CN106296177A - Data processing method based on bank's Mobile solution and equipment - Google Patents

Data processing method based on bank's Mobile solution and equipment Download PDF

Info

Publication number
CN106296177A
CN106296177A CN201610780087.8A CN201610780087A CN106296177A CN 106296177 A CN106296177 A CN 106296177A CN 201610780087 A CN201610780087 A CN 201610780087A CN 106296177 A CN106296177 A CN 106296177A
Authority
CN
China
Prior art keywords
equipment
key
client
sent
security platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610780087.8A
Other languages
Chinese (zh)
Inventor
宋涛
李乐
于海亮
郭文嘉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Minsheng Banking Corp Ltd
Original Assignee
China Minsheng Banking Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Minsheng Banking Corp Ltd filed Critical China Minsheng Banking Corp Ltd
Priority to CN201610780087.8A priority Critical patent/CN106296177A/en
Publication of CN106296177A publication Critical patent/CN106296177A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention provides a kind of data processing method based on bank's Mobile solution and equipment, the method includes: obtain card number information and the trading password of bank card;Read the key being previously written in safety chip, and according to the AES of key and pre-stored, trading password is encrypted, form cryptographic secret;The identification information of the equipment of cryptographic secret, card number information and pre-stored is sent to service end by client, and it is sent to security platform by service end, so that cryptographic secret is decrypted and verifies by security platform, verifying the banking corresponding by rear execution bank card.Owing to key is written in safety chip; read key from safety chip when using key, the double secret key trading password according to reading is encrypted, it is achieved that the hardware encryption to trading password; can effectively protect the safety of trading password, reduce the potential safety hazard of bank's Mobile solution.

Description

Data processing method based on bank's Mobile solution and equipment
Technical field
The present embodiments relate to communication technical field, particularly relate to a kind of data process side based on bank's Mobile solution Method and equipment.
Background technology
Mobile device feature intelligent with it, portable, easy-operating, is applied in all kinds of scene more and more widely.Mesh Before, what mobile device had become as bank's important service handles channel, and especially the rise of giant-screen mobile device, makes banking Business is handled and is both maintained good Consumer's Experience, has broken again the restriction of business handling time region, has been truly realized with client Centered by service theory.
Handling bank business on bank's Mobile solution of mobile device, it is desirable to provide trading password, so must provide for Safe and reliable environment and the effective precautionary measures, to ensure the safety of trading password.
In prior art, during business handling based on bank's Mobile solution, the encryption of trading password uses soft encryption side Formula, it is impossible to effectively protect the safety of trading password so that the potential safety hazard of bank's Mobile solution is greatly increased.
Summary of the invention
The embodiment of the present invention provides a kind of data processing method based on bank's Mobile solution and equipment, solves existing skill Using soft encryption mode during business handling based on bank's Mobile solution in art the encryption of trading password, it is impossible to effectively more The safety of protection data so that the technical problem that the potential safety hazard of bank's Mobile solution is greatly increased.
The embodiment of the present invention provides a kind of data processing method based on bank's Mobile solution, including:
Obtain the card number information of bank card and the trading password that described card number information is corresponding;
Read the key that is previously written in safety chip, and according to the AES of described key and pre-stored to described Trading password is encrypted, and forms cryptographic secret;
The identification information of the equipment of described cryptographic secret, described card number information and pre-stored is sent to clothes by client Business end, and it is sent to security platform by described service end, so that described cryptographic secret is decrypted and school by described security platform Test, verifying the banking corresponding by the described bank card of rear execution.
The embodiment of the present invention provides a kind of data handling equipment based on bank's Mobile solution, including: card reader, hardkey Dish, safety chip, communication module, described card reader, described hard manual, described communication module respectively with described safety chip phase Even;
Described card reader, for obtaining the card number information of bank card;
Described hard manual, for obtaining the trading password that described card number information is corresponding;
Described safety chip, for reading the key that is previously written in safety chip, and according to described key with prestore Described trading password is encrypted by the AES of storage, forms cryptographic secret;
Described communication module, for the identification information by the equipment of described cryptographic secret, described card number information and pre-stored It is sent to service end by client, and is sent to security platform by described service end, so that described security platform is to described close Code ciphertext is decrypted and verifies, and is verifying the banking corresponding by the described bank card of rear execution.
The embodiment of the present invention provides a kind of data processing method based on bank's Mobile solution and equipment, by obtaining bank The card number information of card and trading password;Read the key that is previously written in safety chip, and adding according to key and pre-stored Trading password is encrypted by close algorithm, forms cryptographic secret;Mark by the equipment of cryptographic secret, card number information and pre-stored Information is sent to service end by client, and is sent to security platform by service end, so that cryptographic secret is entered by security platform Row deciphering also verifies, and is verifying the banking corresponding by rear execution bank card.Owing to key is written in safety chip, Read key from safety chip when using key, the double secret key trading password according to reading is encrypted, it is achieved that to friendship The easily hardware encryption of password, it is possible to effectively protect the safety of trading password, reduces the potential safety hazard of bank's Mobile solution.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is this Some bright embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to Other accompanying drawing is obtained according to these accompanying drawings.
Fig. 1 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment one;
Fig. 2 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment two;
Fig. 3 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment three;
Fig. 4 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment four;
Fig. 5 is the structural representation of present invention data handling equipment based on bank's Mobile solution embodiment one;
Fig. 6 is the structural representation of present invention data handling equipment based on bank's Mobile solution embodiment two.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is The a part of embodiment of the present invention rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under not making creative work premise, broadly falls into the scope of protection of the invention.
Fig. 1 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment one, as it is shown in figure 1, The executive agent of the present invention is data handling equipment based on bank's Mobile solution.Should data based on bank's Mobile solution process Equipment is set up with the mobile terminal being provided with Mobile solution client and is connected, and sets up wireless such as by the mode such as bluetooth, WIFI Connect.This mobile terminal can be smart mobile phone, panel computer etc..Then the embodiment of the present invention provide based on bank's Mobile solution Data processing method comprise the following steps.
Step 101, obtains card number information and the trading password of bank card.
Wherein, in the present embodiment, card reader can be provided with in data handling equipment based on bank's Mobile solution, pass through Card reader obtains the card number information of bank card.Wherein, card reader can include magnetic card reader and IC-card card reader.According to bank The classification of card is different, if bank card is magnetic card, then by bank card from magnetic card reader swiped through, so that magnetic card reader obtains silver The card number information of row card.If bank card is IC-card card reader, then by bank card and IC-card reader contact, so that IC-card card reader Obtain the card number information of bank card.
In the present embodiment, hard manual can be set in data handling equipment based on bank's Mobile solution, use by second Family taps the numeral in hard manual on hard manual, obtains the trading password of this bank card.
Wherein, the second user is the user passing through mobile terminal handling bank business to bank.
Step 102, reads the key being previously written in safety chip, and according to key and the AES pair of pre-stored Trading password is encrypted, and forms cryptographic secret.
Specifically, in the present embodiment, safety chip is hardware circuit, is pre-written in safety chip by key, will Key is solidificated in safety chip.When trading password is encrypted by needs, from safety chip, read be previously written close Key, and according to the AES of key and pre-stored, trading password is encrypted, form cryptographic secret.
Wherein, in the present embodiment, type to AES does not limits, it is only necessary to ensure this AES and service end and The decipherment algorithm of security platform has corresponding relation.As this AES can be symmetry encryption algorithm or can be Unsymmetrical tridiagonal matrix algorithm.This AES can be stored in advance in safety chip.
Step 103, is sent to clothes by the identification information of the equipment of cryptographic secret, card number information and pre-stored by client Business end, and it is sent to security platform by service end, so that cryptographic secret is decrypted and verifies by security platform, pass through in verification The banking that rear execution bank card is corresponding.
Wherein, data handling equipment based on bank's Mobile solution and the mobile terminal loading bank's Mobile solution client Carry out short-range communication.As being Bluetooth communication or WIFI communication.Between client and service end, and service end and security Telecommunication is carried out between platform.
In the present embodiment, prestore, at security platform, the decipherment algorithm that AES is corresponding, also prestored friendship Easily password and the mapping relations of card number information, and prestored the identification information of equipment and the mapping pass of bank's Mobile solution System.
In the present embodiment, the identification information of the equipment of cryptographic secret, card number information and pre-stored is sent by client To service end, so that cryptographic secret is decrypted by security platform according to the decipherment algorithm of pre-stored, it is thus achieved that trading password, and root According to the mapping relations of the trading password prestored Yu card number information, verify whether this trading password is corresponding with card number information Trading password, if this trading password is the trading password corresponding with card number information, then verifies successfully, believes according to the mark of this equipment Breath obtains corresponding bank's Mobile solution, and successful for verification result is sent to service end, so that service end performs bank The banking that card is corresponding.As banking be transferred account service, money transfer transactions, query the balance business etc..
If it should be noted that this trading password is not the trading password corresponding with card number information, then verifying failure, explanation The trading password mistake of second user's input, then send verification failed message to service end and client, so that the second user is defeated Enter correct trading password and complete banking.
The data processing method based on bank's Mobile solution that the present embodiment provides, by obtaining the card number information of bank card And trading password;Read the key that is previously written in safety chip, and according to the AES of key and pre-stored to transaction Password is encrypted, and forms cryptographic secret;The identification information of the equipment of cryptographic secret, card number information and pre-stored is passed through client End is sent to service end, and is sent to security platform by service end, so that cryptographic secret is decrypted and verifies by security platform, Verifying the banking corresponding by rear execution bank card.Owing to key is written in safety chip, when using key Reading key from safety chip, the double secret key trading password according to reading is encrypted, it is achieved that firmly adding trading password Close, it is possible to effectively to protect the safety of trading password, reduce the potential safety hazard of bank's Mobile solution.
Fig. 2 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment two, as in figure 2 it is shown, The application scenarios of the present embodiment is the scene using this data handling equipment based on bank's Mobile solution for the first time.The present embodiment On the basis of embodiment one, before step 101, further comprising the steps of:
Step 201, obtains the identification information of equipment, and by client, the identification information of equipment is sent to service end, It is sent to security platform, so that Mobile solution corresponding with client for equipment is bound by security platform by service end.
Wherein, equipment is data handling equipment based on bank's Mobile solution, and the identification information of equipment can be this equipment Numbering.Can also be other unique information representing this equipment, this is not limited by the present embodiment.The mark of Mobile solution Information can be the information that the title of Mobile solution, numbering etc. uniquely represent this Mobile solution.
In the present embodiment, the identification information of equipment is stored in advance in safety chip, obtains equipment from safety chip Identification information, and the identification information of this equipment is sent to service end by client, and it is sent to security platform by service end, So that security platform by by the identification information of equipment with the identification information of Mobile solution by shifting corresponding with client for this equipment Dynamic application is bound.
In the present embodiment, obtain the identification information of equipment, and the identification information of equipment is sent to service by client Before end, security platform prestores the user name logging in bank's Mobile solution authorized, so that first user is stepped on When recording the client of bank's Mobile solution, the identity of first user is authenticated by security platform, after certification is passed through, according to obtaining Whether this equipment of the identification information judgment of the equipment taken is unbound state, if this equipment is unbound state, then by this equipment Bind with this bank's Mobile solution.Ensure that a data handling equipment based on bank's Mobile solution moves with a bank Application is bound, and ensures that the user logging in bank's Mobile solution is the user authorized.
Wherein, first user is the user having operating right to this client being provided with bank's Mobile solution, as permissible For bank employee.
In the present embodiment, after Mobile solution corresponding with client for equipment is bound by service end, this equipment only allows Communicate with the client of this Mobile solution, transmit data.
Step 202, receives key and certificate that service end is issued by service end and client.
Wherein, key is the key that this data handling equipment based on bank's Mobile solution is corresponding, each based on bank's shifting The key that the data handling equipment of dynamic application is corresponding can be different.Certificate is the card setting up the communication between equipment and security platform Book.
In the present embodiment, key and certificate also carry the version information of this key or certificate.
Step 203, is written to key in safety chip, and is stored by certificate, with set up equipment and service end it Between communication.
In the present embodiment, key is written in safety chip, will be cured in safety chip by key.
It should be noted that after step 203, performing step 101-step 103, concrete implementation mode can be found in this Invent the detailed description in data processing method embodiment one based on bank's Mobile solution.
The present embodiment provide data processing method based on bank's Mobile solution, obtain bank card card number information and Before the trading password that card number information is corresponding, also include: obtain the identification information of equipment, and by the identification information of equipment by visitor Family end is sent to service end, and is sent to security platform by service end, so that security platform is by shifting corresponding with client for equipment Dynamic application is bound;Receive key and certificate that security platform is issued by service end and client;Key is written to peace In full chip, and certificate is stored, to set up the communication between equipment and security platform.Make based on bank's Mobile solution There is binding relationship, it is possible to make key and the base being written in safety chip between data handling equipment and the Mobile solution of bank Between the data handling equipment of bank's Mobile solution, there is one-to-one relationship, it is to avoid data of based on bank's Mobile solution When processing equipment suffers malicious attack, make the risk that the data of multiple banks Mobile solution are all stolen or pollute.
Fig. 3 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment three, as it is shown on figure 3, The application scenarios of the present embodiment is: open the client of bank Mobile solution, and with these data based on bank's Mobile solution at After reason equipment sets up communication connection, first user is second user's handling bank business.Wherein, first user is for be provided with this The client of bank's Mobile solution has the user of operating right, and as being bank employee, the second user is for use shifting to bank The user of dynamic terminal handling bank business.Then the present embodiment provide data processing method based on bank's Mobile solution include with Lower step.
Step 301, is sent the version information of the identification information of equipment, the version information of key and certificate by client To service end, and it is sent to security platform by service end, so that according to the identification information judgment equipment of equipment whether security platform The Mobile solution corresponding with client is bound, and judges key and card according to the version information of key and the version information of certificate Book is the most before the deadline.
Specifically, in the present embodiment, the identification information of equipment is sent to security platform, so that security platform is according to equipment Identification information search whether this equipment is bound with the Mobile solution of corresponding client, if this equipment is not with corresponding The Mobile solution of client is bound, and the equipment that this equipment is not mated with the Mobile solution of client is described, it is impossible to The data of the Mobile solution of this client are processed, if this equipment is bound with the Mobile solution of corresponding client, Illustrate that this equipment is by the equipment mated with the Mobile solution of client, it is possible to the data of the Mobile solution of this client are carried out Process.
In the present embodiment, the version information of key and the version information of certificate are sent to security platform, so that security is put down Platform searches the key corresponding with this equipment and the version information of certificate of pre-stored according to the identification information of this equipment, if pre-stored Key and/or the version information of certificate the most corresponding with the version information of the key of transmission and/or certificate, i.e. pre-in security platform The key corresponding to this equipment of storage and/or the version information of certificate are higher than being sent to the key of security platform and/or certificate Version information, then security platform by service end and client to this equipment send after being stored in the renewal in security platform close Key and/or certificate.Communicate normally with security platform with guarantee equipment, and at the data in the follow-up Mobile solution to bank The accuracy of reason.
If it should be noted that equipment receives security platform by the key after the renewal of service end and client transmission And/or certificate, then the key that this equipment is written in safety chip is updated, and/or will be stored in safety chip Certificate is updated.
Step 302, receives message to be encrypted or field that client sends.
Further, in the present embodiment, first user needs to send message or field, to do to service end by client Reason banking.This message or field carry and relates to second user's property or the information of privacy, in order to ensure message or word The safety of section, needs to be encrypted message or field, then this first user passes through client to this based on bank's Mobile solution Data handling equipment send message to be encrypted or field, should data handling equipment based on bank's Mobile solution receive to be added Close message or field.
Step 303, reads the key being previously written in safety chip, and according to key and the AES pair of pre-stored Message to be encrypted or field are encrypted, and form message ciphertext or field ciphertext.
Further, in the present embodiment, in order to message to be encrypted or field are encrypted, then read and be previously written Key in safe new product, and according to the AES of key and pre-stored, message to be encrypted or field are encrypted, shape Become message ciphertext or field ciphertext.In the present embodiment, the type of the AES of pre-stored is not limited, only need to ensure that this is pre- The AES of storage has corresponding relation with the decipherment algorithm of security platform and service end pre-stored.As being symmetry AES or rivest, shamir, adelman.
Step 304, is sent to service end by the identification information of message ciphertext or field ciphertext and equipment by client, with Make service end that message ciphertext or field ciphertext to be decrypted.
Further, in the present embodiment, the identification information of message ciphertext or field ciphertext and equipment is sent out by client Give service end, so that message ciphertext or field ciphertext are decrypted by service end, according to equipment identification information after being decrypted, Search the identification information of the bank Mobile solution corresponding with equipment, perform the message of this bank's Mobile solution or the silver that field is corresponding Industry is engaged in.
After service end performs message or the banking that field is corresponding of this bank's Mobile solution, return to client and hold Row result, if this business involves the need for the second user and provides trading password, the most also includes step 305-step 307.
Step 305, obtains card number information and the trading password of bank card.
In the present embodiment, the implementation of step 305 and present invention data processing entities based on bank's Mobile solution The implementation of the step 101 in is identical, and this is no longer going to repeat them.
Step 306, reads the key being previously written in safety chip, and according to key and the AES pair of pre-stored Trading password is encrypted, and forms cryptographic secret.
Further, in the present embodiment, the AES of the pre-stored used when trading password is encrypted and right The AES of the pre-stored that message or field are used when being encrypted is same AES.
Step 307, is sent to clothes by the identification information of the equipment of cryptographic secret, card number information and pre-stored by client Business end, and it is sent to security platform by service end, so that cryptographic secret is decrypted and verifies by security platform, pass through in verification The banking that rear execution bank card is corresponding.
In the present embodiment, the implementation of step 307 and present invention data processing entities based on bank's Mobile solution The implementation of the step 103 in is identical, and this is no longer going to repeat them.
The data processing method based on bank's Mobile solution that the present embodiment provides, by by the identification information of equipment, close The version information of key and the version information of certificate are sent to service end by client, and are sent to security platform by service end, So that security platform is bound according to the Mobile solution that the identification information judgment equipment of equipment is the most corresponding with client, according to The version information of key and the version information of certificate judge key and certificate the most before the deadline, receive treating of client transmission The message of encryption or field, read the key being previously written in safety chip, and according to key and the AES of pre-stored Message to be encrypted or field are encrypted, form message ciphertext or field ciphertext, by message ciphertext or field ciphertext and set Standby identification information is sent to service end by client, so that message ciphertext or field ciphertext are decrypted by service end, obtains Take card number information and the trading password of bank card, read the key being previously written in safety chip, and according to key with prestore Trading password is encrypted by the AES of storage, forms cryptographic secret, by the equipment of cryptographic secret, card number information and pre-stored Identification information be sent to service end by client, and be sent to security platform by service end, so that security platform is to password Ciphertext is decrypted and verifies, and is verifying the banking corresponding by rear execution bank card.Owing to moving based on bank in advance Whether the data handling equipment of dynamic application is that binding state judges, and the version information prejudging key and certificate is No identical with security platform, it is ensured that should data handling equipment based on bank's Mobile solution to be normal condition, it is possible to do Reason banking.And during handling bank business, not only trading password is carried out hardware encryption, and to message or field It is also carried out hardware encryption to process, ensures the safety of data in using mobile terminal handling bank business further.
Fig. 4 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment four, as shown in Figure 4, The application scenarios of the present embodiment is: open the client of bank Mobile solution, and with these data based on bank's Mobile solution at After reason equipment sets up wireless connections, first user is second user's handling bank business, and the banking handled needs to ensure to send out The message delivering to service end has integrity, then the data processing method based on bank's Mobile solution that the present embodiment provides includes Following steps.
Step 401, is sent the version information of the identification information of equipment, the version information of key and certificate by client To service end, and it is sent to security platform by service end, so that according to the identification information judgment equipment of equipment whether security platform The Mobile solution corresponding with client is bound, and judges key and card according to the version information of key and the version information of certificate Book is the most before the deadline.
In the present embodiment, the implementation of step 401 is real with present invention data processing method based on bank's Mobile solution The implementation executing step 301 in example two is identical, and this is no longer going to repeat them.
Step 402, receives the message to be verified that client sends.
Further, in the present embodiment, first user needs to send message to service end by client, and needs ensure should The integrity of message.Then this first user treats school by client to the transmission of this data handling equipment based on bank's Mobile solution The message tested, data handling equipment based on bank's Mobile solution should receive this message to be verified.
Step 403, uses the integrity check algorithm of pre-stored, generates the check code of message to be verified.
Further, in the present embodiment, can in advance this integrity check algorithm be stored in safety chip, this integrity Not limiting in checking algorithm the present embodiment, only need to ensure to prestore in this integrity check algorithm and security platform is complete Property checking algorithm is unanimously.If this integrity check algorithm can be hash algorithm, it is also possible to calculate for other completeness checks Method.According to the difference of integrity check algorithm, the check code of this message to be verified can be message authentication code or digest value etc..
Step 404, is sent to service end by the identification information of check code, message to be verified and equipment by client, And be sent to security platform by server, so that security platform carries out completeness check according to check code to message to be verified.
Further, in the present embodiment, security platform uses the integrity check algorithm prestored, generation to receive The check code of message to be verified, compares the check code of generation and the check code received, if the check code generated with The check code received is consistent, then illustrate that the message to be verified received is complete message, do not usurped in transmitting procedure Change.If the check code generated is inconsistent with the check code received, then illustrate that the message to be verified received is incomplete Message, is tampered in transmitting procedure.
It should be noted that after security platform carries out completeness check to message to be verified, if message to be verified For complete message, then according to the identification information of equipment, message is sent to the service end that the Mobile solution of bank is corresponding, by servicing End performs the banking that message is corresponding.
The data processing method based on bank's Mobile solution that this enforcement provides, by receiving the to be verified of client transmission Message, use the integrity check algorithm of pre-stored, generate the check code of message to be verified, by check code, to be verified The identification information of message and equipment is sent to service end by client, and is sent to security platform by server, so that security Platform carries out completeness check according to check code to message to be verified, it is achieved that complete to the data in bank's Mobile solution Property verified, ensured further and used the safety of data in mobile terminal handling bank business.
Further, in the present embodiment, obtain the identity information of the second user, Yi Jitong also by identification card reader Cross fingerprint identification module and gather the finger print information of the second user, be authenticated with the identity information to the second user, it is ensured that handle The user of banking is bank card holder.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each method embodiment can be led to The hardware crossing programmed instruction relevant completes.Aforesaid program can be stored in a read/write memory medium.This program is being held During row, perform to include the step of above-mentioned each method embodiment;And aforesaid storage medium includes: ROM, RAM, magnetic disc or CD Etc. the various media that can store program code.
Fig. 5 is the structural representation of present invention data handling equipment based on bank's Mobile solution embodiment one, such as Fig. 5 institute Showing, the data handling equipment based on bank's Mobile solution that the present embodiment provides includes: card reader 51, hard manual 52, safe core Sheet 53, communication module 54.
Wherein, card reader 51, hard manual 52, communication module 54 are connected with safety chip 53 respectively.
Wherein, card reader 51, for obtaining the card number information of bank card.Hard manual 52, is used for obtaining card number information corresponding Trading password.Safety chip 53, for reading the key that is previously written in safety chip, and according to key and pre-stored Trading password is encrypted by AES, forms cryptographic secret.Communication module 54, for by cryptographic secret, card number information and The identification information of the equipment of pre-stored is sent to service end by client, and is sent to security platform by service end, so that peace Cryptographic secret is decrypted and verifies by platform of keeping tie, and is verifying the banking corresponding by rear execution bank card.
The data handling equipment based on bank's Mobile solution that the present embodiment provides can perform embodiment of the method shown in Fig. 1 Technical scheme, it is similar with technique effect that it realizes principle, and here is omitted.
Fig. 6 is the structural representation of present invention data handling equipment based on bank's Mobile solution embodiment two;Such as Fig. 6 institute Show, the present embodiment provide data handling equipment based on bank's Mobile solution the present invention provide based on bank's Mobile solution Data handling equipment embodiment one on the basis of, be a particularly preferred embodiment.
Further, communication module 54, it is additionally operable to the identification information of acquisition equipment, and by the identification information of equipment by visitor Family end is sent to service end, service end be sent to security platform, so that security platform is by movement corresponding with client for equipment Application is bound;Receive key and certificate that security platform is issued by service end and client.Safety chip 53, is additionally operable to Key is written in safety chip, and certificate is stored, to set up the communication between equipment and security platform.
Further, communication module 54, it is additionally operable to the identification information of equipment, the version information of key and the version of certificate Information is sent to service end by client, and is sent to security platform by service end, so that security platform is according to the mark of equipment Knowledge information judges that the Mobile solution that equipment is the most corresponding with client is bound, according to version information and the version of certificate of key This information judges key and certificate the most before the deadline.
Further, communication module 54, it is additionally operable to receive message to be encrypted or the field that client sends.Safety chip 53, it is additionally operable to read the key being previously written in safety chip, and according to the AES of key and pre-stored to be encrypted Message or field be encrypted, form message ciphertext or field ciphertext.Communication module 54, is additionally operable to message ciphertext or field The identification information of ciphertext and equipment is sent to service end by client, so that message ciphertext or field ciphertext are carried out by service end Deciphering.
Further, communication module 54, it is additionally operable to receive the message to be verified that client sends.Safety chip 53, also For using the integrity check algorithm of pre-stored, generate the check code of message to be verified.Communication module 54, is additionally operable to high-ranking officers The identification information testing code, message to be verified and equipment is sent to service end by client, and is sent to security by server Platform, so that security platform carries out completeness check according to check code to message to be verified.
The data handling equipment based on bank's Mobile solution that the present embodiment provides can perform shown in Fig. 2, Fig. 3 and Fig. 4 The technical scheme of embodiment of the method, it is similar with technique effect that it realizes principle, and here is omitted.
Further, as shown in Figure 6, the data handling equipment based on bank's Mobile solution that the present embodiment provides, also wrap Include: identification card reader 61 and fingerprint identification module 62.
Wherein, identification card reader 61 is connected with safety chip 53 respectively with fingerprint identification module 62.
Identification card reader 61, for obtaining the identity information of the second user, fingerprint identification module 62, for collection second The finger print information of user.It is authenticated with the identity information to the second user, it is ensured that the user of handling bank business is bank card Holder.
Last it is noted that various embodiments above is only in order to illustrate technical scheme, it is not intended to limit;To the greatest extent The present invention has been described in detail by pipe with reference to foregoing embodiments, it will be understood by those within the art that: it depends on So the technical scheme described in foregoing embodiments can be modified, or the most some or all of technical characteristic is entered Row equivalent;And these amendments or replacement, do not make the essence of appropriate technical solution depart from various embodiments of the present invention technology The scope of scheme.

Claims (10)

1. a data processing method based on bank's Mobile solution, it is characterised in that including:
Obtain card number information and the trading password of bank card;
Read the key that is previously written in safety chip, and according to the AES of described key and pre-stored to described transaction Password is encrypted, and forms cryptographic secret;
The identification information of the equipment of described cryptographic secret, described card number information and pre-stored is sent to service by client End, and it is sent to security platform by described service end, so that described cryptographic secret is decrypted and verifies by described security platform, Verifying the banking corresponding by the described bank card of rear execution.
Method the most according to claim 1, it is characterised in that the card number information of described acquisition bank card and described card number letter Before the trading password that breath is corresponding, also include:
Obtain the identification information of described equipment, and the identification information of described equipment is sent to described service by described client End, is sent to described security platform by described service end, so that described security platform is by shifting corresponding with client for described equipment Dynamic application is bound;
Receive key and certificate that described security platform is issued by described service end and described client;
Described key is written in described safety chip, and described certificate is stored, to set up described equipment with described Communication between security platform.
Method the most according to claim 2, it is characterised in that described described key is written in described safety chip, And described certificate is stored, after setting up the communication between described equipment and described service end, also include:
The version information of the identification information of described equipment, the version information of key and certificate is sent to institute by described client State service end, and be sent to described security platform by described service end, so that described security platform is according to the mark of described equipment Information judges that the Mobile solution that described equipment is the most corresponding with client is bound, according to the version information of key and certificate Version information judges described key and described certificate the most before the deadline.
Method the most according to claim 3, it is characterised in that also include:
Receive message to be encrypted or field that described client sends;
Read the key that is previously written in safety chip, and according to the AES of described key and described pre-stored to described Message to be encrypted or field are encrypted, and form message ciphertext or field ciphertext;
The identification information of described message ciphertext or field ciphertext and described equipment is sent to service end by client, so that institute State service end described message ciphertext or field ciphertext are decrypted.
5. according to the method described in any one of claim 1-4, it is characterised in that also include:
Receive the message to be verified that described client sends;
Use the integrity check algorithm of pre-stored, generate the check code of described message to be verified;
The identification information of described check code, described message to be verified and described equipment is sent to described service by client End, and it is sent to described security platform by described server, so that described security platform treats school according to described check code to described The message tested carries out completeness check.
6. a data handling equipment based on bank's Mobile solution, it is characterised in that including: card reader, hard manual, safe core Sheet, communication module, described card reader, described hard manual, described communication module are connected with described safety chip respectively;
Described card reader, for obtaining the card number information of bank card;
Described hard manual, for obtaining the trading password that described card number information is corresponding;
Described safety chip, for reading the key that is previously written in safety chip, and according to described key and pre-stored Described trading password is encrypted by AES, forms cryptographic secret;
Described communication module, for passing through the identification information of the equipment of described cryptographic secret, described card number information and pre-stored Client is sent to service end, and is sent to security platform by described service end, so that described security platform is close to described password Literary composition is decrypted and verifies, and is verifying the banking corresponding by the described bank card of rear execution.
Equipment the most according to claim 6, it is characterised in that described communication module, is additionally operable to obtain the mark of described equipment Knowledge information, and the identification information of described equipment is sent to service end by client, service end it is sent to security platform, with Described security platform is made to be bound by Mobile solution corresponding with client for described equipment;Receive described security platform and pass through institute State service end and key that described client issues and certificate;
Described safety chip, is additionally operable to be written in described safety chip described key, and is stored by described certificate, with Set up the communication between described equipment and described security platform.
Equipment the most according to claim 7, it is characterised in that described communication module, is additionally operable to the mark of described equipment The version information of information, the version information of key and certificate is sent to described service end by described client, and by described clothes Business end is sent to described security platform, so that according to equipment described in the identification information judgment of described equipment whether described security platform The Mobile solution corresponding with client is bound, and judges described key according to the version information of key and the version information of certificate With described certificate the most before the deadline.
Equipment the most according to claim 8, it is characterised in that described communication module, is additionally operable to receive described client and sends out The message to be encrypted sent or field;
Described safety chip, is additionally operable to read the key being previously written in safety chip, and according to described key and described pre- Described message to be encrypted or field are encrypted by the AES of storage, form message ciphertext or field ciphertext;
Described communication module, is additionally operable to the identification information of described message ciphertext or field ciphertext and described equipment is passed through client It is sent to service end, so that described message ciphertext or field ciphertext are decrypted by described service end.
10., according to the equipment described in any one of claim 6-9, it is characterised in that described communication module, it is additionally operable to reception described The message to be verified that client sends;
Described safety chip, is additionally operable to use the integrity check algorithm of pre-stored, generates the verification of described message to be verified Code;
Described communication module, is additionally operable to pass through the identification information of described check code, described message to be verified and described equipment Client is sent to service end, and is sent to security platform by server, so that described security platform is according to described check code pair Described message to be verified carries out completeness check.
CN201610780087.8A 2016-08-30 2016-08-30 Data processing method based on bank's Mobile solution and equipment Pending CN106296177A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610780087.8A CN106296177A (en) 2016-08-30 2016-08-30 Data processing method based on bank's Mobile solution and equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610780087.8A CN106296177A (en) 2016-08-30 2016-08-30 Data processing method based on bank's Mobile solution and equipment

Publications (1)

Publication Number Publication Date
CN106296177A true CN106296177A (en) 2017-01-04

Family

ID=57673676

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610780087.8A Pending CN106296177A (en) 2016-08-30 2016-08-30 Data processing method based on bank's Mobile solution and equipment

Country Status (1)

Country Link
CN (1) CN106296177A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108052550A (en) * 2017-11-28 2018-05-18 平安养老保险股份有限公司 Annuity data receiver method, device, computer equipment and storage medium
WO2018137302A1 (en) * 2017-01-25 2018-08-02 华为技术有限公司 Method and device for adding bank card
CN111311261A (en) * 2020-02-24 2020-06-19 中国工商银行股份有限公司 Security processing method, device and system for online transaction
CN111754240A (en) * 2020-07-01 2020-10-09 中国银行股份有限公司 Bank card state checking method and device
CN112149166A (en) * 2020-09-29 2020-12-29 中国银行股份有限公司 Unconventional password protection method and intelligent bank machine
CN112235258A (en) * 2020-09-24 2021-01-15 黄杰 Encryption/decryption method, encryption/decryption system, and encryption/decryption device for information transmission

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102123027A (en) * 2011-03-15 2011-07-13 钱袋网(北京)信息技术有限公司 Information security processing method and mobile terminal
CN103095456A (en) * 2013-01-10 2013-05-08 天地融科技股份有限公司 Method and system for processing transaction messages
CN104125237A (en) * 2014-08-13 2014-10-29 广州市易票联支付技术有限公司 Security verification method on the basis of POS (Point Of Sale) machine
CN105097003A (en) * 2015-09-18 2015-11-25 芯佰微电子(北京)有限公司 Secret key built-in read-only memory protection circuit for security chip

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102123027A (en) * 2011-03-15 2011-07-13 钱袋网(北京)信息技术有限公司 Information security processing method and mobile terminal
CN103095456A (en) * 2013-01-10 2013-05-08 天地融科技股份有限公司 Method and system for processing transaction messages
CN104125237A (en) * 2014-08-13 2014-10-29 广州市易票联支付技术有限公司 Security verification method on the basis of POS (Point Of Sale) machine
CN105097003A (en) * 2015-09-18 2015-11-25 芯佰微电子(北京)有限公司 Secret key built-in read-only memory protection circuit for security chip

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018137302A1 (en) * 2017-01-25 2018-08-02 华为技术有限公司 Method and device for adding bank card
US11017373B2 (en) 2017-01-25 2021-05-25 Huawei Technologies Co., Ltd. Bank card adding method, and apparatus
US11748737B2 (en) 2017-01-25 2023-09-05 Huawei Technologies Co., Ltd. Bank card adding method, and apparatus
CN108052550A (en) * 2017-11-28 2018-05-18 平安养老保险股份有限公司 Annuity data receiver method, device, computer equipment and storage medium
CN108052550B (en) * 2017-11-28 2020-07-07 平安养老保险股份有限公司 Annuity data receiving method and device, computer equipment and storage medium
CN111311261A (en) * 2020-02-24 2020-06-19 中国工商银行股份有限公司 Security processing method, device and system for online transaction
CN111311261B (en) * 2020-02-24 2023-07-21 中国工商银行股份有限公司 Safe processing method, device and system for online transaction
CN111754240A (en) * 2020-07-01 2020-10-09 中国银行股份有限公司 Bank card state checking method and device
CN111754240B (en) * 2020-07-01 2023-09-19 中国银行股份有限公司 Bank card state verification method and device
CN112235258A (en) * 2020-09-24 2021-01-15 黄杰 Encryption/decryption method, encryption/decryption system, and encryption/decryption device for information transmission
CN112149166A (en) * 2020-09-29 2020-12-29 中国银行股份有限公司 Unconventional password protection method and intelligent bank machine
CN112149166B (en) * 2020-09-29 2023-09-26 中国银行股份有限公司 Unconventional password protection method and intelligent bank machine

Similar Documents

Publication Publication Date Title
US10397780B2 (en) Anonymous authentication and remote wireless token access
CN106296177A (en) Data processing method based on bank's Mobile solution and equipment
KR102477453B1 (en) Transaction messaging
CN100498742C (en) Reliable U disc, method for realizing reliable U disc safety and its data communication with computer
CN100533459C (en) Data safety reading method and safety storage apparatus thereof
EP3017580B1 (en) Signatures for near field communications
CN102333072B (en) Network banking trusted transaction system and method based on intelligent terminal
CN106899551A (en) Authentication method, certification terminal and system
CN101299254A (en) Payment system and payment method thereof
US11887022B2 (en) Systems and methods for provisioning point of sale terminals
Cheng et al. A secure and practical key management mechanism for NFC read-write mode
CN105897721A (en) Method and device for verifying reliability of identity of financial card user
CN106789024A (en) A kind of remote de-locking method, device and system
CN104899741A (en) Online payment method and online payment system based on IC bank card
KR101795450B1 (en) Verification mehod and appratus based on security tunnel
CN106712952B (en) Radio frequency tag security identification method and system
CN104835038A (en) Networking payment device and networking payment method
Margraf et al. Security evaluation of apple pay at point-of-sale terminals
US11562346B2 (en) Contactless card with multiple rotating security keys
CN104935550A (en) Intelligent electronic commerce user management system technique and operating method thereof
CN107395600A (en) Business datum verification method, service platform and mobile terminal
US9768964B2 (en) Certified identification system and method
CN110546668B (en) Dynamic authentication method and system for card transaction
CN114445071A (en) Payment method, payment device, computer-readable storage medium and electronic equipment
CN104240387A (en) Method and system for processing bank card transaction

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170104