CN108830587A - A kind of NFC method of mobile payment based on no certificate signature - Google Patents
A kind of NFC method of mobile payment based on no certificate signature Download PDFInfo
- Publication number
- CN108830587A CN108830587A CN201810402874.8A CN201810402874A CN108830587A CN 108830587 A CN108830587 A CN 108830587A CN 201810402874 A CN201810402874 A CN 201810402874A CN 108830587 A CN108830587 A CN 108830587A
- Authority
- CN
- China
- Prior art keywords
- user
- mpsp
- mobile payment
- key
- service provider
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/327—Short range or proximity payments by means of M-devices
- G06Q20/3278—RFID or NFC payments by means of M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Abstract
The present invention relates to a kind of NFC method of mobile payment based on no certificate signature, joined PIN code factor during no certificate signature, even if the private key of user is leaked, under conditions of not obtaining user's PIN code, invader can not still pass through authentication.In addition, in user's payment process, when user is with merchant transaction, using anonymous virtual trading account, make businessman that can not know the true identity of particular transactions people, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading account, the unlinkability of Transaction Information is also achieved while to realize anonymous deal, improves privacy of user safety.Furthermore after the completion of payment, signature key, session key carry out dynamic update, realize one-time pad, improve the safety of payment system.
Description
Technical field
The present invention relates to the technical field of NFC mobile payment more particularly to a kind of NFC based on no certificate signature are mobile
Method of payment.
Background technique
Existing NFC mobile payment scheme usually uses conventional public-key cryptographic technique to realize that the identity of both parties is recognized
Card, user generate the signature of message using private key, and authenticating party uses CA (Certification Authority) institute certificate
In public key signature is authenticated, thus the legitimacy in confirmation message source, but there is complicated certificate management etc. in the technology
Drawback.For the public key cryptography technology of identity-based, although the problems such as there is no complicated certificate managements, there are key supports
The private key of the problems such as pipe, user are centrally generated (Private Key Generation by trusted third party's private key generation
Center, PKG), therefore there are the risks that dishonest PKG forges user's signature.
It is more and more since AL-Riyami and Paterson in 2003 is put forward for the first time no CertPubKey cryptography concept
Be put forward one after another without CertPubKey cryptographic technique, but will be carried out substantially to arithmetic operation, computation complexity is high, overhead
Greatly.And no CertPubKey cryptographic technique used in the present invention is without carrying out having bigger odds for effectiveness to arithmetic operation.?
Without in CertPubKey cryptographic technique, it is still desirable to trusted third party's key generation centre (Key Generation
Center, KGC) participate in key generation, it gathers around systematic master key (Master Key).The effect of KGC is according to user
Master key and the identity information of user generate the part of key of user, and part of key is sent to user.User selects at random
It selects secret value and part of key combines the complete private key for generating oneself, public key is then combined by secret value, identity and system parameter and given birth to
At, and announce in a reliable fashion.Therefore KGC can not learn the complete private key of user, so as to avoid the trustship of key, simultaneously
The certification of certificate is not needed yet.
It is anonymous method for realizing that privacy of user uses most methods safely in NFC mobile payment, this method was realized
Journey is simple, small to system resources consumption, high-efficient.User traded used in virtual trading account there are two types of generate way
Diameter, one is users to be autonomously generated, and another kind is that mobile payment service provider provides.Generating mode is typically all to take family body
Cryptographic Hash after part both relevant information and random number combination.But the virtual trading account of user is all in most of payment scheme
It remains unchanged for a long period of time, it is difficult to which the Unlinkability for realizing Transaction Information, there are the risks of privacy leakage.
Summary of the invention
It is an object of the invention to overcome the deficiencies of the prior art and provide a kind of contents that can prevent requestor's privacy leakage
The access control method encrypted under central site network.
To achieve the above object, technical solution provided by the present invention is:
Four-stage is completed comprising system initialization, user's registration, user's payment and payment;
In user's payment process, when carrying out authentication, need to use the PIN code of user oneself input, if user
The PIN code of input is wrong, then server fails to the authentication of user, it is believed that user is malicious user, to terminate transaction;
In addition, when user is with merchant transaction, using anonymous virtual trading account, making businessman that can not know tool in user's payment process
The true identity of body negotiator, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading account;
After the completion of payment, signature key, session key carry out dynamic update, realize one-time pad.
Further, the detailed process of the system initialization is:
Mobile payment service provider MPSP inputs security parameter k on the Cloud Server of oneself, and generates two big element
Number p, q, wherein p and q meet q | the relationship of p-1;Then the generation that Q is q as single order any in the cyclic group G on elliptic curve is set
Member selects 3 hash functions: H3:G → { 0,1 } *, and
Randomly select a valueIt as system master key and maintains secrecy, calculates Qg=gQ;Finally disclose system parameter p, q, Q,
Qg,H1,H2,H3}。
Further, specific step is as follows for the user's registration:
A1, user input relevant application for registration information RM on the APP that mobile payment service provider MPSP is provided, packet
Include user name, log in password, phone number, the cryptographic Hash H (PIN) of PIN code, the bank of deposit provide virtual account AIDUAnd
Cryptographic Hash H (the ID of user identity card numberU);
After A2, mobile payment service provider MPSP receive registration information, it is by sending short message to confirm user
No is to operate in person;
After A3, confirmation, mobile payment service provider MPSP sends the void that the bank of deposit provides by safe lane
Quasi- account AIDUWith the cryptographic Hash H (ID of user identity card numberU) to the bank of deposit confirm the legal of application for registration user identity
Property;
After A4, the bank of deposit have confirmed user identity, identity validation receipt is generated, and movement is sent to by safe lane
Payment services provider MPSP;
A5, mobile payment service provider MPSP check the identity validation receipt that bank of deposit Bank is sent, if
Registering user is legitimate user, saves the cryptographic Hash H (ID of user identity card numberU) and the bank of deposit provide virtual account AIDU,
It calculatesAnd choose a random numberGenerate the part public key R of userU=rUQ
With part private key DU=H1(Token,RU)+rU, while generating virtual trading account TAIDU;Then { RU、DU、TAIDUPass through
Safe lane is sent to user, otherwise terminates this registration, and sends registration failure information to user;
After A6, user receive the information that mobile payment service provider MPSP is sent, by calculating RU+H1(Token,RU)
Qg=DUWhether Q at Rob Roy judges D that mobile payment service provider MPSP is sended overUWhether effectively, if result be it is effective,
Then choose a random numberCalculate XU=xUQ generates complete private key SKU=(DU,xU) and complete public key PKU=(RU,
XU);Complete private key and TAIDUEncrypting storing is in local SE (Secure Element, security element), wherein the encryption used
Algorithm is aes algorithm, and encryption key KEY=H (username | | pw), public key is then sent to mobile payment service provider
MPSP;
After A7, mobile payment service provider MPSP receive client public key, its secret is stored on Cloud Server SE, and
Transmission succeeds in registration information RS to user, arrives this user registration success.
Further, specific step is as follows for user's payment:
B1, user open mobile terminal APP, input user name, log in password and PIN code, wherein user name and log in mouth
It enables combining and generates decruption key KEY, take out private key SK from local SE using the KEY of generationU;Take the cryptographic Hash H of PIN code
(PIN), it is used for subsequent message signature;
B2, mobile terminal receive payment information m close to the POS machine of businessman M;
After B3, mobile terminal receive payment information m, random selectionCalculate TU=uQ,S=u/ (xU+DU+ h), signature (h, s) is generated, and encryption is disappeared
Cease { h, s, m, t } kU-MPSPWith virtual trading account TAIDUIt is sent to businessman M;
B4, businessman M send { h, s, m, t } k by tls protocolU-MPSP, identity information IDMWith payment information m' to mobile branch
Pay service provider MPSP;Wherein tls protocol (Transport Layer Security, Transport Layer Security) not only may be implemented
Information encryption, can also realize authentication;
After B5, mobile payment service provider MPSP receive the information from businessman M, businessman M and user's U identity are carried out
Verifying;
B6, as businessman M and legal user's U identity, mobile payment service provider MPSP according in m correlation pay
Information deducts the electronic purse balance amount of user U, and money is gone in the stored value card of businessman M, if electronic purse balance amount is insufficient, shifting
Dynamic payment services provider MPSP then submits settlement request to the bank of deposit of user U, and application deducts phase from the bank card of user U
Answer the amount of money into the stored value card of mobile payment service provider MPSP, then mobile payment service provider MPSP is again electronics
In Money transfer to the stored value card of businessman M;Otherwise payment failure, mobile payment service provider MPSP, which sends payment, unsuccessfully to be believed
It ceases to user U and businessman M;After the completion of transferring accounts, mobile payment service provider MPSP sends payment success message by tls protocol
PS gives businessman M, while handle uses kU-MPSPThe new part public key R' of encryptionU, part private key D'U, new virtual trading account
TAID'U, payment success message PS and new session key k'U-MPSPIt is sent to businessman M, businessman M forwards the information to user again
U。
Further, the legitimacy of the businessman M identity is authenticated by the authentication mode in tls protocol, and user's U identity
Verification process is as follows:
C1, mobile payment service provider MPSP utilize the session key shared with user U to decrypt { h, s, m, t } kU-MPSP,
Information m is got paid, is compared with the payment information m' that businessman M is sent, judges whether m=m' is true, is connect if setting up
Payment information m is received, otherwise sends authentication failure message to businessman M and user U;
If C2, step C1 are verified, mobile payment service provider MPSP is according to virtual trading account TAIDUIt finds pair
The virtual account AID answeredUWith the cryptographic Hash H (ID of user identity card numberU), further according to AIDUFind the corresponding PIN code of user U
Cryptographic Hash H (PIN) is calculatedIt calculates againWhether at Rob Roy certification user
The identity legitimacy of U proves that user U is legitimate user if setting up, and receives information m.
Further, H2 (s (RU+XU+h1Q is calculatedg+hQ)AIDU||H(PIN)||m)
Whether=h authenticates the identity legitimacy of user U at Rob Roy, and specific verification process is as follows:
Further, it is described payment complete the specific steps are:After user U receives new part of key, carrying out key has
The judgement of effect property, if new part private key is effective, generates new complete public and private key, saves new private key SK'U, new virtual friendship
Easy account TAID'UWith new session key k'U-MPSP, and newly-generated public key PK'UWith session key kU-MPSPEncryption is sent to
Businessman M, businessman M relay to mobile payment service provider MPSP, and mobile payment service provider MPSP receives user U and sends
New public key after, delete kU-MPSP, only retain k'U-MPSPAs new session code key, and send key reception success message to
Businessman M, businessman M relay to user U, complete to this payment.
Compared with prior art, the principle and advantage of this programme is as follows:
1., even if the private key of user is leaked, not obtaining user without joined PIN code factor during certificate signature
Under conditions of PIN code, invader can not still pass through authentication.
2. when user is with merchant transaction, using anonymous virtual trading account, know that businessman can not in user's payment process
The true identity of the specific negotiator in road, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading
Account also achieves the unlinkability of Transaction Information while to realize anonymous deal, improve privacy of user safety.
3. after the completion of payment, signature key, session key carry out dynamic update, realizes one-time pad, improve payment
The safety of system.
4. the Transaction Information that user submits is to send server to by the POS machine of businessman, and POS terminal and user hand
Communication uses NFC communication technology between machine, so that user does not have to trade using traditional WIFI 4G network, realizes
The function of user's offline electronic payment expands the range of transaction place.
Detailed description of the invention
Relationship block diagram of the Fig. 1 between user, businessman, mobile payment service provider and bank;
Fig. 2 is a kind of flow chart of user's registration in NFC method of mobile payment based on no certificate signature;
Fig. 3 is a kind of flow chart of user's payment in NFC method of mobile payment based on no certificate signature.
Specific embodiment
It carries out listing table 1 before specific embodiment, the mark that embodiment is used is explained:
Table 1
The present invention is further explained in the light of specific embodiments:
A kind of NFC method of mobile payment based on no certificate signature, includes the following steps described in the present embodiment:
S1, system initialization:
Mobile payment service provider MPSP inputs security parameter k on the Cloud Server of oneself, and generates two big element
Number p, q, wherein p and q meet q | the relationship of p-1;Then the generation that Q is q as single order any in the cyclic group G on elliptic curve is set
Member selects 3 hash functions: H3:G → { 0,1 } *, and
Randomly select a valueIt as system master key and maintains secrecy, calculates Qg=gQ;Finally disclose system parameter p, q, Q,
Qg,H1,H2,H3}。
S2, user's registration, as shown in Fig. 2, detailed process is as follows:
A1, user input relevant application for registration information RM on the APP that mobile payment service provider MPSP is provided, packet
Include user name, log in password, phone number, the cryptographic Hash H (PIN) of PIN code, the bank of deposit provide virtual account AIDU∈
{ 0,1 } the cryptographic Hash H (ID of * and user identity card numberU);
After A2, mobile payment service provider MPSP receive registration information, it is by sending short message to confirm user
No is to operate in person;
After A3, confirmation, mobile payment service provider MPSP sends the void that the bank of deposit provides by safe lane
Quasi- account AIDUWith the cryptographic Hash H (ID of user identity card numberU) to the bank of deposit confirm the legal of application for registration user identity
Property;
After A4, the bank of deposit have confirmed user identity, identity validation receipt is generated, and movement is sent to by safe lane
Payment services provider MPSP;
A5, mobile payment service provider MPSP check the identity validation receipt that bank of deposit Bank is sent, if
Registering user is legitimate user, saves the cryptographic Hash H (ID of user identity card numberU) and the bank of deposit provide virtual account AIDU,
It calculatesAnd choose a random numberGenerate the part public key R of userU=rUQ
With part private key DU=H1(Token,RU)+rU, while generating virtual trading account TAIDU;Then { RU、DU、TAIDUPass through
Safe lane is sent to user, otherwise terminates this registration, and sends registration failure information to user;
After A6, user receive the information that mobile payment service provider MPSP is sent, by calculating RU+H1(Token,RU)
Qg=DUWhether Q at Rob Roy judges D that mobile payment service provider MPSP is sended overUWhether effectively, if result be it is effective,
Then choose a random numberCalculate XU=xUQ generates complete private key SKU=(DU,xU) and complete public key PKU=(RU,
XU);Complete private key and TAIDUEncrypting storing is in local SE (Secure Element, security element), wherein the encryption used
Algorithm is aes algorithm, and encryption key KEY=H (username | | pw), public key is then sent to mobile payment service provider
MPSP;
After A7, mobile payment service provider MPSP receive client public key, its secret is stored on Cloud Server SE, and
Transmission succeeds in registration information RS to user, arrives this user registration success.
S3, user's payment, as shown in figure 3, specific step is as follows:
B1, user open mobile terminal APP, input user name, log in password and PIN code, wherein user name and log in mouth
It enables combining and generates decruption key KEY, take out private key SK from local SE using the KEY of generationU;Take the cryptographic Hash H of PIN code
(PIN), it is used for subsequent message signature;
B2, mobile terminal receive payment information m close to the POS machine of businessman M;
After B3, mobile terminal receive payment information m, random selectionCalculate TU=uQ,S=u/ (xU+DU+ h), signature (h, s) is generated, and encryption is disappeared
Cease { h, s, m, t } kU-MPSPWith virtual trading account TAIDUIt is sent to businessman M;
B4, businessman M send { h, s, m, t } k by tls protocolU-MPSP, identity information IDMWith payment information m' to mobile branch
Pay service provider MPSP;Wherein tls protocol (Transport Layer Security, Transport Layer Security) not only may be implemented
Information encryption, can also realize authentication;
After B5, mobile payment service provider MPSP receive the information from businessman M, businessman M and user's U identity are carried out
Verifying;
Wherein, the legitimacy of businessman M identity is authenticated by the authentication mode in tls protocol, and user's U authentication process itself
It is as follows:
C1, mobile payment service provider MPSP utilize the session key shared with user U to decrypt { h, s, m, t } kU-MPSP,
Information m is got paid, is compared with the payment information m' that businessman M is sent, judges whether m=m' is true, is connect if setting up
Payment information m is received, otherwise sends authentication failure message to businessman M and user U;
If C2, step C1 are verified, mobile payment service provider MPSP is according to virtual trading account TAIDUIt finds pair
The virtual account AID answeredUWith the cryptographic Hash H (ID of user identity card numberU), further according to AIDUFind the corresponding PIN code of user U
Cryptographic Hash H (PIN) is calculatedIt calculates againWhether at Rob Roy certification user U
Identity legitimacy, prove that user U is legitimate user if setting up, and receive information m;
Specific verification process is as follows:
B6, as businessman M and legal user's U identity, mobile payment service provider MPSP according in m correlation pay
Information deducts the electronic purse balance amount of user U, and money is gone in the stored value card of businessman M, if electronic purse balance amount is insufficient, shifting
Dynamic payment services provider MPSP then submits settlement request to the bank of deposit of user U, and application deducts phase from the bank card of user U
Answer the amount of money into the stored value card of mobile payment service provider MPSP, then mobile payment service provider MPSP is again electronics
In Money transfer to the stored value card of businessman M;Otherwise payment failure, mobile payment service provider MPSP, which sends payment, unsuccessfully to be believed
It ceases to user U and businessman M;After the completion of transferring accounts, mobile payment service provider MPSP sends payment success message by tls protocol
PS gives businessman M, while handle uses kU-MPSPThe new part public key R' of encryptionU, part private key D'U, new virtual trading account
TAID'U, payment success message PS and new session key k'U-MPSPIt is sent to businessman M, businessman M forwards the information to user again
U。
S4, payment are completed:
After user U receives new part of key, carries out key aliveness judgement and generated if new part private key is effective
New complete public and private key, saves new private key SK'U, new virtual trading account TAID'UWith new session key k'U-MPSP, and
Newly-generated public key PK'UWith session key kU-MPSPEncryption is sent to businessman M, and businessman M relays to mobile payment service and mentions
For quotient MPSP, after mobile payment service provider MPSP receives the new public key that user U is sent, k is deletedU-MPSP, only retain
k'U-MPSPAs new session code key, and sends key reception success message and businessman M, businessman M is given to relay to user U, arrive this
Payment is completed.
The present embodiment has the following advantages that:
1., even if the private key of user is leaked, not obtaining user without joined PIN code factor during certificate signature
Under conditions of PIN code, invader can not still pass through authentication.
2. when user is with merchant transaction, using anonymous virtual trading account, know that businessman can not in user's payment process
The true identity of the specific negotiator in road, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading
Account also achieves the unlinkability of Transaction Information while to realize anonymous deal, improve privacy of user safety.
3. after the completion of payment, signature key, session key carry out dynamic update, realizes one-time pad, improve payment
The safety of system.
4. the Transaction Information that user submits is to send server to by the POS machine of businessman, and POS terminal and user hand
Communication uses NFC communication technology between machine, so that user does not have to trade using traditional WIFI 4G network, realizes
The function of user's offline electronic payment expands the range of transaction place.
The examples of implementation of the above are only the preferred embodiments of the invention, and implementation model of the invention is not limited with this
It encloses, therefore all shapes according to the present invention, changes made by principle, should all be included within the scope of protection of the present invention.
Claims (7)
1. a kind of NFC method of mobile payment based on no certificate signature, which is characterized in that comprising system initialization, user's registration,
Four-stage is completed in user's payment and payment;
In user's payment process, when carrying out authentication, need to use the PIN code of user oneself input, if user inputs
PIN code it is wrong, then server fails to the authentication of user, it is believed that user is malicious user, to terminate transaction;Separately
Outside, in user's payment process, when user is with merchant transaction, it using anonymous virtual trading account, know that businessman can not specifically
The true identity of negotiator, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading account;
After the completion of payment, signature key, session key carry out dynamic update, realize one-time pad.
2. a kind of NFC method of mobile payment based on no certificate signature according to claim 1, which is characterized in that described
The detailed process of system initialization is:
Mobile payment service provider MPSP inputs security parameter k on the Cloud Server of oneself, and generate two Big prime p,
Q, wherein p and q meet q | the relationship of p-1;Then the generation member that Q is q as single order any in the cyclic group G on elliptic curve is set,
Select 3 hash functions:H3:G → { 0,1 } *, and with
Machine chooses a valueIt as system master key and maintains secrecy, calculates Qg=gQ;System parameter { p, q, Q, Q are finally disclosedg,
H1,H2,H3}。
3. a kind of NFC method of mobile payment based on no certificate signature according to claim 1, which is characterized in that described
Specific step is as follows for user's registration:
A1, user input relevant application for registration information RM on the APP that mobile payment service provider MPSP is provided, including with
Name in an account book, log in password, phone number, the cryptographic Hash H (PIN) of PIN code, the bank of deposit provide virtual account AIDUAnd user
Cryptographic Hash H (the ID of identification card numberU);
After A2, mobile payment service provider MPSP receive registration information, by send short message come confirm user whether be
I operates;
After A3, confirmation, mobile payment service provider MPSP sends the virtual account that the bank of deposit provides by safe lane
Family AIDUWith the cryptographic Hash H (ID of user identity card numberU) legitimacy of application for registration user identity is confirmed to the bank of deposit;
After A4, bank of deposit Bank have confirmed user identity, identity validation receipt Confirm is generated, and send out by safe lane
Give mobile payment service provider MPSP;
A5, mobile payment service provider MPSP check the identity validation receipt that bank of deposit Bank is sent, if registration
User is legitimate user, saves the cryptographic Hash H (ID of user identity card numberU) and the bank of deposit provide virtual account AIDU, calculateAnd choose a random numberGenerate the part public key R of userU=rUQ and
Part private key DU=H1(Token,RU)+rU, while generating virtual trading account TAIDU;Then { RU、DU、TAIDUPass through peace
All channel is sent to user, otherwise terminates this registration, and sends registration failure information to user;
After A6, user receive the information that mobile payment service provider MPSP is sent, by calculating RU+H1(Token,RU)Qg=
DUWhether Q at Rob Roy judges D that mobile payment service provider MPSP is sended overUWhether effectively, if result be it is effective, select
Take a random numberCalculate XU=xUQ generates complete private key SKU=(DU,xU) and complete public key PKU=(RU,XU);It is complete
Full private key and TAIDUEncrypting storing is in local SE, wherein the Encryption Algorithm used is aes algorithm, encryption key KEY=H
(username | | pw), public key is then sent to mobile payment service provider MPSP;
After A7, mobile payment service provider MPSP receive client public key, its secret is stored on Cloud Server SE, and is sent
The information that succeeds in registration RS arrives this user registration success to user.
4. a kind of NFC method of mobile payment based on no certificate signature according to claim 1, which is characterized in that described
Specific step is as follows for user's payment:
B1, user open mobile terminal APP, input user name, log in password and PIN code, wherein user name and log in password knot
Symphysis takes out private key SK at decruption key KEY, using the KEY of generation from local SEU;The cryptographic Hash H (PIN) for taking PIN code is
Subsequent message signature uses;
B2, mobile terminal receive payment information m close to the POS machine of businessman M;
After B3, mobile terminal receive payment information m, random selectionCalculate TU=uQ,S=u/ (xU+DU+ h), signature (h, s) is generated, and encryption is disappeared
Cease { h, s, m, t } kU-MPSPWith virtual trading account TAIDUIt is sent to businessman M;
B4, businessman M send { h, s, m, t } k by tls protocolU-MPSP, identity information IDMIt is taken with payment information m' to mobile payment
Be engaged in provider MPSP;
After B5, mobile payment service provider MPSP receive the information from businessman M, businessman M and user's U identity are tested
Card;
B6, as businessman M and legal user's U identity, mobile payment service provider MPSP is according to the related payment information in m
The electronic purse balance amount of user U is deducted, and money is gone in the stored value card of businessman M, it is mobile to prop up if electronic purse balance amount is insufficient
It pays service provider MPSP and then submits settlement request to the bank of deposit of user U, corresponding gold is deducted in application from the bank card of user U
Volume is into the stored value card of mobile payment service provider MPSP, and then mobile payment service provider MPSP is again electronic money
It transfers accounts in the stored value card of businessman M;Otherwise payment failure, mobile payment service provider MPSP send payment failure information to
User U and businessman M;After the completion of transferring accounts, mobile payment service provider MPSP by tls protocol send payment success message PS to
Businessman M, while handle uses kU-MPSPThe new part public key R' of encryptionU, part private key D'U, new virtual trading account TAID'U, branch
Pay success message PS and new session key k'U-MPSPIt is sent to businessman M, businessman M forwards the information to user U again.
5. a kind of NFC method of mobile payment based on no certificate signature according to claim 4, which is characterized in that described
The legitimacy of businessman's M identity is by the authentication mode certification in tls protocol, and user's U authentication process itself is as follows:
C1, mobile payment service provider MPSP utilize the session key shared with user U to decrypt { h, s, m, t } kU-MPSP, obtain
Payment information m is compared with the payment information m' that businessman M is sent, and judges whether m=m' is true, receives branch if setting up
Information m is paid, otherwise sends authentication failure message to businessman M and user U;
If C2, step C1 are verified, mobile payment service provider MPSP is according to virtual trading account TAIDUIt finds corresponding
Virtual account AIDUWith the cryptographic Hash H (ID of user identity card numberU), further according to AIDUFind the Hash of the corresponding PIN code of user U
Value H (PIN) is calculatedIt calculates again Whether at Rob Roy certification user U
Identity legitimacy, prove that user U is legitimate user if setting up, and receive information m.
6. a kind of NFC method of mobile payment based on no certificate signature according to claim 5, which is characterized in that calculateWhether at Rob Roy certification user U
Identity legitimacy, specific verification process is as follows:
7. a kind of NFC method of mobile payment based on no certificate signature according to claim 1, which is characterized in that described
Payment complete the specific steps are:After user U receives new part of key, key aliveness judgement is carried out, if new part is private
Key is effective, then generates new complete public and private key, save new private key SK'U, new virtual trading account TAID'UWith new session
Key k'U-MPSP, and newly-generated public key PK'UWith session key kU-MPSPEncryption is sent to businessman M, and businessman M relays to shifting
Dynamic payment services provider MPSP after mobile payment service provider MPSP receives the new public key that user U is sent, is deleted
kU-MPSP, only retain k'U-MPSPAs new session code key, and sends key reception success message and businessman M, businessman M is given to forward again
User U is given, is completed to this payment.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810402874.8A CN108830587A (en) | 2018-04-28 | 2018-04-28 | A kind of NFC method of mobile payment based on no certificate signature |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810402874.8A CN108830587A (en) | 2018-04-28 | 2018-04-28 | A kind of NFC method of mobile payment based on no certificate signature |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108830587A true CN108830587A (en) | 2018-11-16 |
Family
ID=64147529
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810402874.8A Pending CN108830587A (en) | 2018-04-28 | 2018-04-28 | A kind of NFC method of mobile payment based on no certificate signature |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108830587A (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110414961A (en) * | 2019-06-21 | 2019-11-05 | 深圳壹账通智能科技有限公司 | Prevent transfer account method, device, equipment and the storage medium of the track transactions side of producing |
CN110636498A (en) * | 2019-11-08 | 2019-12-31 | 国网电子商务有限公司 | Identity authentication method and device of mobile terminal based on network electronic identity |
CN110765485A (en) * | 2019-10-21 | 2020-02-07 | 武汉大学 | Condition anonymous payment device based on NIZK |
CN111461714A (en) * | 2020-03-30 | 2020-07-28 | 南京邮电大学 | Identity authentication and safe transaction method based on smart card in cloud computing |
CN112070490A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system based on two-dimension code |
CN112070492A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system |
CN113316765A (en) * | 2019-01-09 | 2021-08-27 | 维萨国际服务协会 | Methods, systems, and computer program products for network binding agent re-encryption and PIN translation |
CN114565382A (en) * | 2022-03-01 | 2022-05-31 | 汪泽希 | Transaction account anonymous payment method and system |
CN114841700A (en) * | 2020-07-21 | 2022-08-02 | 支付宝(杭州)信息技术有限公司 | Payment processing method, device, equipment and system |
CN115225323A (en) * | 2022-06-15 | 2022-10-21 | 福建海峡基石科技集团有限公司 | Public certificate-based password-free authentication method |
WO2023033808A1 (en) * | 2021-08-31 | 2023-03-09 | Visa International Service Association | Efficient interaction processing using secret |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009126994A1 (en) * | 2008-04-14 | 2009-10-22 | Lockstep Technologies Pty Ltd | Authenticating electronic financial transactions |
WO2014041381A2 (en) * | 2012-09-12 | 2014-03-20 | Cellum Global Innovációs És Szolgáltató Zrt. | Application system for mobile payment and method for providing and using mobile means for payment |
CN106096947A (en) * | 2016-06-08 | 2016-11-09 | 广东工业大学 | Half off-line anonymous method of payment based on NFC |
-
2018
- 2018-04-28 CN CN201810402874.8A patent/CN108830587A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009126994A1 (en) * | 2008-04-14 | 2009-10-22 | Lockstep Technologies Pty Ltd | Authenticating electronic financial transactions |
WO2014041381A2 (en) * | 2012-09-12 | 2014-03-20 | Cellum Global Innovációs És Szolgáltató Zrt. | Application system for mobile payment and method for providing and using mobile means for payment |
CN106096947A (en) * | 2016-06-08 | 2016-11-09 | 广东工业大学 | Half off-line anonymous method of payment based on NFC |
Non-Patent Citations (5)
Title |
---|
张仕斌 等: "《卓越工程师计划 应用密码学》", 31 January 2017, pages: 250 - 252 * |
李代广: "《网店店长实战手册 网店经营管理最佳实用方案》", 31 December 2009, 内蒙古人民出版社, pages: 281 * |
李飞 等: "《信息安全理论与技术》", 31 March 2016, pages: 95 - 97 * |
王亚涛 等: "基于无证书公钥密码的HCE移动支付方案", 《计算机工程与设计》 * |
王亚涛 等: "基于无证书公钥密码的HCE移动支付方案", 《计算机工程与设计》, vol. 38, no. 1, 6 January 2017 (2017-01-06), pages 32 - 36 * |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11488152B2 (en) | 2019-01-09 | 2022-11-01 | Visa International Service Association | Method, system, and computer program product for network bound proxy re-encryption and pin translation |
US11757644B2 (en) | 2019-01-09 | 2023-09-12 | Visa International Service Association | Method, system, and computer program product for network bound proxy re-encryption and PIN translation |
CN113316765A (en) * | 2019-01-09 | 2021-08-27 | 维萨国际服务协会 | Methods, systems, and computer program products for network binding agent re-encryption and PIN translation |
US11736295B2 (en) | 2019-01-09 | 2023-08-22 | Visa International Service Association | Method, system, and computer program product for network bound proxy re-encryption and PIN translation |
CN113316765B (en) * | 2019-01-09 | 2022-11-04 | 维萨国际服务协会 | Methods, systems, and computer program products for network binding agent re-encryption and PIN translation |
CN110414961A (en) * | 2019-06-21 | 2019-11-05 | 深圳壹账通智能科技有限公司 | Prevent transfer account method, device, equipment and the storage medium of the track transactions side of producing |
CN110765485A (en) * | 2019-10-21 | 2020-02-07 | 武汉大学 | Condition anonymous payment device based on NIZK |
CN110636498A (en) * | 2019-11-08 | 2019-12-31 | 国网电子商务有限公司 | Identity authentication method and device of mobile terminal based on network electronic identity |
CN111461714A (en) * | 2020-03-30 | 2020-07-28 | 南京邮电大学 | Identity authentication and safe transaction method based on smart card in cloud computing |
CN111461714B (en) * | 2020-03-30 | 2022-08-12 | 南京邮电大学 | Identity authentication and safe transaction method based on smart card in cloud computing |
CN114841700B (en) * | 2020-07-21 | 2024-04-16 | 支付宝(杭州)信息技术有限公司 | Payment processing method, device, equipment and system |
CN114841700A (en) * | 2020-07-21 | 2022-08-02 | 支付宝(杭州)信息技术有限公司 | Payment processing method, device, equipment and system |
CN112070490B (en) * | 2020-08-20 | 2022-03-25 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system based on two-dimension code |
CN112070492B (en) * | 2020-08-20 | 2022-03-25 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system |
CN112070492A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system |
CN112070490A (en) * | 2020-08-20 | 2020-12-11 | 郑州信大捷安信息技术股份有限公司 | Off-line POS machine transaction method and system based on two-dimension code |
WO2023033808A1 (en) * | 2021-08-31 | 2023-03-09 | Visa International Service Association | Efficient interaction processing using secret |
CN114565382A (en) * | 2022-03-01 | 2022-05-31 | 汪泽希 | Transaction account anonymous payment method and system |
CN115225323A (en) * | 2022-06-15 | 2022-10-21 | 福建海峡基石科技集团有限公司 | Public certificate-based password-free authentication method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108830587A (en) | A kind of NFC method of mobile payment based on no certificate signature | |
CN104506534B (en) | Secure communication key agreement interaction schemes | |
RU2710897C2 (en) | Methods for safe generation of cryptograms | |
JP6181303B2 (en) | ENCRYPTED COMMUNICATION METHOD AND ENCRYPTED COMMUNICATION SYSTEM | |
CN101902476B (en) | Method for authenticating identity of mobile peer-to-peer user | |
JP4781269B2 (en) | Key agreement and transport protocol | |
CN109347809A (en) | A kind of application virtualization safety communicating method towards under autonomous controllable environment | |
CN109818756A (en) | A kind of identity authorization system implementation method based on quantum key distribution technology | |
Isaac et al. | An anonymous secure payment protocol in a payment gateway centric model | |
CN109741068A (en) | Internetbank inter-bank contracting method, apparatus and system | |
CN113612605A (en) | Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology | |
WO2009089764A1 (en) | A system and method of secure network authentication | |
US20150052063A1 (en) | Method for the Mutual Authentication of Entities Having Previously Initiated an Online Transaction | |
JP2015537399A (en) | Application system for mobile payment and method for providing and using mobile payment means | |
WO2010066127A1 (en) | Safe communication method and device for mobile financial service based on application layer | |
CN113507372A (en) | Bidirectional authentication method for interface request | |
JP2001134534A (en) | Authentication delegate method, authentication delegate service system, authentication delegate server device, and client device | |
CN107615797B (en) | Device, method and system for hiding user identification data | |
CN110866754A (en) | Pure software DPVA (distributed data authentication and privacy infrastructure) identity authentication method based on dynamic password | |
ES2923919T3 (en) | Protection of a P2P communication | |
Isaac et al. | Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power devices | |
Isaac et al. | An anonymous account-based mobile payment protocol for a restricted connectivity scenario | |
Isaac et al. | Anonymous payment in a client centric model for digital ecosystems | |
CN106330430B (en) | A kind of third party's method of mobile payment based on NTRU | |
CN113014376B (en) | Method for safety authentication between user and server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181116 |