level compared with High digital certificate or electronic signature, the safety that can guarantee mobile payment.It is noted that in the present embodiment, safety Payment APP is wirelessly communicated with safety chip.
In the present embodiment, signature unit 5 further comprises RSA key to generation module 51, preservation assembling module 52, number Signature obtains module 53, calculates deciphering module 54 and message digest comparison module 55;Wherein, RSA key uses generation module 51 In making bracelet temporarily generate RSA key pair;For RSA key to including private key and public key, the digit of RSA key pair is 1028, It can be other values;Assembling module 52 is saved for private key to be stored in safety chip, and public key and transaction message are assembled For message of signing;Digital signature obtain module 53 for make bracelet using preset algorithm to signature message by being calculated The message digest value of one fixed digit, and digital signature will be obtained after the message digest value private key encryption of fixed digit;On Stating preset algorithm is HASH algorithm, or other algorithms.Deciphering module 54 is calculated for signing bracelet by number Name is sent to signature verification service device with signature message, and signature verification service device is using preset algorithm to signature message meter The first message digest value is calculated, then digital signature is decrypted with public key to obtain the second message digest value;Message digest ratio Be used to for the first message digest value and the second message digest value being compared compared with module 55, and judge whether it is equal, if so, determining Transaction message comes from user;Otherwise, it determines transaction message is not from user.Signer due to only possessing private key can pass through " decryption " message digest value generates signature, therefore has safety and non repudiation.
In short, in the present embodiment, the signature process of digital signature is exactly sender according to information to be sent, with certainly Body private key forms digital signature after encrypting to message digest value.Namely user is subject to message digest value using the private key of oneself Processing, since key is only that I am all, this creates the terminal the files that others can not generate, and are also formed digital signature, Using digital signature, it is ensured that information is to be signed to send by signer oneself, and signer cannot be denied or be difficult to deny.It connects Debit can not make any modification from after signing and issuing with verification information until receiving, and the file signed and issued is authentic document.Therefore, It ensure that the safety of payment.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Within mind and principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (8)

1. a kind of method of mobile payment security certification, which comprises the steps of:
A) user installs secure payment APP, and the safety chip by the secure payment APP into bracelet in the terminal It initiates to obtain pre- plant certificate KEY ID request, KEY ID is sent to the secure payment APP by the safety chip;
B before) name, type of credential and the certificate number of the KEY ID and user are sent pre- plant by the secure payment APP The machine of setting is bound, and the pre- plant front end processor sends pre- plant server for binding information and saves, and the pre- plant server is same When binding success result returned into the secure payment APP;
C) user issues payment request in the secure payment APP of its mobile terminal, and searches the KEY ID, described Secure payment APP prompt input PIN code, after the user inputs the PIN code, the secure payment APP sends out transaction message It is sent to the safety chip;
D) safety chip verifies the PIN code, and judges whether by verifying, if so, payment amount is shown On the display screen of the bracelet, and user described in vibration reminding, execute step E);Otherwise, the safety chip loses transaction The information lost is sent to the secure payment APP;
E) safety chip does digital signature processing to the transaction message, and sends signature verification service device for signature value Sign test is carried out, when confirmation is to trade in person, then pays successfully and payment result is returned into the secure payment APP;
The step E) further comprise:
E1) bracelet temporarily generates RSA key pair;The RSA key is to including private key and public key;
E2) private key is stored in the safety chip, and the public key and transaction message are assembled into signature message;
E3) bracelet carries out the message that a fixed digit is calculated to the signature message using preset algorithm Digest value, and digital signature will be obtained after the message digest value of the fixed digit private key encryption;
E4) digital signature and signature message are sent to the signature verification service device, the signature verification by the bracelet Server calculates the first message digest value to the signature message using preset algorithm, then with the public key to institute Digital signature is stated to be decrypted to obtain the second message digest value;
E5) the first message digest value and the second message digest value are compared, and judge whether it is equal, if so, determine The transaction message comes from the user;Otherwise, it determines the transaction message is not from the user.
2. the method for mobile payment security certification according to claim 1, which is characterized in that the position of the RSA key pair Number is 1028.
3. the method for mobile payment security certification according to claim 1, which is characterized in that the preset algorithm For HASH algorithm.
4. according to claim 1 to the method that mobile payment security described in 3 any one authenticates, which is characterized in that the peace Full payment APP is wirelessly communicated with the safety chip.
5. a kind of device for the method for realizing mobile payment security certification as described in claim 1 characterized by comprising
Request transmitting unit: for making user install secure payment APP in the terminal, and pass through the secure payment APP Safety chip into bracelet initiates to obtain pre- plant certificate KEY ID request, and KEY ID is sent to the peace by the safety chip Full payment APP;
Information binding unit: for making the secure payment APP by the KEY ID and name, type of credential and the card of user Piece number is sent to pre- plant front end processor and binds, and the pre- plant front end processor sends pre- plant server for binding information and saves, Binding success result is returned to the secure payment APP simultaneously by the pre- plant server;
Transaction message transmission unit: for making the user issue payment request in the secure payment APP of its mobile terminal, And the KEY ID is searched, and the secure payment APP prompt input PIN code, after the user inputs the PIN code, the peace Transaction message is sent the safety chip by full payment APP;
It verifies judging unit: for verifying that the safety chip to the PIN code, and judging whether by verifying, such as It is to show payment amount on the display screen of the bracelet, and user described in vibration reminding;Otherwise, the safety chip will The information of Fail Transaction is sent to the secure payment APP;
Signature unit: it is sent to for making the safety chip do digital signature processing to the transaction message, and by signature value Signature verification service device carries out sign test, when confirmation is to trade in person, then pays successfully and payment result is returned to the peace Full payment APP;
The signature unit further comprises:
RSA key is to generation module: for making the bracelet temporarily generate RSA key pair;The RSA key to include private key and Public key;
Save assembling module: for the private key to be stored in the safety chip, and by the public key and transaction message group Dress is signature message;
Digital signature obtains module: for making the bracelet calculate to the signature message using preset algorithm To the message digest value of a fixed digit, and will be counted after the message digest value of the fixed digit private key encryption Word signature;
Calculate deciphering module: for making the bracelet that the digital signature and signature message are sent to the signature verification service Device, the signature verification service device calculate the first message digest value to the signature message using preset algorithm, so The digital signature is decrypted with the public key afterwards to obtain the second message digest value;
Message digest comparison module: for the first message digest value and the second message digest value to be compared, and judge It is whether equal, if so, determining that the transaction message comes from the user;Otherwise, it determines the transaction message be not from it is described User.
6. device according to claim 5, which is characterized in that the digit of the RSA key pair is 1028.
7. device according to claim 5, which is characterized in that the preset algorithm is HASH algorithm.
8. according to device described in claim 5 to 7 any one, which is characterized in that the secure payment APP passes through wireless parties Formula is communicated with the safety chip.
CN201610557060.2A 2016-07-13 2016-07-13 A kind of method and device of mobile payment security certification Expired - Fee Related CN106209383B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610557060.2A CN106209383B (en) 2016-07-13 2016-07-13 A kind of method and device of mobile payment security certification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610557060.2A CN106209383B (en) 2016-07-13 2016-07-13 A kind of method and device of mobile payment security certification

Publications (2)

Publication Number Publication Date
CN106209383A CN106209383A (en) 2016-12-07
CN106209383B true CN106209383B (en) 2019-08-23

Family

ID=57475917

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610557060.2A Expired - Fee Related CN106209383B (en) 2016-07-13 2016-07-13 A kind of method and device of mobile payment security certification

Country Status (1)

Country Link
CN (1) CN106209383B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483210B (en) * 2017-08-08 2021-03-16 中国银行股份有限公司 Data verification method and system
CN107633402B (en) * 2017-09-14 2020-06-23 深圳市华付信息技术有限公司 Method and system for aggregation authentication
CN109560932A (en) * 2017-09-25 2019-04-02 北京云海商通科技有限公司 The recognition methods of identity data, apparatus and system
CN108846662A (en) * 2018-05-29 2018-11-20 数字乾元科技有限公司 wireless payment method and wearable device
CN108449185A (en) * 2018-06-04 2018-08-24 贵州数据宝网络科技有限公司 A kind of data signature security certification system
CN109284635B (en) * 2018-11-07 2020-08-07 数字钱包(北京)科技有限公司 Method, hardware equipment and system applied to zero-knowledge proof
CN109544159A (en) * 2018-11-12 2019-03-29 东莞市大易产业链服务有限公司 A kind of method of quick authority to pay
CN111275432A (en) * 2020-01-18 2020-06-12 北京随手精灵科技有限公司 Security authentication method, device and system
CN111710110B (en) * 2020-06-08 2022-07-05 福建慧捷通科技有限公司 Two-dimensional code safety payment equipment
CN113393237B (en) * 2021-05-28 2024-08-16 中国银联股份有限公司 Secure payment method, positioning terminal, device, system and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778380A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Identity authentication method, device and system
CN104331796A (en) * 2014-11-04 2015-02-04 北京握奇智能科技有限公司 Wearable device and working method thereof
CN104850990A (en) * 2015-05-27 2015-08-19 拉卡拉支付有限公司 Payment method and system thereof, key terminal and key support system
CN105162605A (en) * 2015-09-28 2015-12-16 东南大学 Digital signature and authentication method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140149742A1 (en) * 2012-11-28 2014-05-29 Arnold Yau Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
EP2929671B1 (en) * 2012-12-07 2017-02-22 Microsec Szamitastechnikai Fejlesztö Zrt. Method and system for authenticating a user using a mobile device and by means of certificates

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778380A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Identity authentication method, device and system
CN104331796A (en) * 2014-11-04 2015-02-04 北京握奇智能科技有限公司 Wearable device and working method thereof
CN104850990A (en) * 2015-05-27 2015-08-19 拉卡拉支付有限公司 Payment method and system thereof, key terminal and key support system
CN105162605A (en) * 2015-09-28 2015-12-16 东南大学 Digital signature and authentication method

Also Published As

Publication number Publication date
CN106209383A (en) 2016-12-07

Similar Documents

Publication Publication Date Title
CN106209383B (en) A kind of method and device of mobile payment security certification
RU2710897C2 (en) Methods for safe generation of cryptograms
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
CN105243313B (en) For the method whenever confirmed to verifying token
US10846694B2 (en) Offline authentication
RU2638741C2 (en) Method and user authentication system through mobile device with usage of certificates
US8898749B2 (en) Method and system for generating one-time passwords
JP5601729B2 (en) How to log into a mobile radio network
CN104618116B (en) A kind of cooperative digital signature system and its method
TW201741922A (en) Biological feature based safety certification method and device
US10504109B2 (en) Method for the mutual authentication of entities having previously initiated an online transaction
US12088733B1 (en) Systems and methods for privacy preserving distributed ledger consensus
CN105608577A (en) Method for performing non-repudiation, and payment managing server and user device therefor
CA2355928C (en) Method and system for implementing a digital signature
JP2015537399A (en) Application system for mobile payment and method for providing and using mobile payment means
US20150310441A1 (en) Transaction system method, electronic signature tool, and network bank server authentication
CN110321682B (en) Unified identity authentication method and device based on UAF (Universal authentication framework) and IBC (identity based communication)
KR100815072B1 (en) Electronic value exchange system and electronic value exchange method
KR101176023B1 (en) Repudiation Checking System for e-Commerce
CN103746802B (en) A kind of data processing method and mobile phone based on arranging key
JPH1165443A (en) Management element system for individual authentication information
EP3188104A1 (en) Peer-to-peer transaction authorization
KR101388439B1 (en) Device and method of authentication management based on e-mail
CN112016926A (en) User identity verification method for secure transaction environment
EP4250208B1 (en) Devices, methods and a system for secure electronic payment transactions

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190823

Termination date: 20210713

CF01 Termination of patent right due to non-payment of annual fee