CN112633864A - Payment system and method based on TEE and Bluetooth type digital currency hardware wallet - Google Patents

Payment system and method based on TEE and Bluetooth type digital currency hardware wallet Download PDF

Info

Publication number
CN112633864A
CN112633864A CN202011473365.8A CN202011473365A CN112633864A CN 112633864 A CN112633864 A CN 112633864A CN 202011473365 A CN202011473365 A CN 202011473365A CN 112633864 A CN112633864 A CN 112633864A
Authority
CN
China
Prior art keywords
wallet
digital currency
bluetooth
digital
hardware
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011473365.8A
Other languages
Chinese (zh)
Inventor
张渊
李勃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Watchdata Co ltd
Original Assignee
Beijing Watchdata Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Watchdata Co ltd filed Critical Beijing Watchdata Co ltd
Priority to CN202011473365.8A priority Critical patent/CN112633864A/en
Publication of CN112633864A publication Critical patent/CN112633864A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/06Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme
    • G06Q20/065Private payment circuits, e.g. involving electronic currency used among participants of a common payment scheme using e-cash
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses a payment system and a method based on TEE and Bluetooth type digital currency hardware wallet, wherein the method comprises the following steps: a mobile intelligent terminal and a Bluetooth type digital currency hardware wallet; the mobile intelligent terminal comprises an operating system Rich OS and a trusted execution environment TEE OS which run in parallel, wherein a digital currency wallet management APP runs in the Rich OS, a digital currency wallet SDK is integrated in the digital currency wallet management APP, and a digital currency wallet TA runs in the TEE OS; the bluetooth type digital currency hardware wallet includes: the safety chip control module comprises a communication interface and a power supply control module which are connected with the safety chip control module, wherein the communication interface comprises an NFC module and a Bluetooth module; a circuit protection key is preset between the Bluetooth type digital currency hardware wallet and the digital currency wallet TA. The invention realizes credible man-machine interaction by utilizing the TEE function of the mobile intelligent terminal, combines the physical security characteristic of the Bluetooth type digital currency hardware wallet and realizes low cost and high security.

