CN106845995A - A kind of method of Bluetooth intelligent card and its control transaction risk - Google Patents
A kind of method of Bluetooth intelligent card and its control transaction risk Download PDFInfo
- Publication number
- CN106845995A CN106845995A CN201710039560.1A CN201710039560A CN106845995A CN 106845995 A CN106845995 A CN 106845995A CN 201710039560 A CN201710039560 A CN 201710039560A CN 106845995 A CN106845995 A CN 106845995A
- Authority
- CN
- China
- Prior art keywords
- result
- terminal
- holder
- transaction
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 80
- 238000004458 analytical method Methods 0.000 claims abstract description 326
- 230000003542 behavioural effect Effects 0.000 claims abstract description 188
- 238000013475 authorization Methods 0.000 claims abstract description 158
- 238000002360 preparation method Methods 0.000 claims abstract description 71
- 230000008569 process Effects 0.000 claims abstract description 29
- 238000007726 management method Methods 0.000 claims description 143
- 230000004044 response Effects 0.000 claims description 60
- 235000013399 edible fruits Nutrition 0.000 claims description 24
- 238000001514 detection method Methods 0.000 claims description 23
- 238000012790 confirmation Methods 0.000 claims description 16
- 230000001960 triggered effect Effects 0.000 claims description 9
- 230000009467 reduction Effects 0.000 claims description 6
- 238000013500 data storage Methods 0.000 claims description 2
- 230000006399 behavior Effects 0.000 description 217
- 238000004891 communication Methods 0.000 description 39
- 230000003068 static effect Effects 0.000 description 38
- 238000012360 testing method Methods 0.000 description 11
- 238000003860 storage Methods 0.000 description 10
- 238000012795 verification Methods 0.000 description 8
- 230000014759 maintenance of location Effects 0.000 description 4
- 238000012954 risk control Methods 0.000 description 4
- 241001062009 Indigofera Species 0.000 description 3
- 229910002056 binary alloy Inorganic materials 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Computer Security & Cryptography (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
Abstract
The invention discloses a kind of Bluetooth intelligent card and its method for control transaction risk, the Bluetooth intelligent card after trading instruction is received, transaction risk is judged whether according to trading instruction without can just complete financial transaction by financial terminal, if there is risk, also include:Preparation is traded again after transaction stand-by mode is updated into more secure level, and the terminal behavior code of itself is updated according to transaction preparation result renewal terminal behavior result and/or before carrying out behavioural analysis;Behavioural analysis is carried out according to terminal authentication result and terminal behavior code afterwards and obtains behavioural analysis result, if behavioural analysis result is authorization requests ciphertext, Trading Authorization result is set for online process, and mobile terminal carries out on-line transaction;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, blue-tooth intelligence Card Rejections transaction, so as to improve the security and convenience of transaction.
Description
Technical field
The present invention relates to field of intelligent cards, the method for more particularly to a kind of Bluetooth intelligent card and its control transaction risk.
Background technology
In the prior art, intelligent calorie requirement passes through financial terminal (for example:POS) could complete financial transaction, and
Kinds of risks is there is during transaction, security and convenience are poor.
The content of the invention
The invention provides a kind of Bluetooth intelligent card and its method for control transaction risk, above-mentioned technical problem is solved.
It is of the invention there is provided a kind of method of blue-tooth intelligence card control transaction risk, including:
Step s1:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
Step s2:The Bluetooth intelligent card receives the trading instruction from the mobile terminal by Bluetooth channels;
Step s3:The Bluetooth intelligent card is traded preparation according to the trading instruction and the transaction stand-by mode of itself
Obtain transaction and prepare result, preparing result according to transaction updates terminal authentication result;
Step s4:The Bluetooth intelligent card carries out behavior according to the terminal authentication result and the terminal behavior code of itself
Analysis obtains behavioural analysis result, if behavioural analysis result is authorization requests ciphertext, it is online place to set Trading Authorization result
Reason, performs step s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, institute
The transaction of blue-tooth intelligence Card Rejections is stated, is terminated;
Step s5:The Bluetooth intelligent card is sent by Bluetooth channels to the mobile terminal includes the Trading Authorization knot
The transaction message of the Transaction Information in fruit and the trading instruction;
Step s6:The Bluetooth intelligent card receives the transaction response from the mobile terminal by the Bluetooth channels;
Step s7:The Bluetooth intelligent card is according to the transaction response generation transaction record;
Step s8:The Bluetooth intelligent card sends the transaction record by Bluetooth channels to the mobile terminal, terminates;
After the trading instruction of the reception from the mobile terminal, also include:The Bluetooth intelligent card is according to
Trading instruction judges whether transaction risk:When judged result is to be, also include before the step s3:The bluetooth intelligence
Can block also includes before the transaction stand-by mode is updated into more secure level and/or the step s4:The bluetooth intelligence
Can block and update the terminal behavior code of itself;When judged result is no, step s3 is performed.
Present invention also offers a kind of Bluetooth intelligent card, including:Link block, the first receiver module, transaction preparation module,
First update module, behavioural analysis module, setting Authorization result module, the first sending module, the second receiver module, transaction record
Module and the second sending module;
The link block, for setting up bluetooth connection with mobile terminal;
First receiver module, for after the link block sets up bluetooth connection with the mobile terminal, passing through
Bluetooth channels receive the trading instruction from the mobile terminal;
The transaction preparation module, for the trading instruction that is received according to first receiver module and itself
Transaction stand-by mode is traded preparation and obtains transaction preparation result;
First update module, the transaction for being obtained according to the transaction preparation module prepares result more new terminal and tests
Card result;
The behavioural analysis module, for according to first update module update after terminal authentication result and itself
Terminal behavior code carries out behavioural analysis and obtains behavioural analysis result;
The setting Authorization result module, if please to authorize for the behavioural analysis result that the behavioural analysis module is obtained
Ciphertext is sought, then it is online process to set Trading Authorization result;If the behavioural analysis result that the behavioural analysis module is obtained is should
Certification ciphertext is used, then Trading Authorization result is set to transaction refusal;
First sending module, for the Trading Authorization result to be set into connection when the setting Authorization result module
After machine treatment, sent to the mobile terminal by Bluetooth channels in including the Trading Authorization result and the trading instruction
The transaction message of Transaction Information;
Second receiver module, for receiving the transaction response from the mobile terminal by the Bluetooth channels;
The trades record module, the transaction response for being received according to second receiver module generates transaction
Record;
Second sending module, gives birth to for sending the trades record module to the mobile terminal by Bluetooth channels
Into the transaction record;
The Bluetooth intelligent card also includes:Risk judgment module, the second update module and/or the 3rd update module;
The risk judgment module, the trading instruction for being received according to first receiver module is judged whether
Transaction risk;After the risk judgment module is judged as NO, the transaction preparation module is triggered;
Second update module, for after the risk judgment module is judged as YES, the transaction preparation module to be obtained
Before preparing result to transaction, the transaction stand-by mode is updated to more secure level;
3rd update module, for after the risk judgment module is judged as YES, the behavioural analysis module to be obtained
To before behavioural analysis result, the terminal behavior code of itself is updated.
Beneficial effects of the present invention:The invention provides a kind of Bluetooth intelligent card and its method for control transaction risk, institute
Bluetooth intelligent card is stated without can just complete financial transaction by financial terminal, and after trading instruction is received, according to friendship
Easily instruction judges whether transaction risk, if there is risk, also includes:After transaction stand-by mode is updated into more secure level
Preparation is traded again, is updated certainly according to transaction preparation result renewal terminal behavior result and/or before carrying out behavioural analysis
The terminal behavior code of body;Behavioural analysis is carried out according to terminal authentication result and terminal behavior code afterwards and obtains behavioural analysis knot
Really, on-line transaction is judged whether to according to behavioural analysis result, improves the security and convenience of transaction.
Brief description of the drawings
Fig. 1 is a kind of flow chart of the method for blue-tooth intelligence card control transaction risk that the embodiment of the present invention 1 is provided;
Fig. 2 is a kind of flow chart of the method for blue-tooth intelligence card control transaction risk that the embodiment of the present invention 2 is provided;
Fig. 3 is the flow chart of the method for another blue-tooth intelligence card control transaction risk that the embodiment of the present invention 2 is provided;
Fig. 4 and Fig. 5 is a kind of flow of the method for blue-tooth intelligence card control transaction risk that the embodiment of the present invention 4 is provided
Figure;
Fig. 6 is a kind of block diagram of Bluetooth intelligent card that the embodiment of the present invention 5 is provided.
Specific implementation method
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
Embodiment 1
The present embodiment has passed through a kind of method of blue-tooth intelligence card control transaction risk, as shown in figure 1, including:
Step s1:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
Step s2:Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels;
Step s3:Bluetooth intelligent card is traded preparation and is concluded the business according to trading instruction and the transaction stand-by mode of itself
Prepare result, preparing result according to transaction updates terminal authentication result;
In the present embodiment, preparing result renewal terminal authentication result according to transaction can be specially:If transaction prepares result
It is failure, then the data on the risk bit in terminal authentication result is updated to second value, the terminal after being updated
The result;If it is successfully, the data on the risk bit in terminal authentication result to be updated into first that transaction prepares result
Numerical value, the terminal authentication result after being updated.
In the present embodiment, before preparing result renewal terminal authentication result according to transaction, also include:Bluetooth intelligent card will be eventually
It is the first numerical value to hold the data initialization on all bits of the result;
Preparing result renewal terminal authentication result according to transaction can also be specially:If it is failure that transaction prepares result,
Data on risk bit in terminal authentication result are updated to second value, the terminal authentication result after being updated.
In the present embodiment, it is preferable that the first numerical value is 0, and second value is 1.
Step s4:Bluetooth intelligent card carries out behavioural analysis and obtains according to terminal authentication result and the terminal behavior code of itself
Behavioural analysis result, if behavioural analysis result is authorization requests ciphertext, it is online process to set Trading Authorization result, performs step
Rapid s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, Bluetooth intelligent card is refused
Break off relations easily, terminate;
Wherein, behavioural analysis is carried out according to terminal authentication result and the terminal behavior code of itself, obtains behavioural analysis knot
Really, specifically include:
Step s41:Bluetooth intelligent card is by the number on the terminal authentication result bit corresponding with terminal behavior code
According to computing is carried out, operation result is obtained, be analysis result according to operation result line;
Step s42:Bluetooth intelligent card carries out card behavioural analysis according to terminal behavior analysis result, sets card behavior point
Analysis result, using card behavior analysis result as behavioural analysis result.
Further, step s41 is specially:Bluetooth intelligent card is corresponding with terminal behavior code by terminal authentication result
Data on bit are carried out and computing, if operation result is the first result, terminal behavior analysis result are set into request
Online process;Otherwise, terminal behavior analysis result is set to requests transaction refusal;
If terminal behavior analysis result for requests transaction refuse when, step s42 is specially:Bluetooth intelligent card is according to terminal row
For analysis result carries out card behavioural analysis, it is application authorization ciphertext to set card behavior analysis result, by card behavioural analysis
Result is used as behavioural analysis result;When terminal behavior analysis result is processed for log-in, then by card behavior analysis result
Authorization requests ciphertext or application authorization ciphertext are set to, using card behavior analysis result as behavioural analysis result.
Step s5:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization result and trading instruction
In Transaction Information transaction message;
Step s6:Bluetooth intelligent card receives the transaction response from mobile terminal by Bluetooth channels;
Step s7:Bluetooth intelligent card is according to transaction response generation transaction record;
Step s8:Bluetooth intelligent card sends transaction record by Bluetooth channels to mobile terminal, terminates.
Receive after the trading instruction from mobile terminal, also include:Bluetooth intelligent card judges whether according to trading instruction
There is transaction risk:When judged result is to be:
Also include before step s3:Transaction stand-by mode is updated to more secure level by Bluetooth intelligent card;
And/or, also include before step s4:Bluetooth intelligent card updates the terminal behavior code of itself;
When judged result is no, step s3 is performed.
Wherein, Bluetooth intelligent card judges whether transaction risk according to trading instruction, specifically includes:
Step a1:Bluetooth intelligent card obtains the air control data in trading instruction, judges to whether there is number in scratchpad area (SPA)
According to if it is, using the data in scratchpad area (SPA) as air control historical data, performing step a2;Otherwise, judge do not exist
Transaction risk, by air control data Cun Chudao scratchpad area (SPA)s, performs step s3;
Step a2:Bluetooth intelligent card calculates air control index according to air control data and air control historical data, judges air control index
Whether the first risk threshold value is more than, if it is, there is transaction risk;Otherwise, in the absence of transaction risk, by air control data storage
To in scratchpad area (SPA), step s3 is performed.
Further, can also include in transaction message:Air control data.
In the present embodiment, if Bluetooth intelligent card judges there is transaction risk according to trading instruction, by transaction stand-by mode more
Newly to perform step s3 after more secure level, step s4 is performed after step s3;Then terminal behavior code can be default, tool
Body ground, the data on bit corresponding with the risk bit in terminal authentication result in terminal behavior code are the second number
Value.
It should be noted that, if the transaction stand-by mode of Bluetooth intelligent card be most level of security, when Bluetooth intelligent card according to
After trading instruction judges to have transaction risk, Bluetooth intelligent card directly performs step s3.
In this example, Bluetooth intelligent card updates the terminal behavior code of itself can be specially:By in terminal behavior code
With the data on the risk bit in terminal authentication result for the corresponding bit of bit of second value in, at least
Data on one bit are updated to second value.
In the present embodiment, the terminal behavior code of itself is updated, can also be specially:By in terminal behavior code with end
The data on the corresponding bit of risk bit in the result of end are updated to second value.
In the present embodiment, transaction stand-by mode includes:Off line authentication mode, treatment limitation mode, holder's authentication mode
With terminal risk management mode;
Correspondingly, step s3 is specifically included:
Step s31:Bluetooth intelligent card selects to apply according to trading instruction, the application that initialization has been selected, and reads application note
Record;
Step s32:Bluetooth intelligent card carries out off line certification according to the off line authentication mode of itself, obtains off line certification knot
Really, terminal authentication result is updated according to off line authentication result;
Step s33:Bluetooth intelligent card carries out treatment limitation and obtains treatment limitation result according to the treatment of itself limitation mode,
Terminal authentication result is updated according to treatment limitation result;
Step s34:Bluetooth intelligent card obtains the holder's authentication mode of itself according to the application record for reading;According to itself
Holder's authentication mode checking carried out to holder obtain holder's the result, according to holder's the result, update eventually
End the result;
Specifically, if Bluetooth intelligent card judges that, in the absence of transaction risk, Bluetooth intelligent card will be read according to trading instruction
The authentication list of holder first in the application record got as itself the authentication list of holder second and preserve, according to holding
The card authentication list of people second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself is carried out to holder
Checking;If Bluetooth intelligent card judges there is transaction risk according to trading instruction, obtained according to the authentication list of holder second
The holder's authentication mode of itself, the holder's authentication mode according to itself is verified to holder.
Step s35:Bluetooth intelligent card carries out terminal risk management according to the terminal risk management mode of itself, obtains terminal
Risk management result, according to terminal risk management result, updates terminal authentication result.
Further, transaction stand-by mode is updated to more secure level by Bluetooth intelligent card, specially:Bluetooth intelligent card will
At least one of off line authentication mode, treatment limitation mode, holder's authentication mode and terminal risk management mode are updated to
More secure level, performs step s31.
Wherein, the off line authentication mode of itself is updated to safer rank, specially:Bluetooth intelligent card is according to itself
Off line parameters for authentication that off line authentication mode is updated into level of security by level of security relatively low off line authentication mode is higher
Off line authentication mode.
Further, the off line parameters for authentication according to itself by off line authentication mode by the relatively low off line certification of level of security
Mode is updated to level of security off line authentication mode higher and is specially:Will be corresponding with the off line authentication mode that level of security is higher
The parameter value of off line parameters for authentication second value is updated to by the first numerical value.
Wherein, holder's authentication mode is updated to more secure level, specially:Bluetooth intelligent card updates holder's certification
List, more secure level is updated to by holder's authentication mode.More specifically, Bluetooth intelligent card updates the certification of holder second
List, more secure level is updated to by the holder's authentication mode of itself.
The authentication list of holder second is updated, the holder's authentication mode of itself more secure level is updated to, specially:
Holder's authentication mode mark in holder's authentication codes in the authentication list of holder second is updated to more secure level,
Holder's authentication mode is updated to more secure level.
Wherein, terminal risk management is carried out according to terminal risk management mode, specially:Bluetooth intelligent card according to itself
Trading limit carries out terminal risk management, obtains terminal risk management result;
Terminal risk management mode is updated into more secure level to be specially:Bluetooth intelligent card reduction trading limit.
In the present embodiment, also include after step s31:Transaction Information of the Bluetooth intelligent card in trading instruction judges
Dealing money in no display Transaction Information, if it is not, then performing step s32;If it is, display dealing money, waits stand-by
Family confirms, if after user's confirmation is detected in the first Preset Time, performing step s32;If in the first Preset Time
User's confirmation is not detected, then Bluetooth intelligent card display error message, error message is returned to mobile terminal;
If Trading Authorization result is refused for transaction, also include:Bluetooth intelligent card display refusal Transaction Information.
In the present embodiment, step s34 can be specially:Bluetooth intelligent card points out the online PIN of user input, if pre- second
If getting the online PIN of user input in the time, then according to the holder's authentication mode for including being input into online PIN to holder
Verified, obtained holder's the result, terminal authentication result is updated according to holder's the result;If when second is default
The interior online PIN for not getting user input, then holder's the result is holder's authentication failed, is tested according to holder
Card result updates terminal authentication result;
The also online PIN including user input in transaction message.
In the present embodiment, also include in step s31:Bluetooth intelligent card is by the number on all bits of terminal authentication result
According to being initialized as the first numerical value;Correspondingly, terminal authentication result is updated according to off line authentication result, specially:If off line certification
Result is authentification failure, and the data on the off line certification risk bit in terminal authentication result are updated into second value, is obtained
Terminal authentication result after to renewal;
Terminal authentication result is updated according to holder's the result, specially:If holder's the result is tested for holder
Card failure, then be updated to second value by the data on the holder's checking risk bit in terminal authentication result, obtains more
Terminal authentication result after new;
Terminal authentication result is updated according to terminal risk management result, specially:In Bluetooth intelligent card detection trading instruction
Dealing money whether exceed trading limit, if so, then by the number on the risk management risk bit in terminal authentication result
According to being updated to second value.
In the present embodiment, terminal authentication result is updated according to off line authentication result, can also be specially:If off line certification knot
Fruit is authentification failure, and the data on the off line certification risk bit in terminal authentication result are updated into second value, is obtained
Terminal authentication result after renewal;If off line authentication result is certification success, by the off line certification risk in terminal authentication result
Data on bit are updated to the first numerical value, the terminal authentication result after being updated;
Terminal authentication result is updated according to holder's the result, can also be specially:If holder's the result is to hold
Card people's authentication failed, then be updated to second value by the data on the holder's checking risk bit in terminal authentication result,
Terminal authentication result after being updated;If holder's the result is proved to be successful for holder, by terminal authentication result
Holder checking risk bit on data be updated to the first numerical value, the terminal authentication result after being updated;
Terminal authentication result is updated according to terminal risk management result, can also be specially:Bluetooth intelligent card detection transaction
Whether the dealing money in instruction exceedes trading limit, if so, then by the risk management risk bit in terminal authentication result
On data be updated to second value;Otherwise, the data on the risk management risk bit in terminal authentication result are updated
It is the first numerical value.
Further, if Bluetooth intelligent card judges there is transaction risk according to the trading instruction, by stand-by mode of concluding the business
Step s3 is performed after being updated to more secure level, step s4 is performed after step s3;Then terminal behavior code can be it is default,
The data on bit corresponding with off line certification risk bit in terminal behavior code are second value;Terminal behavior generation
The data on bit corresponding with holder's checking risk bit in code are second value;In terminal behavior code with
Data on the corresponding bit of risk management risk bit are second value.
Further, in this example, the terminal behavior code of itself is updated, specially:By in terminal behavior code with
Data on off line certification risk bit, on holder's checking risk bit and on risk management risk bit are second
In the corresponding bit of bit of numerical value, the data at least one bit are updated to second value.
Further, in this example, the terminal behavior code of itself is updated, can also be specially:By terminal behavior code
In with off line certification risk bit, holder's checking risk bit and the corresponding bit of risk management risk bit
On data be updated to second value.
In the present embodiment, off line certification risk bit includes:7th bit of the first character section of terminal authentication result
Position, the 4th bit and the 3rd bit;
Holder's the result risk bit includes:3rd the 8th bit of byte of terminal authentication result;
Risk management risk bit includes:4th the 8th bit of byte of terminal authentication result.
In the present embodiment, Bluetooth intelligent card can include IC chip and MPOS chips;Correspondingly:
Step s1 is specially:MPOS chips set up bluetooth connection with mobile terminal;
Step s2 is specially:MPOS chips receive the trading instruction from mobile terminal by Bluetooth channels;
Step s3 is specially:MPOS chips send transaction preparation instruction to IC chip, receive the transaction from IC chip accurate
Standby response;MPOS chips are traded preparation and obtain transaction preparation result according to the transaction stand-by mode of itself, accurate according to transaction
Standby result updates terminal authentication result;
Wherein, transaction stand-by mode includes:Off line authentication mode, treatment limitation mode, holder's authentication mode and terminal
Risk management mode, step s3 is specifically included:
Step w1:MPOS chips send selection application instruction to IC chip;
Step w2:IC chip is according to selection application instruction selection application;
Step w3:IC chip sends selection application success response to MPOS chips;
Step w4:MPOS chips send to IC chip and apply initialization directive;
Step w5:The application that IC chip initialization has been selected;
Step w6:IC chip returns to application initialization successful respond to MPOS chips;
Step w7:MPOS chips send reading application recording instruction to IC chip;
Step w8:IC chip reads application record;
Step w9:IC chip returns to read record successful respond to MPOS chips;
Step w10:MPOS chips send off line certification and instruct to IC chip, and receiving the off line certification from IC chip should
Answer, off line authentication result is obtained according to off line certification response, terminal authentication result is updated according to off line authentication result;
Step w11:MPOS chips carry out treatment limitation and obtain treatment limitation result, root according to the treatment of itself limitation mode
Terminal authentication result is updated according to treatment limitation result;
Step w12:MPOS chips obtain the holder's authentication mode of itself according to read record successful respond;According to itself
Holder's authentication mode verifies to holder, holder's the result is obtained, according to holder's the result more new terminal
The result;
Step w13:MPOS chips carry out terminal risk management according to the terminal risk management mode of itself, obtain terminal wind
Danger management result, terminal authentication result is updated according to risk management result.
Step s4 is specially:MPOS chips carry out behavioural analysis according to terminal authentication result and the terminal behavior code of itself
Behavioural analysis result is obtained, if behavioural analysis result is authorization requests ciphertext, it is online process to set Trading Authorization result, is held
Row step s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, blue-tooth intelligence
Card Rejections are concluded the business, and are terminated;
Wherein, behavioural analysis is carried out according to terminal authentication result and the terminal behavior code of itself, obtains behavioural analysis knot
Really, specifically include:
Step t1:MPOS chips enter the data on the terminal authentication result bit corresponding with terminal behavior code
Row computing, obtains operation result, is analysis result according to operation result line;
Step t2:MPOS chips send request application cryptogram and instruct according to terminal behavior analysis result to IC chip;
Step t3:IC chip carries out card behavioural analysis, obtains card behavior analysis result;
Step t4:IC chip sends card behavioural analysis result to MPOS chips;
Step t5:MPOS chips are using card behavior analysis result as behavioural analysis result.
Step s5 is specially:MPOS chips are sent by Bluetooth channels to mobile terminal includes Trading Authorization result and transaction
The transaction message of the Transaction Information in instruction;
Step s6 is specially:MPOS chips receive the transaction response from mobile terminal by Bluetooth channels;
Step s7 is specially:MPOS chips are according to transaction response generation transaction record;
Step s8 is specially:MPOS chips send transaction record by Bluetooth channels to mobile terminal;Terminate;
Bluetooth intelligent card judges whether transaction risk according to the trading instruction, specially:MPOS chips are according to friendship
Easily instruction judges whether transaction risk;
The transaction stand-by mode is updated to more secure level by Bluetooth intelligent card, specially:MPOS chips will conclude the business accurate
Standby mode is updated to more secure level;
Bluetooth intelligent card updates the terminal behavior code of itself, specially:MPOS chips update the terminal behavior generation of itself
Code.
Wherein, transaction stand-by mode is updated to more secure level by MPOS chips, specially:MPOS chips are by off line certification
At least one of mode, treatment limitation mode, holder's authentication mode and terminal risk management mode are updated to safer level
Not, step w1 is performed.
Further, read record successful respond includes:The authentication list of holder first, correspondingly, step w12 is specific
For:If MPOS chips are judged in the absence of transaction risk, the holder first that will be received from IC chip according to trading instruction
Authentication list as itself the authentication list of holder second and preserve, holding for itself is obtained according to the authentication list of holder second
Card people's authentication mode, the holder's authentication mode according to itself is verified to holder;If MPOS chips are according to trading instruction
Judge there is transaction risk, then the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to itself
Holder's authentication mode holder is verified.
Further, the holder's authentication mode of itself is updated to more secure level by MPOS chips, specially:MPOS
Chip updates the authentication list of holder second, and the holder's authentication mode of itself is updated into more secure level.
Yet further, MPOS chips update the authentication list of holder second, and holder's authentication mode is updated to more to pacify
Full rank, specially:By the holder's authentication mode mark in the holder's authentication codes in the authentication list of holder second more
It is newly more secure level, holder's authentication mode is updated to more secure level.
It should be noted that, in the present embodiment, the bluetooth communication between Bluetooth intelligent card and mobile terminal can be, but not limited to
Realized by the bluetooth module of Bluetooth intelligent card itself.
Present embodiments provide a kind of method of blue-tooth intelligence card control transaction risk, there is provided a kind of Bluetooth intelligent card and
The method of its control transaction risk, the Bluetooth intelligent card connects without can just complete financial transaction by financial terminal, and work as
Receive after trading instruction, transaction risk is judged whether according to trading instruction, if there is risk, also include:Will transaction standard
Standby mode is traded preparations again after being updated to more secure level, according to transaction prepare result renewal terminal behavior result and/or
Person updates the terminal behavior code of itself before carrying out behavioural analysis;Entered according to terminal authentication result and terminal behavior code afterwards
Row behavioural analysis obtains behavioural analysis result, and on-line transaction is judged whether to according to behavioural analysis result, improves transaction
Security and convenience.
Embodiment 2
A kind of method of blue-tooth intelligence card control transaction risk is present embodiments provided, as shown in Fig. 2 including:
Step 101:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
In the present embodiment, mobile terminal can be, but not limited to be mobile phone.
Step 102:Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels;
For example, Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00
39 00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06
12 34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F
65 04 01 04 00 04。
Step 103:Bluetooth intelligent card obtains air control data and Transaction Information from trading instruction;
In the present embodiment, air control data for blue-tooth intelligence be stuck in perform process of exchange in risk control data, can with but
It is not limited to include:The hardware sequence number of mobile terminal, the communication number of mobile terminal, the Bluetooth MAC address of mobile terminal, movement
The IP address of terminal, the WIFI connection names of mobile terminal, the operating system version number of mobile terminal, dealing money, the day of trade
At least one in the information such as phase, exchange hour or type of transaction.
In the present embodiment, Transaction Information includes dealing money, trade date, exchange hour and information etc. type of transaction.
This step can be specially:Bluetooth intelligent card obtains dealing money, trade date, exchange hour from trading instruction
And type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and by dealing money, hand over
At least one information in easy date, exchange hour and type of transaction is used as air control data.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and
Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from trading instruction
Air control data are obtained in data in addition to Transaction Information.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and
Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from Transaction Information and
Air control data are obtained in the data in addition to Transaction Information in trading instruction.
For example, Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00
39 00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06
12 34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F
65 04 01 04 00 04, Bluetooth intelligent card is obtained in the 6th to the 11st byte in trading instruction from trading instruction
Data " 00 00 00 00 00 00 ", as dealing money;The data " 00 " in the 12nd byte are obtained, and is made
It is type of transaction;The data " 15 12 24 " in the 13rd to the 15th byte are obtained, and as trade date;Obtain the
Data " 17 09 28 " in 16 to the 18th bytes, and as exchange hour;Obtain the first default mark " 1F
61 ", the data " 06 " on first character section and after the first default mark, obtain first after the first default mark
After data " 06 " in byte, length is the data " 13 81 11 11 23 4F " of " 06 " individual byte, and according to mobile whole
The communication number form at end, by " 13811111234 " as mobile terminal communication number;Obtain the second default mark " 1F
62 ", the data " 06 " on first character section and after the second default mark, obtain first after the second default mark
After data " 06 " in byte, length is the data " 12 34 56 78 9ABC " of " 06 " individual byte, by " 12 34 56
78 9A BC " are used as the Bluetooth MAC address of mobile terminal;The 3rd default mark " 1F 63 " is obtained, and the 3rd presets mark
Data " 06 " on first character section afterwards, after the data " 06 " on first character section after the default mark of acquisition the 3rd
, length is the data " 19 21 68 00 12 12 " of " 06 " individual byte, by " 19 21 68 00 12 12 " as mobile whole
The IP address at end;Obtain the data on the first character section after the 4th default mark " 1F 64 ", and the 4th default mark
" 07 ", obtains after the data " 07 " on the first character section after the 4th default mark, and length is the number of " 07 " individual byte
According to " 66 65 69 74 69 61 6E ", by " 66 65 69 74 69 61 6E " as mobile terminal WIFI connection names;
The data " 04 " on the first character section after the 5th default mark " 1F 63 ", and the 5th default mark are obtained, the 5th is obtained
After the data " 04 " on first character section after default mark, length is the data " 01 04 00 of " 04 " individual byte
04 ", by " 01 04 00 04 " as mobile terminal operating system version number, and by the communication number of mobile terminal, it is mobile eventually
The operating system version of the Bluetooth MAC address at end, the IP address of mobile terminal, the WIFI connection names of mobile terminal and mobile terminal
This number used as air control data.
Step 104:Bluetooth intelligent card judged with the presence or absence of data in scratchpad area (SPA), if it is, by scratchpad area (SPA)
In data as air control historical data, perform step 117;Otherwise, Bluetooth intelligent card is by air control data Cun Chudao interim storages
Area, performs step 105;
For example:If Bluetooth intelligent card is judged for the scratchpad area (SPA) for preserving air control historical data in the absence of data, bluetooth
Smart card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth of mobile terminal
MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal
Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal;Storage is interim
Memory block, performs step 105.If Bluetooth intelligent card judges there are data for preserving the scratchpad area (SPA) of air control historical data,
Bluetooth intelligent card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, mobile terminal
Bluetooth MAC address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal
WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal operating system version " 01 04 00 04 " respectively as
The sub- air control historical data of air control historical data:The history communication number " 13811111234 " of mobile terminal, mobile terminal are gone through
History Bluetooth MAC address " 12 34 56 78 9A BC ", the history IP address " 19 21 68 00 12 12 " of mobile terminal, movement
The history WIFI connection names " 66 65 69 74 69 61 6E " of terminal and the historical operation system version " 01 04 of mobile terminal
00 04”;Perform step 117.
Step 105:Bluetooth intelligent card selects to apply according to trading instruction;
Specifically, type of transaction selection application of the Bluetooth intelligent card in trading instruction.
In the present embodiment, type of transaction is on-line transaction, is specifically included:Main account remaining sum is looked into, is consumed, transferred accounts, circle is deposited.
Correspondingly, Bluetooth intelligent card is according to the corresponding application of type of transaction selection.
Step 106:The application that blue-tooth intelligence card initialization has been selected;
In the present embodiment, also include in step 106:Bluetooth intelligent card initialization terminal the result;
Wherein, Bluetooth intelligent card initialization terminal the result is specially:Bluetooth intelligent card is by the institute of terminal authentication result
It is 0 to have the data initialization on bit.
Step 107:Bluetooth intelligent card reads application record;
In the present embodiment, what Bluetooth intelligent card read includes the authentication list of holder first of itself using record.
For example, the record of applying that Bluetooth intelligent card reads includes that the authentication list of holder first of itself is
“8E0A00000000000000001E03”。
Step 108:Bluetooth intelligent card carries out off line certification;
Specifically, off line parameters for authentication of the Bluetooth intelligent card in the terminal parameter of itself selects current off line authenticating party
Formula, off line certification is carried out according to current off line authentication mode, obtains off line authentication result, according to off line authentication result more new terminal
First byte of the result, the terminal authentication result after being updated.
Closer, off line parameters for authentication and off line authentication mode of the Bluetooth intelligent card in the terminal parameter of itself
Level of security select current off line authentication mode, off line certification is carried out according to current off line authentication mode, obtain off line certification
As a result, the first byte of terminal authentication result, the terminal authentication result after being updated are updated according to off line authentication result.
Specifically, Bluetooth intelligent card obtains static parameters for authentication in the terminal parameter of itself, dynamic authentication parameter and mixed
Close parameters for authentication;If only one value of parameter is " 1 " in three parameters, will be with parameter value for the parameter of " 1 " is corresponding
Off line authentication mode carries out off line certification as current off line authentication mode according to current off line authentication mode, obtains off line and recognizes
Card result;Otherwise, will be with parameter value be for " 1 " and level of security parameter high is used as current off line authentication mode, according to current de-
Machine authentication mode carries out off line certification, obtains off line authentication result, and the of terminal authentication result is updated according to off line authentication result
One byte, the terminal authentication result after being updated.
In the present embodiment, off line parameters for authentication includes:Static parameters for authentication SDA, dynamic authentication parameter DDA and hybrid authentication
Parameter CDA;Corresponding off line authentication mode is static certification, dynamic authentication and hybrid authentication respectively, and three kinds of authentication modes
Level of security be:Hybrid authentication>Dynamic authentication>Static certification.
For example, Bluetooth intelligent card obtains static parameters for authentication SDA, dynamic authentication parameter DDA in the terminal parameter of itself
With hybrid authentication parameter CDA, as SDA=1 and DDA=0 and CDA=0, Bluetooth intelligent card will be with static parameters for authentication SDA pairs
The static authentication mode answered carries out off line certification as current off line authentication mode, obtains off line authentication result;Work as SDA=1
And during DDA=1 and CDA=0, Bluetooth intelligent card is by parameter value is for " 1 " and level of security dynamic authentication parameter DDA high is corresponding
Dynamic authentication mode carries out off line certification as current off line certification, obtains off line authentication result;As SDA=1 and DDA=1
And during CDA=1, parameter value is " 1 " and the level of security corresponding hybrid authentications of hybrid authentication parameter CDA high by Bluetooth intelligent card
Mode carries out off line certification as current off line certification, off line authentication result is obtained, according to off line authentication result more new terminal
First byte of the result, the terminal authentication result after being updated.
In this step, off line certification is carried out according to current off line authentication mode, obtain off line authentication result, recognized according to off line
Card result updates the first byte of terminal authentication result, the terminal authentication result after being updated.Specially:According to current off line
Authentication mode carries out off line certification, if certification success, by the 7th bit in the first byte of terminal authentication result
Data be updated to " 0 ", the data on the 4th bit are updated to " 0 ", will be that data are updated to " 0 " on the 3rd bit.
Off line certification is carried out according to current off line authentication mode, if authentification failure, by the 7th in the first byte of terminal authentication result
It is that data are updated to " 1 " in data in data or the 4th bit or the 3rd bit on bit, after being updated
Terminal authentication result.
For example:After off line certification and certification success is carried out according to static authentication mode, Bluetooth intelligent card is by terminal authentication
The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit
Data are updated to " 0 ", the data on the 4th bit are updated into " 0 ", will be that data are updated to " 0 " on the 3rd bit.
The first character section " 00000000 " of the terminal authentication result after to renewal, i.e. hexadecimal data " 0x00 ", after being updated
Terminal authentication result be:0x00 0x00 0x00 0x00 0x00.
Step 109:Bluetooth intelligent card carries out treatment limitation;
Specifically, Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, is updated eventually according to treatment limitation result
Hold the second byte of the result, the terminal authentication result after being updated.
For example:Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, according to treatment limitation result more new terminal
Second byte of the result, second byte " 00000000 " of the terminal authentication result after being updated, i.e. hexadecimal
Data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 0x00 after being updated.
Step 110:Bluetooth intelligent card is verified to holder;
Specifically, Bluetooth intelligent card obtains current holder's authentication mode from the holder's authentication list of itself, according to
Current holder's authentication mode verifies that acquisition holder's the result updates according to holder's the result to holder
3rd byte of terminal authentication result, the terminal authentication result after being updated.
It should be noted that, if in step 104 Bluetooth intelligent card be judged as NO or step 118 in Bluetooth intelligent card be judged as
No, then Bluetooth intelligent card is judged in the absence of transaction risk, the then holder in the application record that Bluetooth intelligent card will read
First authentication list as itself the authentication list of holder second and preserve, itself is obtained according to the authentication list of holder second
Holder's authentication mode, the holder's authentication mode according to itself verifies to holder, obtains holder's the result,
The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result;If step
Bluetooth intelligent card is judged as YES in rapid 118, then Bluetooth intelligent card is according to judging there is transaction risk, then Bluetooth intelligent card according to
The authentication list of holder second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself enters to holder
Row checking, obtains holder's the result, and the 3rd byte of terminal authentication result is updated according to holder's the result, obtains
Terminal authentication result after renewal.
More specifically, if in step 104 Bluetooth intelligent card be judged as NO or step 118 in Bluetooth intelligent card be judged as
No, then Bluetooth intelligent card is judged in the absence of transaction risk, reset risk indicator position;If Bluetooth intelligent card judges in step 118
After being, then Bluetooth intelligent card is according to judging there is transaction risk, set risk indicator position.Correspondingly, step 110 is specific
For:Whether Bluetooth intelligent card detection risk flag bit is set, if it is not, then during the application that Bluetooth intelligent card will read is recorded
The authentication list of holder first as itself the authentication list of holder second and preserve, according to the authentication list of holder second
The holder's authentication mode of itself is obtained, the holder's authentication mode according to itself is verified to holder, obtain holder
The result, the 3rd byte of terminal authentication result, the terminal authentication after being updated are updated according to holder's the result
As a result;If it is, Bluetooth intelligent card obtains the holder's authentication mode of itself according to the authentication list of holder second, according to certainly
Holder's authentication mode of body verifies that acquisition holder's the result updates according to holder's the result to holder
3rd byte of terminal authentication result, the terminal authentication result after being updated.
Wherein, the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to the holder of itself
Authentication mode verifies to holder, obtains holder's the result, specially:Bluetooth intelligent card is from the holder of itself
In two authentication lists, the data after crossed joint are obtained, and according to the byte length of the data for getting, with each two byte
One or more holder's authentication codes are obtained for unit divide, on the first character section from holder's authentication codes
Data corresponding to binary data in, obtain binary data rear six number of bits according to and as holder's certification
Mode is identified, and according to first the presets list, holder's authentication mode identifies corresponding holder's authentication mode before searching, and will
It is verified to holder according to current holder's authentication mode as current holder's authentication mode, obtains holder and test
Card result.
For example:Holder second authentication list " 8E0A00000000000000001E03 " of the Bluetooth intelligent card from itself
In, the data " 1E03 " after acquisition crossed joint in the byte of (not including crossed joint) recognize " 1E03 " as holder
Card code, the binary data " 00011110 " corresponding to data " 1E " from the first character section with holder's authentication codes
In, after acquisition six number of bits according to " 011110 " and as holder's authentication mode mark, and according to as shown in table 1 the
One the presets list, it is " signature " to search holder's authentication mode corresponding with holder's authentication mode mark " 011110 ", and will
" signature " verifies that acquisition holds to holder as current holder's authentication mode according to current holder's authentication mode
People's the result.
Table 1
In the present embodiment, it is preferable that the level of security of holder's authentication mode is in on-line transaction:Without certification<Signature<
Online PIN checkings<Online PIN checkings+signature<Authentification failure.
In the present embodiment, verification mode can also be shown including holder's certificate in holder's authentication mode, its is corresponding
Holder's authentication mode is designated 100000.It should be noted that, first the presets list as shown in table 1 is only that the present embodiment is provided
A kind of performance holder authentication mode mark and holder's authentication mode between corresponding relation mode, the present invention in can represent
The mode that holder's authentication mode identifies the corresponding relation and holder's authentication mode between can also have various, in the present embodiment not
Repeat again.
In this step, holder is verified according to current holder's authentication mode, obtain holder's the result, root
According to holder's the result update terminal authentication result the 3rd byte, the terminal authentication result after being updated, specially:
Holder is verified according to current holder's authentication mode, if holder is proved to be successful, terminal is tested
The 3rd the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 0 ".If holder's authentication failed, will be eventually
The data on the 3rd the highest-order bit of byte (the 8th bit) of the result are held to be updated to " 1 ", after being updated
Terminal authentication result.
For example:When current holder's authentication mode is " signature " and after be proved to be successful, Bluetooth intelligent card would indicate that holder
One the highest-order bit of the binary data of byte of the result (the 8th bit) is updated to " 0 ", the end after being updated
Hold second byte " 00000000 " of the result, i.e. hexadecimal data " 0x00 ", the terminal authentication knot after being updated
Fruit 0x00 0x00 0x00 0x00 0x00.
Step 111:Bluetooth intelligent card carries out terminal risk management;
Specifically, Bluetooth intelligent card carries out terminal risk management, terminal risk management result is obtained, according to risk management knot
Fruit updates the 4th byte of terminal authentication result, the terminal authentication result after being updated.
More specifically, whether Bluetooth intelligent card detection dealing money exceedes trading limit, if it is, testing terminal if
The 4th the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 1 ", otherwise, by the 4th of terminal authentication result the
The highest-order bit (the 8th bit) of individual byte is updated to " 0 ".
For example, Bluetooth intelligent card detection dealing money 00 is no more than trading limit 5000, then by the of terminal authentication result
Four the highest-order bit of byte (the 8th bit) are updated to " 0 ", the 4th word of the terminal authentication result after being updated
Section " 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated
0x00。
In the present embodiment, trading limit is the top limit that Bluetooth intelligent card is supported transaction.
Step 112:Bluetooth intelligent card carries out behavioural analysis;Trading Authorization result is set;
Specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and default terminal behavior code (TAC), relatively
The data on bit answered are carried out obtaining operation result with computing, and terminal behavior analysis result, root are obtained according to operation result
Card behavioural analysis is carried out according to terminal behavior analysis result, card behavior analysis result is obtained, is set according to card behavior outcome
Trading Authorization result.
Wherein, card behavior analysis result is authorization requests ciphertext (ARQC) or application authorization ciphertext (AAC).
More specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and default terminal behavior code (TAC),
Data on corresponding bit carry out obtaining operation result with computing, if operation result is 0, set terminal analysis behavior
Result is log-in treatment, and card behavioural analysis is carried out according to terminal behavior analysis result, obtains card behavior analysis result,
Trading Authorization result is set according to card behavior analysis result;If operation result is non-zero, line is for analysis result
Requests transaction is refused, and card behavioural analysis is carried out according to terminal behavior analysis result, and it is application to obtain card behavior analysis result
Certification ciphertext (AAC), terminates Trading Authorization result for transaction is refused according to card behavior analysis result.
In the present embodiment, terminal authentication result includes 5 bytes, and terminal behavior code includes 5 bytes, terminal behavior generation
The bit of each byte of code is corresponded with the bit of each byte of terminal authentication result.Preferably, default terminal
7th bit, the 4th bit, the 3rd bit, the 3rd of the first character section with terminal authentication result in behavior code
Data on 8th bit of individual byte and the 4th corresponding bit of the 8th bit of byte are second value.
For example, the terminal authentication result after the renewal that obtains of Bluetooth intelligent card is 0x00 0x00 0x00 0x00 0x00,
The corresponding binary data of terminal authentication result is 00,000,000 00,000,000 00,000,000 00,000,000 00000000, blue
The default terminal behavior code of tooth smart card is 0x4c 0x00 0x80 0x80 0x00, the corresponding binary system of terminal behavior code
Data are 01,001,100 00,000,000 10,000,000 10,000,000 00000000;Bluetooth intelligent card is by terminal authentication result
Each bit of each byte bit corresponding with the terminal behavior code of itself each byte is carried out and computing, is obtained
Behavioural analysis result be 0x00,0x00,0x00,0x00,0x00, line be analysis result be log-in treatment,
Card behavioural analysis is carried out according to terminal behavior analysis result, the card behavior analysis result for obtaining is authorization requests ciphertext
(ARQC) Trading Authorization result, is set to by online process " 0x02 " according to card behavior analysis result, step 113 is performed.
It should be noted that, in the present embodiment, terminal behavior code (TAC) is specially terminal behavior code (TAC)-refusal.
Step 113:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization result, Transaction Information
With the transaction message of air control data;
Specifically, Bluetooth intelligent card is signed to air control data, obtains signature value, tissue include Trading Authorization result,
The transaction message of Transaction Information, air control data and signature value, being sent to mobile terminal by Bluetooth channels includes Trading Authorization knot
Really, the transaction message of Transaction Information, air control data and signature value.
For example:Bluetooth intelligent card tissue includes the transaction report of Trading Authorization result, Transaction Information, air control data and signature value
Wen Hou, the transaction message for obtaining is:02 95 05 08 80 00 00 00 9a 03 15 12 24 9f 37 04 cb b9
32 b3 82 02 7c 00 9f 36 02 00 3b 9f 27 01 80 9f 26 08 b7 63 29 74 b0 98 77 92
9f 10 08 07 01 01 03 a4 b8 04 01 9f 34 03 41 03 02 9f 41 04 00 00 00 03 84 07
a0 00 00 03 33 01 01 9f 09 02 00 8c 9c 01 31 5f 2a 02 01 56 9f 1a 02 01 56 9f
03 06 00 00 00 00 00 00 9f 33 03 a0 c8 c8 9f 35 01 34 9f 1e 08 00 00 00 00 00
00 00 00 9f 02 06 00 00 00 00 00 00 7E 3E 01 C4 5E 05 B6 D1 99 E0 CD 67 3C 44
EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD 16 F5 44 68 E0 CE 87
0B DF 63 E2 39 E2 7A 1B 48 D8 9E AF 52 AA 6D 0C 7A 8A 21 08 DC F0 2A 7A 62 D1
44 F6 3B 10 81 7B 79 5C 5C 1C F8 2C 92 E0.Wherein, first character section " 02 " is Trading Authorization result,
Represent online process;" 9f 02 06 00 00 00 00 00 00 " is dealing money, represents that dealing money is 0 yuan;“9a 03
15 12 24 " it is trade date, expression trade date is on December 24th, 2015.Wherein, " the B6 of 01 C4 5E of 7E 3E 05
D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD
The E2 7A 1B of 16 F5,44 68 E0 CE, 87 0B DF, 63 E2 39 " are air control data;“48 D8 9E AF 52 AA 6D
The E0 of 21 08 79 5C 5C 1C F8 2C of DC 10 81 7B of F0 2A 7A 62 D1,44 F6 3B of 0C 7A 8A 92 " are
Signature value.
It should be noted that, Bluetooth intelligent card can also be signed before this step to air control data, be signed
Value.
It should be noted that, if if Bluetooth intelligent card is tested holder according to online PIN verification modes in step 110
Card, the online PIN code of the user input also got including Bluetooth intelligent card in transaction message.
This step may be replaced by:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization knot
Fruit and the transaction message of Transaction Information.
Step 114:Bluetooth intelligent card receives the transaction response from mobile terminal by Bluetooth channels;
Step 115:Bluetooth intelligent card is according to transaction response generation transaction record;
Step 116:Bluetooth intelligent card sends transaction record by Bluetooth channels to mobile terminal, terminates.
After mobile terminal receives the transaction record from Bluetooth intelligent card by Bluetooth channels, sent to server and handed over
Easily record.
Step 117:Bluetooth intelligent card is calculated according to air control historical data and air control data, obtains air control index;
Specifically, Bluetooth intelligent card judges whether sub- air control data match with sub- air control historical data, if it is, will
Air control index is set to " 0 ";Otherwise, sub- air control data and the sub- unmatched number of air control historical data are calculated, and divided by sub- wind
The sum of data is controlled, air control index is obtained.
For example:Sub- air control historical data is respectively:History communication number " 13811111234 ", the movement of mobile terminal are eventually
The history Bluetooth MAC address " 12 34 56 78 9A BC " at end, the history IP address " 19 21 68 00 12 of mobile terminal
12 ", the history WIFI connection names " 66 65 69 74 69 61 6E " and the historical operation system of mobile terminal of mobile terminal
Version " 01 04 00 04 ";Sub- air control data are respectively:The communication number " 13811111234 " of mobile terminal, the indigo plant of mobile terminal
Tooth MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal
Operating system version " 01 04 00 04 " of WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal;Bluetooth intelligence
Energy calorimeter operator air control data are 1 with the corresponding sub- unmatched number of air control historical data, and divided by the total of sub- air control data
Number 5, obtains air control index 0.2.
Step 118:Whether Bluetooth intelligent card judges air control index more than the first risk threshold value, if it is, performing step
119;Otherwise, step 120 is performed;
For example:Bluetooth intelligent card judges that air control index 0.2, less than the first risk threshold value 0.5, performs step 120.
Step 119:Bluetooth intelligent card is by itself off line authentication mode or holder's authentication mode or trading limit
At least one, it is updated to safer rank, return to step 105;
Specifically, Bluetooth intelligent card reduces trading limit or the off line parameters for authentication in terminal parameter by off line certification
Mode is updated to level of security off line authentication mode higher by the relatively low off line authentication mode of level of security;Or renewal holds
The authentication list of people second, more secure level is updated to by holder's authentication mode.
In this step, trading limit is updated to more secure level, specially:Bluetooth intelligent card reduction trading limit, example
Such as:Trading limit is reduced to 1000 yuan by Bluetooth intelligent card by 5000 yuan.
Wherein, the off line parameters for authentication in terminal parameter is recognized off line authentication mode by the relatively low off line of level of security
Card mode is updated to level of security off line authentication mode higher, specially:By the off line authentication mode higher with level of security
The parameter value of corresponding parameter is updated to " 1 " by " 0 ".
For example:As SDA=1 and DDA=0 and CDA=0, DDA by 0 is updated to 1 and/or CDA is updated to 1 by 0;
As SDA=1 and DDA=1 and CDA=0, CDA is updated to 1 by 0;As SDA=0 and DDA=1 and CDA=0, by CDA by
0 is updated to 1.
Wherein, the authentication list of holder second is updated, holder's authentication mode more secure level is updated to, specially:
Holder's authentication mode in holder's authentication codes in the authentication list of holder second is identified, more secure level is updated to,
Holder's authentication mode is updated to more secure level.
For example, when the authentication list of holder second is " 8E0A00000000000000001E03 ", by holder's certification generation
Holder's certification mark in code " 1E03 " is updated to " 000011 " by " 011110 ", so that by holder's authentication mode by signing
Mode is updated to the online PIN checkings+signature scheme of level of security input higher;Correspondingly, the holder's certification generation after renewal
Code is " 0303 ", and the authentication list of holder second is " 8E0A00000000000000000303 ", correspondingly, step after renewal
Specifically included in 110:Bluetooth intelligent card points out the online pin of user input and signature, if in the second Preset Time and preset times
The interior online pin of user input and signature, Bluetooth intelligent card are tested holder according to the online pin and signature of user input
Card, if user is not input into online pin and signature in the second Preset Time or in preset times, Bluetooth intelligent card is judged to hold
People's authentification failure.
It should be noted that, in the present embodiment, if the off line authentication mode of Bluetooth intelligent card, holder's authentication mode and transaction
Limit is most level of security, then after being judged as YES in step 118, the direct return to step 105 of Bluetooth intelligent card.
Step 120:Bluetooth intelligent card by air control data Cun Chudao scratchpad area (SPA)s, return to step 105;
Specifically, be used for for air control data Cun Chudao in the scratchpad area (SPA) for preserve air control historical data by Bluetooth intelligent card.
The present embodiment additionally provides a kind of method of blue-tooth intelligence card control transaction risk, as shown in figure 3, including:
Step 201:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
In the present embodiment, mobile terminal can be, but not limited to be mobile phone.
Step 202:Mobile terminal sends trading instruction by Bluetooth channels to Bluetooth intelligent card;
Step 203:Bluetooth intelligent card obtains air control data and Transaction Information from trading instruction;
In the present embodiment, air control data for blue-tooth intelligence be stuck in perform process of exchange in risk control data, can with but
It is not limited to include:The hardware sequence number of mobile terminal, the communication number of mobile terminal, the Bluetooth MAC address of mobile terminal, movement
The IP address of terminal, the WIFI connection names of mobile terminal, the operating system version number of mobile terminal, dealing money, the day of trade
At least one in the information such as phase, exchange hour or type of transaction.
In the present embodiment, Transaction Information includes dealing money, trade date, exchange hour and information etc. type of transaction.
This step can be specially:Bluetooth intelligent card obtains dealing money, trade date, exchange hour from trading instruction
And type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and by dealing money, hand over
At least one information in easy date, exchange hour and type of transaction is used as air control data.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and
Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from trading instruction
Air control data are obtained in data in addition to Transaction Information.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and
Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from Transaction Information and
Air control data are obtained in the data in addition to Transaction Information in trading instruction.
For example, Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00
39 00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06
12 34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F
65 04 01 04 00 04, Bluetooth intelligent card is obtained in the 6th to the 11st byte in trading instruction from trading instruction
Data " 00 00 00 00 00 00 ", as dealing money;The data " 00 " in the 12nd byte are obtained, and is made
It is type of transaction;The data " 15 12 24 " in the 13rd to the 15th byte are obtained, and as trade date;Obtain the
Data " 17 09 28 " in 16 to the 18th bytes, and as exchange hour;Obtain the first default mark " 1F
61 ", the data " 06 " on first character section and after the first default mark, obtain first after the first default mark
After data " 06 " in byte, length is the data " 13 81 11 11 23 4F " of " 06 " individual byte, and according to mobile whole
The communication number form at end, by " 13811111234 " as mobile terminal communication number;Obtain the second default mark " 1F
62 ", the data " 06 " on first character section and after the second default mark, obtain first after the second default mark
After data " 06 " in byte, length is the data " 12 34 56 78 9A BC " of " 06 " individual byte, by " 12 34 56
78 9A BC " are used as the Bluetooth MAC address of mobile terminal;The 3rd default mark " 1F 63 " is obtained, and the 3rd presets mark
Data " 06 " on first character section afterwards, after the data " 06 " on first character section after the default mark of acquisition the 3rd
, length is the data " 19 21 68 00 12 12 " of " 06 " individual byte, by " 19 21 68 00 12 12 " as mobile whole
The IP address at end;Obtain the data on the first character section after the 4th default mark " 1F 64 ", and the 4th default mark
" 07 ", obtains after the data " 07 " on the first character section after the 4th default mark, and length is the number of " 07 " individual byte
According to " 66 65 69 74 69 61 6E ", by " 66 65 69 74 69 61 6E " as mobile terminal WIFI connection names;
The data " 04 " on the first character section after the 5th default mark " 1F 63 ", and the 5th default mark are obtained, the 5th is obtained
After the data " 04 " on first character section after default mark, length is the data " 01 04 00 of " 04 " individual byte
04 ", by " 01 04 00 04 " as mobile terminal operating system version number, and by the communication number of mobile terminal, it is mobile eventually
The operating system version of the Bluetooth MAC address at end, the IP address of mobile terminal, the WIFI connection names of mobile terminal and mobile terminal
This number used as air control data.
Step 204:Bluetooth intelligent card judged with the presence or absence of data in scratchpad area (SPA), if it is, by scratchpad area (SPA)
In data as air control historical data, perform step 223;Otherwise, Bluetooth intelligent card is by air control data Cun Chudao interim storages
Area, performs step 205;
For example:If Bluetooth intelligent card is judged for the scratchpad area (SPA) for preserving air control historical data in the absence of data, bluetooth
Smart card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth of mobile terminal
MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal
Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal,;Storage is interim
Memory block, performs step 205.If Bluetooth intelligent card judges there are data for preserving the scratchpad area (SPA) of air control historical data,
Bluetooth intelligent card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, mobile terminal
Bluetooth MAC address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal
WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal operating system version " 01 04 00 04 " respectively as
The sub- air control historical data of air control historical data:The history communication number " 13811111234 " of mobile terminal, mobile terminal are gone through
History Bluetooth MAC address " 12 34 56 78 9A BC ", the history IP address " 19 21 68 00 12 12 " of mobile terminal, movement
The history WIFI connection names " 66 65 69 74 69 61 6E " of terminal and the historical operation system version " 01 04 of mobile terminal
00 04”;Perform step 223.
Step 205:Bluetooth intelligent card selects to apply according to trading instruction;
Specifically, type of transaction selection application of the Bluetooth intelligent card in trading instruction.
In the present embodiment, type of transaction is on-line transaction, is specifically included:Main account remaining sum is looked into, is consumed, transferred accounts, circle is deposited.
Correspondingly, Bluetooth intelligent card is according to the corresponding application of type of transaction selection.
Step 206:The application that blue-tooth intelligence card initialization has been selected;
In the present embodiment, also include in step 206:Bluetooth intelligent card initialization terminal the result;
Wherein, Bluetooth intelligent card initialization terminal the result is specially:Bluetooth intelligent card is by the institute of terminal authentication result
It is 0 to have the data initialization on bit.
Step 207:Bluetooth intelligent card reads application record;
In the present embodiment, what Bluetooth intelligent card read includes the authentication list of holder first of itself using record.
For example, the record of applying that Bluetooth intelligent card reads includes that the authentication list of holder first of itself is
“8E0A00000000000000001E03”。
Step 208:Bluetooth intelligent card carries out off line certification;
Specifically, off line parameters for authentication of the Bluetooth intelligent card in the terminal parameter of itself selects current off line authenticating party
Formula, off line certification is carried out according to current off line authentication mode, obtains off line authentication result, according to off line authentication result more new terminal
First byte of the result, the terminal authentication result after being updated.
Closer, off line parameters for authentication and off line authentication mode of the Bluetooth intelligent card in the terminal parameter of itself
Level of security select current off line authentication mode, current off line certification is carried out according to current off line authentication mode, obtain off line
Authentication result, the first byte of terminal authentication result, the terminal authentication result after being updated are updated according to off line authentication result.
Specifically, Bluetooth intelligent card obtains static parameters for authentication in the terminal parameter of itself, dynamic authentication parameter and mixed
Close parameters for authentication;If only one value of parameter is " 1 " in three parameters, will be with parameter value for the parameter of " 1 " is corresponding
Off line authentication mode carries out off line certification as current off line authentication mode according to current off line authentication mode, obtains off line and recognizes
Card result;Otherwise, will be with parameter value be for " 1 " and level of security parameter high is used as current off line authentication mode, according to current de-
Machine authentication mode carries out off line certification, obtains off line authentication result, and the of terminal authentication result is updated according to off line authentication result
One byte, the terminal authentication result after being updated.
In the present embodiment, off line parameters for authentication includes:Static parameters for authentication SDA, dynamic authentication parameter DDA and hybrid authentication
Parameter CDA;Corresponding off line authentication mode is static certification, dynamic authentication and hybrid authentication respectively, and three kinds of authentication modes
Level of security be:Hybrid authentication>Dynamic authentication>Static certification.
For example, Bluetooth intelligent card obtains static parameters for authentication SDA, dynamic authentication parameter DDA in the terminal parameter of itself
With hybrid authentication parameter CDA, as SDA=1 and DDA=0 and CDA=0, Bluetooth intelligent card will be with static parameters for authentication SDA pairs
The static authentication mode answered carries out off line certification as current off line authentication mode, obtains off line authentication result;Work as SDA=1
And during DDA=1 and CDA=0, Bluetooth intelligent card is by parameter value is for " 1 " and level of security dynamic authentication parameter DDA high is corresponding
Dynamic authentication mode carries out off line certification as current off line certification, obtains off line authentication result;As SDA=1 and DDA=1
And during CDA=1, parameter value is " 1 " and the level of security corresponding hybrid authentications of hybrid authentication parameter CDA high by Bluetooth intelligent card
Mode carries out off line certification as current off line certification, off line authentication result is obtained, according to off line authentication result more new terminal
First byte of the result, the terminal authentication result after being updated.
In this step, off line certification is carried out according to current off line authentication mode, obtain off line authentication result, recognized according to off line
Card result updates the first byte of terminal authentication result, specially:Off line certification is carried out according to current off line authentication mode, if
Off line certification success, then update the data on the highest-order bit (the 8th bit) in the first byte of terminal authentication result
It is " 0 ";And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to " 0 ", are compared the 3rd
It is that data are updated to " 0 " on special position.Off line certification is carried out according to current off line authentication mode, if authentification failure, by terminal authentication
The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit
It is that data are updated to " 1 " in data or the 3rd bit in data or the 4th bit.
For example:After off line certification and certification success is carried out according to dynamic authentication mode, Bluetooth intelligent card is by terminal authentication
The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit
Data are updated to " 0 ", the data on the 4th bit are updated into " 0 ", will be that data are updated to " 0 " on the 3rd bit.
The first character section " 00000000 " of the terminal authentication result after to renewal, i.e., after hexadecimal data " 0x00 " is updated
Terminal authentication result is:0x00 0x00 0x00 0x00 0x00.
Step 209:Bluetooth intelligent card carries out treatment limitation;
Specifically, Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, is updated eventually according to treatment limitation result
Hold the second byte of the result, the terminal authentication result after being updated.
For example:Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, according to treatment limitation result more new terminal
Second byte of the result, second byte " 00000000 " of the terminal authentication result after being updated, i.e. hexadecimal
Data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 0x00 after being updated.
Step 210:Bluetooth intelligent card is verified to holder;
Specifically, Bluetooth intelligent card obtains current holder's authentication mode from the holder's authentication list of itself, according to
Current holder's authentication mode verifies that acquisition holder's the result updates according to holder's the result to holder
3rd byte of terminal authentication result, the terminal authentication result after being updated.
It should be noted that, if in step 204 Bluetooth intelligent card be judged as NO or step 224 in Bluetooth intelligent card be judged as
No, then Bluetooth intelligent card is judged in the absence of transaction risk, the then holder in the application record that Bluetooth intelligent card will read
First authentication list as itself the authentication list of holder second and preserve, itself is obtained according to the authentication list of holder second
Holder's authentication mode, the holder's authentication mode according to itself verifies to holder, obtains holder's the result,
The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result;If step
Bluetooth intelligent card is judged as YES in rapid 224, then Bluetooth intelligent card is according to judging there is transaction risk, then Bluetooth intelligent card according to
The authentication list of holder second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself enters to holder
Row checking, obtains holder's the result, and the 3rd byte of terminal authentication result is updated according to holder's the result, obtains
Terminal authentication result after renewal.
More specifically, if in step 204 Bluetooth intelligent card be judged as NO or step 224 in Bluetooth intelligent card be judged as
No, then Bluetooth intelligent card is judged in the absence of transaction risk, reset risk indicator position;If Bluetooth intelligent card judges in step 224
After being, then Bluetooth intelligent card is according to judging there is transaction risk, set risk indicator position.Correspondingly, step 210 is specific
For:Whether Bluetooth intelligent card detection risk flag bit is set, if it is not, then during the application that Bluetooth intelligent card will read is recorded
The authentication list of holder first as itself the authentication list of holder second and preserve, according to the authentication list of holder second
The holder's authentication mode of itself is obtained, the holder's authentication mode according to itself is verified to holder, obtain holder
The result, the 3rd byte of terminal authentication result, the terminal authentication after being updated are updated according to holder's the result
As a result;If it is, Bluetooth intelligent card obtains the holder's authentication mode of itself according to the authentication list of holder second, according to certainly
Holder's authentication mode of body verifies that acquisition holder's the result updates according to holder's the result to holder
3rd byte of terminal authentication result, the terminal authentication result after being updated.
Wherein, the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to the holder of itself
Authentication mode verifies to holder, obtains holder's the result, specially:Bluetooth intelligent card is from the holder of itself
In two authentication lists, the data after crossed joint are obtained, and according to the byte length of the data for getting, with each two byte
One or more holder's authentication codes are obtained for unit divide, on the first character section from holder's authentication codes
Data corresponding to binary data in, obtain binary data rear six number of bits according to and as holder's certification
Mode is identified, and according to first the presets list, holder's authentication mode identifies corresponding holder's authentication mode before searching, and will
It is verified to holder according to current holder's authentication mode as current holder's authentication mode, obtains holder and test
Card result, the 3rd byte of terminal authentication result, the terminal authentication knot after being updated are updated according to holder's the result
Really.
For example:Bluetooth intelligent card is from the authentication list of holder second of itself
" 8E0A00000000000000001E03 ", the data after acquisition crossed joint in the byte of (not including crossed joint)
" 1E03 ", by " 1E03 " as holder's authentication codes, the data " 1E " from the first character section with holder's authentication codes
In corresponding binary data " 00011110 ", six number of bits are according to " 011110 " and as holder's certification after acquisition
Mode is identified, and according to first the presets list as shown in table 1, is searched corresponding with holder's authentication mode mark " 011110 "
Holder's authentication mode is " signature ", and by " signature " as current holder's authentication mode, according to current holder's authenticating party
Formula verifies to holder, obtains holder's the result.In this step, according to current holder's authentication mode to holder
Verified, obtained holder's the result, the 3rd byte of terminal authentication result, tool are updated according to holder's the result
Body is:
Holder is verified according to current holder's authentication mode, if holder is proved to be successful, terminal is tested
The 3rd the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 0 ".If holder's authentication failed, will be eventually
The data on the 3rd the highest-order bit of byte (the 8th bit) of the result are held to be updated to " 1 ".
For example:When current holder's authentication mode is " signature " and after be proved to be successful, Bluetooth intelligent card would indicate that holder
One the highest-order bit of the binary data of byte of the result (the 8th bit) to the 4th bit is updated to " 0 ",
3rd bit is updated to " 0 ", second byte " 00000000 " of the terminal authentication result after being updated, i.e., ten six enter
Data " 0x00 " processed, the terminal authentication result after being updated, 0x00 0x00 0x00 0x00 0x00.
Step 211:Bluetooth intelligent card carries out terminal risk management;
Specifically, Bluetooth intelligent card carries out terminal risk management, terminal risk management result is obtained, according to risk management knot
Fruit updates the 4th byte of terminal authentication result, the terminal authentication result after being updated.
More specifically, whether Bluetooth intelligent card detection dealing money exceedes trading limit, if it is, testing terminal if
The 4th the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 1 ", otherwise, by the 4th of terminal authentication result the
The highest-order bit (the 8th bit) of individual byte is updated to " 0 ".
For example, Bluetooth intelligent card detection dealing money 00 is no more than trading limit 5000, then by the of terminal authentication result
Four the highest-order bit of byte (the 8th bit) are updated to " 0 ", the 4th word of the terminal authentication result after being updated
Section " 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated
0x00。
In the present embodiment, trading limit is the top limit that Bluetooth intelligent card is supported single transaction.
Step 212:Bluetooth intelligent card carries out behavioural analysis;Trading Authorization result is set;
Specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and default terminal behavior code (TAC), relatively
The data on bit answered are carried out obtaining operation result with computing, and terminal behavior analysis result, root are obtained according to operation result
Card behavioural analysis is carried out according to terminal behavior analysis result, card behavior analysis result is obtained, is set according to card behavior outcome
Trading Authorization result.
Wherein, card behavior analysis result is authorization requests ciphertext (ARQC) or application authorization ciphertext (AAC).
More specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and default terminal behavior code (TAC),
Data on corresponding bit carry out obtaining operation result with computing, if operation result is 0, set terminal analysis behavior
Result is log-in treatment, and card behavioural analysis is carried out according to terminal behavior analysis result, obtains card behavior analysis result,
Trading Authorization result is set according to card behavior analysis result;If operation result is non-zero, line is for analysis result
Requests transaction is refused, and card behavioural analysis is carried out according to terminal behavior analysis result, and it is application to obtain card behavior analysis result
Certification ciphertext (AAC), terminates Trading Authorization result for transaction is refused according to card behavior analysis result.
For example, the terminal authentication result after the renewal that obtains of Bluetooth intelligent card is 0x00 0x00 0x00 0x00 0x00,
The corresponding binary data of terminal authentication result is 00,000,000 00,000,000 00,000,000 00,000,000 00000000, blue
The default terminal behavior code of tooth smart card is 0x4c 0x00 0x80 0x80 0x00, the corresponding binary system of terminal behavior code
Data are 01,001,100 00,000,000 10,000,000 10,000,000 00000000;Bluetooth intelligent card is by terminal authentication result
Each bit of each byte bit corresponding with the terminal behavior code of itself each byte is carried out and computing, is obtained
Behavioural analysis result be 0x00,0x00,0x00,0x00,0x00, line be analysis result be log-in treatment,
Card behavioural analysis is carried out according to terminal behavior analysis result, the card behavior analysis result for obtaining is authorization requests ciphertext
(ARQC) Trading Authorization result, is set to by online process " 0x02 " according to card behavior analysis result, step 213 is performed.
In the present embodiment, terminal authentication result includes 5 bytes, and terminal behavior code includes 5 bytes, terminal behavior generation
The bit of each byte of code is corresponded with the bit of each byte of terminal authentication result.
Step 213:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization result, Transaction Information
With the transaction message of air control data;
Specifically, Bluetooth intelligent card is signed to air control data, obtains signature value, tissue include Trading Authorization result,
The transaction message of Transaction Information, air control data and signature value, being sent to mobile terminal by Bluetooth channels includes Trading Authorization knot
Really, the transaction message of Transaction Information, air control data and signature value.
For example:Bluetooth intelligent card tissue includes the transaction report of Trading Authorization result, Transaction Information, air control data and signature value
Wen Hou, the transaction message for obtaining is:02 95 05 08 80 00 00 00 9a 03 15 12 24 9f 37 04 cb b9
32 b3 82 02 7c 00 9f 36 02 00 3b 9f 27 01 80 9f 26 08 b7 63 29 74 b0 98 77 92
9f 10 08 07 01 01 03 a4 b8 04 01 9f 34 03 41 03 02 9f 41 04 00 00 00 03 84 07
a0 00 00 03 33 01 01 9f 09 02 00 8c 9c 01 31 5f 2a 02 01 56 9f 1a 02 01 56 9f
03 06 00 00 00 00 00 00 9f 33 03 a0 c8 c8 9f 35 01 34 9f 1e 08 00 00 00 00 00
00 00 00 9f 02 06 00 00 00 00 00 00 7E 3E 01 C4 5E 05 B6 D1 99 E0 CD 67 3C 44
EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD 16 F5 44 68 E0 CE 87
0B DF 63 E2 39 E2 7A 1B 48 D8 9E AF 52 AA 6D 0C 7A 8A 21 08 DC F0 2A 7A 62 D1
44 F6 3B 10 81 7B 79 5C 5C 1C F8 2C 92 E0.Wherein, first character section " 02 " is Trading Authorization result,
Represent online process;" 9f 02 06 00 00 00 00 00 00 " is dealing money, represents that dealing money is 0 yuan;“9a 03
15 12 24 " it is trade date, expression trade date is on December 24th, 2015.Wherein, " the B6 of 01 C4 5E of 7E 3E 05
D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD
The E2 7A 1B of 16 F5,44 68 E0 CE, 87 0B DF, 63 E2 39 " are air control data;“48 D8 9E AF 52 AA 6D
The E0 of 21 08 79 5C 5C 1C F8 2C of DC 10 81 7B of F0 2A 7A 62 D1,44 F6 3B of 0C 7A 8A 92 " are
Signature value.
It should be noted that, Bluetooth intelligent card can also be signed before this step to air control data, be signed
Value.
It should be noted that, if if Bluetooth intelligent card is tested holder according to online PIN verification modes in step 210
Card, the online PIN code of the user input also got including Bluetooth intelligent card in transaction message.
This step may be replaced by:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization knot
Fruit and the transaction message of Transaction Information.
Step 214:Mobile terminal is according to the online message of transaction message tissue;
Step 215:Mobile terminal sends online message to server;
Step 216:Server carries out risk management according to online message, obtains risk management result;
Step 217:Server is according to the transaction response of risk management result tissue;
Step 218:Server sends transaction response to mobile terminal;
Step 219:Mobile terminal sends transaction response by Bluetooth channels to Bluetooth intelligent card;
Step 220:Bluetooth intelligent card is according to transaction response generation transaction record;
Step 221:Bluetooth intelligent card sends transaction record by Bluetooth channels to mobile terminal;
Step 222:Mobile terminal completes transaction according to transaction record.
Step 223:Bluetooth intelligent card is calculated according to air control historical data and air control data, obtains air control index;
Specifically, Bluetooth intelligent card judges whether sub- air control data match with sub- air control historical data, if it is, will
Air control index is set to " 0 ";Otherwise, sub- air control data and the sub- unmatched number of air control historical data are calculated, and divided by sub- wind
The sum of data is controlled, air control index is obtained.
For example:Sub- air control historical data is respectively:History communication number " 13811111234 ", the movement of mobile terminal are eventually
The history Bluetooth MAC address " 12 34 56 78 9A BC " at end, the history IP address " 19 21 68 00 12 of mobile terminal
12 ", the history WIFI connection names " 66 65 69 74 69 61 6E " and the historical operation system of mobile terminal of mobile terminal
Version " 01 04 00 04 ";Sub- air control data are respectively:The communication number " 13811111234 " of mobile terminal, the indigo plant of mobile terminal
Tooth MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal
Operating system version " 01 04 00 04 " of WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal;Bluetooth intelligence
Energy calorimeter operator air control data are 1 with the corresponding sub- unmatched number of air control historical data, and divided by the total of sub- air control data
Number 5, obtains air control index 0.2.
Step 224:Whether Bluetooth intelligent card judges air control index more than the first risk threshold value, if it is, performing step
225;Otherwise, step 226 is performed;
For example:Bluetooth intelligent card judges that air control index 0.2, less than the first risk threshold value 0.5, performs step 220.
Step 225:Bluetooth intelligent card is by itself off line authentication mode or holder's authentication mode or trading limit
At least one, it is updated to safer rank, return to step 205;
Specifically, Bluetooth intelligent card reduces trading limit or the off line parameters for authentication in terminal parameter by off line certification
Mode is updated to level of security off line authentication mode higher by the relatively low off line authentication mode of level of security;Or renewal holds
The authentication list of people second, safer rank is updated to by holder's authentication mode.
In this step, Bluetooth intelligent card reduction trading limit can be, for example,:Bluetooth intelligent card is by trading limit by 5000
Unit is reduced to 1000 yuan.
Wherein, the off line parameters for authentication in terminal parameter is recognized off line authentication mode by the relatively low off line of level of security
Card mode is updated to level of security off line authentication mode higher, specially:By the off line authentication mode higher with level of security
The parameter value of corresponding parameter is updated to " 1 " by " 0 ".
For example:As SDA=1 and DDA=0 and CDA=0, DDA by 0 is updated to 1 and/or CDA is updated to 1 by 0;
As SDA=1 and DDA=1 and CDA=0, CDA is updated to 1 by 0;As SDA=0 and DDA=1 and CDA=0, by CDA by
0 is updated to 1.
Wherein, the authentication list of holder second is updated, holder's authentication mode more secure level is updated to, specially:
Holder's authentication mode mark in holder's authentication codes in the authentication list of holder second is updated to more secure level, will
Holder's authentication mode is updated to more secure level.
For example, when the authentication list of holder second is " 8E0A00000000000000001E03 ", by holder's certification generation
Holder's certification mark in code " 1E03 " is updated to " 000011 " by " 011110 ", so that by holder's authentication mode by signing
Mode is updated to the online PIN checkings+signature scheme of level of security input higher;Correspondingly, the holder's certification generation after renewal
Code be " 0303 ", after renewal the authentication list of holder second be " 8E0A00000000000000000303 " correspondingly, step 210
In specifically include:Bluetooth intelligent card points out the online pin of user input and signature, if being used in the second Preset Time and preset times
Family is input into online pin and signature, and Bluetooth intelligent card is verified according to the online pin and signature of user input to holder, if
User is not input into online pin and signature in the second Preset Time or in preset times, and Bluetooth intelligent card judges that holder recognizes
Card failure.
Step 226:Bluetooth intelligent card by air control data Cun Chudao scratchpad area (SPA)s, return to step 205;
Specifically, be used for for air control data Cun Chudao in the scratchpad area (SPA) for preserve air control historical data by Bluetooth intelligent card.
In the present embodiment, after the application that blue-tooth intelligence card initialization has been selected, also include before off line certification:Bluetooth
Type of transaction in Transaction Information of the smart card in trading instruction judges whether the dealing money in display Transaction Information, such as
It is really no, then off line certification is carried out, continue;If it is, display dealing money, waits user to confirm, when in the first Preset Time
After inside detecting user's confirmation, off line certification is carried out, continued;If not detecting user's confirmation in the first Preset Time
Information, error message is returned to mobile terminal;
After setting Trading Authorization result, being sent to mobile terminal by Bluetooth channels includes that Trading Authorization result and transaction refer to
Before the transaction message of the Transaction Information in order, also include:Bluetooth intelligent card judges Trading Authorization result for transaction refusal or joins
Machine treatment, if Trading Authorization result is refused for transaction, the transaction of blue-tooth intelligence Card Rejections, display refusal Transaction Information;If transaction
Authorization result is online process, and the friendship included in Trading Authorization result and trading instruction is sent to mobile terminal by Bluetooth channels
The transaction message of easy information, continues.
It should be noted that, in the present embodiment, the bluetooth communication between Bluetooth intelligent card and mobile terminal can be, but not limited to
Realized by the bluetooth module of Bluetooth intelligent card itself.
A kind of method of blue-tooth intelligence card control transaction risk is present embodiments provided, the Bluetooth intelligent card need not pass through
Financial terminal can just complete financial transaction, and during transaction, the air control data according to itself calculate air control index,
When air control index be more than the first risk threshold value when, by conclude the business stand-by mode in off line authentication mode or holder's authentication mode or
At least one of trading limit, after being updated to safer rank, then is traded preparation renewal terminal authentication result, afterwards
Behavioural analysis is carried out according to terminal authentication result and terminal behavior code and obtains behavioural analysis result, sentenced according to behavioural analysis result
It is disconnected whether to carry out on-line transaction, improve the security and convenience of transaction.
Embodiment 3
A kind of method of blue-tooth intelligence card control transaction risk is present embodiments provided, including:
Step 301:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
In the present embodiment, mobile terminal can be, but not limited to be mobile phone.
Step 302:Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels;
Step 303:Bluetooth intelligent card obtains air control data and Transaction Information from trading instruction;
In the present embodiment, air control data for blue-tooth intelligence be stuck in perform process of exchange in risk control data, can with but
It is not limited to include:The hardware sequence number of mobile terminal, the communication number of mobile terminal, the Bluetooth MAC address of mobile terminal, movement
The IP address of terminal, the WIFI connection names of mobile terminal, the operating system version number of mobile terminal, dealing money, the day of trade
At least one in the information such as phase, exchange hour or type of transaction.
In the present embodiment, Transaction Information includes dealing money, trade date, exchange hour and information etc. type of transaction.
This step can be specially:Bluetooth intelligent card obtains dealing money, trade date, exchange hour from trading instruction
And type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and by dealing money, hand over
At least one information in easy date, exchange hour and type of transaction is used as air control data.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and
Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from trading instruction
Air control data are obtained in data in addition to Transaction Information.
This step can also be:Bluetooth intelligent card obtained from trading instruction dealing money, trade date, exchange hour and
Type of transaction, using dealing money, trade date, exchange hour and type of transaction as Transaction Information, and from Transaction Information and
Air control data are obtained in the data in addition to Transaction Information in trading instruction.
For example, Bluetooth intelligent card receives the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00
39 00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06
12 34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F
65 04 01 04 00 04, Bluetooth intelligent card is obtained in the 6th to the 11st byte in trading instruction from trading instruction
Data " 00 00 00 00 00 00 ", as dealing money;The data " 00 " in the 12nd byte are obtained, and is made
It is type of transaction;The data " 15 12 24 " in the 13rd to the 15th byte are obtained, and as trade date;Obtain the
Data " 17 09 28 " in 16 to the 18th bytes, and as exchange hour;Obtain the first default mark " 1F
61 ", the data " 06 " on first character section and after the first default mark, obtain first after the first default mark
After data " 06 " in byte, length is the data " 13 81 11 11 23 4F " of " 06 " individual byte, and according to mobile whole
The communication number form at end, by " 13811111234 " as mobile terminal communication number;Obtain the second default mark " 1F
62 ", the data " 06 " on first character section and after the second default mark, obtain first after the second default mark
After data " 06 " in byte, length is the data " 12 34 56 78 9A BC " of " 06 " individual byte, by " 12 34 56
78 9A BC " are used as the Bluetooth MAC address of mobile terminal;The 3rd default mark " 1F 63 " is obtained, and the 3rd presets mark
Data " 06 " on first character section afterwards, after the data " 06 " on first character section after the default mark of acquisition the 3rd
, length is the data " 19 21 68 00 12 12 " of " 06 " individual byte, by " 19 21 68 00 12 12 " as mobile whole
The IP address at end;Obtain the data on the first character section after the 4th default mark " 1F 64 ", and the 4th default mark
" 07 ", obtains after the data " 07 " on the first character section after the 4th default mark, and length is the number of " 07 " individual byte
According to " 66 65 69 74 69 61 6E ", by " 66 65 69 74 69 61 6E " as mobile terminal WIFI connection names;
The data " 04 " on the first character section after the 5th default mark " 1F 63 ", and the 5th default mark are obtained, the 5th is obtained
After the data " 04 " on first character section after default mark, length is the data " 01 04 00 of " 04 " individual byte
04 ", by " 01 04 00 04 " as mobile terminal operating system version number, and by the communication number of mobile terminal, it is mobile eventually
The operating system version of the Bluetooth MAC address at end, the IP address of mobile terminal, the WIFI connection names of mobile terminal and mobile terminal
This number used as air control data.
Step 304:Bluetooth intelligent card judged with the presence or absence of data in scratchpad area (SPA), if it is, by scratchpad area (SPA)
In data as air control historical data, perform step 317;Otherwise, Bluetooth intelligent card is by air control data Cun Chudao interim storages
Area, performs step 305;
For example:If Bluetooth intelligent card is judged for the scratchpad area (SPA) for preserving air control historical data in the absence of data, bluetooth
Smart card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth of mobile terminal
MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal
Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal;Storage is interim
Memory block, performs step 305.If Bluetooth intelligent card judges there are data for preserving the scratchpad area (SPA) of air control historical data,
Bluetooth intelligent card is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, mobile terminal
Bluetooth MAC address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal
WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal operating system version " 01 04 00 04 " respectively as
The sub- air control historical data of air control historical data:The history communication number " 13811111234 " of mobile terminal, mobile terminal are gone through
History Bluetooth MAC address " 12 34 56 78 9A BC ", the history IP address " 19 21 68 00 12 12 " of mobile terminal, movement
The history WIFI connection names " 66 65 69 74 69 61 6E " of terminal and the historical operation system version " 01 04 of mobile terminal
00 04”;Perform step 317.
Step 305:Bluetooth intelligent card selects to apply according to trading instruction;
Specifically, type of transaction selection application of the Bluetooth intelligent card in trading instruction.
In the present embodiment, type of transaction is on-line transaction, is specifically included:Main account remaining sum is looked into, is consumed, transferred accounts, circle is deposited.
Correspondingly, Bluetooth intelligent card is according to the corresponding application of type of transaction selection.
Step 306:The application that blue-tooth intelligence card initialization has been selected;
In the present embodiment, also include in step 306:Bluetooth intelligent card initialization terminal the result;
Wherein, Bluetooth intelligent card initialization terminal the result is specially:Bluetooth intelligent card is by the institute of terminal authentication result
It is 0 to have the data initialization on bit.
Step 307:Bluetooth intelligent card reads application record;
In the present embodiment, what Bluetooth intelligent card read includes the authentication list of holder first of itself using record.
For example, the record of applying that Bluetooth intelligent card reads includes that the authentication list of holder first of itself is
“8E0A00000000000000001E03”。
Step 308:Bluetooth intelligent card carries out off line certification;
Specifically, off line parameters for authentication of the Bluetooth intelligent card in the terminal parameter of itself selects current off line authenticating party
Formula, off line certification is carried out according to current off line authentication mode, obtains off line authentication result, according to off line authentication result more new terminal
First byte of the result, the terminal authentication result after being updated.
Closer, off line parameters for authentication and off line authentication mode of the Bluetooth intelligent card in the terminal parameter of itself
Level of security select current off line authentication mode, current off line certification is carried out according to current off line authentication mode, obtain off line
Authentication result, the first byte of terminal authentication result, the terminal authentication result after being updated are updated according to off line authentication result.
Specifically, Bluetooth intelligent card obtains static parameters for authentication in the terminal parameter of itself, dynamic authentication parameter and mixed
Close parameters for authentication;If only one value of parameter is " 1 " in three parameters, will be with parameter value for the parameter of " 1 " is corresponding
Off line authentication mode carries out off line certification as current off line authentication mode according to current off line authentication mode, obtains off line and recognizes
Card result;Otherwise, will be with parameter value be for " 1 " and level of security parameter high is used as current off line authentication mode, according to current de-
Machine authentication mode carries out off line certification, obtains off line authentication result, and the of terminal authentication result is updated according to off line authentication result
One byte, the terminal authentication result after being updated.
In the present embodiment, off line parameters for authentication includes:Static parameters for authentication SDA, dynamic authentication parameter DDA and hybrid authentication
Parameter CDA;Corresponding off line authentication mode is static certification, dynamic authentication and hybrid authentication respectively, and three kinds of authentication modes
Level of security be:Hybrid authentication>Dynamic authentication>Static certification.
For example, Bluetooth intelligent card obtains static parameters for authentication SDA, dynamic authentication parameter DDA in the terminal parameter of itself
With hybrid authentication parameter CDA, as SDA=1 and DDA=0 and CDA=0, Bluetooth intelligent card will be with static parameters for authentication SDA pairs
The static authentication mode answered carries out off line certification as current off line authentication mode, obtains off line authentication result;Work as SDA=1
And during DDA=1 and CDA=0, Bluetooth intelligent card is by parameter value is for " 1 " and level of security dynamic authentication parameter DDA high is corresponding
Dynamic authentication mode carries out off line certification as current off line certification, obtains off line authentication result;As SDA=1 and DDA=1
And during CDA=1, parameter value is " 1 " and the level of security corresponding hybrid authentications of hybrid authentication parameter CDA high by Bluetooth intelligent card
Mode carries out off line certification as current off line certification, off line authentication result is obtained, according to off line authentication result more new terminal
First byte of the result, the terminal authentication result after being updated.
In this step, off line certification is carried out according to current off line authentication mode, obtain off line authentication result, recognized according to off line
Card result updates the first byte of terminal authentication result, specially:Off line certification is carried out according to current off line authentication mode, if
, then be updated to for the data on the highest-order bit (the 8th bit) in the first byte of terminal authentication result by certification success
“0”;And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to " 0 ", by the 3rd bit
It is that data are updated to " 0 " on position.Off line certification is carried out according to current off line authentication mode, if authentification failure, by terminal authentication knot
The data on the highest-order bit (the 8th bit) in first byte of fruit are updated to " 0 ";And by the number on the 7th bit
According to or the 4th bit on data or the 3rd bit on be that data are updated to " 1 ".
For example:After off line certification and certification success is carried out according to dynamic authentication mode, Bluetooth intelligent card is by terminal authentication
The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit
Data are updated to " 0 ", the data on the 4th bit are updated into " 0 ", will be that data are updated to " 0 " on the 3rd bit.
The first character section " 00000000 " of the terminal authentication result after to renewal, i.e. hexadecimal data " 0x00 ", after being updated
Terminal authentication result 0x00 0x00 0x00 0x00 0x00.
Step 309:Bluetooth intelligent card carries out treatment limitation;
Specifically, Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, is updated eventually according to treatment limitation result
Hold the second byte of the result, the terminal authentication result after being updated.
For example:Bluetooth intelligent card carries out treatment limitation, obtains treatment limitation result, according to treatment limitation result more new terminal
Second byte of the result, second byte " 00000000 " of the terminal authentication result after being updated, i.e. hexadecimal
Data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 0x00 after being updated.
Step 310:Bluetooth intelligent card is verified to holder;
Specifically, Bluetooth intelligent card obtains current holder's authentication mode from the holder's authentication list of itself, according to
Current holder's authentication mode verifies that acquisition holder's the result updates according to holder's the result to holder
3rd byte of terminal authentication result, the terminal authentication result after being updated.
It should be noted that, if in step 304 Bluetooth intelligent card be judged as NO or step 318 in Bluetooth intelligent card be judged as
No, then Bluetooth intelligent card is judged in the absence of transaction risk, the then holder in the application record that Bluetooth intelligent card will read
First authentication list as itself the authentication list of holder second and preserve, itself is obtained according to the authentication list of holder second
Holder's authentication mode, the holder's authentication mode according to itself verifies to holder, obtains holder's the result,
The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result;If step
Bluetooth intelligent card is judged as YES in rapid 318, then Bluetooth intelligent card is according to judging there is transaction risk, then Bluetooth intelligent card according to
The authentication list of holder second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself enters to holder
Row checking, obtains holder's the result, and the 3rd byte of terminal authentication result is updated according to holder's the result, obtains
Terminal authentication result after renewal.
More specifically, if in step 304 Bluetooth intelligent card be judged as NO or step 318 in Bluetooth intelligent card be judged as
No, then Bluetooth intelligent card is judged in the absence of transaction risk, reset risk indicator position;If Bluetooth intelligent card judges in step 318
After being, then Bluetooth intelligent card is according to judging there is transaction risk, set risk indicator position.Correspondingly, step 310 is specific
For:Whether Bluetooth intelligent card detection risk flag bit is set, if it is not, then during the application that Bluetooth intelligent card will read is recorded
The authentication list of holder first as itself the authentication list of holder second and preserve, according to the authentication list of holder second
The holder's authentication mode of itself is obtained, the holder's authentication mode according to itself is verified to holder, obtain holder
The result, the 3rd byte of terminal authentication result, the terminal authentication after being updated are updated according to holder's the result
As a result;If it is, Bluetooth intelligent card obtains the holder's authentication mode of itself according to the authentication list of holder second, according to certainly
Holder's authentication mode of body verifies that acquisition holder's the result updates according to holder's the result to holder
3rd byte of terminal authentication result, the terminal authentication result after being updated.
Wherein, the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to the holder of itself
Authentication mode verifies to holder, obtains holder's the result, specially:Bluetooth intelligent card is from the holder of itself
In two authentication lists, the data after crossed joint are obtained, and according to the byte length of the data for getting, with each two byte
One or more holder's authentication codes are obtained for unit divide, on the first character section from holder's authentication codes
Data corresponding to binary data in, obtain binary data rear six number of bits according to and as holder's certification
Mode is identified, and according to first the presets list, holder's authentication mode identifies corresponding holder's authentication mode before searching, and will
It is verified to holder according to current holder's authentication mode as current holder's authentication mode, obtains holder and test
Card result.
For example:Bluetooth intelligent card is from the authentication list of holder second of itself
" 8E0A00000000000000001E03 ", the data after acquisition crossed joint in the byte of (not including crossed joint)
" 1E03 ", by " 1E03 " as holder's authentication codes, the data " 1E " from the first character section with holder's authentication codes
In corresponding binary data " 00011110 ", six number of bits are according to " 011110 " and as holder's certification after acquisition
Mode is identified, and according to first the presets list as shown in table 2, is searched corresponding with holder's authentication mode mark " 011110 "
Holder's authentication mode is " signature ", and by " signature " as current holder's authentication mode, according to current holder's authenticating party
Formula verifies to holder, obtains holder's the result.
| Holder's authentication mode is identified | Holder's authentication mode |
| 000000 | Authentification failure |
| 000001 | Off line plaintext PIN is checked |
| 000010 | Online PIN checkings |
| 000011 | Online PIN checkings+signature |
| 011110 | Signature |
| 011111 | Without certification |
Table 2
In the present embodiment, it is preferable that the level of security of holder's authentication mode is in on-line transaction:Without certification<Signature<
Online PIN checkings<Online PIN checkings+signature<Authentification failure.
In the present embodiment, verification mode can also be shown including holder's certificate in holder's authentication mode, its is corresponding
Holder's authentication mode is designated 100000.It should be noted that, first the presets list as shown in table 2 is only that the present embodiment is provided
A kind of performance holder authentication mode mark and holder's authentication mode between corresponding relation mode, the present invention in can represent
The mode that holder's authentication mode identifies the corresponding relation and holder's authentication mode between can also have various, in the present embodiment not
Repeat again.
In this step, holder is verified according to current holder's authentication mode, obtain holder's the result, root
The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result.Specially:
Holder is verified according to current holder's authentication mode, if holder is proved to be successful, terminal is tested
The 3rd the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 0 ".If holder's authentication failed, will be eventually
The data on the 3rd the highest-order bit of byte (the 8th bit) of the result are held to be updated to " 1 ".
For example:When current holder's authentication mode is " signature " and after be proved to be successful, Bluetooth intelligent card would indicate that holder
One the highest-order bit of the binary data of byte of the result (the 8th bit) is updated to " 0 ", the end after being updated
Hold second byte " 00000000 " of the result, i.e. hexadecimal data " 0x00 ", the terminal authentication knot after being updated
Fruit 0x00 0x00 0x00 0x00 0x00.
Step 311:Bluetooth intelligent card carries out terminal risk management;
Specifically, Bluetooth intelligent card carries out terminal risk management, terminal risk management result is obtained, according to risk management knot
Fruit updates the 4th byte of terminal authentication result, the terminal authentication result after being updated.
More specifically, whether Bluetooth intelligent card detection dealing money exceedes trading limit, if it is, testing terminal if
The 4th the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 1 ", otherwise, by the 4th of terminal authentication result the
The highest-order bit (the 8th bit) of individual byte is updated to " 0 ".
For example, Bluetooth intelligent card detection dealing money 00 is no more than trading limit 5000, then by the of terminal authentication result
Four the highest-order bit of byte (the 8th bit) are updated to " 0 ", the 4th word of the terminal authentication result after being updated
Section " 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated
0x00。
In the present embodiment, trading limit is the top limit that Bluetooth intelligent card is supported single transaction.
Step 312:Bluetooth intelligent card carries out behavioural analysis;Obtain Trading Authorization result;
Specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and the terminal behavior code (TAC) of itself, relatively
The data on bit answered carry out obtaining operation result with computing, are analysis result, root according to operation result line
Card behavioural analysis is carried out according to terminal behavior analysis result and obtain card behavior analysis result, set according to card behavior analysis result
Put Trading Authorization result.
More specifically, Bluetooth intelligent card is by the terminal authentication result after renewal and the terminal behavior code (TAC) of itself,
Data on corresponding bit carry out obtaining operation result with computing, if operation result is 0, line is analysis
Result is log-in treatment, carries out card behavioural analysis according to terminal behavior analysis result and obtains card analysis result, if card
Piece behavioural analysis result is authorization requests ciphertext (ARQC), and it is online place to set Trading Authorization result according to card analysis result
Reason, performs step 313;If card behavior analysis result is application authorization ciphertext (AAC), Trading Authorization result is set to transaction
Refusal, terminates.If operation result is non-zero, line is that analysis result is requests transaction refusal, according to terminal behavior point
Analysis result carries out card behavioural analysis and sets card behavior analysis result application authorization ciphertext (AAC), according to card behavioural analysis
Result sets Trading Authorization result for transaction is refused, and terminates.
For example, the terminal authentication result after the renewal that obtains of Bluetooth intelligent card is 0x00 0x00 0x00 0x00 0x00,
The corresponding binary data of terminal authentication result is 00,000,000 00,000,000 00,000,000 00,000,000 00000000, blue
The terminal behavior code of tooth smart card itself is 0x00 0x00 0x00 0x00 0x00, the corresponding binary system of terminal behavior code
Data are 00,000,000 00,000,000 00,000,000 00,000,000 00000000;Bluetooth intelligent card is by terminal authentication result
Each bit of each byte bit corresponding with the terminal behavior code of itself each byte is carried out and operation result
It is 0x00,0x00,0x00,0x00,0x00, then line is that analysis result is log-in treatment, according to behavioural analysis
It is authorization requests ciphertext (ARQC) that result carries out the card behavior analysis result that card behavioural analysis obtains, according to card behavior point
Trading Authorization result is set to online process " 0x02 " by analysis result, performs step 313.
In the present embodiment, terminal authentication result includes 5 bytes, and terminal behavior code includes 5 bytes, terminal behavior generation
The bit of each byte of code is corresponded with the bit of each byte of terminal authentication result.
It should be noted that, in the present embodiment, terminal behavior code (TAC) is specially terminal behavior code (TAC)-refusal.
Step 313:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization result, Transaction Information
With the transaction message of air control data;
Specifically, Bluetooth intelligent card is signed to air control data, obtains signature value, tissue include Trading Authorization result,
The transaction message of Transaction Information, air control data and signature value, being sent to mobile terminal by Bluetooth channels includes Trading Authorization knot
Really, the transaction message of Transaction Information, air control data and signature value.
For example:Bluetooth intelligent card tissue includes the transaction report of Trading Authorization result, Transaction Information, air control data and signature value
Wen Hou, the transaction message for obtaining is:02 95 05 08 80 00 00 00 9a 03 15 12 24 9f 37 04 cb b9
32 b3 82 02 7c 00 9f 36 02 00 3b 9f 27 01 80 9f 26 08 b7 63 29 74 b0 98 77 92
9f 10 08 07 01 01 03 a4 b8 04 01 9f 34 03 41 03 02 9f 41 04 00 00 00 03 84 07
a0 00 00 03 33 01 01 9f 09 02 00 8c 9c 01 31 5f 2a 02 01 56 9f 1a 02 01 56 9f
03 06 00 00 00 00 00 00 9f 33 03 a0 c8 c8 9f 35 01 34 9f 1e 08 00 00 00 00 00
00 00 00 9f 02 06 00 00 00 00 00 00 7E 3E 01 C4 5E 05 B6 D1 99 E0 CD 67 3C 44
EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD 16 F5 44 68 E0 CE 87
0B DF 63 E2 39 E2 7A 1B 48 D8 9E AF 52 AA 6D 0C 7A 8A 21 08 DC F0 2A 7A 62 D1
44 F6 3B 10 81 7B 79 5C 5C 1C F8 2C 92 E0.Wherein, first character section " 02 " is Trading Authorization result,
Represent online process;" 9f 02 06 00 00 00 00 00 00 " is dealing money, represents that dealing money is 0 yuan;“9a 03
15 12 24 " it is trade date, expression trade date is on December 24th, 2015.Wherein, " the B6 of 01 C4 5E of 7E 3E 05
D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD
The E2 7A 1B of 16 F5,44 68 E0 CE, 87 0B DF, 63 E2 39 " are air control data;“48 D8 9E AF 52 AA 6D
The E0 of 21 08 79 5C 5C 1C F8 2C of DC 10 81 7B of F0 2A 7A 62 D1,44 F6 3B of 0C 7A 8A 92 " are
Signature value.
It should be noted that, Bluetooth intelligent card can also be signed before this step to air control data, be signed
Value.
It should be noted that, if if Bluetooth intelligent card is tested holder according to online PIN verification modes in step 310
Card, the online PIN code of the user input also got including Bluetooth intelligent card in transaction message.
This step may be replaced by:Bluetooth intelligent card is sent by Bluetooth channels to mobile terminal includes Trading Authorization knot
Fruit and the transaction message of Transaction Information.
Step 314:Bluetooth intelligent card receives the transaction response from mobile terminal by Bluetooth channels;
Step 315:Bluetooth intelligent card is according to transaction response generation transaction record;
Step 316:Bluetooth intelligent card sends transaction record by Bluetooth channels to mobile terminal, terminates.
After mobile terminal receives the transaction record from Bluetooth intelligent card by Bluetooth channels, sent to server and handed over
Easily record.
Step 317:Bluetooth intelligent card is calculated according to air control historical data and air control data, obtains air control index;
Specifically, Bluetooth intelligent card judges whether sub- air control data match with sub- air control historical data, if it is, will
Air control index is set to " 0 ";Otherwise, sub- air control data and the sub- unmatched number of air control historical data are calculated, and divided by sub- wind
The sum of data is controlled, air control index is obtained.
For example:Sub- air control historical data is respectively:History communication number " 13811111234 ", the movement of mobile terminal are eventually
The history Bluetooth MAC address " 12 34 56 78 9A BC " at end, the history IP address " 19 21 68 00 12 of mobile terminal
12 ", the history WIFI connection names " 66 65 69 74 69 61 6E " and the historical operation system of mobile terminal of mobile terminal
Version " 01 04 00 04 ";Sub- air control data are respectively:The communication number " 13811111234 " of mobile terminal, the indigo plant of mobile terminal
Tooth MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal
Operating system version " 01 04 00 04 " of WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal;Bluetooth intelligence
Energy calorimeter operator air control data are 1 with the corresponding sub- unmatched number of air control historical data, and divided by the total of sub- air control data
Number 5, obtains air control index 0.2.
Step 318:Whether Bluetooth intelligent card judges air control index more than the first risk threshold value, if it is, performing step
319;Otherwise, step 320 is performed;
For example:Bluetooth intelligent card judges that air control index 0.2, less than the first risk threshold value 0.5, performs step 320.
Step 319:Bluetooth intelligent card is by itself off line authentication mode or holder's authentication mode or trading limit
At least one, it is updated to safer rank, return to step 305;
Specifically, Bluetooth intelligent card reduces trading limit or the off line parameters for authentication in terminal parameter by off line certification
Mode is updated to level of security off line authentication mode higher by the relatively low off line authentication mode of level of security;Or renewal holds
The authentication list of people second, more secure level is updated to by holder's authentication mode.
In this step, Bluetooth intelligent card reduction trading limit can be, for example,:Bluetooth intelligent card is by trading limit by 5000
Unit is reduced to 1000 yuan.
Wherein, the off line parameters for authentication in terminal parameter is recognized off line authentication mode by the relatively low off line of level of security
Card mode is updated to level of security off line authentication mode higher, specially:By the off line authentication mode higher with level of security
The parameter value of corresponding parameter is updated to " 1 " by " 0 ".
For example:As SDA=1 and DDA=0 and CDA=0, DDA by 0 is updated to 1 and/or CDA is updated to 1 by 0;
As SDA=1 and DDA=1 and CDA=0, CDA is updated to 1 by 0;As SDA=0 and DDA=1 and CDA=0, by CDA by
0 is updated to 1.
Wherein, the authentication list of holder second is updated, holder's authentication mode more secure level is updated to, specially:
Holder's authentication mode mark in holder's authentication codes in the authentication list of holder second is updated to more secure level, will
Holder's authentication mode is updated to more secure level.
For example, when the authentication list of holder second is " 8E0A00000000000000001E03 ", by holder's certification generation
Holder's certification mark in code " 1E03 " is updated to " 000011 " by " 011110 ", so that by holder's authentication mode by signing
Mode is updated to the online PIN checkings+signature scheme of level of security input higher;Correspondingly, the holder's certification generation after renewal
Code is " 0303 ", and the authentication list of holder second is " 8E0A00000000000000000303 ", correspondingly, step after renewal
Specifically included in 310:Bluetooth intelligent card points out the online pin of user input and signature, if in the second Preset Time and preset times
The interior online pin of user input and signature, Bluetooth intelligent card are tested holder according to the online pin and signature of user input
Card, if user is not input into online pin and signature in the second Preset Time or in preset times, Bluetooth intelligent card is judged to hold
People's authentification failure.
It should be noted that, in the present embodiment, if the off line authentication mode of Bluetooth intelligent card, holder's authentication mode and transaction
Limit is most level of security, then after being judged as YES in step 318, the direct return to step 305 of Bluetooth intelligent card.
In the present embodiment, necessarily:When Bluetooth intelligent card by itself off line authentication mode or holder's authentication mode or
At least one of trading limit, is updated to more secure level, after return to step 305, also includes before performing step 312:
Update terminal behavior code.
Terminal behavior code is updated to be specially:By on the risk bit with terminal authentication result in terminal behavior code
Data for " 1 " the corresponding bit of bit in, the data at least one bit are updated to 1.
Updating terminal behavior code can also be specially:By the Hazard ratio with terminal authentication result in terminal behavior code
Data on the corresponding bit in special position are updated to 1.
In the present embodiment, the risk bit of terminal authentication result includes:The of the first character section of terminal authentication result
Seven bits, the 4th bit and the 3rd bit;The highest-order bit (the 8th bit of the 3rd byte of terminal authentication result
Position);4th the highest-order bit of byte (the 8th bit) of terminal authentication result.
For example:After the off line authentication mode of itself is updated to more secure level by Bluetooth intelligent card, Bluetooth intelligent card after
It is continuous to perform step 305, after Bluetooth intelligent card carries out off line certification in execution of step 308, also include:Update terminal behavior generation
Code;Step 309 is continued executing with after having updated terminal behavior code;
Specifically for example:When the off line authentication mode of itself is updated to dynamic authentication by Bluetooth intelligent card by static certification,
Bluetooth intelligent card continues executing with step 305, and when step 308 is gone to, if off line authentification failure, Bluetooth intelligent card tests terminal
The data demonstrate,proved on the highest-order bit (the 8th bit) in the first byte of result are updated to " 0 ";And by the 7th bit
Data be updated to " 0 ", the data on the 4th bit are updated to " 1 ", will be that data are updated to " 0 " on the 3rd bit,
Terminal authentication result after being updated is " 00,001,000 00,000,000 0,000,000 00,000,000 00000000 ";It is blue
Tooth smart card also includes:By the corresponding bit of the 4th bit of the first character section " 0000000000 " of terminal behavior code
On data be updated to 1 by 0, the terminal behavior code after being updated be " 00,001,000 00,000,000 0000000
00000000 00000000”.Step 309 is continued executing with after having updated terminal behavior code;When step 312 is continued to,
Terminal authentication result after the renewal that Bluetooth intelligent card is obtained is 00,001,000 00,000,000 0,000,000 00000000
00000000 ", the terminal behavior code after Bluetooth intelligent card updates is 0x00 0x00 0x00 0x00 0x00, terminal behavior generation
The corresponding binary data of code is " 00,001,000 00,000,000 0,000,000 00,000,000 00000000 ";Bluetooth intelligent card
By each bit of each byte of terminal authentication result bit corresponding with the terminal behavior code of itself each byte
Position carries out being non-zero with operation result that then line is that analysis result is requests transaction refusal, is entered according to behavioural analysis result
The card behavior analysis result that row card behavioural analysis is obtained is application authorization ciphertext (AAC), according to card behavior analysis result
Trading Authorization result is set to transaction refusal, is terminated.
Step 320:Bluetooth intelligent card by air control data Cun Chudao scratchpad area (SPA)s, return to step 305;
Specifically, be used for for air control data Cun Chudao in the scratchpad area (SPA) for preserve air control historical data by Bluetooth intelligent card.
In the present embodiment, after the application that blue-tooth intelligence card initialization has been selected, also include before off line certification:Bluetooth
Type of transaction in Transaction Information of the smart card in trading instruction judges whether the dealing money in display Transaction Information, such as
It is really no, then off line certification is carried out, continue;If it is, display dealing money, waits user to confirm, when in the first Preset Time
After inside detecting user's confirmation, off line certification is carried out, continued;If not detecting user's confirmation in the first Preset Time
Information, error message is returned to mobile terminal;
After setting Trading Authorization result, being sent to mobile terminal by Bluetooth channels includes that Trading Authorization result and transaction refer to
Before the transaction message of the Transaction Information in order, also include:Bluetooth intelligent card judges Trading Authorization result for transaction refusal or joins
Machine treatment, if Trading Authorization result is refused for transaction, the transaction of blue-tooth intelligence Card Rejections, display refusal Transaction Information;If transaction
Authorization result is online process, and the friendship included in Trading Authorization result and trading instruction is sent to mobile terminal by Bluetooth channels
The transaction message of easy information, continues.
In the present embodiment, step 319 may be replaced with:Bluetooth intelligent card updates terminal behavior code, return to step
305。
If step 319 may be replaced with:Bluetooth intelligent card updates terminal behavior code, return to step 305;It is then preferred
Ground, updates terminal behavior code and is specially:Will be corresponding with the risk bit of terminal authentication result in terminal behavior code
Data on bit are updated to 1.
In the present embodiment, after being judged as YES in step 318, can also direct return to step 305;Correspondingly, step is worked as
Must also include updating terminal behavior code after being judged as YES return to step 305 in 318, before performing step 312.
For example:After being judged as YES in step 318, direct return to step 305, Bluetooth intelligent card continues to step
After 308 or 309 or 310 or 311, terminal behavior code is updated, corresponding step is continued executing with after having updated terminal behavior code
Suddenly.With this example correspondingly, if after Bluetooth intelligent card continues to step 308 or 309 or 310 or 311, updating terminal row
It is code, then updating terminal behavior code can be specially:By the Hazard ratio with terminal authentication result in terminal behavior code
Data on the corresponding bit in special position are updated to 1;Or be specially by terminal behavior code with terminal authentication result
During data on risk bit are for the corresponding bit of bit of " 1 ", the data at least one bit are updated to
1。
Such as:After being judged as YES in step 318, direct return to step 305 continues, and is performed in Bluetooth intelligent card
Before to step 308, terminal behavior code is updated, corresponding steps are continued executing with after having updated terminal behavior code.With this example phase
Ying Di, it is preferable that update terminal behavior code and be specially:By the risk bit with terminal authentication result in terminal behavior code
Data on the corresponding bit in position are updated to 1.
It should be noted that, in the present embodiment, the bluetooth communication between Bluetooth intelligent card and mobile terminal can be, but not limited to
Realized by the bluetooth module of Bluetooth intelligent card itself.
The method of the blue-tooth intelligence card control transaction risk that the present embodiment is provided, the Bluetooth intelligent card need not be by finance
Terminal can just complete financial transaction, and after air control data are got according to trading instruction, the air control data according to itself are calculated
Air control index, when air control index is more than the first risk threshold value, by the off line authentication mode in stand-by mode of concluding the business or holder
At least one of trading limit in authentication mode or terminal management risk mode, after being updated to safer rank, then enters
Row transaction prepares and continues, and before behavioural analysis result is obtained, terminal behavior code is updated, afterwards according to terminal authentication knot
Fruit and terminal behavior code carry out behavioural analysis and obtain behavioural analysis result, are judged whether to according to behavioural analysis result online
Transaction, improves the security and convenience of transaction.
Embodiment 4
A kind of method of blue-tooth intelligence card control transaction risk is present embodiments provided, as shown in Figure 4 and Figure 5, wherein, it is blue
Tooth smart card includes IC chip and MPOS chips;
Step 400:MPOS chips set up bluetooth connection with mobile terminal;
In the present embodiment, mobile terminal can be, but not limited to be mobile phone.
Step 401:MPOS chips receive the trading instruction from mobile terminal by Bluetooth channels;
Step 402:MPOS chips obtain air control data and Transaction Information from trading instruction;
In the present embodiment, air control data for blue-tooth intelligence be stuck in perform process of exchange in risk control data, can with but
It is not limited to include:The hardware sequence number of mobile terminal, the communication number of mobile terminal, the Bluetooth MAC address of mobile terminal, movement
At least one in the information such as the current IP address of terminal, dealing money, trade date, exchange hour or type of transaction.
In the present embodiment, Transaction Information includes dealing money, trade date, exchange hour and information etc. type of transaction.
For example, MPOS chips receive the trading instruction from mobile terminal by Bluetooth channels being:7e 43 00 00 0d
00 00 00 00 00 00 00 15 12 24 17 09 28 1F 61 06 13 81 11 11 23 4F 1F 62 06 12
34 56 78 9A BC 1F 63 06 19 21 68 00 12 12 1F 64 07 66 65 69 74 69 61 6E 1F 65
04 01 04 00 04, wherein, the air control data that MPOS chips get from trading instruction include:The communication number of dynamic terminal
Code:13811111234;The 9A BC of Bluetooth MAC address 12 34 56 78 of mobile terminal;The IP address 19 21 of mobile terminal
68 00 12 12;The WIFI connection names of mobile terminal:66 65 69 74 69 61 6E;The operating system version of mobile terminal
This number 01 04 00 04;Dealing money 00 00 00 00 00 00;Type of transaction:00;Trade date 151224;Exchange hour
170928。
Step 403:MPOS chips judge whether transaction risk according to air control data, if it is not, then performing step
404;If it is, at least one of off line authentication mode or holder's authentication mode or trading limit by itself is updated to
After more secure level, step 404 is performed;
In the present embodiment, the off line authentication mode of itself is updated to safer rank and is specially by MPOS chips:According to
Off line authentication mode is updated to safety by the off line parameters for authentication in terminal parameter by the relatively low off line authentication mode of level of security
Rank off line authentication mode higher.
Further, the off line authentication mode of itself is updated to safer rank and is specially by MPOS chips:Will be with peace
The parameter value of the full rank corresponding parameter of off line authentication mode higher is updated to " 1 " by " 0 ".
For example:As SDA=1 and DDA=0 and CDA=0, DDA by 0 is updated to 1 and/or CDA is updated to 1 by 0;
As SDA=1 and DDA=1 and CDA=0, CDA is updated to 1 by 0;As SDA=0 and DDA=1 and CDA=0, by CDA by
0 is updated to 1.
In the present embodiment, the holder's authentication mode of itself is updated to more secure level and is specially by MPOS chips:Update
The authentication list of holder second, more secure level is updated to by holder's authentication mode.
The authentication list of holder second is updated, holder's authentication mode more secure level is updated to, specially:To hold
Holder's authentication mode mark is updated to more secure level in holder's authentication codes in the authentication list of people second, by holder
Authentication mode is updated to more secure level.
For example, when the authentication list of holder second is " 8E0A00000000000000001E03 ", by holder's certification generation
Holder's certification mark in code " 1E03 " is updated to " 000011 " by " 011110 ", so that by holder's authentication mode by signing
Mode is updated to the online PIN checkings+signature scheme of level of security input higher;Correspondingly, the holder's certification generation after renewal
Code is " 0303 ", and the authentication list of holder second is " 8E0A00000000000000000303 ", correspondingly, step after renewal
Specifically included in 415:MPOS chips point out the online pin of user input and signature, if in the second Preset Time and preset times
The online pin of user input and signature, MPOS chips verify according to the online pin of user input and signature to holder, if
User is not input into online pin and signature in the second Preset Time or in preset times, and MPOS chips judge holder's certification
Failure.
In the present embodiment, trading limit is updated to more secure level, specially:MPOS chips reduction trading limit, example
Such as:Trading limit is reduced to 1000 yuan by MPOS chips by 5000 yuan.
Step 403 is specifically included;
Step 4031:Whether MPOS chips obtain the air control data in the trading instruction, judge deposited in scratchpad area (SPA)
In data, if it is, using the data in scratchpad area (SPA) as air control historical data, performing step 4032;Otherwise, by air control
Data Cun Chudao scratchpad area (SPA)s, perform step 404;
Specifically, MPOS chips judge scratchpad area (SPA) with the presence or absence of data, if it is, by the data in scratchpad area (SPA)
As air control historical data, step 4032 is performed;Otherwise, MPOS chips then perform air control data Cun Chudao scratchpad area (SPA)s
Step 404;
For example:If MPOS chips are judged for the scratchpad area (SPA) for preserving air control historical data in the absence of data, MPOS cores
Piece is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth MAC of mobile terminal
Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal connect
Connect operating system version " 01 04 00 04 " of title " 66 65 69 74 69 61 6E " and mobile terminal;Storage is deposited temporarily
Storage area, performs step 404.If MPOS chips judge there are data, MPOS for preserving the scratchpad area (SPA) of air control historical data
Chip is by the sub- air control data in air control data:The communication number " 13811111234 " of mobile terminal, the bluetooth of mobile terminal
MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal
Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal is respectively as air control
The sub- air control historical data of historical data:The history communication number " 13811111234 " of mobile terminal, the history of mobile terminal are blue
Tooth MAC Address " 12 34 56 78 9A BC ", the history IP address " 19 21 68 00 12 12 " of mobile terminal, mobile terminal
History WIFI connection names " 66 65 69 74 69 61 6E " and mobile terminal historical operation system version " 01 04 00
04”;Perform step 4032.
Step 4032:MPOS chips calculate air control index according to air control data and air control historical data, judge air control index
Whether it is more than the first risk threshold value, if it is, judgement has transaction risk, the off line authentication mode of itself or holder is recognized
After at least one of card mode or trading limit are updated to more secure level, step 404 is performed;Otherwise, judge in the absence of friendship
Easy risk, behind air control data Cun Chudao scratchpad area (SPA)s, performs step 404.
Specifically, MPOS chips judge whether sub- air control data match with sub- air control historical data, if it is, by wind
Control index is set to " 0 ";Otherwise, sub- air control data and the sub- unmatched number of air control historical data are calculated, and divided by sub- air control
Whether the sum of data, obtains air control index, judges air control index more than the first risk threshold value, if it is, judge to exist handing over
Easy risk, at least one of itself off line authentication mode or holder's authentication mode or trading limit is updated to safer
After rank, step 404 is performed;Otherwise, judge do not exist transaction risk, behind air control data Cun Chudao scratchpad area (SPA)s, perform
Step 404.
For example:Sub- air control historical data is respectively:History communication number " 13811111234 ", the movement of mobile terminal are eventually
The history Bluetooth MAC address " 12 34 56 78 9A BC " at end, the history IP address " 19 21 68 00 12 of mobile terminal
12 ", the history WIFI connection names " 66 65 69 74 69 61 6E " and the historical operation system of mobile terminal of mobile terminal
Version " 01 04 00 04 ";Sub- air control data are respectively:Communication number " 13811111234 ", the bluetooth of mobile terminal of dynamic terminal
MAC Address " 12 34 56 78 9A BC ", the IP address " 19 21 68 00 12 12 " of mobile terminal, the WIFI of mobile terminal
Operating system version " 01 04 00 04 " of connection name " 66 65 69 74 69 61 6E " and mobile terminal;MPOS chip meters
Operator air control data are 1 with the corresponding sub- unmatched number of air control historical data, and divided by the sum 5 of sub- air control data, are obtained
To air control index 0.2, MPOS chips judge air control index 0.2 less than the first risk threshold value 0.5, and air control data Cun Chudao is interim
Behind memory block, step 404 is performed.
Step 404:MPOS chips send selection application instruction to IC chip;
Step 405:IC chip is according to selection application instruction selection application;
Step 406:IC chip sends selection application success response to MPOS chips;
Step 407:MPOS chips send to IC chip and apply initialization directive;
Also include in step 407:MPOS chip initiation terminal authentication results;
Wherein, MPOS chip initiations terminal authentication result is specially:MPOS chips are by all ratios of terminal authentication result
Data initialization on special position is 0.
Step 408:The application that IC chip initialization has been selected;
Step 409:IC chip sends application initialization successful respond to MPOS chips;
Specifically, application file feature (AIP) is arranged on IC chip third and fourth using initialization successful respond
In byte;With every four bytes it is a unit by application file locator (AFL), being arranged on after nybble (does not include
Nybble), 9000 are arranged in most latter two byte using initialization successful respond;Being sent to MPOS chips includes answering
With interaction feature (AIP) and the application initialization successful respond of application file locator (AFL).
For example:Application file feature (AIP) 7C 00 is arranged on IC chip the 3rd and the using initialization successful respond
On nybble;First application file locator 08 01 01 00 is arranged in the 5th to the 8th byte;By the second practical writing
Part locator 10 01 04 01 is arranged in the 9th to the 12nd byte;3rd application file locator 18 01 03 00 is set
Put in the 13rd to the 16th byte, 9000 are arranged on the 17th and the 18th byte using initialization successful respond
On, include that the application of application interaction feature (AIP) and application file locator (AFL) is initialized to the return of MPOS chips and successfully should
Answer;80 0e 7C 00 08 0101 00 10 01 04 01 18 01 03 00 90 00.
Include whether IC chip supports off line certification using interaction feature (AIP), whether support holder's certification and
Whether the information such as terminal risk management is supported, in the present embodiment, it is preferable that IC chip supports static authenticating party in off line certification
Formula, dynamic authentication mode and static authentication mode, support holder's certification and support terminal risk management.
Step 410:MPOS chips send reading application recording instruction to IC chip;
Specifically, the application file locator that MPOS chips are returned according to IC chip sends to IC chip to be read to refer to using record
Order.
Step 411:IC chip reads application record;
Specifically, IC chip reads the holder of itself the according to reading to read the application record of itself using recording instruction
The information such as one authentication list.
For example, IC chip reads the holder first of itself according to reading to read the application record of itself using recording instruction
Authentication list is 8E0A00000000000000001E03.
Step 412:IC chip sends read record successful respond to MPOS chips.
Specifically, IC chip sends to MPOS chips includes that the read record of the authentication list of holder first of itself is successfully answered
Answer.
Step 413:MPOS chips send off line certification and instruct to IC chip, and receiving the off line certification from IC chip should
Answer;
Specifically include:
Step 4131:Off line parameters for authentication of the MPOS chips in the terminal parameter of itself selects current off line authenticating party
Formula, when current off line authentication mode is static authentication mode, performs step 4132;When current off line authentication mode for dynamic is recognized
During card mode, step 4133 is performed;When current off line authentication mode is hybrid authentication mode, step 4134 is performed;
Closer, off line parameters for authentication and off line authentication mode of the MPOS chips in the terminal parameter of itself
Level of security selects current off line authentication mode, when current off line authentication mode is static authentication mode, performs step 4132;
When current off line authentication mode is dynamic authentication mode, step is performed;When current off line authentication mode is hybrid authentication mode
When, perform step;
Specifically, MPOS chips obtain static parameters for authentication in the terminal parameter of itself, dynamic authentication parameter and mixing
Parameters for authentication;If only one value of parameter is " 1 " in three parameters, will be with parameter value for the parameter of " 1 " is corresponding de-
Machine authentication mode carries out off line certification as current off line authentication mode according to current off line authentication mode and IC chip, obtains
Off line authentication result;Otherwise, will be " 1 " and level of security parameter high as current off line authentication mode with parameter value, when working as
When preceding off line authentication mode is static authentication mode, step 4132 is performed;When current off line authentication mode is dynamic authentication mode
When, perform step 4133;When current off line authentication mode is hybrid authentication mode, step 4134 is performed;
In the present embodiment, off line parameters for authentication includes:Static parameters for authentication SDA, dynamic authentication parameter DDA and hybrid authentication
Parameter CDA;Corresponding off line authentication mode is static certification, dynamic authentication and hybrid authentication respectively, and three kinds of authentication modes
Level of security be:Hybrid authentication>Dynamic authentication>Static certification.
For example, MPOS chips obtain static parameters for authentication SDA, dynamic authentication parameter DDA in the terminal parameter of itself and
Hybrid authentication parameter CDA, as SDA=1 and DDA=0 and CDA=0, MPOS chips will be corresponding with static parameters for authentication SDA
Static authentication mode carries out off line certification as current off line authentication mode, obtains off line authentication result;As SDA=1 and
During DDA=1 and CDA=0, parameter value is " 1 " and the level of security corresponding dynamics of dynamic authentication parameter DDA high by MPOS chips
Authentication mode is used as current off line certification;As SDA=1 and DDA=1 and CDA=1, parameter value is " 1 " and peace by MPOS chips
The full rank corresponding hybrid authentication modes of hybrid authentication parameter CDA high as current off line authentication mode,
Step 4132:MPOS chips send off line certification and instruct according to static authentication mode to IC chip, receive and come from IC
The off line certification response of chip;Off line authentication result is obtained according to off line certification response;According to off line authentication result more new terminal
First byte of the result, the terminal authentication result after being updated.
Specifically, MPOS chips send off line certification and instruct according to static authentication mode to IC chip, receive and come from IC cores
The off line certification response of piece;According to off line certification response, off line authentication result is obtained;If certification success, by terminal authentication
The data on the highest-order bit (the 8th bit) in first byte of result are updated to " 0 ";And by the 7th bit
Data are updated to " 0 ", the data on the 4th bit are updated into " 0 ", will be that data are updated to " 0 " on the 3rd bit, root
The first byte of terminal authentication result, the first character section of the terminal authentication result after being updated are updated according to off line authentication result
" 00000000 ", i.e. hexadecimal data " 0x40 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated
0x00;If authentification failure, MPOS chips are by the highest-order bit (the 8th bit) in the first byte of terminal authentication result
Data be updated to " 0 ";And the data on the 7th bit are updated to " 1 ", the data on the 4th bit are updated to
" 0 ", will be that data are updated to " 0 " on the 3rd bit, the first byte of terminal authentication result updated according to off line authentication result,
The first character section " 01000000 " of the terminal authentication result after being updated, i.e. hexadecimal data " 0x40 ", are updated
Terminal authentication result 0x40 0x00 0x00 0x00 0x00 afterwards.
Step 4133:MPOS chips send off line certification and instruct according to dynamic authentication mode to IC chip, receive and come from IC
The off line certification response of chip;Off line authentication result is obtained according to off line certification response;According to off line authentication result more new terminal
First byte of the result, the terminal authentication result after being updated.
Specifically, MPOS chips send off line certification and instruct according to dynamic authentication mode to IC chip, receive and come from IC cores
The off line certification response of piece;Off line authentication result is obtained according to off line certification response;If certification success, by terminal authentication knot
The data on the highest-order bit (the 8th bit) in first byte of fruit are updated to " 0 ";And by the number on the 7th bit
According to " 0 " is updated to, the data on the 4th bit is updated to " 0 ", will be that data are updated to " 0 " on the 3rd bit, according to
Off line authentication result updates the first byte of terminal authentication result, the first character section of the terminal authentication result after being updated
" 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated
0x00;If authentification failure, MPOS chips are by the highest-order bit (the 8th bit) in the first byte of terminal authentication result
Data be updated to " 0 ";And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to
" 1 ", will be that data are updated to " 0 " on the 3rd bit, the first byte of terminal authentication result updated according to off line authentication result,
The first character section " 00001000 " of the terminal authentication result after being updated, i.e. hexadecimal data " 0x08 ", are updated
Terminal authentication result 0x08 0x00 0x00 0x00 0x00 afterwards.
Step 4134:MPOS chips send off line certification and instruct according to hybrid authentication mode to IC chip, receive and come from IC
The off line certification response of chip;Off line authentication result is obtained according to off line certification response;According to off line authentication result more new terminal
First byte of the result, the terminal authentication result after being updated.
Specifically, MPOS chips send off line certification and instruct according to hybrid authentication mode to IC chip, receive and come from IC cores
The off line certification response of piece;Off line authentication result is obtained according to off line certification response;If certification success, by terminal authentication knot
The data on the highest-order bit (the 8th bit) in first byte of fruit are updated to " 0 ";And by the number on the 7th bit
According to " 0 " is updated to, the data on the 4th bit is updated to " 0 ", will be that data are updated to " 0 " on the 3rd bit, according to
Off line authentication result updates the first byte of terminal authentication result, the first character section of the terminal authentication result after being updated
" 00000000 ", i.e. hexadecimal data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 after being updated
0x00.If authentification failure, MPOS chips are by the highest-order bit (the 8th bit) in the first byte of terminal authentication result
Data be updated to " 0 ";And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to
" 0 ", will be that data are updated to " 1 " on the 3rd bit, the first byte of terminal authentication result updated according to off line authentication result,
The first character section " 00000100 " of the terminal authentication result after being updated, i.e. hexadecimal data " 0x04 ", are updated
Terminal authentication result 0x04 0x00 0x00 0x00 0x00 afterwards.
Step 414:MPOS chips carry out treatment limitation;
Specifically, MPOS chips carry out treatment limitation, obtain treatment limitation result, and MPOS chips are according to treatment limitation result
Update the second byte of terminal authentication result, the terminal authentication result after being updated.
For example:MPOS chips carry out treatment limitation, obtain treatment limitation result, and MPOS chips limit result more according to treatment
Second byte of new terminal the result, second byte " 00000000 " of the terminal authentication result after being updated, i.e., ten
Senary data " 0x00 ", the terminal authentication result 0x00 0x00 0x00 0x00 0x00 after being updated.
Step 415:MPOS chips are verified to holder;
Specifically, MPOS chips verify that acquisition holder tests according to the holder's authentication mode of itself to holder
Card result, the terminal authentication result is updated according to holder's the result.
More specifically, MPOS chips obtain current holder's authenticating party from the authentication list of holder second of itself
Formula, verifies according to current holder's authentication mode to holder, obtains holder's the result, is verified according to holder and tied
Fruit updates the 3rd byte of terminal authentication result, the terminal authentication result after being updated.
Wherein, MPOS chips obtain current holder's authentication mode from the authentication list of holder second of itself, according to
Current holder's authentication mode verifies to holder, specially:Holder second authentication list of the MPOS chips from itself
In, the data after crossed joint are obtained, and according to the byte length of the data for getting, carried out in units of each two byte
Division obtains one or more holder's authentication codes, and the data institute on the first character section from holder's authentication codes is right
In the binary data answered, rear six number of bits for obtaining binary data is identified according to and as holder's authentication mode,
And according to first the presets list, holder's authentication mode identifies corresponding holder's authentication mode before searching, and as working as
Preceding holder's authentication mode, verifies according to current holder's authentication mode to holder, obtains holder's the result.
For example:MPOS chips from the authentication list of holder second of itself " 8E0A00000000000000001E03 ",
The data " 1E03 " in the byte of (not including crossed joint) after crossed joint are obtained, by " 1E03 " as holder's certification generation
Code, in the binary data " 00011110 " corresponding to data " 1E " from the first character section with holder's authentication codes,
Six number of bits are identified according to " 011110 " and as holder's authentication mode after acquisition, and according to as shown in table 3 first
The presets list, it is " signature " to search holder's authentication mode corresponding with holder's authentication mode mark " 011110 ", and " will be signed
Name " as current holder's authentication mode, is verified to holder according to current holder's authentication mode, obtains holder and test
Card result.
| Holder's authentication mode is identified | Holder's authentication mode |
| 000000 | Authentification failure |
| 000001 | Plaintext PIN is checked |
| 000010 | On-line encryption PIN is verified |
| 000011 | Online PIN verifications+signature |
| 011110 | Signature |
| 011111 | Without certification |
Table 3
In the present embodiment, verification mode can also be shown including holder's certificate in holder's authentication mode, its is corresponding
Holder's authentication mode is designated 100000.It should be noted that, first the presets list as shown in table 3 is only that the present embodiment is provided
A kind of performance holder authentication mode mark and holder's authentication mode between corresponding relation mode, the present invention in can represent
The mode that holder's authentication mode identifies the corresponding relation and holder's authentication mode between can also have various, in the present embodiment not
Repeat again.
It should be noted that:MPOS chips obtain current holder's authenticating party from the authentication list of holder second of itself
Formula, the holder's authentication mode according to itself verifies to holder, specially:If MPOS chips judge according to air control data
Transaction does not exist transaction risk, then holder second of the authentication list of holder first that will be received from IC chip as itself
Authentication list is simultaneously preserved, and current holder's authentication mode is obtained according to the authentication list of holder second, is recognized according to current holder
Card mode is verified to holder;If there is transaction risk, current holder is obtained according to the authentication list of holder second and is recognized
Card mode, verifies according to current holder's authentication mode to holder.
Further, MPOS chips obtain current holder's authentication mode from the authentication list of holder second of itself,
Holder's authentication mode according to itself is verified to holder, specifically included:Whether MPOS chip detections risk indicator position
It is set, if it is not, then the authentication list of holder first received from IC chip is arranged as the certification of holder second of itself
Table is simultaneously preserved, and current holder's authentication mode is obtained according to the authentication list of holder second, according to current holder's authentication mode
Holder is verified;If it is, obtain current holder's authentication mode according to the authentication list of holder second, according to working as
Preceding holder's authentication mode is verified to holder;It is necessary, when MPOS chips judge according to air control data in step 403
Transaction also includes in the absence of after transaction risk:Reset risk indicator position;When MPOS chips are in step 403 according to air control data
After judging that transaction has transaction risk, also include:Set risk indicator position.
In this step, holder is verified according to current holder's authentication mode, obtain holder's the result, root
The 3rd byte of terminal authentication result, the terminal authentication result after being updated are updated according to holder's the result.Specially:
Holder is verified according to current holder's authentication mode, if holder is proved to be successful, terminal is tested
The 3rd the highest-order bit of byte (the 8th bit) for demonstrate,proving result is updated to " 0 ".If holder's authentication failed, will be eventually
The data on the 3rd the highest-order bit of byte (the 8th bit) of the result are held to be updated to " 1 ".
For example:When current holder's authentication mode is " signature " and after be proved to be successful, MPOS chips would indicate that holder tests
Card one the highest-order bit of the binary data of byte of result (the 8th bit) is updated to " 0 ", the terminal after being updated
Second byte " 00000000 " of the result, i.e. hexadecimal data " 0x00 ", the terminal authentication result after being updated
0x00 0x00 0x00 0x00 0x00。
Step 416:MPOS chips carry out terminal risk management;
Specifically, MPOS chips obtain the dealing money of IC chip, and the dealing money according to the IC chip for getting is carried out
Terminal risk management, obtains terminal risk management result, and the 4th word of terminal authentication result is updated according to risk management result
Section, the terminal authentication result after being updated.
More specifically, MPOS chips obtain the dealing money of IC chip, and whether detection dealing money exceedes trading limit,
If it is, be updated to " 1 " the 4th the highest-order bit of byte (the 8th bit) of terminal authentication result if, otherwise,
4th the highest-order bit of byte (the 8th bit) of terminal authentication result is updated to " 0 ".
For example, MPOS chips obtain the dealing money of IC chip, detection dealing money 00 is no more than trading limit 5000, then
4th the highest-order bit of byte (the 8th bit) of terminal authentication result is updated to " 0 ", the terminal after being updated
4th byte " 00000000 " of the result, i.e. hexadecimal data " 0x00 ", the terminal authentication result after being updated
0x00 0x00 0x00 0x00 0x00。
In the present embodiment, trading limit is the top limit that Bluetooth intelligent card is supported transaction.
Step 417:MPOS chips carry out terminal behavior analysis;Obtain terminal behavior analysis result;
Specifically, MPOS chips are corresponding by the terminal authentication result after renewal and the terminal behavior code (TAC) of itself
Bit on data carry out obtaining operation result with computing, according to operation result line be analysis result.
More specifically, MPOS chips are by the terminal authentication result after renewal and the terminal behavior code (TAC) of itself, phase
Data on corresponding bit carry out obtaining operation result with computing, if operation result is 0, set behavior terminal analysis knot
Fruit is log-in treatment, performs step 418;If operation result is non-zero, line is that analysis result is requests transaction
Refusal, performs step 418.
In the present embodiment, terminal behavior code can be default.When terminal behavior code is to preset, it is preferable that pre-
If terminal behavior code in bit corresponding with the risk bit of terminal authentication result on data be 1.For example,
Terminal authentication result after the renewal that MPOS chips are obtained is 0x00 0x00 0x00 0x00 0x00, and terminal authentication result is corresponding
Binary data be the default terminal of 00,000,000 00,000,000 00,000,000 00,000,000 00000000, MPOS chips
Behavior code is 0x4c 0x00 0x80 0x80 0x00, and the corresponding binary data of terminal behavior code is 01001100
00000000 10000000 10000000 00000000;MPOS chips by each byte of terminal authentication result each ratio
The special position bit corresponding with the terminal behavior code of itself each byte is carried out and computing, the terminal behavior analysis knot for obtaining
Fruit is 0x00,0x00,0x00,0x00,0x00, and line is that analysis result is log-in treatment.
In the present embodiment, terminal behavior code can not also be default, necessarily, if the MPOS chips are according to
Trading instruction judges there is transaction risk, also includes before step 417:Update terminal behavior code;
Terminal behavior code is updated to be specially:By on the risk bit with terminal authentication result in terminal behavior code
Data for " 1 " the corresponding bit of bit in, the data at least one bit are updated to 1 by 0.
In the present embodiment, the risk bit of terminal authentication result includes:The of the first character section of terminal authentication result
Seven bits, the 4th bit and the 3rd bit;The highest-order bit (the 8th bit of the 3rd byte of terminal authentication result
Position);4th the highest-order bit of byte (the 8th bit) of terminal authentication result.
For example:If the MPOS chips judge there is transaction risk according to the trading instruction, MPOS chips by itself
Off line authentication mode be updated to perform step 404 after more secure level, after step 404 is continued executing with, step 417 it
Before, also include:Update terminal behavior code;
Specifically for example:When the off line authentication mode of itself is updated to dynamic authentication by MPOS chips by static certification, if
Off line authentification failure, MPOS chips are by the number on the highest-order bit (the 8th bit) in the first byte of terminal authentication result
According to being updated to " 0 ";And the data on the 7th bit are updated to " 0 ", the data on the 4th bit are updated to " 1 ", are incited somebody to action
It is that data are updated to " 0 " on 3rd bit, the terminal authentication result after being updated is " 00,001,000 00000000
0000000 00000000 00000000”;After step 404 is continued executing with, before step 417, MPOS chips are by terminal row
For the data on the corresponding bit of the 4th bit of the first character section " 0000000000 " of code are updated to 1 by 0, obtain
Terminal behavior code after renewal is " 00,001,000 00,000,000 0,000,000 00,000,000 00000000 ".When MPOS cores
When piece goes to step 417, the terminal authentication result after the renewal that MPOS chips are obtained is " 00,001,000 00000000
0000000 00,000,000 00000000 ", the terminal behavior code of MPOS chips itself is " 00,001,000 00000000
0000000 00,000,000 00000000 ", MPOS chips by each bit of each byte of terminal authentication result and itself
The corresponding bit of terminal behavior code each byte carry out be with computing operation result it is non-zero, then line for point
Analysis result is refused for requests transaction, performs step 418.
It should be noted that, in the present embodiment, terminal behavior code (TAC) is specially terminal behavior code (TAC)-refusal.
Step 418:MPOS chips send request application cryptogram and instruct according to terminal behavior analysis result to IC chip;
Step 419:IC chip carries out card behavioural analysis, obtains card behavior analysis result;
Wherein, card behavior analysis result is authorization requests ciphertext (ARQC) or application authorization ciphertext (AAC).
Step 420:IC chip sends card behavioural analysis result to MPOS chips;
Step 421:MPOS chips set Trading Authorization result according to card behavior analysis result;
Specifically, if card behavior analysis result is authorization requests ciphertext (ARQC), MPOS chips are by Trading Authorization result
It is set to online process;If piece behavioural analysis result is application authorization ciphertext (AAC), MPOS chips set Trading Authorization result
For transaction is refused.
For example:Card behavior analysis result is authorization requests ciphertext (ARQC), and MPOS chips set Trading Authorization result
It is online process " 02 ".
Step 422:MPOS chips by Bluetooth channels to mobile terminal send include Trading Authorization result, Transaction Information and
The transaction message of air control data;
Specifically, MPOS chips are signed to air control data, obtain signature value, and tissue includes Trading Authorization result, hands over
The transaction message of easy information, air control data and signature value, sent to mobile terminal by Bluetooth channels include Trading Authorization result,
The transaction message of Transaction Information, air control data and signature value.
For example:MPOS chip cards tissue includes the transaction report of Trading Authorization result, Transaction Information, air control data and signature value
Wen Hou, the transaction message for obtaining is:02 95 05 08 80 00 00 00 9a 03 15 12 24 9f 37 04 cb b9
32 b3 82 02 7c 00 9f 36 02 00 3b 9f 27 01 80 9f 26 08 b7 63 29 74 b0 98 77 92
9f 10 08 07 01 01 03 a4 b8 04 01 9f 34 03 41 03 02 9f 41 04 00 00 00 03 84 07
a0 00 00 03 33 01 01 9f 09 02 00 8c 9c 01 31 5f 2a 02 01 56 9f 1a 02 01 56 9f
03 06 00 00 00 00 00 00 9f 33 03 a0 c8 c8 9f 35 01 34 9f 1e 08 00 00 00 00 00
00 00 00 9f 02 06 00 00 00 00 00 00 7E 3E 01 C4 5E 05 B6 D1 99 E0 CD 67 3C 44
EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD 16 F5 44 68 E0 CE 87
0B DF 63 E2 39 E2 7A 1B 48 D8 9E AF 52 AA 6D 0C 7A 8A 21 08 DC F0 2A 7A 62 D1
44 F6 3B 10 81 7B 79 5C 5C 1C F8 2C 92 E0.Wherein, first character section " 02 " is Trading Authorization result,
Represent online process;" 9f 02 06 00 00 00 00 00 00 " is dealing money, represents that dealing money is 0 yuan;“9a 03
15 12 24 " it is trade date, expression trade date is on December 24th, 2015.Wherein, " the B6 of 01 C4 5E of 7E 3E 05
D1 99 E0 CD 67 3C 44 EA 7A 14 1A 8A B2 D6 6C 73 9B D8 27 12 CA AA F3 11 C2 DD
The E2 7A 1B of 16 F5,44 68 E0 CE, 87 0B DF, 63 E2 39 " are air control data;“48 D8 9E AF 52 AA 6D
The E0 of 21 08 79 5C 5C 1C F8 2C of DC 10 81 7B of F0 2A 7A 62 D1,44 F6 3B of 0C 7A 8A 92 " are
Signature value.
It should be noted that, MPOS chips can also be signed before this step to air control data, obtain signature value.
It should be noted that, if if MPOS chips are tested holder according to online PIN verification modes in step 415
Card, also includes the online PIN code of the user input that MPOS chips get in transaction message.
Step 422 may be replaced by:MPOS chips are sent by Bluetooth channels to mobile terminal includes Trading Authorization knot
Fruit and the transaction message of Transaction Information.
Step 423:Mobile terminal is according to the online message of transaction message tissue;
Step 424:Mobile terminal sends online message to server;
Step 425:Server carries out risk management according to online message, obtains risk management result;
Step 426:Server is according to the transaction response of risk management result tissue;
Step 427:Server sends transaction response to mobile terminal;
Step 428:Mobile terminal sends transaction response by Bluetooth channels to MPOS chips;
Step 429:MPOS chips are according to transaction response generation transaction record;
Step 430:MPOS chips send transaction record by Bluetooth channels to mobile terminal;
Step 431:Mobile terminal completes to conclude the business according to transaction record.
In the present embodiment, after step 412, also include:Friendship in Transaction Information of the MPOS chips in trading instruction
Easy type, judges whether to show the dealing money in Transaction Information, if it is not, then performing step 413;Otherwise, then transaction is shown
The amount of money, waits user to confirm, after user's confirmation is detected in the first Preset Time, performs step 413;If first
User's confirmation is not detected in Preset Time, error message is returned to mobile terminal;
Also include before step 422:MPOS chips judge that Trading Authorization result is transaction refusal or online process, if transaction
Authorization result is refused for transaction, then the transaction of MPOS chips refusal, display refusal Transaction Information;If Trading Authorization result is online place
Reason, performs step 422.
It should be noted that, in the present embodiment, bluetooth module can also be included in Bluetooth intelligent card, MPOS chips and movement are eventually
Bluetooth communication between end can be, but not limited to be realized by bluetooth module.
The method of the blue-tooth intelligence card control transaction risk that the present embodiment is provided, the Bluetooth intelligent card need not be by finance
Terminal can just complete financial transaction, and after air control data are got according to trading instruction, the air control data according to itself are calculated
Air control index, when air control index is more than the first risk threshold value, by the off line authentication mode in stand-by mode of concluding the business or holder
At least one of trading limit in authentication mode or terminal management risk mode, after being updated to safer rank, then enters
Row transaction prepares and continues, and before behavioural analysis result is obtained, terminal behavior code is updated, afterwards according to terminal authentication knot
Fruit and terminal behavior code carry out behavioural analysis and obtain behavioural analysis result, are judged whether to according to behavioural analysis result online
Transaction, improves the security and convenience of transaction.
Embodiment 5
A kind of Bluetooth intelligent card is present embodiments provided, including:Link block 01, the first receiver module 02, transaction prepare
Module 03, the first update module 04, behavioural analysis module 05, setting Authorization result module 06, the first sending module 07, second connect
Receive module 08, the sending module 10 of trades record module 09 and second;Necessarily, Bluetooth intelligent card also includes:Risk judgment module
11st, the second update module 12 and/or the 3rd update module 13;Wherein, a kind of block diagram of Bluetooth intelligent card can be such as Fig. 6
It is shown.
Link block 01, for setting up bluetooth connection with mobile terminal;
First receiver module 02, for after link block 01 and mobile terminal set up bluetooth connection, by Bluetooth channels
Receive the trading instruction from mobile terminal;
Transaction preparation module 03, trading instruction and the transaction of itself for being received according to the first receiver module 02 prepare
Mode is traded preparation and obtains transaction preparation result;
First update module 04, the transaction for being obtained according to transaction preparation module 03 prepares result and updates terminal authentication knot
Really;
In the present embodiment, the first update module 04, if it is failure that can prepare result specifically for transaction, terminal is tested
The data on risk bit in card result are updated to second value, the terminal authentication result after being updated;If transaction is accurate
Standby result is successfully, then the data on the risk bit in terminal authentication result to be updated into the first numerical value, after being updated
Terminal authentication result.
In the present embodiment, Bluetooth intelligent card can also include:Initialization module;
Initialization module, for when the first update module 04 according to transaction prepare result update terminal authentication result before,
It is the first numerical value by the data initialization on all bits of terminal authentication result;Correspondingly, the first update module 04, specifically
If it is failure to prepare result for concluding the business, the data on the risk bit in terminal authentication result are updated to the second number
Value, the terminal authentication result after being updated.
Behavioural analysis module 05, for according to the terminal authentication result and the terminal of itself after the renewal of the first update module 04
Behavior code carries out behavioural analysis and obtains behavioural analysis result;
Behavioural analysis module 05 includes:Terminal behavior analyzes submodule and card behavioural analysis submodule;
Terminal behavior analyzes submodule, for by the terminal authentication result bit corresponding with terminal behavior code
Data carry out computing, obtain operation result, according to operation result line be analysis result;
Terminal behavior analysis submodule includes:First arithmetic element and the first setting unit;
First arithmetic element, for the data on the terminal authentication result bit corresponding with terminal behavior code to be entered
Row and computing;
First setting unit, if being the first result for the operation result of the first arithmetic element, will then by terminal behavior
Analysis result is set to log-in treatment;If the operation result of the first arithmetic element is not the first result, by terminal behavior
Analysis result is set to requests transaction refusal;
Card behavioural analysis submodule, for carrying out card behavioural analysis according to terminal behavior analysis result, sets card
Behavioural analysis result, using card behavior analysis result as behavioural analysis result.
Behavioural analysis submodule, if terminal behavior analysis result is set into requests transaction specifically for the first setting unit
During refusal, card behavioural analysis is carried out according to terminal behavior analysis result, it is that application authorization is close to set card behavior analysis result
Text, using card behavior analysis result as behavioural analysis result;If be set to for terminal behavior analysis result by the first setting unit
During log-in treatment, then card behavior analysis result is set to authorization requests ciphertext or application authorization ciphertext, by card row
It is analysis result as behavioural analysis result.
Authorization result module 06 is set, if being that authorization requests are close for the behavioural analysis result that behavioural analysis module 05 is obtained
Text, then it is online process to set Trading Authorization result;If the behavioural analysis result that behavioural analysis module 05 is obtained is application authorization
Ciphertext, then be set to transaction refusal by Trading Authorization result;
First sending module 07, for Trading Authorization result to be set into online process when setting Authorization result module 06
Afterwards, the transaction report of the Transaction Information included in Trading Authorization result and trading instruction is sent to mobile terminal by Bluetooth channels
Text;
Second receiver module 08, for receiving the transaction response from mobile terminal by Bluetooth channels;
Trades record module 09, for the transaction response generation transaction note received according to the second receiver module 08
Record;
Second sending module 10, for sending transaction record to mobile terminal by Bluetooth channels;
Risk judgment module 11, the trading instruction for being received according to the first receiver module 02 judges whether transaction
Risk;After risk judgment module 11 is judged as NO, triggering transaction preparation module 03;
In the present embodiment, risk judgment module 11 includes:First acquisition submodule, the first judging submodule, first calculate
Submodule, the second judging submodule and the first sub-module stored;
First acquisition submodule, for obtaining the air control data in trading instruction;
First judging submodule, for judging to whether there is data in scratchpad area (SPA);
First calculating sub module, for after the first judging submodule is judged as YES, then by the data in scratchpad area (SPA)
As air control historical data, air control index is calculated according to air control data and air control historical data;
Second judging submodule, for judging air control index whether more than the first risk threshold value;
First sub-module stored, for after the first judging submodule is judged as NO, air control data Cun Chudao being deposited temporarily
In storage area, triggering transaction preparation module 03;After the second judging submodule is judged as NO, by air control data Cun Chudao interim storages
Qu Zhong, triggering transaction preparation module 03.
Further, also include in transaction message:Air control data.
Second update module 12, for after risk judgment module 11 is judged as YES, transaction preparation module 03 to be concluded the business
Before preparing result, transaction stand-by mode is updated to more secure level;
3rd update module 13, for after risk judgment module 11 is judged as YES, behavioural analysis module 05 to obtain behavior
Before analysis result, the terminal behavior code of itself is updated.
In the present embodiment, if risk judgment module 11 triggers the second update module 12 and the first update module after being judged as YES
04 updates triggering behavioural analysis module 05 after terminal authentication result, then terminal behavior code can be default, terminal behavior generation
In code is second value with the data on corresponding bit on risk bit.
In the present embodiment, the 3rd update module 13 can be specifically for after risk judgment module 11 be judged as YES, behavior
To with the data on risk bit be the second number in terminal behavior code before analysis module 05 obtains behavioural analysis result
In the corresponding bit of bit of value, the data at least one bit are updated to second value.
In the present embodiment, the 3rd update module 13 can also be specifically for after risk judgment module 11 be judged as YES, OK
Before obtaining behavioural analysis result for analysis module 05, by terminal behavior code with corresponding bit on risk bit
On data be updated to second value.
In the present embodiment, transaction stand-by mode includes:Off line authentication mode, treatment limitation mode, holder's authentication mode
With terminal risk management mode;
Transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule, reading application record submodule
Block, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule;
First update module 04 is specifically included:First update submodule, second update submodule, the 3rd update submodule and
4th updates submodule;
Submodule is applied in selection, for being selected to apply according to trading instruction;
Submodule is applied in initialization, for initializing the application for having selected;
Record sub module is applied in reading, for reading application record;
Off line authentication sub module, off line certification is carried out for the off line authentication mode according to itself, obtains off line certification knot
Really;
Holder's authentication sub module, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of itself limitation mode
Really;
Holder verifies submodule, for obtaining holding for itself according to the application record for reading to be read using record sub module
Card people's authentication mode;Holder's authentication mode according to itself carries out checking to holder and obtains holder's the result;
Holder verifies submodule, if being judged in the absence of transaction according to trading instruction specifically for risk judgment module 11
Risk, then will according to read using record sub module read application record in the authentication list of holder first as itself
The authentication list of holder second is simultaneously preserved, and the holder's authentication mode of itself is obtained according to the authentication list of holder second, according to
The holder's authentication mode of itself is verified to holder;If risk judgment module 11 is judged to exist according to trading instruction handing over
Easy risk, then obtain the holder's authentication mode of itself, the holder's certification according to itself according to the authentication list of holder second
Mode is verified to holder.
Treatment limitation submodule, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of itself limitation mode
Really;
Risk management submodule, terminal risk management is carried out for the terminal risk management mode according to itself, obtains end
End risk management result;
First updates submodule, for updating terminal authentication result according to off line authentication result;
Second updates submodule, for updating terminal authentication result according to treatment limitation result;
3rd updates submodule, for according to holder's the result, updating terminal authentication result;
4th updates submodule, for according to terminal risk management result, updating terminal authentication result.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule,
Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule
During block, the second update module 12 can be specifically included:5th updates submodule, the 6th renewal submodule, the 7th renewal submodule
Block, the 8th update at least one of submodule;
5th updates submodule, for after risk judgment module 11 is judged as YES, off line authentication sub module to obtain off line
Before authentication result, off line authentication mode is updated to more secure level;
5th renewal submodule specifically includes the first updating block;
First updating block, for after risk judgment module 11 is judged as YES, off line authentication sub module to obtain off line and recognizes
Before card result, off line parameters for authentication according to itself by off line authentication mode by the relatively low off line authentication mode of level of security more
The new off line authentication mode higher for level of security.
First updating block, specifically for after risk judgment module 11 is judged as YES, off line authentication sub module is taken off
Before machine authentication result, by the parameter value of off line parameters for authentication corresponding with the off line authentication mode that level of security is higher by first
Numerical value is updated to second value.
6th updates submodule, for after risk judgment module 11 is judged as YES, treatment limitation submodule to be processed
Before limitation result, treatment limitation mode is updated to more secure level;
7th updates submodule, is held for after risk judgment module 11 is judged as YES, holder's checking submodule to be obtained
Before card people's the result, holder's authentication mode is updated to more secure level;
7th renewal submodule specifically includes the second updating block;
Second updating block, for after risk judgment module 11 is judged as YES, holder's checking submodule to be obtained and held
Before people's the result, the authentication list of holder second is updated, holder's authentication mode is updated to more secure level.
Second updating block, specifically for by the holder in the holder's authentication codes in the authentication list of holder second
Authentication mode mark is updated to more secure level, and holder's authentication mode is updated into more secure level.
8th updates submodule, for after risk judgment module 11 is judged as YES, risk management submodule to obtain terminal
Before risk management result, terminal risk management mode is updated to more secure level.
In the present embodiment, risk management submodule carries out terminal risk management specifically for the trading limit according to itself,
Terminal risk management result is obtained, terminal authentication result is updated according to risk management result;Correspondingly, the 8th updates submodule,
Specifically for reducing trading limit.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule,
Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule
During block, can also include:Transaction Information judge module, the first display module, first detection module and the module that reports an error;
Transaction Information judge module, for after application record sub module reading application record is read, according in trading instruction
Transaction Information judge whether show Transaction Information in dealing money;If so, then triggering off line authentication sub module;
First display module, for after Transaction Information judge module is judged as YES, showing dealing money;When the first detection
Module does not detect user's confirmation in the first Preset Time, shows error message;When Trading Authorization result is transaction
Refusal, display refusal Transaction Information;
Report an error module, for after the first display module shows error message, error message being returned to mobile terminal;
First detection module, for after the first display module shows dealing money, being detected in the first Preset Time and being used
Family confirmation;If after user's confirmation is detected in the first Preset Time, triggering off line authentication sub module.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule,
Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule
During block, holder's checking submodule can be specifically for the prompting online PIN of user input, if being obtained in the second Preset Time
To the online PIN of user input, then holder is verified according to the holder's authentication mode for including the online PIN of input, obtained
Take holder's the result;If not getting the online PIN of user input in the second Preset Time, holder's checking knot
Fruit is holder's authentication failed;Correspondingly, the also online PIN including user input in transaction message.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule,
Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule
During block, can also include:Initialization module;
Initialization module, for when first update submodule according to off line authentication result update terminal authentication result before,
It is the first numerical value by the data initialization on all bits of terminal authentication result;
First updates submodule, if being authentification failure specifically for off line authentication result, will be de- in terminal authentication result
Data on machine certification risk bit are updated to second value, the terminal authentication result after being updated;
3rd updates submodule, if being holder's authentication failed specifically for holder's the result, by terminal authentication
The data on holder's checking risk bit in result are updated to second value, the terminal authentication result after being updated;
4th updates submodule, and whether trading limit is exceeded specifically for the dealing money in detection trading instruction, if so,
The data on the risk management risk bit in terminal authentication result are then updated to second value.
In the present embodiment, when transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule,
Read application record sub module, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule
During block, first updates submodule, if can also be authentification failure specifically for off line authentication result, by terminal authentication result
Data on off line certification risk bit are updated to second value, the terminal authentication result after being updated;If off line certification
Result is certification success, and the data on the off line certification risk bit in terminal authentication result are updated into the first numerical value, is obtained
Terminal authentication result after to renewal;
3rd updates submodule, if can also be holder's authentication failed specifically for holder's the result, will eventually
The data on holder's checking risk bit in the result of end are updated to second value, the terminal authentication after being updated
As a result;If holder's the result is proved to be successful for holder, the holder in terminal authentication result is verified into risk bit
Data on position are updated to the first numerical value, the terminal authentication result after being updated;
4th updates submodule, can also be limited specifically for whether the dealing money in detection trading instruction exceedes transaction
Volume, if so, the data on the risk management risk bit in terminal authentication result then are updated into second value;Otherwise, will
The data on risk management risk bit in terminal authentication result are updated to the first numerical value.
Further, if risk judgment module 11 triggers the second update module 12 and the first update module 04 after being judged as YES
Trigger behavioural analysis module 05 after updating terminal authentication result, then terminal behavior code can be it is default, specifically, terminal row
The data on bit corresponding with off line certification risk bit in for code are second value;In terminal behavior code
Data on bit corresponding with holder's checking risk bit are second value;In terminal behavior code with risk pipe
Data on reason risk bit are second value.
Further, the 3rd update module 13, can be specifically for after risk judgment module 11 is judged as YES, behavior divides
Analysis module 05 obtain behavioural analysis result before, by terminal behavior code with off line certification risk bit on, holder
On checking risk bit in bit corresponding with the bit that the data on risk management risk bit are second value
, the data at least one bit are updated to second value;After risk judgment module 11 is judged as NO, triggering transaction is accurate
Standby module 03.
Further, the 3rd update module 13, can also be specifically for after risk judgment module 11 be judged as YES, behavior
Before analysis module 05 obtains behavioural analysis result, by terminal behavior code with off line certification risk bit, holder
Data on checking risk bit and the corresponding bit of risk management risk bit are updated to second value;When risk is sentenced
After disconnected module 11 is judged as NO, triggering transaction preparation module 03.
In the present embodiment, off line certification risk bit includes:7th bit of the first character section of terminal authentication result
Position, the 4th bit and the 3rd bit;
Holder's the result risk bit includes:3rd the 8th bit of byte of terminal authentication result;
Risk management risk bit includes:4th the 8th bit of byte of terminal authentication result.
In the present embodiment, Bluetooth intelligent card can specifically include IC chip and MPOS chips;Correspondingly:
Link block 01, specifically for setting up bluetooth connection by MPOS chips and mobile terminal;
First receiver module 02, specifically for after link block 01 and mobile terminal set up bluetooth connection, by MPOS
Chip receives the trading instruction from mobile terminal by Bluetooth channels;
Transaction preparation module 03, specifically for sending transaction preparation instruction to IC chip by MPOS chips, reception comes from
The transaction of IC chip prepares response;By stating trading instruction and the MPOS cores that MPOS chips are received according to the first receiver module 02
The transaction stand-by mode of piece is traded preparation and obtains transaction preparation result;
First update module 04, specifically for preparing knot according to the transaction that transaction preparation module 03 is obtained by MPOS chips
Fruit updates terminal authentication result;
Behavioural analysis module 05, specifically for by MPOS chips according to the terminal authentication result after renewal and the end of itself
End behavior code carries out behavioural analysis and obtains behavioural analysis result;
Further, behavioural analysis module 05 is specifically included:Terminal behavior analyzes submodule and card behavioural analysis submodule
Block;Card behavioural analysis submodule is specifically included:First transmitting element, the first analytic unit, the second transmitting element and the first knot
Fruit unit;
Terminal behavior analyzes submodule, specifically for by MPOS chips by terminal authentication result and terminal behavior code
Data on corresponding bit carry out computing, obtain operation result, are analysis result according to operation result line;
First transmitting element, it is close for terminal behavior analysis result to be sent into request application to IC chip by MPOS chips
Text instruction;
First analytic unit, for carrying out card behavioural analysis by IC chip, obtains card behavior analysis result;
Second transmitting element, for sending card behavioural analysis result to MPOS chips by IC chip;
First result unit, for by MPOS chips using card behavior analysis result as behavioural analysis result.
Authorization result module 06 is set, if please to authorize specifically for the behavioural analysis result that behavioural analysis module 05 is obtained
Ciphertext is sought, then it is online process to set Trading Authorization result by MPOS chips;If the behavior that behavioural analysis module 05 is obtained point
Analysis result is application authorization ciphertext, then Trading Authorization result is set into transaction refusal by MPOS chips;
First sending module 07, specifically for passing through MPOS chips by Trading Authorization result when setting Authorization result module 06
After being set to online process, being sent to mobile terminal by Bluetooth channels by MPOS chips includes Trading Authorization result and transaction
The transaction message of the Transaction Information in instruction;
Second receiver module 08, specifically for receiving the transaction from mobile terminal by Bluetooth channels by MPOS chips
Response;
Trades record module 09, specifically for generating transaction record according to transaction response by MPOS chips;
Second sending module 10, specifically for sending transaction note to mobile terminal by Bluetooth channels by MPOS chips
Record;
Risk judgment module 11, specifically for the trading instruction received according to the first receiver module 02 by MPOS chips
Judge whether transaction risk;After risk judgment module 11 is judged as NO, triggering transaction preparation module 03;
Second update module 12, specifically for after risk judgment module 11 is judged as YES, transaction preparation module 03 is obtained
Before transaction prepares result, transaction stand-by mode is updated to by more secure level by MPOS chips;
3rd update module 13, specifically for after risk judgment module 11 is judged as YES, behavioural analysis module 05 is obtained
Before behavioural analysis result, the terminal behavior code of itself is updated by MPOS chips.
In the present embodiment, transaction stand-by mode includes:Off line authentication mode, treatment limitation mode, holder's authentication mode
With terminal risk management mode:Accordingly;
Transaction preparation module 03 is specifically included:Selection application submodule, initialization application submodule, reading application record submodule
Block, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule;
First update module 04 is specifically included:First update submodule, second update submodule, the 3rd update submodule and
4th updates submodule;
Selection is specifically included using submodule:3rd transmitting element, selection applying unit and the 4th transmitting element;Initialization
Submodule is specifically included:5th transmitting element, initialization applying unit and the 6th transmitting element;Read application record sub module specific
Including:Recording unit and the 8th transmitting element are applied in 7th transmitting element, reading;Off line authentication sub module is specifically included:9th
Transmitting element, the tenth transmitting element and off line authentication unit;Treatment limitation submodule is specifically included:Treatment limiting unit;Hold
People's checking submodule is specifically included:Holder's authentication unit;Risk management submodule is specifically included:Risk management unit;
First renewal submodule is specifically included:3rd updating block;Second renewal submodule is specifically included:4th updates single
Unit;3rd renewal submodule is specifically included:5th updating block;Institute the 4th updates submodule and specifically includes:6th updating block;
3rd transmitting element, for sending selection application instruction to IC chip by MPOS chips;
Selection applying unit, for selecting application according to selection application instruction by IC chip;
4th transmitting element, for sending selection application success response to MPOS chips by IC chip;
5th transmitting element, initialization directive is applied for being sent to IC chip by MPOS chips;
Initialization applying unit, for initializing the application for having selected by IC chip;
6th transmitting element, for returning to application initialization successful respond to MPOS chips by IC chip;
7th transmitting element, for sending reading application recording instruction to IC chip by MPOS chips;
Reading application recording unit, for reading application record by IC chip;
8th transmitting element, for returning to read record successful respond to MPOS chips by IC chip;
9th transmitting element, instructs for sending off line certification to IC chip by MPOS chips;
Tenth transmitting element, for receiving the off line certification response from IC chip by MPOS chips;
Off line authentication unit, the off line certification response for being received according to MPOS chips obtains off line authentication result;
Treatment limiting unit, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of MPOS chips limitation mode
Really;
Holder's authentication unit, the read record successful respond for being received according to MPOS chips obtains holding for MPOS chips
Card people's authentication mode;Holder's authentication mode according to MPOS chips verifies to holder, obtains holder's the result;
Risk management unit, terminal risk management is carried out for the terminal risk management mode according to MPOS chips, is obtained
Terminal risk management result;
3rd updating block, for updating terminal authentication result according to off line authentication result;
4th updating block, for updating terminal authentication result according to treatment limitation result;
5th updating block, for according to holder's the result, updating terminal authentication result;
6th updating block, for according to terminal risk management result, updating terminal authentication result.
It should be noted that, in the present embodiment, bluetooth module, Bluetooth intelligent card and movement can also be included in Bluetooth intelligent card
Bluetooth communication between terminal can be, but not limited to be realized by bluetooth module.
A kind of Bluetooth intelligent card is present embodiments provided, the Bluetooth intelligent card by financial terminal without can just complete
Financial transaction, and after trading instruction is received, transaction risk is judged whether according to trading instruction, if there is risk,
Also include:Preparation is traded again after transaction stand-by mode is updated into more secure level, and preparing result according to transaction updates eventually
Hold behavior outcome and/or update the terminal behavior code of itself before carrying out behavioural analysis;Afterwards according to terminal authentication result
Behavioural analysis being carried out with terminal behavior code and obtaining behavioural analysis result, online friendship is judged whether to according to behavioural analysis result
Easily, the security and convenience of transaction are improved.
The above, the only present invention preferably specific embodiment, but protection scope of the present invention is not limited thereto,
Any one skilled in the art in technical scope disclosed by the invention, the change or replacement that can be readily occurred in,
Should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims
It is defined.
Claims (58)
1. a kind of method of blue-tooth intelligence card control transaction risk, it is characterised in that including:
Step s1:Bluetooth intelligent card sets up bluetooth connection with mobile terminal;
Step s2:The Bluetooth intelligent card receives the trading instruction from the mobile terminal by Bluetooth channels;
Step s3:The Bluetooth intelligent card is traded preparation and obtains according to the trading instruction and the transaction stand-by mode of itself
Transaction prepares result, and preparing result according to transaction updates terminal authentication result;
Step s4:The Bluetooth intelligent card carries out behavioural analysis according to the terminal authentication result and the terminal behavior code of itself
Behavioural analysis result is obtained, if behavioural analysis result is authorization requests ciphertext, it is online process to set Trading Authorization result, is held
Row step s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction refusal, the bluetooth
Intelligent Card Rejections transaction, terminates;
Step s5:The Bluetooth intelligent card by Bluetooth channels to the mobile terminal send include the Trading Authorization result with
The transaction message of the Transaction Information in the trading instruction;
Step s6:The Bluetooth intelligent card receives the transaction response from the mobile terminal by the Bluetooth channels;
Step s7:The Bluetooth intelligent card is according to the transaction response generation transaction record;
Step s8:The Bluetooth intelligent card sends the transaction record by Bluetooth channels to the mobile terminal, terminates;
After the trading instruction of the reception from the mobile terminal, also include:The Bluetooth intelligent card is according to the transaction
Instruction judges whether transaction risk:When judged result is to be, also include before the step s3:The Bluetooth intelligent card
Also include before the transaction stand-by mode is updated into more secure level and/or the step s4:The Bluetooth intelligent card
Update the terminal behavior code of itself;When judged result is no, step s3 is performed.
2. method according to claim 1, it is characterised in that described result is prepared according to transaction to update terminal authentication result
Specially:If it is failure that transaction prepares result, the data on the risk bit in terminal authentication result are updated to second
Numerical value, the terminal authentication result after being updated;If it is successfully, by the wind in terminal authentication result that transaction prepares result
Data on dangerous bit are updated to the first numerical value, the terminal authentication result after being updated.
3. method according to claim 1, it is characterised in that described result is prepared according to transaction to update terminal authentication result
Before, also include:Data initialization on all bits of the terminal authentication result is first by the Bluetooth intelligent card
Numerical value;
It is described to be specially according to transaction preparation result renewal terminal authentication result:If it is failure that transaction prepares result, by terminal
The data on risk bit in the result are updated to second value, the terminal authentication result after being updated.
4. according to the method in claim 2 or 3, it is characterised in that if the Bluetooth intelligent card is according to the trading instruction
There is transaction risk in judgement, the transaction stand-by mode is updated into more secure level performs step s3, after the step s3
Perform step s4;Then the data on the bit corresponding with the risk bit in the terminal behavior code are the second number
Value.
5. according to the method in claim 2 or 3, it is characterised in that the Bluetooth intelligent card updates the terminal behavior of itself
Code is specially:To with the data on the risk bit be the bit pair of second value in the terminal behavior code
In the bit answered, the data at least one bit are updated to second value.
6. according to the method in claim 2 or 3, it is characterised in that the renewal terminal behavior code of itself, specifically
For:Data on bit corresponding with the risk bit in the terminal behavior code are updated to second value.
7. method according to claim 1, it is characterised in that described according to the terminal authentication result and the terminal of itself
Behavior code carries out behavioural analysis and obtains behavioural analysis result, specifically includes:
Step s41:The Bluetooth intelligent card is by the terminal authentication result bit corresponding with the terminal behavior code
Data on position carry out computing, obtain operation result, are analysis result according to the operation result line;
Step s42:The Bluetooth intelligent card carries out card behavioural analysis according to the terminal behavior analysis result, sets card row
It is analysis result, using card behavior analysis result as behavioural analysis result.
8. method according to claim 7, it is characterised in that the step s41 is specially:The Bluetooth intelligent card is by institute
The data stated on the terminal authentication result bit corresponding with the terminal behavior code are carried out and computing, if operation result is
First result, then be set to log-in treatment by the terminal behavior analysis result;Otherwise, the terminal behavior is analyzed and is tied
Fruit is set to requests transaction refusal;
The step s42 is specially:If the terminal behavior analysis result is refused for requests transaction, the Bluetooth intelligent card root
Card behavioural analysis is carried out according to the terminal behavior analysis result, it is application authorization ciphertext to set card behavior analysis result, will
Card behavior analysis result is used as behavioural analysis result;If the terminal behavior analysis result is log-in treatment, will card
Piece behavioural analysis result is set to authorization requests ciphertext or application authorization ciphertext, using card behavior analysis result as behavioural analysis
As a result.
9. method according to claim 1, it is characterised in that described that transaction is judged whether according to the trading instruction
Risk, specifically includes:
Step a1:Whether the Bluetooth intelligent card obtains the air control data in the trading instruction, judges deposited in scratchpad area (SPA)
In data, if it is, using the data in the scratchpad area (SPA) as air control historical data, performing step a2;Otherwise, do not deposit
In transaction risk, by the air control data Cun Chudao scratchpad area (SPA)s;
Step a2:The Bluetooth intelligent card calculates air control index according to the air control data and the air control historical data, judges
Whether air control index is more than the first risk threshold value, if it is, there is transaction risk;Otherwise, in the absence of transaction risk, will be described
In air control data Cun Chudao scratchpad area (SPA)s.
10. method according to claim 9, it is characterised in that also include in the transaction message:The air control data.
11. methods according to claim 1, it is characterised in that the transaction stand-by mode includes:Off line authentication mode,
Treatment limitation mode, holder's authentication mode and terminal risk management mode:
The step s3 is specifically included:
Step s31:The Bluetooth intelligent card selects to apply according to the trading instruction, the application that initialization has been selected, and reading should
With record;
Step s32:The Bluetooth intelligent card carries out off line certification according to the off line authentication mode of itself, obtains off line certification knot
Really, terminal authentication result is updated according to off line authentication result;
Step s33:The Bluetooth intelligent card carries out treatment limitation and obtains treatment limitation result according to the treatment of itself limitation mode,
Terminal authentication result is updated according to treatment limitation result;
Step s34:The Bluetooth intelligent card obtains the holder's authentication mode of itself according to the application record for reading;According to itself
Holder's authentication mode to holder carry out checking obtain holder's the result, according to holder's the result more new terminal
The result;
Step s35:The Bluetooth intelligent card carries out terminal risk management according to the terminal risk management mode of itself, obtains terminal
Risk management result, terminal authentication result is updated according to terminal risk management result.
12. methods according to claim 11, it is characterised in that the Bluetooth intelligent card concludes the business stand-by mode more by described
It is newly more secure level, specially:The Bluetooth intelligent card recognizes the off line authentication mode, treatment limitation mode, holder
At least one of card mode and terminal risk management mode are updated to more secure level, perform step s31.
13. methods according to claim 11, it is characterised in that also include after the step s31:The blue-tooth intelligence
Block Transaction Information in the trading instruction to judge whether to show the dealing money in the Transaction Information, if it is not, then
Perform step s32;If it is, showing the dealing money, user is waited to confirm, if detecting use in the first Preset Time
Family confirmation, then perform step s32;If not detecting user's confirmation in the first Preset Time, the bluetooth
Smart card shows error message, and error message is returned to the mobile terminal;
It is described by Trading Authorization result be set to transaction refusal after, also include:The Bluetooth intelligent card display refusal Transaction Information.
14. methods according to claim 11, it is characterised in that the step s34 is specially:The Bluetooth intelligent card is carried
Show the online PIN of user input, if getting the online PIN of user input in the second Preset Time, join according to including being input into
Holder's authentication mode of machine PIN verifies to holder, obtains holder's the result, according to holder's the result more
The new terminal authentication result;If not getting the online PIN of user input in the second Preset Time, holder's checking
Result is holder's authentication failed, and the terminal authentication result is updated according to holder's the result;
The also online PIN including user input in the transaction message.
15. methods according to claim 11, it is characterised in that also include in the step s31:The Bluetooth intelligent card
It is the first numerical value by the data initialization on all bits of the terminal authentication result;
It is described that terminal authentication result is updated according to off line authentication result, specially:If the off line authentication result is authentification failure,
The data on the off line certification risk bit in terminal authentication result are then updated to second value, it is described after being updated
Terminal authentication result;
It is described that the terminal authentication result is updated according to holder's the result, specially:If holder's the result is to hold
People's authentication failed, then be updated to second value by the data on the holder's checking risk bit in terminal authentication result, obtains
Terminal authentication result after to renewal;
It is described that the terminal authentication result is updated according to risk management result, specially:The Bluetooth intelligent card detects the friendship
Whether the dealing money easily in instruction exceedes trading limit, if so, then by the risk management risk bit in terminal authentication result
Data on position are updated to second value.
16. methods according to claim 11, it is characterised in that described that terminal authentication knot is updated according to off line authentication result
Really, specially:If the off line authentication result is authentification failure, by the off line certification risk bit in terminal authentication result
On data be updated to second value, the terminal authentication result after being updated;If the off line authentication result is certification
Data on off line certification risk bit in terminal authentication result are updated to the first numerical value, after being updated by success
The terminal authentication result;
It is described that the terminal authentication result is updated according to holder's the result, specially:If holder's the result is to hold
People's authentication failed, then be updated to second value by the data on the holder's checking risk bit in terminal authentication result, obtains
Terminal authentication result after to renewal;If holder's the result is proved to be successful for holder, by terminal authentication result
Data on holder's checking risk bit are updated to the first numerical value, the terminal authentication result after being updated;
It is described that the terminal authentication result is updated according to risk management result, specially:The Bluetooth intelligent card detects the friendship
Whether the dealing money easily in instruction exceedes trading limit, if so, then by the risk management risk bit in terminal authentication result
Data on position are updated to second value;Otherwise, by the data on the risk management risk bit in terminal authentication result more
It is newly the first numerical value.
17. method according to claim 15 or 16, it is characterised in that if the Bluetooth intelligent card refers to according to the transaction
Make judgement exist transaction risk by the transaction stand-by mode be updated to perform after more secure level step s3, the step s3 it
Step s4 is performed afterwards;The then number on the bit corresponding with the off line certification risk bit in the terminal behavior code
According to being second value;The number on bit corresponding with holder checking risk bit in the terminal behavior code
According to being second value;The data on bit corresponding with the risk management risk bit in the terminal behavior code
It is second value.
18. method according to claim 15 or 16, it is characterised in that the terminal behavior code of the renewal itself, tool
Body is:By in the terminal behavior code with the off line certification risk bit on, holder checking risk bit on
In bit corresponding with the bit that the data on risk management risk bit are second value, at least one bit
On data be updated to second value.
19. method according to claim 15 or 16, it is characterised in that the terminal behavior code of the renewal itself, tool
Body is:In the terminal behavior code risk bit and wind will be verified with the off line certification risk bit, holder
Data on the corresponding bit of dangerous managing risk bit are updated to second value.
20. method according to claim 15 or 16, it is characterised in that the off line certification risk bit includes:Institute
State the 7th bit, the 4th bit and the 3rd bit of the first character section of terminal authentication result;
Holder's the result risk bit includes:3rd the 8th bit of byte of the terminal authentication result
Position;
The risk management risk bit includes:4th the 8th bit of byte of the terminal authentication result.
21. methods according to claim 12, it is characterised in that the off line authentication mode is updated to safer level
Not, specially:The Bluetooth intelligent card is relatively low by level of security by off line authentication mode according to the off line parameters for authentication of itself
Off line authentication mode is updated to level of security off line authentication mode higher.
22. methods according to claim 21, it is characterised in that the off line parameters for authentication according to itself recognizes off line
Card mode is updated to level of security off line authentication mode higher and is specially by the relatively low off line authentication mode of level of security:Will be with
The parameter value of the corresponding off line parameters for authentication of level of security off line authentication mode higher is updated to second value by the first numerical value.
23. methods according to claim 12, it is characterised in that the step s34 is specially:If the Bluetooth intelligent card
Judged in the absence of transaction risk, then holding in the application record that the Bluetooth intelligent card will read according to the trading instruction
Block the authentication list of people first as the authentication list of holder second of itself and preserve, obtained according to the authentication list of holder second
The holder's authentication mode of itself, the holder's authentication mode according to itself is verified to holder;If the blue-tooth intelligence
Card judges there is transaction risk according to the trading instruction, then obtain holding for itself according to the authentication list of the holder second
Card people's authentication mode, the holder's authentication mode according to itself is verified to holder.
24. methods according to claim 23, it is characterised in that the Bluetooth intelligent card is by the holder's authenticating party of itself
Formula is updated to more secure level, specially:The Bluetooth intelligent card updates the authentication list of holder second, by the holder of itself
Authentication mode is updated to more secure level.
25. methods according to claim 24, it is characterised in that the authentication list of renewal holder second, will hold
People's authentication mode is updated to more secure level, specially:By the holder's authentication codes in the authentication list of the holder second
In holder's authentication mode mark be updated to more secure level, holder's authentication mode is updated to more secure level.
26. methods according to claim 12, it is characterised in that described that end is carried out according to the terminal risk management mode
End risk management, obtains terminal risk management result, and it is specific to update the terminal authentication result according to terminal risk management result
For:The Bluetooth intelligent card carries out terminal risk management according to the trading limit of itself, obtains terminal risk management result, according to
Terminal risk management result updates the terminal authentication result;
It is described terminal risk management mode is updated to more secure level to be specially:The Bluetooth intelligent card reduction transaction limit
Volume.
27. methods according to claim 1, it is characterised in that the Bluetooth intelligent card includes IC chip and MPOS chips;
The step s1 is specially:The MPOS chips set up bluetooth connection with mobile terminal;
The step s2 is specially:The MPOS chips receive the trading instruction from the mobile terminal by Bluetooth channels;
The step s3 is specially:The MPOS chips send transaction preparation instruction to the IC chip, receive and come from the IC
The transaction of chip prepares response;The MPOS chips are traded preparation and obtain transaction preparation according to the transaction stand-by mode of itself
As a result, result is prepared according to the transaction and updates terminal authentication result;
The step s4 is specially:The MPOS chips are carried out according to the terminal authentication result and the terminal behavior code of itself
Behavioural analysis obtains behavioural analysis result, if behavioural analysis result is authorization requests ciphertext, it is connection to set Trading Authorization result
Machine treatment, performs step s5;If behavioural analysis result is application authorization ciphertext, Trading Authorization result is set to transaction and is refused
Absolutely, the blue-tooth intelligence Card Rejections transaction, terminates;
The step s5 is specially:The MPOS chips are sent by Bluetooth channels to mobile terminal includes the Trading Authorization knot
The transaction message of the Transaction Information in fruit and the trading instruction;
The step s6 is specially:The MPOS chips receive the transaction response from mobile terminal by Bluetooth channels;
The step s7 is specially:The MPOS chips are according to transaction response generation transaction record;
The step s8 is specially:The MPOS chips send transaction record by Bluetooth channels to mobile terminal;Terminate;
The Bluetooth intelligent card judges whether transaction risk according to the trading instruction, specially:The MPOS chips root
Transaction risk is judged whether according to the trading instruction;
The transaction stand-by mode is updated to more secure level by the Bluetooth intelligent card, specially:The MPOS chips are by institute
State transaction stand-by mode and be updated to more secure level;
The Bluetooth intelligent card updates the terminal behavior code of itself, specially:The MPOS chips update the terminal row of itself
It is code.
28. methods according to claim 27, it is characterised in that described according to the terminal authentication result and the end of itself
End behavior code carries out behavioural analysis, obtains behavioural analysis result, specifically includes:
Step t1:The MPOS chips are by the terminal authentication result bit corresponding with the terminal behavior code
Data carry out computing, obtain operation result, according to the operation result line be analysis result;
Step t2:The MPOS chips send request application cryptogram and instruct according to terminal behavior analysis result to IC chip;
Step t3:The IC chip carries out card behavioural analysis, obtains card behavior analysis result;
Step t4:The IC chip sends card behavioural analysis result to the MPOS chips;
Step t5:The MPOS chips are using card behavior analysis result as behavioural analysis result.
29. methods according to claim 27, it is characterised in that the transaction stand-by mode includes:Off line authentication mode,
Treatment limitation mode, holder's authentication mode and terminal risk management mode:
The MPOS chips send transaction preparation instruction to the IC chip, receive the transaction from the IC chip and prepare to answer
Answer;The MPOS chips are traded preparation and obtain transaction preparation result according to the transaction stand-by mode of itself, according to the friendship
Easily prepare result and update terminal authentication result, specifically include:
Step w1:The MPOS chips send selection application instruction to the IC chip;
Step w2:The IC chip is according to selection application instruction selection application;
Step w3:The IC chip sends selection application success response to the MPOS chips;
Step w4:The MPOS chips send to IC chip and apply initialization directive;
Step w5:The application that the IC chip initialization has been selected;
Step w6:The IC chip returns to application initialization successful respond to the MPOS chips;
Step w7:The MPOS chips send reading application recording instruction to IC chip;
Step w8:The IC chip reads application record;
Step w9:The IC chip returns to read record successful respond to the MPOS chips;
Step w10:The MPOS chips send off line certification and instruct to the IC chip, receive the off line from the IC chip
Certification response, off line authentication result is obtained according to the off line certification response, is tested according to the off line authentication result more new terminal
Card result;
Step w11:The MPOS chips carry out treatment limitation and obtain treatment limitation result, root according to the treatment of itself limitation mode
Result is limited according to the treatment update terminal authentication result;
Step w12:The MPOS chips obtain the holder's authentication mode of itself according to read record successful respond;According to itself
Holder's authentication mode verifies to holder, obtains holder's the result, according to holder's the result updates
Terminal authentication result;
Step w13:The MPOS chips carry out terminal risk management according to the terminal risk management mode of itself, obtain terminal wind
Danger management result, the terminal authentication result is updated according to risk management result.
A kind of 30. Bluetooth intelligent cards, it is characterised in that including:Link block, the first receiver module, transaction preparation module, first
Update module, behavioural analysis module, setting Authorization result module, the first sending module, the second receiver module, trades record module
With the second sending module;
The link block, for setting up bluetooth connection with mobile terminal;
First receiver module, for after the link block sets up bluetooth connection with the mobile terminal, by bluetooth
Trading instruction of the channel reception from the mobile terminal;
The transaction preparation module, for the trading instruction and the transaction of itself that are received according to first receiver module
Stand-by mode is traded preparation and obtains transaction preparation result;
First update module, the transaction for being obtained according to the transaction preparation module prepares result and updates terminal authentication knot
Really;
The behavioural analysis module, for according to the terminal authentication result and the terminal of itself after first update module renewal
Behavior code carries out behavioural analysis and obtains behavioural analysis result;
The setting Authorization result module, if being that authorization requests are close for the behavioural analysis result that the behavioural analysis module is obtained
Text, then it is online process to set Trading Authorization result;If the behavioural analysis result that the behavioural analysis module is obtained is using recognizing
Card ciphertext, then be set to transaction refusal by Trading Authorization result;
First sending module, for the Trading Authorization result to be set into online place when the setting Authorization result module
After reason, the transaction included in the Trading Authorization result and the trading instruction is sent to the mobile terminal by Bluetooth channels
The transaction message of information;
Second receiver module, for receiving the transaction response from the mobile terminal by the Bluetooth channels;
The trades record module, for the transaction response generation transaction note received according to second receiver module
Record;
Second sending module, for sending what the trades record module was generated to the mobile terminal by Bluetooth channels
The transaction record;
The Bluetooth intelligent card also includes:Risk judgment module, the second update module and/or the 3rd update module;
The risk judgment module, the trading instruction for being received according to first receiver module judges whether transaction
Risk;After the risk judgment module is judged as NO, the transaction preparation module is triggered;
Second update module, for after the risk judgment module is judged as YES, the transaction preparation module to be handed over
Before easily preparing result, the transaction stand-by mode is updated to more secure level;
3rd update module, for after the risk judgment module is judged as YES, the behavioural analysis module to be gone
Before for analysis result, the terminal behavior code of itself is updated.
31. Bluetooth intelligent cards according to claim 30, it is characterised in that first update module, if specifically for
It is failure that the transaction prepares result, then the data on the risk bit in terminal authentication result are updated into second value,
The terminal authentication result after being updated;If it is successfully, by the Hazard ratio in terminal authentication result that transaction prepares result
Data on special position are updated to the first numerical value, the terminal authentication result after being updated.
32. Bluetooth intelligent cards according to claim 30, it is characterised in that also include:Initialization module;
The initialization module, for updating terminal authentication result when first update module prepares result according to the transaction
Before, it is the first numerical value by the data initialization on all bits of the terminal authentication result;
First update module, if it is failure to prepare result specifically for transaction, by the Hazard ratio in terminal authentication result
Data on special position are updated to second value, the terminal authentication result after being updated.
33. Bluetooth intelligent card according to claim 31 or 32, it is characterised in that if the risk judgment module is judged as
The second update module is triggered after being and first update module updates triggering behavioural analysis module after terminal authentication result;Then institute
It is second value to state the data on the bit corresponding with the risk bit in terminal behavior code.
34. Bluetooth intelligent card according to claim 31 or 32, it is characterised in that the 3rd update module, it is specific to use
In will with data on the risk bit be the corresponding bit of the bit of second value in the terminal behavior code
In position, the data at least one bit are updated to second value.
35. Bluetooth intelligent card according to claim 31 or 32, it is characterised in that the 3rd update module, it is specific to use
In the data on the bit corresponding with the risk bit in the terminal behavior code are updated into second value.
36. Bluetooth intelligent cards according to claim 30, it is characterised in that the behavioural analysis module includes:Terminal row
It is analysis submodule and card behavioural analysis submodule;
The terminal behavior analyzes submodule, for the terminal authentication result is corresponding with the terminal behavior code
Data on bit carry out computing, obtain operation result, are analysis result according to the operation result line;
The card behavioural analysis submodule, for carrying out card behavioural analysis according to the terminal behavior analysis result, is set
Card behavior analysis result, using card behavior analysis result as behavioural analysis result.
37. Bluetooth intelligent cards according to claim 36, it is characterised in that the terminal behavior analysis submodule includes:
First arithmetic element and the first setting unit;
First arithmetic element, for by the terminal authentication result bit corresponding with the terminal behavior code
Data carry out and computing;
First setting unit, if for first arithmetic element operation result be the first result, will then will described in
Terminal behavior analysis result is set to log-in treatment;If the operation result of first arithmetic element is not the first result,
The terminal behavior analysis result is then set to requests transaction refusal;
The behavioural analysis submodule, if being set to the terminal behavior analysis result specifically for first setting unit
When requests transaction is refused, card behavioural analysis is carried out according to the terminal behavior analysis result, card behavior analysis result is set
It is application authorization ciphertext, using card behavior analysis result as behavioural analysis result;If first setting unit is by the end
When end behavioural analysis result is set to log-in treatment, then card behavior analysis result is set to authorization requests ciphertext or answered
Certification ciphertext is used, using card behavior analysis result as behavioural analysis result.
38. Bluetooth intelligent cards according to claim 30, it is characterised in that the risk judgment module includes:First obtains
Take submodule, the first judging submodule, the first calculating sub module, the second judging submodule and the first sub-module stored;
First acquisition submodule, for obtaining the air control data in the trading instruction;
First judging submodule, for judging to whether there is data in scratchpad area (SPA);
First calculating sub module, for after first judging submodule is judged as YES, then by the scratchpad area (SPA)
In data as air control historical data, calculate air control index according to the air control data and the air control historical data;
Second judging submodule, for judging the air control index whether more than the first risk threshold value;
First sub-module stored, for after first judging submodule is judged as NO, by the air control data storage
To in scratchpad area (SPA), the transaction preparation module is triggered;After second judging submodule is judged as NO, by the air control
In data Cun Chudao scratchpad area (SPA)s, the transaction preparation module is triggered.
39. Bluetooth intelligent card according to claim 38, it is characterised in that also include in the transaction message:The wind
Control data.
40. Bluetooth intelligent cards according to claim 30, it is characterised in that the transaction stand-by mode includes:Off line is recognized
Card mode, treatment limitation mode, holder's authentication mode and terminal risk management mode;
The transaction preparation module is specifically included:Selection application submodule, initialization application submodule, reading application record submodule
Block, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule;
First update module is specifically included:First updates submodule, second updates submodule, the 3rd updates submodule and the
Four update submodule;
Submodule is applied in the selection, for being selected to apply according to the trading instruction;
Submodule is applied in the initialization, for initializing the application for having selected;
Record sub module is applied in the reading, for reading application record;
The off line authentication sub module, off line certification is carried out for the off line authentication mode according to itself, obtains off line certification knot
Really;
Holder's authentication sub module, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of itself limitation mode
Really;
The holder verifies submodule, for obtaining itself according to the application record for reading to be read using record sub module
Holder's authentication mode;Holder's authentication mode according to itself carries out checking to holder and obtains holder's the result;
The treatment limitation submodule, treatment limitation knot is obtained for carrying out treatment limitation according to the treatment of itself limitation mode
Really;
The risk management submodule, terminal risk management is carried out for the terminal risk management mode according to itself, obtains end
End risk management result;
Described first updates submodule, for updating terminal authentication result according to off line authentication result;
Described second updates submodule, for updating terminal authentication result according to treatment limitation result;
Described 3rd updates submodule, for according to holder's the result, updating terminal authentication result;
Described 4th updates submodule, for according to terminal risk management result, updating terminal authentication result.
41. Bluetooth intelligent cards according to claim 40, it is characterised in that second update module, specifically include:The
Five update at least one of submodule, the 6th renewal submodule, the 7th renewal submodule, the 8th renewal submodule;
Described 5th updates submodule, for after the risk judgment module is judged as YES, the off line authentication sub module to be obtained
To before off line authentication result, the off line authentication mode is updated to more secure level;
Described 6th updates submodule, for after the risk judgment module is judged as YES, the treatment limitation submodule to be obtained
To before treatment limitation result, the treatment limitation mode is updated to more secure level;
Described 7th updates submodule, for after the risk judgment module is judged as YES, the holder to verify submodule
Before obtaining holder's the result, holder's authentication mode is updated to more secure level;
Described 8th updates submodule, for after the risk judgment module is judged as YES, the risk management submodule to be obtained
To before terminal risk management result, the terminal risk management mode is updated to more secure level.
42. Bluetooth intelligent cards according to claim 40, it is characterised in that also include:Transaction Information judge module, first
Display module, first detection module and the module that reports an error;
The Transaction Information judge module, for after the reading application record sub module reads application record, according to the friendship
Transaction Information easily in instruction judges whether to show the dealing money in the Transaction Information;If so, then trigger the off line recognizing
Card submodule;
First display module, for after the Transaction Information judge module is judged as YES, showing the dealing money;When
The first detection module does not detect user's confirmation in the first Preset Time, shows error message;When the friendship
Easy Authorization result is refused for transaction, display refusal Transaction Information;
The module that reports an error, for after first display module shows error message, mistake being returned to the mobile terminal
Information;
The first detection module, for after first display module shows the dealing money, in the first Preset Time
Interior detection user's confirmation;If after user's confirmation is detected in the first Preset Time, triggering off line certification
Module.
43. Bluetooth intelligent cards according to claim 40, it is characterised in that the holder verifies submodule, specific to use
It is defeated according to including if getting the online PIN of user input in the second Preset Time in the prompting online PIN of user input
The holder's authentication mode for entering online PIN verifies to holder, obtains holder's the result;If in the second Preset Time
The online PIN of user input is not got inside, then holder's the result is holder's authentication failed;
The also online PIN including user input in the transaction message.
44. Bluetooth intelligent cards according to claim 40, it is characterised in that also include:Initialization module;
The initialization module, for when described first update submodule according to off line authentication result update terminal authentication result it
Before, it is the first numerical value by the data initialization on all bits of the terminal authentication result;
Described first updates submodule, if being authentification failure specifically for the off line authentication result, by terminal authentication result
Off line certification risk bit on data be updated to second value, the terminal authentication result after being updated;
Described 3rd updates submodule, if being holder's authentication failed specifically for holder's the result, by terminal authentication
The data on holder's checking risk bit in result are updated to second value, the terminal authentication result after being updated;
Described 4th updates submodule, specifically for detecting whether the dealing money in the trading instruction exceedes trading limit,
If so, the data on the risk management risk bit in terminal authentication result then are updated into second value.
45. Bluetooth intelligent cards according to claim 40, it is characterised in that described first updates submodule, specifically for
If the off line authentication result is authentification failure, the data on the off line certification risk bit in terminal authentication result are updated
It is second value, the terminal authentication result after being updated;If the off line authentication result is certification success, terminal is tested
The data on off line certification risk bit in card result are updated to the first numerical value, the terminal authentication knot after being updated
Really;
Described 3rd updates submodule, if being holder's authentication failed specifically for holder's the result, by terminal authentication
The data on holder's checking risk bit in result are updated to second value, the terminal authentication result after being updated;
If holder's the result is proved to be successful for holder, by the holder's checking risk bit in terminal authentication result
Data are updated to the first numerical value, the terminal authentication result after being updated;
Described 4th updates submodule, specifically for detecting whether the dealing money in the trading instruction exceedes trading limit,
If so, the data on the risk management risk bit in terminal authentication result then are updated into second value;Otherwise, by terminal
The data on risk management risk bit in the result are updated to the first numerical value.
46. Bluetooth intelligent card according to claim 44 or 45, it is characterised in that if the risk judgment module is judged as
The second update module is triggered after being and first update module updates triggering behavioural analysis module after terminal authentication result;Then institute
It is second value to state the data on the bit corresponding with the off line certification risk bit in terminal behavior code;It is described
The data on bit corresponding with holder checking risk bit in terminal behavior code are second value;It is described
The data on bit corresponding with the risk management risk bit in terminal behavior code are second value.
47. Bluetooth intelligent card according to claim 44 or 45, it is characterised in that the 3rd update module, it is specific to use
In after the risk judgment module is judged as YES, before the behavioural analysis module obtains behavioural analysis result, by the end
End behavior code in the off line certification risk bit on, holder checking risk bit on and risk management risk
During data on bit are for the corresponding bit of bit of second value, the data at least one bit are updated to
Second value;After the risk judgment module is judged as NO, the transaction preparation module is triggered.
48. Bluetooth intelligent card according to claim 44 or 45, it is characterised in that the 3rd update module, it is specific to use
In after the risk judgment module is judged as YES, before the behavioural analysis module obtains behavioural analysis result, by the end
In the behavior code of end risk bit and risk management risk bit are verified with the off line certification risk bit, holder
Data on the corresponding bit in position are updated to second value;After the risk judgment module is judged as NO, the friendship is triggered
Easy preparation module.
49. Bluetooth intelligent card according to claim 44 or 45, it is characterised in that the off line certification risk bit bag
Include:7th bit of the first character section of the terminal authentication result, the 4th bit and the 3rd bit;
Holder's the result risk bit includes:3rd the 8th bit of byte of the terminal authentication result
Position;
The risk management risk bit includes:4th the 8th bit of byte of the terminal authentication result.
50. Bluetooth intelligent cards according to claim 41, it is characterised in that the 5th renewal submodule specifically includes the
One updating block;
First updating block, for after the risk judgment module is judged as YES, the off line authentication sub module to be obtained
Before off line authentication result, the off line parameters for authentication according to itself is by off line authentication mode by the relatively low off line certification of level of security
Mode is updated to level of security off line authentication mode higher.
51. Bluetooth intelligent cards according to claim 50, it is characterised in that first updating block, specifically for working as
After the risk judgment module is judged as YES, before the off line authentication sub module obtains off line authentication result, will be with safe level
The parameter value of the corresponding off line parameters for authentication of off line authentication mode of Bie Genggao is updated to second value by the first numerical value.
52. Bluetooth intelligent cards according to claim 41, it is characterised in that the holder verifies submodule, specific to use
If judging in the absence of transaction risk according to the trading instruction in the risk judgment module, application note will be read according to described
Record submodule read application record in the authentication list of holder first as the authentication list of holder second of itself simultaneously
Preserve, the holder's authentication mode of itself is obtained according to the authentication list of holder second, the holder's authentication mode according to itself
Holder is verified;If the risk judgment module judges there is transaction risk according to the trading instruction, basis
The authentication list of the holder second obtains the holder's authentication mode of itself, and the holder's authentication mode according to itself is to holding
People is verified.
53. Bluetooth intelligent cards according to claim 52, it is characterised in that the 7th renewal submodule specifically includes the
Two updating blocks;
Second updating block, for after the risk judgment module is judged as YES, holder's checking submodule to be obtained
Before taking holder's the result, the authentication list of holder second is updated, the holder's authentication mode of itself is updated to more pacify
Full rank.
54. Bluetooth intelligent cards according to claim 53, it is characterised in that second updating block, specifically for working as
After the risk judgment module is judged as YES, before holder's checking submodule obtains holder's the result, will be described
Holder's authentication mode mark in holder's authentication codes in the authentication list of holder second is updated to more secure level, will
Holder's authentication mode is updated to more secure level.
55. Bluetooth intelligent cards according to claim 41, it is characterised in that the risk management submodule, specifically for
Trading limit according to itself carries out terminal risk management, obtains terminal risk management result, is updated according to risk management result
The terminal authentication result;
Described 8th updates submodule, specifically for reducing the trading limit.
56. Bluetooth intelligent cards according to claim 30, it is characterised in that the Bluetooth intelligent card include IC chip and
MPOS chips;
The link block, specifically for setting up bluetooth connection by the MPOS chips and mobile terminal;
First receiver module, specifically for after the link block sets up bluetooth connection with the mobile terminal, passing through
The MPOS chips receive the trading instruction from the mobile terminal by Bluetooth channels;
The transaction preparation module, specifically for sending transaction preparation instruction to the IC chip by the MPOS chips, connects
Receive the transaction from the IC chip and prepare response;By stating MPOS chips according to first receiver module is received
The transaction stand-by mode of trading instruction and the MPOS chips is traded preparation and obtains transaction preparation result;
First update module, specifically for accurate according to the transaction that the transaction preparation module is obtained by the MPOS chips
Standby result updates terminal authentication result;
The behavioural analysis module, specifically for by the MPOS chips according to the terminal authentication result after renewal and itself
Terminal behavior code carries out behavioural analysis and obtains behavioural analysis result;
The setting Authorization result module, if please to authorize specifically for the behavioural analysis result that the behavioural analysis module is obtained
Ciphertext is sought, then it is online process to set Trading Authorization result by the MPOS chips;If what the behavioural analysis module was obtained
Behavioural analysis result is application authorization ciphertext, then Trading Authorization result is set into transaction refusal by the MPOS chips;
First sending module, specifically for when the setting Authorization result module by the MPOS chips by the transaction
After Authorization result is set to online process, being sent to the mobile terminal by Bluetooth channels by the MPOS chips includes institute
State the transaction message of the Transaction Information in Trading Authorization result and the trading instruction;
Second receiver module, the movement is come from specifically for being received by the Bluetooth channels by the MPOS chips
The transaction response of terminal;
The trades record module, specifically for generating transaction record according to the transaction response by the MPOS chips;
Second sending module, specifically for sending institute to the mobile terminal by Bluetooth channels by the MPOS chips
State transaction record;
The risk judgment module, specifically for the transaction received according to first receiver module by the MPOS chips
Instruction judges whether transaction risk;After the risk judgment module is judged as NO, the transaction preparation module is triggered;
Second update module, specifically for after the risk judgment module is judged as YES, the transaction preparation module is obtained
Before preparing result to transaction, the transaction stand-by mode is updated to by more secure level by the MPOS chips;
3rd update module, specifically for after the risk judgment module is judged as YES, the behavioural analysis module is obtained
To before behavioural analysis result, the terminal behavior code of itself is updated by the MPOS chips.
57. Bluetooth intelligent cards according to claim 56, it is characterised in that the behavioural analysis module is specifically included:Eventually
End behavioural analysis submodule and card behavioural analysis submodule;The card behavioural analysis submodule is specifically included:First sends
Unit, the first analytic unit, the second transmitting element and the first result unit;
The terminal behavior analyzes submodule, specifically for by the MPOS chips by the terminal authentication result and the end
Data in the behavior code of end on corresponding bit carry out computing, obtain operation result, are set according to the operation result
Terminal behavior analysis result;
First transmitting element, should for terminal behavior analysis result to be sent into request to IC chip by the MPOS chips
Instructed with ciphertext;
First analytic unit, for carrying out card behavioural analysis by the IC chip, obtains card behavior analysis result;
Second transmitting element, for sending card behavioural analysis result to the MPOS chips by the IC chip;
First result unit, for by the MPOS chips using card behavior analysis result as behavioural analysis result.
58. Bluetooth intelligent cards according to claim 57, it is characterised in that the transaction stand-by mode includes:Off line is recognized
Card mode, treatment limitation mode, holder's authentication mode and terminal risk management mode:
The transaction preparation module is specifically included:Selection application submodule, initialization application submodule, reading application record submodule
Block, off line authentication sub module, treatment limitation submodule, holder checking submodule and risk management submodule;
First update module is specifically included:First updates submodule, second updates submodule, the 3rd updates submodule and the
Four update submodule;
The selection is specifically included using submodule:3rd transmitting element, selection applying unit and the 4th transmitting element;It is described first
Beginning beggar's module is specifically included:5th transmitting element, initialization applying unit and the 6th transmitting element;It is described to read application record
Module is specifically included:Recording unit and the 8th transmitting element are applied in 7th transmitting element, reading;Off line authentication sub module is specifically wrapped
Include:9th transmitting element, the tenth transmitting element and off line authentication unit;The treatment limitation submodule is specifically included:Treatment limit
Unit processed;Holder's checking submodule is specifically included:Holder's authentication unit;The risk management submodule is specifically wrapped
Include:Risk management unit;
The first renewal submodule is specifically included:3rd updating block;The second renewal submodule is specifically included:4th more
New unit;The 3rd renewal submodule is specifically included:5th updating block;Institute the 4th updates submodule and specifically includes:6th
Updating block;
3rd transmitting element, for sending selection application instruction to the IC chip by the MPOS chips;
The selection applying unit, for being applied according to selection application instruction selection by the IC chip;
4th transmitting element, for sending selection application success response to MPOS chips by the IC chip;
5th transmitting element, initialization directive is applied for being sent to IC chip by the MPOS chips;
The initialization applying unit, for initializing the application for having selected by the IC chip;
6th transmitting element, for returning to application initialization successful respond to the MPOS chips by the IC chip;
7th transmitting element, for sending reading application recording instruction to IC chip by the MPOS chips;
Recording unit is applied in the reading, for reading application record by the IC chip;
8th transmitting element, for returning to read record successful respond to the MPOS chips by the IC chip;
9th transmitting element, instructs for sending off line certification to the IC chip by the MPOS chips;
Tenth transmitting element, for receiving the off line certification response from the IC chip by the MPOS chips;
The off line authentication unit, the off line certification response for being received according to the MPOS chips obtains off line certification
As a result;
The treatment limiting unit, treatment limit is obtained for carrying out treatment limitation according to the treatment of MPOS chips limitation mode
Result processed;
Holder's authentication unit, the read record successful respond for being received according to the MPOS chips obtains the MPOS
Holder's authentication mode of chip;Holder's authentication mode according to the MPOS chips verifies that acquisition is held to holder
Card people's the result;
The risk management unit, terminal risk management is carried out for the terminal risk management mode according to the MPOS chips,
Obtain terminal risk management result;
3rd updating block, for updating terminal authentication result according to off line authentication result;
4th updating block, for updating terminal authentication result according to treatment limitation result;
5th updating block, for according to holder's the result, updating terminal authentication result;
6th updating block, for according to terminal risk management result, updating terminal authentication result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710039560.1A CN106845995B (en) | 2017-01-19 | 2017-01-19 | A kind of Bluetooth intelligent card and its method for controlling transaction risk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710039560.1A CN106845995B (en) | 2017-01-19 | 2017-01-19 | A kind of Bluetooth intelligent card and its method for controlling transaction risk |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106845995A true CN106845995A (en) | 2017-06-13 |
| CN106845995B CN106845995B (en) | 2018-05-04 |
Family
ID=59124992
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710039560.1A Active CN106845995B (en) | 2017-01-19 | 2017-01-19 | A kind of Bluetooth intelligent card and its method for controlling transaction risk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106845995B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107563765A (en) * | 2017-09-06 | 2018-01-09 | 飞天诚信科技股份有限公司 | It is a kind of to support to force method of commerce and terminal online and that force approval |
| CN108053012A (en) * | 2017-12-28 | 2018-05-18 | 飞天诚信科技股份有限公司 | A kind of Bluetooth intelligent card and its method for controlling transaction risk |
| CN108449186A (en) * | 2018-06-11 | 2018-08-24 | 北京京东金融科技控股有限公司 | Safe verification method and device |
| CN109658105A (en) * | 2018-12-27 | 2019-04-19 | 飞天诚信科技股份有限公司 | A kind of method and card of configurable record log |
| WO2020025056A1 (en) * | 2018-08-03 | 2020-02-06 | 京东数字科技控股有限公司 | Method, device, system, and mobile terminal for security authorization |
| US11989724B2 (en) | 2018-10-02 | 2024-05-21 | Capital One Services Llc | Systems and methods for cryptographic authentication of contactless cards using risk factors |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2657319Y (en) * | 2003-11-27 | 2004-11-17 | 上海维华信息技术有限公司 | Hand-held mobile communication terminal equipment |
| CN201004634Y (en) * | 2006-06-19 | 2008-01-09 | 张利华 | Intelligent card and application system based on Bluetooth technology |
| CN101917216A (en) * | 2010-08-25 | 2010-12-15 | 罗正棣 | System and method for realizing safe mobile application by adopting Bluetooth intelligent card |
| CN102105894A (en) * | 2008-05-23 | 2011-06-22 | 斯迈达Ip有限公司 | Chip card having a plurality of components |
| CN102521186A (en) * | 2011-11-22 | 2012-06-27 | 飞天诚信科技股份有限公司 | USB (Universal Serial Bus) key and method for communicating with terminal thereof |
| US20120330839A1 (en) * | 2001-06-27 | 2012-12-27 | Orbiscom Limited | Transaction processing |
| CN103368743A (en) * | 2013-07-08 | 2013-10-23 | 深圳市文鼎创数据科技有限公司 | Multifunctional intelligent card and identity authentication method and operation method of multifunctional intelligent card |
| CN103577867A (en) * | 2013-11-13 | 2014-02-12 | 上海众人网络安全技术有限公司 | Financial IC visible card provided with Bluetooth device |
| CN204360404U (en) * | 2014-12-30 | 2015-05-27 | 北京握奇智能科技有限公司 | Circuit board, the smart card made containing fabrication assembly and the fabrication assembly of circuit board |
| CN106339874A (en) * | 2016-08-11 | 2017-01-18 | 飞天诚信科技股份有限公司 | Online transaction method, visual financial IC card, client and server |
-
2017
- 2017-01-19 CN CN201710039560.1A patent/CN106845995B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120330839A1 (en) * | 2001-06-27 | 2012-12-27 | Orbiscom Limited | Transaction processing |
| CN2657319Y (en) * | 2003-11-27 | 2004-11-17 | 上海维华信息技术有限公司 | Hand-held mobile communication terminal equipment |
| CN201004634Y (en) * | 2006-06-19 | 2008-01-09 | 张利华 | Intelligent card and application system based on Bluetooth technology |
| CN102105894A (en) * | 2008-05-23 | 2011-06-22 | 斯迈达Ip有限公司 | Chip card having a plurality of components |
| CN101917216A (en) * | 2010-08-25 | 2010-12-15 | 罗正棣 | System and method for realizing safe mobile application by adopting Bluetooth intelligent card |
| CN102521186A (en) * | 2011-11-22 | 2012-06-27 | 飞天诚信科技股份有限公司 | USB (Universal Serial Bus) key and method for communicating with terminal thereof |
| CN103368743A (en) * | 2013-07-08 | 2013-10-23 | 深圳市文鼎创数据科技有限公司 | Multifunctional intelligent card and identity authentication method and operation method of multifunctional intelligent card |
| CN103577867A (en) * | 2013-11-13 | 2014-02-12 | 上海众人网络安全技术有限公司 | Financial IC visible card provided with Bluetooth device |
| CN204360404U (en) * | 2014-12-30 | 2015-05-27 | 北京握奇智能科技有限公司 | Circuit board, the smart card made containing fabrication assembly and the fabrication assembly of circuit board |
| CN106339874A (en) * | 2016-08-11 | 2017-01-18 | 飞天诚信科技股份有限公司 | Online transaction method, visual financial IC card, client and server |
Non-Patent Citations (3)
| Title |
|---|
| 何秉姣 等: "基于VPN实现蓝牙PAN的安全存取", 《武汉大学学报(工学版)》 * |
| 冯志兴 等: "金融IC卡认证体系及其安全性分析金融IC卡认证体系及其安全性分析", 《信息安全与通信保密》 * |
| 张炜: "基于智能IC卡技术的蓝牙安全令牌的研究与实现", 《中国学位论文全文数据库》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107563765A (en) * | 2017-09-06 | 2018-01-09 | 飞天诚信科技股份有限公司 | It is a kind of to support to force method of commerce and terminal online and that force approval |
| CN108053012A (en) * | 2017-12-28 | 2018-05-18 | 飞天诚信科技股份有限公司 | A kind of Bluetooth intelligent card and its method for controlling transaction risk |
| CN108053012B (en) * | 2017-12-28 | 2018-10-30 | 飞天诚信科技股份有限公司 | A kind of Bluetooth intelligent card and its method for controlling transaction risk |
| CN108449186A (en) * | 2018-06-11 | 2018-08-24 | 北京京东金融科技控股有限公司 | Safe verification method and device |
| WO2020025056A1 (en) * | 2018-08-03 | 2020-02-06 | 京东数字科技控股有限公司 | Method, device, system, and mobile terminal for security authorization |
| US11989724B2 (en) | 2018-10-02 | 2024-05-21 | Capital One Services Llc | Systems and methods for cryptographic authentication of contactless cards using risk factors |
| CN109658105A (en) * | 2018-12-27 | 2019-04-19 | 飞天诚信科技股份有限公司 | A kind of method and card of configurable record log |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106845995B (en) | 2018-05-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106845995B (en) | A kind of Bluetooth intelligent card and its method for controlling transaction risk | |
| CN104767613B (en) | Signature verification method, apparatus and system | |
| CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
| CN104464117B (en) | Based on dynamic two-dimension code ATM (automatic teller machine) withdrawal method and system | |
| CN104933565B (en) | A kind of IC card transaction method and system | |
| CN108009825A (en) | A kind of identity management system and method based on block chain technology | |
| CN103297243B (en) | A kind of method of work of multifunction intelligent key equipment | |
| CN105933266A (en) | Verification method and server | |
| CN105898418A (en) | Intelligent terminal, remote controller, and intelligent terminal payment method | |
| CN105897721A (en) | Method and device for verifying reliability of identity of financial card user | |
| CN102254289A (en) | Fast credit card approving method | |
| CN106529925A (en) | Bluetooth visual card and method of realizing electronic cash transactions | |
| CN105283890A (en) | Method and system for activating credentials | |
| US20230222484A1 (en) | Method for binding card, terminal device, authentication server and storage medium | |
| CN109409874A (en) | Method of payment, offline terminal and online terminal based on block chain | |
| CN105550928A (en) | System and method of network remote account opening for commercial bank | |
| CN106779698A (en) | A kind of distribution for paying mark and its safe payment method, system and device | |
| CN109067544A (en) | A kind of private key verification method, the apparatus and system of soft or hard combination | |
| CN107563764A (en) | A kind of method of network payment and system | |
| CN110351672A (en) | Information-pushing method, device and electronic equipment | |
| CN108337211A (en) | Method, apparatus, electronic equipment and the readable storage medium storing program for executing of Information Authentication | |
| CN105320873B (en) | A kind of unlocking method of terminal applies, device, terminal and SIM card | |
| CN105741116A (en) | Fast payment method, apparatus and system | |
| CN106603239B (en) | A kind of main account inquiry into balance method and bluetooth visible card based on bluetooth visible card | |
| CN105591746B (en) | A kind of processing method and processing system of online binding accepting terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| OL01 | Intention to license declared | ||
| OL01 | Intention to license declared |