CN106296177A - Data processing method based on bank's Mobile solution and equipment - Google Patents
Data processing method based on bank's Mobile solution and equipment Download PDFInfo
- Publication number
- CN106296177A CN106296177A CN201610780087.8A CN201610780087A CN106296177A CN 106296177 A CN106296177 A CN 106296177A CN 201610780087 A CN201610780087 A CN 201610780087A CN 106296177 A CN106296177 A CN 106296177A
- Authority
- CN
- China
- Prior art keywords
- equipment
- key
- client
- sent
- security platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3227—Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Finance (AREA)
- Computer Security & Cryptography (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides a kind of data processing method based on bank's Mobile solution and equipment, the method includes: obtain card number information and the trading password of bank card;Read the key being previously written in safety chip, and according to the AES of key and pre-stored, trading password is encrypted, form cryptographic secret;The identification information of the equipment of cryptographic secret, card number information and pre-stored is sent to service end by client, and it is sent to security platform by service end, so that cryptographic secret is decrypted and verifies by security platform, verifying the banking corresponding by rear execution bank card.Owing to key is written in safety chip; read key from safety chip when using key, the double secret key trading password according to reading is encrypted, it is achieved that the hardware encryption to trading password; can effectively protect the safety of trading password, reduce the potential safety hazard of bank's Mobile solution.
Description
Technical field
The present embodiments relate to communication technical field, particularly relate to a kind of data process side based on bank's Mobile solution
Method and equipment.
Background technology
Mobile device feature intelligent with it, portable, easy-operating, is applied in all kinds of scene more and more widely.Mesh
Before, what mobile device had become as bank's important service handles channel, and especially the rise of giant-screen mobile device, makes banking
Business is handled and is both maintained good Consumer's Experience, has broken again the restriction of business handling time region, has been truly realized with client
Centered by service theory.
Handling bank business on bank's Mobile solution of mobile device, it is desirable to provide trading password, so must provide for
Safe and reliable environment and the effective precautionary measures, to ensure the safety of trading password.
In prior art, during business handling based on bank's Mobile solution, the encryption of trading password uses soft encryption side
Formula, it is impossible to effectively protect the safety of trading password so that the potential safety hazard of bank's Mobile solution is greatly increased.
Summary of the invention
The embodiment of the present invention provides a kind of data processing method based on bank's Mobile solution and equipment, solves existing skill
Using soft encryption mode during business handling based on bank's Mobile solution in art the encryption of trading password, it is impossible to effectively more
The safety of protection data so that the technical problem that the potential safety hazard of bank's Mobile solution is greatly increased.
The embodiment of the present invention provides a kind of data processing method based on bank's Mobile solution, including:
Obtain the card number information of bank card and the trading password that described card number information is corresponding;
Read the key that is previously written in safety chip, and according to the AES of described key and pre-stored to described
Trading password is encrypted, and forms cryptographic secret;
The identification information of the equipment of described cryptographic secret, described card number information and pre-stored is sent to clothes by client
Business end, and it is sent to security platform by described service end, so that described cryptographic secret is decrypted and school by described security platform
Test, verifying the banking corresponding by the described bank card of rear execution.
The embodiment of the present invention provides a kind of data handling equipment based on bank's Mobile solution, including: card reader, hardkey
Dish, safety chip, communication module, described card reader, described hard manual, described communication module respectively with described safety chip phase
Even;
Described card reader, for obtaining the card number information of bank card;
Described hard manual, for obtaining the trading password that described card number information is corresponding;
Described safety chip, for reading the key that is previously written in safety chip, and according to described key with prestore
Described trading password is encrypted by the AES of storage, forms cryptographic secret;
Described communication module, for the identification information by the equipment of described cryptographic secret, described card number information and pre-stored
It is sent to service end by client, and is sent to security platform by described service end, so that described security platform is to described close
Code ciphertext is decrypted and verifies, and is verifying the banking corresponding by the described bank card of rear execution.
The embodiment of the present invention provides a kind of data processing method based on bank's Mobile solution and equipment, by obtaining bank
The card number information of card and trading password;Read the key that is previously written in safety chip, and adding according to key and pre-stored
Trading password is encrypted by close algorithm, forms cryptographic secret;Mark by the equipment of cryptographic secret, card number information and pre-stored
Information is sent to service end by client, and is sent to security platform by service end, so that cryptographic secret is entered by security platform
Row deciphering also verifies, and is verifying the banking corresponding by rear execution bank card.Owing to key is written in safety chip,
Read key from safety chip when using key, the double secret key trading password according to reading is encrypted, it is achieved that to friendship
The easily hardware encryption of password, it is possible to effectively protect the safety of trading password, reduces the potential safety hazard of bank's Mobile solution.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is this
Some bright embodiments, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to
Other accompanying drawing is obtained according to these accompanying drawings.
Fig. 1 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment one;
Fig. 2 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment two;
Fig. 3 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment three;
Fig. 4 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment four;
Fig. 5 is the structural representation of present invention data handling equipment based on bank's Mobile solution embodiment one;
Fig. 6 is the structural representation of present invention data handling equipment based on bank's Mobile solution embodiment two.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with the embodiment of the present invention
In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
The a part of embodiment of the present invention rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under not making creative work premise, broadly falls into the scope of protection of the invention.
Fig. 1 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment one, as it is shown in figure 1,
The executive agent of the present invention is data handling equipment based on bank's Mobile solution.Should data based on bank's Mobile solution process
Equipment is set up with the mobile terminal being provided with Mobile solution client and is connected, and sets up wireless such as by the mode such as bluetooth, WIFI
Connect.This mobile terminal can be smart mobile phone, panel computer etc..Then the embodiment of the present invention provide based on bank's Mobile solution
Data processing method comprise the following steps.
Step 101, obtains card number information and the trading password of bank card.
Wherein, in the present embodiment, card reader can be provided with in data handling equipment based on bank's Mobile solution, pass through
Card reader obtains the card number information of bank card.Wherein, card reader can include magnetic card reader and IC-card card reader.According to bank
The classification of card is different, if bank card is magnetic card, then by bank card from magnetic card reader swiped through, so that magnetic card reader obtains silver
The card number information of row card.If bank card is IC-card card reader, then by bank card and IC-card reader contact, so that IC-card card reader
Obtain the card number information of bank card.
In the present embodiment, hard manual can be set in data handling equipment based on bank's Mobile solution, use by second
Family taps the numeral in hard manual on hard manual, obtains the trading password of this bank card.
Wherein, the second user is the user passing through mobile terminal handling bank business to bank.
Step 102, reads the key being previously written in safety chip, and according to key and the AES pair of pre-stored
Trading password is encrypted, and forms cryptographic secret.
Specifically, in the present embodiment, safety chip is hardware circuit, is pre-written in safety chip by key, will
Key is solidificated in safety chip.When trading password is encrypted by needs, from safety chip, read be previously written close
Key, and according to the AES of key and pre-stored, trading password is encrypted, form cryptographic secret.
Wherein, in the present embodiment, type to AES does not limits, it is only necessary to ensure this AES and service end and
The decipherment algorithm of security platform has corresponding relation.As this AES can be symmetry encryption algorithm or can be
Unsymmetrical tridiagonal matrix algorithm.This AES can be stored in advance in safety chip.
Step 103, is sent to clothes by the identification information of the equipment of cryptographic secret, card number information and pre-stored by client
Business end, and it is sent to security platform by service end, so that cryptographic secret is decrypted and verifies by security platform, pass through in verification
The banking that rear execution bank card is corresponding.
Wherein, data handling equipment based on bank's Mobile solution and the mobile terminal loading bank's Mobile solution client
Carry out short-range communication.As being Bluetooth communication or WIFI communication.Between client and service end, and service end and security
Telecommunication is carried out between platform.
In the present embodiment, prestore, at security platform, the decipherment algorithm that AES is corresponding, also prestored friendship
Easily password and the mapping relations of card number information, and prestored the identification information of equipment and the mapping pass of bank's Mobile solution
System.
In the present embodiment, the identification information of the equipment of cryptographic secret, card number information and pre-stored is sent by client
To service end, so that cryptographic secret is decrypted by security platform according to the decipherment algorithm of pre-stored, it is thus achieved that trading password, and root
According to the mapping relations of the trading password prestored Yu card number information, verify whether this trading password is corresponding with card number information
Trading password, if this trading password is the trading password corresponding with card number information, then verifies successfully, believes according to the mark of this equipment
Breath obtains corresponding bank's Mobile solution, and successful for verification result is sent to service end, so that service end performs bank
The banking that card is corresponding.As banking be transferred account service, money transfer transactions, query the balance business etc..
If it should be noted that this trading password is not the trading password corresponding with card number information, then verifying failure, explanation
The trading password mistake of second user's input, then send verification failed message to service end and client, so that the second user is defeated
Enter correct trading password and complete banking.
The data processing method based on bank's Mobile solution that the present embodiment provides, by obtaining the card number information of bank card
And trading password;Read the key that is previously written in safety chip, and according to the AES of key and pre-stored to transaction
Password is encrypted, and forms cryptographic secret;The identification information of the equipment of cryptographic secret, card number information and pre-stored is passed through client
End is sent to service end, and is sent to security platform by service end, so that cryptographic secret is decrypted and verifies by security platform,
Verifying the banking corresponding by rear execution bank card.Owing to key is written in safety chip, when using key
Reading key from safety chip, the double secret key trading password according to reading is encrypted, it is achieved that firmly adding trading password
Close, it is possible to effectively to protect the safety of trading password, reduce the potential safety hazard of bank's Mobile solution.
Fig. 2 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment two, as in figure 2 it is shown,
The application scenarios of the present embodiment is the scene using this data handling equipment based on bank's Mobile solution for the first time.The present embodiment
On the basis of embodiment one, before step 101, further comprising the steps of:
Step 201, obtains the identification information of equipment, and by client, the identification information of equipment is sent to service end,
It is sent to security platform, so that Mobile solution corresponding with client for equipment is bound by security platform by service end.
Wherein, equipment is data handling equipment based on bank's Mobile solution, and the identification information of equipment can be this equipment
Numbering.Can also be other unique information representing this equipment, this is not limited by the present embodiment.The mark of Mobile solution
Information can be the information that the title of Mobile solution, numbering etc. uniquely represent this Mobile solution.
In the present embodiment, the identification information of equipment is stored in advance in safety chip, obtains equipment from safety chip
Identification information, and the identification information of this equipment is sent to service end by client, and it is sent to security platform by service end,
So that security platform by by the identification information of equipment with the identification information of Mobile solution by shifting corresponding with client for this equipment
Dynamic application is bound.
In the present embodiment, obtain the identification information of equipment, and the identification information of equipment is sent to service by client
Before end, security platform prestores the user name logging in bank's Mobile solution authorized, so that first user is stepped on
When recording the client of bank's Mobile solution, the identity of first user is authenticated by security platform, after certification is passed through, according to obtaining
Whether this equipment of the identification information judgment of the equipment taken is unbound state, if this equipment is unbound state, then by this equipment
Bind with this bank's Mobile solution.Ensure that a data handling equipment based on bank's Mobile solution moves with a bank
Application is bound, and ensures that the user logging in bank's Mobile solution is the user authorized.
Wherein, first user is the user having operating right to this client being provided with bank's Mobile solution, as permissible
For bank employee.
In the present embodiment, after Mobile solution corresponding with client for equipment is bound by service end, this equipment only allows
Communicate with the client of this Mobile solution, transmit data.
Step 202, receives key and certificate that service end is issued by service end and client.
Wherein, key is the key that this data handling equipment based on bank's Mobile solution is corresponding, each based on bank's shifting
The key that the data handling equipment of dynamic application is corresponding can be different.Certificate is the card setting up the communication between equipment and security platform
Book.
In the present embodiment, key and certificate also carry the version information of this key or certificate.
Step 203, is written to key in safety chip, and is stored by certificate, with set up equipment and service end it
Between communication.
In the present embodiment, key is written in safety chip, will be cured in safety chip by key.
It should be noted that after step 203, performing step 101-step 103, concrete implementation mode can be found in this
Invent the detailed description in data processing method embodiment one based on bank's Mobile solution.
The present embodiment provide data processing method based on bank's Mobile solution, obtain bank card card number information and
Before the trading password that card number information is corresponding, also include: obtain the identification information of equipment, and by the identification information of equipment by visitor
Family end is sent to service end, and is sent to security platform by service end, so that security platform is by shifting corresponding with client for equipment
Dynamic application is bound;Receive key and certificate that security platform is issued by service end and client;Key is written to peace
In full chip, and certificate is stored, to set up the communication between equipment and security platform.Make based on bank's Mobile solution
There is binding relationship, it is possible to make key and the base being written in safety chip between data handling equipment and the Mobile solution of bank
Between the data handling equipment of bank's Mobile solution, there is one-to-one relationship, it is to avoid data of based on bank's Mobile solution
When processing equipment suffers malicious attack, make the risk that the data of multiple banks Mobile solution are all stolen or pollute.
Fig. 3 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment three, as it is shown on figure 3,
The application scenarios of the present embodiment is: open the client of bank Mobile solution, and with these data based on bank's Mobile solution at
After reason equipment sets up communication connection, first user is second user's handling bank business.Wherein, first user is for be provided with this
The client of bank's Mobile solution has the user of operating right, and as being bank employee, the second user is for use shifting to bank
The user of dynamic terminal handling bank business.Then the present embodiment provide data processing method based on bank's Mobile solution include with
Lower step.
Step 301, is sent the version information of the identification information of equipment, the version information of key and certificate by client
To service end, and it is sent to security platform by service end, so that according to the identification information judgment equipment of equipment whether security platform
The Mobile solution corresponding with client is bound, and judges key and card according to the version information of key and the version information of certificate
Book is the most before the deadline.
Specifically, in the present embodiment, the identification information of equipment is sent to security platform, so that security platform is according to equipment
Identification information search whether this equipment is bound with the Mobile solution of corresponding client, if this equipment is not with corresponding
The Mobile solution of client is bound, and the equipment that this equipment is not mated with the Mobile solution of client is described, it is impossible to
The data of the Mobile solution of this client are processed, if this equipment is bound with the Mobile solution of corresponding client,
Illustrate that this equipment is by the equipment mated with the Mobile solution of client, it is possible to the data of the Mobile solution of this client are carried out
Process.
In the present embodiment, the version information of key and the version information of certificate are sent to security platform, so that security is put down
Platform searches the key corresponding with this equipment and the version information of certificate of pre-stored according to the identification information of this equipment, if pre-stored
Key and/or the version information of certificate the most corresponding with the version information of the key of transmission and/or certificate, i.e. pre-in security platform
The key corresponding to this equipment of storage and/or the version information of certificate are higher than being sent to the key of security platform and/or certificate
Version information, then security platform by service end and client to this equipment send after being stored in the renewal in security platform close
Key and/or certificate.Communicate normally with security platform with guarantee equipment, and at the data in the follow-up Mobile solution to bank
The accuracy of reason.
If it should be noted that equipment receives security platform by the key after the renewal of service end and client transmission
And/or certificate, then the key that this equipment is written in safety chip is updated, and/or will be stored in safety chip
Certificate is updated.
Step 302, receives message to be encrypted or field that client sends.
Further, in the present embodiment, first user needs to send message or field, to do to service end by client
Reason banking.This message or field carry and relates to second user's property or the information of privacy, in order to ensure message or word
The safety of section, needs to be encrypted message or field, then this first user passes through client to this based on bank's Mobile solution
Data handling equipment send message to be encrypted or field, should data handling equipment based on bank's Mobile solution receive to be added
Close message or field.
Step 303, reads the key being previously written in safety chip, and according to key and the AES pair of pre-stored
Message to be encrypted or field are encrypted, and form message ciphertext or field ciphertext.
Further, in the present embodiment, in order to message to be encrypted or field are encrypted, then read and be previously written
Key in safe new product, and according to the AES of key and pre-stored, message to be encrypted or field are encrypted, shape
Become message ciphertext or field ciphertext.In the present embodiment, the type of the AES of pre-stored is not limited, only need to ensure that this is pre-
The AES of storage has corresponding relation with the decipherment algorithm of security platform and service end pre-stored.As being symmetry
AES or rivest, shamir, adelman.
Step 304, is sent to service end by the identification information of message ciphertext or field ciphertext and equipment by client, with
Make service end that message ciphertext or field ciphertext to be decrypted.
Further, in the present embodiment, the identification information of message ciphertext or field ciphertext and equipment is sent out by client
Give service end, so that message ciphertext or field ciphertext are decrypted by service end, according to equipment identification information after being decrypted,
Search the identification information of the bank Mobile solution corresponding with equipment, perform the message of this bank's Mobile solution or the silver that field is corresponding
Industry is engaged in.
After service end performs message or the banking that field is corresponding of this bank's Mobile solution, return to client and hold
Row result, if this business involves the need for the second user and provides trading password, the most also includes step 305-step 307.
Step 305, obtains card number information and the trading password of bank card.
In the present embodiment, the implementation of step 305 and present invention data processing entities based on bank's Mobile solution
The implementation of the step 101 in is identical, and this is no longer going to repeat them.
Step 306, reads the key being previously written in safety chip, and according to key and the AES pair of pre-stored
Trading password is encrypted, and forms cryptographic secret.
Further, in the present embodiment, the AES of the pre-stored used when trading password is encrypted and right
The AES of the pre-stored that message or field are used when being encrypted is same AES.
Step 307, is sent to clothes by the identification information of the equipment of cryptographic secret, card number information and pre-stored by client
Business end, and it is sent to security platform by service end, so that cryptographic secret is decrypted and verifies by security platform, pass through in verification
The banking that rear execution bank card is corresponding.
In the present embodiment, the implementation of step 307 and present invention data processing entities based on bank's Mobile solution
The implementation of the step 103 in is identical, and this is no longer going to repeat them.
The data processing method based on bank's Mobile solution that the present embodiment provides, by by the identification information of equipment, close
The version information of key and the version information of certificate are sent to service end by client, and are sent to security platform by service end,
So that security platform is bound according to the Mobile solution that the identification information judgment equipment of equipment is the most corresponding with client, according to
The version information of key and the version information of certificate judge key and certificate the most before the deadline, receive treating of client transmission
The message of encryption or field, read the key being previously written in safety chip, and according to key and the AES of pre-stored
Message to be encrypted or field are encrypted, form message ciphertext or field ciphertext, by message ciphertext or field ciphertext and set
Standby identification information is sent to service end by client, so that message ciphertext or field ciphertext are decrypted by service end, obtains
Take card number information and the trading password of bank card, read the key being previously written in safety chip, and according to key with prestore
Trading password is encrypted by the AES of storage, forms cryptographic secret, by the equipment of cryptographic secret, card number information and pre-stored
Identification information be sent to service end by client, and be sent to security platform by service end, so that security platform is to password
Ciphertext is decrypted and verifies, and is verifying the banking corresponding by rear execution bank card.Owing to moving based on bank in advance
Whether the data handling equipment of dynamic application is that binding state judges, and the version information prejudging key and certificate is
No identical with security platform, it is ensured that should data handling equipment based on bank's Mobile solution to be normal condition, it is possible to do
Reason banking.And during handling bank business, not only trading password is carried out hardware encryption, and to message or field
It is also carried out hardware encryption to process, ensures the safety of data in using mobile terminal handling bank business further.
Fig. 4 is the flow chart of present invention data processing method based on bank's Mobile solution embodiment four, as shown in Figure 4,
The application scenarios of the present embodiment is: open the client of bank Mobile solution, and with these data based on bank's Mobile solution at
After reason equipment sets up wireless connections, first user is second user's handling bank business, and the banking handled needs to ensure to send out
The message delivering to service end has integrity, then the data processing method based on bank's Mobile solution that the present embodiment provides includes
Following steps.
Step 401, is sent the version information of the identification information of equipment, the version information of key and certificate by client
To service end, and it is sent to security platform by service end, so that according to the identification information judgment equipment of equipment whether security platform
The Mobile solution corresponding with client is bound, and judges key and card according to the version information of key and the version information of certificate
Book is the most before the deadline.
In the present embodiment, the implementation of step 401 is real with present invention data processing method based on bank's Mobile solution
The implementation executing step 301 in example two is identical, and this is no longer going to repeat them.
Step 402, receives the message to be verified that client sends.
Further, in the present embodiment, first user needs to send message to service end by client, and needs ensure should
The integrity of message.Then this first user treats school by client to the transmission of this data handling equipment based on bank's Mobile solution
The message tested, data handling equipment based on bank's Mobile solution should receive this message to be verified.
Step 403, uses the integrity check algorithm of pre-stored, generates the check code of message to be verified.
Further, in the present embodiment, can in advance this integrity check algorithm be stored in safety chip, this integrity
Not limiting in checking algorithm the present embodiment, only need to ensure to prestore in this integrity check algorithm and security platform is complete
Property checking algorithm is unanimously.If this integrity check algorithm can be hash algorithm, it is also possible to calculate for other completeness checks
Method.According to the difference of integrity check algorithm, the check code of this message to be verified can be message authentication code or digest value etc..
Step 404, is sent to service end by the identification information of check code, message to be verified and equipment by client,
And be sent to security platform by server, so that security platform carries out completeness check according to check code to message to be verified.
Further, in the present embodiment, security platform uses the integrity check algorithm prestored, generation to receive
The check code of message to be verified, compares the check code of generation and the check code received, if the check code generated with
The check code received is consistent, then illustrate that the message to be verified received is complete message, do not usurped in transmitting procedure
Change.If the check code generated is inconsistent with the check code received, then illustrate that the message to be verified received is incomplete
Message, is tampered in transmitting procedure.
It should be noted that after security platform carries out completeness check to message to be verified, if message to be verified
For complete message, then according to the identification information of equipment, message is sent to the service end that the Mobile solution of bank is corresponding, by servicing
End performs the banking that message is corresponding.
The data processing method based on bank's Mobile solution that this enforcement provides, by receiving the to be verified of client transmission
Message, use the integrity check algorithm of pre-stored, generate the check code of message to be verified, by check code, to be verified
The identification information of message and equipment is sent to service end by client, and is sent to security platform by server, so that security
Platform carries out completeness check according to check code to message to be verified, it is achieved that complete to the data in bank's Mobile solution
Property verified, ensured further and used the safety of data in mobile terminal handling bank business.
Further, in the present embodiment, obtain the identity information of the second user, Yi Jitong also by identification card reader
Cross fingerprint identification module and gather the finger print information of the second user, be authenticated with the identity information to the second user, it is ensured that handle
The user of banking is bank card holder.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each method embodiment can be led to
The hardware crossing programmed instruction relevant completes.Aforesaid program can be stored in a read/write memory medium.This program is being held
During row, perform to include the step of above-mentioned each method embodiment;And aforesaid storage medium includes: ROM, RAM, magnetic disc or CD
Etc. the various media that can store program code.
Fig. 5 is the structural representation of present invention data handling equipment based on bank's Mobile solution embodiment one, such as Fig. 5 institute
Showing, the data handling equipment based on bank's Mobile solution that the present embodiment provides includes: card reader 51, hard manual 52, safe core
Sheet 53, communication module 54.
Wherein, card reader 51, hard manual 52, communication module 54 are connected with safety chip 53 respectively.
Wherein, card reader 51, for obtaining the card number information of bank card.Hard manual 52, is used for obtaining card number information corresponding
Trading password.Safety chip 53, for reading the key that is previously written in safety chip, and according to key and pre-stored
Trading password is encrypted by AES, forms cryptographic secret.Communication module 54, for by cryptographic secret, card number information and
The identification information of the equipment of pre-stored is sent to service end by client, and is sent to security platform by service end, so that peace
Cryptographic secret is decrypted and verifies by platform of keeping tie, and is verifying the banking corresponding by rear execution bank card.
The data handling equipment based on bank's Mobile solution that the present embodiment provides can perform embodiment of the method shown in Fig. 1
Technical scheme, it is similar with technique effect that it realizes principle, and here is omitted.
Fig. 6 is the structural representation of present invention data handling equipment based on bank's Mobile solution embodiment two;Such as Fig. 6 institute
Show, the present embodiment provide data handling equipment based on bank's Mobile solution the present invention provide based on bank's Mobile solution
Data handling equipment embodiment one on the basis of, be a particularly preferred embodiment.
Further, communication module 54, it is additionally operable to the identification information of acquisition equipment, and by the identification information of equipment by visitor
Family end is sent to service end, service end be sent to security platform, so that security platform is by movement corresponding with client for equipment
Application is bound;Receive key and certificate that security platform is issued by service end and client.Safety chip 53, is additionally operable to
Key is written in safety chip, and certificate is stored, to set up the communication between equipment and security platform.
Further, communication module 54, it is additionally operable to the identification information of equipment, the version information of key and the version of certificate
Information is sent to service end by client, and is sent to security platform by service end, so that security platform is according to the mark of equipment
Knowledge information judges that the Mobile solution that equipment is the most corresponding with client is bound, according to version information and the version of certificate of key
This information judges key and certificate the most before the deadline.
Further, communication module 54, it is additionally operable to receive message to be encrypted or the field that client sends.Safety chip
53, it is additionally operable to read the key being previously written in safety chip, and according to the AES of key and pre-stored to be encrypted
Message or field be encrypted, form message ciphertext or field ciphertext.Communication module 54, is additionally operable to message ciphertext or field
The identification information of ciphertext and equipment is sent to service end by client, so that message ciphertext or field ciphertext are carried out by service end
Deciphering.
Further, communication module 54, it is additionally operable to receive the message to be verified that client sends.Safety chip 53, also
For using the integrity check algorithm of pre-stored, generate the check code of message to be verified.Communication module 54, is additionally operable to high-ranking officers
The identification information testing code, message to be verified and equipment is sent to service end by client, and is sent to security by server
Platform, so that security platform carries out completeness check according to check code to message to be verified.
The data handling equipment based on bank's Mobile solution that the present embodiment provides can perform shown in Fig. 2, Fig. 3 and Fig. 4
The technical scheme of embodiment of the method, it is similar with technique effect that it realizes principle, and here is omitted.
Further, as shown in Figure 6, the data handling equipment based on bank's Mobile solution that the present embodiment provides, also wrap
Include: identification card reader 61 and fingerprint identification module 62.
Wherein, identification card reader 61 is connected with safety chip 53 respectively with fingerprint identification module 62.
Identification card reader 61, for obtaining the identity information of the second user, fingerprint identification module 62, for collection second
The finger print information of user.It is authenticated with the identity information to the second user, it is ensured that the user of handling bank business is bank card
Holder.
Last it is noted that various embodiments above is only in order to illustrate technical scheme, it is not intended to limit;To the greatest extent
The present invention has been described in detail by pipe with reference to foregoing embodiments, it will be understood by those within the art that: it depends on
So the technical scheme described in foregoing embodiments can be modified, or the most some or all of technical characteristic is entered
Row equivalent;And these amendments or replacement, do not make the essence of appropriate technical solution depart from various embodiments of the present invention technology
The scope of scheme.
Claims (10)
1. a data processing method based on bank's Mobile solution, it is characterised in that including:
Obtain card number information and the trading password of bank card;
Read the key that is previously written in safety chip, and according to the AES of described key and pre-stored to described transaction
Password is encrypted, and forms cryptographic secret;
The identification information of the equipment of described cryptographic secret, described card number information and pre-stored is sent to service by client
End, and it is sent to security platform by described service end, so that described cryptographic secret is decrypted and verifies by described security platform,
Verifying the banking corresponding by the described bank card of rear execution.
Method the most according to claim 1, it is characterised in that the card number information of described acquisition bank card and described card number letter
Before the trading password that breath is corresponding, also include:
Obtain the identification information of described equipment, and the identification information of described equipment is sent to described service by described client
End, is sent to described security platform by described service end, so that described security platform is by shifting corresponding with client for described equipment
Dynamic application is bound;
Receive key and certificate that described security platform is issued by described service end and described client;
Described key is written in described safety chip, and described certificate is stored, to set up described equipment with described
Communication between security platform.
Method the most according to claim 2, it is characterised in that described described key is written in described safety chip,
And described certificate is stored, after setting up the communication between described equipment and described service end, also include:
The version information of the identification information of described equipment, the version information of key and certificate is sent to institute by described client
State service end, and be sent to described security platform by described service end, so that described security platform is according to the mark of described equipment
Information judges that the Mobile solution that described equipment is the most corresponding with client is bound, according to the version information of key and certificate
Version information judges described key and described certificate the most before the deadline.
Method the most according to claim 3, it is characterised in that also include:
Receive message to be encrypted or field that described client sends;
Read the key that is previously written in safety chip, and according to the AES of described key and described pre-stored to described
Message to be encrypted or field are encrypted, and form message ciphertext or field ciphertext;
The identification information of described message ciphertext or field ciphertext and described equipment is sent to service end by client, so that institute
State service end described message ciphertext or field ciphertext are decrypted.
5. according to the method described in any one of claim 1-4, it is characterised in that also include:
Receive the message to be verified that described client sends;
Use the integrity check algorithm of pre-stored, generate the check code of described message to be verified;
The identification information of described check code, described message to be verified and described equipment is sent to described service by client
End, and it is sent to described security platform by described server, so that described security platform treats school according to described check code to described
The message tested carries out completeness check.
6. a data handling equipment based on bank's Mobile solution, it is characterised in that including: card reader, hard manual, safe core
Sheet, communication module, described card reader, described hard manual, described communication module are connected with described safety chip respectively;
Described card reader, for obtaining the card number information of bank card;
Described hard manual, for obtaining the trading password that described card number information is corresponding;
Described safety chip, for reading the key that is previously written in safety chip, and according to described key and pre-stored
Described trading password is encrypted by AES, forms cryptographic secret;
Described communication module, for passing through the identification information of the equipment of described cryptographic secret, described card number information and pre-stored
Client is sent to service end, and is sent to security platform by described service end, so that described security platform is close to described password
Literary composition is decrypted and verifies, and is verifying the banking corresponding by the described bank card of rear execution.
Equipment the most according to claim 6, it is characterised in that described communication module, is additionally operable to obtain the mark of described equipment
Knowledge information, and the identification information of described equipment is sent to service end by client, service end it is sent to security platform, with
Described security platform is made to be bound by Mobile solution corresponding with client for described equipment;Receive described security platform and pass through institute
State service end and key that described client issues and certificate;
Described safety chip, is additionally operable to be written in described safety chip described key, and is stored by described certificate, with
Set up the communication between described equipment and described security platform.
Equipment the most according to claim 7, it is characterised in that described communication module, is additionally operable to the mark of described equipment
The version information of information, the version information of key and certificate is sent to described service end by described client, and by described clothes
Business end is sent to described security platform, so that according to equipment described in the identification information judgment of described equipment whether described security platform
The Mobile solution corresponding with client is bound, and judges described key according to the version information of key and the version information of certificate
With described certificate the most before the deadline.
Equipment the most according to claim 8, it is characterised in that described communication module, is additionally operable to receive described client and sends out
The message to be encrypted sent or field;
Described safety chip, is additionally operable to read the key being previously written in safety chip, and according to described key and described pre-
Described message to be encrypted or field are encrypted by the AES of storage, form message ciphertext or field ciphertext;
Described communication module, is additionally operable to the identification information of described message ciphertext or field ciphertext and described equipment is passed through client
It is sent to service end, so that described message ciphertext or field ciphertext are decrypted by described service end.
10., according to the equipment described in any one of claim 6-9, it is characterised in that described communication module, it is additionally operable to reception described
The message to be verified that client sends;
Described safety chip, is additionally operable to use the integrity check algorithm of pre-stored, generates the verification of described message to be verified
Code;
Described communication module, is additionally operable to pass through the identification information of described check code, described message to be verified and described equipment
Client is sent to service end, and is sent to security platform by server, so that described security platform is according to described check code pair
Described message to be verified carries out completeness check.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610780087.8A CN106296177A (en) | 2016-08-30 | 2016-08-30 | Data processing method based on bank's Mobile solution and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610780087.8A CN106296177A (en) | 2016-08-30 | 2016-08-30 | Data processing method based on bank's Mobile solution and equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106296177A true CN106296177A (en) | 2017-01-04 |
Family
ID=57673676
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610780087.8A Pending CN106296177A (en) | 2016-08-30 | 2016-08-30 | Data processing method based on bank's Mobile solution and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106296177A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108052550A (en) * | 2017-11-28 | 2018-05-18 | 平安养老保险股份有限公司 | Annuity data receiver method, device, computer equipment and storage medium |
WO2018137302A1 (en) * | 2017-01-25 | 2018-08-02 | 华为技术有限公司 | Method and device for adding bank card |
CN111311261A (en) * | 2020-02-24 | 2020-06-19 | 中国工商银行股份有限公司 | Security processing method, device and system for online transaction |
CN111754240A (en) * | 2020-07-01 | 2020-10-09 | 中国银行股份有限公司 | Bank card state checking method and device |
CN112149166A (en) * | 2020-09-29 | 2020-12-29 | 中国银行股份有限公司 | Unconventional password protection method and intelligent bank machine |
CN112235258A (en) * | 2020-09-24 | 2021-01-15 | 黄杰 | Encryption/decryption method, encryption/decryption system, and encryption/decryption device for information transmission |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102123027A (en) * | 2011-03-15 | 2011-07-13 | 钱袋网(北京)信息技术有限公司 | Information security processing method and mobile terminal |
CN103095456A (en) * | 2013-01-10 | 2013-05-08 | 天地融科技股份有限公司 | Method and system for processing transaction messages |
CN104125237A (en) * | 2014-08-13 | 2014-10-29 | 广州市易票联支付技术有限公司 | Security verification method on the basis of POS (Point Of Sale) machine |
CN105097003A (en) * | 2015-09-18 | 2015-11-25 | 芯佰微电子(北京)有限公司 | Secret key built-in read-only memory protection circuit for security chip |
-
2016
- 2016-08-30 CN CN201610780087.8A patent/CN106296177A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102123027A (en) * | 2011-03-15 | 2011-07-13 | 钱袋网(北京)信息技术有限公司 | Information security processing method and mobile terminal |
CN103095456A (en) * | 2013-01-10 | 2013-05-08 | 天地融科技股份有限公司 | Method and system for processing transaction messages |
CN104125237A (en) * | 2014-08-13 | 2014-10-29 | 广州市易票联支付技术有限公司 | Security verification method on the basis of POS (Point Of Sale) machine |
CN105097003A (en) * | 2015-09-18 | 2015-11-25 | 芯佰微电子(北京)有限公司 | Secret key built-in read-only memory protection circuit for security chip |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018137302A1 (en) * | 2017-01-25 | 2018-08-02 | 华为技术有限公司 | Method and device for adding bank card |
US11017373B2 (en) | 2017-01-25 | 2021-05-25 | Huawei Technologies Co., Ltd. | Bank card adding method, and apparatus |
US11748737B2 (en) | 2017-01-25 | 2023-09-05 | Huawei Technologies Co., Ltd. | Bank card adding method, and apparatus |
CN108052550A (en) * | 2017-11-28 | 2018-05-18 | 平安养老保险股份有限公司 | Annuity data receiver method, device, computer equipment and storage medium |
CN108052550B (en) * | 2017-11-28 | 2020-07-07 | 平安养老保险股份有限公司 | Annuity data receiving method and device, computer equipment and storage medium |
CN111311261A (en) * | 2020-02-24 | 2020-06-19 | 中国工商银行股份有限公司 | Security processing method, device and system for online transaction |
CN111311261B (en) * | 2020-02-24 | 2023-07-21 | 中国工商银行股份有限公司 | Safe processing method, device and system for online transaction |
CN111754240A (en) * | 2020-07-01 | 2020-10-09 | 中国银行股份有限公司 | Bank card state checking method and device |
CN111754240B (en) * | 2020-07-01 | 2023-09-19 | 中国银行股份有限公司 | Bank card state verification method and device |
CN112235258A (en) * | 2020-09-24 | 2021-01-15 | 黄杰 | Encryption/decryption method, encryption/decryption system, and encryption/decryption device for information transmission |
CN112149166A (en) * | 2020-09-29 | 2020-12-29 | 中国银行股份有限公司 | Unconventional password protection method and intelligent bank machine |
CN112149166B (en) * | 2020-09-29 | 2023-09-26 | 中国银行股份有限公司 | Unconventional password protection method and intelligent bank machine |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10397780B2 (en) | Anonymous authentication and remote wireless token access | |
CN106296177A (en) | Data processing method based on bank's Mobile solution and equipment | |
KR102477453B1 (en) | Transaction messaging | |
CN100498742C (en) | Reliable U disc, method for realizing reliable U disc safety and its data communication with computer | |
CN100533459C (en) | Data safety reading method and safety storage apparatus thereof | |
EP3017580B1 (en) | Signatures for near field communications | |
CN102333072B (en) | Network banking trusted transaction system and method based on intelligent terminal | |
CN106899551A (en) | Authentication method, certification terminal and system | |
CN101299254A (en) | Payment system and payment method thereof | |
US11887022B2 (en) | Systems and methods for provisioning point of sale terminals | |
Cheng et al. | A secure and practical key management mechanism for NFC read-write mode | |
CN105897721A (en) | Method and device for verifying reliability of identity of financial card user | |
CN106789024A (en) | A kind of remote de-locking method, device and system | |
CN104899741A (en) | Online payment method and online payment system based on IC bank card | |
KR101795450B1 (en) | Verification mehod and appratus based on security tunnel | |
CN106712952B (en) | Radio frequency tag security identification method and system | |
CN104835038A (en) | Networking payment device and networking payment method | |
Margraf et al. | Security evaluation of apple pay at point-of-sale terminals | |
US11562346B2 (en) | Contactless card with multiple rotating security keys | |
CN104935550A (en) | Intelligent electronic commerce user management system technique and operating method thereof | |
CN107395600A (en) | Business datum verification method, service platform and mobile terminal | |
US9768964B2 (en) | Certified identification system and method | |
CN110546668B (en) | Dynamic authentication method and system for card transaction | |
CN114445071A (en) | Payment method, payment device, computer-readable storage medium and electronic equipment | |
CN104240387A (en) | Method and system for processing bank card transaction |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170104 |