Description

Payment system and method based on TEE and Bluetooth type digital currency hardware wallet
Technical Field
The invention relates to the technical field of digital currency correlation, in particular to a payment system and method based on a TEE and Bluetooth type digital currency hardware wallet.
Background
At present, digital money purses are mainly divided into two types, one is a software purse in the form of APP; the other is a hardware wallet based on a secure chip SE. The hardware wallet stores data such as digital currency assets (currency value, secret key, transaction certificate, transaction record) and the like in the SE, and digital currency operation, payment, synchronization and the like are completed in the SE.
The prior art provides a special embedded equipment with SE, and storage digital currency asset uses in the SE, cooperation smart mobile phone, has communication interfaces such as bluetooth, USB, can be connected with APP on the smart mobile phone, can pass through NFC with other hardware wallets and realize off-line transaction. However, the scheme needs to be matched with a smart phone for use, wallet passwords and transaction parameters are input from the mobile phone APP during payment, and the security depends on the security protection of the mobile phone APP. Under the condition that a display screen is not configured, transaction information needs to be confirmed in a mobile phone APP, so that the safety is poor; in the case where the display screen is configured, it is inconvenient to read if the screen is too small, and it is inconvenient to carry if it is large. In addition, configuring the combination keypad and display screen can increase the cost of the hardware wallet.
The prior art also provides a software wallet in the form of an APP, which runs on a smart phone. The digital currency assets are stored in the mobile phone under software protection or managed by a digital currency background system. However, the security is poor when the wallet password, the transaction parameters and the confirmed transaction information are input into the smart phone. If the digital currency assets are stored on the mobile phone, the security level of software protection is low, and physical security protection cannot be provided. If the digital currency assets are managed by the background system, offline transactions are not supported, and convenience is poor.
The prior art also provides a method for constructing a digital currency hardware wallet (SE is arranged in the mobile phone) on the smart phone based on TEE + SE, and meanwhile, the method has the advantages of convenience, high safety and offline transaction support. However, this solution is highly dependent on the hardware configuration of the handset, and has poor compatibility. The mobile phone without SE and NFC functions or the mobile phone without opening related functions cannot adopt the scheme.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a payment system and method based on a TEE and a Bluetooth type digital currency hardware wallet.
In order to achieve the purpose, the technical scheme adopted by the invention is as follows:
a TEE and bluetooth-type digital currency hardware wallet based payment system comprising: a mobile intelligent terminal and a Bluetooth type digital currency hardware wallet;
the mobile intelligent terminal comprises an operating system Rich OS and a trusted execution environment TEE OS which run in parallel, wherein a digital currency wallet management APP runs in the Rich OS, a digital currency wallet SDK is integrated in the digital currency wallet management APP, and a digital currency wallet TA runs in the TEE OS; the digital money wallet management APP is used for realizing the functions of balance inquiry, recharging, cash withdrawal, payment and collection by calling an API (application program interface) of the digital money wallet SDK; the digital money wallet SDK is used for accessing the digital money wallet TA and establishing Bluetooth connection with the Bluetooth type digital money hardware wallet; the digital currency wallet TA is used for realizing the digital currency payment function of the Bluetooth type digital currency hardware wallet, and the communication with the Bluetooth type digital currency hardware wallet is realized through the digital currency wallet SDK;
the bluetooth-type digital currency hardware wallet comprises: the security chip control module is connected with a communication interface and a power supply control module, the communication interface comprises an NFC module and a Bluetooth module, the NFC module is used for communicating with other hardware wallets, and the Bluetooth module is used for communicating with the mobile intelligent terminal; and a line protection key is preset between the Bluetooth type digital currency hardware wallet and the digital currency wallet TA and is used for realizing end-to-end encryption.
Further, the payment system as described above, the digital money wallet TA further being configured to: before running, verifying authenticity of the digital money wallet managing APP, the digital money wallet TA responding only to access requests from the digital money wallet managing APP.
Further, as with the payment system described above, the TUI of the TEE OS is configured to provide a trusted human-machine interface, including providing a plurality of virtual keyboard configurations, receiving a user-entered wallet password, transaction parameters, and displaying the transaction parameters, a confirmation button, and a cancel button.
Further, as for the payment system, the bluetooth type digital currency hardware wallet is further provided with a physical key, and the physical key is connected with the security chip control module and used for confirming the pairing intention of the user in the bluetooth pairing process of the bluetooth type digital currency hardware wallet and the mobile intelligent terminal and confirming the transaction intention of the user in the digital currency transaction process.
A payment method based on TEE and bluetooth type digital currency hardware wallets, comprising the steps of:
s100, establishing Bluetooth connection between a Bluetooth type digital currency hardware wallet and a digital currency wallet SDK, and prefabricating a line protection key between the Bluetooth type digital currency hardware wallet and the communication of the digital currency wallet TA;
s200, based on an API call request of digital currency transaction sent by a digital currency wallet management APP, sending a digital currency payment request to a digital currency wallet TA by a digital currency wallet SDK;
s300, based on the digital currency payment request, the bluetooth connection and the line protection key, the digital currency wallet TA generates an APDU command, which is forwarded to the bluetooth-type digital currency hardware wallet via the digital currency wallet SDK;
s400, based on the APDU command, the bluetooth connection, and the line protection key, the bluetooth-type digital currency hardware wallet performing a digital currency payment operation, generating an APDU response, and returning the APDU response to the digital currency wallet TA via the digital currency wallet SDK;
s500, based on the APDU response and the line protection key, the digital money wallet TA returns the transaction result to the digital money wallet SDK;
s600, based on the transaction result, the SDK returns an API calling result to the APP.
Further, the payment method as described above, in S100, the bluetooth-type digital money hardware wallet establishes a bluetooth connection with the digital money wallet SDK based on a confirmation connection instruction input by a user through a physical key;
in S300, the digital currency wallet TA displays transaction information included in the digital currency payment request through the TUI, and generates an APDU command based on a payment password and a confirmation instruction input by a user through the TUI;
in S400, the bluetooth-type digital money hardware wallet performs a digital money payment operation based on a confirmation transaction instruction input by the user through the physical key.
Further, in the payment method as described above, the line protection KEY includes ENC-KEY and MAC-KEY.
Further, the payment method as described above, S300, includes:
s301, the digital currency wallet TA generates an APDU command;
s302, encrypting the APDU command by the digital currency wallet TA by using the ENC-KEY to obtain a ciphertext D1;
s303, the digital currency wallet TA calculates MAC for the ciphertext D1 by using the MAC-KEY to obtain a message authentication code D2;
s304, the digital money wallet TA sends the ciphertext D1 and the message authentication code D2 to the digital money wallet SDK;
s305, based on the Bluetooth connection, the digital money wallet SDK sends the ciphertext D1 and the message authentication code D2 to the Bluetooth type digital money hardware wallet.
Further, the payment method as described above, S400 includes:
s401, the Bluetooth type digital currency hardware wallet verifies the message authentication code D2 through the MAC-KEY, and if the verification fails, the process is ended;
s402, the Bluetooth type digital currency hardware wallet decrypts the ciphertext D1 by using the ENC-KEY to obtain the APDU command;
s403, the Bluetooth type digital currency hardware wallet executes the APDU command and generates an APDU response;
s404, encrypting the APDU response by the Bluetooth type digital currency hardware wallet by using the ENC-KEY to obtain a ciphertext D3;
s405, the Bluetooth type digital currency hardware wallet calculates MAC to the ciphertext D3 through the MAC-KEY to obtain a message authentication code D4;
s406, based on the Bluetooth connection, the Bluetooth type digital money hardware wallet sends the ciphertext D3 and the message authentication code D4 to the digital money wallet SDK;
s407, the digital money wallet SDK sends the ciphertext D3 and the message authentication code D4 to the digital money wallet TA;
further, the payment method as described above, S500 includes:
s501, the digital currency wallet TA verifies the message authentication code D4 by using the MAC-KEY, and if the verification fails, the process is ended;
s502, the digital currency wallet TA decrypts the ciphertext D3 by using the ENC-KEY to obtain the APDU response.
The invention has the beneficial effects that: the system and the method provided by the invention realize credible man-machine interaction by utilizing the TEE function of the mobile intelligent terminal, and realize a digital currency payment system and a method which have low cost, high safety and support more mobile phones by combining the physical safety characteristic of the Bluetooth type digital currency hardware wallet; the Bluetooth hardware wallet is equivalently provided with a display screen and a password keyboard (provided by a mobile TEE) which are remotely connected, and the Bluetooth hardware wallet has good display effect, rich display content and good keyboard input experience; the product size of the Bluetooth hardware wallet is reduced, the Bluetooth hardware wallet is more convenient to carry, and the cost is reduced; the payment safety is high, and the usability, the convenience and the safety are balanced; the applicable mobile phone models are more, and a built-in SE (secure element) of the mobile phone is not needed.
Drawings
Fig. 1 is a schematic structural diagram of a mobile intelligent terminal in a payment system based on a TEE and a bluetooth-type digital currency hardware wallet provided in an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a bluetooth-type digital currency hardware wallet in a payment system based on a TEE and the bluetooth-type digital currency hardware wallet provided in an embodiment of the present invention;
FIG. 3 is a schematic flow chart of a payment method based on a TEE and Bluetooth type digital currency hardware wallet provided in an embodiment of the present invention;
fig. 4 is a timing diagram of a payment method based on TEE and bluetooth-type digital currency hardware wallets provided in an embodiment of the invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and the detailed description.
As shown in fig. 1-2, an embodiment of the present invention provides a payment system based on TEE and bluetooth type digital currency hardware wallet, comprising: a mobile intelligent terminal and a Bluetooth type digital currency hardware wallet.
As can be seen from fig. 1, the mobile intelligent terminal includes an operating system Rich OS and a trusted execution environment TEE OS running in parallel, where the Rich OS runs a digital currency wallet management APP, the digital currency wallet management APP integrates a digital currency wallet SDK, and the TEE OS runs a digital currency wallet TA. Specifically, the mobile intelligent terminal is a mobile intelligent terminal with TEE and TUI functions, such as: smart phones, tablets and other terminal devices with intelligent operating systems. The operating system Rich OS may be an Android system.
The digital money wallet management APP is an application program running in the Rich OS, and the functions of balance inquiry, recharging, cash withdrawal, payment and collection are realized by calling an API (application program interface) of the digital money wallet SDK.
The digital money wallet SDK is used to provide an API for digital money wallet functionality. The SDK is integrated in, and part of, a digital currency wallet management APP. It can access the digital money wallet TA and also establish a bluetooth connection with the bluetooth-type digital money hardware wallet to relay communication data between the digital money wallet TA and the bluetooth-type digital money hardware wallet. When the API interface of the digital money wallet SDK is called by the digital money wallet management APP, the digital money wallet SDK sends a digital money payment request to the digital money wallet TA, and the digital money wallet TA implements the digital money payment function of the bluetooth-type digital money hardware wallet, and the digital money wallet SDK returns an API call result to the digital money wallet management APP after receiving an operation result returned by the digital money wallet TA.
The digital currency wallet TA is a trusted application running in the TEE OS. The digital money wallet TA is used for realizing the digital money payment function of the Bluetooth type digital money hardware wallet, storing a protection key for communicating with the Bluetooth type digital money hardware wallet, and realizing the communication with the Bluetooth type digital money hardware wallet through the digital money wallet SDK. The digital currency wallet TA includes a module for operating the Bluetooth hardware wallet to perform digital currency payment functions. The TA holds the protection key needed to communicate with the bluetooth hardware wallet for encrypting APDU commands. Since the TEE does not have the bluetooth communication function, the APDU command cryptograph of TA and bluetooth hardware wallet communication is forwarded instead by SDK. The digital money wallet TA needs to verify before running the authenticity of the digital money wallet managing APP in Rich OS a priori: the digital money wallet TA only responds to access requests from the wallet managing APP (with a specific package name and APP certificate).
The TEE OS is an independent trusted execution environment running in parallel with the Rich OS, providing security services for the Rich OS environment. The TUI function of the TEE provides a trusted human-computer interaction interface. Under the traditional technology, it is unsafe to let users input wallet passwords or passwords in the Rich OS, and the wallet passwords or passwords can be threatened by various software and hardware attack means. And the TUI runs in a TEE trusted execution environment, so that a user can input a password in the TUI, and malicious software in the Rich OS cannot sniff or intercept the password content. Various virtual keyboard configurations may also be provided in the TUI, such as numeric, alphabetic, symbolic keyboards, etc., that may achieve a consistent input experience with the Rich OS. In addition to entering the wallet password in the TUI, the TA also supports the user to enter transaction parameters in the TUI, such as amount, account, etc. information. The TA also supports the display of transaction parameters (amount, account number, etc.), confirmation button, cancel button in the TUI context. The TUI protects the displayed transaction information from being tampered, hijacked and leaked, and protects the confirmation and cancellation operations of the user from being hijacked or counterfeited. And after confirming that the transaction information is correct, the user clicks a confirmation button to complete the transaction, and the transaction can also be cancelled. If the user does not operate for a long time, the TUI will automatically time out and the transaction will be cancelled. The user verifies the transaction information displayed by the TUI and clicks a confirmation button in the TUI, which is the embodiment of the user's true transaction will.
The Bluetooth type digital currency hardware wallet is a digital currency hardware wallet with a Bluetooth connection function and consists of three parts, namely a security chip control module, a communication interface and a power supply control module; specifically, the hardware wallet does not need to be configured with a display screen and a password keyboard (replaced by the TEE TUI function of the smart terminal). As can be seen from fig. 1, the bluetooth-type digital currency hardware wallet includes: the safety chip control module, with communication interface and the power control module that the safety chip control module is connected, communication interface includes NFC module and bluetooth module, the NFC module is used for communicating with other hardware wallets, bluetooth module is used for communicating with mobile intelligent terminal. The Bluetooth type digital currency hardware wallet is further provided with a physical key, and the physical key is connected with the security chip control module and used for confirming the pairing intention of a user in the Bluetooth pairing process of the Bluetooth type digital currency hardware wallet and the mobile intelligent terminal and confirming the transaction intention of the user in the digital currency transaction process. The bluetooth type digital currency hardware wallet holds the digital currency assets (such as keys, certificates, currency values, certificates and the like) of the user, and has physical security characteristics. The Bluetooth type digital currency hardware wallet executes APDU command generated by TA and forwarded by SDK through Bluetooth, and returns APDU response through Bluetooth module after executing digital currency payment operation.
As shown in fig. 3-4, an embodiment of the present invention further provides a payment method based on a TEE and a bluetooth-type digital currency hardware wallet, including the following steps:
s100, Bluetooth connection is established between a Bluetooth type digital currency hardware wallet and a digital currency wallet SDK, and a line protection key is prefabricated between the Bluetooth type digital currency hardware wallet and communication of a digital currency wallet TA;
specifically, to improve wallet security, the bluetooth-type digital money hardware wallet establishes a bluetooth connection with the digital money wallet SDK based on a confirmation connection command input by the user through physical keys. When the user presses the physical key, the Bluetooth connection is established with the user, otherwise, the connection is refused.
S200, based on an API call request of digital currency transaction sent by a digital currency wallet management APP, sending a digital currency payment request to a digital currency wallet TA by a digital currency wallet SDK;
s300, based on the digital currency payment request, the Bluetooth connection and the line protection key, the digital currency wallet TA generates an APDU command, and forwards the APDU command to the Bluetooth type digital currency hardware wallet through the digital currency wallet SDK;
specifically, to improve payment security, the digital currency wallet TA displays transaction information included in a digital currency payment request through the TUI, and generates an APDU command based on a payment password and a confirmation instruction input by a user. The payment instruction is sent out after the user confirms the payment, if the user does not press the confirmation button displayed by the TUI or presses the cancel button for more than the preset time, the payment is not willing to be paid and the payment is cancelled, so that the payment safety is greatly improved.
S400, based on the APDU command, the Bluetooth connection and the line protection key, the Bluetooth type digital currency hardware wallet executes the digital currency payment operation to generate an APDU response, and the APDU response is returned to the digital currency wallet TA through the digital currency wallet SDK;
specifically, based on the APDU command and the confirmed transaction instruction input by the user through the physical key, the bluetooth-type digital currency hardware wallet performs a digital currency payment operation, generating an APDU response. After the user presses the physical key and confirms the payment intention of the user, the payment operation is executed, and the payment safety is improved. If the user does not press the physical key for a certain time, the payment transaction is cancelled, and the payment command is invalid.
S500, based on the APDU response and the line protection key, the digital currency wallet TA returns the transaction result to the digital currency wallet SDK;
s600, based on the transaction result, the SDK returns an API calling result to the APP.
Preferably, the line protection KEY includes ENC-KEY and MAC-KEY. The process of the digital money wallet TA communicating with the bluetooth type digital money hardware wallet is as follows.
S300 comprises the following steps:
s301, generating an APDU command by the digital currency wallet TA;
s302, encrypting an APDU command by the digital currency wallet TA by using ENC-KEY to obtain a ciphertext D1; namely Enc (APDU).
S303, calculating MAC of the ciphertext D1 by the digital money wallet TA by using MAC-KEY to obtain a message authentication code D2; namely Mac (enc (apdu)).
S304, the digital money wallet TA sends the ciphertext D1 and the message authentication code D2 to a digital money wallet SDK; the final whole instruction for the SDK by TA is enc (apdu) | Mac (enc (apdu)), | | is concatenated.
S305, based on the Bluetooth connection, the digital money wallet SDK sends the ciphertext D1 and the message authentication code D2 to the Bluetooth type digital money hardware wallet.
S400 includes:
s401, checking a message authentication code D2 by using the MAC-KEY for the Bluetooth type digital currency hardware wallet, and ending the process if the checking fails;
s402, decrypting the ciphertext D1 by using the ENC-KEY of the Bluetooth type digital currency hardware wallet to obtain an APDU command;
s403, the Bluetooth type digital currency hardware wallet executes an APDU command and generates an APDU response;
s404, encrypting the APDU response by the Bluetooth type digital currency hardware wallet by using ENC-KEY to obtain a ciphertext D3;
s405, calculating MAC of the ciphertext D3 by the Bluetooth type digital currency hardware wallet through MAC-KEY to obtain a message authentication code D4;
s406, based on Bluetooth connection, the Bluetooth type digital money hardware wallet sends the ciphertext D3 and the message authentication code D4 to a digital money wallet SDK;
s407, the digital currency wallet SDK sends the ciphertext D3 and the message authentication code D4 to the digital currency wallet TA;
s500 comprises:
s501, verifying the message authentication code D4 by the digital money packet TA through the MAC-KEY, and ending the process if the verification fails;
s502, the digital currency wallet TA decrypts the ciphertext D3 by using the ENC-KEY to obtain an APDU response.
The technical scheme of the invention is characterized in that a digital currency payment system is realized by using TEE to match with a Bluetooth hardware wallet; only allowing the digital money wallet management APP to access the digital money wallet TA in the cell phone TEE; inputting a digital currency wallet password and a digital currency transaction parameter by using a TUI function of a mobile phone TEE; displaying digital currency transaction information and confirming a user transaction intention by using a TUI function of a TEE of the mobile phone; the digital currency wallet TA and the Bluetooth hardware wallet are communicated based on a line protection key, so that the confidentiality and the integrity of communication data are protected; in the process of pairing the Bluetooth hardware wallet and the mobile phone, confirming the pairing desire of a user by using a physical key on the hardware wallet; the method for confirming the transaction intention of the user in the process of carrying out the digital currency transaction comprises the following steps: the user clicks the TUI "confirm" button to confirm the transaction, or the user first clicks the TUI "confirm" button and then double confirms with the hardware wallet physical keys.
Based on the technical scheme and the technical key points, the beneficial effects brought by the technical scheme at least comprise:
1) the Bluetooth hardware wallet is equivalently provided with a display screen and a password keyboard (provided by a mobile TEE) which are remotely connected, and the Bluetooth hardware wallet has good display effect, rich display content and good keyboard input experience;
2) the product size of the Bluetooth hardware wallet is reduced, the Bluetooth hardware wallet is more convenient to carry, and the cost is reduced;
3) the payment safety is high, and the usability, the convenience and the safety are balanced;
4) the applicable mobile phone models are more, and a built-in SE (secure element) of the mobile phone is not needed.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is intended to include such modifications and variations.

Claims (10)

1. A payment system based on TEE and bluetooth-type digital currency hardware wallets, comprising: a mobile intelligent terminal and a Bluetooth type digital currency hardware wallet;
the mobile intelligent terminal comprises an operating system Rich OS and a trusted execution environment TEE OS which run in parallel, wherein a digital currency wallet management APP runs in the Rich OS, a digital currency wallet SDK is integrated in the digital currency wallet management APP, and a digital currency wallet TA runs in the TEE OS; the digital money wallet management APP is used for realizing the functions of balance inquiry, recharging, cash withdrawal, payment and collection by calling an API (application program interface) of the digital money wallet SDK; the digital money wallet SDK is used for accessing the digital money wallet TA and establishing Bluetooth connection with the Bluetooth type digital money hardware wallet; the digital currency wallet TA is used for realizing the digital currency payment function of the Bluetooth type digital currency hardware wallet, and the communication with the Bluetooth type digital currency hardware wallet is realized through the digital currency wallet SDK;
the bluetooth-type digital currency hardware wallet comprises: the security chip control module is connected with a communication interface and a power supply control module, the communication interface comprises an NFC module and a Bluetooth module, the NFC module is used for communicating with other hardware wallets, and the Bluetooth module is used for communicating with the mobile intelligent terminal; and a line protection key is preset between the Bluetooth type digital currency hardware wallet and the digital currency wallet TA and is used for realizing end-to-end encryption.
2. A payment system as recited in claim 1, wherein the digital currency wallet TA is further configured to: before running, verifying authenticity of the digital money wallet managing APP, the digital money wallet TA responding only to access requests from the digital money wallet managing APP.
3. The payment system of claim 1, wherein the TUI of the TEE OS is configured to provide a trusted human-machine interface comprising providing a plurality of virtual keyboard configurations, receiving a user-entered wallet password, transaction parameters, and displaying the transaction parameters, a confirmation button, and a cancel button.
4. A payment system as recited in any one of claims 1-3, wherein the bluetooth-type digital currency hardware wallet is further provided with physical keys, and the physical keys are connected with the security chip control module and are used for confirming the pairing intention of the user during bluetooth pairing between the bluetooth-type digital currency hardware wallet and the mobile intelligent terminal and confirming the transaction intention of the user during digital currency transaction.
5. A payment method based on TEE and bluetooth type digital currency hardware wallets, characterized by comprising the steps of:
s100, establishing Bluetooth connection between a Bluetooth type digital currency hardware wallet and a digital currency wallet SDK, and prefabricating a line protection key between the Bluetooth type digital currency hardware wallet and the communication of the digital currency wallet TA;
s200, based on an API call request of digital currency transaction sent by a digital currency wallet management APP, sending a digital currency payment request to a digital currency wallet TA by a digital currency wallet SDK;
s300, based on the digital currency payment request, the bluetooth connection and the line protection key, the digital currency wallet TA generates an APDU command, which is forwarded to the bluetooth-type digital currency hardware wallet via the digital currency wallet SDK;
s400, based on the APDU command, the bluetooth connection, and the line protection key, the bluetooth-type digital currency hardware wallet performing a digital currency payment operation, generating an APDU response, and returning the APDU response to the digital currency wallet TA via the digital currency wallet SDK;
s500, based on the APDU response and the line protection key, the digital money wallet TA returns the transaction result to the digital money wallet SDK;
s600, based on the transaction result, the SDK returns an API calling result to the APP.
6. A payment method as recited in claim 5, wherein, at S100, the Bluetooth-type digital money hardware wallet establishes a Bluetooth connection with the digital money wallet SDK based on a confirmation connection command input by a user through physical keys;
in S300, the digital currency wallet TA displays transaction information included in the digital currency payment request through the TUI, and generates an APDU command based on a payment password and a confirmation instruction input by a user through the TUI;
in S400, the bluetooth-type digital money hardware wallet performs a digital money payment operation based on a confirmation transaction instruction input by the user through the physical key.
7. The payment method of claim 5, wherein the line protection KEY comprises ENC-KEY and MAC-KEY.
8. The payment method of claim 7, wherein S300 comprises:
s301, the digital currency wallet TA generates an APDU command;
s302, encrypting the APDU command by the digital currency wallet TA by using the ENC-KEY to obtain a ciphertext D1;
s303, the digital currency wallet TA calculates MAC for the ciphertext D1 by using the MAC-KEY to obtain a message authentication code D2;
s304, the digital money wallet TA sends the ciphertext D1 and the message authentication code D2 to the digital money wallet SDK;
s305, based on the Bluetooth connection, the digital money wallet SDK sends the ciphertext D1 and the message authentication code D2 to the Bluetooth type digital money hardware wallet.
9. A payment method as recited in claim 8, wherein S400 comprises:
s401, the Bluetooth type digital currency hardware wallet verifies the message authentication code D2 through the MAC-KEY, and if the verification fails, the process is ended;
s402, the Bluetooth type digital currency hardware wallet decrypts the ciphertext D1 by using the ENC-KEY to obtain the APDU command;
s403, the Bluetooth type digital currency hardware wallet executes the APDU command and generates an APDU response;
s404, encrypting the APDU response by the Bluetooth type digital currency hardware wallet by using the ENC-KEY to obtain a ciphertext D3;
s405, the Bluetooth type digital currency hardware wallet calculates MAC to the ciphertext D3 through the MAC-KEY to obtain a message authentication code D4;
s406, based on the Bluetooth connection, the Bluetooth type digital money hardware wallet sends the ciphertext D3 and the message authentication code D4 to the digital money wallet SDK;
s407, the digital money wallet SDK sends the ciphertext D3, the message authentication code D4 to the digital money wallet TA.
10. A payment method as recited in claim 9, wherein S500 comprises:
s501, the digital currency wallet TA verifies the message authentication code D4 by using the MAC-KEY, and if the verification fails, the process is ended;
s502, the digital currency wallet TA decrypts the ciphertext D3 by using the ENC-KEY to obtain the APDU response.
CN202011473365.8A 2020-12-15 2020-12-15 Payment system and method based on TEE and Bluetooth type digital currency hardware wallet Pending CN112633864A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011473365.8A CN112633864A (en) 2020-12-15 2020-12-15 Payment system and method based on TEE and Bluetooth type digital currency hardware wallet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011473365.8A CN112633864A (en) 2020-12-15 2020-12-15 Payment system and method based on TEE and Bluetooth type digital currency hardware wallet

Publications (1)

Publication Number Publication Date
CN112633864A true CN112633864A (en) 2021-04-09

Family

ID=75312819

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011473365.8A Pending CN112633864A (en) 2020-12-15 2020-12-15 Payment system and method based on TEE and Bluetooth type digital currency hardware wallet

Country Status (1)

Country Link
CN (1) CN112633864A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113706138A (en) * 2021-10-28 2021-11-26 深圳市深圳通有限公司 Payment method, device, equipment and storage medium based on digital currency hard wallet
CN114363030A (en) * 2021-12-28 2022-04-15 武汉天喻信息产业股份有限公司 Financial security metering device, system, method, storage medium and electronic equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113706138A (en) * 2021-10-28 2021-11-26 深圳市深圳通有限公司 Payment method, device, equipment and storage medium based on digital currency hard wallet
CN114363030A (en) * 2021-12-28 2022-04-15 武汉天喻信息产业股份有限公司 Financial security metering device, system, method, storage medium and electronic equipment

Similar Documents

Publication Publication Date Title
CN105260886B (en) Payment processing method and device, NFC portable terminal and wearable terminal
US6662020B1 (en) Arrangement for effecting secure transactions in a communication device
CN106255984B (en) Apparatus and method for operating a portable electronic device to conduct a mobile payment transaction
US10929832B2 (en) Method and system for electronic wallet access
US9607293B2 (en) Method and system for account management and electronic wallet access on a mobile device
WO2019000440A1 (en) Nfc payment method and terminal
JP2014529964A (en) System and method for secure transaction processing via a mobile device
CN109559105A (en) Digital wallet generation method and system based on TEE and encryption chip
JP2013232986A (en) Method for guaranteeing secure access to adjacent communication module of mobile terminal
KR20050073490A (en) Providing a user device with a set of access codes
CN106611310B (en) Data processing method, wearable electronic device and system
CN111512618B (en) Electronic device for transmitting and receiving message including emoticon and control method thereof
CN104978144A (en) Gesture password input device and system and method for transaction based on system
CN112633864A (en) Payment system and method based on TEE and Bluetooth type digital currency hardware wallet
CN102118745B (en) Method and device for secure encryption for mobile payment data, and mobile phone
CN109544137A (en) Digital wallet generation method and system based on TEE and NFC
US20130232084A1 (en) Mobile Financial Transaction System and Method
KR101625065B1 (en) User authentification method in mobile terminal
CN102487320B (en) Method and system used for automatic teller machine identity authentication
KR101628615B1 (en) Method for Providing Safety Electronic Signature by using Secure Operating System
CN204759393U (en) Gesture password input device and system
KR20040009428A (en) Apparatus and method for mobile banking
KR20160124336A (en) Method for Providing Electronic Signature by using Secure Operating System
KR100648709B1 (en) Portable device including smart card integrated circuit chip and method for issuing application by the device
GB2536659A (en) Authentication for mobile transactions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination