CN108830587A - A kind of NFC method of mobile payment based on no certificate signature - Google Patents

A kind of NFC method of mobile payment based on no certificate signature Download PDF

Info

Publication number
CN108830587A
CN108830587A CN201810402874.8A CN201810402874A CN108830587A CN 108830587 A CN108830587 A CN 108830587A CN 201810402874 A CN201810402874 A CN 201810402874A CN 108830587 A CN108830587 A CN 108830587A
Authority
CN
China
Prior art keywords
user
mpsp
mobile payment
key
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810402874.8A
Other languages
Chinese (zh)
Inventor
柳毅
余浩
凌捷
欧毓毅
郝彦军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong University of Technology
Original Assignee
Guangdong University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong University of Technology filed Critical Guangdong University of Technology
Priority to CN201810402874.8A priority Critical patent/CN108830587A/en
Publication of CN108830587A publication Critical patent/CN108830587A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Abstract

The present invention relates to a kind of NFC method of mobile payment based on no certificate signature, joined PIN code factor during no certificate signature, even if the private key of user is leaked, under conditions of not obtaining user's PIN code, invader can not still pass through authentication.In addition, in user's payment process, when user is with merchant transaction, using anonymous virtual trading account, make businessman that can not know the true identity of particular transactions people, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading account, the unlinkability of Transaction Information is also achieved while to realize anonymous deal, improves privacy of user safety.Furthermore after the completion of payment, signature key, session key carry out dynamic update, realize one-time pad, improve the safety of payment system.

Description

A kind of NFC method of mobile payment based on no certificate signature
Technical field
The present invention relates to the technical field of NFC mobile payment more particularly to a kind of NFC based on no certificate signature are mobile Method of payment.
Background technique
Existing NFC mobile payment scheme usually uses conventional public-key cryptographic technique to realize that the identity of both parties is recognized Card, user generate the signature of message using private key, and authenticating party uses CA (Certification Authority) institute certificate In public key signature is authenticated, thus the legitimacy in confirmation message source, but there is complicated certificate management etc. in the technology Drawback.For the public key cryptography technology of identity-based, although the problems such as there is no complicated certificate managements, there are key supports The private key of the problems such as pipe, user are centrally generated (Private Key Generation by trusted third party's private key generation Center, PKG), therefore there are the risks that dishonest PKG forges user's signature.
It is more and more since AL-Riyami and Paterson in 2003 is put forward for the first time no CertPubKey cryptography concept Be put forward one after another without CertPubKey cryptographic technique, but will be carried out substantially to arithmetic operation, computation complexity is high, overhead Greatly.And no CertPubKey cryptographic technique used in the present invention is without carrying out having bigger odds for effectiveness to arithmetic operation.? Without in CertPubKey cryptographic technique, it is still desirable to trusted third party's key generation centre (Key Generation Center, KGC) participate in key generation, it gathers around systematic master key (Master Key).The effect of KGC is according to user Master key and the identity information of user generate the part of key of user, and part of key is sent to user.User selects at random It selects secret value and part of key combines the complete private key for generating oneself, public key is then combined by secret value, identity and system parameter and given birth to At, and announce in a reliable fashion.Therefore KGC can not learn the complete private key of user, so as to avoid the trustship of key, simultaneously The certification of certificate is not needed yet.
It is anonymous method for realizing that privacy of user uses most methods safely in NFC mobile payment, this method was realized Journey is simple, small to system resources consumption, high-efficient.User traded used in virtual trading account there are two types of generate way Diameter, one is users to be autonomously generated, and another kind is that mobile payment service provider provides.Generating mode is typically all to take family body Cryptographic Hash after part both relevant information and random number combination.But the virtual trading account of user is all in most of payment scheme It remains unchanged for a long period of time, it is difficult to which the Unlinkability for realizing Transaction Information, there are the risks of privacy leakage.
Summary of the invention
It is an object of the invention to overcome the deficiencies of the prior art and provide a kind of contents that can prevent requestor's privacy leakage The access control method encrypted under central site network.
To achieve the above object, technical solution provided by the present invention is:
Four-stage is completed comprising system initialization, user's registration, user's payment and payment;
In user's payment process, when carrying out authentication, need to use the PIN code of user oneself input, if user The PIN code of input is wrong, then server fails to the authentication of user, it is believed that user is malicious user, to terminate transaction; In addition, when user is with merchant transaction, using anonymous virtual trading account, making businessman that can not know tool in user's payment process The true identity of body negotiator, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading account;
After the completion of payment, signature key, session key carry out dynamic update, realize one-time pad.
Further, the detailed process of the system initialization is:
Mobile payment service provider MPSP inputs security parameter k on the Cloud Server of oneself, and generates two big element Number p, q, wherein p and q meet q | the relationship of p-1;Then the generation that Q is q as single order any in the cyclic group G on elliptic curve is set Member selects 3 hash functions: H3:G → { 0,1 } *, and Randomly select a valueIt as system master key and maintains secrecy, calculates Qg=gQ;Finally disclose system parameter p, q, Q, Qg,H1,H2,H3}。
Further, specific step is as follows for the user's registration:
A1, user input relevant application for registration information RM on the APP that mobile payment service provider MPSP is provided, packet Include user name, log in password, phone number, the cryptographic Hash H (PIN) of PIN code, the bank of deposit provide virtual account AIDUAnd Cryptographic Hash H (the ID of user identity card numberU);
After A2, mobile payment service provider MPSP receive registration information, it is by sending short message to confirm user No is to operate in person;
After A3, confirmation, mobile payment service provider MPSP sends the void that the bank of deposit provides by safe lane Quasi- account AIDUWith the cryptographic Hash H (ID of user identity card numberU) to the bank of deposit confirm the legal of application for registration user identity Property;
After A4, the bank of deposit have confirmed user identity, identity validation receipt is generated, and movement is sent to by safe lane Payment services provider MPSP;
A5, mobile payment service provider MPSP check the identity validation receipt that bank of deposit Bank is sent, if Registering user is legitimate user, saves the cryptographic Hash H (ID of user identity card numberU) and the bank of deposit provide virtual account AIDU, It calculatesAnd choose a random numberGenerate the part public key R of userU=rUQ With part private key DU=H1(Token,RU)+rU, while generating virtual trading account TAIDU;Then { RU、DU、TAIDUPass through Safe lane is sent to user, otherwise terminates this registration, and sends registration failure information to user;
After A6, user receive the information that mobile payment service provider MPSP is sent, by calculating RU+H1(Token,RU) Qg=DUWhether Q at Rob Roy judges D that mobile payment service provider MPSP is sended overUWhether effectively, if result be it is effective, Then choose a random numberCalculate XU=xUQ generates complete private key SKU=(DU,xU) and complete public key PKU=(RU, XU);Complete private key and TAIDUEncrypting storing is in local SE (Secure Element, security element), wherein the encryption used Algorithm is aes algorithm, and encryption key KEY=H (username | | pw), public key is then sent to mobile payment service provider MPSP;
After A7, mobile payment service provider MPSP receive client public key, its secret is stored on Cloud Server SE, and Transmission succeeds in registration information RS to user, arrives this user registration success.
Further, specific step is as follows for user's payment:
B1, user open mobile terminal APP, input user name, log in password and PIN code, wherein user name and log in mouth It enables combining and generates decruption key KEY, take out private key SK from local SE using the KEY of generationU;Take the cryptographic Hash H of PIN code (PIN), it is used for subsequent message signature;
B2, mobile terminal receive payment information m close to the POS machine of businessman M;
After B3, mobile terminal receive payment information m, random selectionCalculate TU=uQ,S=u/ (xU+DU+ h), signature (h, s) is generated, and encryption is disappeared Cease { h, s, m, t } kU-MPSPWith virtual trading account TAIDUIt is sent to businessman M;
B4, businessman M send { h, s, m, t } k by tls protocolU-MPSP, identity information IDMWith payment information m' to mobile branch Pay service provider MPSP;Wherein tls protocol (Transport Layer Security, Transport Layer Security) not only may be implemented Information encryption, can also realize authentication;
After B5, mobile payment service provider MPSP receive the information from businessman M, businessman M and user's U identity are carried out Verifying;
B6, as businessman M and legal user's U identity, mobile payment service provider MPSP according in m correlation pay Information deducts the electronic purse balance amount of user U, and money is gone in the stored value card of businessman M, if electronic purse balance amount is insufficient, shifting Dynamic payment services provider MPSP then submits settlement request to the bank of deposit of user U, and application deducts phase from the bank card of user U Answer the amount of money into the stored value card of mobile payment service provider MPSP, then mobile payment service provider MPSP is again electronics In Money transfer to the stored value card of businessman M;Otherwise payment failure, mobile payment service provider MPSP, which sends payment, unsuccessfully to be believed It ceases to user U and businessman M;After the completion of transferring accounts, mobile payment service provider MPSP sends payment success message by tls protocol PS gives businessman M, while handle uses kU-MPSPThe new part public key R' of encryptionU, part private key D'U, new virtual trading account TAID'U, payment success message PS and new session key k'U-MPSPIt is sent to businessman M, businessman M forwards the information to user again U。
Further, the legitimacy of the businessman M identity is authenticated by the authentication mode in tls protocol, and user's U identity Verification process is as follows:
C1, mobile payment service provider MPSP utilize the session key shared with user U to decrypt { h, s, m, t } kU-MPSP, Information m is got paid, is compared with the payment information m' that businessman M is sent, judges whether m=m' is true, is connect if setting up Payment information m is received, otherwise sends authentication failure message to businessman M and user U;
If C2, step C1 are verified, mobile payment service provider MPSP is according to virtual trading account TAIDUIt finds pair The virtual account AID answeredUWith the cryptographic Hash H (ID of user identity card numberU), further according to AIDUFind the corresponding PIN code of user U Cryptographic Hash H (PIN) is calculatedIt calculates againWhether at Rob Roy certification user The identity legitimacy of U proves that user U is legitimate user if setting up, and receives information m.
Further, H2 (s (RU+XU+h1Q is calculatedg+hQ)AIDU||H(PIN)||m)
Whether=h authenticates the identity legitimacy of user U at Rob Roy, and specific verification process is as follows:
Further, it is described payment complete the specific steps are:After user U receives new part of key, carrying out key has The judgement of effect property, if new part private key is effective, generates new complete public and private key, saves new private key SK'U, new virtual friendship Easy account TAID'UWith new session key k'U-MPSP, and newly-generated public key PK'UWith session key kU-MPSPEncryption is sent to Businessman M, businessman M relay to mobile payment service provider MPSP, and mobile payment service provider MPSP receives user U and sends New public key after, delete kU-MPSP, only retain k'U-MPSPAs new session code key, and send key reception success message to Businessman M, businessman M relay to user U, complete to this payment.
Compared with prior art, the principle and advantage of this programme is as follows:
1., even if the private key of user is leaked, not obtaining user without joined PIN code factor during certificate signature Under conditions of PIN code, invader can not still pass through authentication.
2. when user is with merchant transaction, using anonymous virtual trading account, know that businessman can not in user's payment process The true identity of the specific negotiator in road, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading Account also achieves the unlinkability of Transaction Information while to realize anonymous deal, improve privacy of user safety.
3. after the completion of payment, signature key, session key carry out dynamic update, realizes one-time pad, improve payment The safety of system.
4. the Transaction Information that user submits is to send server to by the POS machine of businessman, and POS terminal and user hand Communication uses NFC communication technology between machine, so that user does not have to trade using traditional WIFI 4G network, realizes The function of user's offline electronic payment expands the range of transaction place.
Detailed description of the invention
Relationship block diagram of the Fig. 1 between user, businessman, mobile payment service provider and bank;
Fig. 2 is a kind of flow chart of user's registration in NFC method of mobile payment based on no certificate signature;
Fig. 3 is a kind of flow chart of user's payment in NFC method of mobile payment based on no certificate signature.
Specific embodiment
It carries out listing table 1 before specific embodiment, the mark that embodiment is used is explained:
Table 1
The present invention is further explained in the light of specific embodiments:
A kind of NFC method of mobile payment based on no certificate signature, includes the following steps described in the present embodiment:
S1, system initialization:
Mobile payment service provider MPSP inputs security parameter k on the Cloud Server of oneself, and generates two big element Number p, q, wherein p and q meet q | the relationship of p-1;Then the generation that Q is q as single order any in the cyclic group G on elliptic curve is set Member selects 3 hash functions: H3:G → { 0,1 } *, and Randomly select a valueIt as system master key and maintains secrecy, calculates Qg=gQ;Finally disclose system parameter p, q, Q, Qg,H1,H2,H3}。
S2, user's registration, as shown in Fig. 2, detailed process is as follows:
A1, user input relevant application for registration information RM on the APP that mobile payment service provider MPSP is provided, packet Include user name, log in password, phone number, the cryptographic Hash H (PIN) of PIN code, the bank of deposit provide virtual account AIDU∈ { 0,1 } the cryptographic Hash H (ID of * and user identity card numberU);
After A2, mobile payment service provider MPSP receive registration information, it is by sending short message to confirm user No is to operate in person;
After A3, confirmation, mobile payment service provider MPSP sends the void that the bank of deposit provides by safe lane Quasi- account AIDUWith the cryptographic Hash H (ID of user identity card numberU) to the bank of deposit confirm the legal of application for registration user identity Property;
After A4, the bank of deposit have confirmed user identity, identity validation receipt is generated, and movement is sent to by safe lane Payment services provider MPSP;
A5, mobile payment service provider MPSP check the identity validation receipt that bank of deposit Bank is sent, if Registering user is legitimate user, saves the cryptographic Hash H (ID of user identity card numberU) and the bank of deposit provide virtual account AIDU, It calculatesAnd choose a random numberGenerate the part public key R of userU=rUQ With part private key DU=H1(Token,RU)+rU, while generating virtual trading account TAIDU;Then { RU、DU、TAIDUPass through Safe lane is sent to user, otherwise terminates this registration, and sends registration failure information to user;
After A6, user receive the information that mobile payment service provider MPSP is sent, by calculating RU+H1(Token,RU) Qg=DUWhether Q at Rob Roy judges D that mobile payment service provider MPSP is sended overUWhether effectively, if result be it is effective, Then choose a random numberCalculate XU=xUQ generates complete private key SKU=(DU,xU) and complete public key PKU=(RU, XU);Complete private key and TAIDUEncrypting storing is in local SE (Secure Element, security element), wherein the encryption used Algorithm is aes algorithm, and encryption key KEY=H (username | | pw), public key is then sent to mobile payment service provider MPSP;
After A7, mobile payment service provider MPSP receive client public key, its secret is stored on Cloud Server SE, and Transmission succeeds in registration information RS to user, arrives this user registration success.
S3, user's payment, as shown in figure 3, specific step is as follows:
B1, user open mobile terminal APP, input user name, log in password and PIN code, wherein user name and log in mouth It enables combining and generates decruption key KEY, take out private key SK from local SE using the KEY of generationU;Take the cryptographic Hash H of PIN code (PIN), it is used for subsequent message signature;
B2, mobile terminal receive payment information m close to the POS machine of businessman M;
After B3, mobile terminal receive payment information m, random selectionCalculate TU=uQ,S=u/ (xU+DU+ h), signature (h, s) is generated, and encryption is disappeared Cease { h, s, m, t } kU-MPSPWith virtual trading account TAIDUIt is sent to businessman M;
B4, businessman M send { h, s, m, t } k by tls protocolU-MPSP, identity information IDMWith payment information m' to mobile branch Pay service provider MPSP;Wherein tls protocol (Transport Layer Security, Transport Layer Security) not only may be implemented Information encryption, can also realize authentication;
After B5, mobile payment service provider MPSP receive the information from businessman M, businessman M and user's U identity are carried out Verifying;
Wherein, the legitimacy of businessman M identity is authenticated by the authentication mode in tls protocol, and user's U authentication process itself It is as follows:
C1, mobile payment service provider MPSP utilize the session key shared with user U to decrypt { h, s, m, t } kU-MPSP, Information m is got paid, is compared with the payment information m' that businessman M is sent, judges whether m=m' is true, is connect if setting up Payment information m is received, otherwise sends authentication failure message to businessman M and user U;
If C2, step C1 are verified, mobile payment service provider MPSP is according to virtual trading account TAIDUIt finds pair The virtual account AID answeredUWith the cryptographic Hash H (ID of user identity card numberU), further according to AIDUFind the corresponding PIN code of user U Cryptographic Hash H (PIN) is calculatedIt calculates againWhether at Rob Roy certification user U Identity legitimacy, prove that user U is legitimate user if setting up, and receive information m;
Specific verification process is as follows:
B6, as businessman M and legal user's U identity, mobile payment service provider MPSP according in m correlation pay Information deducts the electronic purse balance amount of user U, and money is gone in the stored value card of businessman M, if electronic purse balance amount is insufficient, shifting Dynamic payment services provider MPSP then submits settlement request to the bank of deposit of user U, and application deducts phase from the bank card of user U Answer the amount of money into the stored value card of mobile payment service provider MPSP, then mobile payment service provider MPSP is again electronics In Money transfer to the stored value card of businessman M;Otherwise payment failure, mobile payment service provider MPSP, which sends payment, unsuccessfully to be believed It ceases to user U and businessman M;After the completion of transferring accounts, mobile payment service provider MPSP sends payment success message by tls protocol PS gives businessman M, while handle uses kU-MPSPThe new part public key R' of encryptionU, part private key D'U, new virtual trading account TAID'U, payment success message PS and new session key k'U-MPSPIt is sent to businessman M, businessman M forwards the information to user again U。
S4, payment are completed:
After user U receives new part of key, carries out key aliveness judgement and generated if new part private key is effective New complete public and private key, saves new private key SK'U, new virtual trading account TAID'UWith new session key k'U-MPSP, and Newly-generated public key PK'UWith session key kU-MPSPEncryption is sent to businessman M, and businessman M relays to mobile payment service and mentions For quotient MPSP, after mobile payment service provider MPSP receives the new public key that user U is sent, k is deletedU-MPSP, only retain k'U-MPSPAs new session code key, and sends key reception success message and businessman M, businessman M is given to relay to user U, arrive this Payment is completed.
The present embodiment has the following advantages that:
1., even if the private key of user is leaked, not obtaining user without joined PIN code factor during certificate signature Under conditions of PIN code, invader can not still pass through authentication.
2. when user is with merchant transaction, using anonymous virtual trading account, know that businessman can not in user's payment process The true identity of the specific negotiator in road, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading Account also achieves the unlinkability of Transaction Information while to realize anonymous deal, improve privacy of user safety.
3. after the completion of payment, signature key, session key carry out dynamic update, realizes one-time pad, improve payment The safety of system.
4. the Transaction Information that user submits is to send server to by the POS machine of businessman, and POS terminal and user hand Communication uses NFC communication technology between machine, so that user does not have to trade using traditional WIFI 4G network, realizes The function of user's offline electronic payment expands the range of transaction place.
The examples of implementation of the above are only the preferred embodiments of the invention, and implementation model of the invention is not limited with this It encloses, therefore all shapes according to the present invention, changes made by principle, should all be included within the scope of protection of the present invention.

Claims (7)

1. a kind of NFC method of mobile payment based on no certificate signature, which is characterized in that comprising system initialization, user's registration, Four-stage is completed in user's payment and payment;
In user's payment process, when carrying out authentication, need to use the PIN code of user oneself input, if user inputs PIN code it is wrong, then server fails to the authentication of user, it is believed that user is malicious user, to terminate transaction;Separately Outside, in user's payment process, when user is with merchant transaction, it using anonymous virtual trading account, know that businessman can not specifically The true identity of negotiator, and every time after the completion of transaction, mobile payment service provider updates the anonymity virtual trading account;
After the completion of payment, signature key, session key carry out dynamic update, realize one-time pad.
2. a kind of NFC method of mobile payment based on no certificate signature according to claim 1, which is characterized in that described The detailed process of system initialization is:
Mobile payment service provider MPSP inputs security parameter k on the Cloud Server of oneself, and generate two Big prime p, Q, wherein p and q meet q | the relationship of p-1;Then the generation member that Q is q as single order any in the cyclic group G on elliptic curve is set, Select 3 hash functions:H3:G → { 0,1 } *, and with Machine chooses a valueIt as system master key and maintains secrecy, calculates Qg=gQ;System parameter { p, q, Q, Q are finally disclosedg, H1,H2,H3}。
3. a kind of NFC method of mobile payment based on no certificate signature according to claim 1, which is characterized in that described Specific step is as follows for user's registration:
A1, user input relevant application for registration information RM on the APP that mobile payment service provider MPSP is provided, including with Name in an account book, log in password, phone number, the cryptographic Hash H (PIN) of PIN code, the bank of deposit provide virtual account AIDUAnd user Cryptographic Hash H (the ID of identification card numberU);
After A2, mobile payment service provider MPSP receive registration information, by send short message come confirm user whether be I operates;
After A3, confirmation, mobile payment service provider MPSP sends the virtual account that the bank of deposit provides by safe lane Family AIDUWith the cryptographic Hash H (ID of user identity card numberU) legitimacy of application for registration user identity is confirmed to the bank of deposit;
After A4, bank of deposit Bank have confirmed user identity, identity validation receipt Confirm is generated, and send out by safe lane Give mobile payment service provider MPSP;
A5, mobile payment service provider MPSP check the identity validation receipt that bank of deposit Bank is sent, if registration User is legitimate user, saves the cryptographic Hash H (ID of user identity card numberU) and the bank of deposit provide virtual account AIDU, calculateAnd choose a random numberGenerate the part public key R of userU=rUQ and Part private key DU=H1(Token,RU)+rU, while generating virtual trading account TAIDU;Then { RU、DU、TAIDUPass through peace All channel is sent to user, otherwise terminates this registration, and sends registration failure information to user;
After A6, user receive the information that mobile payment service provider MPSP is sent, by calculating RU+H1(Token,RU)Qg= DUWhether Q at Rob Roy judges D that mobile payment service provider MPSP is sended overUWhether effectively, if result be it is effective, select Take a random numberCalculate XU=xUQ generates complete private key SKU=(DU,xU) and complete public key PKU=(RU,XU);It is complete Full private key and TAIDUEncrypting storing is in local SE, wherein the Encryption Algorithm used is aes algorithm, encryption key KEY=H (username | | pw), public key is then sent to mobile payment service provider MPSP;
After A7, mobile payment service provider MPSP receive client public key, its secret is stored on Cloud Server SE, and is sent The information that succeeds in registration RS arrives this user registration success to user.
4. a kind of NFC method of mobile payment based on no certificate signature according to claim 1, which is characterized in that described Specific step is as follows for user's payment:
B1, user open mobile terminal APP, input user name, log in password and PIN code, wherein user name and log in password knot Symphysis takes out private key SK at decruption key KEY, using the KEY of generation from local SEU;The cryptographic Hash H (PIN) for taking PIN code is Subsequent message signature uses;
B2, mobile terminal receive payment information m close to the POS machine of businessman M;
After B3, mobile terminal receive payment information m, random selectionCalculate TU=uQ,S=u/ (xU+DU+ h), signature (h, s) is generated, and encryption is disappeared Cease { h, s, m, t } kU-MPSPWith virtual trading account TAIDUIt is sent to businessman M;
B4, businessman M send { h, s, m, t } k by tls protocolU-MPSP, identity information IDMIt is taken with payment information m' to mobile payment Be engaged in provider MPSP;
After B5, mobile payment service provider MPSP receive the information from businessman M, businessman M and user's U identity are tested Card;
B6, as businessman M and legal user's U identity, mobile payment service provider MPSP is according to the related payment information in m The electronic purse balance amount of user U is deducted, and money is gone in the stored value card of businessman M, it is mobile to prop up if electronic purse balance amount is insufficient It pays service provider MPSP and then submits settlement request to the bank of deposit of user U, corresponding gold is deducted in application from the bank card of user U Volume is into the stored value card of mobile payment service provider MPSP, and then mobile payment service provider MPSP is again electronic money It transfers accounts in the stored value card of businessman M;Otherwise payment failure, mobile payment service provider MPSP send payment failure information to User U and businessman M;After the completion of transferring accounts, mobile payment service provider MPSP by tls protocol send payment success message PS to Businessman M, while handle uses kU-MPSPThe new part public key R' of encryptionU, part private key D'U, new virtual trading account TAID'U, branch Pay success message PS and new session key k'U-MPSPIt is sent to businessman M, businessman M forwards the information to user U again.
5. a kind of NFC method of mobile payment based on no certificate signature according to claim 4, which is characterized in that described The legitimacy of businessman's M identity is by the authentication mode certification in tls protocol, and user's U authentication process itself is as follows:
C1, mobile payment service provider MPSP utilize the session key shared with user U to decrypt { h, s, m, t } kU-MPSP, obtain Payment information m is compared with the payment information m' that businessman M is sent, and judges whether m=m' is true, receives branch if setting up Information m is paid, otherwise sends authentication failure message to businessman M and user U;
If C2, step C1 are verified, mobile payment service provider MPSP is according to virtual trading account TAIDUIt finds corresponding Virtual account AIDUWith the cryptographic Hash H (ID of user identity card numberU), further according to AIDUFind the Hash of the corresponding PIN code of user U Value H (PIN) is calculatedIt calculates again Whether at Rob Roy certification user U Identity legitimacy, prove that user U is legitimate user if setting up, and receive information m.
6. a kind of NFC method of mobile payment based on no certificate signature according to claim 5, which is characterized in that calculateWhether at Rob Roy certification user U Identity legitimacy, specific verification process is as follows:
7. a kind of NFC method of mobile payment based on no certificate signature according to claim 1, which is characterized in that described Payment complete the specific steps are:After user U receives new part of key, key aliveness judgement is carried out, if new part is private Key is effective, then generates new complete public and private key, save new private key SK'U, new virtual trading account TAID'UWith new session Key k'U-MPSP, and newly-generated public key PK'UWith session key kU-MPSPEncryption is sent to businessman M, and businessman M relays to shifting Dynamic payment services provider MPSP after mobile payment service provider MPSP receives the new public key that user U is sent, is deleted kU-MPSP, only retain k'U-MPSPAs new session code key, and sends key reception success message and businessman M, businessman M is given to forward again User U is given, is completed to this payment.
CN201810402874.8A 2018-04-28 2018-04-28 A kind of NFC method of mobile payment based on no certificate signature Pending CN108830587A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810402874.8A CN108830587A (en) 2018-04-28 2018-04-28 A kind of NFC method of mobile payment based on no certificate signature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810402874.8A CN108830587A (en) 2018-04-28 2018-04-28 A kind of NFC method of mobile payment based on no certificate signature

Publications (1)

Publication Number Publication Date
CN108830587A true CN108830587A (en) 2018-11-16

Family

ID=64147529

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810402874.8A Pending CN108830587A (en) 2018-04-28 2018-04-28 A kind of NFC method of mobile payment based on no certificate signature

Country Status (1)

Country Link
CN (1) CN108830587A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414961A (en) * 2019-06-21 2019-11-05 深圳壹账通智能科技有限公司 Prevent transfer account method, device, equipment and the storage medium of the track transactions side of producing
CN110636498A (en) * 2019-11-08 2019-12-31 国网电子商务有限公司 Identity authentication method and device of mobile terminal based on network electronic identity
CN110765485A (en) * 2019-10-21 2020-02-07 武汉大学 Condition anonymous payment device based on NIZK
CN111461714A (en) * 2020-03-30 2020-07-28 南京邮电大学 Identity authentication and safe transaction method based on smart card in cloud computing
CN112070490A (en) * 2020-08-20 2020-12-11 郑州信大捷安信息技术股份有限公司 Off-line POS machine transaction method and system based on two-dimension code
CN112070492A (en) * 2020-08-20 2020-12-11 郑州信大捷安信息技术股份有限公司 Off-line POS machine transaction method and system
CN113316765A (en) * 2019-01-09 2021-08-27 维萨国际服务协会 Methods, systems, and computer program products for network binding agent re-encryption and PIN translation
CN114565382A (en) * 2022-03-01 2022-05-31 汪泽希 Transaction account anonymous payment method and system
CN114841700A (en) * 2020-07-21 2022-08-02 支付宝(杭州)信息技术有限公司 Payment processing method, device, equipment and system
CN115225323A (en) * 2022-06-15 2022-10-21 福建海峡基石科技集团有限公司 Public certificate-based password-free authentication method
WO2023033808A1 (en) * 2021-08-31 2023-03-09 Visa International Service Association Efficient interaction processing using secret

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009126994A1 (en) * 2008-04-14 2009-10-22 Lockstep Technologies Pty Ltd Authenticating electronic financial transactions
WO2014041381A2 (en) * 2012-09-12 2014-03-20 Cellum Global Innovációs És Szolgáltató Zrt. Application system for mobile payment and method for providing and using mobile means for payment
CN106096947A (en) * 2016-06-08 2016-11-09 广东工业大学 Half off-line anonymous method of payment based on NFC

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009126994A1 (en) * 2008-04-14 2009-10-22 Lockstep Technologies Pty Ltd Authenticating electronic financial transactions
WO2014041381A2 (en) * 2012-09-12 2014-03-20 Cellum Global Innovációs És Szolgáltató Zrt. Application system for mobile payment and method for providing and using mobile means for payment
CN106096947A (en) * 2016-06-08 2016-11-09 广东工业大学 Half off-line anonymous method of payment based on NFC

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
张仕斌 等: "《卓越工程师计划 应用密码学》", 31 January 2017, pages: 250 - 252 *
李代广: "《网店店长实战手册 网店经营管理最佳实用方案》", 31 December 2009, 内蒙古人民出版社, pages: 281 *
李飞 等: "《信息安全理论与技术》", 31 March 2016, pages: 95 - 97 *
王亚涛 等: "基于无证书公钥密码的HCE移动支付方案", 《计算机工程与设计》 *
王亚涛 等: "基于无证书公钥密码的HCE移动支付方案", 《计算机工程与设计》, vol. 38, no. 1, 6 January 2017 (2017-01-06), pages 32 - 36 *

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11488152B2 (en) 2019-01-09 2022-11-01 Visa International Service Association Method, system, and computer program product for network bound proxy re-encryption and pin translation
US11757644B2 (en) 2019-01-09 2023-09-12 Visa International Service Association Method, system, and computer program product for network bound proxy re-encryption and PIN translation
CN113316765A (en) * 2019-01-09 2021-08-27 维萨国际服务协会 Methods, systems, and computer program products for network binding agent re-encryption and PIN translation
US11736295B2 (en) 2019-01-09 2023-08-22 Visa International Service Association Method, system, and computer program product for network bound proxy re-encryption and PIN translation
CN113316765B (en) * 2019-01-09 2022-11-04 维萨国际服务协会 Methods, systems, and computer program products for network binding agent re-encryption and PIN translation
CN110414961A (en) * 2019-06-21 2019-11-05 深圳壹账通智能科技有限公司 Prevent transfer account method, device, equipment and the storage medium of the track transactions side of producing
CN110765485A (en) * 2019-10-21 2020-02-07 武汉大学 Condition anonymous payment device based on NIZK
CN110636498A (en) * 2019-11-08 2019-12-31 国网电子商务有限公司 Identity authentication method and device of mobile terminal based on network electronic identity
CN111461714A (en) * 2020-03-30 2020-07-28 南京邮电大学 Identity authentication and safe transaction method based on smart card in cloud computing
CN111461714B (en) * 2020-03-30 2022-08-12 南京邮电大学 Identity authentication and safe transaction method based on smart card in cloud computing
CN114841700B (en) * 2020-07-21 2024-04-16 支付宝(杭州)信息技术有限公司 Payment processing method, device, equipment and system
CN114841700A (en) * 2020-07-21 2022-08-02 支付宝(杭州)信息技术有限公司 Payment processing method, device, equipment and system
CN112070490B (en) * 2020-08-20 2022-03-25 郑州信大捷安信息技术股份有限公司 Off-line POS machine transaction method and system based on two-dimension code
CN112070492B (en) * 2020-08-20 2022-03-25 郑州信大捷安信息技术股份有限公司 Off-line POS machine transaction method and system
CN112070492A (en) * 2020-08-20 2020-12-11 郑州信大捷安信息技术股份有限公司 Off-line POS machine transaction method and system
CN112070490A (en) * 2020-08-20 2020-12-11 郑州信大捷安信息技术股份有限公司 Off-line POS machine transaction method and system based on two-dimension code
WO2023033808A1 (en) * 2021-08-31 2023-03-09 Visa International Service Association Efficient interaction processing using secret
CN114565382A (en) * 2022-03-01 2022-05-31 汪泽希 Transaction account anonymous payment method and system
CN115225323A (en) * 2022-06-15 2022-10-21 福建海峡基石科技集团有限公司 Public certificate-based password-free authentication method

Similar Documents

Publication Publication Date Title
CN108830587A (en) A kind of NFC method of mobile payment based on no certificate signature
CN104506534B (en) Secure communication key agreement interaction schemes
RU2710897C2 (en) Methods for safe generation of cryptograms
JP6181303B2 (en) ENCRYPTED COMMUNICATION METHOD AND ENCRYPTED COMMUNICATION SYSTEM
CN101902476B (en) Method for authenticating identity of mobile peer-to-peer user
JP4781269B2 (en) Key agreement and transport protocol
CN109347809A (en) A kind of application virtualization safety communicating method towards under autonomous controllable environment
CN109818756A (en) A kind of identity authorization system implementation method based on quantum key distribution technology
Isaac et al. An anonymous secure payment protocol in a payment gateway centric model
CN109741068A (en) Internetbank inter-bank contracting method, apparatus and system
CN113612605A (en) Method, system and equipment for enhancing MQTT protocol identity authentication by using symmetric cryptographic technology
WO2009089764A1 (en) A system and method of secure network authentication
US20150052063A1 (en) Method for the Mutual Authentication of Entities Having Previously Initiated an Online Transaction
JP2015537399A (en) Application system for mobile payment and method for providing and using mobile payment means
WO2010066127A1 (en) Safe communication method and device for mobile financial service based on application layer
CN113507372A (en) Bidirectional authentication method for interface request
JP2001134534A (en) Authentication delegate method, authentication delegate service system, authentication delegate server device, and client device
CN107615797B (en) Device, method and system for hiding user identification data
CN110866754A (en) Pure software DPVA (distributed data authentication and privacy infrastructure) identity authentication method based on dynamic password
ES2923919T3 (en) Protection of a P2P communication
Isaac et al. Anonymous payment in a kiosk centric model using digital signature scheme with message recovery and low computational power devices
Isaac et al. An anonymous account-based mobile payment protocol for a restricted connectivity scenario
Isaac et al. Anonymous payment in a client centric model for digital ecosystems
CN106330430B (en) A kind of third party's method of mobile payment based on NTRU
CN113014376B (en) Method for safety authentication between user and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181116