CN108898388B - Payment method and device - Google Patents
Payment method and device Download PDFInfo
- Publication number
- CN108898388B CN108898388B CN201810609351.0A CN201810609351A CN108898388B CN 108898388 B CN108898388 B CN 108898388B CN 201810609351 A CN201810609351 A CN 201810609351A CN 108898388 B CN108898388 B CN 108898388B
- Authority
- CN
- China
- Prior art keywords
- payment
- session key
- ciphertext
- agent
- transaction data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
Abstract
The disclosure relates to a payment method and a device, wherein the method comprises the following steps: the payment TA receives transaction data sent by the third party payment application; after the identity information corresponding to the transaction data is authenticated, which is inquired from the identity authentication TA, the payment TA encrypts the transaction data by using a secret key acquired from the agent program to obtain a ciphertext and a check value; the payment TA sends the ciphertext and the check value to the agent; and after determining that the ciphertext is sent by the payment TA according to the check value, the agent program decrypts the ciphertext to obtain the transaction data. The technical scheme can improve the security of transaction data transmission and increase the safety factor of payment.
Description
Technical Field
The present disclosure relates to the field of mobile payment, and in particular, to a payment method and apparatus.
Background
With the development of mobile intelligent devices and internet mobile payment, going to a physical card has become a trend of the development of the current society. Mobile smart devices such as mobile phones, as bank cards, bus cards, store membership cards, have also entered into people's lives with the development of security chips, NFC (Near Field Communication), and mobile devices.
The terminal payment is based on NFC and a security chip technology, a new card is generated by verifying card information of a card holder, and the card information is sent in the security chip of the terminal in an idle sending mode, so that the terminal is finally used as a bank card, and online transaction can be carried out.
Disclosure of Invention
The embodiment of the disclosure provides a payment method and a payment device. The technical scheme is as follows:
according to a first aspect of the embodiments of the present disclosure, there is provided a payment method applied to a terminal, where the terminal includes: the method comprises the following steps that a third party application, an agent program in a security chip, an identity authentication trusted application TA and a payment TA which run in a trusted execution environment TEE are used;
the payment TA receives transaction data sent by the third party payment application;
after the identity information corresponding to the transaction data is authenticated, which is inquired from the identity authentication TA, the payment TA encrypts the transaction data by using a secret key acquired from the agent program to obtain a ciphertext and a check value;
the payment TA sends the ciphertext and the check value to the agent;
and after determining that the ciphertext is sent by the payment TA according to the check value, the agent program decrypts the ciphertext to obtain the transaction data.
In one embodiment, the payment TA encrypting the transaction data using the key obtained from the agent, and obtaining the ciphertext and the check value comprises:
the payment TA obtains a first session key and a second session key from the agent;
the payment TA applies a first encryption algorithm to encrypt transaction data by using the first session key to generate a ciphertext, wherein the first encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
the payment TA applies a second encryption algorithm to calculate a check value according to the second session key and the ciphertext, wherein the second encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
the agent program determines that the ciphertext is sent by the payment TA according to the check value, and the method comprises the following steps:
the agent program applies the second encryption algorithm to calculate a verification value according to the second session key and the ciphertext;
the agent determines that the ciphertext was sent by the payment TA when the verification value is the same as the check value.
In one embodiment, the payment TA obtains a first session key and a second session key from the agent, comprising:
the payment TA generates a pair of public key and private key;
the payment TA sends the private key to the agent;
the payment TA generates a random code and sends the random code carried in the session key request to the agent program;
the agent program responds to the session key request to generate a first session key and a second session key;
the agent program encrypts the first session key, the second session key and the random code by using the private key and then sends the encrypted first session key, the encrypted second session key and the random code to the payment TA;
and after the payment TA uses the public key to decrypt the random code, the payment TA uses the public key to decrypt the first session key and the second session key.
In one embodiment, the payment TA sends the private key to the secure chip, including:
the payment TA signs the private key by using a TEE delivery key and then sends the private key to a security server so that the security server can send the private key to the agent program after the signature is checked;
and the agent program receives the private key sent by the security server through a security channel.
In one embodiment, the terminal further comprises a payment program in the secure chip, the method further comprising:
the agent program sends the transaction data to the payment program;
and the payment program encrypts the transaction data and returns an encryption result to the third-party payment application, so that the third-party payment application executes payment related operation according to the encryption result.
According to a second aspect of the embodiments of the present disclosure, there is provided a payment apparatus applied to a terminal, the apparatus including: the method comprises the following steps of a third party application, an agent program in a security chip, an identity authentication trusted application TA and a payment TA which run in a trusted execution environment TEE, wherein:
the payment TA is used for receiving transaction data sent by the third party payment application;
the payment TA is used for encrypting the transaction data by using a key acquired from the agent program after the identity information corresponding to the transaction data is authenticated by inquiring from the identity authentication TA to obtain a ciphertext and a check value;
the payment TA is used for sending the ciphertext and the check value to the agent program;
and the agent program is used for decrypting the ciphertext to acquire the transaction data after determining that the ciphertext is sent by the payment TA according to the check value.
In one embodiment, the payment TA is configured to obtain a first session key and a second session key from the agent;
the payment TA is used for encrypting transaction data by using a first session key through a first encryption algorithm to generate a ciphertext, and the first encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
the payment TA is used for calculating a check value according to the second session key and the ciphertext by applying a second encryption algorithm, wherein the second encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
the agent program, configured to determine that the ciphertext was sent by the payment TA according to the check value, includes:
the agent program is used for applying the second encryption algorithm to calculate a verification value according to the second session key and the ciphertext;
and the agent program is used for determining that the ciphertext is sent by the payment TA when the verification value is the same as the check value.
In one embodiment, the payment TA is configured to generate a pair of a public key and a private key;
the payment TA is used for sending the private key to the agent program;
the payment TA is used for generating a random code and carrying the random code in the session key request to send to the agent program;
the agent program is used for responding to the session key request and generating a first session key and a second session key;
the agent program is used for encrypting the first session key, the second session key and the random code by using the private key and then sending the encrypted first session key, the encrypted second session key and the random code to the payment TA;
and the payment TA is used for decrypting the first session key and the second session key by using the public key after decrypting the random code by using the public key.
In one embodiment, the payment TA is configured to send the private key to a security server after signing the private key with a TEE factory key, so that the security server sends the private key to the agent after the signature verification is passed;
and the agent program is used for receiving the private key sent by the security server through a security channel.
In one embodiment, the terminal further comprises a payment program in the secure chip, wherein:
the agent program is used for sending the transaction data to the payment program;
and the payment program is used for encrypting the transaction data and returning an encryption result to the third-party payment application, so that the third-party payment application executes payment related operation according to the encryption result.
According to a third aspect of embodiments of the present disclosure, there is provided a payment apparatus, the apparatus comprising:
the method comprises the following steps that a third party application, an agent program in a security chip, an identity authentication trusted application TA and a payment TA which run in a trusted execution environment TEE are used;
a memory for storing the third party application, agent, authentication TA and payment TA executable instructions;
wherein the payment TA is configured to:
receiving transaction data sent by the third party payment application;
after the identity information corresponding to the transaction data is inquired from the identity authentication TA and passes authentication, encrypting the transaction data by using a key acquired from the agent program to obtain a ciphertext and a check value;
sending the ciphertext and the check value to the agent;
the agent is configured to:
and after the ciphertext is determined to be sent by the payment TA according to the check value, decrypting the ciphertext to obtain the transaction data.
According to a fourth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium storing computer instructions which, when executed, implement the steps in the above-mentioned method.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: in this embodiment, the third party payment application may send the transaction data to a payment TA running in the TEE, and after the payment TA queries that the identity information corresponding to the transaction data passes authentication from the identity authentication TA, the payment TA encrypts the transaction data by using a key acquired from the agent program to obtain a ciphertext and a check value; the payment TA sends the ciphertext and the check value to the security chip; after the agent program determines that the ciphertext is sent by the payment TA according to the check value, the agent program decrypts the ciphertext to obtain the transaction data, so that the payment TA ensures that the received transaction data is the transaction data which is passed by the user information authentication, and the agent program in the safety chip determines that the received ciphertext is sent by the payment TA by verifying the check value, so that the correct transaction data which is passed by the user information authentication can be obtained after decryption, the safety of transaction data transmission is improved, and the safety factor of payment is increased.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flow diagram illustrating a payment method in accordance with an exemplary embodiment.
FIG. 2 is a flow diagram illustrating a payment method in accordance with an exemplary embodiment.
FIG. 3 is a block diagram illustrating a payment device according to an example embodiment.
FIG. 4 is a block diagram illustrating a payment device according to an example embodiment.
FIG. 5 is a block diagram illustrating a payment device according to an example embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
At present, when a third party payment application initiates an online payment transaction, transaction data is transmitted to a security chip according to an agreed format after a user passes verification; the security chip encrypts the transaction data and returns the encrypted transaction data to the third payment application, the third payment application sends the encrypted transaction data to the server, and the server performs payment operation; however, data of the android operating environment where the third-party payment application is located can be tampered and is unsafe, and the security chip cannot determine that the received transaction data is transaction data which is verified by the user.
In order to solve the above problem, in this embodiment, the third party payment Application may send the transaction data to a payment TA (Trusted Application) running in a TEE (Trusted execution environment), where after the payment TA queries that the identity information corresponding to the transaction data passes authentication, the payment TA encrypts the transaction data by using a key acquired from the agent program to obtain a ciphertext and a check value; the payment TA sends the ciphertext and the check value to the security chip; after the agent program determines that the ciphertext is sent by the payment TA according to the check value, the agent program decrypts the ciphertext to obtain the transaction data, so that the payment TA ensures that the received transaction data is the transaction data which is passed by the user information authentication, and the agent program in the safety chip determines that the received ciphertext is sent by the payment TA by verifying the check value, so that the correct transaction data which is passed by the user information authentication can be obtained after decryption, the safety of transaction data transmission is improved, and the safety factor of payment is increased.
Fig. 1 is a flowchart illustrating a payment method according to an exemplary embodiment, and the payment method is used in a terminal or the like, as shown in fig. 1, where the terminal includes a third party application, an agent in a secure chip, an identity authentication trusted application TA running in a trusted execution environment TEE, and a payment TA; the payment method comprises the following steps 101-104:
in step 101, the payment TA receives transaction data sent by the third party payment application.
In step 102, after querying that the identity information corresponding to the transaction data is authenticated from the identity authentication TA, the payment TA encrypts the transaction data by using the key acquired from the agent program to obtain a ciphertext and a check value.
In step 103, the payment TA sends the ciphertext and the check value to the security chip.
In step 104, after determining that the ciphertext is sent by the payment TA according to the check value, the agent decrypts the ciphertext to obtain the transaction data.
Here, the method provided by the present disclosure may be applied to a mobile terminal, which may be a mobile device such as a smart phone or a tablet computer, and a security chip (SE) is disposed in the terminal, and the security chip is a tamper-proof chip, which can ensure that data is stored in a secure place, and information is only open to authorized personnel, and is just like an identity card of an end user individual and the device itself; the mobile terminal provided by the present disclosure employs an SE to ensure security of mobile payment applications. With the popularization of mobile terminals, users usually carry the mobile terminals with them, which provides a very good application environment for the method provided by the present disclosure.
Here, before a user uses a terminal to conduct card swiping transaction, the terminal needs to request a server to send a card, the server can issue the data of the electronic card to a security chip of the terminal in an air card sending mode, and the security chip of the terminal can guarantee the security of the data of the electronic card; therefore, the terminal can simulate a virtual electronic card as third party payment application according to the electronic card data stored in the security chip so as to carry out off-line bank Point of sale (POS) machine transaction and on-line transaction.
Here, when the terminal uses the third party payment application to perform online transaction, for example, when purchasing something in a shopping application such as a mall and an e-commerce of the client, the third party payment application may acquire transaction data such as payment amount, payee information, and bill number from the shopping application; after the third-party payment application acquires the transaction data, identity authentication is required to be performed on the user of the transaction data, and the user of the virtual electronic card is determined to be performing the transaction, at the moment, the third-party payment application triggers a user information authentication process, for example, a user identity information input window is displayed for the user to input identity information, wherein the identity information can be password information input by a keyboard, and can also be biological information of the user, such as fingerprint information, face information, iris information and the like; the terminal acquires the identity information of the user and then sends the identity information and the information ID of the user to an identity authentication TA operating in a TEE environment, the identity authentication TA can authenticate the identity information, if the authentication is passed, the identity authentication TA can inform a third party payment application of the information that the identity information authentication corresponding to the information ID is passed, and after the identity information authentication of the user is passed, the third party payment application sends the transaction data and the information ID of the identity information corresponding to the transaction data to the payment TA.
Here, when the third party payment application sends transaction data to the payment TA, the third party payment application may carry an information ID of the identity information corresponding to the transaction data, so that after receiving the transaction data sent by the third party payment application, the payment TA may send a query message to the identity authentication TA, where the query message carries the information ID of the identity information corresponding to the transaction data, and is used to query whether the identity information corresponding to the information ID passes authentication, and if the identity information passes authentication, it indicates that the transaction data received by the payment TA is the transaction data that the identity information of the user passes authentication, that is, the transaction data that the user agrees to the transaction.
Here, after the payment TA determines that the transaction data is the transaction data that the identity information of the user passes the authentication, the payment TA may encrypt the transaction data using a key acquired from the agent to obtain a ciphertext and a check value, and then send the ciphertext and the check value to the agent in the security chip; after receiving the check value and the ciphertext, the agent program verifies whether the check value is correct or not, if so, the agent program indicates that the check value and the ciphertext are sent from the payment TA, and thus, the agent program can decrypt the ciphertext to obtain transaction data.
In this embodiment, the third party payment application may send the transaction data to a payment TA running in the TEE, and after the payment TA queries that the identity information corresponding to the transaction data passes authentication from the identity authentication TA, the payment TA encrypts the transaction data by using a key acquired from the agent program to obtain a ciphertext and a check value; the payment TA sends the ciphertext and the check value to the security chip; after the agent program determines that the ciphertext is sent by the payment TA according to the check value, the agent program decrypts the ciphertext to obtain the transaction data, so that the payment TA ensures that the received transaction data is the transaction data which is passed by the user information authentication, and the agent program in the safety chip determines that the received ciphertext is sent by the payment TA by verifying the check value, so that the correct transaction data which is passed by the user information authentication can be obtained after decryption, the safety of transaction data transmission is improved, and the safety factor of payment is increased.
In one possible embodiment, step 102 may be implemented as steps a1 through A3 below, and step 104 may be implemented as steps a4 and a 5.
In step a1, the payment TA obtains a first session key and a second session key from the agent.
In step a2, the payment TA applies a first encryption algorithm to encrypt the transaction data using the first session key, and generates a ciphertext, where the first encryption algorithm is an encryption algorithm negotiated between the payment TA and the agent.
In step a3, the payment TA applies a second encryption algorithm to calculate a check value according to the second session key and the ciphertext, where the second encryption algorithm is an encryption algorithm negotiated between the payment TA and the agent.
In step a4, the agent applies the second encryption algorithm to calculate a verification value based on the second session key and the ciphertext.
In step a5, the agent determines that the ciphertext was sent by the payment TA when the verification value is the same as the check value.
Here, the payment TA may communicate with the agent, obtain the first SESSION KEY and the second SESSION KEY from the agent, such as obtaining the first SESSION KEY S-ENC SESSION KEY (SESSION KEY for encryption) from the agent via a general SESSION KEY command (GP profile), and obtain the second SESSION KEY S-MAC SESSION KEY (SESSION KEY for MAC value) from the agent via a general SESSION KEY command (GP profile); then the payment TA can encrypt the transaction data by using a first session key S-ENC session key by using a first encryption algorithm to generate a ciphertext EncryptData, wherein the first encryption algorithm used in encryption is an encryption algorithm negotiated by the payment TA and the agent program; then the payment TA can apply a second encryption algorithm to calculate a check value used for checking, namely a MAC (Message Authentication Codes) value EncryptDataMac (which can be 8 characters or 16 characters), according to the second session key S-MAC session key and the ciphertext (EncryptData), and the second encryption algorithm used for calculating the MAC is the encryption algorithm negotiated by the payment TA and the agent program; then payment TA can replace the data area of the original instruction with the ciphertext EncryptData, add the check value EncryptDataMac to the MAC area of the instruction, modify the length area of the instruction, form a new instruction and send the new instruction to the agent program.
Here, after the agent program receives the instruction with the ciphertext EncryptData and the check value EncryptDataMac, it may calculate the verification value using the same second encryption algorithm according to the second session key and the received ciphertext EncryptData, and if the calculated verification value is the same as the received check value, since the agent program only negotiates the second encryption pair algorithm with the payment TA, it may indicate that the ciphertext EncryptData is definitely the untagged ciphertext sent by the payment TA.
Here, after determining that the ciphertext is sent by the payment TA, the agent may apply a decryption algorithm corresponding to the first encryption algorithm, decrypt the ciphertext encrypt data according to the first session key to obtain transaction data, where the transaction data is transaction data after the identity information sent by the payment TA is authenticated, and the transaction data is safe in a process of being transmitted from the payment TA to the agent.
It should be noted that the first Encryption algorithm and the second Encryption algorithm for calculating the MAC value may be an AES (Advanced Encryption Standard) algorithm, a DES (Data Encryption Standard) algorithm, or another Encryption algorithm, and are not limited herein.
In this embodiment, the payment TA may obtain the first session key and the second session key from the agent program to perform encryption calculation on the transaction data to obtain a ciphertext and a check value, where the encryption is an encryption algorithm negotiated by the payment TA and the agent program, and the agent program uses the second encryption algorithm to calculate the verification value according to the second session key and the ciphertext, and when the verification value is the same as the check value, because the agent program only negotiates the second encryption pair algorithm with the payment TA, it may be determined that the ciphertext is the ciphertext sent by the payment TA and has not been tampered with, so that the security of the transaction data in the transmission process from the payment TA to the agent program is ensured, and the implementation is simple.
In one possible embodiment, step a1 in the above method may be implemented as the following steps a11 to a 16.
In step a11, the payment TA generates a pair of public and private keys.
In step a12, the payment TA sends the private key to the agent.
In step a13, the payment TA generates a random code and sends the random code to the agent program, with the random code being carried in the session key request.
In step a14, the agent generates a first session key and a second session key in response to the session key request.
In step a15, the agent encrypts the first session key, the second session key, and the random number using the private key and sends the encrypted keys to the payment TA.
In step a16, after the payment TA decrypts the random code using the public key, the payment TA decrypts the first session key and the second session key using the public key.
Here, the payment TA may generate a pair of a public key and a private key, where the private key is stored and used by itself, and the public key is sent to the agent, so that when the payment TA obtains the first session key and the second session key from the agent, the payment TA may generate a random code first, then send the random code to the agent by carrying the random code in a session key request, the agent may respond to the session key request after receiving the session key request to generate a first session key and a second session key, the agent may encrypt the first session key, the second session key and the random code by using the private key and send the encrypted first session key, the second session key and the random code to the payment TA, the payment TA may decrypt the encrypted information by using the public key after receiving the encrypted information, and if the payment TA can decrypt the random code sent to the agent, it is indicated that the encrypted information is sent by the agent, the first session key and the second session key may then be decrypted using the public key.
In this embodiment, the payment TA may generate a pair of a public key and a private key, so that when the first session key and the second session key are obtained from the agent, the pair of the public key and the private key may be used to encrypt transmission of the first session key and the second session key, thereby ensuring security of the transmission process of the first session key and the second session key, further improving security of the transmission process of the transaction data from the payment TA to the agent, and being simple to implement.
In one possible embodiment, step a11 in the above method may be implemented as the following steps a111 and a 112.
In step a111, the payment TA signs the private key with a factory TEE key, and sends the private key to the secure server, so that the secure server sends the private key to the agent program after the signature verification is passed.
In step a112, the agent receives the private key sent by the secure server through a secure channel.
Here, when the payment TA generates a pair of a public key and a private key and needs to send the public key to the agent, the payment TA may first sign the public key with a factory release secret key of the TEE, and then send the public key to the security server, where the security server is a background server corresponding to the security chip, a protocol exists between the security server and the TEE, and the security server may check the signature of the secret key of the TEE, and after the security server checks the signature, it is determined that the public key is sent from the payment TA, a security channel of the agent in the security chip is opened through a client on the terminal, and the public key is sent to the agent through the security channel, and the agent stores the public key.
In this embodiment, after the payment TA signs the private key with the TEE delivery key, the private key is sent to the security server, so that the security server sends the private key to the agent program after the signature verification is passed; the agent program receives the private key sent by the security server through a security channel, the security of the private key in the transmission process is guaranteed, the security of the transmission process of the transaction data from the payment TA to the agent program is further improved, and the realization is simple.
In a possible implementation manner, the terminal further includes a payment program in the secure chip, and the above payment method can be further implemented as the following steps B1 and B2.
In step B1, the agent program sends the transaction data to the payment program.
In step B2, the payment program encrypts the transaction data and returns an encryption result to the third party payment application, so that the third party payment application sends the encryption result to a server to execute a payment operation.
Here, after decrypting the transaction data, the agent program may send the transaction data to a payment program in the security chip, where the payment program stores therein the electronic card data issued by the server of the electronic card, and the payment program may encrypt the transaction data according to the electronic card data to obtain an encryption result; and then the encrypted result is sent to a third-party payment application, the third-party payment application can send the encrypted result to a server of the electronic card, the server receives the encrypted result, can execute payment operation after successful decryption, and sends the payment result to the third-party payment application after payment is completed.
In this embodiment, the transaction data may be sent to the payment program by the agent program, the payment program encrypts the transaction data, and an encryption result is returned to the third-party payment application, so that the third-party payment application sends the encryption result to the server to execute the payment operation, thereby completing the transaction.
The implementation is described in detail below by way of several embodiments.
Fig. 2 is a flow chart illustrating a payment method according to an exemplary embodiment, which may be implemented by a device, such as a terminal, as shown in fig. 2, the terminal including: the third party application 21, the agent program 22 and the payment program 23 in the secure chip, the identity authentication trusted application TA24 and the payment TA25 running in the trusted execution environment TEE; the payment method comprises the following steps 201 to 217.
In step 201, the payment TA receives transaction data sent by the third party payment application.
In step 202, the payment TA queries that the identity information corresponding to the transaction data is authenticated from the identity authentication TA.
In step 203, the payment TA generates a pair of public and private keys.
In step 204, the payment TA signs the private key with a TEE factory key, and sends the private key to the security server, so that the security server sends the private key to the agent program after the signature verification is passed.
In step 205, the agent receives the private key sent by the secure server through a secure channel.
In step 206, the payment TA generates a random code and sends the random code to the agent program with the session key request.
In step 207, the agent generates a first session key and a second session key in response to the session key request.
In step 208, the agent encrypts the first session key, the second session key, and the random number using the private key and sends the encrypted session key, the encrypted second session key, and the encrypted random number to the payment TA.
In step 209, after the payment TA decrypts the random code by using the public key, the payment TA decrypts the first session key and the second session key by using the public key.
In step 210, the payment TA applies a first encryption algorithm to encrypt transaction data using the first session key, generating a cryptogram.
Wherein the first encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent.
In step 211, the payment TA applies a second encryption algorithm to calculate a check value from the second session key and the ciphertext.
Wherein the second encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent.
In step 212, the payment TA sends the cryptogram and the check value to the agent.
In step 213, the agent applies the second encryption algorithm to calculate a verification value based on the second session key and the ciphertext.
In step 214, the agent determines that the cryptogram was sent by the payment TA when the verification value is the same as the check value.
In step 215, the agent decrypts the ciphertext to obtain the transaction data.
In step 216, the agent program sends the transaction data to the payment program.
In step 217, the payment program encrypts the transaction data and returns an encryption result to the third party payment application, so that the third party payment application executes payment related operations according to the encryption result.
The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods.
Fig. 3 is a block diagram illustrating a payment device that may be implemented as part or all of an electronic device, in software, hardware, or a combination of both, according to an example embodiment. As shown in fig. 3, the payment apparatus includes: the agent 301 in the secure chip 30, the identity-authenticated trusted application TA302 running in the trusted execution environment TEE31, and the payment TA303, wherein:
the payment TA303 is configured to receive transaction data sent by the third party payment application;
the payment TA303 is configured to encrypt the transaction data by using the key acquired from the agent program after the identity information corresponding to the transaction data is authenticated, which is queried in the identity authentication TA302, to obtain a ciphertext and a check value;
the payment TA303 is configured to send the ciphertext and the check value to the agent 301;
the agent 301 is configured to decrypt the ciphertext to obtain the transaction data after determining that the ciphertext is sent by the payment TA according to the check value.
As a possible embodiment, the payment TA303 is configured to obtain the first session key and the second session key from the agent; the payment TA303 is configured to encrypt transaction data by using the first session key using a first encryption algorithm to generate a ciphertext, where the first encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program; the payment TA303 is configured to calculate a check value according to the second session key and the ciphertext by using a second encryption algorithm, where the second encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program; the agent 301 is configured to apply the second encryption algorithm to calculate a verification value according to the second session key and the ciphertext; the agent 301 is configured to determine that the ciphertext was sent by the payment TA when the verification value is the same as the check value.
As a possible embodiment, the payment TA303 is configured to generate a pair of a public key and a private key; the payment TA303 is configured to send the private key to the agent 301; the payment TA303 is configured to generate a random code, carry the random code in the session key request, and send the random code to the agent 301; the agent 301 is configured to respond to the session key request and generate a first session key and a second session key; the agent 301 is configured to encrypt the first session key, the second session key, and the random code by using the private key, and then send the encrypted first session key, the encrypted second session key, and the encrypted random code to the payment TA 303; the payment TA303 is configured to decrypt the random code by using the public key, and then decrypt the first session key and the second session key by using the public key.
In a possible embodiment, the payment TA303 is configured to send the security server after signing the private key with a TEE factory key, so that the security server sends the private key to the agent 301 after the signature verification is passed; the agent 301 is configured to receive the private key sent by the secure server through a secure channel.
As a possible embodiment, fig. 4 is a block diagram illustrating a payment apparatus according to an exemplary embodiment, and as shown in fig. 4, the payment apparatus disclosed above may further include a payment program 304 in the secure chip, wherein:
the agent 301, configured to send the transaction data to the payment program;
the payment program 304 is configured to encrypt the transaction data and return an encryption result to the third-party payment application, so that the third-party payment application executes payment related operations according to the encryption result.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
Fig. 5 is a block diagram illustrating a payment apparatus adapted for use with a terminal device according to an exemplary embodiment. For example, the apparatus 500 may be a mobile phone, a game console, a computer, a tablet device, a personal digital assistant, and the like.
The apparatus 500 may include one or more of the following components: processing component 501, memory 502, power component 503, multimedia component 504, audio component 505, input/output (I/O) interface 506, sensor component 507, and communication component 508.
The processing component 501 generally controls the overall operation of the device 500, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 501 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 501 may include one or more modules that facilitate interaction between the processing component 501 and other components. For example, the processing component 501 may include a multimedia module to facilitate interaction between the multimedia component 504 and the processing component 501.
The memory 502 is configured to store various types of data to support operations at the apparatus 500. Examples of such data include instructions for any application or method operating on device 500, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 502 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
The power supply component 503 provides power to the various components of the device 500. The power components 503 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 500.
The multimedia component 504 includes a screen that provides an output interface between the device 500 and the user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 504 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the device 500 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 505 is configured to output and/or input audio signals. For example, audio component 505 includes a Microphone (MIC) configured to receive external audio signals when apparatus 500 is in an operating mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 502 or transmitted via the communication component 508. In some embodiments, audio component 505 further comprises a speaker for outputting audio signals.
The I/O interface 506 provides an interface between the processing component 501 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 507 includes one or more sensors for providing various aspects of condition assessment for the device 500. For example, the sensor assembly 507 may detect the open/closed status of the device 500, the relative positioning of the components, such as the display and keypad of the device 500, the sensor assembly 507 may also detect a change in the position of the device 500 or a component of the device 500, the presence or absence of user contact with the device 500, the orientation or acceleration/deceleration of the device 500, and a change in the temperature of the device 500. The sensor assembly 507 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 507 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 507 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 508 is configured to facilitate wired or wireless communication between the apparatus 500 and other devices. The apparatus 500 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 508 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 508 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 500 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer readable storage medium comprising instructions, such as the memory 502 comprising instructions, executable by the processor 820 of the apparatus 500 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The present embodiment provides a computer-readable storage medium, wherein the instructions of the storage medium, when executed by the apparatus 500, implement the following steps:
the payment TA receives transaction data sent by the third party payment application;
after the identity information corresponding to the transaction data is authenticated, which is inquired from the identity authentication TA, the payment TA encrypts the transaction data by using a secret key acquired from the agent program to obtain a ciphertext and a check value;
the payment TA sends the ciphertext and the check value to the agent;
and after determining that the ciphertext is sent by the payment TA according to the check value, the agent program decrypts the ciphertext to obtain the transaction data.
The instructions in the storage medium when executed by the processor may further implement the steps of:
the payment TA encrypting the transaction data using the key obtained from the agent, and obtaining a ciphertext and a check value comprises:
the payment TA obtains a first session key and a second session key from the agent;
the payment TA applies a first encryption algorithm to encrypt transaction data by using the first session key to generate a ciphertext, wherein the first encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
the payment TA applies a second encryption algorithm to calculate a check value according to the second session key and the ciphertext, wherein the second encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
the agent program determines that the ciphertext is sent by the payment TA according to the check value, and the method comprises the following steps:
the agent program applies the second encryption algorithm to calculate a verification value according to the second session key and the ciphertext;
the agent determines that the ciphertext was sent by the payment TA when the verification value is the same as the check value.
The instructions in the storage medium when executed by the processor may further implement the steps of:
the payment TA obtains a first session key and a second session key from the agent, including:
the payment TA generates a pair of public key and private key;
the payment TA sends the private key to the agent;
the payment TA generates a random code and sends the random code carried in the session key request to the agent program;
the agent program responds to the session key request to generate a first session key and a second session key;
the agent program encrypts the first session key, the second session key and the random code by using the private key and then sends the encrypted first session key, the encrypted second session key and the random code to the payment TA;
and after the payment TA uses the public key to decrypt the random code, the payment TA uses the public key to decrypt the first session key and the second session key.
The instructions in the storage medium when executed by the processor may further implement the steps of:
the payment TA sends the private key to the security chip, including:
the payment TA signs the private key by using a TEE delivery key and then sends the private key to a security server so that the security server can send the private key to the agent program after the signature is checked;
and the agent program receives the private key sent by the security server through a security channel.
The instructions in the storage medium when executed by the processor may further implement the steps of:
the terminal further comprises a payment program in the secure chip, and the method further comprises:
the agent program sends the transaction data to the payment program;
and the payment program encrypts the transaction data and returns an encryption result to the third-party payment application, so that the third-party payment application executes payment related operation according to the encryption result.
The present embodiment also provides a payment device, the device includes: the method comprises the following steps that a third party application, an agent program in a security chip, an identity authentication trusted application TA and a payment TA which run in a trusted execution environment TEE are used;
a memory for storing the third party application, agent, authentication TA and payment TA executable instructions;
wherein the payment TA is configured to:
receiving transaction data sent by the third party payment application;
after the identity information corresponding to the transaction data is inquired from the identity authentication TA and passes authentication, encrypting the transaction data by using a key acquired from the agent program to obtain a ciphertext and a check value;
sending the ciphertext and the check value to the agent;
the agent is configured to:
and after the ciphertext is determined to be sent by the payment TA according to the check value, decrypting the ciphertext to obtain the transaction data.
In one embodiment, the payment TA is configured to:
encrypting the transaction data using the key obtained from the agent to obtain a ciphertext and a check value comprises:
obtaining a first session key and a second session key from the agent;
encrypting transaction data by using the first session key by using a first encryption algorithm to generate a ciphertext, wherein the first encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
calculating a check value according to the second session key and the ciphertext by using a second encryption algorithm, wherein the second encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
the agent is configured to:
determining, according to the check value, that the ciphertext was sent by the payment TA, including:
calculating a verification value according to the second session key and the ciphertext by applying the second encryption algorithm;
and when the verification value is the same as the check value, determining that the ciphertext is sent by the payment TA.
In one embodiment, the payment TA is configured to:
generating a pair of public key and private key;
sending the private key to the agent;
generating a random code and carrying the random code in the session key request to be sent to the agent program;
the agent is configured to:
responding to the session key request to generate a first session key and a second session key;
encrypting the first session key, the second session key and the random code by using the private key and then sending the encrypted first session key, the encrypted second session key and the random code to the payment TA;
the payment TA is configured to:
and after the random code is decrypted by using the public key, the first session key and the second session key are decrypted by using the public key.
In one embodiment, the payment TA is configured to:
after the private key is signed by a TEE delivery secret key, a security server is sent, so that the security server can send the private key to the agent program after the signature is checked;
the agent is configured to:
and receiving the private key sent by the security server through a security channel.
In one embodiment, the terminal further comprises a payment program in the secure chip, the agent program configured to:
sending the transaction data to the payment program;
the payment program is configured to:
and encrypting the transaction data, and returning an encryption result to the third party payment application, so that the third party payment application executes payment related operation according to the encryption result.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (12)
1. A payment method applied to a terminal, the terminal comprising: the method comprises the following steps that a third party application, an agent program in a security chip, an identity authentication trusted application TA and a payment TA which run in a trusted execution environment TEE are used;
the payment TA receives transaction data sent by the third party payment application;
after the identity information corresponding to the transaction data is authenticated, which is inquired from the identity authentication TA, the payment TA encrypts the transaction data by using a secret key acquired from the agent program to obtain a ciphertext and a check value;
the payment TA sends the ciphertext and the check value to the agent;
after determining that the ciphertext is sent by the payment TA according to the check value, the agent program decrypts the ciphertext to obtain the transaction data;
the payment TA encrypting the transaction data using the key obtained from the agent, and obtaining a ciphertext and a check value comprises:
the payment TA obtains a first session key and a second session key from the agent;
the payment TA applies a first encryption algorithm to encrypt transaction data by using the first session key to generate a ciphertext, wherein the first encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
and the payment TA applies a second encryption algorithm to calculate a check value according to the second session key and the ciphertext, wherein the second encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program.
2. The method of claim 1, wherein the agent determines from the check value that the ciphertext was sent by the payment TA, comprising:
the agent program applies the second encryption algorithm to calculate a verification value according to the second session key and the ciphertext;
the agent determines that the ciphertext was sent by the payment TA when the verification value is the same as the check value.
3. The method of claim 2, wherein the payment TA obtains a first session key and a second session key from the agent, comprising:
the payment TA generates a pair of public key and private key;
the payment TA sends the private key to the agent;
the payment TA generates a random code and sends the random code carried in the session key request to the agent program;
the agent program responds to the session key request to generate a first session key and a second session key;
the agent program encrypts the first session key, the second session key and the random code by using the private key and then sends the encrypted first session key, the encrypted second session key and the random code to the payment TA;
and after the payment TA uses the public key to decrypt the random code, the payment TA uses the public key to decrypt the first session key and the second session key.
4. The method of claim 3, wherein the payment TA sends the private key to the secure chip, comprising:
the payment TA signs the private key by using a TEE delivery key and then sends the private key to a security server so that the security server can send the private key to the agent program after the signature is checked;
and the agent program receives the private key sent by the security server through a security channel.
5. The method of claim 1, wherein the terminal further comprises a payment program in a secure chip, the method further comprising:
the agent program sends the transaction data to the payment program;
and the payment program encrypts the transaction data and returns an encryption result to the third-party payment application, so that the third-party payment application executes payment related operation according to the encryption result.
6. A payment apparatus, applied to a terminal, the apparatus comprising: the method comprises the steps of an agent program in a security chip, an identity authentication trusted application TA and a payment TA which run in a trusted execution environment TEE, wherein:
the payment TA is used for receiving transaction data sent by the third party payment application;
the payment TA is used for encrypting the transaction data by using a key acquired from the agent program after the identity information corresponding to the transaction data is authenticated by inquiring from the identity authentication TA to obtain a ciphertext and a check value;
the payment TA is used for sending the ciphertext and the check value to the agent program;
the payment TA is used for acquiring a first session key and a second session key from the agent program;
the payment TA is used for encrypting transaction data by using a first session key through a first encryption algorithm to generate a ciphertext, and the first encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
the payment TA is used for calculating a check value according to the second session key and the ciphertext by applying a second encryption algorithm, wherein the second encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
and the agent program is used for decrypting the ciphertext to acquire the transaction data after determining that the ciphertext is sent by the payment TA according to the check value.
7. The apparatus of claim 6,
the agent program is used for applying the second encryption algorithm to calculate a verification value according to the second session key and the ciphertext;
and the agent program is used for determining that the ciphertext is sent by the payment TA when the verification value is the same as the check value.
8. The apparatus of claim 7,
the payment TA is used for generating a pair of public key and private key;
the payment TA is used for sending the private key to the agent program;
the payment TA is used for generating a random code and carrying the random code in the session key request to send to the agent program;
the agent program is used for responding to the session key request and generating a first session key and a second session key;
the agent program is used for encrypting the first session key, the second session key and the random code by using the private key and then sending the encrypted first session key, the encrypted second session key and the random code to the payment TA;
and the payment TA is used for decrypting the first session key and the second session key by using the public key after decrypting the random code by using the public key.
9. The apparatus of claim 8,
the payment TA is used for sending the private key to a security server after signing by using a TEE delivery key so that the security server can send the private key to the agent program after the signature is checked;
and the agent program is used for receiving the private key sent by the security server through a security channel.
10. The apparatus of claim 6, further comprising a payment program in the secure chip, wherein:
the agent program is used for sending the transaction data to the payment program;
and the payment program is used for encrypting the transaction data and returning an encryption result to the third-party payment application, so that the third-party payment application executes payment related operation according to the encryption result.
11. A payment device, the device comprising:
the method comprises the following steps that a third party application, an agent program in a security chip, an identity authentication trusted application TA and a payment TA which run in a trusted execution environment TEE are used;
a memory for storing the third party application, agent, authentication TA and payment TA executable instructions;
wherein the payment TA is configured to:
receiving transaction data sent by the third party payment application;
after the identity information corresponding to the transaction data is inquired from the identity authentication TA and passes authentication, encrypting the transaction data by using a key acquired from the agent program to obtain a ciphertext and a check value;
sending the ciphertext and the check value to the agent;
the encrypting the transaction data using the key obtained from the agent to obtain a ciphertext and a check value comprises:
obtaining a first session key and a second session key from the agent;
encrypting transaction data by using the first session key by using a first encryption algorithm to generate a ciphertext, wherein the first encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
calculating a check value according to the second session key and the ciphertext by using a second encryption algorithm, wherein the second encryption algorithm is an encryption algorithm negotiated by the payment TA and the agent program;
the agent is configured to:
and after the ciphertext is determined to be sent by the payment TA according to the check value, decrypting the ciphertext to obtain the transaction data.
12. A computer readable storage medium storing computer instructions, wherein the computer instructions, when executed, implement the steps of the method of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810609351.0A CN108898388B (en) | 2018-06-13 | 2018-06-13 | Payment method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810609351.0A CN108898388B (en) | 2018-06-13 | 2018-06-13 | Payment method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108898388A CN108898388A (en) | 2018-11-27 |
| CN108898388B true CN108898388B (en) | 2021-11-02 |
Family
ID=64345220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810609351.0A Active CN108898388B (en) | 2018-06-13 | 2018-06-13 | Payment method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108898388B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112016928B (en) * | 2019-05-31 | 2024-01-16 | 华控清交信息科技(北京)有限公司 | Payment method and device and payment device |
| CN110399740B (en) * | 2019-07-29 | 2021-05-25 | 浙江诺诺网络科技有限公司 | Method and system for safe interaction of proxy data |
| CN111401901B (en) * | 2020-03-23 | 2021-06-04 | 腾讯科技(深圳)有限公司 | Authentication method and device of biological payment device, computer device and storage medium |
| CN112749971A (en) * | 2020-08-21 | 2021-05-04 | 腾讯科技(深圳)有限公司 | Payment verification method and device, detachable camera assembly and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104008481A (en) * | 2014-04-02 | 2014-08-27 | 上海柯斯软件股份有限公司 | Loading-in-air system and method based on non-contact type mobile payment mobile phone terminal |
| CN104200363B (en) * | 2014-08-11 | 2017-07-04 | 济南曼维信息科技有限公司 | A kind of method of payment of the electronic purse system based on encrypting fingerprint |
| CN105488679B (en) * | 2015-11-23 | 2019-12-03 | 北京小米支付技术有限公司 | Mobile payment device, method and apparatus based on biological identification technology |
| US10372656B2 (en) * | 2016-11-21 | 2019-08-06 | Intel Corporation | System, apparatus and method for providing trusted input/output communications |
| CN107995608B (en) * | 2017-12-05 | 2021-01-15 | 飞天诚信科技股份有限公司 | Method and device for authentication through Bluetooth vehicle-mounted unit |
-
2018
- 2018-06-13 CN CN201810609351.0A patent/CN108898388B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108898388A (en) | 2018-11-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10595201B2 (en) | Secure short message service (SMS) communications | |
| TWI792284B (en) | Methods for validating online access to secure device functionality | |
| US20200169550A1 (en) | Methods and devices for authenticating smart card | |
| CN108898388B (en) | Payment method and device | |
| US8417643B2 (en) | Trusted service manager (TSM) architectures and methods | |
| CN104219058B (en) | Authentication, identification authorization method and device | |
| CN109146470B (en) | Method and device for generating payment code | |
| CN106716916B (en) | Authentication system and method | |
| US20230135815A1 (en) | Contactless card personal identification system | |
| US20140279566A1 (en) | Secure mobile payment using media binding | |
| US20190087814A1 (en) | Method for securing a payment token | |
| RU2603549C2 (en) | Verification method, device and system for protection against counterfeit | |
| US10772141B2 (en) | System and method for peer-to-peer wireless communication | |
| CN108696361B (en) | Configuration method, generation method and device of smart card | |
| CN106534083B (en) | Brush machine Tool validation method and device | |
| KR20170042392A (en) | Method for Providing Mobile Payment Service by Using Account Information | |
| CN108881242B (en) | Method and device for acquiring electronic identity card | |
| CN108712384B (en) | Terminal authentication method and device, terminal and server | |
| CN106603229B (en) | Signing messages generation method and device | |
| CN105897425B (en) | Distribution, the method and device for requesting social networks account | |
| KR20190068851A (en) | Operation method of server apparatus, operation method of terminal and server apparatus | |
| EP4250210A1 (en) | Devices, methods and a system for secure electronic payment transactions | |
| CN115473736A (en) | Data request message verification method, device, equipment and storage medium | |
| CN115277020A (en) | User authentication method, device, electronic device, storage medium and program product | |
| CN114819936A (en) | Method and device for acquiring transfer information, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |