CN106603237B - Safe payment method and device - Google Patents

Safe payment method and device Download PDF

Info

Publication number
CN106603237B
CN106603237B CN201510673116.6A CN201510673116A CN106603237B CN 106603237 B CN106603237 B CN 106603237B CN 201510673116 A CN201510673116 A CN 201510673116A CN 106603237 B CN106603237 B CN 106603237B
Authority
CN
China
Prior art keywords
characteristic information
terminal
information
payment
registration
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510673116.6A
Other languages
Chinese (zh)
Other versions
CN106603237A (en
Inventor
李新宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Priority to CN201510673116.6A priority Critical patent/CN106603237B/en
Publication of CN106603237A publication Critical patent/CN106603237A/en
Application granted granted Critical
Publication of CN106603237B publication Critical patent/CN106603237B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a secure payment method and a secure payment device. The secure payment method comprises the following steps: in a safety mode, acquiring first characteristic information of a current user; matching the first characteristic information with second characteristic information to obtain a matching result, wherein the second characteristic information comprises decryption information of stored characteristic information, and the stored characteristic information comprises encryption information of registered characteristic information obtained when the current user is registered; and sending the matching result to a server so that the server determines whether to execute a payment process. The method and the device have the advantages that the characteristic information of the user is obtained and matched in the safety mode, so that the safety of the payment system is improved, the matching of the characteristic information of the user is executed on the terminal side, and the safety of the payment system is further improved.

Description

Safe payment method and device
Technical Field
The invention relates to payment technology, in particular to a secure payment method and device.
Background
With the development of science and technology, the phenomenon that the terminal pays through the internet becomes more and more common.
Generally, when a user initiates a payment request, the user may first input a payment password, such as a string of numbers, through an input box on a terminal interface, then send the payment password to a server of a payment network through the internet, and then the server matches the stored password with the payment password, if the matching is successful, a payment process is performed, otherwise, a password authentication failure message is sent to the terminal, where the stored password is a registration password stored at the server when the user registers user information.
However, in the implementation of the above prior art, those skilled in the art find that the payment password input into the input box is very easy to be intercepted and cracked, thereby resulting in low security of the payment system.
Disclosure of Invention
In order to solve the technical problem, the invention provides a secure payment method and a secure payment device, which are used for solving the problem of low security of a payment system.
In order to achieve the object of the present invention, the present invention provides a secure payment method, comprising: in the case of the secure mode, the user may,
acquiring first characteristic information of a current user;
matching the first characteristic information with second characteristic information to obtain a matching result, wherein the second characteristic information comprises decryption information of stored characteristic information, and the stored characteristic information comprises encryption information of registered characteristic information obtained when the current user is registered;
and sending the matching result to a server so that the server determines whether to execute a payment process.
Further, before the matching the first feature information and the second feature information to obtain a matching result, the method further includes:
acquiring the storage characteristic information and a terminal identifier of the terminal;
determining a decryption key according to the terminal identifier, wherein the decryption key corresponds to the terminal identifier;
and decrypting the stored characteristic information through the decryption key to obtain the second characteristic information.
Further, before the obtaining of the first feature information of the current user, the method further includes:
acquiring the registration characteristic information when a user registers;
determining an encryption key according to the terminal identifier, wherein the encryption key corresponds to the terminal identifier;
and encrypting the registration characteristic information by the encryption key to obtain the storage characteristic information.
Further, after the encrypting the registration feature information by the encryption key to obtain the encrypted feature information, the method further includes:
and storing the storage characteristic information in a safe storage area of the terminal.
Further, before the obtaining of the first feature information of the current user, the method further includes:
acquiring a payment request;
and converting the operation mode of the terminal from a common mode to a safe mode according to the payment request.
The invention also provides a secure payment device, comprising: in the case of the secure mode, the user may,
the acquisition module is used for acquiring first characteristic information of a current user;
the processing module is used for matching the first characteristic information with second characteristic information to obtain a matching result, wherein the second characteristic information comprises decryption information of stored characteristic information, and the stored characteristic information comprises encryption information of registered characteristic information obtained when the current user is registered;
and the sending module is used for sending the matching result to a server so that the server determines whether to execute a payment process.
Further, the obtaining module is further configured to obtain the storage characteristic information and a terminal identifier of the terminal;
the processing module is further configured to determine a decryption key according to the terminal identifier, where the decryption key corresponds to the terminal identifier; and decrypting the stored characteristic information through the decryption key to obtain the second characteristic information.
Further, the obtaining module is further configured to obtain the registration feature information when the user registers;
the processing module is further configured to determine an encryption key according to the terminal identifier, where the encryption key corresponds to the terminal identifier; and encrypting the registration characteristic information by the encryption key to obtain the storage characteristic information.
Further, the processing module is further configured to store the storage characteristic information in a secure storage area of the terminal.
Further, the obtaining module is further configured to obtain a payment request;
and the processing module is also used for converting the operation mode of the terminal from a common mode to a safe mode according to the payment request.
Compared with the prior art, the method comprises the steps of acquiring first characteristic information of a current user in a safety mode; matching the first characteristic information with second characteristic information to obtain a matching result, wherein the second characteristic information comprises decryption information of stored characteristic information, and the stored characteristic information comprises encryption information of registered characteristic information which is arranged at a terminal and is obtained when a user registers; and sending the matching result to a server so that the server determines whether to execute a payment process. The method and the device have the advantages that the characteristic information of the user is obtained and matched in the safety mode, so that the safety of the payment system is improved, the matching of the characteristic information of the user is executed on the terminal side, and the safety of the payment system is further improved.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the example serve to explain the principles of the invention and not to limit the invention.
FIG. 1 is a schematic flow chart diagram illustrating a secure payment method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an embodiment of the secure payment device of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
The secure payment method provided by the embodiment of the invention can be particularly applied to a terminal for payment through the internet, wherein the terminal can be a mobile terminal, such as a smart phone, a computer or a tablet computer (Portable Android Device, PAD for short) and the like. The embodiment provides
The secure payment method may be specifically performed by a secure payment apparatus, which may be integrated in the mobile terminal or separately provided, wherein the secure payment apparatus may be implemented in a software and/or hardware manner. The secure payment method and the device thereof provided by the present embodiment are described in detail below.
Fig. 1 is a schematic flow diagram of an embodiment of a secure payment method of the present invention, and as shown in fig. 1, an execution main body of the embodiment may be a secure payment device, and the secure payment method provided by the present invention includes: in the case of the secure mode, the user may,
step 101, obtaining first characteristic information of a current user.
The first characteristic information in this embodiment may include any one of fingerprint information, voiceprint information, eye print information, and Near Field Communication (NFC) information, or a combination thereof.
It should be noted that the method executed in this embodiment is executed in the secure mode, where when the processor executes the operation in the secure mode, a high security isolation from the data in the normal non-secure mode can be achieved. For example, the Trustzone operating environment of a commonly-used terminal development platform (high-pass platform) is a secure environment. Since both memory and data are strictly protected, an illegal user cannot obtain any useful information in a secure environment, which has the highest security level. That is, the security mode may implement some operations with high security level, such as checking to load firmware data of each stage when the processing system is powered on, memory protection, and instruction protection of the processor.
And 102, matching the first characteristic information with the second characteristic information to obtain a matching result.
In this embodiment, the second feature information includes decryption information of stored feature information, and the stored feature information includes encryption information of registered feature information obtained when the current user is registered.
Step 103, sending the matching result to a server so that the server determines whether to execute a payment process.
The sending of the matching result to the server to enable the server to determine whether to execute a payment process, that is, a payment process corresponding to the current user, may include the following two implementation manners:
in a first implementation manner, the secure payment device may send a matching result, that is, a success or a failure of matching, to the server, and the server determines whether to execute the payment process according to the matching result, for example, determines to execute the payment process according to the success of matching, or determines not to execute the payment process according to the failure of matching.
In a second implementation manner, the secure payment device may send the matching result, the first feature information, and the terminal identifier of the terminal to the server, and then, if the matching fails, determine not to execute the payment process, if the matching result is that the matching succeeds, the server determines to register the feature information according to the terminal identifier, and matches the first feature information with the registered feature information again, if the matching succeeds again, execute the payment process, and if the matching fails again, not execute the payment process.
In this embodiment, in the security mode, first feature information of a current user is acquired; matching the first characteristic information with second characteristic information to obtain a matching result, wherein the second characteristic information comprises decryption information of stored characteristic information, and the stored characteristic information comprises encryption information of registered characteristic information obtained when the current user is registered; and sending the matching result to a server so that the server determines whether to execute a payment process. The method and the device have the advantages that the characteristic information of the user is obtained and matched in the safety mode, so that the safety of the payment system is improved, the matching of the characteristic information of the user is executed on the terminal side, and the safety of the payment system is further improved.
On the basis of the foregoing embodiment, before the matching the first feature information and the second feature information to obtain a matching result, the method further includes:
acquiring the storage characteristic information and a terminal identifier of the terminal, wherein the terminal comprises a device for storing the second characteristic information;
determining a decryption key according to the terminal identifier, wherein the decryption key corresponds to the terminal identifier;
and decrypting the stored characteristic information through the decryption key to obtain the second characteristic information.
In this embodiment, the terminal identifier is used to determine the decryption key, so that the terminal identifier is the only information used to determine the decryption key, and thus the stored characteristic information is copied to other devices, and the decryption key cannot be obtained, thereby improving the security of the payment system.
Further, on the basis of the foregoing embodiment, before the acquiring the first feature information of the current user, the method may further include:
acquiring the registration characteristic information when a user registers;
determining an encryption key according to the terminal identifier, wherein the encryption key corresponds to the terminal identifier;
and encrypting the registration characteristic information by the encryption key to obtain the storage characteristic information.
Further, after the encrypting the registration feature information by the encryption key to obtain the encrypted feature information, the method further includes:
and storing the storage characteristic information in a safe storage area of the terminal.
Optionally, before the obtaining of the first feature information of the current user, the method may further include:
acquiring a payment request;
and converting the operation mode of the terminal from a common mode to a safe mode according to the payment request.
Fig. 2 is a schematic structural diagram of an embodiment of the secure payment apparatus of the present invention, and as shown in fig. 2, the secure payment method provided by the present invention includes: an acquisition module 21, a processing module 22 and a sending module 23. Wherein,
in the case of the secure mode, the user may,
an obtaining module 21, configured to obtain first feature information of a current user;
a processing module 22, configured to match the first feature information with second feature information to obtain a matching result, where the second feature information includes decryption information of stored feature information, and the stored feature information includes encryption information of registered feature information obtained when the current user is registered;
a sending module 23, configured to send the matching result to a server, so that the server determines whether to execute a payment procedure.
In this embodiment, in the security mode, first feature information of a current user is acquired; matching the first characteristic information with second characteristic information to obtain a matching result, wherein the second characteristic information comprises decryption information of stored characteristic information, and the stored characteristic information comprises encryption information of registered characteristic information obtained when the current user is registered; and sending the matching result to a server so that the server determines whether to execute a payment process. The method and the device have the advantages that the characteristic information of the user is obtained and matched in the safety mode, so that the safety of the payment system is improved, the matching of the characteristic information of the user is executed on the terminal side, and the safety of the payment system is further improved.
On the basis of the foregoing embodiment, the obtaining module 21 is further configured to obtain the storage feature information and a terminal identifier of the terminal;
the processing module 22 is further configured to determine a decryption key according to the terminal identifier, where the decryption key corresponds to the terminal identifier; and decrypting the stored characteristic information through the decryption key to obtain the second characteristic information.
In this embodiment, the terminal identifier is used to determine the decryption key, so that the terminal identifier is the only information used to determine the decryption key, and thus the stored characteristic information is copied to other devices, and the decryption key cannot be obtained, thereby improving the security of the payment system.
Further, on the basis of the above embodiment, the obtaining module 21 is further configured to obtain the registration feature information when the user registers;
the processing module 22 is further configured to determine an encryption key according to the terminal identifier, where the encryption key corresponds to the terminal identifier; and encrypting the registration characteristic information by the encryption key to obtain the storage characteristic information.
Further, on the basis of the above embodiment, the processing module 22 is further configured to store the storage characteristic information in a secure storage area of the terminal.
Optionally, on the basis of the foregoing embodiment, the obtaining module 21 is further configured to obtain a payment request;
the processing module 22 is further configured to convert the operation mode of the terminal from a normal mode to a secure mode according to the payment request.
Although the embodiments of the present invention have been described above, the above description is only for the convenience of understanding the present invention, and is not intended to limit the present invention. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (8)

1. A secure payment method, comprising: in the case of the secure mode, the user may,
acquiring first characteristic information of a current user;
acquiring storage characteristic information and a terminal identifier of a terminal;
determining a decryption key according to the terminal identifier, wherein the decryption key corresponds to the terminal identifier;
decrypting the stored characteristic information through the decryption key to obtain second characteristic information;
matching the first characteristic information with second characteristic information to obtain a matching result, wherein the second characteristic information comprises decryption information of stored characteristic information, and the stored characteristic information comprises encryption information of registered characteristic information obtained when the current user is registered;
and sending the matching result, the first characteristic information and the terminal identification of the terminal to a server, so that when the server receives the matching result successfully, the server determines the registration characteristic information according to the terminal identification, matches the first characteristic information with the registration characteristic information, and if the matching is successful, executes a payment process.
2. The method of claim 1, wherein before obtaining the first feature information of the current user, the method further comprises:
acquiring the registration characteristic information when a user registers;
determining an encryption key according to the terminal identifier, wherein the encryption key corresponds to the terminal identifier;
and encrypting the registration characteristic information by the encryption key to obtain the storage characteristic information.
3. The method according to claim 2, wherein after the obtaining the stored feature information by encrypting the registration feature information with the encryption key, further comprising:
and storing the storage characteristic information in a safe storage area of the terminal.
4. The method according to any one of claims 1 to 3, wherein before the obtaining the first feature information of the current user, the method further comprises:
acquiring a payment request;
and converting the operation mode of the terminal from a common mode to a safe mode according to the payment request.
5. A secure payment device, comprising: in the case of the secure mode, the user may,
the acquisition module is used for acquiring first characteristic information of a current user, storing the characteristic information and a terminal identifier of a terminal;
the processing module is used for determining a decryption key according to the terminal identifier, and the decryption key corresponds to the terminal identifier; decrypting the stored characteristic information through the decryption key to obtain second characteristic information, and matching the first characteristic information with the second characteristic information to obtain a matching result, wherein the second characteristic information comprises decryption information of the stored characteristic information, and the stored characteristic information comprises encryption information of registration characteristic information obtained when the current user registers;
and the sending module is used for sending the matching result, the first characteristic information and the terminal identification of the terminal to the server so that the server determines the registration characteristic information according to the terminal identification when the matching result is received successfully, matches the first characteristic information with the registration characteristic information, and executes a payment process if the matching is successful.
6. The apparatus according to claim 5, wherein the obtaining module is further configured to obtain the registration feature information when the user registers;
the processing module is further configured to determine an encryption key according to the terminal identifier, where the encryption key corresponds to the terminal identifier; and encrypting the registration characteristic information by the encryption key to obtain the storage characteristic information.
7. The apparatus of claim 6, wherein the processing module is further configured to store the storage characteristic information in a secure storage area of the terminal.
8. The apparatus according to any one of claims 5-7, wherein the obtaining module is further configured to obtain a payment request;
and the processing module is also used for converting the operation mode of the terminal from a common mode to a safe mode according to the payment request.
CN201510673116.6A 2015-10-16 2015-10-16 Safe payment method and device Active CN106603237B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510673116.6A CN106603237B (en) 2015-10-16 2015-10-16 Safe payment method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510673116.6A CN106603237B (en) 2015-10-16 2015-10-16 Safe payment method and device

Publications (2)

Publication Number Publication Date
CN106603237A CN106603237A (en) 2017-04-26
CN106603237B true CN106603237B (en) 2022-02-08

Family

ID=58553908

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510673116.6A Active CN106603237B (en) 2015-10-16 2015-10-16 Safe payment method and device

Country Status (1)

Country Link
CN (1) CN106603237B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112418852A (en) * 2019-08-23 2021-02-26 中兴通讯股份有限公司 Secure payment method, terminal, server and payment system
CN111400688B (en) * 2020-03-20 2022-05-17 山东大学 Method for realizing mobile terminal voice identity verification by adopting TrustZone technology

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106936587B (en) * 2006-06-19 2020-05-12 维萨美国股份有限公司 Consumer authentication system and method
CN101325494B (en) * 2008-07-28 2011-08-03 华为终端有限公司 Method and device for protecting private information
BRPI1015475A2 (en) * 2009-03-30 2016-04-26 Apriva Llc method and mobile device for secure payment transaction
CN101901517A (en) * 2009-05-27 2010-12-01 上海点佰趣信息科技有限公司 Fingerprint payment certificate server, fingerprint payment method and system thereof
US8769784B2 (en) * 2009-11-02 2014-07-08 Authentify, Inc. Secure and efficient authentication using plug-in hardware compatible with desktops, laptops and/or smart mobile communication devices such as iPhones
CN102195778A (en) * 2010-03-16 2011-09-21 无锡指网生物识别科技有限公司 Fingerprint authentication method for Internet electronic payment
CN102314731A (en) * 2010-07-06 2012-01-11 中国银联股份有限公司 Mobile payment method and equipment for implementing same
CN103037065A (en) * 2011-09-30 2013-04-10 上海共联通信信息发展有限公司 Fingerprint mobile phone
CN102509400A (en) * 2011-11-04 2012-06-20 杭州中正生物认证技术有限公司 Fingerprint fixed-line phone network payment terminal, and system and method based on fingerprint fixed-line phone network payment terminal
CN102930436A (en) * 2012-10-23 2013-02-13 江苏乐买到网络科技有限公司 Mobile payment method and device
CN103679452A (en) * 2013-06-20 2014-03-26 腾讯科技(深圳)有限公司 Payment authentication method, device thereof and system thereof
CN103455913B (en) * 2013-08-26 2017-09-19 天地融科技股份有限公司 NFC payment, device, system and mobile terminal
CN103606084A (en) * 2013-12-03 2014-02-26 深圳市赛为智能股份有限公司 Mobile on-line payment method and system based on biometric features recognition
CN103646328A (en) * 2013-12-06 2014-03-19 上海众人网络安全技术有限公司 Camera-based security payment method
CN104601327B (en) * 2013-12-30 2019-01-29 腾讯科技(深圳)有限公司 A kind of safe verification method, relevant device and system
WO2015153559A1 (en) * 2014-03-31 2015-10-08 Wi-Lan Labs, Inc. System and method for biometric key management
CN104967593B (en) * 2014-10-15 2018-04-20 腾讯科技(深圳)有限公司 A kind of auth method, device and system
CN104573551A (en) * 2014-12-25 2015-04-29 广东欧珀移动通信有限公司 File processing method and mobile terminal

Also Published As

Publication number Publication date
CN106603237A (en) 2017-04-26

Similar Documents

Publication Publication Date Title
US9563764B2 (en) Method and apparatus for performing authentication between applications
US9270466B2 (en) System and method for temporary secure boot of an electronic device
JP6401784B2 (en) Payment authentication system, method and apparatus
US9762567B2 (en) Wireless communication of a user identifier and encrypted time-sensitive data
WO2017206250A1 (en) Method and device for destroying backup of terminal
KR101654778B1 (en) Hardware-enforced access protection
WO2015101310A1 (en) Service processing method, device and system
CN103279411A (en) Method and system of entering application programs based on fingerprint identification
CN113221128B (en) Account and password storage method and registration management system
US20180247313A1 (en) Fingerprint security element (se) module and payment verification method
CN111131300B (en) Communication method, terminal and server
CN109145628B (en) Data acquisition method and system based on trusted execution environment
WO2018018781A1 (en) Sim card information transmission method and device, and computer storage medium
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
CN104899496B (en) data reading method and terminal thereof
US12019717B2 (en) Method for the secure interaction of a user with a mobile terminal and a further entity
KR20160065261A (en) System for preventing forgery of application and method therefor
CN106603237B (en) Safe payment method and device
EP2985712B1 (en) Application encryption processing method, apparatus, and terminal
CN109075974B (en) Binding authentication method of fingerprint algorithm library and fingerprint sensor and fingerprint identification system
CN108322907B (en) Card opening method and terminal
US8819802B2 (en) User authentication
CN106533685B (en) Identity authentication method, device and system
CN110851881B (en) Security detection method and device for terminal equipment, electronic equipment and storage medium
US11516215B2 (en) Secure access to encrypted data of a user terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant