Disclosure of Invention
Aiming at the requirements on the convenience and the safety of mobile payment at present, the embodiment of the invention provides a method and a system for realizing mobile payment safety protection, so as to improve the safety performance and the user experience of mobile payment.
In order to solve the technical problem, the embodiment of the invention adopts the following technical scheme:
in a first aspect, an embodiment of the present invention provides a method for implementing security protection of mobile payment, including:
receiving and sending a to-be-verified working password input by a user to a server for verification;
receiving a verification result of the server; if the to-be-verified working password passes verification, calculating a first intermediate password by using a key derivation function and the to-be-verified working password, and decrypting a first encrypted private key stored in the client through the first intermediate password to obtain a private key; and carrying out mobile payment containing the private key.
With reference to the first aspect, as a first implementable solution, the method further includes an initialization operation:
calculating a first encryption private key according to the received work password and the private key; generating a standby password and a random number according to the working password and the private key;
calculating a second encryption private key according to the standby password and the private key; calculating an initial verification password according to the random number;
storing the first encryption private key and the second encryption private key in a client; storing the spare password, the random number and the initial check password in a server.
With reference to the first implementable aspect of the first aspect, as a second implementable aspect, the calculating a first encryption private key specifically includes:
calculating a first intermediate password using a key derivation function and the working password; calculating a first encrypted private key using a symmetric encryption function, the first intermediate password, and the private key;
the calculating the second encryption private key specifically includes:
calculating a second intermediate password using a key derivation function and the spare password; calculating a second encrypted private key using a symmetric encryption function, the second intermediate password, and the private key;
the calculating of the initial verification password specifically includes:
and calculating an initial verification password by using a Hash message authentication code function, the random number and the first intermediate password.
With reference to the first implementable aspect of the first aspect, as a third implementable aspect, the process of the server performing the verification is:
calculating a check password by utilizing a hash message authentication code function, the random number and the working password to be verified; comparing the verification password with the initial verification password, and if the verification password is equal to the initial verification password, passing the verification; if not, the verification fails.
With reference to the first implementable aspect of the first aspect, as a fourth implementable aspect, the method further comprises:
after the user identity is verified, the standby password is called from the server;
calculating a second intermediate password according to the spare password and a key derivation function;
decrypting a second encrypted private key through the second intermediate password to obtain a private key;
carrying out initialization operation again according to the private key and the new working password to generate a new first encryption private key, a new second encryption private key, a new standby password, a new random number and a new initial verification password; storing the new first encryption private key and the new second encryption private key to the client; and storing the new standby password, the new random number and the new initial verification password in a server.
In a second aspect, the embodiment further provides a system for implementing mobile payment security protection, including:
a sending module: the system comprises a server, a password generation module and a password verification module, wherein the server is used for receiving and sending a work password to be verified input by a user to the server for verification;
a decryption module: the server is used for receiving a verification result of the server, if the work password to be verified passes the verification, a first intermediate password is calculated by using a key derivation function and the work password to be verified, and a first encrypted private key stored in the client is decrypted through the first intermediate password to obtain a private key;
a payment module: for making a mobile payment containing the private key.
With reference to the second aspect, as a first implementable solution, the system further includes an initialization operation module, where the initialization operation module includes:
a first calculation submodule: the first encryption private key is calculated according to the received working password and the private key;
generating a submodule: the device is used for generating a standby password and a random number according to the working password and the private key;
a second calculation submodule: the device is used for calculating a second encryption private key according to the spare password and the private key;
a third computation submodule: the device is used for calculating an initial verification password according to the random number;
a first storage submodule: the first encryption private key and the second encryption private key are stored in a client;
a second storage submodule: for storing the spare password, the random number and the initial check password in a server.
With reference to the first implementable aspect of the second aspect, as a second implementable aspect, the first computation submodule is specifically configured to compute a first intermediate cryptogram using a key derivation function and the working cryptogram; calculating a first encrypted private key using a symmetric encryption function, the first intermediate password, and the private key;
the second calculation submodule is specifically configured to calculate a second intermediate password by using a key derivation function and the spare password; calculating a second encrypted private key using a symmetric encryption function, the second intermediate password, and the private key;
the third computation submodule is specifically configured to compute an initial verification password by using a hash message authentication code function, the random number, and the first intermediate password.
With reference to the first implementable aspect of the second aspect, as a third implementable aspect, the system further includes a verification module: the system comprises a random number generating unit, a working password generating unit and a verification password generating unit, wherein the random number generating unit is used for generating a working password to be verified; comparing the verification password with the initial verification password, and if the verification password is equal to the initial verification password, passing the verification; if not, the verification fails.
With reference to the first implementable aspect of the second aspect, as a fourth implementable aspect, the system further includes a password resetting module configured to reset the working password; the password reset module includes:
calling a submodule: the standby password is called from the server after the user identity is verified;
a calculation submodule: for calculating a second intermediate password from the spare password and a key derivation function;
a decryption submodule: the second intermediate password is used for decrypting a second encrypted private key to obtain a private key;
an initialization operation sub-module: the system comprises a first encryption private key, a second encryption private key, a standby password, a random number and an initial verification password, wherein the first encryption private key is used for encrypting a first working password; storing the new first encryption private key and the new second encryption private key to the client; and storing the new standby password, the new random number and the new initial verification password in a server.
The method and the system for realizing the mobile payment security protection can meet the security requirement of mobile payment by adopting local private key 'salting' encryption on the basis of ensuring the payment convenience. The implementation method of the embodiment of the invention receives and sends the working password to be verified, which is input by a user, to a server for verification; and if the to-be-verified working password passes the verification, calculating a first intermediate password by using a key derivation function and the to-be-verified working password, and decrypting a first encrypted private key stored in the client by using the first intermediate password to obtain a private key. The first encryption private key is stored in the client. And decrypting the first encrypted private key by using the first intermediate password to obtain a private key. The decryption process is also performed in the client. This improves the security of mobile payments.
Detailed Description
The technical solution of the embodiment of the present invention will be described in detail below with reference to the accompanying drawings.
In order to make the technical solutions of the present invention better understood, the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments. Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention. As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or coupled. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items. It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The method of the embodiment of the invention can be implemented in a system as shown in fig. 1. The system comprises a client and a server. The client is a mobile intelligent device such as a mobile phone. And the user inputs a work password to be verified to the client. And the server verifies the work password to be verified and sends a verification result to the client. And if the working password to be verified passes the verification, the client decrypts the first encrypted private key stored in the client to obtain the private key. The server may be a single machine or a cluster of multiple machines.
The method for implementing mobile payment security protection of the embodiment of the invention, as shown in fig. 2, includes:
s10, receiving and sending the working password to be verified input by the user to the server for verification;
s20, receiving the verification result of the server; if the work password to be verified passes the verification, a first intermediate password K1 is calculated by using a key derivation function KDF and the work password to be verified, where K1 is KDF (P1), and the first intermediate password K1 is used to decrypt a first encrypted private key EK1 stored in the client, so as to obtain a private key pvk; a mobile payment is made containing the private key pvk.
In the above steps, the first encryption private key EK1 is stored in the client, and the process of decrypting the first encryption private key EK1 is also performed in the client. The client is typically hosted by the user. Therefore, the first encryption private key EK1 is stored in the client, which is beneficial to improve the security performance of mobile payment. The work of verifying the work password to be verified can be performed in the server. And the server feeds back the verification result to the client. As shown in fig. 3, when the working password to be verified is not verified, an error message is fed back to the client.
As a preferred example, as shown in fig. 4, the method further includes an initialization operation:
calculating a first encrypted private key EK1 from the received work password P1 and private key pvk; generating a spare password P2 and a random number SK according to the working password P1 and the private key pvk;
calculating a second encrypted private key EK2 according to the spare password P2 and the private key pvk; calculating an initial check code VK according to the random number SK;
storing the first encryption private key EK1 and the second encryption private key EK2 in a client; storing the spare password P2, the random number SK and the initial check password VK in a server.
Through the above initialization operation, the first encryption private key EK1 and the second encryption private key EK2 are set in the client. The first encryption private key EK1 and the second encryption private key EK2 correspond to the same private key. As shown in fig. 5, the working password and the spare password of the user are firstly passed through a password derivation function to obtain two encryption keys, and at the same time, a random number is used to hash the working password to obtain an initial check code of the working password, and then the two encryption keys are respectively encrypted with the private key to be protected, and the two encrypted private keys are stored in the client, and the spare password, the random number and the initial check code are stored in the service system to complete the initialization work.
In the method of the embodiment, the private key can be encrypted and stored by using the working password in the client, so that the security of the private key is ensured. The work password may be a payment password of the payment system. The working password is stored neither in the client nor in the server. The working password is memorized by the user. The private key cannot be decrypted without knowing the working password, and business operations such as normal signature cannot be carried out. After the private key is encrypted by the working password and the standby password, the generated first encrypted private key and the second encrypted private key are stored in the client side and are not stored in the server side, so that the independence of the private key owned by the user is ensured. The server does not store the signature private key of the user, ensures the non-repudiation and the anti-repudiation of a public key system, and ensures the legal and legal regulation effectiveness of the user for signing by using the private key.
As a preferred example, the calculating the first encryption private key specifically includes:
calculating a first intermediate cryptogram K1, K1 KDF (P1) using a key derivation function KDF and the working cryptogram P1; using a symmetric encryption function f, the first intermediate secret K1 and the private key pvk, a first encrypted private key EK1, EK1 ═ f (K1, pvk) is calculated.
As a preferred example, the calculating the second encryption private key specifically includes:
calculating a second intermediate cryptogram K2, K2 KDF (P2) using a key derivation function KDF and the spare cryptogram P2; a second encrypted private key EK2, EK2 ═ f (K2, pvk) is calculated using a symmetric encryption function f, the second intermediate secret K2 and the private key pvk.
As a preferred example, the calculating of the initial verification password specifically includes:
an initial check code VK, VK ═ HMAC (SK, K1) is calculated using a hashed message authentication code function HMAC, the nonce SK and the first intermediate code K1.
The initialization procedure described above implements encryption. Meanwhile, the encrypted first encryption private key and the second encryption private key are stored in the client side instead of the server, so that the safety performance is improved.
In the foregoing embodiment, in step S10, the process of verifying the to-be-verified work password by the server specifically includes, as shown in fig. 6: sending the received working password PX to be verified to a server, and calculating a check password VKX by using a Hash message authentication code function HMAC, the random number SK and the working password PX to be verified, wherein the VKX is HMAC (SK, PX); comparing the check code VKX with the initial check code VK, and if the check codes are equal, the verification is passed; if not, the verification fails. And when the verification fails, the server feeds back an error prompt to the client. The authentication work is performed in the server. The server stores a standby password, a random number and an initial verification password. After the user inputs the work password to be verified through the mobile client, the mobile terminal sends the work password to be verified to the server for verification.
And if the working password to be verified passes the verification, performing payment at the client. More specifically, the client calculates a first intermediate password by using a key derivation function and the to-be-verified working password; decrypting a first encrypted private key stored in the client through a first intermediate password to obtain a private key; and finally, carrying out mobile payment containing the private key.
In order to improve the security performance, the working password is often required to be changed during the process of using the mobile payment by the user. For this reason, the implementation method of this embodiment, as shown in fig. 7, further includes:
after the user identity is verified, the standby password P2 is called from the server to the client;
calculating a second intermediate cryptogram K2, K2 KDF (P2) from the spare cryptogram P2 and a key derivation function KDF;
decrypting a second encrypted private key EK2 with the second intermediate password K2 to obtain a private key pvk;
according to the private key pvk and the new working password, initializing again to generate a new first encryption private key, a new second encryption private key, a new standby password, a new random number and a new initial verification password; storing the new first encryption private key and the new second encryption private key to the client; and storing the new standby password, the new random number and the new initial verification password in a server.
When the working password is changed, the first encryption private key, the second encryption private key, the standby password, the random number and the initial verification password need to be changed based on the working password. Before changing, the user identity needs to be verified first. The method for verifying the user identity can utilize SMS (short message service) to verify the user identity, or can verify the user identity in a video online mode and the like. This is prior art. And after the verification is correct, the standby password is called from the server to the client. The client calculates a second intermediate password according to the standby password and the key derivation function; and decrypting the second encrypted private key stored on the client through the second intermediate password to obtain the private key. The private key remains unchanged regardless of whether the working password is changed. In the client, according to the private key and the new working password, the initialization operation is carried out again to generate a new first encryption private key, a new second encryption private key, a new standby password, a new random number and a new initial verification password, the new first encryption private key and the new second encryption private key are stored in the client, and the new standby password, the new random number and the new initial verification password are stored in the server.
Under normal conditions, the user can directly decrypt the private key through the working password and perform related operations such as signature of the private key and the like. When the user changes the working password, the generated check code and the initial check code stored in the server are compared and judged, the standby password of the user is retrieved through other modes such as SMS, the initialization operation is completed again through the standby password and the working password changed by the user, and therefore new normal work is performed.
The method of the embodiment fully utilizes the existing password of the payment user of the conventional payment system, protects the local private key of the user, and simultaneously supports the good operation when the existing password of the user is changed.
In the method of the above embodiment, KDF denotes a key derivation function, and KDF (X) performs several hash encryptions on X to form an encrypted key, usually in a salt adding manner. F represents a packet symmetric encryption function, and F (K, pvk) represents the use of K to encrypt the private key pvk. HMAC represents a hashed message authentication code function, HMAC (SK, P) represents the message authentication code of P, and SK represents the authentication key.
As shown in fig. 8, an embodiment of the present invention further provides a system for implementing mobile payment security protection, including:
a sending module: the system comprises a server, a password generation module and a password verification module, wherein the server is used for receiving and sending a work password to be verified input by a user to the server for verification;
a decryption module: the server is used for receiving a verification result of the server, if the work password to be verified passes the verification, a first intermediate password is calculated by using a key derivation function and the work password to be verified, and a first encrypted private key stored in the client is decrypted through the first intermediate password to obtain a private key;
a payment module: for making a mobile payment containing the private key.
In the above system, the first encryption private key is stored in the client. The process of decrypting the first encrypted private key by the decryption module is also carried out in the client. The client is typically hosted by the user. Therefore, the first encryption private key is stored in the client, and the security performance of mobile payment is improved.
As a preferred example, the system further includes an initialization operation module, where the initialization operation module includes:
a first calculation submodule: the first encryption private key is calculated according to the received working password and the private key;
generating a submodule: the device is used for generating a standby password and a random number according to the working password and the private key;
a second calculation submodule: the device is used for calculating a second encryption private key according to the spare password and the private key;
a third computation submodule: the device is used for calculating an initial verification password according to the random number;
a first storage submodule: the first encryption private key and the second encryption private key are stored in a client;
a second storage submodule: for storing the spare password, the random number and the initial check password in a server.
The initialization operation module completes the encryption of the private key. Calculating a first encryption private key through a first calculation submodule; and the second computing submodule computes a second encrypted private key and stores the first encrypted private key and the second encrypted private key in the client through the first storage submodule. And decrypting the first encrypted private key to obtain a private key, so as to carry out mobile payment. And generating a standby password and a random number generated by the submodule, and storing the initial verification password calculated by the third calculation submodule into the server through the second storage submodule. The spare password is used for decrypting the second encryption private key on the client when the working password is reset. The initialization operation module stores the first encryption private key and the second encryption private key in the client, so that the security performance of mobile payment is improved.
Preferably, the first calculation submodule is specifically configured to calculate a first intermediate password by using a key derivation function and the working password; calculating a first encrypted private key using a symmetric encryption function, the first intermediate password, and the private key;
the second calculation submodule is specifically configured to calculate a second intermediate password by using a key derivation function and the spare password; calculating a second encrypted private key using a symmetric encryption function, the second intermediate password, and the private key;
the third computation submodule is specifically configured to compute an initial verification password by using a hash message authentication code function, the random number, and the first intermediate password.
In the above embodiment, the authentication of the working password to be authenticated is performed in the server. The system further comprises a verification module: the system comprises a random number generating unit, a working password generating unit and a verification password generating unit, wherein the random number generating unit is used for generating a working password to be verified; comparing the verification password with the initial verification password, and if the verification password is equal to the initial verification password, passing the verification; if not, the verification fails.
And obtaining a result whether the working password to be verified is consistent with the preset working password or not by comparing the verification password with the initial verification password stored in the server. If the verification password is consistent with the initial verification password, the working password to be verified is a preset working password; if the verification password is not consistent with the initial verification password, the working password to be verified is not the preset working password, and the verification is not passed.
As a preferred example, the system further includes a password resetting module, which is used for resetting the working password. The password reset module includes:
calling a submodule: the standby password is called from the server after the user identity is verified;
a calculation submodule: for calculating a second intermediate password from the spare password and a key derivation function;
a decryption submodule: the second intermediate password is used for decrypting a second encrypted private key to obtain a private key;
an initialization operation sub-module: the system comprises a first encryption private key, a second encryption private key, a standby password, a random number and an initial verification password, wherein the first encryption private key is used for encrypting a first working password; storing the new first encryption private key and the new second encryption private key to the client; and storing the new standby password, the new random number and the new initial verification password in a server.
When the working password is changed, the first encryption private key, the second encryption private key, the standby password, the random number and the initial verification password need to be changed based on the working password. And calling the standby password from the server to the client through the calling submodule. The calculation submodule calculates a second intermediate password based on the spare password and the key derivation function. And the decryption submodule decrypts the second encrypted private key stored on the client through the second intermediate password to obtain the private key. The private key remains unchanged regardless of whether the working password is changed. In the client, the initialization operation submodule performs initialization operation again according to the private key and the new working password to generate a new first encryption private key, a new second encryption private key, a new standby password, a new random number and a new initial verification password.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus embodiment, since it is substantially similar to the method embodiment, it is relatively simple to describe, and reference may be made to some descriptions of the method embodiment for relevant points.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.