TW201504964A - Secure mobile device shopping system and method - Google Patents

Abstract

The present invention provides a secure mobile device shopping system and a method providing a two-way authentication security mechanism that effectively integrates data connection core (DCC), Diffie-Hellman PKDS, RSA, and dynamic authentication code based upon different corresponding relationships between a consumer and a vendor and between a consumer and a bank. When a consumer performs a wireless shopping, relevant information about the personal consumption can be completely and fully secured and protected. Since credit card frauds can be effectively prevented to effectively enhance shopping security so that the secure mobile device shopping can be accomplished.

Description

Secure mobile device shopping system and method

The invention belongs to the technical field of online shopping, in particular to technically providing a safe mobile device shopping system and method, so that personal consumption related materials can be safely protected, and the stolen brush problem can be effectively prevented, and shopping security can be ensured. Effectively improved.

In the two systems currently in the online shopping system, namely, Secure Sockets Layer (SSL) and Secure Electronic Transactions (SET), both of them have the following two security shortcomings (1) Consumers can't confirm that e-commerce websites are decent and stable, and store owners can't know the true identity of consumers, and they can't prevent the problem of stealing. (2) The credit card information of the consumer can still be obtained from the shopping website. If it is not properly stored, it may also be leaked and stolen.

In addition to the aforementioned shortcomings, SSL and SET have the following characteristics, (1) they are all wired shopping, and the convenience is poor. (2) Consumers are asking for loans from banks, and the risks are high. (3) If the identity is authenticated with a fixed password, the more Internet shopping is used, the lower the security will be.

The most important of these is that SSL and SET are both wired shopping, and the convenience is poor. The most convenient wireless shopping system, in the current wireless communication systems, such as 3G, 4G-LTE, etc., cannot provide sufficient security mechanism. Protecting sensitive payment data in wireless transmissions has made wireless shopping systems less common today.

Since the consumer's bank payment information is extremely sensitive and important, if the consumer's bank payment data is cracked by the hacker because of insufficient protection, the hacker will be able to replace the consumer for shopping; that is, the hacker is broken by shopping. Close consumer payment, the resulting consumer dispute will make the entire wireless shopping system disintegrate, especially the basic feature of wireless shopping is wireless communication message packet, it is easy to be stolen by hackers, hackers can easily collect consumer shopping Communication materials, and then analysis and breaking.

In the environment of wireless communication, it is impossible to prevent hackers from collecting communication packet data. Therefore, to improve the security of the wireless communication system, the wireless communication packet data needs to be adequately protected. The current general encryption protection measures are not enough. In the wireless communication environment, in order to fully protect the security of wireless communication packets, the fundamental method is to do "wireless communication data collection, analysis invalidation", as long as the wireless communication system encrypts the protection mechanism of its wireless communication packets. Can do "wireless communication data collection, analysis invalidation", then the hacker is to collect more information, it will be futile. However, the current wireless communication systems, such as 3G, 4G-LTE, etc., cannot achieve the above requirements, and the present invention is a wireless shopping system developed for the basic characteristics of the aforementioned wireless communication and its high security requirements. .

The invention proposes a two-way authentication security mechanism for effectively integrating the data link core, Diffie-Hellman PKDS, RSA and dynamic authentication code according to the different corresponding relationship characteristics between consumers and manufacturers, consumers and banks. The main mechanisms and functions of the present invention are as follows:

1. The system architecture diagram of the present invention, as shown in FIG. 1, includes three units, such as a card issuing bank, a manufacturer, and a mobile device, and defines a transaction function between units in a system architecture diagram.

2. The shopping system transaction process of the present invention is as shown in Fig. 2, which includes three stages, the first stage: including steps 1.1 to 1.4, which is the shopping order confirmation stage; and the second stage: including steps 2.1 to 2.3, which is wireless Shopping Payment Request/Reply and Bank Payment Message Phase; Stage 3: Step 3.1, for the electronic invoice phase.

3. Since a consumer will have many trading vendors, and one vendor has many consumers, the consumer and the manufacturer are open-ended, and the invention constructs the consumer with Diffie-Hellman PKDS. Between trading vendors Security mechanism.

4. In order to effectively improve the security of the bank payment data of the consumer, the present invention constructs a data link core, which includes the credit card number of the consumer, thereby connecting the consumer with the card issuing bank, so that the consumer and the issuing bank The one-to-one relationship, that is, the relationship between the consumer and the issuing bank is a closed relationship, and the present invention is to establish a security mechanism between the consumer and the issuing bank by using RSA.

5. The structure of the data link core on the consumer side is (UserID, e, d, N, PW, K _PW , AK), while the structure content on the bank side is (UserID, e, d, N, Card No, K) _PW , AK), through this data link core link consumers and card-issuing banks, so that consumers in the wireless shopping application payment process communication packets are fully and fully secure.

6. The consumer cryptographic key K _PW in the core of the data link is generated by the consumer's password (PW) via a certain algorithm. The consumer must change the password (PW) through a specific program step. The password key K _{PW is} also updated, so updating the PW and K _PW can effectively enhance the system security.

7. When opening the shopping app on the mobile device, the user will be required to enter the account number and password (PW). The system program will generate the cryptographic key K _PW,c according to the established algorithm _, and compare K _{PW, c} and K _PW. (The consumer password key stored in the system) is equal; if they are not equal, the system program will ask the user to enter the account and password again, and then compare K _{PW, c} and K _PW , if they are still not equal, then the system The shopping app will be closed directly, and the user needs to restart the shopping app before entering the account and password, which can effectively prevent the attack of the guessing password program and improve the system security.

8. In order to enable the consumer's payment information to achieve "wireless communication data collection, analysis invalidation", the present invention generates a random dynamic key Xa2, Xa3 and a consumer authentication key AK in the DCC generated by the consumer in the transaction process. Through the block encryption mechanism, such as DES, AES, etc., combined with the operation to generate " payment dynamic authentication code ( En2 (Xa2, Xa3 ♁ AK))", this payment dynamic authentication code can be used to replace the cardholder signature required when using a credit card In this way, the use of the credit card can be made safer (not afraid of being stolen) and more convenient.

9. In the embodiment of the system of the present invention, except for step 1, all the communication information of all steps are completely and securely encrypted, and each communication packet has HMAC() to protect the communication message packet. Integrity, and the dynamic link key generated by the communication parties, such as CSK, Xa1, Xa2, Xa3, Xb1 and other keys, the dynamic key Kd generated as the key of HMAC (Kd), so through the communication The dynamic link key generated by the two parties is linked with HMAC (Kd) to achieve the functions of privacy, integrity, non-repudiation and mutual authentication of the two parties.

10. This shopping system uses OP_code with status to improve the performance of communication packets and effectively defend against resend attacks.

11. The payment mechanism of the system is that the consumer transmits the encrypted “Decure Dynamic Authentication Code ( En2 (Xa2 ♁ AK))” to the issuing bank, and then the issuing bank obtains the “payment dynamic authentication code” via decryption, and then The obtained "payment dynamic authentication code" is authenticated, and the key to the success of the authentication is whether the consumer has the correct consumer RSA encryption/decryption key (e, d, N), password key (K _PW ) and The authentication key AK has these keys to correctly add/decrypt the dynamic keys Xa1, Xa2, Xa3 and the payment dynamic authentication code ( En2 (Xa2, Xa3 ♁ AK)), and the card issuing bank pays the vendor when the authentication is successful. Under such a mechanism, manufacturers do not have to worry about the problem of stealing credit cards, and consumers do not have to worry about the leakage of credit card number data, and the safety of consumers and manufacturers has been improved.

12. The parameters of this system are defined as follows: (1) UserID: User code. (2) e, d, N: User's individual RSA encryption/decryption key. (3) Card No: Credit card number. (4) AK: Consumer authentication key. (5) PW: Password (Pass Word), K _PW : Key of password. (6) Data link core: mobile device end: (UserID, e, d, N, PW, K _PW , AK); issuing bank end: (UserID, e, d, N, Card No, K _PW , AK) . (7) Xa, Xa1, Xa2, Xa3: private keys. (8) P _Xa : Consumer Public Key (Public Key). (9) Xb, Xb1: vendor keys (private keys). (10) P _Xb : The manufacturer's public key (Public key). (11) CSK: Common key (Commom secret key). (12) Consumer order number. (13) Payment dynamic authentication code: En2 (Xa2, Xa3 ♁ AK).

13. The system includes the following operations and functions:

(1) Binary addition + ₂ : "Encryption: c = p + ₂ K , p and K for binary addition, which ignores the carry generated by the highest bit";"Decrypt: , where - ₂ is a binary subtraction, The complement of K. 』.

(2) E _k (str)=k ♁ s1//k ♁ s2//k ♁ s3//...//k ♁ sn, where str=s1//s2//s3//...//sn, // is a concatenated symbol.

(3) En1(a,b,c)=(a ♁ b)+ ₂ c, where a is the parameter key to be protected and encrypted, and b and c are the link keys of the communication parties.

(4) En2(X,Y ♁ AK): X is a plaintext data to be encrypted, Y is a random parameter, and AK is a consumer authentication key. Before each encryption, Y will perform a chirp operation with AK first. generating a temporary dynamic key K ♁ Y, then this dynamic key encryption such as AES is a block of Parent key, AES encryption through X produced En2 (X, Y ♁ AK) .

Example 1: The payment dynamic authentication code ( En2 ( Xa2, Xa3 ♁ AK )) of the system is a random dynamic key Xa2 generated by the consumer during the transaction process , and the consumer authentication key AK in Xa3 and DCC is via the block. Encryption mechanisms, such as DES, AES, etc., are combined with operations, as shown in Figure 3.

(5) OP_Code: Each wireless message in the system has an operation code to indicate the function of the message, which can shorten the time of message authentication, and the function description of OP-code is shown in Table 1.

(6) status: Each subsystem in the shopping system, such as the consumer side, the manufacturer side and the bank side, has its own internal state parameter (status), which is used to indicate the next time the subsystem wants The executed function, which is used in conjunction with OP_Code, improves system authentication performance and effectively resists resend attacks, and its function description is shown in Table 1.

(7) HMAC(k): A message authentication code based on hash operation, which is generated by a hash function acting on a transmitted message and a secret key K to ensure the correctness and completeness of this information. Sex and non-repudiation.

Example 2: If "OP-code|T _nonce |UserID|a ₁ |a ₂ |a ₃ |a ₄ | HMAC((b1 ♁ b2)+ ₂ b ₃ )" is the information packet transmitted by the user to the verifier , wherein the information authentication code HMAC((b ₁ ♁ b ₂ )+ ₂ b ₃ ) is applied to the plaintext information by a hash function "OP-code|T _nonce |UserID|a ₁ |a ₂ |a ₃ |a ₄ |" Produced with a dynamic secret key (b ₁ ♁ b ₂ ) + ₂ b ₃ .

Figure 1 is a system architecture diagram of the present invention.

Figure 2 is a flow chart of the shopping system transaction of the present invention.

Figure 3 is a schematic diagram of the operation of the payment dynamic authentication code En2 (Xa2, Xa3 ♁ AK) of the present invention.

In order to fully understand the purpose, features and effects of the present invention, The following specific embodiments, together with the accompanying drawings, illustrate the present invention in detail, as illustrated below:

1 is a system architecture diagram of a specific embodiment of the present invention, which includes three units, such as a card issuing bank, a manufacturer, and a mobile device. The transaction functions between the units are as follows: (1) between the consumer (mobile device) and the manufacturer. The trading function is "Shopping Order Confirmation and Delivery of Electronic Invoice". (2) The transaction function between the bank and the consumer (mobile device) is “Wireless Shopping Payment Request/Reply”. (3) The transaction function between the bank and the manufacturer is “bank payment message”.

In order to make the system of the present invention more flexible in actual construction, the issuing bank of the system can be replaced by a joint issuing card center, such as VISA, Master Card, etc.; in order to increase the security and practicability, the issuing bank can cooperate with the communication company, such as Chunghwa Telecom, Taiwan's Big Brother, and FarEasTone Telecom cooperated to write the consumer's data link core into the SIM card of the consumer's mobile phone or tablet.

The invention provides a secure mobile device shopping system, which comprises: a data link core, which is built between a consumer and a card issuing bank; and a consumer cryptographic key, which is generated by a consumer's password via an algorithm; A payment dynamic authentication code, which can replace the cardholder signature required when using a credit card, can make the use of the credit card safer and more convenient; a mobile device shopping app is built between the consumer, the issuing bank and the manufacturer; And a wireless message operation code (OP-code) and status parameter (status) comparison table (as shown in Table 1).

2 is a flow chart of a shopping system transaction according to a specific embodiment of the present invention, which includes three stages. The first stage includes steps 1.1 to 1.4 for the shopping order confirmation phase, wherein 1.1 is a mobile device shopping request, and 1.2 is an action. Device shopping reply, 1.3 is the shopping order, 1.4 is the mobile device shopping order message confirmation; the second stage includes steps 2.1~2.3, for the wireless shopping payment application/reply and bank payment message phase, wherein 2.1 is the wireless shopping payment application, 2.2 for wireless shopping payment application reply, 2.3 for wireless shopping payment message; the third stage: step 3.1, for the transmission of electronic invoice phase.

The wireless shopping process of the mobile device of the specific embodiment of the present invention is as follows:

Phase 1: (Purchase Order Confirmation Phase)

Step 1.1:

(1) After the consumer logs in to the manufacturer's webpage, he can view the merchandise information sold by the manufacturer. When all the favorite merchandise products are put into the shopping cart, the shopping app on the mobile device can be opened by webpage interaction. When the shopping app on the mobile device is turned on, the user is required to input an account number and password (PW), and the system program calculates the generated key K _PW,c according to the established algorithm, and compares K _PW,c and K _PW ( Whether the consumer password key stored in the system is equal; if they are not equal, the system program will ask the user to enter the account and password again, and then compare K _{PW, c} and K _PW . If they are still not equal, the system will directly Close the shopping app, the user needs to restart the shopping app to enter the account and password.

(2) The purchase request message is transmitted to the manufacturer, and the information contained therein includes: the consumer title, the public key P _Xa , and the purchase list. The consumer sends the message 1 to the manufacturer through the shopping APP program, and its contents are as follows: Message 1: Consumer → Vendor (Mobile Device Shopping Request) OP-code|Consumer Title | P _Xa | Purchase List At this time, OP-code=1 .

(3) Set the consumer's status=2.

Step 1.2:

(1) After receiving the consumer's shopping request (OP-code=1), the manufacturer can calculate the common key CSK, ie, the private key Xb and the public key P _Xa transmitted by the consumer. .

(2) The manufacturer transmits message 2 to the consumer, and its contents are as follows: Message 2: Vendor → Consumer (Mobile Device Shopping Reply) OP-code|Consumer Order Number|Date | P _Xb | E _CSK (Xb1)| (Related items of pre-sales) | HMAC (CSK) At this time, OP-code=2.

(3) The manufacturer sets the status of the consumer order number to =3.

Step 1.3:

(1) The consumer receives the packet and checks the OP-code Status, if not equal, discard this packet. Continue to wait for the correct packet, if equal, then know that the packet is a mobile device shopping reply. Next, the calculation produces CSK, ie, .

(2) Authentication packet, ie, check HMAC (CSK) _c HMAC(CSK) _r , where the subscript c represents HMAC (CSK) is calculated by the internal parameters of the consumer, and the subscript r represents the message authentication code HMAC (CSK) received by the consumer in the message 2. If the two are not equal, it means that the packet is invalid, and the consumer discards the packet and continues to wait for the correct packet to arrive. If the two are equal, it means that the transmitted packet is legal.

(3) The consumer decrypts E _CSK (Xb1) with _CSK to obtain key Xb1, and then decrypts with CSK+ ₂ Xb1 (Related materials for pre-sales) Get relevant information about pre-sales.

(4) After reading the returned product information and confirming that the information is correct, the consumer can formally place an order with the manufacturer. At this time, the consumer transmits Message 3 to the manufacturer: Message 3: Consumer → Vendor (shopping order) OP-code |Consumer Order Number | En1(Xa1,CSK,Xb1)| (Consumer Name//Delivery Address//Order Item Information//Consumer Contact Phone Number)| HMAC (Xa1+ ₂ CSK) At this time, OP-code=3.

(5) Set the consumer's status=4.

Step 1.4:

(1) When the manufacturer receives the packet from the consumer, the manufacturer's status is taken out by the consumer order number, and the OP-code is checked. Status, if not equal, discard the packet and continue to wait for the correct packet; if equal, it indicates that the packet is a shopping order packet.

(2) The consumer-related parameters are obtained from the consumer order number, and CSK and Xb1 decrypt En1 (Xa1, CSK, Xb1) to obtain Xa1. Next, perform authentication, ie, check, HMAC (Xa1+ ₂ CSK) _c HMAC(Xa1+2CSK) _r , where the subscript c represents the HMAC (Xa1+ ₂ CSK) is calculated by the internal parameters of the vendor, and the subscript r represents the message authentication code HMAC (Xa1+ ₂ CSK) received by the vendor in the message 3. If the two are not equal, it means that the packet is invalid. The manufacturer discards the packet and continues to wait for the correct packet to arrive. If the two are equal, the packet is legal. The manufacturer decrypts the CSK+ ₂ Xb1 sequentially. Consumer's consumer name, shipping address, ordering item information, and consumer contact phone number.

(3) The manufacturer returns the shopping order confirmation message (message 4) to the consumer, and its contents are as follows: Message 4: Vendor→Consumer (Mobile Device Purchase Order Confirmation Message) OP-code|Consumer Order Number|Manufacturer Profit Registration Information|E _{Xa1 ♁ Xb1} (various consumption details and amount / / total amount / / manufacturer collection account number) | HMAC (Xa1 + ₂ Xb1) At this time, OP-code = 4.

(4) The manufacturer sets the status of the consumer order number = 7.

Phase 2: (Wireless Shopping Payment Request/Reply and Bank Payment Message Phase)

Step 2.1:

(1) The consumer receives the packet from the manufacturer and checks the OP-code. Status, if not equal, discard this packet and continue waiting for the correct packet to arrive. If they are equal, the packet is known to be a shopping order confirmation message.

(2) Perform authentication, that is, check HMAC (Xa1+ ₂ Xb1) _c HMAC(Xa1+ ₂ Xb1) _r , where the subscript c represents HMAC (Xa1+ ₂ Xb1) is calculated by the internal parameters of the consumer, and the subscript r represents the message authentication code HMAC (Xa1+ ₂₎ received by the consumer in the message 4. Xb1), if the two are not equal, it means that the packet is invalid if it is transmitted, then the packet is discarded and continues to wait for the correct packet; if the two are equal, it means that the transmitted packet is legal, and the consumer reads the manufacturer's profit business registration data. And use Xa1 ♁ Xb1 decryption to obtain various consumption details and amount, total amount, and manufacturer's collection account.

(3) The consumer submits a wireless shopping payment application to the issuing bank, and the consumer transmits the message 5 to the issuing bank, the contents of which are as follows: Message 5: Consumer → Issuer Bank (Wireless Shopping Payment Request) OP-code | UserID| RSA_En ( Xa2,e)| En1 (Xa3,Xa2,Xa2 ♁ K _PW )| (CSK//Xa1//Consumer order number//Company profit business registration information//Total amount//Manufacturer collection account//Manufacturer's contact number)| _{E Xa1} ( En2 (Xa2, Xa3 ♁ AK))|HMAC ((CSK ♁ Xa2) + ₂ Xa3) At this time, OP-code=5.

(4) Set the consumer's status=6

Step 2.2:

(1) The bank receives the packet from the consumer, and according to the UserID, the status of the consumer inside the bank is taken out (the status of the UserID in the bank is currently 5), and the OP-code is checked. Status, if not equal, discard this packet and continue waiting for the correct packet to arrive. If they are equal, they know that the packet is a wireless shopping payment request.

(2) The bank then obtains the RSA encryption/decryption key (e, d, N) of the consumer by the DCC of UserID, and then decrypts RSA_En (Xa2, e) to obtain Xa2, and decrypts En1 (Xa3, Xa2, with Xa2 and K _PW , Xa2 ♁ K _PW ) Get Xa3, then decrypt it with Xa3 ♁ K _PW (CSK//Xa1//consumer order number / / manufacturer profit business registration information / / total amount / / manufacturer collection account / / manufacturer's contact phone) to obtain CSK, Xa1, consumer order number, manufacturer profit business registration information , the total amount, the contact number of the manufacturer's collection account and the manufacturer, followed by the second certification, that is, inspection, HMAC ((CSK ♁ Xa2) + ₂ Xa3) _c HMAC((CSK ♁ Xa2)+ ₂ Xa3) _r , where the subscript c stands for HMAC ((CSK ♁ Xa2) + ₂ Xa3) is calculated by the bank through the previous procedures CSK, Xa2 and Xa3, and the subscript r represents The bank receives the message authentication code HMAC ((CSK ♁ Xa2) + ₂ Xa3) carried in message 5. If the two are not equal, it indicates that the transmitted packet is illegal, and the packet is discarded. If the two are equal, it means that the transmitted packet is legal.

(3) The issuing bank decrypts the payment dynamic authentication code En2 (Xa2, Xa3 ♁ AK) with Xa1 decryption E _Xa1 ( En2 (Xa2, Xa3 ♁ AK)), and then performs the third authentication, that is, the check, En2 (Xa2, Xa3 ♁ AK) _c En2 (Xa2, Xa3 ♁ AK) _r , where the subscript c represents En2 (Xa2, Xa3 ♁ AK) is calculated by the bank through the previous procedures Xa2, Xa3 and the consumer authentication key AK stored in the bank, and The subscript r indicates that the bank receives the payment dynamic authentication code En2 (Xa2, Xa3 ♁ AK) carried in the message 5. If the two are not equal, it indicates that the transmitted packet is illegal, and the packet is discarded. If the two are equal, it means that the legitimate consumer wireless shopping payment request is transmitted.

(4) The issuing bank will take out the credit card number of the consumer in the DCC by UserID, check the credit status of the consumer, and decide whether or not to allocate funds. If the transaction is successful (grant), the issuing bank will transfer the total amount to the manufacturer's receiving account. If the transaction fails, the issuing bank will write the transaction failure reason message into the transaction result message.

(5) The issuing bank sends a wireless shopping payment application reply message (massage6) to the consumer: Message 6: issuing bank → consumer (wireless shopping payment application reply) OP-code| E _{CSK ♁ Xa1} (consumer order number // transaction Result message)| HMAC (Xa1+ ₂ CSK) At this time, OP-code=6.

(6) The consumer receives the packet from the issuing bank and checks the OP-code. Status, if not equal, discard this packet and continue waiting for the correct packet to arrive. If they are equal, it means that the packet is a wireless shopping payment request reply message.

(7) Consumers perform authentication, ie inspection, HMAC (Xa1+ ₂ CSK) _c HMAC(Xa1+ ₂ CSK) _r , where the subscript c represents HMAC (Xa1+ ₂ CSK) is calculated by the internal parameters of the consumer, and the subscript r represents the message authentication code HMAC (Xa1+ ₂₎ received by the consumer in the message 6. CSK), if the two are not equal, it means that the packet is invalid and the packet is discarded. If the two are equal, it means that the transmitted packet is legal.

(8) The consumer uses CSK ♁ Xa1 decryption to sequentially obtain the consumer order number and transaction result message of the purchase. If the transaction result message is “transaction failed”, the reason information of the transaction failure is read and the transaction is terminated. If the transaction result message is "transaction successful", set the consumer's status=8 and wait for the manufacturer to send an electronic invoice.

Step 2.3:

(1) The issuing bank sends the wireless shopping payment message (massage7) to the manufacturer: Message 7: issuing bank → manufacturer (wireless shopping payment message) OP-code|consumer order number| (payment message) | HMAC (Xa1 ♁ CSK) At this time, OP-code=7.

(2) The bank sets the consumer's Status=9.

(3) When the manufacturer receives the packet from the issuing bank, the status is taken out by the consumer order number, and the OP-code is checked. Status, if not equal, discard the packet and continue to wait for the correct packet to arrive. If they are equal, the packet is known to be a bank payment message packet.

(4) The manufacturer obtains consumer-related parameters from the consumer order number, and then performs authentication, ie, inspection, HMAC (Xa1 ♁ CSK) _c HMAC(Xa1 ♁ CSK) _r , where the subscript c represents HMAC (Xa1 ♁ CSK) is calculated by the internal parameters of the vendor, and the subscript r represents the message authentication code HMAC (Xa1 ♁ CSK) received by the vendor in the message7. If the two are not equal, it means that the packet is invalid and the packet is discarded. If the two are equal, it means that the transmitted packet is legal.

(5) The vendor decrypts with Xa1+ ₂ CSK (Payment message) Obtain payment information. If the transaction is successful (bank payment), ship and send the electronic invoice to the consumer, ie, proceed to step 3.1. If the transaction fails, terminate the transaction.

The third stage: (the manufacturer transmits the electronic invoice stage)

Step 3.1:

(1) The manufacturer transmits the electronic invoice message (message 8) to the consumer, and its contents are as follows: Message 8: Vendor→Consumer (electronic invoice message) OP-code|Consumer order number|Electronic invoice|HMAC((CSK+ ₂ Xa1) ) ♁ Xb1) At this time, OP-code=8.

(2) The manufacturer sets the status of the consumer order number to ==9.

(3) After the consumer receives the message, check the OP-code Status, if not equal, discard this packet and continue waiting for the correct packet to arrive. If they are equal, it means that the packet is an electronic invoice message from the manufacturer, and then the authentication is performed, that is, the HMAC is checked ((CSK+ ₂ Xa1)♁ Xb1) _c HMAC((CSK+ ₂ Xa1)♁ Xb1) _r , if not equal, discard this message. If they are equal, the consumer can take out the electronic invoice and end the transaction.

Claims (9)

A secure mobile device shopping system includes: a data link core, which is built between the consumer and the issuing bank; a consumer cryptographic key, which is generated by the consumer's password via an algorithm; The authentication code, which can replace the cardholder's signature required to use the credit card, makes the use of the credit card safer and more convenient; a mobile device shopping app is built between the consumer, the issuing bank and the manufacturer; and a wireless Message operation code (OP-code) and status parameter (status) comparison table. For example, in the secure mobile device shopping system described in claim 1, wherein the wireless message operating code (OP-code) and the status parameter (status) are as follows: Through the use of OP_code and status in the shopping process, the communication packet processing performance can be improved, and the resend attack can be effectively prevented. For example, in the secure mobile device shopping system described in claim 1, wherein the structure of the data link core on the consumer side is (UserID, e, d, N, PW, K _PW , AK), and at the bank end The structure content is (UserID, e, d, N, Card No, K _PW , AK), through which the core of the data link connects the consumer and the issuing bank, so that the communication package of the consumer in the wireless shopping application payment process is fully charged. Security protection; where UserID represents the user code; e, d, N represents the user's individual RSA encryption/decryption key; Card No represents the credit card number; PW represents the password (Pass Word); AK represents the consumer certification Key; K _PW stands for Key of password. For example, in the secure mobile device shopping system described in claim 1, in which the shopping application on the mobile device is opened, the user is required to input an account number and password (PW), and the system program calculates the generated password key according to the algorithm. (K _PW,c ), and then compare K _{PW, c} and K _PW (the consumer cryptographic key stored in the system) are equal. If they are not equal, the system will ask the consumer to re-enter the account and password. Compare K _{PW, c} and K _PW are equal, if they are still not equal, the system will directly close the shopping app, the user needs to restart the shopping app before entering the account and password. For example, the secure mobile device shopping system described in claim 1 wherein the payment dynamic authentication code is constructed and used includes: (1) payment dynamic authentication code En2 (Xa2, Xa3 ♁ AK), which is a consumer transaction. The random dynamic key Xa2, Xa3 generated in the process and the consumer authentication key AK in the DCC are generated by a block cipher encryption mechanism such as DES, AES, and the payment dynamic authentication code can be used to replace the consumer using the credit card. The cardholder's signature required at this time makes it easier to use the credit card safely (not afraid of being stolen). (2) The payment mechanism of the system is that the consumer sends the encrypted "payment dynamic authentication code En2 (Xa2, Xa3 ♁ AK)" to the issuing bank, and then the card issuing bank obtains the payment dynamic authentication code through decryption calculation, and then receives the payment. The payment dynamic authentication code obtained by the information is authenticated, and the key to the success of the authentication is whether the consumer has the correct consumer RSA encryption/decryption key (e, d, N), password key (K _PW ) and the authentication money. Key AK, which has these keys to correctly add/decrypt dynamic keys Xa1, Xa2, Xa3 and payment dynamic authentication code ( En2 (Xa2, Xa3 ♁ AK)). When the authentication is successful, the issuing bank will pay the vendor. Under the circumstance, manufacturers do not have to worry about the problem of stolen credit card, and consumers do not have to worry about the leakage of credit card number data, and the safety of consumers and manufacturers has been improved. For example, the secure mobile device shopping system described in claim 1 of the patent scope, wherein the issuing bank can be replaced by a joint issuing card center, so that the system can be more flexible; and, in order to increase security and practicability, the issuing bank can communicate with the communication company. Cooperation, the consumer's data link core is written into the SIM card of the consumer's mobile phone or tablet. For example, the implementation method of the shopping system described in claim 2 includes three stages, wherein the first stage includes steps 1.1 to 1.4, which is a shopping order confirmation stage; and the second stage includes steps 2.1 to 2.3, Wireless shopping payment application / reply and bank payment message phase; the third stage: step 3.1, in order to transmit the electronic invoice stage, the mobile device shopping APP specific embodiment of the shopping process is detailed as follows: the first stage: (shopping order confirmation stage) Step 1.1: (1) After the consumer logs in to the manufacturer's webpage, he can view the merchandise information sold by the manufacturer. After all the purchased merchandise is put into the shopping cart, the shopping app on the mobile device can be opened by webpage interaction. When the shopping app on the mobile device is requested, the user is required to input the account number and password (PW), and the system program calculates the generated password key K _PW,c according to the established algorithm, and compares K _PW,c and K _PW (stored ) is equal to the internal system of consumer cryptographic key; after equal if not, the system program asks the user to enter account number and password, and then comparing K _{PW, c} and K _PW, or if not equal, the Department of Directly shut down the shopping APP, users need to restart shopping APP before and then enter the account number and password; (2) the purchase request message passed to the manufacturer, which contains information include: consumer titles, public key P _Xa, shopping list. The consumer sends the message 1 to the manufacturer through the shopping APP program, and its contents are as follows: Message 1: Consumer → Vendor (Mobile Device Shopping Request) OP-code|Consumer Title | P _Xa | Purchase List At this time, OP-code=1 (3) Set the consumer's status=2; Step 1.2: (1) After the manufacturer receives the consumer's shopping request (OP-code=1), it can transfer its private key Xb to the public key of the consumer. P _Xa calculates the common key CSK, ie, (2) The manufacturer transmits message 2 to the consumer, the content of which is as follows: Message 2: Vendor → Consumer (Mobile Device Shopping Reply) OP-code|Consumer Order Number|Date | P _Xb | E _CSK (Xb1)| (Related items of pre-sales) | HMAC (CSK) At this time, OP-code=2; (3) The manufacturer sets the status of the consumer order number=3; Step 1.3: (1) The consumer receives the packet and checks the OP- Code Status, if not equal, discard this packet. Continue to wait for the correct packet, if equal, then know that the packet is a mobile device shopping reply. Next, the calculation produces CSK, ie, ; (2) authentication packet, ie, check HMAC (CSK) _c HMAC(CSK) _r , where the subscript c represents HMAC (CSK) is calculated by the internal parameters of the consumer, and the subscript r represents the message authentication code HMAC (CSK) received by the consumer in the message 2. If the two are not equal, it means that the packet is invalid, and the consumer discards the packet and continues to wait for the correct packet to arrive. If the two are equal, it means that the transmitted packet is legal; (3) the consumer decrypts the E _CSK (Xb1) key Xb1 by CSK, and then decrypts with CSK+ ₂ Xb1 (Related materials related to pre-sales) Obtain relevant information on pre-sales; (4) After reading the returned product information and confirming that the information is correct, the consumer can formally place an order with the manufacturer. At this time, the consumer transmits Message 3 to the manufacturer: Message 3: Consumer → Vendor (Purchase Order) OP-code|Consumer Order Number | En1(Xa1,CSK,Xb1)| (consumer name / / shipping address / / order item information / / consumer contact phone number) | HMAC (Xa1 + ₂ CSK); at this time, OP-code = 3; (5) set the consumer's status = 4; Step 1.4: (1) When the manufacturer receives the packet from the consumer, the manufacturer's status is taken out by the consumer order number, and the OP-code is checked. Status, if not equal, discard the packet and continue to wait for the correct packet; if it is equal, it means that the packet is a shopping order packet; (2) obtain the consumer related parameter from the consumer order number, CSK, Xb1 to En1 (Xa1, CSK, Xb1) decrypts and acquires Xa1. Next, perform authentication, ie, check, HMAC (Xa1+ ₂ CSK) _c HMAC(Xa1+2CSK) _r , where the subscript c represents the HMAC (Xa1+ ₂ CSK) is calculated by the internal parameters of the vendor, and the subscript r represents the message authentication code HMAC (Xa1+ ₂ CSK) received by the vendor in the message 3. If the two are not equal, it means that the packet is invalid. The manufacturer discards the packet and continues to wait for the correct packet to arrive. If the two are equal, the packet is legal. The manufacturer decrypts the CSK+ ₂ Xb1 sequentially. Consumer's consumer name, shipping address, ordering item information, and consumer contact phone number; (3) The manufacturer returns a shopping order confirmation message (message 4) to the consumer, the content of which is as follows: Message 4: Vendor → Consumer (Mobile Device Purchase Order Confirmation Message) OP-code|Consumer Order Number|Manufacturer Business Registration Information|E _{Xa1 ♁ Xb1} (various consumption details and amount//total amount//vendor collection account number)|HMAC( Xa1+ ₂ Xb1) At this time, OP-code=4; (4) Vendor sets the consumer order number status=7; Phase 2: (Wireless shopping payment request/reply and bank payment message stage) Step 2.1: (1) The consumer receives the packet from the manufacturer, OP-code inspection Status, if not equal, discard this packet and continue waiting for the correct packet to arrive. If they are equal, they know that the packet is a shopping order confirmation message; (2) perform authentication, that is, check HMAC (Xa1+ ₂ Xb1) _c HMAC(Xa1+ ₂ Xb1) _r , where the subscript c represents HMAC (Xa1+ ₂ Xb1) is calculated by the internal parameters of the consumer, and the subscript r represents the message authentication code HMAC (Xa1+ ₂₎ received by the consumer in the message 4. Xb1), if the two are not equal, it means that the packet is invalid if it is transmitted, then the packet is discarded and continues to wait for the correct packet; if the two are equal, it means that the transmitted packet is legal, and the consumer reads the manufacturer's profit business registration data. And use Xa1 ♁ Xb1 decryption to obtain various consumption details and amount, total amount, and the manufacturer's collection account; (3) the consumer submits a wireless shopping payment application to the issuing bank, and the consumer transmits the message 5 to the issuing bank, the contents of which are as follows: Message 5: Consumer → Issuer Bank (Wireless Shopping Payment Request) OP-code | UserID| RSA_En (Xa2,e)| En1 (Xa3, Xa2, Xa2 ♁ K _PW )| (CSK//Xa1//Consumer order number//Company profit business registration information//Total amount//Manufacturer collection account//Manufacturer's contact number)| E _Xa1 ( En2 (Xa2, Xa3 ♁ AK))|HMAC ((CSK ♁ Xa2) + ₂ Xa3) At this time, OP-code=5; (4) Set the consumer's status=6; Step 2.2: (1) The bank receives the packet from the consumer and retrieves the existence according to the UserID. The status of the consumer inside the bank (the status of the UserID in the bank, currently the initial value is 5), check the OP-code Status, if not equal, discard this packet and continue waiting for the correct packet to arrive. If they are equal, they know that the packet is a wireless shopping payment application; (2) the bank then obtains the consumer's RSA encryption/decryption key (e, d, N) by the UserID's DCC, and then decrypts the RSA_En (Xa2, e) Get Xa2, use Xa2 and K _{PW to} decrypt En1 (Xa3, Xa2, Xa2 ♁ K _PW ) to get Xa3, then decrypt it with Xa3 ♁ K _PW (CSK//Xa1//consumer order number / / manufacturer profit business registration information / / total amount / / manufacturer collection account / / manufacturer's contact phone) to obtain CSK, Xa1, consumer order number, manufacturer profit business registration information , the total amount, the contact number of the manufacturer's collection account and the manufacturer, followed by the second certification, that is, inspection, HMAC ((CSK ♁ Xa2) + ₂ Xa3) _c HMAC((CSK ♁ Xa2)+ ₂ Xa3) _r , where the subscript c stands for HMAC ((CSK ♁ Xa2) + ₂ Xa3) is calculated by the bank through the previous procedures CSK, Xa2 and Xa3, and the subscript r On behalf of the bank, the message authentication code HMAC ((CSK ♁ Xa2) + ₂ Xa3) carried in message 5 is received. If the two are not equal, it indicates that the transmitted packet is illegal, and the packet is discarded; If they are equal, it means that the transmitted packet is legal; (3) The issuing bank decrypts E _Xa1 ( En2 (Xa2, Xa3 ♁ AK)) with Xa1 to retrieve the payment dynamic authentication code ( En2 (Xa2, Xa3 ♁ AK)), and then proceeds The third certification, ie inspection, En2 (Xa2, Xa3 ♁ AK) _c En2 (Xa2, Xa3 ♁ AK) _r , where the subscript c represents En2 (Xa2, Xa3 ♁ AK) is calculated by the bank through the previous procedures Xa2, Xa3 and the consumer authentication key AK stored in the bank, and The subscript r indicates that the bank receives the payment dynamic authentication code En2 (Xa2, Xa3 ♁ AK) carried in the message 5. If the two are not equal, it indicates that the transmitted packet is illegal, and the packet is discarded; If they are equal, it means that the legitimate consumer wireless shopping payment application is sent; (4) The issuing bank picks up the credit card number of the consumer in the DCC by UserID, checks the credit status of the consumer, and decides whether the payment is successful if the transaction is successful. (Appropriation), the issuing bank will transfer the total amount to the manufacturer's receiving account. If the transaction fails, the issuing bank will write the transaction failure reason message into the transaction result message; (5) The issuing bank will send the wireless shopping payment application reply message (massage6) ) To the consumer: Message 6: Issuer Bank → Consumer (Wireless Shopping Payment Request Reply) OP-code| E _{CSK ♁ Xa1} (Consumer Order Number // Transaction Result Message) | HMAC (Xa1+ ₂ CSK) At this time, OP -code=6;(6)Consumption After receiving the packet from the issuing bank, check the OP-code Status, if not equal, discard the packet and continue to wait for the correct packet to arrive; if equal, it means that the packet is a wireless shopping payment request reply message; (7) the consumer performs authentication, that is, check, HMAC (Xa1 + ₂ CSK) _c HMAC(Xa1+ ₂ CSK) _r , where the subscript c represents HMAC (Xa1+ ₂ CSK) is calculated by the internal parameters of the consumer, and the subscript r represents the message authentication code HMAC (Xa1+ ₂₎ received by the consumer in the message 6. CSK), if the two are not equal, it means that the packet is invalid and the packet is discarded; if the two are equal, it means that the transmitted packet is legal; (8) the consumer obtains this by CSK ♁ Xa1 decryption. The consumer order number and the transaction result message of the second purchase, if the transaction result message is “transaction failed”, the reason information of the transaction failure is read and the transaction is terminated, and if the transaction result message is “transaction successful”, the consumer is set. Status=8, waiting for the manufacturer to send the electronic invoice; Step 2.3: (1) The issuing bank sends the wireless shopping payment message (massage7) to the manufacturer: Message 7: issuing bank → manufacturer (wireless shopping payment message) OP-code|consumer Order number| (payment message) | HMAC (Xa1 ♁ CSK) at this time, OP-code = 7; (2) Bank set consumer's Status = 9; (3) when the manufacturer receives the packet from the issuing bank, by the consumer Order number to take out its status, check OP-code Status, if not equal, discard the packet and continue to wait for the correct packet to arrive. If it is equal, it knows that the packet is a bank payment message packet; (4) the manufacturer obtains the consumer-related parameters from the consumer order number, and then authenticates , ie test, HMAC (Xa1 ♁ CSK) _c HMAC(Xa1 ♁ CSK) _r , where the subscript c represents HMAC (Xa1 ♁ CSK) is calculated by the internal parameters of the vendor, and the subscript r represents the message authentication code HMAC (Xa1 ♁ CSK) received by the vendor in the message7. If the two are not equal, it means that the transmitted packet is invalid, and the packet is discarded; if the two are equal, it means that the transmitted packet is legal; (5) the manufacturer decrypts with Xa1+ ₂ CSK (Payment message) Obtain payment information. If the transaction is successful (bank payment), ship and send the electronic invoice to the consumer, ie, execute step 3.1. If the transaction fails, terminate the transaction; Stage 3: (vendor) Transfer electronic invoice stage) Step 3.1: (1) The manufacturer sends the electronic invoice message (message 8) to the consumer, the content of which is as follows: Message 8: Vendor → Consumer (electronic invoice message) OP-code|Consumer order number|Electronics Invoice|HMAC((CSK+ ₂ Xa1)♁ Xb1) At this time, OP-code=8; (2) The manufacturer sets the status of the consumer order number=9; (3) After the consumer receives the message, check the OP-code Status, if not equal, discard the packet and continue to wait for the correct packet to arrive; if equal, it represents the electronic invoice message sent by the manufacturer, and then authenticate, ie, check HMAC ((CSK+ ₂ Xa1)♁ Xb1) _c HMAC((CSK+ ₂ Xa1)♁ Xb1) _r , if not equal, discard this message. If they are equal, the consumer can take out the electronic invoice and end the transaction. For example, in the implementation method of the shopping system described in claim 7, wherein the communication information of all the steps except the step 1.1 is completely and securely encrypted, and each communication packet has HMAC(). The integrity of the communication information packet is protected, and the dynamic key Kd generated by the dynamic link key generated by the communication parties, such as CSK, Xa1, Xa2, Xa3, and Xb1 keys, is used as the key of HMAC (Kd). In this way, through the connection between the dynamic link key generated by the two parties and HMAC (Kd), the privacy, integrity, non-repudiation and mutual authentication functions of the two parties are achieved. A secure mobile device shopping system, comprising three banks: issuing bank, manufacturer and mobile device. The transaction function between each unit includes: (1) the transaction function between the consumer (mobile device) and the manufacturer is "customer order confirmation and (2) The transaction function between the bank and the consumer (mobile device) is "wireless shopping payment application/reply"; (3) the transaction function between the bank and the manufacturer is "bank payment message".