CN106845995A - A kind of method of Bluetooth intelligent card and its control transaction risk - Google Patents

A kind of method of Bluetooth intelligent card and its control transaction risk Download PDF

Info

Publication number
CN106845995A
CN106845995A CN201710039560.1A CN201710039560A CN106845995A CN 106845995 A CN106845995 A CN 106845995A CN 201710039560 A CN201710039560 A CN 201710039560A CN 106845995 A CN106845995 A CN 106845995A
Authority
CN
China
Prior art keywords
result
terminal
holder
transaction
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710039560.1A
Other languages
Chinese (zh)
Other versions
CN106845995B (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201710039560.1A priority Critical patent/CN106845995B/en
Publication of CN106845995A publication Critical patent/CN106845995A/en
Application granted granted Critical
Publication of CN106845995B publication Critical patent/CN106845995B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

The invention discloses a kind of Bluetooth intelligent card and its method for control transaction risk, the Bluetooth intelligent card after trading instruction is received, transaction risk is judged whether according to trading instruction without can just complete financial transaction by financial terminal, if there is risk, also include:Preparation is traded again after transaction stand-by mode is updated into more secure level, and the terminal behavior code of itself is updated according to transaction preparation result renewal terminal behavior result and/or before carrying out behavioural analysis;Behavioural analysis is carried out according to terminal authentication result and terminal behavior code afterwards and obtains behavioural analysis result, if behavioural analysis result is authorization requests ciphertext, Trading Authorization result is set for online process, and mobile terminal carries out on-line transaction;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, blue-tooth intelligence Card Rejections transaction, so as to improve the security and convenience of transaction.

Description

A kind of method of Bluetooth intelligent card and its control transaction risk
Technical field
The present invention relates to field of intelligent cards, the method for more particularly to a kind of Bluetooth intelligent card and its control transaction risk.
Background technology
In the prior art, intelligent calorie requirement passes through financial terminal (for example:POS) could complete financial transaction, and Kinds of risks is there is during transaction, security and convenience are poor.
The content of the invention
The invention provides a kind of Bluetooth intelligent card and its method for control transaction risk, above-mentioned technical problem is solved.
It is of the invention there is provided a kind of method of blue-tooth intelligence card control transaction risk, including:
Step s1:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
Step s2:The Bluetooth intelligent card receives the trading instruction from the mobile terminal by Bluetooth channels;
Step s3:The Bluetooth intelligent card is traded preparation according to the trading instruction and the transaction stand-by mode of itself Obtain transaction and prepare result, preparing result according to transaction updates terminal authentication result;
Step s4:The Bluetooth intelligent card carries out behavior according to the terminal authentication result and the terminal behavior code of itself Analysis obtains behavioural analysis result, if behavioural analysis result is authorization requests ciphertext, it is online place to set Trading Authorization result Reason, performs step s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, institute The transaction of blue-tooth intelligence Card Rejections is stated, is terminated;
Step s5:The Bluetooth intelligent card is sent by Bluetooth channels to the mobile terminal includes the Trading Authorization knot The transaction message of the Transaction Information in fruit and the trading instruction;
Step s6:The Bluetooth intelligent card receives the transaction response from the mobile terminal by the Bluetooth channels;
Step s7:The Bluetooth intelligent card is according to the transaction response generation transaction record;
Step s8:The Bluetooth intelligent card sends the transaction record by Bluetooth channels to the mobile terminal, terminates;
After the trading instruction of the reception from the mobile terminal, also include:The Bluetooth intelligent card is according to Trading instruction judges whether transaction risk:When judged result is to be, also include before the step s3:The bluetooth intelligence Can block also includes before the transaction stand-by mode is updated into more secure level and/or the step s4:The bluetooth intelligence Can block and update the terminal behavior code of itself;When judged result is no, step s3 is performed.
Present invention also offers a kind of Bluetooth intelligent card, including:Link block, the first receiver module, transaction preparation module, First update module, behavioural analysis module, setting Authorization result module, the first sending module, the second receiver module, transaction record Module and the second sending module;
The link block, for setting up bluetooth connection with mobile terminal;
First receiver module, for after the link block sets up bluetooth connection with the mobile terminal, passing through Bluetooth channels receive the trading instruction from the mobile terminal;
The transaction preparation module, for the trading instruction that is received according to first receiver module and itself Transaction stand-by mode is traded preparation and obtains transaction preparation result;
First update module, the transaction for being obtained according to the transaction preparation module prepares result more new terminal and tests Card result;
The behavioural analysis module, for according to first update module update after terminal authentication result and itself Terminal behavior code carries out behavioural analysis and obtains behavioural analysis result;
The setting Authorization result module, if please to authorize for the behavioural analysis result that the behavioural analysis module is obtained Ciphertext is sought, then it is online process to set Trading Authorization result;If the behavioural analysis result that the behavioural analysis module is obtained is should Certification ciphertext is used, then Trading Authorization result is set to transaction refusal;
First sending module, for the Trading Authorization result to be set into connection when the setting Authorization result module After machine treatment, sent to the mobile terminal by Bluetooth channels in including the Trading Authorization result and the trading instruction The transaction message of Transaction Information;
Second receiver module, for receiving the transaction response from the mobile terminal by the Bluetooth channels;
The trades record module, the transaction response for being received according to second receiver module generates transaction Record;
Second sending module, gives birth to for sending the trades record module to the mobile terminal by Bluetooth channels Into the transaction record;
The Bluetooth intelligent card also includes:Risk judgment module, the second update module and/or the 3rd update module;
The risk judgment module, the trading instruction for being received according to first receiver module is judged whether Transaction risk;After the risk judgment module is judged as NO, the transaction preparation module is triggered;
Second update module, for after the risk judgment module is judged as YES, the transaction preparation module to be obtained Before preparing result to transaction, the transaction stand-by mode is updated to more secure level;
3rd update module, for after the risk judgment module is judged as YES, the behavioural analysis module to be obtained To before behavioural analysis result, the terminal behavior code of itself is updated.
Beneficial effects of the present invention:The invention provides a kind of Bluetooth intelligent card and its method for control transaction risk, institute Bluetooth intelligent card is stated without can just complete financial transaction by financial terminal, and after trading instruction is received, according to friendship Easily instruction judges whether transaction risk, if there is risk, also includes:After transaction stand-by mode is updated into more secure level Preparation is traded again, is updated certainly according to transaction preparation result renewal terminal behavior result and/or before carrying out behavioural analysis The terminal behavior code of body;Behavioural analysis is carried out according to terminal authentication result and terminal behavior code afterwards and obtains behavioural analysis knot Really, on-line transaction is judged whether to according to behavioural analysis result, improves the security and convenience of transaction.
Brief description of the drawings
Fig. 1 is a kind of flow chart of the method for blue-tooth intelligence card control transaction risk that the embodiment of the present invention 1 is provided;
Fig. 2 is a kind of flow chart of the method for blue-tooth intelligence card control transaction risk that the embodiment of the present invention 2 is provided;
Fig. 3 is the flow chart of the method for another blue-tooth intelligence card control transaction risk that the embodiment of the present invention 2 is provided;
Fig. 4 and Fig. 5 is a kind of flow of the method for blue-tooth intelligence card control transaction risk that the embodiment of the present invention 4 is provided Figure;
Fig. 6 is a kind of block diagram of Bluetooth intelligent card that the embodiment of the present invention 5 is provided.
Specific implementation method
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made Embodiment, belongs to the scope of protection of the invention.
Embodiment 1
The present embodiment has passed through a kind of method of blue-tooth intelligence card control transaction risk, as shown in figure 1, including:
Step s1:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
Step s2:Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels;
Step s3:Bluetooth intelligent card is traded preparation and is concluded the business according to trading instruction and the transaction stand-by mode of itself Prepare result, preparing result according to transaction updates terminal authentication result;
In the present embodiment, preparing result renewal terminal authentication result according to transaction can be specially:If transaction prepares result It is failure, then the data on the risk bit in terminal authentication result is updated to second value, the terminal after being updated The result;If it is successfully, the data on the risk bit in terminal authentication result to be updated into first that transaction prepares result Numerical value, the terminal authentication result after being updated.
In the present embodiment, before preparing result renewal terminal authentication result according to transaction, also include:Bluetooth intelligent card will be eventually It is the first numerical value to hold the data initialization on all bits of the result;
Preparing result renewal terminal authentication result according to transaction can also be specially:If it is failure that transaction prepares result, Data on risk bit in terminal authentication result are updated to second value, the terminal authentication result after being updated.
In the present embodiment, it is preferable that the first numerical value is 0, and second value is 1.
Step s4:Bluetooth intelligent card carries out behavioural analysis and obtains according to terminal authentication result and the terminal behavior code of itself Behavioural analysis result, if behavioural analysis result is authorization requests ciphertext, it is online process to set Trading Authorization result, performs step Rapid s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, Bluetooth intelligent card is refused Break off relations easily, terminate;
Wherein, behavioural analysis is carried out according to terminal authentication result and the terminal behavior code of itself, obtains behavioural analysis knot Really, specifically include:
Step s41:Bluetooth intelligent card is by the number on the terminal authentication result bit corresponding with terminal behavior code According to computing is carried out, operation result is obtained, be analysis result according to operation result line;
Step s42:Bluetooth intelligent card carries out card behavioural analysis according to terminal behavior analysis result, sets card behavior point Analysis result, using card behavior analysis result as behavioural analysis result.
Further, step s41 is specially:Bluetooth intelligent card is corresponding with terminal behavior code by terminal authentication result Data on bit are carried out and computing, if operation result is the first result, terminal behavior analysis result are set into request Online process;Otherwise, terminal behavior analysis result is set to requests transaction refusal;
If terminal behavior analysis result for requests transaction refuse when, step s42 is specially:Bluetooth intelligent card is according to terminal row For analysis result carries out card behavioural analysis, it is application authorization ciphertext to set card behavior analysis result, by card behavioural analysis Result is used as behavioural analysis result;When terminal behavior analysis result is processed for log-in, then by card behavior analysis result Authorization requests ciphertext or application authorization ciphertext are set to, using card behavior analysis result as behavioural analysis result.
Step s5:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization result and trading instruction In Transaction Information transaction message;
Step s6:Bluetooth intelligent card receives the transaction response from mobile terminal by Bluetooth channels;
Step s7:Bluetooth intelligent card is according to transaction response generation transaction record;
Step s8:Bluetooth intelligent card sends transaction record by Bluetooth channels to mobile terminal, terminates.
Receive after the trading instruction from mobile terminal, also include:Bluetooth intelligent card judges whether according to trading instruction There is transaction risk:When judged result is to be:
Also include before step s3:Transaction stand-by mode is updated to more secure level by Bluetooth intelligent card;
And/or, also include before step s4:Bluetooth intelligent card updates the terminal behavior code of itself;
When judged result is no, step s3 is performed.
Wherein, Bluetooth intelligent card judges whether transaction risk according to trading instruction, specifically includes:
Step a1:Bluetooth intelligent card obtains the air control data in trading instruction, judges to whether there is number in scratchpad area (SPA) According to if it is, using the data in scratchpad area (SPA) as air control historical data, performing step a2;Otherwise, judge do not exist Transaction risk, by air control data Cun Chudao scratchpad area (SPA)s, performs step s3;
Step a2:Bluetooth intelligent card calculates air control index according to air control data and air control historical data, judges air control index Whether the first risk threshold value is more than, if it is, there is transaction risk;Otherwise, in the absence of transaction risk, by air control data storage To in scratchpad area (SPA), step s3 is performed.
Further, can also include in transaction message:Air control data.
In the present embodiment, if Bluetooth intelligent card judges there is transaction risk according to trading instruction, by transaction stand-by mode more Newly to perform step s3 after more secure level, step s4 is performed after step s3;Then terminal behavior code can be default, tool Body ground, the data on bit corresponding with the risk bit in terminal authentication result in terminal behavior code are the second number Value.
It should be noted that, if the transaction stand-by mode of Bluetooth intelligent card be most level of security, when Bluetooth intelligent card according to After trading instruction judges to have transaction risk, Bluetooth intelligent card directly performs step s3.
In this example, Bluetooth intelligent card updates the terminal behavior code of itself can be specially:By in terminal behavior code With the data on the risk bit in terminal authentication result for the corresponding bit of bit of second value in, at least Data on one bit are updated to second value.
In the present embodiment, the terminal behavior code of itself is updated, can also be specially:By in terminal behavior code with end The data on the corresponding bit of risk bit in the result of end are updated to second value.
In the present embodiment, transaction stand-by mode includes:Off line authentication mode, treatment limitation mode, holder's authentication mode With terminal risk management mode;
Correspondingly, step s3 is specifically included:
Step s31:Bluetooth intelligent card selects to apply according to trading instruction, the application that initialization has been selected, and reads application note Record;
Step s32:Bluetooth intelligent card carries out off line certification according to the off line authentication mode of itself, obtains off line certification knot Really, terminal authentication result is updated according to off line authentication result;
Step s33:Bluetooth intelligent card carries out treatment limitation and obtains treatment limitation result according to the treatment of itself limitation mode, Terminal authentication result is updated according to treatment limitation result;
Step s34:Bluetooth intelligent card obtains the holder's authentication mode of itself according to the application record for reading;According to itself Holder's authentication mode checking carried out to holder obtain holder's the result, according to holder's the result, update eventually End the result;
Specifically, if Bluetooth intelligent card judges that, in the absence of transaction risk, Bluetooth intelligent card will be read according to trading instruction The authentication list of holder first in the application record got as itself the authentication list of holder second and preserve, according to holding The card authentication list of people second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself is carried out to holder Checking;If Bluetooth intelligent card judges there is transaction risk according to trading instruction, obtained according to the authentication list of holder second The holder's authentication mode of itself, the holder's authentication mode according to itself is verified to holder.
Step s35:Bluetooth intelligent card carries out terminal risk management according to the terminal risk management mode of itself, obtains terminal Risk management result, according to terminal risk management result, updates terminal authentication result.
Further, transaction stand-by mode is updated to more secure level by Bluetooth intelligent card, specially:Bluetooth intelligent card will At least one of off line authentication mode, treatment limitation mode, holder's authentication mode and terminal risk management mode are updated to More secure level, performs step s31.
Wherein, the off line authentication mode of itself is updated to safer rank, specially:Bluetooth intelligent card is according to itself Off line parameters for authentication that off line authentication mode is updated into level of security by level of security relatively low off line authentication mode is higher Off line authentication mode.
Further, the off line parameters for authentication according to itself by off line authentication mode by the relatively low off line certification of level of security Mode is updated to level of security off line authentication mode higher and is specially:Will be corresponding with the off line authentication mode that level of security is higher The parameter value of off line parameters for authentication second value is updated to by the first numerical value.
Wherein, holder's authentication mode is updated to more secure level, specially:Bluetooth intelligent card updates holder's certification List, more secure level is updated to by holder's authentication mode.More specifically, Bluetooth intelligent card updates the certification of holder second List, more secure level is updated to by the holder's authentication mode of itself.
The authentication list of holder second is updated, the holder's authentication mode of itself more secure level is updated to, specially: Holder's authentication mode mark in holder's authentication codes in the authentication list of holder second is updated to more secure level, Holder's authentication mode is updated to more secure level.
Wherein, terminal risk management is carried out according to terminal risk management mode, specially:Bluetooth intelligent card according to itself Trading limit carries out terminal risk management, obtains terminal risk management result;
Terminal risk management mode is updated into more secure level to be specially:Bluetooth intelligent card reduction trading limit.
In the present embodiment, also include after step s31:Transaction Information of the Bluetooth intelligent card in trading instruction judges Dealing money in no display Transaction Information, if it is not, then performing step s32;If it is, display dealing money, waits stand-by Family confirms, if after user's confirmation is detected in the first Preset Time, performing step s32;If in the first Preset Time User's confirmation is not detected, then Bluetooth intelligent card display error message, error message is returned to mobile terminal;
If Trading Authorization result is refused for transaction, also include:Bluetooth intelligent card display refusal Transaction Information.
In the present embodiment, step s34 can be specially:Bluetooth intelligent card points out the online PIN of user input, if pre- second If getting the online PIN of user input in the time, then according to the holder's authentication mode for including being input into online PIN to holder Verified, obtained holder's the result, terminal authentication result is updated according to holder's the result;If when second is default The interior online PIN for not getting user input, then holder's the result is holder's authentication failed, is tested according to holder Card result updates terminal authentication result;
The also online PIN including user input in transaction message.
In the present embodiment, also include in step s31:Bluetooth intelligent card is by the number on all bits of terminal authentication result According to being initialized as the first numerical value;Correspondingly, terminal authentication result is updated according to off line authentication result, specially:If off line certification Result is authentification failure, and the data on the off line certification risk bit in terminal authentication result are updated into second value, is obtained Terminal authentication result after to renewal;
Terminal authentication result is updated according to holder's the result, specially:If holder's the result is tested for holder Card failure, then be updated to second value by the data on the holder's checking risk bit in terminal authentication result, obtains more Terminal authentication result after new;
Terminal authentication result is updated according to terminal risk management result, specially:In Bluetooth intelligent card detection trading instruction Dealing money whether exceed trading limit, if so, then by the number on the risk management risk bit in terminal authentication result According to being updated to second value.
In the present embodiment, terminal authentication result is updated according to off line authentication result, can also be specially:If off line certification knot Fruit is authentification failure, and the data on the off line certification risk bit in terminal authentication result are updated into second value, is obtained Terminal authentication result after renewal;If off line authentication result is certification success, by the off line certification risk in terminal authentication result Data on bit are updated to the first numerical value, the terminal authentication result after being updated;
Terminal authentication result is updated according to holder's the result, can also be specially:If holder's the result is to hold Card people's authentication failed, then be updated to second value by the data on the holder's checking risk bit in terminal authentication result, Terminal authentication result after being updated;If holder's the result is proved to be successful for holder, by terminal authentication result Holder checking risk bit on data be updated to the first numerical value, the terminal authentication result after being updated;
Terminal authentication result is updated according to terminal risk management result, can also be specially:Bluetooth intelligent card detection transaction Whether the dealing money in instruction exceedes trading limit, if so, then by the risk management risk bit in terminal authentication result On data be updated to second value;Otherwise, the data on the risk management risk bit in terminal authentication result are updated It is the first numerical value.
Further, if Bluetooth intelligent card judges there is transaction risk according to the trading instruction, by stand-by mode of concluding the business Step s3 is performed after being updated to more secure level, step s4 is performed after step s3;Then terminal behavior code can be it is default, The data on bit corresponding with off line certification risk bit in terminal behavior code are second value;Terminal behavior generation The data on bit corresponding with holder's checking risk bit in code are second value;In terminal behavior code with Data on the corresponding bit of risk management risk bit are second value.
Further, in this example, the terminal behavior code of itself is updated, specially:By in terminal behavior code with Data on off line certification risk bit, on holder's checking risk bit and on risk management risk bit are second In the corresponding bit of bit of numerical value, the data at least one bit are updated to second value.
Further, in this example, the terminal behavior code of itself is updated, can also be specially:By terminal behavior code In with off line certification risk bit, holder's checking risk bit and the corresponding bit of risk management risk bit On data be updated to second value.
In the present embodiment, off line certification risk bit includes:7th bit of the first character section of terminal authentication result Position, the 4th bit and the 3rd bit;
Holder's the result risk bit includes:3rd the 8th bit of byte of terminal authentication result;
Risk management risk bit includes:4th the 8th bit of byte of terminal authentication result.
In the present embodiment, Bluetooth intelligent card can include IC chip and MPOS chips;Correspondingly:
Step s1 is specially:MPOS chips set up bluetooth connection with mobile terminal;
Step s2 is specially:MPOS chips receive the trading instruction from mobile terminal by Bluetooth channels;
Step s3 is specially:MPOS chips send transaction preparation instruction to IC chip, receive the transaction from IC chip accurate Standby response;MPOS chips are traded preparation and obtain transaction preparation result according to the transaction stand-by mode of itself, accurate according to transaction Standby result updates terminal authentication result;
Wherein, transaction stand-by mode includes:Off line authentication mode, treatment limitation mode, holder's authentication mode and terminal Risk management mode, step s3 is specifically included:
Step w1:MPOS chips send selection application instruction to IC chip;
Step w2:IC chip is according to selection application instruction selection application;
Step w3:IC chip sends selection application success response to MPOS chips;
Step w4:MPOS chips send to IC chip and apply initialization directive;
Step w5:The application that IC chip initialization has been selected;
Step w6:IC chip returns to application initialization successful respond to MPOS chips;
Step w7:MPOS chips send reading application recording instruction to IC chip;
Step w8:IC chip reads application record;
Step w9:IC chip returns to read record successful respond to MPOS chips;
Step w10:MPOS chips send off line certification and instruct to IC chip, and receiving the off line certification from IC chip should Answer, off line authentication result is obtained according to off line certification response, terminal authentication result is updated according to off line authentication result;
Step w11:MPOS chips carry out treatment limitation and obtain treatment limitation result, root according to the treatment of itself limitation mode Terminal authentication result is updated according to treatment limitation result;
Step w12:MPOS chips obtain the holder's authentication mode of itself according to read record successful respond;According to itself Holder's authentication mode verifies to holder, holder's the result is obtained, according to holder's the result more new terminal The result;
Step w13:MPOS chips carry out terminal risk management according to the terminal risk management mode of itself, obtain terminal wind Danger management result, terminal authentication result is updated according to risk management result.
Step s4 is specially:MPOS chips carry out behavioural analysis according to terminal authentication result and the terminal behavior code of itself Behavioural analysis result is obtained, if behavioural analysis result is authorization requests ciphertext, it is online process to set Trading Authorization result, is held Row step s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, blue-tooth intelligence Card Rejections are concluded the business, and are terminated;
Wherein, behavioural analysis is carried out according to terminal authentication result and the terminal behavior code of itself, obtains behavioural analysis knot Really, specifically include:
Step t1:MPOS chips enter the data on the terminal authentication result bit corresponding with terminal behavior code Row computing, obtains operation result, is analysis result according to operation result line;
Step t2:MPOS chips send request application cryptogram and instruct according to terminal behavior analysis result to IC chip;
Step t3:IC chip carries out card behavioural analysis, obtains card behavior analysis result;
Step t4:IC chip sends card behavioural analysis result to MPOS chips;
Step t5:MPOS chips are using card behavior analysis result as behavioural analysis result.
Step s5 is specially:MPOS chips are sent by Bluetooth channels to mobile terminal includes Trading Authorization result and transaction The transaction message of the Transaction Information in instruction;
Step s6 is specially:MPOS chips receive the transaction response from mobile terminal by Bluetooth channels;
Step s7 is specially:MPOS chips are according to transaction response generation transaction record;
Step s8 is specially:MPOS chips send transaction record by Bluetooth channels to mobile terminal;Terminate;
Bluetooth intelligent card judges whether transaction risk according to the trading instruction, specially:MPOS chips are according to friendship Easily instruction judges whether transaction risk;
The transaction stand-by mode is updated to more secure level by Bluetooth intelligent card, specially:MPOS chips will conclude the business accurate Standby mode is updated to more secure level;
Bluetooth intelligent card updates the terminal behavior code of itself, specially:MPOS chips update the terminal behavior generation of itself Code.
Wherein, transaction stand-by mode is updated to more secure level by MPOS chips, specially:MPOS chips are by off line certification At least one of mode, treatment limitation mode, holder's authentication mode and terminal risk management mode are updated to safer level Not, step w1 is performed.
Further, read record successful respond includes:The authentication list of holder first, correspondingly, step w12 is specific For:If MPOS chips are judged in the absence of transaction risk, the holder first that will be received from IC chip according to trading instruction Authentication list as itself the authentication list of holder second and preserve, holding for itself is obtained according to the authentication list of holder second Card people's authentication mode, the holder's authentication mode according to itself is verified to holder;If MPOS chips are according to trading instruction Judge there is transaction risk, then the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to itself Holder's authentication mode holder is verified.
Further, the holder's authentication mode of itself is updated to more secure level by MPOS chips, specially:MPOS Chip updates the authentication list of holder second, and the holder's authentication mode of itself is updated into more secure level.
Yet further, MPOS chips update the authentication list of holder second, and holder's authentication mode is updated to more to pacify Full rank, specially:By the holder's authentication mode mark in the holder's authentication codes in the authentication list of holder second more It is newly more secure level, holder's authentication mode is updated to more secure level.
It should be noted that, in the present embodiment, the bluetooth communication between Bluetooth intelligent card and mobile terminal can be, but not limited to Realized by the bluetooth module of Bluetooth intelligent card itself.
Present embodiments provide a kind of method of blue-tooth intelligence card control transaction risk, there is provided a kind of Bluetooth intelligent card and The method of its control transaction risk, the Bluetooth intelligent card connects without can just complete financial transaction by financial terminal, and work as Receive after trading instruction, transaction risk is judged whether according to trading instruction, if there is risk, also include:Will transaction standard Standby mode is traded preparations again after being updated to more secure level, according to transaction prepare result renewal terminal behavior result and/or Person updates the terminal behavior code of itself before carrying out behavioural analysis;Entered according to terminal authentication result and terminal behavior code afterwards Row behavioural analysis obtains behavioural analysis result, and on-line transaction is judged whether to according to behavioural analysis result, improves transaction Security and convenience.
Embodiment 2
A kind of method of blue-tooth intelligence card control transaction risk is present embodiments provided, as shown in Fig. 2 including:
Step 101:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
In the present embodiment, mobile terminal can be, but not limited to be mobile phone.
Step 102:Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels;
For example, Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00 39 00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06 12 34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F 65 04 01 04 00 04。
Step 103:Bluetooth intelligent card obtains air control data and Transaction Information from trading instruction;
In the present embodiment, air control data for blue-tooth intelligence be stuck in perform process of exchange in risk control data, can with but It is not limited to include:The hardware sequence number of mobile terminal, the communication number of mobile terminal, the Bluetooth MAC address of mobile terminal, movement The IP address of terminal, the WIFI connection names of mobile terminal, the operating system version number of mobile terminal, dealing money, the day of trade At least one in the information such as phase, exchange hour or type of transaction.
In the present embodiment, Transaction Information includes dealing money, trade date, exchange hour and information etc. type of transaction.
This step can be specially:Bluetooth intelligent card obtains dealing money, trade date, exchange hour from trading instruction And type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and by dealing money, hand over At least one information in easy date, exchange hour and type of transaction is used as air control data.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from trading instruction Air control data are obtained in data in addition to Transaction Information.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from Transaction Information and Air control data are obtained in the data in addition to Transaction Information in trading instruction.
For example, Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00 39 00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06 12 34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F 65 04 01 04 00 04, Bluetooth intelligent card is obtained in the 6th to the 11st byte in trading instruction from trading instruction Data " 00 00 00 00 00 00 ", as dealing money;The data " 00 " in the 12nd byte are obtained, and is made It is type of transaction;The data " 15 12 24 " in the 13rd to the 15th byte are obtained, and as trade date;Obtain the Data " 17 09 28 " in 16 to the 18th bytes, and as exchange hour;Obtain the first default mark " 1F 61 ", the data " 06 " on first character section and after the first default mark, obtain first after the first default mark After data " 06 " in byte, length is the data " 13 81 11 11 23 4F " of " 06 " individual byte, and according to mobile whole The communication number form at end, by " 13811111234 " as mobile terminal communication number;Obtain the second default mark " 1F 62 ", the data " 06 " on first character section and after the second default mark, obtain first after the second default mark After data " 06 " in byte, length is the data " 12 34 56 78 9ABC " of " 06 " individual byte, by " 12 34 56 78 9A BC " are used as the Bluetooth MAC address of mobile terminal;The 3rd default mark " 1F 63 " is obtained, and the 3rd presets mark Data " 06 " on first character section afterwards, after the data " 06 " on first character section after the default mark of acquisition the 3rd , length is the data " 19 21 68 00 12 12 " of " 06 " individual byte, by " 19 21 68 00 12 12 " as mobile whole The IP address at end;Obtain the data on the first character section after the 4th default mark " 1F 64 ", and the 4th default mark " 07 ", obtains after the data " 07 " on the first character section after the 4th default mark, and length is the number of " 07 " individual byte According to " 66 65 69 74 69 61 6E ", by " 66 65 69 74 69 61 6E " as mobile terminal WIFI connection names; The data " 04 " on the first character section after the 5th default mark " 1F 63 ", and the 5th default mark are obtained, the 5th is obtained After the data " 04 " on first character section after default mark, length is the data " 01 04 00 of " 04 " individual byte 04 ", by " 01 04 00 04 " as mobile terminal operating system version number, and by the communication number of mobile terminal, it is mobile eventually The operating system version of the Bluetooth MAC address at end, the IP address of mobile terminal, the WIFI connection names of mobile terminal and mobile terminal This number used as air control data.
Step 104:Bluetooth intelligent card judged with the presence or absence of data in scratchpad area (SPA), if it is, by scratchpad area (SPA) In data as air control historical data, perform step 117;Otherwise, Bluetooth intelligent card is by air control data Cun Chudao interim storages Area, performs step 105;
For example:If Bluetooth intelligent card is judged for the scratchpad area (SPA) for preserving air control historical data in the absence of data, bluetooth Smart card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth of mobile terminal MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal;Storage is interim Memory block, performs step 105.If Bluetooth intelligent card judges there are data for preserving the scratchpad area (SPA) of air control historical data, Bluetooth intelligent card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, mobile terminal Bluetooth MAC address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal operating system version " 01 04 00 04 " respectively as The sub- air control historical data of air control historical data:The history communication number " 13811111234 " of mobile terminal, mobile terminal are gone through History Bluetooth MAC address " 12 34 56 78 9A BC ", the history IP address " 19 21 68 00 12 12 " of mobile terminal, movement The history WIFI connection names " 66 65 69 74 69 61 6E " of terminal and the historical operation system version " 01 04 of mobile terminal 00 04”;Perform step 117.
Step 105:Bluetooth intelligent card selects to apply according to trading instruction;
Specifically, type of transaction selection application of the Bluetooth intelligent card in trading instruction.
In the present embodiment, type of transaction is on-line transaction, is specifically included:Main account remaining sum is looked into, is consumed, transferred accounts, circle is deposited. Correspondingly, Bluetooth intelligent card is according to the corresponding application of type of transaction selection.
Step 106:The application that blue-tooth intelligence card initialization has been selected;
In the present embodiment, also include in step 106:Bluetooth intelligent card initialization terminal the result;
Wherein, Bluetooth intelligent card initialization terminal the result is specially:Bluetooth intelligent card is by the institute of terminal authentication result It is 0 to have the data initialization on bit.
Step 107:Bluetooth intelligent card reads application record;
In the present embodiment, what Bluetooth intelligent card read includes the authentication list of holder first of itself using record.
For example, the record of applying that Bluetooth intelligent card reads includes that the authentication list of holder first of itself is “8E0A00000000000000001E03”。
Step 108:Bluetooth intelligent card carries out off line certification;
Specifically, off line parameters for authentication of the Bluetooth intelligent card in the terminal parameter of itself selects current off line authenticating party Formula, off line certification is carried out according to current off line authentication mode, obtains off line authentication result, according to off line authentication result more new terminal First byte of the result, the terminal authentication result after being updated.
Closer, off line parameters for authentication and off line authentication mode of the Bluetooth intelligent card in the terminal parameter of itself Level of security select current off line authentication mode, off line certification is carried out according to current off line authentication mode, obtain off line certification As a result, the first byte of terminal authentication result, the terminal authentication result after being updated are updated according to off line authentication result.
Specifically, Bluetooth intelligent card obtains static parameters for authentication in the terminal parameter of itself, dynamic authentication parameter and mixed Close parameters for authentication;If only one value of parameter is " 1 " in three parameters, will be with parameter value for the parameter of " 1 " is corresponding Off line authentication mode carries out off line certification as current off line authentication mode according to current off line authentication mode, obtains off line and recognizes Card result;Otherwise, will be with parameter value be for " 1 " and level of security parameter high is used as current off line authentication mode, according to current de- Machine authentication mode carries out off line certification, obtains off line authentication result, and the of terminal authentication result is updated according to off line authentication result One byte, the terminal authentication result after being updated.
In the present embodiment, off line parameters for authentication includes:Static parameters for authentication SDA, dynamic authentication parameter DDA and hybrid authentication Parameter CDA;Corresponding off line authentication mode is static certification, dynamic authentication and hybrid authentication respectively, and three kinds of authentication modes Level of security be:Hybrid authentication>Dynamic authentication>Static certification.
For example, Bluetooth intelligent card obtains static parameters for authentication SDA, dynamic authentication parameter DDA in the terminal parameter of itself With hybrid authentication parameter CDA, as SDA=1 and DDA=0 and CDA=0, Bluetooth intelligent card will be with static parameters for authentication SDA pairs The static authentication mode answered carries out off line certification as current off line authentication mode, obtains off line authentication result;Work as SDA=1 And during DDA=1 and CDA=0, Bluetooth intelligent card is by parameter value is for " 1 " and level of security dynamic authentication parameter DDA high is corresponding Dynamic authentication mode carries out off line certification as current off line certification, obtains off line authentication result;As SDA=1 and DDA=1 And during CDA=1, parameter value is " 1 " and the level of security corresponding hybrid authentications of hybrid authentication parameter CDA high by Bluetooth intelligent card Mode carries out off line certification as current off line certification, off line authentication result is obtained, according to off line authentication result more new terminal First byte of the result, the terminal authentication result after being updated.
In this step, off line certification is carried out according to current off line authentication mode, obtain off line authentication result, recognized according to off line Card result updates the first byte of terminal authentication result, the terminal authentication result after being updated.Specially:According to current off line Authentication mode carries out off line certification, if certification success, by the 7th bit in the first byte of terminal authentication result Data be updated to " 0 ", the data on the 4th bit are updated to " 0 ", will be that data are updated to " 0 " on the 3rd bit. Off line certification is carried out according to current off line authentication mode, if authentification failure, by the 7th in the first byte of terminal authentication result It is that data are updated to " 1 " in data in data or the 4th bit or the 3rd bit on bit, after being updated Terminal authentication result.
For example:After off line certification and certification success is carried out according to static authentication mode, Bluetooth intelligent card is by terminal authentication The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit Data are updated to " 0 ", the data on the 4th bit are updated into " 0 ", will be that data are updated to " 0 " on the 3rd bit. The first character section " 00000000 " of the terminal authentication result after to renewal, i.e. hexadecimal data " 0x00 ", after being updated Terminal authentication result be:0x00 0x00 0x00 0x00 0x00.
Step 109:Bluetooth intelligent card carries out treatment limitation;
Specifically, Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, is updated eventually according to treatment limitation result Hold the second byte of the result, the terminal authentication result after being updated.
For example:Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, according to treatment limitation result more new terminal Second byte of the result, second byte " 00000000 " of the terminal authentication result after being updated, i.e. hexadecimal Data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 0x00 after being updated.
Step 110:Bluetooth intelligent card is verified to holder;
Specifically, Bluetooth intelligent card obtains current holder's authentication mode from the holder's authentication list of itself, according to Current holder's authentication mode verifies that acquisition holder's the result updates according to holder's the result to holder 3rd byte of terminal authentication result, the terminal authentication result after being updated.
It should be noted that, if in step 104 Bluetooth intelligent card be judged as NO or step 118 in Bluetooth intelligent card be judged as No, then Bluetooth intelligent card is judged in the absence of transaction risk, the then holder in the application record that Bluetooth intelligent card will read First authentication list as itself the authentication list of holder second and preserve, itself is obtained according to the authentication list of holder second Holder's authentication mode, the holder's authentication mode according to itself verifies to holder, obtains holder's the result, The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result;If step Bluetooth intelligent card is judged as YES in rapid 118, then Bluetooth intelligent card is according to judging there is transaction risk, then Bluetooth intelligent card according to The authentication list of holder second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself enters to holder Row checking, obtains holder's the result, and the 3rd byte of terminal authentication result is updated according to holder's the result, obtains Terminal authentication result after renewal.
More specifically, if in step 104 Bluetooth intelligent card be judged as NO or step 118 in Bluetooth intelligent card be judged as No, then Bluetooth intelligent card is judged in the absence of transaction risk, reset risk indicator position;If Bluetooth intelligent card judges in step 118 After being, then Bluetooth intelligent card is according to judging there is transaction risk, set risk indicator position.Correspondingly, step 110 is specific For:Whether Bluetooth intelligent card detection risk flag bit is set, if it is not, then during the application that Bluetooth intelligent card will read is recorded The authentication list of holder first as itself the authentication list of holder second and preserve, according to the authentication list of holder second The holder's authentication mode of itself is obtained, the holder's authentication mode according to itself is verified to holder, obtain holder The result, the 3rd byte of terminal authentication result, the terminal authentication after being updated are updated according to holder's the result As a result;If it is, Bluetooth intelligent card obtains the holder's authentication mode of itself according to the authentication list of holder second, according to certainly Holder's authentication mode of body verifies that acquisition holder's the result updates according to holder's the result to holder 3rd byte of terminal authentication result, the terminal authentication result after being updated.
Wherein, the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to the holder of itself Authentication mode verifies to holder, obtains holder's the result, specially:Bluetooth intelligent card is from the holder of itself In two authentication lists, the data after crossed joint are obtained, and according to the byte length of the data for getting, with each two byte One or more holder's authentication codes are obtained for unit divide, on the first character section from holder's authentication codes Data corresponding to binary data in, obtain binary data rear six number of bits according to and as holder's certification Mode is identified, and according to first the presets list, holder's authentication mode identifies corresponding holder's authentication mode before searching, and will It is verified to holder according to current holder's authentication mode as current holder's authentication mode, obtains holder and test Card result.
For example:Holder second authentication list " 8E0A00000000000000001E03 " of the Bluetooth intelligent card from itself In, the data " 1E03 " after acquisition crossed joint in the byte of (not including crossed joint) recognize " 1E03 " as holder Card code, the binary data " 00011110 " corresponding to data " 1E " from the first character section with holder's authentication codes In, after acquisition six number of bits according to " 011110 " and as holder's authentication mode mark, and according to as shown in table 1 the One the presets list, it is " signature " to search holder's authentication mode corresponding with holder's authentication mode mark " 011110 ", and will " signature " verifies that acquisition holds to holder as current holder's authentication mode according to current holder's authentication mode People's the result.
Table 1
In the present embodiment, it is preferable that the level of security of holder's authentication mode is in on-line transaction:Without certification<Signature< Online PIN checkings<Online PIN checkings+signature<Authentification failure.
In the present embodiment, verification mode can also be shown including holder's certificate in holder's authentication mode, its is corresponding Holder's authentication mode is designated 100000.It should be noted that, first the presets list as shown in table 1 is only that the present embodiment is provided A kind of performance holder authentication mode mark and holder's authentication mode between corresponding relation mode, the present invention in can represent The mode that holder's authentication mode identifies the corresponding relation and holder's authentication mode between can also have various, in the present embodiment not Repeat again.
In this step, holder is verified according to current holder's authentication mode, obtain holder's the result, root According to holder's the result update terminal authentication result the 3rd byte, the terminal authentication result after being updated, specially:
Holder is verified according to current holder's authentication mode, if holder is proved to be successful, terminal is tested The 3rd the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 0 ".If holder's authentication failed, will be eventually The data on the 3rd the highest-order bit of byte (the 8th bit) of the result are held to be updated to " 1 ", after being updated Terminal authentication result.
For example:When current holder's authentication mode is " signature " and after be proved to be successful, Bluetooth intelligent card would indicate that holder One the highest-order bit of the binary data of byte of the result (the 8th bit) is updated to " 0 ", the end after being updated Hold second byte " 00000000 " of the result, i.e. hexadecimal data " 0x00 ", the terminal authentication knot after being updated Fruit 0x00 0x00 0x00 0x00 0x00.
Step 111:Bluetooth intelligent card carries out terminal risk management;
Specifically, Bluetooth intelligent card carries out terminal risk management, terminal risk management result is obtained, according to risk management knot Fruit updates the 4th byte of terminal authentication result, the terminal authentication result after being updated.
More specifically, whether Bluetooth intelligent card detection dealing money exceedes trading limit, if it is, testing terminal if The 4th the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 1 ", otherwise, by the 4th of terminal authentication result the The highest-order bit (the 8th bit) of individual byte is updated to " 0 ".
For example, Bluetooth intelligent card detection dealing money 00 is no more than trading limit 5000, then by the of terminal authentication result Four the highest-order bit of byte (the 8th bit) are updated to " 0 ", the 4th word of the terminal authentication result after being updated Section " 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated 0x00。
In the present embodiment, trading limit is the top limit that Bluetooth intelligent card is supported transaction.
Step 112:Bluetooth intelligent card carries out behavioural analysis;Trading Authorization result is set;
Specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and default terminal behavior code (TAC), relatively The data on bit answered are carried out obtaining operation result with computing, and terminal behavior analysis result, root are obtained according to operation result Card behavioural analysis is carried out according to terminal behavior analysis result, card behavior analysis result is obtained, is set according to card behavior outcome Trading Authorization result.
Wherein, card behavior analysis result is authorization requests ciphertext (ARQC) or application authorization ciphertext (AAC).
More specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and default terminal behavior code (TAC), Data on corresponding bit carry out obtaining operation result with computing, if operation result is 0, set terminal analysis behavior Result is log-in treatment, and card behavioural analysis is carried out according to terminal behavior analysis result, obtains card behavior analysis result, Trading Authorization result is set according to card behavior analysis result;If operation result is non-zero, line is for analysis result Requests transaction is refused, and card behavioural analysis is carried out according to terminal behavior analysis result, and it is application to obtain card behavior analysis result Certification ciphertext (AAC), terminates Trading Authorization result for transaction is refused according to card behavior analysis result.
In the present embodiment, terminal authentication result includes 5 bytes, and terminal behavior code includes 5 bytes, terminal behavior generation The bit of each byte of code is corresponded with the bit of each byte of terminal authentication result.Preferably, default terminal 7th bit, the 4th bit, the 3rd bit, the 3rd of the first character section with terminal authentication result in behavior code Data on 8th bit of individual byte and the 4th corresponding bit of the 8th bit of byte are second value.
For example, the terminal authentication result after the renewal that obtains of Bluetooth intelligent card is 0x00 0x00 0x00 0x00 0x00, The corresponding binary data of terminal authentication result is 00,000,000 00,000,000 00,000,000 00,000,000 00000000, blue The default terminal behavior code of tooth smart card is 0x4c 0x00 0x80 0x80 0x00, the corresponding binary system of terminal behavior code Data are 01,001,100 00,000,000 10,000,000 10,000,000 00000000;Bluetooth intelligent card is by terminal authentication result Each bit of each byte bit corresponding with the terminal behavior code of itself each byte is carried out and computing, is obtained Behavioural analysis result be 0x00,0x00,0x00,0x00,0x00, line be analysis result be log-in treatment, Card behavioural analysis is carried out according to terminal behavior analysis result, the card behavior analysis result for obtaining is authorization requests ciphertext (ARQC) Trading Authorization result, is set to by online process " 0x02 " according to card behavior analysis result, step 113 is performed.
It should be noted that, in the present embodiment, terminal behavior code (TAC) is specially terminal behavior code (TAC)-refusal.
Step 113:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization result, Transaction Information With the transaction message of air control data;
Specifically, Bluetooth intelligent card is signed to air control data, obtains signature value, tissue include Trading Authorization result, The transaction message of Transaction Information, air control data and signature value, being sent to mobile terminal by Bluetooth channels includes Trading Authorization knot Really, the transaction message of Transaction Information, air control data and signature value.
For example:Bluetooth intelligent card tissue includes the transaction report of Trading Authorization result, Transaction Information, air control data and signature value Wen Hou, the transaction message for obtaining is:02 95 05 08 80 00 00 00 9a 03 15 12 24 9f 37 04 cb b9 32 b3 82 02 7c 00 9f 36 02 00 3b 9f 27 01 80 9f 26 08 b7 63 29 74 b0 98 77 92 9f 10 08 07 01 01 03 a4 b8 04 01 9f 34 03 41 03 02 9f 41 04 00 00 00 03 84 07 a0 00 00 03 33 01 01 9f 09 02 00 8c 9c 01 31 5f 2a 02 01 56 9f 1a 02 01 56 9f 03 06 00 00 00 00 00 00 9f 33 03 a0 c8 c8 9f 35 01 34 9f 1e 08 00 00 00 00 00 00 00 00 9f 02 06 00 00 00 00 00 00 7E 3E 01 C4 5E 05 B6 D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD 16 F5 44 68 E0 CE 87 0B DF 63 E2 39 E2 7A 1B 48 D8 9E AF 52 AA 6D 0C 7A 8A 21 08 DC F0 2A 7A 62 D1 44 F6 3B 10 81 7B 79 5C 5C 1C F8 2C 92 E0.Wherein, first character section " 02 " is Trading Authorization result, Represent online process;" 9f 02 06 00 00 00 00 00 00 " is dealing money, represents that dealing money is 0 yuan;“9a 03 15 12 24 " it is trade date, expression trade date is on December 24th, 2015.Wherein, " the B6 of 01 C4 5E of 7E 3E 05 D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD The E2 7A 1B of 16 F5,44 68 E0 CE, 87 0B DF, 63 E2 39 " are air control data;“48 D8 9E AF 52 AA 6D The E0 of 21 08 79 5C 5C 1C F8 2C of DC 10 81 7B of F0 2A 7A 62 D1,44 F6 3B of 0C 7A 8A 92 " are Signature value.
It should be noted that, Bluetooth intelligent card can also be signed before this step to air control data, be signed Value.
It should be noted that, if if Bluetooth intelligent card is tested holder according to online PIN verification modes in step 110 Card, the online PIN code of the user input also got including Bluetooth intelligent card in transaction message.
This step may be replaced by:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization knot Fruit and the transaction message of Transaction Information.
Step 114:Bluetooth intelligent card receives the transaction response from mobile terminal by Bluetooth channels;
Step 115:Bluetooth intelligent card is according to transaction response generation transaction record;
Step 116:Bluetooth intelligent card sends transaction record by Bluetooth channels to mobile terminal, terminates.
After mobile terminal receives the transaction record from Bluetooth intelligent card by Bluetooth channels, sent to server and handed over Easily record.
Step 117:Bluetooth intelligent card is calculated according to air control historical data and air control data, obtains air control index;
Specifically, Bluetooth intelligent card judges whether sub- air control data match with sub- air control historical data, if it is, will Air control index is set to " 0 ";Otherwise, sub- air control data and the sub- unmatched number of air control historical data are calculated, and divided by sub- wind The sum of data is controlled, air control index is obtained.
For example:Sub- air control historical data is respectively:History communication number " 13811111234 ", the movement of mobile terminal are eventually The history Bluetooth MAC address " 12 34 56 78 9A BC " at end, the history IP address " 19 21 68 00 12 of mobile terminal 12 ", the history WIFI connection names " 66 65 69 74 69 61 6E " and the historical operation system of mobile terminal of mobile terminal Version " 01 04 00 04 ";Sub- air control data are respectively:The communication number " 13811111234 " of mobile terminal, the indigo plant of mobile terminal Tooth MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal Operating system version " 01 04 00 04 " of WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal;Bluetooth intelligence Energy calorimeter operator air control data are 1 with the corresponding sub- unmatched number of air control historical data, and divided by the total of sub- air control data Number 5, obtains air control index 0.2.
Step 118:Whether Bluetooth intelligent card judges air control index more than the first risk threshold value, if it is, performing step 119;Otherwise, step 120 is performed;
For example:Bluetooth intelligent card judges that air control index 0.2, less than the first risk threshold value 0.5, performs step 120.
Step 119:Bluetooth intelligent card is by itself off line authentication mode or holder's authentication mode or trading limit At least one, it is updated to safer rank, return to step 105;
Specifically, Bluetooth intelligent card reduces trading limit or the off line parameters for authentication in terminal parameter by off line certification Mode is updated to level of security off line authentication mode higher by the relatively low off line authentication mode of level of security;Or renewal holds The authentication list of people second, more secure level is updated to by holder's authentication mode.
In this step, trading limit is updated to more secure level, specially:Bluetooth intelligent card reduction trading limit, example Such as:Trading limit is reduced to 1000 yuan by Bluetooth intelligent card by 5000 yuan.
Wherein, the off line parameters for authentication in terminal parameter is recognized off line authentication mode by the relatively low off line of level of security Card mode is updated to level of security off line authentication mode higher, specially:By the off line authentication mode higher with level of security The parameter value of corresponding parameter is updated to " 1 " by " 0 ".
For example:As SDA=1 and DDA=0 and CDA=0, DDA by 0 is updated to 1 and/or CDA is updated to 1 by 0; As SDA=1 and DDA=1 and CDA=0, CDA is updated to 1 by 0;As SDA=0 and DDA=1 and CDA=0, by CDA by 0 is updated to 1.
Wherein, the authentication list of holder second is updated, holder's authentication mode more secure level is updated to, specially: Holder's authentication mode in holder's authentication codes in the authentication list of holder second is identified, more secure level is updated to, Holder's authentication mode is updated to more secure level.
For example, when the authentication list of holder second is " 8E0A00000000000000001E03 ", by holder's certification generation Holder's certification mark in code " 1E03 " is updated to " 000011 " by " 011110 ", so that by holder's authentication mode by signing Mode is updated to the online PIN checkings+signature scheme of level of security input higher;Correspondingly, the holder's certification generation after renewal Code is " 0303 ", and the authentication list of holder second is " 8E0A00000000000000000303 ", correspondingly, step after renewal Specifically included in 110:Bluetooth intelligent card points out the online pin of user input and signature, if in the second Preset Time and preset times The interior online pin of user input and signature, Bluetooth intelligent card are tested holder according to the online pin and signature of user input Card, if user is not input into online pin and signature in the second Preset Time or in preset times, Bluetooth intelligent card is judged to hold People's authentification failure.
It should be noted that, in the present embodiment, if the off line authentication mode of Bluetooth intelligent card, holder's authentication mode and transaction Limit is most level of security, then after being judged as YES in step 118, the direct return to step 105 of Bluetooth intelligent card.
Step 120:Bluetooth intelligent card by air control data Cun Chudao scratchpad area (SPA)s, return to step 105;
Specifically, be used for for air control data Cun Chudao in the scratchpad area (SPA) for preserve air control historical data by Bluetooth intelligent card.
The present embodiment additionally provides a kind of method of blue-tooth intelligence card control transaction risk, as shown in figure 3, including:
Step 201:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
In the present embodiment, mobile terminal can be, but not limited to be mobile phone.
Step 202:Mobile terminal sends trading instruction by Bluetooth channels to Bluetooth intelligent card;
Step 203:Bluetooth intelligent card obtains air control data and Transaction Information from trading instruction;
In the present embodiment, air control data for blue-tooth intelligence be stuck in perform process of exchange in risk control data, can with but It is not limited to include:The hardware sequence number of mobile terminal, the communication number of mobile terminal, the Bluetooth MAC address of mobile terminal, movement The IP address of terminal, the WIFI connection names of mobile terminal, the operating system version number of mobile terminal, dealing money, the day of trade At least one in the information such as phase, exchange hour or type of transaction.
In the present embodiment, Transaction Information includes dealing money, trade date, exchange hour and information etc. type of transaction.
This step can be specially:Bluetooth intelligent card obtains dealing money, trade date, exchange hour from trading instruction And type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and by dealing money, hand over At least one information in easy date, exchange hour and type of transaction is used as air control data.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from trading instruction Air control data are obtained in data in addition to Transaction Information.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from Transaction Information and Air control data are obtained in the data in addition to Transaction Information in trading instruction.
For example, Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00 39 00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06 12 34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F 65 04 01 04 00 04, Bluetooth intelligent card is obtained in the 6th to the 11st byte in trading instruction from trading instruction Data " 00 00 00 00 00 00 ", as dealing money;The data " 00 " in the 12nd byte are obtained, and is made It is type of transaction;The data " 15 12 24 " in the 13rd to the 15th byte are obtained, and as trade date;Obtain the Data " 17 09 28 " in 16 to the 18th bytes, and as exchange hour;Obtain the first default mark " 1F 61 ", the data " 06 " on first character section and after the first default mark, obtain first after the first default mark After data " 06 " in byte, length is the data " 13 81 11 11 23 4F " of " 06 " individual byte, and according to mobile whole The communication number form at end, by " 13811111234 " as mobile terminal communication number;Obtain the second default mark " 1F 62 ", the data " 06 " on first character section and after the second default mark, obtain first after the second default mark After data " 06 " in byte, length is the data " 12 34 56 78 9A BC " of " 06 " individual byte, by " 12 34 56 78 9A BC " are used as the Bluetooth MAC address of mobile terminal;The 3rd default mark " 1F 63 " is obtained, and the 3rd presets mark Data " 06 " on first character section afterwards, after the data " 06 " on first character section after the default mark of acquisition the 3rd , length is the data " 19 21 68 00 12 12 " of " 06 " individual byte, by " 19 21 68 00 12 12 " as mobile whole The IP address at end;Obtain the data on the first character section after the 4th default mark " 1F 64 ", and the 4th default mark " 07 ", obtains after the data " 07 " on the first character section after the 4th default mark, and length is the number of " 07 " individual byte According to " 66 65 69 74 69 61 6E ", by " 66 65 69 74 69 61 6E " as mobile terminal WIFI connection names; The data " 04 " on the first character section after the 5th default mark " 1F 63 ", and the 5th default mark are obtained, the 5th is obtained After the data " 04 " on first character section after default mark, length is the data " 01 04 00 of " 04 " individual byte 04 ", by " 01 04 00 04 " as mobile terminal operating system version number, and by the communication number of mobile terminal, it is mobile eventually The operating system version of the Bluetooth MAC address at end, the IP address of mobile terminal, the WIFI connection names of mobile terminal and mobile terminal This number used as air control data.
Step 204:Bluetooth intelligent card judged with the presence or absence of data in scratchpad area (SPA), if it is, by scratchpad area (SPA) In data as air control historical data, perform step 223;Otherwise, Bluetooth intelligent card is by air control data Cun Chudao interim storages Area, performs step 205;
For example:If Bluetooth intelligent card is judged for the scratchpad area (SPA) for preserving air control historical data in the absence of data, bluetooth Smart card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth of mobile terminal MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal,;Storage is interim Memory block, performs step 205.If Bluetooth intelligent card judges there are data for preserving the scratchpad area (SPA) of air control historical data, Bluetooth intelligent card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, mobile terminal Bluetooth MAC address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal operating system version " 01 04 00 04 " respectively as The sub- air control historical data of air control historical data:The history communication number " 13811111234 " of mobile terminal, mobile terminal are gone through History Bluetooth MAC address " 12 34 56 78 9A BC ", the history IP address " 19 21 68 00 12 12 " of mobile terminal, movement The history WIFI connection names " 66 65 69 74 69 61 6E " of terminal and the historical operation system version " 01 04 of mobile terminal 00 04”;Perform step 223.
Step 205:Bluetooth intelligent card selects to apply according to trading instruction;
Specifically, type of transaction selection application of the Bluetooth intelligent card in trading instruction.
In the present embodiment, type of transaction is on-line transaction, is specifically included:Main account remaining sum is looked into, is consumed, transferred accounts, circle is deposited. Correspondingly, Bluetooth intelligent card is according to the corresponding application of type of transaction selection.
Step 206:The application that blue-tooth intelligence card initialization has been selected;
In the present embodiment, also include in step 206:Bluetooth intelligent card initialization terminal the result;
Wherein, Bluetooth intelligent card initialization terminal the result is specially:Bluetooth intelligent card is by the institute of terminal authentication result It is 0 to have the data initialization on bit.
Step 207:Bluetooth intelligent card reads application record;
In the present embodiment, what Bluetooth intelligent card read includes the authentication list of holder first of itself using record.
For example, the record of applying that Bluetooth intelligent card reads includes that the authentication list of holder first of itself is “8E0A00000000000000001E03”。
Step 208:Bluetooth intelligent card carries out off line certification;
Specifically, off line parameters for authentication of the Bluetooth intelligent card in the terminal parameter of itself selects current off line authenticating party Formula, off line certification is carried out according to current off line authentication mode, obtains off line authentication result, according to off line authentication result more new terminal First byte of the result, the terminal authentication result after being updated.
Closer, off line parameters for authentication and off line authentication mode of the Bluetooth intelligent card in the terminal parameter of itself Level of security select current off line authentication mode, current off line certification is carried out according to current off line authentication mode, obtain off line Authentication result, the first byte of terminal authentication result, the terminal authentication result after being updated are updated according to off line authentication result.
Specifically, Bluetooth intelligent card obtains static parameters for authentication in the terminal parameter of itself, dynamic authentication parameter and mixed Close parameters for authentication;If only one value of parameter is " 1 " in three parameters, will be with parameter value for the parameter of " 1 " is corresponding Off line authentication mode carries out off line certification as current off line authentication mode according to current off line authentication mode, obtains off line and recognizes Card result;Otherwise, will be with parameter value be for " 1 " and level of security parameter high is used as current off line authentication mode, according to current de- Machine authentication mode carries out off line certification, obtains off line authentication result, and the of terminal authentication result is updated according to off line authentication result One byte, the terminal authentication result after being updated.
In the present embodiment, off line parameters for authentication includes:Static parameters for authentication SDA, dynamic authentication parameter DDA and hybrid authentication Parameter CDA;Corresponding off line authentication mode is static certification, dynamic authentication and hybrid authentication respectively, and three kinds of authentication modes Level of security be:Hybrid authentication>Dynamic authentication>Static certification.
For example, Bluetooth intelligent card obtains static parameters for authentication SDA, dynamic authentication parameter DDA in the terminal parameter of itself With hybrid authentication parameter CDA, as SDA=1 and DDA=0 and CDA=0, Bluetooth intelligent card will be with static parameters for authentication SDA pairs The static authentication mode answered carries out off line certification as current off line authentication mode, obtains off line authentication result;Work as SDA=1 And during DDA=1 and CDA=0, Bluetooth intelligent card is by parameter value is for " 1 " and level of security dynamic authentication parameter DDA high is corresponding Dynamic authentication mode carries out off line certification as current off line certification, obtains off line authentication result;As SDA=1 and DDA=1 And during CDA=1, parameter value is " 1 " and the level of security corresponding hybrid authentications of hybrid authentication parameter CDA high by Bluetooth intelligent card Mode carries out off line certification as current off line certification, off line authentication result is obtained, according to off line authentication result more new terminal First byte of the result, the terminal authentication result after being updated.
In this step, off line certification is carried out according to current off line authentication mode, obtain off line authentication result, recognized according to off line Card result updates the first byte of terminal authentication result, specially:Off line certification is carried out according to current off line authentication mode, if Off line certification success, then update the data on the highest-order bit (the 8th bit) in the first byte of terminal authentication result It is " 0 ";And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to " 0 ", are compared the 3rd It is that data are updated to " 0 " on special position.Off line certification is carried out according to current off line authentication mode, if authentification failure, by terminal authentication The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit It is that data are updated to " 1 " in data or the 3rd bit in data or the 4th bit.
For example:After off line certification and certification success is carried out according to dynamic authentication mode, Bluetooth intelligent card is by terminal authentication The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit Data are updated to " 0 ", the data on the 4th bit are updated into " 0 ", will be that data are updated to " 0 " on the 3rd bit. The first character section " 00000000 " of the terminal authentication result after to renewal, i.e., after hexadecimal data " 0x00 " is updated Terminal authentication result is:0x00 0x00 0x00 0x00 0x00.
Step 209:Bluetooth intelligent card carries out treatment limitation;
Specifically, Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, is updated eventually according to treatment limitation result Hold the second byte of the result, the terminal authentication result after being updated.
For example:Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, according to treatment limitation result more new terminal Second byte of the result, second byte " 00000000 " of the terminal authentication result after being updated, i.e. hexadecimal Data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 0x00 after being updated.
Step 210:Bluetooth intelligent card is verified to holder;
Specifically, Bluetooth intelligent card obtains current holder's authentication mode from the holder's authentication list of itself, according to Current holder's authentication mode verifies that acquisition holder's the result updates according to holder's the result to holder 3rd byte of terminal authentication result, the terminal authentication result after being updated.
It should be noted that, if in step 204 Bluetooth intelligent card be judged as NO or step 224 in Bluetooth intelligent card be judged as No, then Bluetooth intelligent card is judged in the absence of transaction risk, the then holder in the application record that Bluetooth intelligent card will read First authentication list as itself the authentication list of holder second and preserve, itself is obtained according to the authentication list of holder second Holder's authentication mode, the holder's authentication mode according to itself verifies to holder, obtains holder's the result, The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result;If step Bluetooth intelligent card is judged as YES in rapid 224, then Bluetooth intelligent card is according to judging there is transaction risk, then Bluetooth intelligent card according to The authentication list of holder second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself enters to holder Row checking, obtains holder's the result, and the 3rd byte of terminal authentication result is updated according to holder's the result, obtains Terminal authentication result after renewal.
More specifically, if in step 204 Bluetooth intelligent card be judged as NO or step 224 in Bluetooth intelligent card be judged as No, then Bluetooth intelligent card is judged in the absence of transaction risk, reset risk indicator position;If Bluetooth intelligent card judges in step 224 After being, then Bluetooth intelligent card is according to judging there is transaction risk, set risk indicator position.Correspondingly, step 210 is specific For:Whether Bluetooth intelligent card detection risk flag bit is set, if it is not, then during the application that Bluetooth intelligent card will read is recorded The authentication list of holder first as itself the authentication list of holder second and preserve, according to the authentication list of holder second The holder's authentication mode of itself is obtained, the holder's authentication mode according to itself is verified to holder, obtain holder The result, the 3rd byte of terminal authentication result, the terminal authentication after being updated are updated according to holder's the result As a result;If it is, Bluetooth intelligent card obtains the holder's authentication mode of itself according to the authentication list of holder second, according to certainly Holder's authentication mode of body verifies that acquisition holder's the result updates according to holder's the result to holder 3rd byte of terminal authentication result, the terminal authentication result after being updated.
Wherein, the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to the holder of itself Authentication mode verifies to holder, obtains holder's the result, specially:Bluetooth intelligent card is from the holder of itself In two authentication lists, the data after crossed joint are obtained, and according to the byte length of the data for getting, with each two byte One or more holder's authentication codes are obtained for unit divide, on the first character section from holder's authentication codes Data corresponding to binary data in, obtain binary data rear six number of bits according to and as holder's certification Mode is identified, and according to first the presets list, holder's authentication mode identifies corresponding holder's authentication mode before searching, and will It is verified to holder according to current holder's authentication mode as current holder's authentication mode, obtains holder and test Card result, the 3rd byte of terminal authentication result, the terminal authentication knot after being updated are updated according to holder's the result Really.
For example:Bluetooth intelligent card is from the authentication list of holder second of itself " 8E0A00000000000000001E03 ", the data after acquisition crossed joint in the byte of (not including crossed joint) " 1E03 ", by " 1E03 " as holder's authentication codes, the data " 1E " from the first character section with holder's authentication codes In corresponding binary data " 00011110 ", six number of bits are according to " 011110 " and as holder's certification after acquisition Mode is identified, and according to first the presets list as shown in table 1, is searched corresponding with holder's authentication mode mark " 011110 " Holder's authentication mode is " signature ", and by " signature " as current holder's authentication mode, according to current holder's authenticating party Formula verifies to holder, obtains holder's the result.In this step, according to current holder's authentication mode to holder Verified, obtained holder's the result, the 3rd byte of terminal authentication result, tool are updated according to holder's the result Body is:
Holder is verified according to current holder's authentication mode, if holder is proved to be successful, terminal is tested The 3rd the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 0 ".If holder's authentication failed, will be eventually The data on the 3rd the highest-order bit of byte (the 8th bit) of the result are held to be updated to " 1 ".
For example:When current holder's authentication mode is " signature " and after be proved to be successful, Bluetooth intelligent card would indicate that holder One the highest-order bit of the binary data of byte of the result (the 8th bit) to the 4th bit is updated to " 0 ", 3rd bit is updated to " 0 ", second byte " 00000000 " of the terminal authentication result after being updated, i.e., ten six enter Data " 0x00 " processed, the terminal authentication result after being updated, 0x00 0x00 0x00 0x00 0x00.
Step 211:Bluetooth intelligent card carries out terminal risk management;
Specifically, Bluetooth intelligent card carries out terminal risk management, terminal risk management result is obtained, according to risk management knot Fruit updates the 4th byte of terminal authentication result, the terminal authentication result after being updated.
More specifically, whether Bluetooth intelligent card detection dealing money exceedes trading limit, if it is, testing terminal if The 4th the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 1 ", otherwise, by the 4th of terminal authentication result the The highest-order bit (the 8th bit) of individual byte is updated to " 0 ".
For example, Bluetooth intelligent card detection dealing money 00 is no more than trading limit 5000, then by the of terminal authentication result Four the highest-order bit of byte (the 8th bit) are updated to " 0 ", the 4th word of the terminal authentication result after being updated Section " 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated 0x00。
In the present embodiment, trading limit is the top limit that Bluetooth intelligent card is supported single transaction.
Step 212:Bluetooth intelligent card carries out behavioural analysis;Trading Authorization result is set;
Specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and default terminal behavior code (TAC), relatively The data on bit answered are carried out obtaining operation result with computing, and terminal behavior analysis result, root are obtained according to operation result Card behavioural analysis is carried out according to terminal behavior analysis result, card behavior analysis result is obtained, is set according to card behavior outcome Trading Authorization result.
Wherein, card behavior analysis result is authorization requests ciphertext (ARQC) or application authorization ciphertext (AAC).
More specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and default terminal behavior code (TAC), Data on corresponding bit carry out obtaining operation result with computing, if operation result is 0, set terminal analysis behavior Result is log-in treatment, and card behavioural analysis is carried out according to terminal behavior analysis result, obtains card behavior analysis result, Trading Authorization result is set according to card behavior analysis result;If operation result is non-zero, line is for analysis result Requests transaction is refused, and card behavioural analysis is carried out according to terminal behavior analysis result, and it is application to obtain card behavior analysis result Certification ciphertext (AAC), terminates Trading Authorization result for transaction is refused according to card behavior analysis result.
For example, the terminal authentication result after the renewal that obtains of Bluetooth intelligent card is 0x00 0x00 0x00 0x00 0x00, The corresponding binary data of terminal authentication result is 00,000,000 00,000,000 00,000,000 00,000,000 00000000, blue The default terminal behavior code of tooth smart card is 0x4c 0x00 0x80 0x80 0x00, the corresponding binary system of terminal behavior code Data are 01,001,100 00,000,000 10,000,000 10,000,000 00000000;Bluetooth intelligent card is by terminal authentication result Each bit of each byte bit corresponding with the terminal behavior code of itself each byte is carried out and computing, is obtained Behavioural analysis result be 0x00,0x00,0x00,0x00,0x00, line be analysis result be log-in treatment, Card behavioural analysis is carried out according to terminal behavior analysis result, the card behavior analysis result for obtaining is authorization requests ciphertext (ARQC) Trading Authorization result, is set to by online process " 0x02 " according to card behavior analysis result, step 213 is performed.
In the present embodiment, terminal authentication result includes 5 bytes, and terminal behavior code includes 5 bytes, terminal behavior generation The bit of each byte of code is corresponded with the bit of each byte of terminal authentication result.
Step 213:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization result, Transaction Information With the transaction message of air control data;
Specifically, Bluetooth intelligent card is signed to air control data, obtains signature value, tissue include Trading Authorization result, The transaction message of Transaction Information, air control data and signature value, being sent to mobile terminal by Bluetooth channels includes Trading Authorization knot Really, the transaction message of Transaction Information, air control data and signature value.
For example:Bluetooth intelligent card tissue includes the transaction report of Trading Authorization result, Transaction Information, air control data and signature value Wen Hou, the transaction message for obtaining is:02 95 05 08 80 00 00 00 9a 03 15 12 24 9f 37 04 cb b9 32 b3 82 02 7c 00 9f 36 02 00 3b 9f 27 01 80 9f 26 08 b7 63 29 74 b0 98 77 92 9f 10 08 07 01 01 03 a4 b8 04 01 9f 34 03 41 03 02 9f 41 04 00 00 00 03 84 07 a0 00 00 03 33 01 01 9f 09 02 00 8c 9c 01 31 5f 2a 02 01 56 9f 1a 02 01 56 9f 03 06 00 00 00 00 00 00 9f 33 03 a0 c8 c8 9f 35 01 34 9f 1e 08 00 00 00 00 00 00 00 00 9f 02 06 00 00 00 00 00 00 7E 3E 01 C4 5E 05 B6 D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD 16 F5 44 68 E0 CE 87 0B DF 63 E2 39 E2 7A 1B 48 D8 9E AF 52 AA 6D 0C 7A 8A 21 08 DC F0 2A 7A 62 D1 44 F6 3B 10 81 7B 79 5C 5C 1C F8 2C 92 E0.Wherein, first character section " 02 " is Trading Authorization result, Represent online process;" 9f 02 06 00 00 00 00 00 00 " is dealing money, represents that dealing money is 0 yuan;“9a 03 15 12 24 " it is trade date, expression trade date is on December 24th, 2015.Wherein, " the B6 of 01 C4 5E of 7E 3E 05 D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD The E2 7A 1B of 16 F5,44 68 E0 CE, 87 0B DF, 63 E2 39 " are air control data;“48 D8 9E AF 52 AA 6D The E0 of 21 08 79 5C 5C 1C F8 2C of DC 10 81 7B of F0 2A 7A 62 D1,44 F6 3B of 0C 7A 8A 92 " are Signature value.
It should be noted that, Bluetooth intelligent card can also be signed before this step to air control data, be signed Value.
It should be noted that, if if Bluetooth intelligent card is tested holder according to online PIN verification modes in step 210 Card, the online PIN code of the user input also got including Bluetooth intelligent card in transaction message.
This step may be replaced by:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization knot Fruit and the transaction message of Transaction Information.
Step 214:Mobile terminal is according to the online message of transaction message tissue;
Step 215:Mobile terminal sends online message to server;
Step 216:Server carries out risk management according to online message, obtains risk management result;
Step 217:Server is according to the transaction response of risk management result tissue;
Step 218:Server sends transaction response to mobile terminal;
Step 219:Mobile terminal sends transaction response by Bluetooth channels to Bluetooth intelligent card;
Step 220:Bluetooth intelligent card is according to transaction response generation transaction record;
Step 221:Bluetooth intelligent card sends transaction record by Bluetooth channels to mobile terminal;
Step 222:Mobile terminal completes transaction according to transaction record.
Step 223:Bluetooth intelligent card is calculated according to air control historical data and air control data, obtains air control index;
Specifically, Bluetooth intelligent card judges whether sub- air control data match with sub- air control historical data, if it is, will Air control index is set to " 0 ";Otherwise, sub- air control data and the sub- unmatched number of air control historical data are calculated, and divided by sub- wind The sum of data is controlled, air control index is obtained.
For example:Sub- air control historical data is respectively:History communication number " 13811111234 ", the movement of mobile terminal are eventually The history Bluetooth MAC address " 12 34 56 78 9A BC " at end, the history IP address " 19 21 68 00 12 of mobile terminal 12 ", the history WIFI connection names " 66 65 69 74 69 61 6E " and the historical operation system of mobile terminal of mobile terminal Version " 01 04 00 04 ";Sub- air control data are respectively:The communication number " 13811111234 " of mobile terminal, the indigo plant of mobile terminal Tooth MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal Operating system version " 01 04 00 04 " of WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal;Bluetooth intelligence Energy calorimeter operator air control data are 1 with the corresponding sub- unmatched number of air control historical data, and divided by the total of sub- air control data Number 5, obtains air control index 0.2.
Step 224:Whether Bluetooth intelligent card judges air control index more than the first risk threshold value, if it is, performing step 225;Otherwise, step 226 is performed;
For example:Bluetooth intelligent card judges that air control index 0.2, less than the first risk threshold value 0.5, performs step 220.
Step 225:Bluetooth intelligent card is by itself off line authentication mode or holder's authentication mode or trading limit At least one, it is updated to safer rank, return to step 205;
Specifically, Bluetooth intelligent card reduces trading limit or the off line parameters for authentication in terminal parameter by off line certification Mode is updated to level of security off line authentication mode higher by the relatively low off line authentication mode of level of security;Or renewal holds The authentication list of people second, safer rank is updated to by holder's authentication mode.
In this step, Bluetooth intelligent card reduction trading limit can be, for example,:Bluetooth intelligent card is by trading limit by 5000 Unit is reduced to 1000 yuan.
Wherein, the off line parameters for authentication in terminal parameter is recognized off line authentication mode by the relatively low off line of level of security Card mode is updated to level of security off line authentication mode higher, specially:By the off line authentication mode higher with level of security The parameter value of corresponding parameter is updated to " 1 " by " 0 ".
For example:As SDA=1 and DDA=0 and CDA=0, DDA by 0 is updated to 1 and/or CDA is updated to 1 by 0; As SDA=1 and DDA=1 and CDA=0, CDA is updated to 1 by 0;As SDA=0 and DDA=1 and CDA=0, by CDA by 0 is updated to 1.
Wherein, the authentication list of holder second is updated, holder's authentication mode more secure level is updated to, specially: Holder's authentication mode mark in holder's authentication codes in the authentication list of holder second is updated to more secure level, will Holder's authentication mode is updated to more secure level.
For example, when the authentication list of holder second is " 8E0A00000000000000001E03 ", by holder's certification generation Holder's certification mark in code " 1E03 " is updated to " 000011 " by " 011110 ", so that by holder's authentication mode by signing Mode is updated to the online PIN checkings+signature scheme of level of security input higher;Correspondingly, the holder's certification generation after renewal Code be " 0303 ", after renewal the authentication list of holder second be " 8E0A00000000000000000303 " correspondingly, step 210 In specifically include:Bluetooth intelligent card points out the online pin of user input and signature, if being used in the second Preset Time and preset times Family is input into online pin and signature, and Bluetooth intelligent card is verified according to the online pin and signature of user input to holder, if User is not input into online pin and signature in the second Preset Time or in preset times, and Bluetooth intelligent card judges that holder recognizes Card failure.
Step 226:Bluetooth intelligent card by air control data Cun Chudao scratchpad area (SPA)s, return to step 205;
Specifically, be used for for air control data Cun Chudao in the scratchpad area (SPA) for preserve air control historical data by Bluetooth intelligent card.
In the present embodiment, after the application that blue-tooth intelligence card initialization has been selected, also include before off line certification:Bluetooth Type of transaction in Transaction Information of the smart card in trading instruction judges whether the dealing money in display Transaction Information, such as It is really no, then off line certification is carried out, continue;If it is, display dealing money, waits user to confirm, when in the first Preset Time After inside detecting user's confirmation, off line certification is carried out, continued;If not detecting user's confirmation in the first Preset Time Information, error message is returned to mobile terminal;
After setting Trading Authorization result, being sent to mobile terminal by Bluetooth channels includes that Trading Authorization result and transaction refer to Before the transaction message of the Transaction Information in order, also include:Bluetooth intelligent card judges Trading Authorization result for transaction refusal or joins Machine treatment, if Trading Authorization result is refused for transaction, the transaction of blue-tooth intelligence Card Rejections, display refusal Transaction Information;If transaction Authorization result is online process, and the friendship included in Trading Authorization result and trading instruction is sent to mobile terminal by Bluetooth channels The transaction message of easy information, continues.
It should be noted that, in the present embodiment, the bluetooth communication between Bluetooth intelligent card and mobile terminal can be, but not limited to Realized by the bluetooth module of Bluetooth intelligent card itself.
A kind of method of blue-tooth intelligence card control transaction risk is present embodiments provided, the Bluetooth intelligent card need not pass through Financial terminal can just complete financial transaction, and during transaction, the air control data according to itself calculate air control index, When air control index be more than the first risk threshold value when, by conclude the business stand-by mode in off line authentication mode or holder's authentication mode or At least one of trading limit, after being updated to safer rank, then is traded preparation renewal terminal authentication result, afterwards Behavioural analysis is carried out according to terminal authentication result and terminal behavior code and obtains behavioural analysis result, sentenced according to behavioural analysis result It is disconnected whether to carry out on-line transaction, improve the security and convenience of transaction.
Embodiment 3
A kind of method of blue-tooth intelligence card control transaction risk is present embodiments provided, including:
Step 301:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
In the present embodiment, mobile terminal can be, but not limited to be mobile phone.
Step 302:Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels;
Step 303:Bluetooth intelligent card obtains air control data and Transaction Information from trading instruction;
In the present embodiment, air control data for blue-tooth intelligence be stuck in perform process of exchange in risk control data, can with but It is not limited to include:The hardware sequence number of mobile terminal, the communication number of mobile terminal, the Bluetooth MAC address of mobile terminal, movement The IP address of terminal, the WIFI connection names of mobile terminal, the operating system version number of mobile terminal, dealing money, the day of trade At least one in the information such as phase, exchange hour or type of transaction.
In the present embodiment, Transaction Information includes dealing money, trade date, exchange hour and information etc. type of transaction.
This step can be specially:Bluetooth intelligent card obtains dealing money, trade date, exchange hour from trading instruction And type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and by dealing money, hand over At least one information in easy date, exchange hour and type of transaction is used as air control data.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from trading instruction Air control data are obtained in data in addition to Transaction Information.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from Transaction Information and Air control data are obtained in the data in addition to Transaction Information in trading instruction.
For example, Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00 39 00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06 12 34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F 65 04 01 04 00 04, Bluetooth intelligent card is obtained in the 6th to the 11st byte in trading instruction from trading instruction Data " 00 00 00 00 00 00 ", as dealing money;The data " 00 " in the 12nd byte are obtained, and is made It is type of transaction;The data " 15 12 24 " in the 13rd to the 15th byte are obtained, and as trade date;Obtain the Data " 17 09 28 " in 16 to the 18th bytes, and as exchange hour;Obtain the first default mark " 1F 61 ", the data " 06 " on first character section and after the first default mark, obtain first after the first default mark After data " 06 " in byte, length is the data " 13 81 11 11 23 4F " of " 06 " individual byte, and according to mobile whole The communication number form at end, by " 13811111234 " as mobile terminal communication number;Obtain the second default mark " 1F 62 ", the data " 06 " on first character section and after the second default mark, obtain first after the second default mark After data " 06 " in byte, length is the data " 12 34 56 78 9A BC " of " 06 " individual byte, by " 12 34 56 78 9A BC " are used as the Bluetooth MAC address of mobile terminal;The 3rd default mark " 1F 63 " is obtained, and the 3rd presets mark Data " 06 " on first character section afterwards, after the data " 06 " on first character section after the default mark of acquisition the 3rd , length is the data " 19 21 68 00 12 12 " of " 06 " individual byte, by " 19 21 68 00 12 12 " as mobile whole The IP address at end;Obtain the data on the first character section after the 4th default mark " 1F 64 ", and the 4th default mark " 07 ", obtains after the data " 07 " on the first character section after the 4th default mark, and length is the number of " 07 " individual byte According to " 66 65 69 74 69 61 6E ", by " 66 65 69 74 69 61 6E " as mobile terminal WIFI connection names; The data " 04 " on the first character section after the 5th default mark " 1F 63 ", and the 5th default mark are obtained, the 5th is obtained After the data " 04 " on first character section after default mark, length is the data " 01 04 00 of " 04 " individual byte 04 ", by " 01 04 00 04 " as mobile terminal operating system version number, and by the communication number of mobile terminal, it is mobile eventually The operating system version of the Bluetooth MAC address at end, the IP address of mobile terminal, the WIFI connection names of mobile terminal and mobile terminal This number used as air control data.
Step 304:Bluetooth intelligent card judged with the presence or absence of data in scratchpad area (SPA), if it is, by scratchpad area (SPA) In data as air control historical data, perform step 317;Otherwise, Bluetooth intelligent card is by air control data Cun Chudao interim storages Area, performs step 305;
For example:If Bluetooth intelligent card is judged for the scratchpad area (SPA) for preserving air control historical data in the absence of data, bluetooth Smart card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth of mobile terminal MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal;Storage is interim Memory block, performs step 305.If Bluetooth intelligent card judges there are data for preserving the scratchpad area (SPA) of air control historical data, Bluetooth intelligent card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, mobile terminal Bluetooth MAC address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal operating system version " 01 04 00 04 " respectively as The sub- air control historical data of air control historical data:The history communication number " 13811111234 " of mobile terminal, mobile terminal are gone through History Bluetooth MAC address " 12 34 56 78 9A BC ", the history IP address " 19 21 68 00 12 12 " of mobile terminal, movement The history WIFI connection names " 66 65 69 74 69 61 6E " of terminal and the historical operation system version " 01 04 of mobile terminal 00 04”;Perform step 317.
Step 305:Bluetooth intelligent card selects to apply according to trading instruction;
Specifically, type of transaction selection application of the Bluetooth intelligent card in trading instruction.
In the present embodiment, type of transaction is on-line transaction, is specifically included:Main account remaining sum is looked into, is consumed, transferred accounts, circle is deposited. Correspondingly, Bluetooth intelligent card is according to the corresponding application of type of transaction selection.
Step 306:The application that blue-tooth intelligence card initialization has been selected;
In the present embodiment, also include in step 306:Bluetooth intelligent card initialization terminal the result;
Wherein, Bluetooth intelligent card initialization terminal the result is specially:Bluetooth intelligent card is by the institute of terminal authentication result It is 0 to have the data initialization on bit.
Step 307:Bluetooth intelligent card reads application record;
In the present embodiment, what Bluetooth intelligent card read includes the authentication list of holder first of itself using record.
For example, the record of applying that Bluetooth intelligent card reads includes that the authentication list of holder first of itself is “8E0A00000000000000001E03”。
Step 308:Bluetooth intelligent card carries out off line certification;
Specifically, off line parameters for authentication of the Bluetooth intelligent card in the terminal parameter of itself selects current off line authenticating party Formula, off line certification is carried out according to current off line authentication mode, obtains off line authentication result, according to off line authentication result more new terminal First byte of the result, the terminal authentication result after being updated.
Closer, off line parameters for authentication and off line authentication mode of the Bluetooth intelligent card in the terminal parameter of itself Level of security select current off line authentication mode, current off line certification is carried out according to current off line authentication mode, obtain off line Authentication result, the first byte of terminal authentication result, the terminal authentication result after being updated are updated according to off line authentication result.
Specifically, Bluetooth intelligent card obtains static parameters for authentication in the terminal parameter of itself, dynamic authentication parameter and mixed Close parameters for authentication;If only one value of parameter is " 1 " in three parameters, will be with parameter value for the parameter of " 1 " is corresponding Off line authentication mode carries out off line certification as current off line authentication mode according to current off line authentication mode, obtains off line and recognizes Card result;Otherwise, will be with parameter value be for " 1 " and level of security parameter high is used as current off line authentication mode, according to current de- Machine authentication mode carries out off line certification, obtains off line authentication result, and the of terminal authentication result is updated according to off line authentication result One byte, the terminal authentication result after being updated.
In the present embodiment, off line parameters for authentication includes:Static parameters for authentication SDA, dynamic authentication parameter DDA and hybrid authentication Parameter CDA;Corresponding off line authentication mode is static certification, dynamic authentication and hybrid authentication respectively, and three kinds of authentication modes Level of security be:Hybrid authentication>Dynamic authentication>Static certification.
For example, Bluetooth intelligent card obtains static parameters for authentication SDA, dynamic authentication parameter DDA in the terminal parameter of itself With hybrid authentication parameter CDA, as SDA=1 and DDA=0 and CDA=0, Bluetooth intelligent card will be with static parameters for authentication SDA pairs The static authentication mode answered carries out off line certification as current off line authentication mode, obtains off line authentication result;Work as SDA=1 And during DDA=1 and CDA=0, Bluetooth intelligent card is by parameter value is for " 1 " and level of security dynamic authentication parameter DDA high is corresponding Dynamic authentication mode carries out off line certification as current off line certification, obtains off line authentication result;As SDA=1 and DDA=1 And during CDA=1, parameter value is " 1 " and the level of security corresponding hybrid authentications of hybrid authentication parameter CDA high by Bluetooth intelligent card Mode carries out off line certification as current off line certification, off line authentication result is obtained, according to off line authentication result more new terminal First byte of the result, the terminal authentication result after being updated.
In this step, off line certification is carried out according to current off line authentication mode, obtain off line authentication result, recognized according to off line Card result updates the first byte of terminal authentication result, specially:Off line certification is carried out according to current off line authentication mode, if , then be updated to for the data on the highest-order bit (the 8th bit) in the first byte of terminal authentication result by certification success “0”;And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to " 0 ", by the 3rd bit It is that data are updated to " 0 " on position.Off line certification is carried out according to current off line authentication mode, if authentification failure, by terminal authentication knot The data on the highest-order bit (the 8th bit) in first byte of fruit are updated to " 0 ";And by the number on the 7th bit According to or the 4th bit on data or the 3rd bit on be that data are updated to " 1 ".
For example:After off line certification and certification success is carried out according to dynamic authentication mode, Bluetooth intelligent card is by terminal authentication The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit Data are updated to " 0 ", the data on the 4th bit are updated into " 0 ", will be that data are updated to " 0 " on the 3rd bit. The first character section " 00000000 " of the terminal authentication result after to renewal, i.e. hexadecimal data " 0x00 ", after being updated Terminal authentication result 0x00 0x00 0x00 0x00 0x00.
Step 309:Bluetooth intelligent card carries out treatment limitation;
Specifically, Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, is updated eventually according to treatment limitation result Hold the second byte of the result, the terminal authentication result after being updated.
For example:Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, according to treatment limitation result more new terminal Second byte of the result, second byte " 00000000 " of the terminal authentication result after being updated, i.e. hexadecimal Data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 0x00 after being updated.
Step 310:Bluetooth intelligent card is verified to holder;
Specifically, Bluetooth intelligent card obtains current holder's authentication mode from the holder's authentication list of itself, according to Current holder's authentication mode verifies that acquisition holder's the result updates according to holder's the result to holder 3rd byte of terminal authentication result, the terminal authentication result after being updated.
It should be noted that, if in step 304 Bluetooth intelligent card be judged as NO or step 318 in Bluetooth intelligent card be judged as No, then Bluetooth intelligent card is judged in the absence of transaction risk, the then holder in the application record that Bluetooth intelligent card will read First authentication list as itself the authentication list of holder second and preserve, itself is obtained according to the authentication list of holder second Holder's authentication mode, the holder's authentication mode according to itself verifies to holder, obtains holder's the result, The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result;If step Bluetooth intelligent card is judged as YES in rapid 318, then Bluetooth intelligent card is according to judging there is transaction risk, then Bluetooth intelligent card according to The authentication list of holder second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself enters to holder Row checking, obtains holder's the result, and the 3rd byte of terminal authentication result is updated according to holder's the result, obtains Terminal authentication result after renewal.
More specifically, if in step 304 Bluetooth intelligent card be judged as NO or step 318 in Bluetooth intelligent card be judged as No, then Bluetooth intelligent card is judged in the absence of transaction risk, reset risk indicator position;If Bluetooth intelligent card judges in step 318 After being, then Bluetooth intelligent card is according to judging there is transaction risk, set risk indicator position.Correspondingly, step 310 is specific For:Whether Bluetooth intelligent card detection risk flag bit is set, if it is not, then during the application that Bluetooth intelligent card will read is recorded The authentication list of holder first as itself the authentication list of holder second and preserve, according to the authentication list of holder second The holder's authentication mode of itself is obtained, the holder's authentication mode according to itself is verified to holder, obtain holder The result, the 3rd byte of terminal authentication result, the terminal authentication after being updated are updated according to holder's the result As a result;If it is, Bluetooth intelligent card obtains the holder's authentication mode of itself according to the authentication list of holder second, according to certainly Holder's authentication mode of body verifies that acquisition holder's the result updates according to holder's the result to holder 3rd byte of terminal authentication result, the terminal authentication result after being updated.
Wherein, the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to the holder of itself Authentication mode verifies to holder, obtains holder's the result, specially:Bluetooth intelligent card is from the holder of itself In two authentication lists, the data after crossed joint are obtained, and according to the byte length of the data for getting, with each two byte One or more holder's authentication codes are obtained for unit divide, on the first character section from holder's authentication codes Data corresponding to binary data in, obtain binary data rear six number of bits according to and as holder's certification Mode is identified, and according to first the presets list, holder's authentication mode identifies corresponding holder's authentication mode before searching, and will It is verified to holder according to current holder's authentication mode as current holder's authentication mode, obtains holder and test Card result.
For example:Bluetooth intelligent card is from the authentication list of holder second of itself " 8E0A00000000000000001E03 ", the data after acquisition crossed joint in the byte of (not including crossed joint) " 1E03 ", by " 1E03 " as holder's authentication codes, the data " 1E " from the first character section with holder's authentication codes In corresponding binary data " 00011110 ", six number of bits are according to " 011110 " and as holder's certification after acquisition Mode is identified, and according to first the presets list as shown in table 2, is searched corresponding with holder's authentication mode mark " 011110 " Holder's authentication mode is " signature ", and by " signature " as current holder's authentication mode, according to current holder's authenticating party Formula verifies to holder, obtains holder's the result.
Holder's authentication mode is identified Holder's authentication mode
000000 Authentification failure
000001 Off line plaintext PIN is checked
000010 Online PIN checkings
000011 Online PIN checkings+signature
011110 Signature
011111 Without certification
Table 2
In the present embodiment, it is preferable that the level of security of holder's authentication mode is in on-line transaction:Without certification<Signature< Online PIN checkings<Online PIN checkings+signature<Authentification failure.
In the present embodiment, verification mode can also be shown including holder's certificate in holder's authentication mode, its is corresponding Holder's authentication mode is designated 100000.It should be noted that, first the presets list as shown in table 2 is only that the present embodiment is provided A kind of performance holder authentication mode mark and holder's authentication mode between corresponding relation mode, the present invention in can represent The mode that holder's authentication mode identifies the corresponding relation and holder's authentication mode between can also have various, in the present embodiment not Repeat again.
In this step, holder is verified according to current holder's authentication mode, obtain holder's the result, root The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result.Specially:
Holder is verified according to current holder's authentication mode, if holder is proved to be successful, terminal is tested The 3rd the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 0 ".If holder's authentication failed, will be eventually The data on the 3rd the highest-order bit of byte (the 8th bit) of the result are held to be updated to " 1 ".
For example:When current holder's authentication mode is " signature " and after be proved to be successful, Bluetooth intelligent card would indicate that holder One the highest-order bit of the binary data of byte of the result (the 8th bit) is updated to " 0 ", the end after being updated Hold second byte " 00000000 " of the result, i.e. hexadecimal data " 0x00 ", the terminal authentication knot after being updated Fruit 0x00 0x00 0x00 0x00 0x00.
Step 311:Bluetooth intelligent card carries out terminal risk management;
Specifically, Bluetooth intelligent card carries out terminal risk management, terminal risk management result is obtained, according to risk management knot Fruit updates the 4th byte of terminal authentication result, the terminal authentication result after being updated.
More specifically, whether Bluetooth intelligent card detection dealing money exceedes trading limit, if it is, testing terminal if The 4th the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 1 ", otherwise, by the 4th of terminal authentication result the The highest-order bit (the 8th bit) of individual byte is updated to " 0 ".
For example, Bluetooth intelligent card detection dealing money 00 is no more than trading limit 5000, then by the of terminal authentication result Four the highest-order bit of byte (the 8th bit) are updated to " 0 ", the 4th word of the terminal authentication result after being updated Section " 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated 0x00。
In the present embodiment, trading limit is the top limit that Bluetooth intelligent card is supported single transaction.
Step 312:Bluetooth intelligent card carries out behavioural analysis;Obtain Trading Authorization result;
Specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and the terminal behavior code (TAC) of itself, relatively The data on bit answered carry out obtaining operation result with computing, are analysis result, root according to operation result line Card behavioural analysis is carried out according to terminal behavior analysis result and obtain card behavior analysis result, set according to card behavior analysis result Put Trading Authorization result.
More specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and the terminal behavior code (TAC) of itself, Data on corresponding bit carry out obtaining operation result with computing, if operation result is 0, line is analysis Result is log-in treatment, carries out card behavioural analysis according to terminal behavior analysis result and obtains card analysis result, if card Piece behavioural analysis result is authorization requests ciphertext (ARQC), and it is online place to set Trading Authorization result according to card analysis result Reason, performs step 313;If card behavior analysis result is application authorization ciphertext (AAC), Trading Authorization result is set to transaction Refusal, terminates.If operation result is non-zero, line is that analysis result is requests transaction refusal, according to terminal behavior point Analysis result carries out card behavioural analysis and sets card behavior analysis result application authorization ciphertext (AAC), according to card behavioural analysis Result sets Trading Authorization result for transaction is refused, and terminates.
For example, the terminal authentication result after the renewal that obtains of Bluetooth intelligent card is 0x00 0x00 0x00 0x00 0x00, The corresponding binary data of terminal authentication result is 00,000,000 00,000,000 00,000,000 00,000,000 00000000, blue The terminal behavior code of tooth smart card itself is 0x00 0x00 0x00 0x00 0x00, the corresponding binary system of terminal behavior code Data are 00,000,000 00,000,000 00,000,000 00,000,000 00000000;Bluetooth intelligent card is by terminal authentication result Each bit of each byte bit corresponding with the terminal behavior code of itself each byte is carried out and operation result It is 0x00,0x00,0x00,0x00,0x00, then line is that analysis result is log-in treatment, according to behavioural analysis It is authorization requests ciphertext (ARQC) that result carries out the card behavior analysis result that card behavioural analysis obtains, according to card behavior point Trading Authorization result is set to online process " 0x02 " by analysis result, performs step 313.
In the present embodiment, terminal authentication result includes 5 bytes, and terminal behavior code includes 5 bytes, terminal behavior generation The bit of each byte of code is corresponded with the bit of each byte of terminal authentication result.
It should be noted that, in the present embodiment, terminal behavior code (TAC) is specially terminal behavior code (TAC)-refusal.
Step 313:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization result, Transaction Information With the transaction message of air control data;
Specifically, Bluetooth intelligent card is signed to air control data, obtains signature value, tissue include Trading Authorization result, The transaction message of Transaction Information, air control data and signature value, being sent to mobile terminal by Bluetooth channels includes Trading Authorization knot Really, the transaction message of Transaction Information, air control data and signature value.
For example:Bluetooth intelligent card tissue includes the transaction report of Trading Authorization result, Transaction Information, air control data and signature value Wen Hou, the transaction message for obtaining is:02 95 05 08 80 00 00 00 9a 03 15 12 24 9f 37 04 cb b9 32 b3 82 02 7c 00 9f 36 02 00 3b 9f 27 01 80 9f 26 08 b7 63 29 74 b0 98 77 92 9f 10 08 07 01 01 03 a4 b8 04 01 9f 34 03 41 03 02 9f 41 04 00 00 00 03 84 07 a0 00 00 03 33 01 01 9f 09 02 00 8c 9c 01 31 5f 2a 02 01 56 9f 1a 02 01 56 9f 03 06 00 00 00 00 00 00 9f 33 03 a0 c8 c8 9f 35 01 34 9f 1e 08 00 00 00 00 00 00 00 00 9f 02 06 00 00 00 00 00 00 7E 3E 01 C4 5E 05 B6 D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD 16 F5 44 68 E0 CE 87 0B DF 63 E2 39 E2 7A 1B 48 D8 9E AF 52 AA 6D 0C 7A 8A 21 08 DC F0 2A 7A 62 D1 44 F6 3B 10 81 7B 79 5C 5C 1C F8 2C 92 E0.Wherein, first character section " 02 " is Trading Authorization result, Represent online process;" 9f 02 06 00 00 00 00 00 00 " is dealing money, represents that dealing money is 0 yuan;“9a 03 15 12 24 " it is trade date, expression trade date is on December 24th, 2015.Wherein, " the B6 of 01 C4 5E of 7E 3E 05 D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD The E2 7A 1B of 16 F5,44 68 E0 CE, 87 0B DF, 63 E2 39 " are air control data;“48 D8 9E AF 52 AA 6D The E0 of 21 08 79 5C 5C 1C F8 2C of DC 10 81 7B of F0 2A 7A 62 D1,44 F6 3B of 0C 7A 8A 92 " are Signature value.
It should be noted that, Bluetooth intelligent card can also be signed before this step to air control data, be signed Value.
It should be noted that, if if Bluetooth intelligent card is tested holder according to online PIN verification modes in step 310 Card, the online PIN code of the user input also got including Bluetooth intelligent card in transaction message.
This step may be replaced by:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization knot Fruit and the transaction message of Transaction Information.
Step 314:Bluetooth intelligent card receives the transaction response from mobile terminal by Bluetooth channels;
Step 315:Bluetooth intelligent card is according to transaction response generation transaction record;
Step 316:Bluetooth intelligent card sends transaction record by Bluetooth channels to mobile terminal, terminates.
After mobile terminal receives the transaction record from Bluetooth intelligent card by Bluetooth channels, sent to server and handed over Easily record.
Step 317:Bluetooth intelligent card is calculated according to air control historical data and air control data, obtains air control index;
Specifically, Bluetooth intelligent card judges whether sub- air control data match with sub- air control historical data, if it is, will Air control index is set to " 0 ";Otherwise, sub- air control data and the sub- unmatched number of air control historical data are calculated, and divided by sub- wind The sum of data is controlled, air control index is obtained.
For example:Sub- air control historical data is respectively:History communication number " 13811111234 ", the movement of mobile terminal are eventually The history Bluetooth MAC address " 12 34 56 78 9A BC " at end, the history IP address " 19 21 68 00 12 of mobile terminal 12 ", the history WIFI connection names " 66 65 69 74 69 61 6E " and the historical operation system of mobile terminal of mobile terminal Version " 01 04 00 04 ";Sub- air control data are respectively:The communication number " 13811111234 " of mobile terminal, the indigo plant of mobile terminal Tooth MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal Operating system version " 01 04 00 04 " of WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal;Bluetooth intelligence Energy calorimeter operator air control data are 1 with the corresponding sub- unmatched number of air control historical data, and divided by the total of sub- air control data Number 5, obtains air control index 0.2.
Step 318:Whether Bluetooth intelligent card judges air control index more than the first risk threshold value, if it is, performing step 319;Otherwise, step 320 is performed;
For example:Bluetooth intelligent card judges that air control index 0.2, less than the first risk threshold value 0.5, performs step 320.
Step 319:Bluetooth intelligent card is by itself off line authentication mode or holder's authentication mode or trading limit At least one, it is updated to safer rank, return to step 305;
Specifically, Bluetooth intelligent card reduces trading limit or the off line parameters for authentication in terminal parameter by off line certification Mode is updated to level of security off line authentication mode higher by the relatively low off line authentication mode of level of security;Or renewal holds The authentication list of people second, more secure level is updated to by holder's authentication mode.
In this step, Bluetooth intelligent card reduction trading limit can be, for example,:Bluetooth intelligent card is by trading limit by 5000 Unit is reduced to 1000 yuan.
Wherein, the off line parameters for authentication in terminal parameter is recognized off line authentication mode by the relatively low off line of level of security Card mode is updated to level of security off line authentication mode higher, specially:By the off line authentication mode higher with level of security The parameter value of corresponding parameter is updated to " 1 " by " 0 ".
For example:As SDA=1 and DDA=0 and CDA=0, DDA by 0 is updated to 1 and/or CDA is updated to 1 by 0; As SDA=1 and DDA=1 and CDA=0, CDA is updated to 1 by 0;As SDA=0 and DDA=1 and CDA=0, by CDA by 0 is updated to 1.
Wherein, the authentication list of holder second is updated, holder's authentication mode more secure level is updated to, specially: Holder's authentication mode mark in holder's authentication codes in the authentication list of holder second is updated to more secure level, will Holder's authentication mode is updated to more secure level.
For example, when the authentication list of holder second is " 8E0A00000000000000001E03 ", by holder's certification generation Holder's certification mark in code " 1E03 " is updated to " 000011 " by " 011110 ", so that by holder's authentication mode by signing Mode is updated to the online PIN checkings+signature scheme of level of security input higher;Correspondingly, the holder's certification generation after renewal Code is " 0303 ", and the authentication list of holder second is " 8E0A00000000000000000303 ", correspondingly, step after renewal Specifically included in 310:Bluetooth intelligent card points out the online pin of user input and signature, if in the second Preset Time and preset times The interior online pin of user input and signature, Bluetooth intelligent card are tested holder according to the online pin and signature of user input Card, if user is not input into online pin and signature in the second Preset Time or in preset times, Bluetooth intelligent card is judged to hold People's authentification failure.
It should be noted that, in the present embodiment, if the off line authentication mode of Bluetooth intelligent card, holder's authentication mode and transaction Limit is most level of security, then after being judged as YES in step 318, the direct return to step 305 of Bluetooth intelligent card.
In the present embodiment, necessarily:When Bluetooth intelligent card by itself off line authentication mode or holder's authentication mode or At least one of trading limit, is updated to more secure level, after return to step 305, also includes before performing step 312: Update terminal behavior code.
Terminal behavior code is updated to be specially:By on the risk bit with terminal authentication result in terminal behavior code Data for " 1 " the corresponding bit of bit in, the data at least one bit are updated to 1.
Updating terminal behavior code can also be specially:By the Hazard ratio with terminal authentication result in terminal behavior code Data on the corresponding bit in special position are updated to 1.
In the present embodiment, the risk bit of terminal authentication result includes:The of the first character section of terminal authentication result Seven bits, the 4th bit and the 3rd bit;The highest-order bit (the 8th bit of the 3rd byte of terminal authentication result Position);4th the highest-order bit of byte (the 8th bit) of terminal authentication result.
For example:After the off line authentication mode of itself is updated to more secure level by Bluetooth intelligent card, Bluetooth intelligent card after It is continuous to perform step 305, after Bluetooth intelligent card carries out off line certification in execution of step 308, also include:Update terminal behavior generation Code;Step 309 is continued executing with after having updated terminal behavior code;
Specifically for example:When the off line authentication mode of itself is updated to dynamic authentication by Bluetooth intelligent card by static certification, Bluetooth intelligent card continues executing with step 305, and when step 308 is gone to, if off line authentification failure, Bluetooth intelligent card tests terminal The data demonstrate,proved on the highest-order bit (the 8th bit) in the first byte of result are updated to " 0 ";And by the 7th bit Data be updated to " 0 ", the data on the 4th bit are updated to " 1 ", will be that data are updated to " 0 " on the 3rd bit, Terminal authentication result after being updated is " 00,001,000 00,000,000 0,000,000 00,000,000 00000000 ";It is blue Tooth smart card also includes:By the corresponding bit of the 4th bit of the first character section " 0000000000 " of terminal behavior code On data be updated to 1 by 0, the terminal behavior code after being updated be " 00,001,000 00,000,000 0000000 00000000 00000000”.Step 309 is continued executing with after having updated terminal behavior code;When step 312 is continued to, Terminal authentication result after the renewal that Bluetooth intelligent card is obtained is 00,001,000 00,000,000 0,000,000 00000000 00000000 ", the terminal behavior code after Bluetooth intelligent card updates is 0x00 0x00 0x00 0x00 0x00, terminal behavior generation The corresponding binary data of code is " 00,001,000 00,000,000 0,000,000 00,000,000 00000000 ";Bluetooth intelligent card By each bit of each byte of terminal authentication result bit corresponding with the terminal behavior code of itself each byte Position carries out being non-zero with operation result that then line is that analysis result is requests transaction refusal, is entered according to behavioural analysis result The card behavior analysis result that row card behavioural analysis is obtained is application authorization ciphertext (AAC), according to card behavior analysis result Trading Authorization result is set to transaction refusal, is terminated.
Step 320:Bluetooth intelligent card by air control data Cun Chudao scratchpad area (SPA)s, return to step 305;
Specifically, be used for for air control data Cun Chudao in the scratchpad area (SPA) for preserve air control historical data by Bluetooth intelligent card.
In the present embodiment, after the application that blue-tooth intelligence card initialization has been selected, also include before off line certification:Bluetooth Type of transaction in Transaction Information of the smart card in trading instruction judges whether the dealing money in display Transaction Information, such as It is really no, then off line certification is carried out, continue;If it is, display dealing money, waits user to confirm, when in the first Preset Time After inside detecting user's confirmation, off line certification is carried out, continued;If not detecting user's confirmation in the first Preset Time Information, error message is returned to mobile terminal;
After setting Trading Authorization result, being sent to mobile terminal by Bluetooth channels includes that Trading Authorization result and transaction refer to Before the transaction message of the Transaction Information in order, also include:Bluetooth intelligent card judges Trading Authorization result for transaction refusal or joins Machine treatment, if Trading Authorization result is refused for transaction, the transaction of blue-tooth intelligence Card Rejections, display refusal Transaction Information;If transaction Authorization result is online process, and the friendship included in Trading Authorization result and trading instruction is sent to mobile terminal by Bluetooth channels The transaction message of easy information, continues.
In the present embodiment, step 319 may be replaced with:Bluetooth intelligent card updates terminal behavior code, return to step 305。
If step 319 may be replaced with:Bluetooth intelligent card updates terminal behavior code, return to step 305;It is then preferred Ground, updates terminal behavior code and is specially:Will be corresponding with the risk bit of terminal authentication result in terminal behavior code Data on bit are updated to 1.
In the present embodiment, after being judged as YES in step 318, can also direct return to step 305;Correspondingly, step is worked as Must also include updating terminal behavior code after being judged as YES return to step 305 in 318, before performing step 312.
For example:After being judged as YES in step 318, direct return to step 305, Bluetooth intelligent card continues to step After 308 or 309 or 310 or 311, terminal behavior code is updated, corresponding step is continued executing with after having updated terminal behavior code Suddenly.With this example correspondingly, if after Bluetooth intelligent card continues to step 308 or 309 or 310 or 311, updating terminal row It is code, then updating terminal behavior code can be specially:By the Hazard ratio with terminal authentication result in terminal behavior code Data on the corresponding bit in special position are updated to 1;Or be specially by terminal behavior code with terminal authentication result During data on risk bit are for the corresponding bit of bit of " 1 ", the data at least one bit are updated to 1。
Such as:After being judged as YES in step 318, direct return to step 305 continues, and is performed in Bluetooth intelligent card Before to step 308, terminal behavior code is updated, corresponding steps are continued executing with after having updated terminal behavior code.With this example phase Ying Di, it is preferable that update terminal behavior code and be specially:By the risk bit with terminal authentication result in terminal behavior code Data on the corresponding bit in position are updated to 1.
It should be noted that, in the present embodiment, the bluetooth communication between Bluetooth intelligent card and mobile terminal can be, but not limited to Realized by the bluetooth module of Bluetooth intelligent card itself.
The method of the blue-tooth intelligence card control transaction risk that the present embodiment is provided, the Bluetooth intelligent card need not be by finance Terminal can just complete financial transaction, and after air control data are got according to trading instruction, the air control data according to itself are calculated Air control index, when air control index is more than the first risk threshold value, by the off line authentication mode in stand-by mode of concluding the business or holder At least one of trading limit in authentication mode or terminal management risk mode, after being updated to safer rank, then enters Row transaction prepares and continues, and before behavioural analysis result is obtained, terminal behavior code is updated, afterwards according to terminal authentication knot Fruit and terminal behavior code carry out behavioural analysis and obtain behavioural analysis result, are judged whether to according to behavioural analysis result online Transaction, improves the security and convenience of transaction.
Embodiment 4
A kind of method of blue-tooth intelligence card control transaction risk is present embodiments provided, as shown in Figure 4 and Figure 5, wherein, it is blue Tooth smart card includes IC chip and MPOS chips;
Step 400:MPOS chips set up bluetooth connection with mobile terminal;
In the present embodiment, mobile terminal can be, but not limited to be mobile phone.
Step 401:MPOS chips receive the trading instruction from mobile terminal by Bluetooth channels;
Step 402:MPOS chips obtain air control data and Transaction Information from trading instruction;
In the present embodiment, air control data for blue-tooth intelligence be stuck in perform process of exchange in risk control data, can with but It is not limited to include:The hardware sequence number of mobile terminal, the communication number of mobile terminal, the Bluetooth MAC address of mobile terminal, movement At least one in the information such as the current IP address of terminal, dealing money, trade date, exchange hour or type of transaction.
In the present embodiment, Transaction Information includes dealing money, trade date, exchange hour and information etc. type of transaction.
For example, MPOS chips receive the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00 0d 00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06 12 34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F 65 04 01 04 00 04, wherein, the air control data that MPOS chips get from trading instruction include:The communication number of dynamic terminal Code:13811111234;The 9A BC of Bluetooth MAC address 12 34 56 78 of mobile terminal;The IP address 19 21 of mobile terminal 68 00 12 12;The WIFI connection names of mobile terminal:66 65 69 74 69 61 6E;The operating system version of mobile terminal This number 01 04 00 04;Dealing money 00 00 00 00 00 00;Type of transaction:00;Trade date 151224;Exchange hour 170928。
Step 403:MPOS chips judge whether transaction risk according to air control data, if it is not, then performing step 404;If it is, at least one of off line authentication mode or holder's authentication mode or trading limit by itself is updated to After more secure level, step 404 is performed;
In the present embodiment, the off line authentication mode of itself is updated to safer rank and is specially by MPOS chips:According to Off line authentication mode is updated to safety by the off line parameters for authentication in terminal parameter by the relatively low off line authentication mode of level of security Rank off line authentication mode higher.
Further, the off line authentication mode of itself is updated to safer rank and is specially by MPOS chips:Will be with peace The parameter value of the full rank corresponding parameter of off line authentication mode higher is updated to " 1 " by " 0 ".
For example:As SDA=1 and DDA=0 and CDA=0, DDA by 0 is updated to 1 and/or CDA is updated to 1 by 0; As SDA=1 and DDA=1 and CDA=0, CDA is updated to 1 by 0;As SDA=0 and DDA=1 and CDA=0, by CDA by 0 is updated to 1.
In the present embodiment, the holder's authentication mode of itself is updated to more secure level and is specially by MPOS chips:Update The authentication list of holder second, more secure level is updated to by holder's authentication mode.
The authentication list of holder second is updated, holder's authentication mode more secure level is updated to, specially:To hold Holder's authentication mode mark is updated to more secure level in holder's authentication codes in the authentication list of people second, by holder Authentication mode is updated to more secure level.
For example, when the authentication list of holder second is " 8E0A00000000000000001E03 ", by holder's certification generation Holder's certification mark in code " 1E03 " is updated to " 000011 " by " 011110 ", so that by holder's authentication mode by signing Mode is updated to the online PIN checkings+signature scheme of level of security input higher;Correspondingly, the holder's certification generation after renewal Code is " 0303 ", and the authentication list of holder second is " 8E0A00000000000000000303 ", correspondingly, step after renewal Specifically included in 415:MPOS chips point out the online pin of user input and signature, if in the second Preset Time and preset times The online pin of user input and signature, MPOS chips verify according to the online pin of user input and signature to holder, if User is not input into online pin and signature in the second Preset Time or in preset times, and MPOS chips judge holder's certification Failure.
In the present embodiment, trading limit is updated to more secure level, specially:MPOS chips reduction trading limit, example Such as:Trading limit is reduced to 1000 yuan by MPOS chips by 5000 yuan.
Step 403 is specifically included;
Step 4031:Whether MPOS chips obtain the air control data in the trading instruction, judge deposited in scratchpad area (SPA) In data, if it is, using the data in scratchpad area (SPA) as air control historical data, performing step 4032;Otherwise, by air control Data Cun Chudao scratchpad area (SPA)s, perform step 404;
Specifically, MPOS chips judge scratchpad area (SPA) with the presence or absence of data, if it is, by the data in scratchpad area (SPA) As air control historical data, step 4032 is performed;Otherwise, MPOS chips then perform air control data Cun Chudao scratchpad area (SPA)s Step 404;
For example:If MPOS chips are judged for the scratchpad area (SPA) for preserving air control historical data in the absence of data, MPOS cores Piece is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth MAC of mobile terminal Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal connect Connect operating system version " 01 04 00 04 " of title " 66 65 69 74 69 61 6E " and mobile terminal;Storage is deposited temporarily Storage area, performs step 404.If MPOS chips judge there are data, MPOS for preserving the scratchpad area (SPA) of air control historical data Chip is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth of mobile terminal MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal is respectively as air control The sub- air control historical data of historical data:The history communication number " 13811111234 " of mobile terminal, the history of mobile terminal are blue Tooth MAC Address " 12 34 56 78 9A BC ", the history IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal History WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal historical operation system version " 01 04 00 04”;Perform step 4032.
Step 4032:MPOS chips calculate air control index according to air control data and air control historical data, judge air control index Whether it is more than the first risk threshold value, if it is, judgement has transaction risk, the off line authentication mode of itself or holder is recognized After at least one of card mode or trading limit are updated to more secure level, step 404 is performed;Otherwise, judge in the absence of friendship Easy risk, behind air control data Cun Chudao scratchpad area (SPA)s, performs step 404.
Specifically, MPOS chips judge whether sub- air control data match with sub- air control historical data, if it is, by wind Control index is set to " 0 ";Otherwise, sub- air control data and the sub- unmatched number of air control historical data are calculated, and divided by sub- air control Whether the sum of data, obtains air control index, judges air control index more than the first risk threshold value, if it is, judge to exist handing over Easy risk, at least one of itself off line authentication mode or holder's authentication mode or trading limit is updated to safer After rank, step 404 is performed;Otherwise, judge do not exist transaction risk, behind air control data Cun Chudao scratchpad area (SPA)s, perform Step 404.
For example:Sub- air control historical data is respectively:History communication number " 13811111234 ", the movement of mobile terminal are eventually The history Bluetooth MAC address " 12 34 56 78 9A BC " at end, the history IP address " 19 21 68 00 12 of mobile terminal 12 ", the history WIFI connection names " 66 65 69 74 69 61 6E " and the historical operation system of mobile terminal of mobile terminal Version " 01 04 00 04 ";Sub- air control data are respectively:Communication number " 13811111234 ", the bluetooth of mobile terminal of dynamic terminal MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal;MPOS chip meters Operator air control data are 1 with the corresponding sub- unmatched number of air control historical data, and divided by the sum 5 of sub- air control data, are obtained To air control index 0.2, MPOS chips judge air control index 0.2 less than the first risk threshold value 0.5, and air control data Cun Chudao is interim Behind memory block, step 404 is performed.
Step 404:MPOS chips send selection application instruction to IC chip;
Step 405:IC chip is according to selection application instruction selection application;
Step 406:IC chip sends selection application success response to MPOS chips;
Step 407:MPOS chips send to IC chip and apply initialization directive;
Also include in step 407:MPOS chip initiation terminal authentication results;
Wherein, MPOS chip initiations terminal authentication result is specially:MPOS chips are by all ratios of terminal authentication result Data initialization on special position is 0.
Step 408:The application that IC chip initialization has been selected;
Step 409:IC chip sends application initialization successful respond to MPOS chips;
Specifically, application file feature (AIP) is arranged on IC chip third and fourth using initialization successful respond In byte;With every four bytes it is a unit by application file locator (AFL), being arranged on after nybble (does not include Nybble), 9000 are arranged in most latter two byte using initialization successful respond;Being sent to MPOS chips includes answering With interaction feature (AIP) and the application initialization successful respond of application file locator (AFL).
For example:Application file feature (AIP) 7C 00 is arranged on IC chip the 3rd and the using initialization successful respond On nybble;First application file locator 08 01 01 00 is arranged in the 5th to the 8th byte;By the second practical writing Part locator 10 01 04 01 is arranged in the 9th to the 12nd byte;3rd application file locator 18 01 03 00 is set Put in the 13rd to the 16th byte, 9000 are arranged on the 17th and the 18th byte using initialization successful respond On, include that the application of application interaction feature (AIP) and application file locator (AFL) is initialized to the return of MPOS chips and successfully should Answer;80 0e 7C 00 08 0101 00 10 01 04 01 18 01 03 00 90 00.
Include whether IC chip supports off line certification using interaction feature (AIP), whether support holder's certification and Whether the information such as terminal risk management is supported, in the present embodiment, it is preferable that IC chip supports static authenticating party in off line certification Formula, dynamic authentication mode and static authentication mode, support holder's certification and support terminal risk management.
Step 410:MPOS chips send reading application recording instruction to IC chip;
Specifically, the application file locator that MPOS chips are returned according to IC chip sends to IC chip to be read to refer to using record Order.
Step 411:IC chip reads application record;
Specifically, IC chip reads the holder of itself the according to reading to read the application record of itself using recording instruction The information such as one authentication list.
For example, IC chip reads the holder first of itself according to reading to read the application record of itself using recording instruction Authentication list is 8E0A00000000000000001E03.
Step 412:IC chip sends read record successful respond to MPOS chips.
Specifically, IC chip sends to MPOS chips includes that the read record of the authentication list of holder first of itself is successfully answered Answer.
Step 413:MPOS chips send off line certification and instruct to IC chip, and receiving the off line certification from IC chip should Answer;
Specifically include:
Step 4131:Off line parameters for authentication of the MPOS chips in the terminal parameter of itself selects current off line authenticating party Formula, when current off line authentication mode is static authentication mode, performs step 4132;When current off line authentication mode for dynamic is recognized During card mode, step 4133 is performed;When current off line authentication mode is hybrid authentication mode, step 4134 is performed;
Closer, off line parameters for authentication and off line authentication mode of the MPOS chips in the terminal parameter of itself Level of security selects current off line authentication mode, when current off line authentication mode is static authentication mode, performs step 4132; When current off line authentication mode is dynamic authentication mode, step is performed;When current off line authentication mode is hybrid authentication mode When, perform step;
Specifically, MPOS chips obtain static parameters for authentication in the terminal parameter of itself, dynamic authentication parameter and mixing Parameters for authentication;If only one value of parameter is " 1 " in three parameters, will be with parameter value for the parameter of " 1 " is corresponding de- Machine authentication mode carries out off line certification as current off line authentication mode according to current off line authentication mode and IC chip, obtains Off line authentication result;Otherwise, will be " 1 " and level of security parameter high as current off line authentication mode with parameter value, when working as When preceding off line authentication mode is static authentication mode, step 4132 is performed;When current off line authentication mode is dynamic authentication mode When, perform step 4133;When current off line authentication mode is hybrid authentication mode, step 4134 is performed;
In the present embodiment, off line parameters for authentication includes:Static parameters for authentication SDA, dynamic authentication parameter DDA and hybrid authentication Parameter CDA;Corresponding off line authentication mode is static certification, dynamic authentication and hybrid authentication respectively, and three kinds of authentication modes Level of security be:Hybrid authentication>Dynamic authentication>Static certification.
For example, MPOS chips obtain static parameters for authentication SDA, dynamic authentication parameter DDA in the terminal parameter of itself and Hybrid authentication parameter CDA, as SDA=1 and DDA=0 and CDA=0, MPOS chips will be corresponding with static parameters for authentication SDA Static authentication mode carries out off line certification as current off line authentication mode, obtains off line authentication result;As SDA=1 and During DDA=1 and CDA=0, parameter value is " 1 " and the level of security corresponding dynamics of dynamic authentication parameter DDA high by MPOS chips Authentication mode is used as current off line certification;As SDA=1 and DDA=1 and CDA=1, parameter value is " 1 " and peace by MPOS chips The full rank corresponding hybrid authentication modes of hybrid authentication parameter CDA high as current off line authentication mode,
Step 4132:MPOS chips send off line certification and instruct according to static authentication mode to IC chip, receive and come from IC The off line certification response of chip;Off line authentication result is obtained according to off line certification response;According to off line authentication result more new terminal First byte of the result, the terminal authentication result after being updated.
Specifically, MPOS chips send off line certification and instruct according to static authentication mode to IC chip, receive and come from IC cores The off line certification response of piece;According to off line certification response, off line authentication result is obtained;If certification success, by terminal authentication The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit Data are updated to " 0 ", the data on the 4th bit are updated into " 0 ", will be that data are updated to " 0 " on the 3rd bit, root The first byte of terminal authentication result, the first character section of the terminal authentication result after being updated are updated according to off line authentication result " 00000000 ", i.e. hexadecimal data " 0x40 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated 0x00;If authentification failure, MPOS chips are by the highest-order bit (the 8th bit) in the first byte of terminal authentication result Data be updated to " 0 ";And the data on the 7th bit are updated to " 1 ", the data on the 4th bit are updated to " 0 ", will be that data are updated to " 0 " on the 3rd bit, the first byte of terminal authentication result updated according to off line authentication result, The first character section " 01000000 " of the terminal authentication result after being updated, i.e. hexadecimal data " 0x40 ", are updated Terminal authentication result 0x40 0x00 0x00 0x00 0x00 afterwards.
Step 4133:MPOS chips send off line certification and instruct according to dynamic authentication mode to IC chip, receive and come from IC The off line certification response of chip;Off line authentication result is obtained according to off line certification response;According to off line authentication result more new terminal First byte of the result, the terminal authentication result after being updated.
Specifically, MPOS chips send off line certification and instruct according to dynamic authentication mode to IC chip, receive and come from IC cores The off line certification response of piece;Off line authentication result is obtained according to off line certification response;If certification success, by terminal authentication knot The data on the highest-order bit (the 8th bit) in first byte of fruit are updated to " 0 ";And by the number on the 7th bit According to " 0 " is updated to, the data on the 4th bit is updated to " 0 ", will be that data are updated to " 0 " on the 3rd bit, according to Off line authentication result updates the first byte of terminal authentication result, the first character section of the terminal authentication result after being updated " 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated 0x00;If authentification failure, MPOS chips are by the highest-order bit (the 8th bit) in the first byte of terminal authentication result Data be updated to " 0 ";And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to " 1 ", will be that data are updated to " 0 " on the 3rd bit, the first byte of terminal authentication result updated according to off line authentication result, The first character section " 00001000 " of the terminal authentication result after being updated, i.e. hexadecimal data " 0x08 ", are updated Terminal authentication result 0x08 0x00 0x00 0x00 0x00 afterwards.
Step 4134:MPOS chips send off line certification and instruct according to hybrid authentication mode to IC chip, receive and come from IC The off line certification response of chip;Off line authentication result is obtained according to off line certification response;According to off line authentication result more new terminal First byte of the result, the terminal authentication result after being updated.
Specifically, MPOS chips send off line certification and instruct according to hybrid authentication mode to IC chip, receive and come from IC cores The off line certification response of piece;Off line authentication result is obtained according to off line certification response;If certification success, by terminal authentication knot The data on the highest-order bit (the 8th bit) in first byte of fruit are updated to " 0 ";And by the number on the 7th bit According to " 0 " is updated to, the data on the 4th bit is updated to " 0 ", will be that data are updated to " 0 " on the 3rd bit, according to Off line authentication result updates the first byte of terminal authentication result, the first character section of the terminal authentication result after being updated " 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated 0x00.If authentification failure, MPOS chips are by the highest-order bit (the 8th bit) in the first byte of terminal authentication result Data be updated to " 0 ";And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to " 0 ", will be that data are updated to " 1 " on the 3rd bit, the first byte of terminal authentication result updated according to off line authentication result, The first character section " 00000100 " of the terminal authentication result after being updated, i.e. hexadecimal data " 0x04 ", are updated Terminal authentication result 0x04 0x00 0x00 0x00 0x00 afterwards.
Step 414:MPOS chips carry out treatment limitation;
Specifically, MPOS chips carry out treatment limitation, obtain treatment limitation result, and MPOS chips are according to treatment limitation result Update the second byte of terminal authentication result, the terminal authentication result after being updated.
For example:MPOS chips carry out treatment limitation, obtain treatment limitation result, and MPOS chips limit result more according to treatment Second byte of new terminal the result, second byte " 00000000 " of the terminal authentication result after being updated, i.e., ten Senary data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 0x00 after being updated.
Step 415:MPOS chips are verified to holder;
Specifically, MPOS chips verify that acquisition holder tests according to the holder's authentication mode of itself to holder Card result, the terminal authentication result is updated according to holder's the result.
More specifically, MPOS chips obtain current holder's authenticating party from the authentication list of holder second of itself Formula, verifies according to current holder's authentication mode to holder, obtains holder's the result, is verified according to holder and tied Fruit updates the 3rd byte of terminal authentication result, the terminal authentication result after being updated.
Wherein, MPOS chips obtain current holder's authentication mode from the authentication list of holder second of itself, according to Current holder's authentication mode verifies to holder, specially:Holder second authentication list of the MPOS chips from itself In, the data after crossed joint are obtained, and according to the byte length of the data for getting, carried out in units of each two byte Division obtains one or more holder's authentication codes, and the data institute on the first character section from holder's authentication codes is right In the binary data answered, rear six number of bits for obtaining binary data is identified according to and as holder's authentication mode, And according to first the presets list, holder's authentication mode identifies corresponding holder's authentication mode before searching, and as working as Preceding holder's authentication mode, verifies according to current holder's authentication mode to holder, obtains holder's the result.
For example:MPOS chips from the authentication list of holder second of itself " 8E0A00000000000000001E03 ", The data " 1E03 " in the byte of (not including crossed joint) after crossed joint are obtained, by " 1E03 " as holder's certification generation Code, in the binary data " 00011110 " corresponding to data " 1E " from the first character section with holder's authentication codes, Six number of bits are identified according to " 011110 " and as holder's authentication mode after acquisition, and according to as shown in table 3 first The presets list, it is " signature " to search holder's authentication mode corresponding with holder's authentication mode mark " 011110 ", and " will be signed Name " as current holder's authentication mode, is verified to holder according to current holder's authentication mode, obtains holder and test Card result.
Holder's authentication mode is identified Holder's authentication mode
000000 Authentification failure
000001 Plaintext PIN is checked
000010 On-line encryption PIN is verified
000011 Online PIN verifications+signature
011110 Signature
011111 Without certification
Table 3
In the present embodiment, verification mode can also be shown including holder's certificate in holder's authentication mode, its is corresponding Holder's authentication mode is designated 100000.It should be noted that, first the presets list as shown in table 3 is only that the present embodiment is provided A kind of performance holder authentication mode mark and holder's authentication mode between corresponding relation mode, the present invention in can represent The mode that holder's authentication mode identifies the corresponding relation and holder's authentication mode between can also have various, in the present embodiment not Repeat again.
It should be noted that:MPOS chips obtain current holder's authenticating party from the authentication list of holder second of itself Formula, the holder's authentication mode according to itself verifies to holder, specially:If MPOS chips judge according to air control data Transaction does not exist transaction risk, then holder second of the authentication list of holder first that will be received from IC chip as itself Authentication list is simultaneously preserved, and current holder's authentication mode is obtained according to the authentication list of holder second, is recognized according to current holder Card mode is verified to holder;If there is transaction risk, current holder is obtained according to the authentication list of holder second and is recognized Card mode, verifies according to current holder's authentication mode to holder.
Further, MPOS chips obtain current holder's authentication mode from the authentication list of holder second of itself, Holder's authentication mode according to itself is verified to holder, specifically included:Whether MPOS chip detections risk indicator position It is set, if it is not, then the authentication list of holder first received from IC chip is arranged as the certification of holder second of itself Table is simultaneously preserved, and current holder's authentication mode is obtained according to the authentication list of holder second, according to current holder's authentication mode Holder is verified;If it is, obtain current holder's authentication mode according to the authentication list of holder second, according to working as Preceding holder's authentication mode is verified to holder;It is necessary, when MPOS chips judge according to air control data in step 403 Transaction also includes in the absence of after transaction risk:Reset risk indicator position;When MPOS chips are in step 403 according to air control data After judging that transaction has transaction risk, also include:Set risk indicator position.
In this step, holder is verified according to current holder's authentication mode, obtain holder's the result, root The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result.Specially:
Holder is verified according to current holder's authentication mode, if holder is proved to be successful, terminal is tested The 3rd the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 0 ".If holder's authentication failed, will be eventually The data on the 3rd the highest-order bit of byte (the 8th bit) of the result are held to be updated to " 1 ".
For example:When current holder's authentication mode is " signature " and after be proved to be successful, MPOS chips would indicate that holder tests Card one the highest-order bit of the binary data of byte of result (the 8th bit) is updated to " 0 ", the terminal after being updated Second byte " 00000000 " of the result, i.e. hexadecimal data " 0x00 ", the terminal authentication result after being updated 0x00 0x00 0x00 0x00 0x00。
Step 416:MPOS chips carry out terminal risk management;
Specifically, MPOS chips obtain the dealing money of IC chip, and the dealing money according to the IC chip for getting is carried out Terminal risk management, obtains terminal risk management result, and the 4th word of terminal authentication result is updated according to risk management result Section, the terminal authentication result after being updated.
More specifically, MPOS chips obtain the dealing money of IC chip, and whether detection dealing money exceedes trading limit, If it is, be updated to " 1 " the 4th the highest-order bit of byte (the 8th bit) of terminal authentication result if, otherwise, 4th the highest-order bit of byte (the 8th bit) of terminal authentication result is updated to " 0 ".
For example, MPOS chips obtain the dealing money of IC chip, detection dealing money 00 is no more than trading limit 5000, then 4th the highest-order bit of byte (the 8th bit) of terminal authentication result is updated to " 0 ", the terminal after being updated 4th byte " 00000000 " of the result, i.e. hexadecimal data " 0x00 ", the terminal authentication result after being updated 0x00 0x00 0x00 0x00 0x00。
In the present embodiment, trading limit is the top limit that Bluetooth intelligent card is supported transaction.
Step 417:MPOS chips carry out terminal behavior analysis;Obtain terminal behavior analysis result;
Specifically, MPOS chips are corresponding by the terminal authentication result after renewal and the terminal behavior code (TAC) of itself Bit on data carry out obtaining operation result with computing, according to operation result line be analysis result.
More specifically, MPOS chips are by the terminal authentication result after renewal and the terminal behavior code (TAC) of itself, phase Data on corresponding bit carry out obtaining operation result with computing, if operation result is 0, set behavior terminal analysis knot Fruit is log-in treatment, performs step 418;If operation result is non-zero, line is that analysis result is requests transaction Refusal, performs step 418.
In the present embodiment, terminal behavior code can be default.When terminal behavior code is to preset, it is preferable that pre- If terminal behavior code in bit corresponding with the risk bit of terminal authentication result on data be 1.For example, Terminal authentication result after the renewal that MPOS chips are obtained is 0x00 0x00 0x00 0x00 0x00, and terminal authentication result is corresponding Binary data be the default terminal of 00,000,000 00,000,000 00,000,000 00,000,000 00000000, MPOS chips Behavior code is 0x4c 0x00 0x80 0x80 0x00, and the corresponding binary data of terminal behavior code is 01001100 00000000 10000000 10000000 00000000;MPOS chips by each byte of terminal authentication result each ratio The special position bit corresponding with the terminal behavior code of itself each byte is carried out and computing, the terminal behavior analysis knot for obtaining Fruit is 0x00,0x00,0x00,0x00,0x00, and line is that analysis result is log-in treatment.
In the present embodiment, terminal behavior code can not also be default, necessarily, if the MPOS chips are according to Trading instruction judges there is transaction risk, also includes before step 417:Update terminal behavior code;
Terminal behavior code is updated to be specially:By on the risk bit with terminal authentication result in terminal behavior code Data for " 1 " the corresponding bit of bit in, the data at least one bit are updated to 1 by 0.
In the present embodiment, the risk bit of terminal authentication result includes:The of the first character section of terminal authentication result Seven bits, the 4th bit and the 3rd bit;The highest-order bit (the 8th bit of the 3rd byte of terminal authentication result Position);4th the highest-order bit of byte (the 8th bit) of terminal authentication result.
For example:If the MPOS chips judge there is transaction risk according to the trading instruction, MPOS chips by itself Off line authentication mode be updated to perform step 404 after more secure level, after step 404 is continued executing with, step 417 it Before, also include:Update terminal behavior code;
Specifically for example:When the off line authentication mode of itself is updated to dynamic authentication by MPOS chips by static certification, if Off line authentification failure, MPOS chips are by the number on the highest-order bit (the 8th bit) in the first byte of terminal authentication result According to being updated to " 0 ";And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to " 1 ", are incited somebody to action It is that data are updated to " 0 " on 3rd bit, the terminal authentication result after being updated is " 00,001,000 00000000 0000000 00000000 00000000”;After step 404 is continued executing with, before step 417, MPOS chips are by terminal row For the data on the corresponding bit of the 4th bit of the first character section " 0000000000 " of code are updated to 1 by 0, obtain Terminal behavior code after renewal is " 00,001,000 00,000,000 0,000,000 00,000,000 00000000 ".When MPOS cores When piece goes to step 417, the terminal authentication result after the renewal that MPOS chips are obtained is " 00,001,000 00000000 0000000 00,000,000 00000000 ", the terminal behavior code of MPOS chips itself is " 00,001,000 00000000 0000000 00,000,000 00000000 ", MPOS chips by each bit of each byte of terminal authentication result and itself The corresponding bit of terminal behavior code each byte carry out be with computing operation result it is non-zero, then line for point Analysis result is refused for requests transaction, performs step 418.
It should be noted that, in the present embodiment, terminal behavior code (TAC) is specially terminal behavior code (TAC)-refusal.
Step 418:MPOS chips send request application cryptogram and instruct according to terminal behavior analysis result to IC chip;
Step 419:IC chip carries out card behavioural analysis, obtains card behavior analysis result;
Wherein, card behavior analysis result is authorization requests ciphertext (ARQC) or application authorization ciphertext (AAC).
Step 420:IC chip sends card behavioural analysis result to MPOS chips;
Step 421:MPOS chips set Trading Authorization result according to card behavior analysis result;
Specifically, if card behavior analysis result is authorization requests ciphertext (ARQC), MPOS chips are by Trading Authorization result It is set to online process;If piece behavioural analysis result is application authorization ciphertext (AAC), MPOS chips set Trading Authorization result For transaction is refused.
For example:Card behavior analysis result is authorization requests ciphertext (ARQC), and MPOS chips set Trading Authorization result It is online process " 02 ".
Step 422:MPOS chips by Bluetooth channels to mobile terminal send include Trading Authorization result, Transaction Information and The transaction message of air control data;
Specifically, MPOS chips are signed to air control data, obtain signature value, and tissue includes Trading Authorization result, hands over The transaction message of easy information, air control data and signature value, sent to mobile terminal by Bluetooth channels include Trading Authorization result, The transaction message of Transaction Information, air control data and signature value.
For example:MPOS chip cards tissue includes the transaction report of Trading Authorization result, Transaction Information, air control data and signature value Wen Hou, the transaction message for obtaining is:02 95 05 08 80 00 00 00 9a 03 15 12 24 9f 37 04 cb b9 32 b3 82 02 7c 00 9f 36 02 00 3b 9f 27 01 80 9f 26 08 b7 63 29 74 b0 98 77 92 9f 10 08 07 01 01 03 a4 b8 04 01 9f 34 03 41 03 02 9f 41 04 00 00 00 03 84 07 a0 00 00 03 33 01 01 9f 09 02 00 8c 9c 01 31 5f 2a 02 01 56 9f 1a 02 01 56 9f 03 06 00 00 00 00 00 00 9f 33 03 a0 c8 c8 9f 35 01 34 9f 1e 08 00 00 00 00 00 00 00 00 9f 02 06 00 00 00 00 00 00 7E 3E 01 C4 5E 05 B6 D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD 16 F5 44 68 E0 CE 87 0B DF 63 E2 39 E2 7A 1B 48 D8 9E AF 52 AA 6D 0C 7A 8A 21 08 DC F0 2A 7A 62 D1 44 F6 3B 10 81 7B 79 5C 5C 1C F8 2C 92 E0.Wherein, first character section " 02 " is Trading Authorization result, Represent online process;" 9f 02 06 00 00 00 00 00 00 " is dealing money, represents that dealing money is 0 yuan;“9a 03 15 12 24 " it is trade date, expression trade date is on December 24th, 2015.Wherein, " the B6 of 01 C4 5E of 7E 3E 05 D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD The E2 7A 1B of 16 F5,44 68 E0 CE, 87 0B DF, 63 E2 39 " are air control data;“48 D8 9E AF 52 AA 6D The E0 of 21 08 79 5C 5C 1C F8 2C of DC 10 81 7B of F0 2A 7A 62 D1,44 F6 3B of 0C 7A 8A 92 " are Signature value.
It should be noted that, MPOS chips can also be signed before this step to air control data, obtain signature value.
It should be noted that, if if MPOS chips are tested holder according to online PIN verification modes in step 415 Card, also includes the online PIN code of the user input that MPOS chips get in transaction message.
Step 422 may be replaced by:MPOS chips are sent by Bluetooth channels to mobile terminal includes Trading Authorization knot Fruit and the transaction message of Transaction Information.
Step 423:Mobile terminal is according to the online message of transaction message tissue;
Step 424:Mobile terminal sends online message to server;
Step 425:Server carries out risk management according to online message, obtains risk management result;
Step 426:Server is according to the transaction response of risk management result tissue;
Step 427:Server sends transaction response to mobile terminal;
Step 428:Mobile terminal sends transaction response by Bluetooth channels to MPOS chips;
Step 429:MPOS chips are according to transaction response generation transaction record;
Step 430:MPOS chips send transaction record by Bluetooth channels to mobile terminal;
Step 431:Mobile terminal completes to conclude the business according to transaction record.
In the present embodiment, after step 412, also include:Friendship in Transaction Information of the MPOS chips in trading instruction Easy type, judges whether to show the dealing money in Transaction Information, if it is not, then performing step 413;Otherwise, then transaction is shown The amount of money, waits user to confirm, after user's confirmation is detected in the first Preset Time, performs step 413;If first User's confirmation is not detected in Preset Time, error message is returned to mobile terminal;
Also include before step 422:MPOS chips judge that Trading Authorization result is transaction refusal or online process, if transaction Authorization result is refused for transaction, then the transaction of MPOS chips refusal, display refusal Transaction Information;If Trading Authorization result is online place Reason, performs step 422.
It should be noted that, in the present embodiment, bluetooth module can also be included in Bluetooth intelligent card, MPOS chips and movement are eventually Bluetooth communication between end can be, but not limited to be realized by bluetooth module.
The method of the blue-tooth intelligence card control transaction risk that the present embodiment is provided, the Bluetooth intelligent card need not be by finance Terminal can just complete financial transaction, and after air control data are got according to trading instruction, the air control data according to itself are calculated Air control index, when air control index is more than the first risk threshold value, by the off line authentication mode in stand-by mode of concluding the business or holder At least one of trading limit in authentication mode or terminal management risk mode, after being updated to safer rank, then enters Row transaction prepares and continues, and before behavioural analysis result is obtained, terminal behavior code is updated, afterwards according to terminal authentication knot Fruit and terminal behavior code carry out behavioural analysis and obtain behavioural analysis result, are judged whether to according to behavioural analysis result online Transaction, improves the security and convenience of transaction.
Embodiment 5
A kind of Bluetooth intelligent card is present embodiments provided, including:Link block 01, the first receiver module 02, transaction prepare Module 03, the first update module 04, behavioural analysis module 05, setting Authorization result module 06, the first sending module 07, second connect Receive module 08, the sending module 10 of trades record module 09 and second;Necessarily, Bluetooth intelligent card also includes:Risk judgment module 11st, the second update module 12 and/or the 3rd update module 13;Wherein, a kind of block diagram of Bluetooth intelligent card can be such as Fig. 6 It is shown.
Link block 01, for setting up bluetooth connection with mobile terminal;
First receiver module 02, for after link block 01 and mobile terminal set up bluetooth connection, by Bluetooth channels Receive the trading instruction from mobile terminal;
Transaction preparation module 03, trading instruction and the transaction of itself for being received according to the first receiver module 02 prepare Mode is traded preparation and obtains transaction preparation result;
First update module 04, the transaction for being obtained according to transaction preparation module 03 prepares result and updates terminal authentication knot Really;
In the present embodiment, the first update module 04, if it is failure that can prepare result specifically for transaction, terminal is tested The data on risk bit in card result are updated to second value, the terminal authentication result after being updated;If transaction is accurate Standby result is successfully, then the data on the risk bit in terminal authentication result to be updated into the first numerical value, after being updated Terminal authentication result.
In the present embodiment, Bluetooth intelligent card can also include:Initialization module;
Initialization module, for when the first update module 04 according to transaction prepare result update terminal authentication result before, It is the first numerical value by the data initialization on all bits of terminal authentication result;Correspondingly, the first update module 04, specifically If it is failure to prepare result for concluding the business, the data on the risk bit in terminal authentication result are updated to the second number Value, the terminal authentication result after being updated.
Behavioural analysis module 05, for according to the terminal authentication result and the terminal of itself after the renewal of the first update module 04 Behavior code carries out behavioural analysis and obtains behavioural analysis result;
Behavioural analysis module 05 includes:Terminal behavior analyzes submodule and card behavioural analysis submodule;
Terminal behavior analyzes submodule, for by the terminal authentication result bit corresponding with terminal behavior code Data carry out computing, obtain operation result, according to operation result line be analysis result;
Terminal behavior analysis submodule includes:First arithmetic element and the first setting unit;
First arithmetic element, for the data on the terminal authentication result bit corresponding with terminal behavior code to be entered Row and computing;
First setting unit, if being the first result for the operation result of the first arithmetic element, will then by terminal behavior Analysis result is set to log-in treatment;If the operation result of the first arithmetic element is not the first result, by terminal behavior Analysis result is set to requests transaction refusal;
Card behavioural analysis submodule, for carrying out card behavioural analysis according to terminal behavior analysis result, sets card Behavioural analysis result, using card behavior analysis result as behavioural analysis result.
Behavioural analysis submodule, if terminal behavior analysis result is set into requests transaction specifically for the first setting unit During refusal, card behavioural analysis is carried out according to terminal behavior analysis result, it is that application authorization is close to set card behavior analysis result Text, using card behavior analysis result as behavioural analysis result;If be set to for terminal behavior analysis result by the first setting unit During log-in treatment, then card behavior analysis result is set to authorization requests ciphertext or application authorization ciphertext, by card row It is analysis result as behavioural analysis result.
Authorization result module 06 is set, if being that authorization requests are close for the behavioural analysis result that behavioural analysis module 05 is obtained Text, then it is online process to set Trading Authorization result;If the behavioural analysis result that behavioural analysis module 05 is obtained is application authorization Ciphertext, then be set to transaction refusal by Trading Authorization result;
First sending module 07, for Trading Authorization result to be set into online process when setting Authorization result module 06 Afterwards, the transaction report of the Transaction Information included in Trading Authorization result and trading instruction is sent to mobile terminal by Bluetooth channels Text;
Second receiver module 08, for receiving the transaction response from mobile terminal by Bluetooth channels;
Trades record module 09, for the transaction response generation transaction note received according to the second receiver module 08 Record;
Second sending module 10, for sending transaction record to mobile terminal by Bluetooth channels;
Risk judgment module 11, the trading instruction for being received according to the first receiver module 02 judges whether transaction Risk;After risk judgment module 11 is judged as NO, triggering transaction preparation module 03;
In the present embodiment, risk judgment module 11 includes:First acquisition submodule, the first judging submodule, first calculate Submodule, the second judging submodule and the first sub-module stored;
First acquisition submodule, for obtaining the air control data in trading instruction;
First judging submodule, for judging to whether there is data in scratchpad area (SPA);
First calculating sub module, for after the first judging submodule is judged as YES, then by the data in scratchpad area (SPA) As air control historical data, air control index is calculated according to air control data and air control historical data;
Second judging submodule, for judging air control index whether more than the first risk threshold value;
First sub-module stored, for after the first judging submodule is judged as NO, air control data Cun Chudao being deposited temporarily In storage area, triggering transaction preparation module 03;After the second judging submodule is judged as NO, by air control data Cun Chudao interim storages Qu Zhong, triggering transaction preparation module 03.
Further, also include in transaction message:Air control data.
Second update module 12, for after risk judgment module 11 is judged as YES, transaction preparation module 03 to be concluded the business Before preparing result, transaction stand-by mode is updated to more secure level;
3rd update module 13, for after risk judgment module 11 is judged as YES, behavioural analysis module 05 to obtain behavior Before analysis result, the terminal behavior code of itself is updated.
In the present embodiment, if risk judgment module 11 triggers the second update module 12 and the first update module after being judged as YES 04 updates triggering behavioural analysis module 05 after terminal authentication result, then terminal behavior code can be default, terminal behavior generation In code is second value with the data on corresponding bit on risk bit.
In the present embodiment, the 3rd update module 13 can be specifically for after risk judgment module 11 be judged as YES, behavior To with the data on risk bit be the second number in terminal behavior code before analysis module 05 obtains behavioural analysis result In the corresponding bit of bit of value, the data at least one bit are updated to second value.
In the present embodiment, the 3rd update module 13 can also be specifically for after risk judgment module 11 be judged as YES, OK Before obtaining behavioural analysis result for analysis module 05, by terminal behavior code with corresponding bit on risk bit On data be updated to second value.
In the present embodiment, transaction stand-by mode includes:Off line authentication mode, treatment limitation mode, holder's authentication mode With terminal risk management mode;
Transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule, reading application record submodule Block, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule;
First update module 04 is specifically included:First update submodule, second update submodule, the 3rd update submodule and 4th updates submodule;
Submodule is applied in selection, for being selected to apply according to trading instruction;
Submodule is applied in initialization, for initializing the application for having selected;
Record sub module is applied in reading, for reading application record;
Off line authentication sub module, off line certification is carried out for the off line authentication mode according to itself, obtains off line certification knot Really;
Holder's authentication sub module, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of itself limitation mode Really;
Holder verifies submodule, for obtaining holding for itself according to the application record for reading to be read using record sub module Card people's authentication mode;Holder's authentication mode according to itself carries out checking to holder and obtains holder's the result;
Holder verifies submodule, if being judged in the absence of transaction according to trading instruction specifically for risk judgment module 11 Risk, then will according to read using record sub module read application record in the authentication list of holder first as itself The authentication list of holder second is simultaneously preserved, and the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to The holder's authentication mode of itself is verified to holder;If risk judgment module 11 is judged to exist according to trading instruction handing over Easy risk, then obtain the holder's authentication mode of itself, the holder's certification according to itself according to the authentication list of holder second Mode is verified to holder.
Treatment limitation submodule, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of itself limitation mode Really;
Risk management submodule, terminal risk management is carried out for the terminal risk management mode according to itself, obtains end End risk management result;
First updates submodule, for updating terminal authentication result according to off line authentication result;
Second updates submodule, for updating terminal authentication result according to treatment limitation result;
3rd updates submodule, for according to holder's the result, updating terminal authentication result;
4th updates submodule, for according to terminal risk management result, updating terminal authentication result.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule, Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule During block, the second update module 12 can be specifically included:5th updates submodule, the 6th renewal submodule, the 7th renewal submodule Block, the 8th update at least one of submodule;
5th updates submodule, for after risk judgment module 11 is judged as YES, off line authentication sub module to obtain off line Before authentication result, off line authentication mode is updated to more secure level;
5th renewal submodule specifically includes the first updating block;
First updating block, for after risk judgment module 11 is judged as YES, off line authentication sub module to obtain off line and recognizes Before card result, off line parameters for authentication according to itself by off line authentication mode by the relatively low off line authentication mode of level of security more The new off line authentication mode higher for level of security.
First updating block, specifically for after risk judgment module 11 is judged as YES, off line authentication sub module is taken off Before machine authentication result, by the parameter value of off line parameters for authentication corresponding with the off line authentication mode that level of security is higher by first Numerical value is updated to second value.
6th updates submodule, for after risk judgment module 11 is judged as YES, treatment limitation submodule to be processed Before limitation result, treatment limitation mode is updated to more secure level;
7th updates submodule, is held for after risk judgment module 11 is judged as YES, holder's checking submodule to be obtained Before card people's the result, holder's authentication mode is updated to more secure level;
7th renewal submodule specifically includes the second updating block;
Second updating block, for after risk judgment module 11 is judged as YES, holder's checking submodule to be obtained and held Before people's the result, the authentication list of holder second is updated, holder's authentication mode is updated to more secure level.
Second updating block, specifically for by the holder in the holder's authentication codes in the authentication list of holder second Authentication mode mark is updated to more secure level, and holder's authentication mode is updated into more secure level.
8th updates submodule, for after risk judgment module 11 is judged as YES, risk management submodule to obtain terminal Before risk management result, terminal risk management mode is updated to more secure level.
In the present embodiment, risk management submodule carries out terminal risk management specifically for the trading limit according to itself, Terminal risk management result is obtained, terminal authentication result is updated according to risk management result;Correspondingly, the 8th updates submodule, Specifically for reducing trading limit.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule, Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule During block, can also include:Transaction Information judge module, the first display module, first detection module and the module that reports an error;
Transaction Information judge module, for after application record sub module reading application record is read, according in trading instruction Transaction Information judge whether show Transaction Information in dealing money;If so, then triggering off line authentication sub module;
First display module, for after Transaction Information judge module is judged as YES, showing dealing money;When the first detection Module does not detect user's confirmation in the first Preset Time, shows error message;When Trading Authorization result is transaction Refusal, display refusal Transaction Information;
Report an error module, for after the first display module shows error message, error message being returned to mobile terminal;
First detection module, for after the first display module shows dealing money, being detected in the first Preset Time and being used Family confirmation;If after user's confirmation is detected in the first Preset Time, triggering off line authentication sub module.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule, Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule During block, holder's checking submodule can be specifically for the prompting online PIN of user input, if being obtained in the second Preset Time To the online PIN of user input, then holder is verified according to the holder's authentication mode for including the online PIN of input, obtained Take holder's the result;If not getting the online PIN of user input in the second Preset Time, holder's checking knot Fruit is holder's authentication failed;Correspondingly, the also online PIN including user input in transaction message.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule, Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule During block, can also include:Initialization module;
Initialization module, for when first update submodule according to off line authentication result update terminal authentication result before, It is the first numerical value by the data initialization on all bits of terminal authentication result;
First updates submodule, if being authentification failure specifically for off line authentication result, will be de- in terminal authentication result Data on machine certification risk bit are updated to second value, the terminal authentication result after being updated;
3rd updates submodule, if being holder's authentication failed specifically for holder's the result, by terminal authentication The data on holder's checking risk bit in result are updated to second value, the terminal authentication result after being updated;
4th updates submodule, and whether trading limit is exceeded specifically for the dealing money in detection trading instruction, if so, The data on the risk management risk bit in terminal authentication result are then updated to second value.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule, Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule During block, first updates submodule, if can also be authentification failure specifically for off line authentication result, by terminal authentication result Data on off line certification risk bit are updated to second value, the terminal authentication result after being updated;If off line certification Result is certification success, and the data on the off line certification risk bit in terminal authentication result are updated into the first numerical value, is obtained Terminal authentication result after to renewal;
3rd updates submodule, if can also be holder's authentication failed specifically for holder's the result, will eventually The data on holder's checking risk bit in the result of end are updated to second value, the terminal authentication after being updated As a result;If holder's the result is proved to be successful for holder, the holder in terminal authentication result is verified into risk bit Data on position are updated to the first numerical value, the terminal authentication result after being updated;
4th updates submodule, can also be limited specifically for whether the dealing money in detection trading instruction exceedes transaction Volume, if so, the data on the risk management risk bit in terminal authentication result then are updated into second value;Otherwise, will The data on risk management risk bit in terminal authentication result are updated to the first numerical value.
Further, if risk judgment module 11 triggers the second update module 12 and the first update module 04 after being judged as YES Trigger behavioural analysis module 05 after updating terminal authentication result, then terminal behavior code can be it is default, specifically, terminal row The data on bit corresponding with off line certification risk bit in for code are second value;In terminal behavior code Data on bit corresponding with holder's checking risk bit are second value;In terminal behavior code with risk pipe Data on reason risk bit are second value.
Further, the 3rd update module 13, can be specifically for after risk judgment module 11 is judged as YES, behavior divides Analysis module 05 obtain behavioural analysis result before, by terminal behavior code with off line certification risk bit on, holder On checking risk bit in bit corresponding with the bit that the data on risk management risk bit are second value , the data at least one bit are updated to second value;After risk judgment module 11 is judged as NO, triggering transaction is accurate Standby module 03.
Further, the 3rd update module 13, can also be specifically for after risk judgment module 11 be judged as YES, behavior Before analysis module 05 obtains behavioural analysis result, by terminal behavior code with off line certification risk bit, holder Data on checking risk bit and the corresponding bit of risk management risk bit are updated to second value;When risk is sentenced After disconnected module 11 is judged as NO, triggering transaction preparation module 03.
In the present embodiment, off line certification risk bit includes:7th bit of the first character section of terminal authentication result Position, the 4th bit and the 3rd bit;
Holder's the result risk bit includes:3rd the 8th bit of byte of terminal authentication result;
Risk management risk bit includes:4th the 8th bit of byte of terminal authentication result.
In the present embodiment, Bluetooth intelligent card can specifically include IC chip and MPOS chips;Correspondingly:
Link block 01, specifically for setting up bluetooth connection by MPOS chips and mobile terminal;
First receiver module 02, specifically for after link block 01 and mobile terminal set up bluetooth connection, by MPOS Chip receives the trading instruction from mobile terminal by Bluetooth channels;
Transaction preparation module 03, specifically for sending transaction preparation instruction to IC chip by MPOS chips, reception comes from The transaction of IC chip prepares response;By stating trading instruction and the MPOS cores that MPOS chips are received according to the first receiver module 02 The transaction stand-by mode of piece is traded preparation and obtains transaction preparation result;
First update module 04, specifically for preparing knot according to the transaction that transaction preparation module 03 is obtained by MPOS chips Fruit updates terminal authentication result;
Behavioural analysis module 05, specifically for by MPOS chips according to the terminal authentication result after renewal and the end of itself End behavior code carries out behavioural analysis and obtains behavioural analysis result;
Further, behavioural analysis module 05 is specifically included:Terminal behavior analyzes submodule and card behavioural analysis submodule Block;Card behavioural analysis submodule is specifically included:First transmitting element, the first analytic unit, the second transmitting element and the first knot Fruit unit;
Terminal behavior analyzes submodule, specifically for by MPOS chips by terminal authentication result and terminal behavior code Data on corresponding bit carry out computing, obtain operation result, are analysis result according to operation result line;
First transmitting element, it is close for terminal behavior analysis result to be sent into request application to IC chip by MPOS chips Text instruction;
First analytic unit, for carrying out card behavioural analysis by IC chip, obtains card behavior analysis result;
Second transmitting element, for sending card behavioural analysis result to MPOS chips by IC chip;
First result unit, for by MPOS chips using card behavior analysis result as behavioural analysis result.
Authorization result module 06 is set, if please to authorize specifically for the behavioural analysis result that behavioural analysis module 05 is obtained Ciphertext is sought, then it is online process to set Trading Authorization result by MPOS chips;If the behavior that behavioural analysis module 05 is obtained point Analysis result is application authorization ciphertext, then Trading Authorization result is set into transaction refusal by MPOS chips;
First sending module 07, specifically for passing through MPOS chips by Trading Authorization result when setting Authorization result module 06 After being set to online process, being sent to mobile terminal by Bluetooth channels by MPOS chips includes Trading Authorization result and transaction The transaction message of the Transaction Information in instruction;
Second receiver module 08, specifically for receiving the transaction from mobile terminal by Bluetooth channels by MPOS chips Response;
Trades record module 09, specifically for generating transaction record according to transaction response by MPOS chips;
Second sending module 10, specifically for sending transaction note to mobile terminal by Bluetooth channels by MPOS chips Record;
Risk judgment module 11, specifically for the trading instruction received according to the first receiver module 02 by MPOS chips Judge whether transaction risk;After risk judgment module 11 is judged as NO, triggering transaction preparation module 03;
Second update module 12, specifically for after risk judgment module 11 is judged as YES, transaction preparation module 03 is obtained Before transaction prepares result, transaction stand-by mode is updated to by more secure level by MPOS chips;
3rd update module 13, specifically for after risk judgment module 11 is judged as YES, behavioural analysis module 05 is obtained Before behavioural analysis result, the terminal behavior code of itself is updated by MPOS chips.
In the present embodiment, transaction stand-by mode includes:Off line authentication mode, treatment limitation mode, holder's authentication mode With terminal risk management mode:Accordingly;
Transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule, reading application record submodule Block, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule;
First update module 04 is specifically included:First update submodule, second update submodule, the 3rd update submodule and 4th updates submodule;
Selection is specifically included using submodule:3rd transmitting element, selection applying unit and the 4th transmitting element;Initialization Submodule is specifically included:5th transmitting element, initialization applying unit and the 6th transmitting element;Read application record sub module specific Including:Recording unit and the 8th transmitting element are applied in 7th transmitting element, reading;Off line authentication sub module is specifically included:9th Transmitting element, the tenth transmitting element and off line authentication unit;Treatment limitation submodule is specifically included:Treatment limiting unit;Hold People's checking submodule is specifically included:Holder's authentication unit;Risk management submodule is specifically included:Risk management unit;
First renewal submodule is specifically included:3rd updating block;Second renewal submodule is specifically included:4th updates single Unit;3rd renewal submodule is specifically included:5th updating block;Institute the 4th updates submodule and specifically includes:6th updating block;
3rd transmitting element, for sending selection application instruction to IC chip by MPOS chips;
Selection applying unit, for selecting application according to selection application instruction by IC chip;
4th transmitting element, for sending selection application success response to MPOS chips by IC chip;
5th transmitting element, initialization directive is applied for being sent to IC chip by MPOS chips;
Initialization applying unit, for initializing the application for having selected by IC chip;
6th transmitting element, for returning to application initialization successful respond to MPOS chips by IC chip;
7th transmitting element, for sending reading application recording instruction to IC chip by MPOS chips;
Reading application recording unit, for reading application record by IC chip;
8th transmitting element, for returning to read record successful respond to MPOS chips by IC chip;
9th transmitting element, instructs for sending off line certification to IC chip by MPOS chips;
Tenth transmitting element, for receiving the off line certification response from IC chip by MPOS chips;
Off line authentication unit, the off line certification response for being received according to MPOS chips obtains off line authentication result;
Treatment limiting unit, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of MPOS chips limitation mode Really;
Holder's authentication unit, the read record successful respond for being received according to MPOS chips obtains holding for MPOS chips Card people's authentication mode;Holder's authentication mode according to MPOS chips verifies to holder, obtains holder's the result;
Risk management unit, terminal risk management is carried out for the terminal risk management mode according to MPOS chips, is obtained Terminal risk management result;
3rd updating block, for updating terminal authentication result according to off line authentication result;
4th updating block, for updating terminal authentication result according to treatment limitation result;
5th updating block, for according to holder's the result, updating terminal authentication result;
6th updating block, for according to terminal risk management result, updating terminal authentication result.
It should be noted that, in the present embodiment, bluetooth module, Bluetooth intelligent card and movement can also be included in Bluetooth intelligent card Bluetooth communication between terminal can be, but not limited to be realized by bluetooth module.
A kind of Bluetooth intelligent card is present embodiments provided, the Bluetooth intelligent card by financial terminal without can just complete Financial transaction, and after trading instruction is received, transaction risk is judged whether according to trading instruction, if there is risk, Also include:Preparation is traded again after transaction stand-by mode is updated into more secure level, and preparing result according to transaction updates eventually Hold behavior outcome and/or update the terminal behavior code of itself before carrying out behavioural analysis;Afterwards according to terminal authentication result Behavioural analysis being carried out with terminal behavior code and obtaining behavioural analysis result, online friendship is judged whether to according to behavioural analysis result Easily, the security and convenience of transaction are improved.
The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto, Any one skilled in the art in technical scope disclosed by the invention, the change or replacement that can be readily occurred in, Should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims It is defined.

Claims (58)

1. a kind of method of blue-tooth intelligence card control transaction risk, it is characterised in that including:
Step s1:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
Step s2:The Bluetooth intelligent card receives the trading instruction from the mobile terminal by Bluetooth channels;
Step s3:The Bluetooth intelligent card is traded preparation and obtains according to the trading instruction and the transaction stand-by mode of itself Transaction prepares result, and preparing result according to transaction updates terminal authentication result;
Step s4:The Bluetooth intelligent card carries out behavioural analysis according to the terminal authentication result and the terminal behavior code of itself Behavioural analysis result is obtained, if behavioural analysis result is authorization requests ciphertext, it is online process to set Trading Authorization result, is held Row step s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, the bluetooth Intelligent Card Rejections transaction, terminates;
Step s5:The Bluetooth intelligent card by Bluetooth channels to the mobile terminal send include the Trading Authorization result with The transaction message of the Transaction Information in the trading instruction;
Step s6:The Bluetooth intelligent card receives the transaction response from the mobile terminal by the Bluetooth channels;
Step s7:The Bluetooth intelligent card is according to the transaction response generation transaction record;
Step s8:The Bluetooth intelligent card sends the transaction record by Bluetooth channels to the mobile terminal, terminates;
After the trading instruction of the reception from the mobile terminal, also include:The Bluetooth intelligent card is according to the transaction Instruction judges whether transaction risk:When judged result is to be, also include before the step s3:The Bluetooth intelligent card Also include before the transaction stand-by mode is updated into more secure level and/or the step s4:The Bluetooth intelligent card Update the terminal behavior code of itself;When judged result is no, step s3 is performed.
2. method according to claim 1, it is characterised in that described result is prepared according to transaction to update terminal authentication result Specially:If it is failure that transaction prepares result, the data on the risk bit in terminal authentication result are updated to second Numerical value, the terminal authentication result after being updated;If it is successfully, by the wind in terminal authentication result that transaction prepares result Data on dangerous bit are updated to the first numerical value, the terminal authentication result after being updated.
3. method according to claim 1, it is characterised in that described result is prepared according to transaction to update terminal authentication result Before, also include:Data initialization on all bits of the terminal authentication result is first by the Bluetooth intelligent card Numerical value;
It is described to be specially according to transaction preparation result renewal terminal authentication result:If it is failure that transaction prepares result, by terminal The data on risk bit in the result are updated to second value, the terminal authentication result after being updated.
4. according to the method in claim 2 or 3, it is characterised in that if the Bluetooth intelligent card is according to the trading instruction There is transaction risk in judgement, the transaction stand-by mode is updated into more secure level performs step s3, after the step s3 Perform step s4;Then the data on the bit corresponding with the risk bit in the terminal behavior code are the second number Value.
5. according to the method in claim 2 or 3, it is characterised in that the Bluetooth intelligent card updates the terminal behavior of itself Code is specially:To with the data on the risk bit be the bit pair of second value in the terminal behavior code In the bit answered, the data at least one bit are updated to second value.
6. according to the method in claim 2 or 3, it is characterised in that the renewal terminal behavior code of itself, specifically For:Data on bit corresponding with the risk bit in the terminal behavior code are updated to second value.
7. method according to claim 1, it is characterised in that described according to the terminal authentication result and the terminal of itself Behavior code carries out behavioural analysis and obtains behavioural analysis result, specifically includes:
Step s41:The Bluetooth intelligent card is by the terminal authentication result bit corresponding with the terminal behavior code Data on position carry out computing, obtain operation result, are analysis result according to the operation result line;
Step s42:The Bluetooth intelligent card carries out card behavioural analysis according to the terminal behavior analysis result, sets card row It is analysis result, using card behavior analysis result as behavioural analysis result.
8. method according to claim 7, it is characterised in that the step s41 is specially:The Bluetooth intelligent card is by institute The data stated on the terminal authentication result bit corresponding with the terminal behavior code are carried out and computing, if operation result is First result, then be set to log-in treatment by the terminal behavior analysis result;Otherwise, the terminal behavior is analyzed and is tied Fruit is set to requests transaction refusal;
The step s42 is specially:If the terminal behavior analysis result is refused for requests transaction, the Bluetooth intelligent card root Card behavioural analysis is carried out according to the terminal behavior analysis result, it is application authorization ciphertext to set card behavior analysis result, will Card behavior analysis result is used as behavioural analysis result;If the terminal behavior analysis result is log-in treatment, will card Piece behavioural analysis result is set to authorization requests ciphertext or application authorization ciphertext, using card behavior analysis result as behavioural analysis As a result.
9. method according to claim 1, it is characterised in that described that transaction is judged whether according to the trading instruction Risk, specifically includes:
Step a1:Whether the Bluetooth intelligent card obtains the air control data in the trading instruction, judges deposited in scratchpad area (SPA) In data, if it is, using the data in the scratchpad area (SPA) as air control historical data, performing step a2;Otherwise, do not deposit In transaction risk, by the air control data Cun Chudao scratchpad area (SPA)s;
Step a2:The Bluetooth intelligent card calculates air control index according to the air control data and the air control historical data, judges Whether air control index is more than the first risk threshold value, if it is, there is transaction risk;Otherwise, in the absence of transaction risk, will be described In air control data Cun Chudao scratchpad area (SPA)s.
10. method according to claim 9, it is characterised in that also include in the transaction message:The air control data.
11. methods according to claim 1, it is characterised in that the transaction stand-by mode includes:Off line authentication mode, Treatment limitation mode, holder's authentication mode and terminal risk management mode:
The step s3 is specifically included:
Step s31:The Bluetooth intelligent card selects to apply according to the trading instruction, the application that initialization has been selected, and reading should With record;
Step s32:The Bluetooth intelligent card carries out off line certification according to the off line authentication mode of itself, obtains off line certification knot Really, terminal authentication result is updated according to off line authentication result;
Step s33:The Bluetooth intelligent card carries out treatment limitation and obtains treatment limitation result according to the treatment of itself limitation mode, Terminal authentication result is updated according to treatment limitation result;
Step s34:The Bluetooth intelligent card obtains the holder's authentication mode of itself according to the application record for reading;According to itself Holder's authentication mode to holder carry out checking obtain holder's the result, according to holder's the result more new terminal The result;
Step s35:The Bluetooth intelligent card carries out terminal risk management according to the terminal risk management mode of itself, obtains terminal Risk management result, terminal authentication result is updated according to terminal risk management result.
12. methods according to claim 11, it is characterised in that the Bluetooth intelligent card concludes the business stand-by mode more by described It is newly more secure level, specially:The Bluetooth intelligent card recognizes the off line authentication mode, treatment limitation mode, holder At least one of card mode and terminal risk management mode are updated to more secure level, perform step s31.
13. methods according to claim 11, it is characterised in that also include after the step s31:The blue-tooth intelligence Block Transaction Information in the trading instruction to judge whether to show the dealing money in the Transaction Information, if it is not, then Perform step s32;If it is, showing the dealing money, user is waited to confirm, if detecting use in the first Preset Time Family confirmation, then perform step s32;If not detecting user's confirmation in the first Preset Time, the bluetooth Smart card shows error message, and error message is returned to the mobile terminal;
It is described by Trading Authorization result be set to transaction refusal after, also include:The Bluetooth intelligent card display refusal Transaction Information.
14. methods according to claim 11, it is characterised in that the step s34 is specially:The Bluetooth intelligent card is carried Show the online PIN of user input, if getting the online PIN of user input in the second Preset Time, join according to including being input into Holder's authentication mode of machine PIN verifies to holder, obtains holder's the result, according to holder's the result more The new terminal authentication result;If not getting the online PIN of user input in the second Preset Time, holder's checking Result is holder's authentication failed, and the terminal authentication result is updated according to holder's the result;
The also online PIN including user input in the transaction message.
15. methods according to claim 11, it is characterised in that also include in the step s31:The Bluetooth intelligent card It is the first numerical value by the data initialization on all bits of the terminal authentication result;
It is described that terminal authentication result is updated according to off line authentication result, specially:If the off line authentication result is authentification failure, The data on the off line certification risk bit in terminal authentication result are then updated to second value, it is described after being updated Terminal authentication result;
It is described that the terminal authentication result is updated according to holder's the result, specially:If holder's the result is to hold People's authentication failed, then be updated to second value by the data on the holder's checking risk bit in terminal authentication result, obtains Terminal authentication result after to renewal;
It is described that the terminal authentication result is updated according to risk management result, specially:The Bluetooth intelligent card detects the friendship Whether the dealing money easily in instruction exceedes trading limit, if so, then by the risk management risk bit in terminal authentication result Data on position are updated to second value.
16. methods according to claim 11, it is characterised in that described that terminal authentication knot is updated according to off line authentication result Really, specially:If the off line authentication result is authentification failure, by the off line certification risk bit in terminal authentication result On data be updated to second value, the terminal authentication result after being updated;If the off line authentication result is certification Data on off line certification risk bit in terminal authentication result are updated to the first numerical value, after being updated by success The terminal authentication result;
It is described that the terminal authentication result is updated according to holder's the result, specially:If holder's the result is to hold People's authentication failed, then be updated to second value by the data on the holder's checking risk bit in terminal authentication result, obtains Terminal authentication result after to renewal;If holder's the result is proved to be successful for holder, by terminal authentication result Data on holder's checking risk bit are updated to the first numerical value, the terminal authentication result after being updated;
It is described that the terminal authentication result is updated according to risk management result, specially:The Bluetooth intelligent card detects the friendship Whether the dealing money easily in instruction exceedes trading limit, if so, then by the risk management risk bit in terminal authentication result Data on position are updated to second value;Otherwise, by the data on the risk management risk bit in terminal authentication result more It is newly the first numerical value.
17. method according to claim 15 or 16, it is characterised in that if the Bluetooth intelligent card refers to according to the transaction Make judgement exist transaction risk by the transaction stand-by mode be updated to perform after more secure level step s3, the step s3 it Step s4 is performed afterwards;The then number on the bit corresponding with the off line certification risk bit in the terminal behavior code According to being second value;The number on bit corresponding with holder checking risk bit in the terminal behavior code According to being second value;The data on bit corresponding with the risk management risk bit in the terminal behavior code It is second value.
18. method according to claim 15 or 16, it is characterised in that the terminal behavior code of the renewal itself, tool Body is:By in the terminal behavior code with the off line certification risk bit on, holder checking risk bit on In bit corresponding with the bit that the data on risk management risk bit are second value, at least one bit On data be updated to second value.
19. method according to claim 15 or 16, it is characterised in that the terminal behavior code of the renewal itself, tool Body is:In the terminal behavior code risk bit and wind will be verified with the off line certification risk bit, holder Data on the corresponding bit of dangerous managing risk bit are updated to second value.
20. method according to claim 15 or 16, it is characterised in that the off line certification risk bit includes:Institute State the 7th bit, the 4th bit and the 3rd bit of the first character section of terminal authentication result;
Holder's the result risk bit includes:3rd the 8th bit of byte of the terminal authentication result Position;
The risk management risk bit includes:4th the 8th bit of byte of the terminal authentication result.
21. methods according to claim 12, it is characterised in that the off line authentication mode is updated to safer level Not, specially:The Bluetooth intelligent card is relatively low by level of security by off line authentication mode according to the off line parameters for authentication of itself Off line authentication mode is updated to level of security off line authentication mode higher.
22. methods according to claim 21, it is characterised in that the off line parameters for authentication according to itself recognizes off line Card mode is updated to level of security off line authentication mode higher and is specially by the relatively low off line authentication mode of level of security:Will be with The parameter value of the corresponding off line parameters for authentication of level of security off line authentication mode higher is updated to second value by the first numerical value.
23. methods according to claim 12, it is characterised in that the step s34 is specially:If the Bluetooth intelligent card Judged in the absence of transaction risk, then holding in the application record that the Bluetooth intelligent card will read according to the trading instruction Block the authentication list of people first as the authentication list of holder second of itself and preserve, obtained according to the authentication list of holder second The holder's authentication mode of itself, the holder's authentication mode according to itself is verified to holder;If the blue-tooth intelligence Card judges there is transaction risk according to the trading instruction, then obtain holding for itself according to the authentication list of the holder second Card people's authentication mode, the holder's authentication mode according to itself is verified to holder.
24. methods according to claim 23, it is characterised in that the Bluetooth intelligent card is by the holder's authenticating party of itself Formula is updated to more secure level, specially:The Bluetooth intelligent card updates the authentication list of holder second, by the holder of itself Authentication mode is updated to more secure level.
25. methods according to claim 24, it is characterised in that the authentication list of renewal holder second, will hold People's authentication mode is updated to more secure level, specially:By the holder's authentication codes in the authentication list of the holder second In holder's authentication mode mark be updated to more secure level, holder's authentication mode is updated to more secure level.
26. methods according to claim 12, it is characterised in that described that end is carried out according to the terminal risk management mode End risk management, obtains terminal risk management result, and it is specific to update the terminal authentication result according to terminal risk management result For:The Bluetooth intelligent card carries out terminal risk management according to the trading limit of itself, obtains terminal risk management result, according to Terminal risk management result updates the terminal authentication result;
It is described terminal risk management mode is updated to more secure level to be specially:The Bluetooth intelligent card reduction transaction limit Volume.
27. methods according to claim 1, it is characterised in that the Bluetooth intelligent card includes IC chip and MPOS chips;
The step s1 is specially:The MPOS chips set up bluetooth connection with mobile terminal;
The step s2 is specially:The MPOS chips receive the trading instruction from the mobile terminal by Bluetooth channels;
The step s3 is specially:The MPOS chips send transaction preparation instruction to the IC chip, receive and come from the IC The transaction of chip prepares response;The MPOS chips are traded preparation and obtain transaction preparation according to the transaction stand-by mode of itself As a result, result is prepared according to the transaction and updates terminal authentication result;
The step s4 is specially:The MPOS chips are carried out according to the terminal authentication result and the terminal behavior code of itself Behavioural analysis obtains behavioural analysis result, if behavioural analysis result is authorization requests ciphertext, it is connection to set Trading Authorization result Machine treatment, performs step s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction and is refused Absolutely, the blue-tooth intelligence Card Rejections transaction, terminates;
The step s5 is specially:The MPOS chips are sent by Bluetooth channels to mobile terminal includes the Trading Authorization knot The transaction message of the Transaction Information in fruit and the trading instruction;
The step s6 is specially:The MPOS chips receive the transaction response from mobile terminal by Bluetooth channels;
The step s7 is specially:The MPOS chips are according to transaction response generation transaction record;
The step s8 is specially:The MPOS chips send transaction record by Bluetooth channels to mobile terminal;Terminate;
The Bluetooth intelligent card judges whether transaction risk according to the trading instruction, specially:The MPOS chips root Transaction risk is judged whether according to the trading instruction;
The transaction stand-by mode is updated to more secure level by the Bluetooth intelligent card, specially:The MPOS chips are by institute State transaction stand-by mode and be updated to more secure level;
The Bluetooth intelligent card updates the terminal behavior code of itself, specially:The MPOS chips update the terminal row of itself It is code.
28. methods according to claim 27, it is characterised in that described according to the terminal authentication result and the end of itself End behavior code carries out behavioural analysis, obtains behavioural analysis result, specifically includes:
Step t1:The MPOS chips are by the terminal authentication result bit corresponding with the terminal behavior code Data carry out computing, obtain operation result, according to the operation result line be analysis result;
Step t2:The MPOS chips send request application cryptogram and instruct according to terminal behavior analysis result to IC chip;
Step t3:The IC chip carries out card behavioural analysis, obtains card behavior analysis result;
Step t4:The IC chip sends card behavioural analysis result to the MPOS chips;
Step t5:The MPOS chips are using card behavior analysis result as behavioural analysis result.
29. methods according to claim 27, it is characterised in that the transaction stand-by mode includes:Off line authentication mode, Treatment limitation mode, holder's authentication mode and terminal risk management mode:
The MPOS chips send transaction preparation instruction to the IC chip, receive the transaction from the IC chip and prepare to answer Answer;The MPOS chips are traded preparation and obtain transaction preparation result according to the transaction stand-by mode of itself, according to the friendship Easily prepare result and update terminal authentication result, specifically include:
Step w1:The MPOS chips send selection application instruction to the IC chip;
Step w2:The IC chip is according to selection application instruction selection application;
Step w3:The IC chip sends selection application success response to the MPOS chips;
Step w4:The MPOS chips send to IC chip and apply initialization directive;
Step w5:The application that the IC chip initialization has been selected;
Step w6:The IC chip returns to application initialization successful respond to the MPOS chips;
Step w7:The MPOS chips send reading application recording instruction to IC chip;
Step w8:The IC chip reads application record;
Step w9:The IC chip returns to read record successful respond to the MPOS chips;
Step w10:The MPOS chips send off line certification and instruct to the IC chip, receive the off line from the IC chip Certification response, off line authentication result is obtained according to the off line certification response, is tested according to the off line authentication result more new terminal Card result;
Step w11:The MPOS chips carry out treatment limitation and obtain treatment limitation result, root according to the treatment of itself limitation mode Result is limited according to the treatment update terminal authentication result;
Step w12:The MPOS chips obtain the holder's authentication mode of itself according to read record successful respond;According to itself Holder's authentication mode verifies to holder, obtains holder's the result, according to holder's the result updates Terminal authentication result;
Step w13:The MPOS chips carry out terminal risk management according to the terminal risk management mode of itself, obtain terminal wind Danger management result, the terminal authentication result is updated according to risk management result.
A kind of 30. Bluetooth intelligent cards, it is characterised in that including:Link block, the first receiver module, transaction preparation module, first Update module, behavioural analysis module, setting Authorization result module, the first sending module, the second receiver module, trades record module With the second sending module;
The link block, for setting up bluetooth connection with mobile terminal;
First receiver module, for after the link block sets up bluetooth connection with the mobile terminal, by bluetooth Trading instruction of the channel reception from the mobile terminal;
The transaction preparation module, for the trading instruction and the transaction of itself that are received according to first receiver module Stand-by mode is traded preparation and obtains transaction preparation result;
First update module, the transaction for being obtained according to the transaction preparation module prepares result and updates terminal authentication knot Really;
The behavioural analysis module, for according to the terminal authentication result and the terminal of itself after first update module renewal Behavior code carries out behavioural analysis and obtains behavioural analysis result;
The setting Authorization result module, if being that authorization requests are close for the behavioural analysis result that the behavioural analysis module is obtained Text, then it is online process to set Trading Authorization result;If the behavioural analysis result that the behavioural analysis module is obtained is using recognizing Card ciphertext, then be set to transaction refusal by Trading Authorization result;
First sending module, for the Trading Authorization result to be set into online place when the setting Authorization result module After reason, the transaction included in the Trading Authorization result and the trading instruction is sent to the mobile terminal by Bluetooth channels The transaction message of information;
Second receiver module, for receiving the transaction response from the mobile terminal by the Bluetooth channels;
The trades record module, for the transaction response generation transaction note received according to second receiver module Record;
Second sending module, for sending what the trades record module was generated to the mobile terminal by Bluetooth channels The transaction record;
The Bluetooth intelligent card also includes:Risk judgment module, the second update module and/or the 3rd update module;
The risk judgment module, the trading instruction for being received according to first receiver module judges whether transaction Risk;After the risk judgment module is judged as NO, the transaction preparation module is triggered;
Second update module, for after the risk judgment module is judged as YES, the transaction preparation module to be handed over Before easily preparing result, the transaction stand-by mode is updated to more secure level;
3rd update module, for after the risk judgment module is judged as YES, the behavioural analysis module to be gone Before for analysis result, the terminal behavior code of itself is updated.
31. Bluetooth intelligent cards according to claim 30, it is characterised in that first update module, if specifically for It is failure that the transaction prepares result, then the data on the risk bit in terminal authentication result are updated into second value, The terminal authentication result after being updated;If it is successfully, by the Hazard ratio in terminal authentication result that transaction prepares result Data on special position are updated to the first numerical value, the terminal authentication result after being updated.
32. Bluetooth intelligent cards according to claim 30, it is characterised in that also include:Initialization module;
The initialization module, for updating terminal authentication result when first update module prepares result according to the transaction Before, it is the first numerical value by the data initialization on all bits of the terminal authentication result;
First update module, if it is failure to prepare result specifically for transaction, by the Hazard ratio in terminal authentication result Data on special position are updated to second value, the terminal authentication result after being updated.
33. Bluetooth intelligent card according to claim 31 or 32, it is characterised in that if the risk judgment module is judged as The second update module is triggered after being and first update module updates triggering behavioural analysis module after terminal authentication result;Then institute It is second value to state the data on the bit corresponding with the risk bit in terminal behavior code.
34. Bluetooth intelligent card according to claim 31 or 32, it is characterised in that the 3rd update module, it is specific to use In will with data on the risk bit be the corresponding bit of the bit of second value in the terminal behavior code In position, the data at least one bit are updated to second value.
35. Bluetooth intelligent card according to claim 31 or 32, it is characterised in that the 3rd update module, it is specific to use In the data on the bit corresponding with the risk bit in the terminal behavior code are updated into second value.
36. Bluetooth intelligent cards according to claim 30, it is characterised in that the behavioural analysis module includes:Terminal row It is analysis submodule and card behavioural analysis submodule;
The terminal behavior analyzes submodule, for the terminal authentication result is corresponding with the terminal behavior code Data on bit carry out computing, obtain operation result, are analysis result according to the operation result line;
The card behavioural analysis submodule, for carrying out card behavioural analysis according to the terminal behavior analysis result, is set Card behavior analysis result, using card behavior analysis result as behavioural analysis result.
37. Bluetooth intelligent cards according to claim 36, it is characterised in that the terminal behavior analysis submodule includes: First arithmetic element and the first setting unit;
First arithmetic element, for by the terminal authentication result bit corresponding with the terminal behavior code Data carry out and computing;
First setting unit, if for first arithmetic element operation result be the first result, will then will described in Terminal behavior analysis result is set to log-in treatment;If the operation result of first arithmetic element is not the first result, The terminal behavior analysis result is then set to requests transaction refusal;
The behavioural analysis submodule, if being set to the terminal behavior analysis result specifically for first setting unit When requests transaction is refused, card behavioural analysis is carried out according to the terminal behavior analysis result, card behavior analysis result is set It is application authorization ciphertext, using card behavior analysis result as behavioural analysis result;If first setting unit is by the end When end behavioural analysis result is set to log-in treatment, then card behavior analysis result is set to authorization requests ciphertext or answered Certification ciphertext is used, using card behavior analysis result as behavioural analysis result.
38. Bluetooth intelligent cards according to claim 30, it is characterised in that the risk judgment module includes:First obtains Take submodule, the first judging submodule, the first calculating sub module, the second judging submodule and the first sub-module stored;
First acquisition submodule, for obtaining the air control data in the trading instruction;
First judging submodule, for judging to whether there is data in scratchpad area (SPA);
First calculating sub module, for after first judging submodule is judged as YES, then by the scratchpad area (SPA) In data as air control historical data, calculate air control index according to the air control data and the air control historical data;
Second judging submodule, for judging the air control index whether more than the first risk threshold value;
First sub-module stored, for after first judging submodule is judged as NO, by the air control data storage To in scratchpad area (SPA), the transaction preparation module is triggered;After second judging submodule is judged as NO, by the air control In data Cun Chudao scratchpad area (SPA)s, the transaction preparation module is triggered.
39. Bluetooth intelligent card according to claim 38, it is characterised in that also include in the transaction message:The wind Control data.
40. Bluetooth intelligent cards according to claim 30, it is characterised in that the transaction stand-by mode includes:Off line is recognized Card mode, treatment limitation mode, holder's authentication mode and terminal risk management mode;
The transaction preparation module is specifically included:Selection application submodule, initialization application submodule, reading application record submodule Block, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule;
First update module is specifically included:First updates submodule, second updates submodule, the 3rd updates submodule and the Four update submodule;
Submodule is applied in the selection, for being selected to apply according to the trading instruction;
Submodule is applied in the initialization, for initializing the application for having selected;
Record sub module is applied in the reading, for reading application record;
The off line authentication sub module, off line certification is carried out for the off line authentication mode according to itself, obtains off line certification knot Really;
Holder's authentication sub module, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of itself limitation mode Really;
The holder verifies submodule, for obtaining itself according to the application record for reading to be read using record sub module Holder's authentication mode;Holder's authentication mode according to itself carries out checking to holder and obtains holder's the result;
The treatment limitation submodule, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of itself limitation mode Really;
The risk management submodule, terminal risk management is carried out for the terminal risk management mode according to itself, obtains end End risk management result;
Described first updates submodule, for updating terminal authentication result according to off line authentication result;
Described second updates submodule, for updating terminal authentication result according to treatment limitation result;
Described 3rd updates submodule, for according to holder's the result, updating terminal authentication result;
Described 4th updates submodule, for according to terminal risk management result, updating terminal authentication result.
41. Bluetooth intelligent cards according to claim 40, it is characterised in that second update module, specifically include:The Five update at least one of submodule, the 6th renewal submodule, the 7th renewal submodule, the 8th renewal submodule;
Described 5th updates submodule, for after the risk judgment module is judged as YES, the off line authentication sub module to be obtained To before off line authentication result, the off line authentication mode is updated to more secure level;
Described 6th updates submodule, for after the risk judgment module is judged as YES, the treatment limitation submodule to be obtained To before treatment limitation result, the treatment limitation mode is updated to more secure level;
Described 7th updates submodule, for after the risk judgment module is judged as YES, the holder to verify submodule Before obtaining holder's the result, holder's authentication mode is updated to more secure level;
Described 8th updates submodule, for after the risk judgment module is judged as YES, the risk management submodule to be obtained To before terminal risk management result, the terminal risk management mode is updated to more secure level.
42. Bluetooth intelligent cards according to claim 40, it is characterised in that also include:Transaction Information judge module, first Display module, first detection module and the module that reports an error;
The Transaction Information judge module, for after the reading application record sub module reads application record, according to the friendship Transaction Information easily in instruction judges whether to show the dealing money in the Transaction Information;If so, then trigger the off line recognizing Card submodule;
First display module, for after the Transaction Information judge module is judged as YES, showing the dealing money;When The first detection module does not detect user's confirmation in the first Preset Time, shows error message;When the friendship Easy Authorization result is refused for transaction, display refusal Transaction Information;
The module that reports an error, for after first display module shows error message, mistake being returned to the mobile terminal Information;
The first detection module, for after first display module shows the dealing money, in the first Preset Time Interior detection user's confirmation;If after user's confirmation is detected in the first Preset Time, triggering off line certification Module.
43. Bluetooth intelligent cards according to claim 40, it is characterised in that the holder verifies submodule, specific to use It is defeated according to including if getting the online PIN of user input in the second Preset Time in the prompting online PIN of user input The holder's authentication mode for entering online PIN verifies to holder, obtains holder's the result;If in the second Preset Time The online PIN of user input is not got inside, then holder's the result is holder's authentication failed;
The also online PIN including user input in the transaction message.
44. Bluetooth intelligent cards according to claim 40, it is characterised in that also include:Initialization module;
The initialization module, for when described first update submodule according to off line authentication result update terminal authentication result it Before, it is the first numerical value by the data initialization on all bits of the terminal authentication result;
Described first updates submodule, if being authentification failure specifically for the off line authentication result, by terminal authentication result Off line certification risk bit on data be updated to second value, the terminal authentication result after being updated;
Described 3rd updates submodule, if being holder's authentication failed specifically for holder's the result, by terminal authentication The data on holder's checking risk bit in result are updated to second value, the terminal authentication result after being updated;
Described 4th updates submodule, specifically for detecting whether the dealing money in the trading instruction exceedes trading limit, If so, the data on the risk management risk bit in terminal authentication result then are updated into second value.
45. Bluetooth intelligent cards according to claim 40, it is characterised in that described first updates submodule, specifically for If the off line authentication result is authentification failure, the data on the off line certification risk bit in terminal authentication result are updated It is second value, the terminal authentication result after being updated;If the off line authentication result is certification success, terminal is tested The data on off line certification risk bit in card result are updated to the first numerical value, the terminal authentication knot after being updated Really;
Described 3rd updates submodule, if being holder's authentication failed specifically for holder's the result, by terminal authentication The data on holder's checking risk bit in result are updated to second value, the terminal authentication result after being updated; If holder's the result is proved to be successful for holder, by the holder's checking risk bit in terminal authentication result Data are updated to the first numerical value, the terminal authentication result after being updated;
Described 4th updates submodule, specifically for detecting whether the dealing money in the trading instruction exceedes trading limit, If so, the data on the risk management risk bit in terminal authentication result then are updated into second value;Otherwise, by terminal The data on risk management risk bit in the result are updated to the first numerical value.
46. Bluetooth intelligent card according to claim 44 or 45, it is characterised in that if the risk judgment module is judged as The second update module is triggered after being and first update module updates triggering behavioural analysis module after terminal authentication result;Then institute It is second value to state the data on the bit corresponding with the off line certification risk bit in terminal behavior code;It is described The data on bit corresponding with holder checking risk bit in terminal behavior code are second value;It is described The data on bit corresponding with the risk management risk bit in terminal behavior code are second value.
47. Bluetooth intelligent card according to claim 44 or 45, it is characterised in that the 3rd update module, it is specific to use In after the risk judgment module is judged as YES, before the behavioural analysis module obtains behavioural analysis result, by the end End behavior code in the off line certification risk bit on, holder checking risk bit on and risk management risk During data on bit are for the corresponding bit of bit of second value, the data at least one bit are updated to Second value;After the risk judgment module is judged as NO, the transaction preparation module is triggered.
48. Bluetooth intelligent card according to claim 44 or 45, it is characterised in that the 3rd update module, it is specific to use In after the risk judgment module is judged as YES, before the behavioural analysis module obtains behavioural analysis result, by the end In the behavior code of end risk bit and risk management risk bit are verified with the off line certification risk bit, holder Data on the corresponding bit in position are updated to second value;After the risk judgment module is judged as NO, the friendship is triggered Easy preparation module.
49. Bluetooth intelligent card according to claim 44 or 45, it is characterised in that the off line certification risk bit bag Include:7th bit of the first character section of the terminal authentication result, the 4th bit and the 3rd bit;
Holder's the result risk bit includes:3rd the 8th bit of byte of the terminal authentication result Position;
The risk management risk bit includes:4th the 8th bit of byte of the terminal authentication result.
50. Bluetooth intelligent cards according to claim 41, it is characterised in that the 5th renewal submodule specifically includes the One updating block;
First updating block, for after the risk judgment module is judged as YES, the off line authentication sub module to be obtained Before off line authentication result, the off line parameters for authentication according to itself is by off line authentication mode by the relatively low off line certification of level of security Mode is updated to level of security off line authentication mode higher.
51. Bluetooth intelligent cards according to claim 50, it is characterised in that first updating block, specifically for working as After the risk judgment module is judged as YES, before the off line authentication sub module obtains off line authentication result, will be with safe level The parameter value of the corresponding off line parameters for authentication of off line authentication mode of Bie Genggao is updated to second value by the first numerical value.
52. Bluetooth intelligent cards according to claim 41, it is characterised in that the holder verifies submodule, specific to use If judging in the absence of transaction risk according to the trading instruction in the risk judgment module, application note will be read according to described Record submodule read application record in the authentication list of holder first as the authentication list of holder second of itself simultaneously Preserve, the holder's authentication mode of itself is obtained according to the authentication list of holder second, the holder's authentication mode according to itself Holder is verified;If the risk judgment module judges there is transaction risk according to the trading instruction, basis The authentication list of the holder second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself is to holding People is verified.
53. Bluetooth intelligent cards according to claim 52, it is characterised in that the 7th renewal submodule specifically includes the Two updating blocks;
Second updating block, for after the risk judgment module is judged as YES, holder's checking submodule to be obtained Before taking holder's the result, the authentication list of holder second is updated, the holder's authentication mode of itself is updated to more pacify Full rank.
54. Bluetooth intelligent cards according to claim 53, it is characterised in that second updating block, specifically for working as After the risk judgment module is judged as YES, before holder's checking submodule obtains holder's the result, will be described Holder's authentication mode mark in holder's authentication codes in the authentication list of holder second is updated to more secure level, will Holder's authentication mode is updated to more secure level.
55. Bluetooth intelligent cards according to claim 41, it is characterised in that the risk management submodule, specifically for Trading limit according to itself carries out terminal risk management, obtains terminal risk management result, is updated according to risk management result The terminal authentication result;
Described 8th updates submodule, specifically for reducing the trading limit.
56. Bluetooth intelligent cards according to claim 30, it is characterised in that the Bluetooth intelligent card include IC chip and MPOS chips;
The link block, specifically for setting up bluetooth connection by the MPOS chips and mobile terminal;
First receiver module, specifically for after the link block sets up bluetooth connection with the mobile terminal, passing through The MPOS chips receive the trading instruction from the mobile terminal by Bluetooth channels;
The transaction preparation module, specifically for sending transaction preparation instruction to the IC chip by the MPOS chips, connects Receive the transaction from the IC chip and prepare response;By stating MPOS chips according to first receiver module is received The transaction stand-by mode of trading instruction and the MPOS chips is traded preparation and obtains transaction preparation result;
First update module, specifically for accurate according to the transaction that the transaction preparation module is obtained by the MPOS chips Standby result updates terminal authentication result;
The behavioural analysis module, specifically for by the MPOS chips according to the terminal authentication result after renewal and itself Terminal behavior code carries out behavioural analysis and obtains behavioural analysis result;
The setting Authorization result module, if please to authorize specifically for the behavioural analysis result that the behavioural analysis module is obtained Ciphertext is sought, then it is online process to set Trading Authorization result by the MPOS chips;If what the behavioural analysis module was obtained Behavioural analysis result is application authorization ciphertext, then Trading Authorization result is set into transaction refusal by the MPOS chips;
First sending module, specifically for when the setting Authorization result module by the MPOS chips by the transaction After Authorization result is set to online process, being sent to the mobile terminal by Bluetooth channels by the MPOS chips includes institute State the transaction message of the Transaction Information in Trading Authorization result and the trading instruction;
Second receiver module, the movement is come from specifically for being received by the Bluetooth channels by the MPOS chips The transaction response of terminal;
The trades record module, specifically for generating transaction record according to the transaction response by the MPOS chips;
Second sending module, specifically for sending institute to the mobile terminal by Bluetooth channels by the MPOS chips State transaction record;
The risk judgment module, specifically for the transaction received according to first receiver module by the MPOS chips Instruction judges whether transaction risk;After the risk judgment module is judged as NO, the transaction preparation module is triggered;
Second update module, specifically for after the risk judgment module is judged as YES, the transaction preparation module is obtained Before preparing result to transaction, the transaction stand-by mode is updated to by more secure level by the MPOS chips;
3rd update module, specifically for after the risk judgment module is judged as YES, the behavioural analysis module is obtained To before behavioural analysis result, the terminal behavior code of itself is updated by the MPOS chips.
57. Bluetooth intelligent cards according to claim 56, it is characterised in that the behavioural analysis module is specifically included:Eventually End behavioural analysis submodule and card behavioural analysis submodule;The card behavioural analysis submodule is specifically included:First sends Unit, the first analytic unit, the second transmitting element and the first result unit;
The terminal behavior analyzes submodule, specifically for by the MPOS chips by the terminal authentication result and the end Data in the behavior code of end on corresponding bit carry out computing, obtain operation result, are set according to the operation result Terminal behavior analysis result;
First transmitting element, should for terminal behavior analysis result to be sent into request to IC chip by the MPOS chips Instructed with ciphertext;
First analytic unit, for carrying out card behavioural analysis by the IC chip, obtains card behavior analysis result;
Second transmitting element, for sending card behavioural analysis result to the MPOS chips by the IC chip;
First result unit, for by the MPOS chips using card behavior analysis result as behavioural analysis result.
58. Bluetooth intelligent cards according to claim 57, it is characterised in that the transaction stand-by mode includes:Off line is recognized Card mode, treatment limitation mode, holder's authentication mode and terminal risk management mode:
The transaction preparation module is specifically included:Selection application submodule, initialization application submodule, reading application record submodule Block, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule;
First update module is specifically included:First updates submodule, second updates submodule, the 3rd updates submodule and the Four update submodule;
The selection is specifically included using submodule:3rd transmitting element, selection applying unit and the 4th transmitting element;It is described first Beginning beggar's module is specifically included:5th transmitting element, initialization applying unit and the 6th transmitting element;It is described to read application record Module is specifically included:Recording unit and the 8th transmitting element are applied in 7th transmitting element, reading;Off line authentication sub module is specifically wrapped Include:9th transmitting element, the tenth transmitting element and off line authentication unit;The treatment limitation submodule is specifically included:Treatment limit Unit processed;Holder's checking submodule is specifically included:Holder's authentication unit;The risk management submodule is specifically wrapped Include:Risk management unit;
The first renewal submodule is specifically included:3rd updating block;The second renewal submodule is specifically included:4th more New unit;The 3rd renewal submodule is specifically included:5th updating block;Institute the 4th updates submodule and specifically includes:6th Updating block;
3rd transmitting element, for sending selection application instruction to the IC chip by the MPOS chips;
The selection applying unit, for being applied according to selection application instruction selection by the IC chip;
4th transmitting element, for sending selection application success response to MPOS chips by the IC chip;
5th transmitting element, initialization directive is applied for being sent to IC chip by the MPOS chips;
The initialization applying unit, for initializing the application for having selected by the IC chip;
6th transmitting element, for returning to application initialization successful respond to the MPOS chips by the IC chip;
7th transmitting element, for sending reading application recording instruction to IC chip by the MPOS chips;
Recording unit is applied in the reading, for reading application record by the IC chip;
8th transmitting element, for returning to read record successful respond to the MPOS chips by the IC chip;
9th transmitting element, instructs for sending off line certification to the IC chip by the MPOS chips;
Tenth transmitting element, for receiving the off line certification response from the IC chip by the MPOS chips;
The off line authentication unit, the off line certification response for being received according to the MPOS chips obtains off line certification As a result;
The treatment limiting unit, treatment limit is obtained for carrying out treatment limitation according to the treatment of MPOS chips limitation mode Result processed;
Holder's authentication unit, the read record successful respond for being received according to the MPOS chips obtains the MPOS Holder's authentication mode of chip;Holder's authentication mode according to the MPOS chips verifies that acquisition is held to holder Card people's the result;
The risk management unit, terminal risk management is carried out for the terminal risk management mode according to the MPOS chips, Obtain terminal risk management result;
3rd updating block, for updating terminal authentication result according to off line authentication result;
4th updating block, for updating terminal authentication result according to treatment limitation result;
5th updating block, for according to holder's the result, updating terminal authentication result;
6th updating block, for according to terminal risk management result, updating terminal authentication result.
CN201710039560.1A 2017-01-19 2017-01-19 A kind of Bluetooth intelligent card and its method for controlling transaction risk Active CN106845995B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710039560.1A CN106845995B (en) 2017-01-19 2017-01-19 A kind of Bluetooth intelligent card and its method for controlling transaction risk

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710039560.1A CN106845995B (en) 2017-01-19 2017-01-19 A kind of Bluetooth intelligent card and its method for controlling transaction risk

Publications (2)

Publication Number Publication Date
CN106845995A true CN106845995A (en) 2017-06-13
CN106845995B CN106845995B (en) 2018-05-04

Family

ID=59124992

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710039560.1A Active CN106845995B (en) 2017-01-19 2017-01-19 A kind of Bluetooth intelligent card and its method for controlling transaction risk

Country Status (1)

Country Link
CN (1) CN106845995B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107563765A (en) * 2017-09-06 2018-01-09 飞天诚信科技股份有限公司 It is a kind of to support to force method of commerce and terminal online and that force approval
CN108053012A (en) * 2017-12-28 2018-05-18 飞天诚信科技股份有限公司 A kind of Bluetooth intelligent card and its method for controlling transaction risk
CN108449186A (en) * 2018-06-11 2018-08-24 北京京东金融科技控股有限公司 Safe verification method and device
CN109658105A (en) * 2018-12-27 2019-04-19 飞天诚信科技股份有限公司 A kind of method and card of configurable record log
WO2020025056A1 (en) * 2018-08-03 2020-02-06 京东数字科技控股有限公司 Method, device, system, and mobile terminal for security authorization
US11989724B2 (en) 2018-10-02 2024-05-21 Capital One Services Llc Systems and methods for cryptographic authentication of contactless cards using risk factors

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2657319Y (en) * 2003-11-27 2004-11-17 上海维华信息技术有限公司 Hand-held mobile communication terminal equipment
CN201004634Y (en) * 2006-06-19 2008-01-09 张利华 Intelligent card and application system based on Bluetooth technology
CN101917216A (en) * 2010-08-25 2010-12-15 罗正棣 System and method for realizing safe mobile application by adopting Bluetooth intelligent card
CN102105894A (en) * 2008-05-23 2011-06-22 斯迈达Ip有限公司 Chip card having a plurality of components
CN102521186A (en) * 2011-11-22 2012-06-27 飞天诚信科技股份有限公司 USB (Universal Serial Bus) key and method for communicating with terminal thereof
US20120330839A1 (en) * 2001-06-27 2012-12-27 Orbiscom Limited Transaction processing
CN103368743A (en) * 2013-07-08 2013-10-23 深圳市文鼎创数据科技有限公司 Multifunctional intelligent card and identity authentication method and operation method of multifunctional intelligent card
CN103577867A (en) * 2013-11-13 2014-02-12 上海众人网络安全技术有限公司 Financial IC visible card provided with Bluetooth device
CN204360404U (en) * 2014-12-30 2015-05-27 北京握奇智能科技有限公司 Circuit board, the smart card made containing fabrication assembly and the fabrication assembly of circuit board
CN106339874A (en) * 2016-08-11 2017-01-18 飞天诚信科技股份有限公司 Online transaction method, visual financial IC card, client and server

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120330839A1 (en) * 2001-06-27 2012-12-27 Orbiscom Limited Transaction processing
CN2657319Y (en) * 2003-11-27 2004-11-17 上海维华信息技术有限公司 Hand-held mobile communication terminal equipment
CN201004634Y (en) * 2006-06-19 2008-01-09 张利华 Intelligent card and application system based on Bluetooth technology
CN102105894A (en) * 2008-05-23 2011-06-22 斯迈达Ip有限公司 Chip card having a plurality of components
CN101917216A (en) * 2010-08-25 2010-12-15 罗正棣 System and method for realizing safe mobile application by adopting Bluetooth intelligent card
CN102521186A (en) * 2011-11-22 2012-06-27 飞天诚信科技股份有限公司 USB (Universal Serial Bus) key and method for communicating with terminal thereof
CN103368743A (en) * 2013-07-08 2013-10-23 深圳市文鼎创数据科技有限公司 Multifunctional intelligent card and identity authentication method and operation method of multifunctional intelligent card
CN103577867A (en) * 2013-11-13 2014-02-12 上海众人网络安全技术有限公司 Financial IC visible card provided with Bluetooth device
CN204360404U (en) * 2014-12-30 2015-05-27 北京握奇智能科技有限公司 Circuit board, the smart card made containing fabrication assembly and the fabrication assembly of circuit board
CN106339874A (en) * 2016-08-11 2017-01-18 飞天诚信科技股份有限公司 Online transaction method, visual financial IC card, client and server

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
何秉姣 等: "基于VPN实现蓝牙PAN的安全存取", 《武汉大学学报(工学版)》 *
冯志兴 等: "金融IC卡认证体系及其安全性分析金融IC卡认证体系及其安全性分析", 《信息安全与通信保密》 *
张炜: "基于智能IC卡技术的蓝牙安全令牌的研究与实现", 《中国学位论文全文数据库》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107563765A (en) * 2017-09-06 2018-01-09 飞天诚信科技股份有限公司 It is a kind of to support to force method of commerce and terminal online and that force approval
CN108053012A (en) * 2017-12-28 2018-05-18 飞天诚信科技股份有限公司 A kind of Bluetooth intelligent card and its method for controlling transaction risk
CN108053012B (en) * 2017-12-28 2018-10-30 飞天诚信科技股份有限公司 A kind of Bluetooth intelligent card and its method for controlling transaction risk
CN108449186A (en) * 2018-06-11 2018-08-24 北京京东金融科技控股有限公司 Safe verification method and device
WO2020025056A1 (en) * 2018-08-03 2020-02-06 京东数字科技控股有限公司 Method, device, system, and mobile terminal for security authorization
US11989724B2 (en) 2018-10-02 2024-05-21 Capital One Services Llc Systems and methods for cryptographic authentication of contactless cards using risk factors
CN109658105A (en) * 2018-12-27 2019-04-19 飞天诚信科技股份有限公司 A kind of method and card of configurable record log

Also Published As

Publication number Publication date
CN106845995B (en) 2018-05-04

Similar Documents

Publication Publication Date Title
CN106845995B (en) A kind of Bluetooth intelligent card and its method for controlling transaction risk
CN104767613B (en) Signature verification method, apparatus and system
CN104217327B (en) A kind of financial IC card internet terminal and its method of commerce
CN104464117B (en) Based on dynamic two-dimension code ATM (automatic teller machine) withdrawal method and system
CN102752115B (en) Challenge code generating method and device, dynamic password authentication method and system
CN104933565B (en) A kind of IC card transaction method and system
CN108009825A (en) A kind of identity management system and method based on block chain technology
CN105933266A (en) Verification method and server
CN107818463A (en) A kind of offline electronic payment method and system based on TOTP algorithms
CN105897721A (en) Method and device for verifying reliability of identity of financial card user
CN102254289A (en) Fast credit card approving method
CN103297243A (en) Working method of multi-functional intelligent secret key device
CN105283890A (en) Method and system for activating credentials
CN106529925A (en) Bluetooth visual card and method of realizing electronic cash transactions
CN106779698A (en) A kind of distribution for paying mark and its safe payment method, system and device
CN110351672A (en) Information-pushing method, device and electronic equipment
CN106603239B (en) A kind of main account inquiry into balance method and bluetooth visible card based on bluetooth visible card
CN105741116A (en) Fast payment method, apparatus and system
CN105635164B (en) The method and apparatus of safety certification
CN105320873B (en) A kind of unlocking method of terminal applies, device, terminal and SIM card
CN105591746B (en) A kind of processing method and processing system of online binding accepting terminal
CN108122108A (en) Mobile device authentication system and mobile equipment authentication method
CN109104717A (en) Bluetooth pairing methods, bluetooth equipment and bluetooth module
JP2007041801A (en) Controller of transaction system
CN107395600A (en) Business datum verification method, service platform and mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
OL01 Intention to license declared
OL01 Intention to license declared