TW201717123A - Mobile terminal, trade confirmation method and apparatus therefor, and smart card - Google Patents

Mobile terminal, trade confirmation method and apparatus therefor, and smart card Download PDF

Info

Publication number
TW201717123A
TW201717123A TW105135507A TW105135507A TW201717123A TW 201717123 A TW201717123 A TW 201717123A TW 105135507 A TW105135507 A TW 105135507A TW 105135507 A TW105135507 A TW 105135507A TW 201717123 A TW201717123 A TW 201717123A
Authority
TW
Taiwan
Prior art keywords
transaction
request
data
signed
smart card
Prior art date
Application number
TW105135507A
Other languages
Chinese (zh)
Other versions
TWI657389B (en
Inventor
張翔
鄧煜平
唐陽
楊賢偉
翟岳輝
Original Assignee
國民技術股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國民技術股份有限公司 filed Critical 國民技術股份有限公司
Publication of TW201717123A publication Critical patent/TW201717123A/en
Application granted granted Critical
Publication of TWI657389B publication Critical patent/TWI657389B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3825Use of electronic signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/386Payment protocols; Details thereof using messaging services or messaging apps
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Telephone Function (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A mobile terminal, a trade confirmation method and apparatus therefor, and a smart card. The trade confirmation method comprises: acquiring trade data and request to be signed/confirmed; popping up an STK menu, displaying the trade data and request to be signed/confirmed in the STK menu, and receiving user input; when the user input confirms trade continuing, executing a secure operation by using a secure element (SE) in a smart card; and returning a secure operation result.

Description

行動終端及其交易確認方法、裝置以及智慧卡 Mobile terminal and its transaction confirmation method, device and smart card

本發明係關於電子商務安全技術領域,尤其關於一種行動終端及其交易確認方法、裝置以及一種智慧卡。 The invention relates to the technical field of electronic commerce security, in particular to a mobile terminal and a method and device for confirming the transaction thereof, and a smart card.

隨著技術的不斷演進,藍牙(Bluetooth)通訊等許多無線通訊技術被集成到SIM(Subscriber Identity Module客戶識別模組)卡、USIM(Universal Subscriber Identity Module,全球使用者識別卡)卡、UIM(User Identify Module,使用者識別模組)卡和SD卡(Secure Digital Memory Card,安全數位記憶卡)等智慧卡中,使得手機等行動終端不僅可以通過7816介面與智慧卡通訊,還可以用藍牙連接與智慧卡通訊,從而打通了行動終端與智慧卡之間的機卡高速資料通道,使得智慧卡不僅提供電信功能,還可通過藍牙通道支持各種新的應用下載和運行。另一方面,智慧手機、平板電腦、筆記型電腦等智慧終端可通過應用程式(APP)利用智慧卡中的安全元件(SE)硬體完成資料加密/解密、簽名/驗簽等安全操作,從而提升APP應用安全性。 As technology continues to evolve, many wireless communication technologies, such as Bluetooth communication, are integrated into SIM (Subscriber Identity Module) cards, USIM (Universal Subscriber Identity Module) cards, and UIM (User). Identification Module, User Identification Module) Card and SD card (Secure Digital Memory Card), etc., so that mobile terminals such as mobile phones can communicate with smart cards through the 7816 interface, and can also connect with Bluetooth. The smart card communication opens the high-speed data channel between the mobile terminal and the smart card, so that the smart card not only provides the telecommunication function, but also supports various new applications to download and run through the Bluetooth channel. On the other hand, smart terminals such as smart phones, tablets, and notebook computers can use the secure element (SE) in the smart card to perform security operations such as data encryption/decryption, signature/checking, etc. through the application program (APP). Improve APP application security.

目前廣泛應用的在PC終端上實現的網上銀行等網際網路應用中,通常通過獨立的智慧密碼鑰匙(USBKey)完成交易顯示、數位簽名和使用者確認等功能,即完成所謂 “二代KEY”的功能。隨著行動網際網路應用的發展,在智慧手機上實現的行動應用越來越多,在手機網上銀行或者行動支付等行動網際網路應用中,與手機配套使用單獨的“二代KEY”或者類似功能的設備,也可以實現與PC終端應用同樣的交易顯示、數位簽名和使用者確認等功能。但是,由於手機隨身攜帶的特點,在手機終端上配套使用單獨的智慧密碼鑰匙很不方便,而且單獨的智慧密碼鑰匙容易忘記攜帶、也容易丟失。 Currently widely used in Internet applications such as online banking implemented on PC terminals, the functions of transaction display, digital signature and user confirmation are usually completed through a separate smart key (USBKey). The function of "second generation KEY". With the development of mobile Internet applications, more and more mobile applications are implemented on smart phones. In mobile Internet applications such as mobile banking or mobile payment, separate "second generation KEY" is used with mobile phones. Or a device with similar functions can also implement the same transaction display, digital signature and user confirmation functions as PC terminal applications. However, due to the characteristics of the mobile phone, it is inconvenient to use a separate smart password key on the mobile terminal, and the separate smart password key is easy to forget to carry and easy to lose.

當前電子商務飛速發展且越來越朝向智慧化、行動化發展,利用智慧手機等智慧終端確認交易是必然的需求。在現有利用智慧終端進行交易確認的解決方案中,如果需要使用者對交易情況進行確認,往往是在處理交易的APP中顯示交易情況並在APP介面中提示使用者確認。智慧終端現有解決方案的這一工作過程雖然在功能上可以完成使用者對交易的確認操作,但却存在安全上的隱患。如果終端上存在病毒、木馬或駭客程式等惡意代碼,則有可能截獲使用者在APP介面上輸入的資料並進行篡改,使得使用者表面上看見的交易顯示與自己輸入一致,但由於惡意程式背後篡改了使用者輸入的資料,APP實際得到的是被篡改的資料,然後APP在不知情的情況下對被篡改的資料進行正常處理,比如進行數位簽名等,這種情形下使用者看到的交易情況就與實際發生的交易情況完全不同。例如,使用者看到的顯示是“向客戶A轉帳XX元”,於是“確認”轉帳,但實際上可能發生的是,APP向惡意代碼指定 的帳號進行了另外一筆轉帳,甚至使用者的確認動作本身都有可能被篡改,因為確認動作也是在APP介面完成的。 At present, e-commerce is developing rapidly and is becoming more and more intelligent and mobile. It is an inevitable demand to use smart terminals such as smart phones to confirm transactions. In the existing solution for confirming the transaction using the smart terminal, if the user needs to confirm the transaction situation, the transaction situation is often displayed in the APP that processes the transaction and the user is prompted to confirm in the APP interface. Although the working process of the existing solution of the smart terminal can functionally confirm the user's confirmation of the transaction, there is a security risk. If there is a malicious code such as a virus, trojan or hacker on the terminal, it may intercept the data input by the user on the APP interface and tamper with it, so that the transaction displayed on the user's surface is consistent with the input, but due to the malicious program. The user has changed the data entered by the user. The APP actually obtains the tamper-evident data, and then the APP performs the normal processing of the falsified data without knowing it, such as digital signature. In this case, the user sees The trading situation is completely different from the actual trading situation. For example, the user sees the display as "Transfer XX to Customer A", so "confirm" the transfer, but what may actually happen is that the APP specifies the malicious code. The account has made another transfer, and even the user's confirmation action itself may be tampered with, because the confirmation action is also done in the APP interface.

本發明期望提供一種行動終端及其交易確認方法、裝置以及一種智慧卡,能有效防止交易確認資訊被惡意篡改。 The present invention is intended to provide a mobile terminal and a method and apparatus for confirming the transaction thereof, and a smart card, which can effectively prevent the transaction confirmation information from being maliciously falsified.

本發明實施例的技術方案以下列方式實現。 The technical solution of the embodiment of the present invention is implemented in the following manner.

本發明實施例提供了一種行動終端的交易確認方法,該方法包括:獲取待簽名/確認的交易資料與請求;彈出STK(SIM Tool Kit,使用者識別應用開發工具)選單,在所述STK選單中顯示所述待簽名/確認的交易資料與請求並接收使用者輸入;當使用者輸入確認繼續交易時,則使用智慧卡中的安全元件SE進行安全操作;返回安全操作結果。 An embodiment of the present invention provides a transaction confirmation method for a mobile terminal, the method comprising: acquiring a transaction data and a request to be signed/confirmed; popping up a STK (SIM Tool Kit), in the STK menu. The transaction data to be signed/confirmed is displayed in the request and receives the user input; when the user inputs confirmation to continue the transaction, the security element SE in the smart card is used for security operation; and the security operation result is returned.

上述方案中,所述獲取待簽名/確認的交易資料與請求包括:接收交易平台伺服器通過資料短訊直接下發的所述待簽名/確認的交易資料與請求;或者從智慧卡中獲取所述待簽名/確認的交易資料與請求。 In the above solution, the obtaining the transaction data and the request to be signed/confirmed includes: receiving the transaction information and request to be signed/confirmed directly sent by the transaction platform server through the data short message; or obtaining the information from the smart card. Report the signed/confirmed transaction data and request.

上述方案中,所述從智慧卡中獲取所述待簽名/確認的交易資料與請求包括:接收“讀資料”通知;通過指定命令從智慧卡中獲取待簽名/確認的交易資料與請求。 In the above solution, the obtaining, by the smart card, the transaction information and the request to be signed/confirmed comprises: receiving a “read data” notification; obtaining, by the specified command, the transaction data and the request to be signed/confirmed from the smart card.

上述方案中,所述“讀資料”通知可以來自交易平台伺服器,也可以來自智慧卡。 In the above solution, the "read data" notification may be from a transaction platform server or from a smart card.

上述方案中,所述返回安全操作結果包括:將安全操作結果返回至客戶端APP,由客戶端APP發送至交易平台 伺服器;或者直接通過資料短訊將安全操作結果返回給交易平台伺服器。 In the above solution, the returning the security operation result includes: returning the security operation result to the client APP, and sending the client APP to the transaction platform The server; or directly return the security operation result to the trading platform server through the data message.

本發明實施例還提供一種行動終端的交易確認裝置,所述裝置包括:資料與請求獲取模組、系統STK模組、安全操作模組以及結果返回模組;其中,資料與請求獲取模組,用於獲取待簽名/確認的交易資料與請求;系統STK模組,用於彈出STK選單,在所述STK選單中顯示所述待簽名/確認的交易資料與請求並接收使用者輸入;安全操作模組,用於當使用者輸入確認繼續交易時,則使用智慧卡中的安全元件SE進行安全操作;結果返回模組,用於返回安全操作結果。 The embodiment of the invention further provides a transaction confirmation device for a mobile terminal, the device comprising: a data and request acquisition module, a system STK module, a security operation module and a result return module; wherein the data and the request acquisition module are For acquiring the transaction data and request to be signed/confirmed; the system STK module is configured to pop up the STK menu, display the transaction data to be signed/confirmed and request and receive user input in the STK menu; The module is used to perform a security operation using the secure element SE in the smart card when the user inputs confirmation to continue the transaction; the result is returned to the module for returning the safe operation result.

上述方案中,所述資料與請求獲取模組包括:短訊接收單元,用於接收交易平台伺服器通過資料短訊直接下發的所述待簽名/確認的交易資料與請求;或讀取智慧卡單元,用於從智慧卡中獲取所述待簽名/確認的交易資料與請求。 In the above solution, the data and request acquisition module includes: a short message receiving unit, configured to receive the transaction information and request to be signed/confirmed directly sent by the transaction platform server through the data short message; or read the wisdom The card unit is configured to obtain the transaction information and request to be signed/confirmed from the smart card.

上述方案中,所述讀取智慧卡單元包括:通知接收子單元,用於接收“讀資料”通知;資訊獲取子單元,用於通過指定命令從智慧卡中獲取待簽名/確認的交易資料與請求。 In the above solution, the reading smart card unit comprises: a notification receiving subunit, configured to receive a “read data” notification; and an information obtaining subunit, configured to obtain, by using a specified command, the transaction data to be signed/confirmed from the smart card. request.

本發明實施例還提供一種行動終端,該行動終端中上述任意一種交易確認裝置。 The embodiment of the invention further provides a mobile terminal, any one of the above transaction confirmation devices in the mobile terminal.

本發明實施例還提供一種智慧卡,該智慧卡中包括:資料與請求接收模組,用於接收客戶端APP生成的待簽名 /確認的交易資料與請求;通知發送模組,用於在接收到所述客戶端APP生成的待簽名/確認的交易資料與請求後,向行動終端發送“讀資料”通知;安全元件模組,用於協助行動終端進行安全操作。 The embodiment of the invention further provides a smart card, which includes: a data and request receiving module, configured to receive a signature to be signed by the client APP / Confirmed transaction data and request; the notification sending module is configured to send a "read data" notification to the mobile terminal after receiving the transaction data and the request to be signed/confirmed generated by the client APP; the security component module It is used to assist the mobile terminal in safe operation.

本發明的有益效果在於,利用STK選單顯示待簽名/確認的交易資料與請求,讓使用者在STK選單中進行確認操作,由於惡意程式無法介入和改變STK中的顯示和輸入,這時使用者在STK選單中看到的交易情況就是客戶端APP通過機卡高速資料通道傳遞過來的或者交易平台伺服器通過資料短訊傳遞過來的需要簽名/確認的交易資訊,如果使用者希望繼續交易,則在STK選單中對交易進行“確認”,否則“取消”交易;而在STK選單中獲得使用者確認後,還可以利用智慧卡中的SE提供的安全功能對交易進行簽名等操作,然後行動終端通過機卡高速資料通道將簽名和確認結果一起返回給客戶端APP,客戶端APP再將簽名和確認結果通過資料通道發送給交易平台伺服器;或者行動終端直接通過資料短訊將簽名和確認結果一起返回給交易平台伺服器;如此,有效防止了交易確認資訊被惡意篡改,提高了交易的安全性。 The invention has the beneficial effects that the STK menu is used to display the transaction data and the request to be signed/confirmed, so that the user can perform the confirmation operation in the STK menu. Since the malicious program cannot intervene and change the display and input in the STK, the user is The transaction situation seen in the STK menu is the transaction information that the client APP transmits through the high-speed data channel of the machine card or that the transaction platform server transmits through the data message. If the user wishes to continue the transaction, then In the STK menu, the transaction is “confirmed”, otherwise the transaction is “cancelled”. After the user confirms in the STK menu, the security function provided by the SE in the smart card can be used to sign the transaction, and then the mobile terminal passes. The high-speed data channel of the machine card returns the signature and the confirmation result to the client APP, and the client APP sends the signature and the confirmation result to the transaction platform server through the data channel; or the mobile terminal directly signs the signature together with the confirmation result through the data short message. Return to the trading platform server; thus, effectively preventing the transaction confirmation The news was maliciously tampered with, improving the security of the transaction.

101-104‧‧‧步驟 101-104‧‧‧Steps

201‧‧‧資料與請求獲取模組 201‧‧‧Information and Request Acquisition Module

202‧‧‧系統STK模組 202‧‧‧System STK Module

203‧‧‧安全操作模組 203‧‧‧Safe operation module

204‧‧‧結果返回模組 204‧‧‧Results return module

圖1為本發明實施例提供的行動終端的交易確認方法的實現流程示意圖。 FIG. 1 is a schematic flowchart of an implementation process of a transaction confirmation method for a mobile terminal according to an embodiment of the present invention.

圖2為本發明實施例提供的行動終端的交易確認裝置的組成結構示意圖。 FIG. 2 is a schematic structural diagram of a structure of a transaction confirmation apparatus for a mobile terminal according to an embodiment of the present invention.

為了更清楚地說明本發明實施例和技術方案,下面將結合圖式及實施例對本發明的技術方案進行更詳細的說明,顯然,所描述的實施例是本發明的一部分實施例,而不是全部實施例。基於本發明的實施例,所屬技術領域中具有通常知識者在不逸離本發明精神的前提下所獲得的所有其他實施例,都屬於本發明保護的範圍。 In order to more clearly illustrate the embodiments and technical solutions of the present invention, the technical solutions of the present invention will be described in more detail below with reference to the drawings and embodiments. It is obvious that the described embodiments are a part of the embodiments of the present invention, and not all Example. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without departing from the spirit of the invention are within the scope of the invention.

在本發明實施例中,行動終端中安裝有交易平台的客戶端APP,例如,掌上銀行客戶端APP。使用者利用客戶端APP向交易平台伺服器提出交易請求,例如,使用者使用手機中安裝的掌上銀行APP進行轉帳,使用者將在所述APP中輸入轉帳金額、轉入帳戶等資訊並提出轉帳請求;而掌上銀行APP則根據使用者輸入的資訊生成待簽名/確認的交易資料與請求。 In the embodiment of the present invention, a client APP of a transaction platform, for example, a palm banking client APP, is installed in the mobile terminal. The user uses the client APP to make a transaction request to the transaction platform server. For example, the user uses the mobile banking APP installed in the mobile phone to transfer the account, and the user inputs the information of the transfer amount, the account, and the like in the APP and makes a transfer. The request; and the Pocket Bank APP generates transaction data and requests to be signed/confirmed based on the information entered by the user.

圖1為本發明實施例提供的行動終端的交易確認方法的實現流程示意圖,如圖1所示,該方法包括: 1 is a schematic flowchart of implementing a transaction confirmation method for a mobile terminal according to an embodiment of the present invention. As shown in FIG. 1, the method includes:

步驟101,獲取待簽名/確認的交易資料與請求。 In step 101, the transaction data and the request to be signed/confirmed are obtained.

具體的,行動終端系統獲取上述由交易平台的客戶端APP生成的待簽名/確認的交易資料與請求。 Specifically, the mobile terminal system acquires the transaction data and the request to be signed/confirmed generated by the client APP of the transaction platform.

進一步的,所述獲取待簽名/確認的交易資料與請求包括:行動終端接收交易平台伺服器通過資料短訊直接下發的所述待簽名/確認的交易資料與請求;或者行動終端從智慧卡中獲取所述待簽名/確認的交易資料與請求。 Further, the obtaining the transaction data and the request to be signed/confirmed includes: the mobile terminal receiving the transaction information and the request to be signed/confirmed directly sent by the transaction platform server through the data short message; or the mobile terminal from the smart card Obtain the transaction information and request to be signed/confirmed.

具體的,客戶端APP生成待簽名/確認的交易資料與 請求後,可以將所述待簽名/確認的交易資料與請求通過通訊網路發送至交易平台伺服器,也可以通過機卡高速資料通道發送至智慧卡,這裏,所述機卡高速資料通道可以是行動終端與智慧卡之間的藍牙連接、WiFi連接或ZigBee連接,只要行動終端和智慧卡均支持相應的網路協議,能够建立相應的協議連接,例如,均支持藍牙協議的手機和SIM卡即可通過藍牙連接實現所述機卡高速資料通道。 Specifically, the client APP generates transaction data to be signed/confirmed and After the request, the transaction data and the request to be signed/confirmed may be sent to the transaction platform server through the communication network, or may be sent to the smart card through the high-speed data channel of the machine card. Here, the high-speed data channel of the machine card may be Bluetooth connection, WiFi connection or ZigBee connection between the mobile terminal and the smart card, as long as the mobile terminal and the smart card support the corresponding network protocol, the corresponding protocol connection can be established, for example, the mobile phone and the SIM card both supporting the Bluetooth protocol The high speed data channel of the machine card can be realized through a Bluetooth connection.

更進一步的,行動終端從智慧卡中獲取所述待簽名/確認的交易資料與請求包括:接收“讀資料”通知;通過指定命令從智慧卡中獲取待簽名/確認的交易資料與請求。 Further, the obtaining, by the mobile terminal, the transaction information and the request to be signed/confirmed from the smart card comprises: receiving a “read data” notification; obtaining, by the specified command, the transaction data and the request to be signed/confirmed from the smart card.

這裏,所述指定命令與行動終端和智慧卡的種類、行動終端的操作系統種類和版本有關,例如,針對智慧手機和SIM卡,指定命令可以為“Fetch命令”。 Here, the specified command is related to the type of the mobile terminal and the smart card, the operating system type and version of the mobile terminal, for example, for the smart phone and the SIM card, the designated command may be a "Fetch command".

而上述“讀資料”通知可以來自交易平台伺服器,也可以來自智慧卡。 The above "read data" notification can come from the trading platform server or from the smart card.

具體的,如上所述,當客戶端APP生成待簽名/確認的交易資料與請求後,將所述待簽名/確認的交易資料與請求通過通訊網路發送至交易平台伺服器,則交易平台伺服器在接收到所述待簽名/確認的交易資料與請求後,交易平台伺服器向行動終端發送“讀資料”通知,例如,交易平台伺服器通過資料短訊發送“讀資料”通知;而當客戶端APP生成待簽名/確認的交易資料與請求後,將所述待簽名/確認的交易資料與請求通過機卡高速資料通道發送至智慧卡時,智慧卡接收到待簽名/確認的交易資料與請求後, 智慧卡在隨後的7816正常命令響應中以設置特定應答狀態字的方式,通知行動終端來獲取智慧卡中的所述待簽名/確認的交易資料與請求;例如,SIM卡在執行手機7816命令後會在響應命令中返回執行結果,響應命令後面會帶一個二位元組的命令狀態字組;設置0x9000表示正常結束返回,而為0x 91mm(m代表一位十六進制數)表示SIM卡上還有資料需要手機讀取,手機就會通過Fetch命令來讀取0x mm個資料並執行SIM卡端請求的操作(如彈出STK選單),然後將執行結果用terminal response命令返回給SIM卡,SIM卡根據手機是否執行成功來決定繼續執行還是退出STK。如果要退出STK,SIM卡在狀態字中返回0x 9000就可以了,否則一直返回91mm。 Specifically, as described above, after the client APP generates the transaction data and the request to be signed/confirmed, and sends the transaction data and the request to be signed/confirmed to the transaction platform server through the communication network, the transaction platform server After receiving the transaction data and request to be signed/confirmed, the transaction platform server sends a “read data” notification to the mobile terminal, for example, the transaction platform server sends a “read data” notification through the data short message; After the end APP generates the transaction data and the request to be signed/confirmed, when the transaction data and the request to be signed/confirmed are sent to the smart card through the high speed data channel of the machine card, the smart card receives the transaction data to be signed/confirmed and After the request, In the subsequent 7816 normal command response, the smart card notifies the mobile terminal to obtain the transaction information and request to be signed/confirmed in the smart card in a manner of setting a specific response status word; for example, after the SIM card executes the command of the mobile phone 7816 The execution result will be returned in the response command. The response command will be followed by a two-byte command status word group; setting 0x9000 means normal end return, but 0x 91mm (m represents a hexadecimal number) indicating SIM card There is still information on the mobile phone to read, the mobile phone will use the Fetch command to read 0x mm data and perform the SIM card request operation (such as popping up the STK menu), and then return the execution result to the SIM card with the terminal response command. The SIM card decides whether to continue or exit the STK according to whether the mobile phone is successfully executed. If you want to exit the STK, the SIM card returns 0x 9000 in the status word, otherwise it will return 91mm.

步驟102,彈出STK選單,在所述STK選單中顯示所述待簽名/確認的交易資料與請求並接收使用者輸入。 In step 102, the STK menu is popped up, and the transaction data to be signed/confirmed is displayed in the STK menu and the user input is received.

具體的,行動終端在獲取到所述待簽名/確認的交易資料與請求後,彈出STK選單,在所述STK選單中顯示所述待簽名/確認的交易資料與請求;使用者在STK選單中對交易進行確認;行動終端接收使用者輸入的資訊。 Specifically, after obtaining the transaction data and the request to be signed/confirmed, the mobile terminal pops up an STK menu, and displays the transaction data and request to be signed/confirmed in the STK menu; the user is in the STK menu. The transaction is confirmed; the mobile terminal receives the information input by the user.

步驟103,當使用者輸入確認繼續交易時,則使用智慧卡中的安全元件SE進行安全操作。 In step 103, when the user inputs confirmation to continue the transaction, the secure element SE in the smart card is used for security operation.

當行動終端根據使用者輸入的資訊判斷出使用者希望繼續交易時,則行動終端使用智慧卡中的安全元件SE進行安全操作,所述安全操作包括:交易簽名、資料加解密等;安全元件SE完成安全操作後,使用機卡高速資料通 道將安全操作結果回傳。 When the mobile terminal determines, according to the information input by the user, that the user wishes to continue the transaction, the mobile terminal performs a secure operation using the secure element SE in the smart card, including: transaction signature, data encryption and decryption, etc.; security element SE After completing the safe operation, use the machine card high speed data communication The road will return the results of the safe operation.

步驟104,返回安全操作結果。 In step 104, the safe operation result is returned.

具體的,行動終端可以將安全操作結果返回至客戶端APP,由客戶端APP發送至交易平台伺服器。 Specifically, the mobile terminal can return the security operation result to the client APP, and the client APP sends the result to the transaction platform server.

或者行動終端直接通過資料短訊將安全操作結果返回給交易平台伺服器。 Or the mobile terminal directly returns the security operation result to the trading platform server through the data short message.

交易平台伺服器接收到安全操作結果後,決定是否繼續後續交易流程。 After receiving the result of the security operation, the trading platform server decides whether to continue the subsequent transaction process.

這裏,安全操作結果可以是簽名/確認結果。 Here, the result of the security operation may be a signature/confirmation result.

圖2是本發明實施例提供的行動終端的交易確認裝置的組成結構示意圖,如圖2所示,該交易確認裝置包括:資料與請求獲取模組201、系統STK模組202、安全操作模組203以及結果返回模組204。 2 is a schematic structural diagram of a transaction confirmation device of a mobile terminal according to an embodiment of the present invention. As shown in FIG. 2, the transaction confirmation device includes: a data and request acquisition module 201, a system STK module 202, and a security operation module. 203 and the result is returned to module 204.

其中,資料與請求獲取模組201,用於獲取待簽名/確認的交易資料與請求。 The data and request obtaining module 201 is configured to obtain the transaction data and the request to be signed/confirmed.

系統STK模組202,用於彈出STK選單,在所述STK選單中顯示所述待簽名/確認的交易資料與請求並接收使用者輸入。 The system STK module 202 is configured to pop up an STK menu, display the transaction information and request to be signed/confirmed in the STK menu, and receive user input.

安全操作模組203,用於當使用者輸入確認繼續交易時,則使用智慧卡中的安全元件SE進行安全操作。 The security operation module 203 is configured to perform a security operation using the secure element SE in the smart card when the user inputs confirmation to continue the transaction.

結果返回模組204,用於返回安全操作結果。 The result is returned to module 204 for returning the results of the secure operation.

進一步的,上述交易確認裝置中,資料與請求獲取模組201包括:短訊接收單元,用於接收交易平台伺服器通過資料短訊直接下發的所述待簽名/確認的交易資料與請 求;或讀取智慧卡單元,用於從智慧卡中獲取所述待簽名/確認的交易資料與請求。 Further, in the transaction confirmation device, the data and request acquisition module 201 includes: a short message receiving unit, configured to receive the transaction information and request to be signed/confirmed directly issued by the transaction platform server through the data short message. Or reading the smart card unit for obtaining the transaction information and request to be signed/confirmed from the smart card.

進一步的,上述交易確認裝置中,所述讀取智慧卡單元包括:通知接收子單元,用於接收“讀資料”通知;資訊獲取子單元,用於通過指定命令從智慧卡中獲取待簽名/確認的交易資料與請求。 Further, in the transaction confirmation device, the reading smart card unit includes: a notification receiving subunit, configured to receive a “read data” notification; and an information obtaining subunit configured to obtain a signature to be signed from the smart card by using a specified command. Confirmed transaction data and requests.

進一步的,上述交易確認裝置中,結果返回模組204包括:返回APP單元,用於將安全操作結果返回至客戶端APP,由客戶端APP發送至交易平台伺服器;或者返回伺服器單元,用於直接通過資料短訊將安全操作結果返回給交易平台伺服器。 Further, in the transaction confirmation device, the result returning module 204 includes: a returning APP unit, configured to return the security operation result to the client APP, sent by the client APP to the transaction platform server; or return to the server unit, Return the safe operation result to the trading platform server directly through the data message.

在實際應用中,上述資料與請求獲取模組201、系統STK模組202、安全操作模組203以及結果返回模組204及它們的各個單元,均可由位於行動終端中的中央處理器(CPU)、微處理器(MPU)、數位訊號處理器(DSP)、或現場可程式閘陣列(FPGA)實現。 In practical applications, the above information and request acquisition module 201, the system STK module 202, the security operation module 203, and the result return module 204 and their respective units may be configured by a central processing unit (CPU) located in the mobile terminal. , microprocessor (MPU), digital signal processor (DSP), or field programmable gate array (FPGA) implementation.

本發明還提供一種行動終端,該行動終端中上述任意一種交易確認裝置。這裏,行動終端可以是支持藍牙功能的智慧手機、平板電腦或筆記型電腦等。 The present invention also provides a mobile terminal, any one of the above transaction confirmation devices. Here, the mobile terminal can be a smart phone, a tablet or a notebook computer that supports Bluetooth.

本發明還提供一種智慧卡,該智慧卡中包括:資料與請求接收模組,用於接收客戶端APP生成的待簽名/確認的交易資料與請求;通知發送模組,用於在接收到所述客戶端APP生成的待簽名/確認的交易資料與請求後,向行動終端發送“讀資料”通知;安全元件模組,用於協助行 動終端進行安全操作。 The invention also provides a smart card, the smart card includes: a data and request receiving module, configured to receive a transaction data and a request to be signed/confirmed generated by the client APP; and a notification sending module, configured to receive the After the transaction data and the request to be signed/confirmed generated by the client APP are sent, the “read data” notification is sent to the mobile terminal; the security component module is used to assist the line. The mobile terminal performs safe operations.

這裏,智慧卡可以是標準SIM卡、USIM卡、UIM卡、MicroSIM卡、NaroSIM卡等各種形態和尺寸的通訊卡,智慧卡中除了有主控模組還需包括藍牙模組,用於與行動終端的藍牙模組建立藍牙連接,實現機卡高速資料通道。 Here, the smart card can be a standard SIM card, a USIM card, a UIM card, a MicroSIM card, a NaroSIM card, and the like, and various types and sizes of communication cards, in addition to the main control module, the smart card also needs to include a Bluetooth module for use and action. The Bluetooth module of the terminal establishes a Bluetooth connection to realize a high-speed data channel of the machine card.

本實施例的通訊系統的各個模組對應執行上述通訊方法實施例所描述的步驟,因此具有相同的有益效果。另外,應該理解到,以上所描述的通訊系統的實施方式僅僅是示意性的,所描述模組的劃分,僅僅為一種邏輯功能劃分,實際實現時可以有另外的劃分方式。另外,模組相互之間的耦合或通訊連接可以是通過一些介面,也可以是電性或其它的形式。 Each module of the communication system of this embodiment corresponds to the steps described in the foregoing embodiment of the communication method, and thus has the same beneficial effects. In addition, it should be understood that the implementation of the communication system described above is merely illustrative, and the division of the described modules is only a logical function division, and may be further divided in actual implementation. In addition, the coupling or communication connection between the modules may be through some interfaces, or may be electrical or other forms.

上述各個功能模組作為通訊系統的組成部分,可以是或者也可以不是物理框,既可以位於一個地方,也可以分布到多個網路單元上,既可以採用硬體的形式實現,也可以採用軟體功能框的形式實現。可以根據實際的需要選擇其中的部分或者全部模組來實現本發明方案的目的。 Each of the above functional modules may or may not be a physical frame, and may be located in one place or on multiple network units, and may be implemented in a hardware form or in a hardware form. The form of the software function box is implemented. Some or all of the modules may be selected according to actual needs to achieve the objectives of the solution of the present invention.

所屬技術領域中具有通常知識者應明白,本發明的實施例可提供為方法、系統、或電腦程式產品。因此,本發明可採用硬體實施例、軟體實施例、或結合軟體和硬體方面的實施例的形式。而且,本發明可採用在一個或多個其中包含有電腦可用程式代碼的電腦可用儲存介質(包括但不限於磁碟儲存器和光學儲存器等)上實施的電腦程式產品的形式。 Those of ordinary skill in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Thus, the invention may take the form of a hardware embodiment, a software embodiment, or an embodiment incorporating a software and a hardware. Moreover, the present invention can take the form of a computer program product embodied on one or more computer usable storage media (including but not limited to disk storage and optical storage, etc.).

本發明是參照根據本發明實施例的方法、設備(系統)、和電腦程式產品的流程圖和/或方框圖來描述的。應理解可由電腦程式指令實現流程圖和/或方框圖中的每一流程和/或方框、以及流程圖和/或方框圖中的流程和/或方框的結合。可提供這些電腦程式指令到通用電腦、專用電腦、嵌入式處理機或其他可編程資料處理設備的處理器以產生一個機器,使得通過電腦或其他可編程資料處理設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能的裝置。 The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing device to produce a machine for generating instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.

這些電腦程式指令也可儲存在能引導電腦或其他可編程資料處理設備以特定方式工作的電腦可讀儲存器中,使得儲存在該電腦可讀儲存器中的指令產生包括指令裝置的製造品,該指令裝置實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能。 The computer program instructions can also be stored in a computer readable storage that can direct a computer or other programmable data processing device to operate in a particular manner, such that instructions stored in the computer readable storage produce an article of manufacture including the instruction device. The instruction means implements the functions specified in one or more blocks of the flow or in a flow or block diagram of the flowchart.

這些電腦程式指令也可裝載到電腦或其他可編程資料處理設備上,使得在電腦或其他可編程設備上執行一系列操作步驟以產生電腦實現的處理,從而在電腦或其他可編程設備上執行的指令提供用於實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能的步驟。 These computer program instructions can also be loaded onto a computer or other programmable data processing device to perform a series of operational steps on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

再次說明,以上所述僅為本發明的實施例,並非因此限制本發明的專利範圍,凡是利用本發明說明書及圖式內容所作的等效結構或等效流程變換,例如各實施例之間技 術特徵的相互結合,或直接或間接運用在其他相關的技術領域,均同理包括在本發明的專利保護範圍內。 It is to be noted that the above description is only an embodiment of the present invention, and thus does not limit the scope of the invention, and the equivalent structure or equivalent flow transformation using the specification and the content of the present invention, for example, the embodiments The combination of the technical features, or directly or indirectly, in other related technical fields, is equally included in the scope of the patent protection of the present invention.

101-104‧‧‧步驟 101-104‧‧‧Steps

Claims (10)

一種行動終端的交易確認方法,該包括:獲取待簽名/確認的交易資料與請求;彈出STK選單,在該STK選單中顯示該待簽名/確認的交易資料與請求並接收使用者輸入;當使用者輸入確認繼續交易時,則使用智慧卡中的安全元件進行安全操作;返回安全操作結果。 A transaction confirmation method for an action terminal, comprising: obtaining a transaction data and a request to be signed/confirmed; popping up an STK menu, displaying the transaction data to be signed/confirmed and requesting and receiving user input in the STK menu; When the input confirms the transaction, the secure element in the smart card is used for safe operation; the safe operation result is returned. 如請求項1該記載的交易確認方法,其中該獲取待簽名/確認的交易資料與請求包括:接收交易平台伺服器通過資料短訊直接下發的該待簽名/確認的交易資料與請求;或者從智慧卡中獲取該待簽名/確認的交易資料與請求。 The transaction confirmation method as claimed in claim 1, wherein the obtaining the transaction data and the request to be signed/confirmed comprises: receiving the transaction information and request to be signed/confirmed directly issued by the transaction platform server through the data short message; or Obtain the transaction data and request to be signed/confirmed from the smart card. 如請求項2該記載的交易確認方法,其中該從智慧卡中獲取該待簽名/確認的交易資料與請求包括:接收“讀資料”通知;通過指定命令從該智慧卡中獲取待簽名/確認的交易資料與請求。 The transaction confirmation method as claimed in claim 2, wherein the obtaining the transaction information and the request to be signed/confirmed from the smart card comprises: receiving a “read data” notification; obtaining a signature/confirmation from the smart card by using a specified command Transaction information and requests. 如請求項3該記載的交易確認方法,其中該“讀資料”通知可以來自該交易平台伺服器,也可以來自該智慧卡。 The transaction confirmation method as recited in claim 3, wherein the "read data" notification may be from the transaction platform server or may be from the smart card. 如請求項1該記載的交易確認方法,其中該返回安全操作結果包括: 將安全操作結果返回至客戶端APP,由該客戶端APP發送至交易平台伺服器;或者直接通過資料短訊將安全操作結果返回給交易平台伺服器。 The transaction confirmation method as recited in claim 1, wherein the returning security operation result comprises: Return the result of the security operation to the client APP, and send it to the trading platform server by the client APP; or return the security operation result directly to the trading platform server through the data short message. 一種行動終端的交易確認裝置,該包括:資料與請求獲取模組、系統STK模組、安全操作模組以及結果返回模組;其中,該資料與請求獲取模組用於獲取待簽名/確認的交易資料與請求;該系統STK模組用於彈出STK選單,在該STK選單中顯示該待簽名/確認的交易資料與請求並接收使用者輸入;該安全操作模組用於當使用者輸入確認繼續交易時,則使用智慧卡中的安全元件SE進行安全操作;以及該結果返回模組用於返回安全操作結果。 A transaction confirmation device for a mobile terminal, comprising: a data and request acquisition module, a system STK module, a security operation module, and a result return module; wherein the data and request acquisition module is configured to obtain a signature/confirmation Transaction data and request; the STK module of the system is used for popping up the STK menu, displaying the transaction data and request to be signed/confirmed in the STK menu and receiving user input; the security operation module is used for inputting confirmation by the user When the transaction continues, the secure element SE in the smart card is used for security operations; and the result return module is used to return the safe operation result. 如請求項6所記載的交易確認裝置,其中該資料與請求獲取模組包括:短訊接收單元,用於接收交易平台伺服器通過資料短訊直接下發的該待簽名/確認的交易資料與請求;或讀取智慧卡單元,用於從智慧卡中獲取該待簽名/確認的交易資料與請求。 The transaction confirmation device as claimed in claim 6, wherein the data and request acquisition module comprises: a short message receiving unit, configured to receive the transaction information to be signed/confirmed directly sent by the transaction platform server through the data short message. Request; or read the smart card unit for obtaining the transaction data and request to be signed/confirmed from the smart card. 如請求項7所記載的交易確認裝置,其中該讀取智慧卡單元包括:通知接收子單元,用於接收“讀資料”通知;以及資訊獲取子單元,用於通過指定命令從智慧卡中獲取該待簽名/確認的交易資料與請求。 The transaction confirmation device of claim 7, wherein the read smart card unit comprises: a notification receiving subunit for receiving a "read data" notification; and an information acquisition subunit for obtaining from the smart card by specifying a command The transaction information and request to be signed/confirmed. 一種行動終端,該行動終端中包括如請求項6-8任意一項該記載的交易確認裝置。 A mobile terminal including the transaction confirming device as described in any one of claims 6-8. 一種智慧卡,包括:資料與請求接收模組,用於接收客戶端APP生成的待簽名/確認的交易資料與請求;通知發送模組,用於在接收到該客戶端APP生成的待簽名/確認的交易資料與請求後,向行動終端發送“讀資料”通知;以及安全元件模組,用於協助該行動終端進行安全操作。 A smart card includes: a data and request receiving module, configured to receive a transaction data and a request to be signed/confirmed generated by the client APP; and a notification sending module, configured to receive the signature to be generated by the client APP/ After confirming the transaction data and the request, the "read data" notification is sent to the mobile terminal; and the secure component module is used to assist the mobile terminal in performing the security operation.
TW105135507A 2015-11-03 2016-11-02 Mobile terminal and its transaction confirmation method and device TWI657389B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510733783.9A CN106651366A (en) 2015-11-03 2015-11-03 Mobile terminal and transaction confirmation method and device thereof, and smart card
??201510733783.9 2015-11-03

Publications (2)

Publication Number Publication Date
TW201717123A true TW201717123A (en) 2017-05-16
TWI657389B TWI657389B (en) 2019-04-21

Family

ID=58661621

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105135507A TWI657389B (en) 2015-11-03 2016-11-02 Mobile terminal and its transaction confirmation method and device

Country Status (3)

Country Link
CN (1) CN106651366A (en)
TW (1) TWI657389B (en)
WO (1) WO2017076173A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI730304B (en) * 2019-03-13 2021-06-11 開曼群島商庫幣科技有限公司 Multiple authentication method for digital asset transaction

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109905245B (en) * 2019-02-28 2021-08-31 北京华大智宝电子系统有限公司 Signature method and device
CN112996140B (en) * 2021-02-02 2023-04-14 亚信科技(成都)有限公司 Connection method, device, equipment and storage medium

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100471303C (en) * 2006-12-28 2009-03-18 上海柯斯软件有限公司 The method for utilizing the data SMS and STK menu to realize the SMS discount coupon
CN101252729A (en) * 2008-04-10 2008-08-27 上海柯源软件有限公司 Method for enhancing payment chip functions with SIM card
CN101827155B (en) * 2009-03-06 2013-06-26 深圳市数智国兴信息科技有限公司 Multi-application realization method and system of intelligent cards based on mobile communication
US10454693B2 (en) * 2009-09-30 2019-10-22 Visa International Service Association Mobile payment application architecture
CN102096972A (en) * 2009-12-15 2011-06-15 中国移动通信集团公司 Method and system for finishing on-line payment based on user terminal, and user terminal
CN101872409A (en) * 2010-04-29 2010-10-27 钱袋网(北京)信息技术有限公司 Method and device for calling application program in data card
CN102547681B (en) * 2010-12-31 2015-03-25 国民技术股份有限公司 Intelligent key device and identity authentication method
CN102694780A (en) * 2011-03-25 2012-09-26 同方股份有限公司 Digital signature authentication method, payment method containing the same and payment system
TWI483634B (en) * 2011-04-11 2015-05-01 Chi Mei Comm Systems Inc System and method for sharing group
CN103123706A (en) * 2011-11-18 2013-05-29 中兴通讯股份有限公司 Management method, device and system of bill payment for another
CN102521744B (en) * 2011-12-26 2017-11-03 中兴通讯股份有限公司 Method of network payment and device
EP2801223A4 (en) * 2012-01-03 2015-07-22 Equatel Uk Ltd Portable mobile money device
CN104184892A (en) * 2014-08-12 2014-12-03 桂林微网半导体有限责任公司 Mobile terminal intelligent card based data transmission method and mobile terminal

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI730304B (en) * 2019-03-13 2021-06-11 開曼群島商庫幣科技有限公司 Multiple authentication method for digital asset transaction

Also Published As

Publication number Publication date
CN106651366A (en) 2017-05-10
TWI657389B (en) 2019-04-21
WO2017076173A1 (en) 2017-05-11

Similar Documents

Publication Publication Date Title
TWI556178B (en) Portable electronic device, method, and computer-program product for financial transaction
CN111582859B (en) Method, electronic device and medium for conducting point-of-sale transactions
US9530126B2 (en) Secure mobile payment processing
US9799029B2 (en) Securely receiving data input at a computing device without storing the data locally
US11301865B2 (en) Secure card data entry system and method
CN105723388B (en) Generating transaction identifiers
TW201531973A (en) Disabling mobile payments for lost electronic devices
TW202008220A (en) Method and apparatus for generating payment two-dimensional code
US11948146B2 (en) System, method, and apparatus for securely transmitting data via a third-party webpage
KR102144509B1 (en) Proximity communication method and apparatus
US11935040B1 (en) Offline mode for distribution of encryption keys
TWI657389B (en) Mobile terminal and its transaction confirmation method and device
JP7014901B2 (en) Information display method and its devices, storage media and electronic devices
KR20170029940A (en) Payment service providing apparatus and method for assisting in selection of plural limit amount based on web, system and computer readable medium having computer program recorded thereon
KR102468789B1 (en) Payment service providing apparatus and method using authentication based on web, system and computer readable medium having computer program recorded thereon
CN105405010A (en) Transaction device, transaction system employing same, and transaction method
US12079794B2 (en) System and method of operating a consumer device as a payment device
TWI661366B (en) Method and system for electronic payment
TW201519138A (en) Financial commodity transaction method and system
KR20170029943A (en) Payment service providing apparatus and method for supporting transaction verification based on web, system and computer readable medium having computer program recorded thereon
TW201351312A (en) Third party authentication method for cloud transaction system

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees