TWI696088B - Method and equipment for generating dynamic credit card security code, bank card and authentication method - Google Patents

Method and equipment for generating dynamic credit card security code, bank card and authentication method Download PDF

Info

Publication number
TWI696088B
TWI696088B TW107140034A TW107140034A TWI696088B TW I696088 B TWI696088 B TW I696088B TW 107140034 A TW107140034 A TW 107140034A TW 107140034 A TW107140034 A TW 107140034A TW I696088 B TWI696088 B TW I696088B
Authority
TW
Taiwan
Prior art keywords
data block
dynamic
card
credit card
security code
Prior art date
Application number
TW107140034A
Other languages
Chinese (zh)
Other versions
TW201923641A (en
Inventor
濤 周
丁林潤
李春歡
陳朋
Original Assignee
大陸商中國銀聯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商中國銀聯股份有限公司 filed Critical 大陸商中國銀聯股份有限公司
Publication of TW201923641A publication Critical patent/TW201923641A/en
Application granted granted Critical
Publication of TWI696088B publication Critical patent/TWI696088B/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4018Transaction verification using the card verification value [CVV] associated with the card
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

本發明提供一種產生動態信用卡安全碼的方法,該方法包括:獲取動態資料元素,用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN;對所述更新的主帳號PAN進行加密,得到第一資料塊;以及基於所述第一資料塊產生所述動態信用卡安全碼。本發明還提供了一種產生動態信用卡安全碼的設備、銀行卡以及由發卡行認證伺服器執行的認證方法。本發明的產生演算法計算環節少,計算結果的隨機性好。The present invention provides a method for generating a dynamic credit card security code. The method includes: acquiring a dynamic data element, replacing a part of the main account number PAN of the credit card with the dynamic data element, thereby generating an updated main account number PAN; Encrypts the primary account number PAN to obtain a first data block; and generates the dynamic credit card security code based on the first data block. The invention also provides a device for generating a dynamic credit card security code, a bank card, and an authentication method performed by the card issuing bank authentication server. The generation algorithm of the invention has less calculation links and good randomness of calculation results.

Description

產生動態信用卡安全碼的方法和設備、銀行卡和認證方法Method and equipment for generating dynamic credit card security code, bank card and authentication method

本發明涉及金融支付領域,特別地,涉及產生動態信用卡安全碼的方法和設備、銀行卡和認證方法。The present invention relates to the field of financial payment, and in particular, to a method and device for generating a dynamic credit card security code, a bank card, and an authentication method.

信用安全碼(CVN2),是信用卡上的一組3位元數字。其產生方法是銀行將卡片帳號、有效期、服務代碼提取出來,排列後再經過一系列複雜的演算法得出。這組數字在產生之後,就只有發卡銀行和銀行卡的持有者知道該數字是多少。信用卡安全碼就相當於信用卡的身份證,消費者可以憑此碼進行消費交易。由於現有的信用安全碼都是平印在信用卡背面簽名欄上卡號後4位處,因此犯罪份子很容易盜用用戶的信用安全碼,導致用戶的信用卡被盜刷,安全性差。   為了解決以上問題,VISA提出了基於時間可變的動態CVN2方案,從一定程度上解決了交易安全性差的問題。但在現有方案中通常採用DES/3DES產生演算法來產生該動態信用安全碼,計算環節多且複雜。因此,希望一種改進的產生動態信用卡安全碼的方案。   以上公開于本發明背景部分的資訊僅僅旨在增加對本發明的總體背景的理解,而不應當被視為承認或以任何形式暗示該資訊構成已為本領域一般技術人員所公知的現有技術。The credit security code (CVN2) is a set of 3-digit numbers on a credit card. The method of generation is that the bank extracts the card account number, expiration date, and service code, and arranges them to obtain a series of complex algorithms. After this set of numbers is generated, only the card-issuing bank and bank card holder know what the number is. The credit card security code is equivalent to the credit card's ID card, and consumers can use this code to conduct consumer transactions. Since the existing credit security codes are printed flat on the back of the credit card on the back of the card number, it is easy for criminals to steal the user's credit security code, resulting in the user's credit card being stolen and poor security.  In order to solve the above problems, VISA has proposed a dynamic CVN2 scheme based on variable time, which solves the problem of poor transaction security to a certain extent. However, in the existing scheme, the DES/3DES generation algorithm is usually used to generate the dynamic credit security code, and the calculation process is numerous and complicated. Therefore, an improved solution for generating a dynamic credit card security code is desired.   The above information disclosed in the background section of the present invention is only intended to increase the understanding of the general background of the present invention, and should not be regarded as an acknowledgement or in any way implying that the information constitutes prior art that is well known to those skilled in the art.

鑒於此,根據本發明的一個方面,提供了一種產生動態信用卡安全碼的方法,該方法包括:獲取動態資料元素,用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN;對所述更新的主帳號PAN進行加密,得到第一資料塊;以及基於所述第一資料塊產生所述動態信用卡安全碼。與DES/3DES產生演算法相比,本發明採用國密演算法,計算環節少,計算結果的隨機性好。   在上述方法中,所述動態資料元素為事件可變因數,使得所述動態信用卡安全碼基於所述事件可變因數的觸發而變化。   在上述方法中,所述事件可變因數對應於個人化之後累計至當前的按鍵次數或個人化之後搖晃卡片的次數。   在上述方法中,所述事件可變因數為8位元數位,並且在所述按鍵次數少於8位元數位時,在所述按鍵次數的資料左邊以二進位數字字0填充。   在上述方法中,用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN包括:用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。   在上述方法中,對所述更新的主帳號PAN進行加密,得到第一資料塊包括:依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及利用唯一分散金鑰對所述第二資料塊進行加密,從而得到所述第一資料塊。   在上述方法中,基於所述第一資料塊產生所述動態信用卡安全碼包括:從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。   在上述方法中,所述動態資料元素為時間可變因數,所述時間可變因數基於當前時間而確定。   根據本發明的另一個方面,提供了一種產生動態信用卡安全碼的設備,該設備包括:獲取裝置,用於獲取動態資料元素;替換裝置,用於用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN;加密裝置,用於對所述更新的主帳號PAN進行加密,得到第一資料塊;以及產生裝置,用於基於所述第一資料塊產生所述動態信用卡安全碼。   在上述設備中,所述替換裝置配置成用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。   在上述設備中,所述加密裝置包括:串接單元,用於依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;擴展單元,用於通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及加密單元,用於利用唯一分散金鑰對所述第二資料塊進行加密,從而得到所述第一資料塊。   在上述設備中,所述產生裝置配置成從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。   在上述設備中,所述動態資料元素為事件可變因數,使得所述動態信用卡安全碼基於所述事件可變因數的觸發而變化。   根據本發明的又一個方面,提供了一種銀行卡,該銀行卡包括:顯示模組,所述顯示模組包括顯示主控晶片,其中所述顯示主控晶片包括如前所述的產生動態信用卡安全碼的設備。   在上述銀行卡中,所述顯示模組還包括:顯示介質;電池,用於對所述顯示介質和所述顯示主控晶片進行供電;個人化天線,用於寫入卡片初始化參數;以及按鍵。   根據本發明的又一個方面,提供了一種由發卡行認證伺服器執行的認證方法,該方法包括:接收來自支付網路的卡片資料,其中所述卡片資料包括卡號、有效期和動態信用卡安全碼;根據主帳號PAN或發卡行識別碼BIN將卡片識別為動態可變卡,並將所述卡片資料路由到動態可變認證系統進行認證;以及從所述動態可變認證系統接收認證結果,所述認證結果包括所述動態信用卡安全碼是否落在所述動態可變認證系統設定的視窗內。   在上述認證方法中,所述動態可變認證系統對於時間可變的動態可變卡使用雙向時間視窗,而對於時間可變的動態可變卡使用單向事件視窗。   本發明的技術方案主要採用動態可變數位dCVN2來替代當前列印在銀行卡背面的靜態CVN2,該可變數位基於SM4安全演算法產生,基於事件可變因數(EBN)的觸發而變化,它能增強無卡支付(CNP)交易的安全性,大幅降低通過截獲和存儲CVN2值實施欺詐的可能性。   通過納入本文的圖式以及隨後與圖式一起用於說明本發明的某些原理的具體實施方式,本發明的方法和裝置所具有的其它特徵和優點將更為具體地變得清楚或得以闡明。In view of this, according to an aspect of the present invention, there is provided a method for generating a dynamic credit card security code, the method comprising: acquiring a dynamic data element, replacing a part of the main account number PAN of the credit card with the dynamic data element, thereby generating an update PAN's primary account number; encrypt the updated primary account number PAN to obtain a first data block; and generate the dynamic credit card security code based on the first data block. Compared with the DES/3DES generation algorithm, the invention adopts the national secret algorithm, which has fewer calculation links and good randomness of calculation results.  In the above method, the dynamic data element is an event variable factor, so that the dynamic credit card security code changes based on the trigger of the event variable factor.  In the above method, the event variable factor corresponds to the number of key presses accumulated to the current after personalization or the number of times the card is shaken after personalization.   In the above method, the event variable factor is 8 digits, and when the number of key presses is less than 8 digits, the left side of the data of the key presses is filled with a binary digital word 0. In the above method, replacing a part of the primary account number PAN of the credit card with the dynamic data element, thereby generating an updated primary account number PAN includes: replacing the leftmost 8-bit digit of the PAN with the dynamic data element to construct String to generate the updated master account PAN. In the above method, encrypting the updated primary account number PAN to obtain the first data block includes: sequentially connecting the updated primary account number PAN, card expiration date, and service code to construct a first string; The right side of the first word string is filled with zeros to expand the first word string to a 256-bit second data block; and the second data block is encrypted with a unique distributed key to obtain the first A data block. In the above method, generating the dynamic credit card security code based on the first data block includes: selecting digits from 0 to 9 from left to right in the first data block and aligning the selected digits to the left to obtain The third data block; from left to right in the first data block, select A to F in hexadecimal, and convert it to decimal system minus 10, to get the fourth data block; The data block is spliced to the right of the third data block to obtain a fifth data block; and the three leftmost digits of the fifth data block are selected as the dynamic credit card security code. In the above method, the dynamic data element is a time variable factor, and the time variable factor is determined based on the current time. According to another aspect of the present invention, there is provided an apparatus for generating a dynamic credit card security code, the apparatus includes: acquiring means for acquiring a dynamic data element; and replacement means for replacing the main card of the credit card with the dynamic data element A part of the account PAN, thereby generating an updated master account PAN; an encryption device for encrypting the updated master account PAN to obtain a first data block; and a generating device for generating an account based on the first data block Describe the dynamic credit card security code. In the above device, the replacement device is configured to replace the leftmost 8-bit digit construction string of the PAN with the dynamic data element, thereby generating an updated master account number PAN. In the above device, the encryption device includes: a concatenating unit for sequentially concatenating the updated primary account number PAN, card expiration date, and service code to construct a first character string; and an expansion unit for passing the The right side of the first word string is padded with 0 to expand the first word string to a 256-bit second data block; and an encryption unit is used to encrypt the second data block with a unique distributed key, thereby Obtain the first data block. In the above device, the generating device is configured to select digits from 0 to 9 from left to right in the first data block and align the selected digits to the left to obtain a third data block; from the first Select the A to F in hexadecimal from left to right in the data block, and convert it to decimal 10 minus 10 to obtain the fourth data block; splice the fourth data block to the third data block On the right, get the fifth data block; and select the leftmost three digits of the fifth data block as the dynamic credit card security code. In the above device, the dynamic data element is an event variable factor, so that the dynamic credit card security code changes based on the trigger of the event variable factor. According to yet another aspect of the present invention, there is provided a bank card, the bank card includes: a display module, the display module includes a display main control chip, wherein the display main control chip includes a dynamic credit card as described above Security code device. In the above bank card, the display module further includes: a display medium; a battery for powering the display medium and the display main control chip; a personalized antenna for writing card initialization parameters; and buttons . According to yet another aspect of the present invention, there is provided an authentication method performed by a card issuing bank authentication server, the method comprising: receiving card data from a payment network, wherein the card data includes a card number, an expiration date, and a dynamic credit card security code; Identify the card as a dynamically variable card based on the main account number PAN or the issuing bank identification code BIN, and route the card data to the dynamically variable authentication system for authentication; and receive the authentication result from the dynamically variable authentication system, the The authentication result includes whether the dynamic credit card security code falls within the window set by the dynamic variable authentication system.  In the above authentication method, the dynamic variable authentication system uses a bidirectional time window for a time variable dynamic variable card and a unidirectional event window for a time variable dynamic variable card. The technical solution of the present invention mainly uses a dynamic variable number dCVN2 to replace the current static CVN2 printed on the back of the bank card. The variable number is generated based on the SM4 security algorithm and changes based on the event variable factor (EBN) trigger. It can enhance the security of cardless payment (CNP) transactions and greatly reduce the possibility of fraud by intercepting and storing CVN2 values. The other features and advantages possessed by the method and device of the present invention will be more specifically clarified or clarified by the drawings incorporated herein and the specific embodiments used to explain some principles of the present invention together with the drawings. .

以下說明描述了本發明的特定實施方式以教導本領域技術人員如何製造和使用本發明的最佳模式。為了教導發明原理,已簡化或省略了一些常規方面。本領域技術人員應該理解源自這些實施方式的變型將落在本發明的範圍內。本領域技術人員應該理解下述特徵能夠以各種方式接合以形成本發明的多個變型。由此,本發明並不局限於下述特定實施方式,而僅由申請專利範圍和它們的等同物限定。   在本發明的上下文中,術語CVN2表示信用卡安全碼,dCVN2或動態CVN2表示動態信用卡安全碼,基於動態資料元素的觸發而變化。   動態資料元素包括時間可變因數(TBN, Time Based Number)和事件可變因數(EBN, Event Based Number)。   術語PAN表示銀行卡的主帳號,標明可以處理交易的發卡機構和持卡者。術語BIN指代發卡行識別碼,即Bank Identification Number。   為本申請的目的,“非接觸”或“無線”可包括任何通信方法或協定,包括專有協定,其中在兩個設備之間交換資料而無需在物理上耦合。在不限制前述的概括性的情況下,“非接觸”或“無線”可包括通過鐳射、射頻、紅外通信、藍牙或無線局域網進行的資料傳輸。   為本申請的目的,術語“支付服務”可包括在可擕式消費者設備上使用、引起資料在可擕式消費者設備和任何其他設備或位置之間交換的任何應用程式。應理解,“支付服務”不限於金融應用程式。   為本申請的目的,“支付資料”對於金融應用程式可包括由支付服務使用以執行交易的那些資料元素,而對於非金融交易可包括除本發明以外的任何必需資料元素。例如,當支付服務是磁條信用卡交易時,“支付資料”可包括磁軌1和/或磁軌2資料,如信用卡行業的普通技術人員所理解地,諸如主帳號、有效期、服務碼和任意資料。“支付資料”也可包括唯一卡標識號或服務供應商的唯一標識號。   圖1是表示本發明的一個實施例的產生動態信用卡安全碼的方法1000。   在步驟110中,獲取動態資料元素;   在步驟120中,用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN;   在步驟130中,對所述更新的主帳號PAN進行加密,得到第一資料塊;   在步驟140中,基於所述第一資料塊產生所述動態信用卡安全碼。   在方法1000中,動態資料元素可為事件可變因數或時間可變因數。在一個實施例中,動態資料元素為事件可變因數,使得所述動態信用卡安全碼基於所述事件可變因數的觸發而變化。在一個實施例中,事件可變因數對應於個人化之後累計至當前的按鍵次數或個人化之後搖晃卡片的次數。如果該資料少於8個數位,則在其左邊以二進位數字字0填充到8個數位作為TBN。   在另一個實施例中,所述動態資料元素為時間可變因數,所述時間可變因數基於當前時間而確定。例如,時間可變因數(TBN)是基於以下3個步驟匯出的基於時間的數值:(1)確定從通用協調時1970年1月1日00:00:00用秒數表達的當前時間;(2)用步驟1中得出的時間除以時間窗口值。時間視窗值是以標籤9F5F個人化在晶片中以秒數表達的數值;(3)將步驟2中得到數值去掉小數點之後的資料得到8個cn型的資料。如果該資料少於8個數位,則從左開始截取8個數位作為TBN。   在一個實施例中,步驟120可包括:用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。在一個實施例中,步驟130可包括:依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及利用唯一分散金鑰對所述第二資料塊進行加密,從而得到所述第一資料塊。在一個實施例中,步驟140可包括:從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。   參考圖2,圖2是表示本發明的一個實施例的產生動態信用卡安全碼的設備2000。   如圖2所示,設備2000可包括獲取裝置210、替換裝置220、加密裝置230以及產生裝置240。在設備2000中,獲取裝置210用於獲取動態資料元素。替換裝置220用於用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN。加密裝置230用於對所述更新的主帳號PAN進行加密,得到第一資料塊。產生裝置240用於基於所述第一資料塊產生所述動態信用卡安全碼。   在一個實施例中,替換裝置220配置成用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。在一個實施例中,加密裝置230進一步包括:串接單元,用於依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;擴展單元,用於通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及加密單元,用於利用唯一分散金鑰對所述第二資料塊進行加密,從而得到所述第一資料塊。   在一個實施例中,產生裝置240配置成從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。   參考圖3,它示出了本發明的一個實施例的銀行卡的顯示模組。在本發明的一個實施例中,銀行卡可包括顯示模組,而顯示模組包括顯示主控晶片、顯示介質、個人化天線、電池和按鍵(可選)。顯示介質可採用電子紙、LCD等技術。電池為顯示介質和主控晶片供電以達到計算dCVN2並顯示的目的。個人化天線用於在卡片(例如動態CVN2部分)初始化的一些參數寫入。   在一個實施例中,在基於事件可變因數產生的dCVN2的情況下,顯示模組必須包括按鍵,用於基於個人化之後累計至當前的按鍵次數產生事件可變因數EBN。在另一個實施例中,在基於時間可變因數產生dCVN2的情況下,該顯示模組可不包括按鍵。   每當啟動支付服務時,即在可擕式消費者設備上產生dCVN2用於認證的目的。圖4描繪了根據本發明對每一交易產生dCVN2的方法。一開始, 用TBN或EBN替換PAN的最左邊8位元數位構建字串,記為新PAN。接著,從左到右連接新PAN、卡片失效日期、服務代碼,構建一個字串。然後,把字串放到256位元資料欄中,右補0, 得到BlockA。利用UDK(唯一分散金鑰,Unique Derivation Key)對BlockA進行加密,得到BlockG。在BlockG中從左到右選出0到9的數字,左靠齊從而得到BlockH。在BlockG中從左到右選出16進制中A到F,然後每個轉化成10進制減去10,從而得到BlockI。將BlockI拼接到BlockH右側,得到BlockJ。最終,dCVN2選擇為BlockJ最左邊3個數位。   參考圖5,圖5示意性地示出根據本發明的一個實施例的dCVN2的銀行卡的認證流程。在一個實施例中,在無卡交易時,卡片資料 (卡號、有效期和dCVN2) 通過支付網路提交到發卡行認證伺服器。發卡行認證伺服器根據PAN或者BIN識別該卡為dCVN2銀行卡,並將認證請求路由到dCVN2認證系統。dCVN2認證系統依據自身配置計算dCVN2,並與卡片提交的dCVN2進行比較。隨後,將比較結果返回給發卡行認證伺服器。最後,發卡行認證伺服器批准/拒絕該交易並告知支付請求方。   dCVN2的基本認證原理是通過使用者端與認證服務提供端以相同的運算因數,採用相同的運算方法,產生dCVN2進行比對,來完成整個認證過程。通常,dCVN2的比對是由認證服務提供端完成,只要卡片中計算得到dCVN2值落在後臺認證伺服器設定窗口內dCVN2值的集合內,則認證通過。動態CVN2銀行卡與系統之間的同步處理。對於時間可變的dCVN2銀行卡,後臺認證使用雙向時間視窗;對於事件可變的dCVN2銀行卡,使用單向事件視窗。   綜上,本發明基於多種可變因數和演算法實現CVN2位元動態顯示,保證交易的安全。此外,在本發明的實施例中,銀行卡中產生/顯示dCVN2的功能模組是獨立的,當dCVN2功能不能正常使用時,銀行卡的其他功能應能繼續正常使用。本發明採用的國密演算法的計算環節少,計算結果的隨機性好於DES/3DES國際演算法。   以上例子主要說明了本發明的產生動態信用卡安全碼的方法和設備、銀行卡和認證系統架構。儘管只對其中一些本發明的具體實施方式進行了描述,但是本領域普通技術人員應當瞭解,本發明可以在不偏離其主旨與範圍內以許多其他的形式實施。因此,所展示的例子與實施方式被視為示意性的而非限制性的,在不脫離如所附各申請專利範圍所定義的本發明精神及範圍的情況下,本發明可能涵蓋各種的修改與替換。The following description describes specific embodiments of the invention to teach those skilled in the art how to make and use the best mode of the invention. In order to teach the principles of the invention, some conventional aspects have been simplified or omitted. Those skilled in the art should understand that variations derived from these embodiments will fall within the scope of the present invention. Those skilled in the art should understand that the following features can be joined in various ways to form multiple variations of the invention. Thus, the present invention is not limited to the specific embodiments described below, but only by the scope of patent applications and their equivalents.  In the context of the present invention, the term CVN2 means a credit card security code, and dCVN2 or dynamic CVN2 means a dynamic credit card security code, which changes based on the triggering of dynamic data elements.   Dynamic data elements include time variable factor (TBN, Time Based Number) and event variable factor (EBN, Event Based Number).  The term PAN means the main account number of the bank card, indicating the card issuer and cardholder who can process the transaction. The term BIN refers to the card issuing bank identification code, which is the Bank Identification Number.   For the purposes of this application, "contactless" or "wireless" may include any communication method or agreement, including proprietary agreements, in which data is exchanged between two devices without being physically coupled. Without limiting the foregoing generality, "non-contact" or "wireless" may include data transmission via laser, radio frequency, infrared communication, Bluetooth, or wireless local area network.   For the purposes of this application, the term "payment service" may include any application that is used on a portable consumer device and causes data to be exchanged between the portable consumer device and any other device or location. It should be understood that "payment services" are not limited to financial applications.   For the purposes of this application, "payment data" may include those data elements used by payment services to perform transactions for financial applications, and may include any necessary data elements other than the present invention for non-financial transactions. For example, when the payment service is a magnetic stripe credit card transaction, the "payment information" may include magnetic track 1 and/or magnetic track 2 information, as understood by those of ordinary skill in the credit card industry, such as the master account number, expiration date, service code, and any data. The "payment information" may also include a unique card identification number or a service provider's unique identification number. FIG. 1 is a method 1000 for generating a dynamic credit card security code according to an embodiment of the present invention. In step 110, a dynamic data element is obtained;    In step 120, the dynamic data element is used to replace a part of the main account number PAN of the credit card, thereby generating an updated main account number PAN;    In step 130, the updated The master account PAN is encrypted to obtain the first data block; In step 140, the dynamic credit card security code is generated based on the first data block.  In method 1000, the dynamic data element may be an event variable factor or a time variable factor. In one embodiment, the dynamic profile element is an event variable factor, so that the dynamic credit card security code changes based on the trigger of the event variable factor. In one embodiment, the event variable factor corresponds to the number of key presses accumulated after personalization or the number of times the card is shaken after personalization. If the data is less than 8 digits, then the left side of the data is filled with binary digits 0 to 8 digits as TBN.  In another embodiment, the dynamic data element is a time variable factor, and the time variable factor is determined based on the current time. For example, the time variable factor (TBN) is a time-based numerical value derived based on the following three steps: (1) Determine the current time expressed in seconds from 00:00:00 on January 1, 1970, when universal coordination occurs; (2) Divide the time obtained in step 1 by the time window value. The time window value is the value expressed in seconds in the chip personalized by the label 9F5F; (3) The data obtained in step 2 is removed from the data after the decimal point to obtain 8 cn-type data. If the data is less than 8 digits, 8 digits are intercepted from the left as TBN.   In one embodiment, step 120 may include replacing the leftmost 8-bit digits of the PAN with the dynamic data element to construct a string, thereby generating an updated master account number PAN. In one embodiment, step 130 may include: sequentially connecting the updated primary account number PAN, card expiration date, and service code to construct a first character string; by adding 0 to the right of the first character string, the The first word string is expanded into a second data block of 256 bits; and the second data block is encrypted by using a unique distributed key to obtain the first data block. In one embodiment, step 140 may include: selecting digits from 0 to 9 from left to right in the first data block and aligning the selected digits to the left, thereby obtaining a third data block; from the first Select the A to F in hexadecimal from left to right in the data block, and convert it to decimal 10 minus 10 to obtain the fourth data block; splice the fourth data block to the third data block On the right, get the fifth data block; and select the leftmost three digits of the fifth data block as the dynamic credit card security code.   Referring to FIG. 2, FIG. 2 is a device 2000 for generating a dynamic credit card security code according to an embodiment of the present invention. As shown in FIG. 2, the device 2000 may include an acquisition device 210, a replacement device 220, an encryption device 230, and a generation device 240. In the device 2000, the obtaining device 210 is used to obtain dynamic data elements. The replacement device 220 is used to replace a part of the primary account number PAN of the credit card with the dynamic data element, thereby generating an updated primary account number PAN. The encryption device 230 is used to encrypt the updated master account PAN to obtain the first data block. The generating device 240 is used to generate the dynamic credit card security code based on the first data block.   In one embodiment, the replacement device 220 is configured to replace the leftmost 8-bit digit construction string of the PAN with the dynamic data element, thereby generating an updated master account number PAN. In one embodiment, the encryption device 230 further includes: a concatenation unit for sequentially concatenating the updated primary account number PAN, card expiration date, and service code to construct a first character string; and an expansion unit for The right side of the first word string is padded with 0 to expand the first word string to a 256-bit second data block; and an encryption unit is used to encrypt the second data block with a unique distributed key, Thus, the first data block is obtained. In one embodiment, the generating device 240 is configured to select digits from 0 to 9 from left to right in the first data block and align the selected digits to the left, thereby obtaining a third data block; from the first Select the A to F in hexadecimal from left to right in the data block, and convert it to decimal 10 minus 10 to obtain the fourth data block; splice the fourth data block to the third data block On the right, get the fifth data block; and select the leftmost three digits of the fifth data block as the dynamic credit card security code.   Referring to FIG. 3, it shows a display module of a bank card according to an embodiment of the present invention. In one embodiment of the present invention, the bank card may include a display module, and the display module includes a display main control chip, a display medium, a personalized antenna, a battery, and buttons (optional). The display medium can use electronic paper, LCD and other technologies. The battery supplies power to the display medium and the main control chip to calculate and display dCVN2. The personalized antenna is used to write some parameters initialized on the card (for example, the dynamic CVN2 part).  In one embodiment, in the case of dCVN2 generated based on the event variable factor, the display module must include a button for generating the event variable factor EBN based on the number of key presses accumulated to the current after personalization. In another embodiment, in the case where dCVN2 is generated based on a time variable factor, the display module may not include buttons.  Every time the payment service is activated, dCVN2 is generated on the portable consumer device for authentication purposes. Figure 4 depicts the method for generating dCVN2 for each transaction according to the present invention. Initially, replace the leftmost 8-bit digits of the PAN with TBN or EBN to construct the string, and record it as the new PAN. Next, connect the new PAN, card expiration date, and service code from left to right to construct a string. Then, put the string in the 256-bit data column, and add 0 to the right to get BlockA. Use UDK (Unique Derivation Key, Unique Derivation Key) to encrypt BlockA to get BlockG. In BlockG, select the numbers from 0 to 9 from left to right, and align the left to get BlockH. In BlockG, select A to F in hexadecimal from left to right, and then convert each to decimal 10 minus 10 to get BlockI. Splice BlockI to the right of BlockH to get BlockJ. In the end, dCVN2 is selected as the three leftmost digits of BlockJ.   Referring to FIG. 5, FIG. 5 schematically illustrates the authentication process of the bank card of dCVN2 according to an embodiment of the present invention. In one embodiment, during cardless transactions, the card data (card number, expiration date, and dCVN2) are submitted to the card issuer authentication server through the payment network. The issuing bank authentication server recognizes the card as a dCVN2 bank card based on PAN or BIN, and routes the authentication request to the dCVN2 authentication system. The dCVN2 authentication system calculates dCVN2 according to its own configuration and compares it with the dCVN2 submitted by the card. Subsequently, the comparison result is returned to the card issuing bank authentication server. Finally, the card issuer authentication server approves/rejects the transaction and informs the payment requester.   The basic authentication principle of dCVN2 is that the user terminal and the authentication service provider use the same arithmetic factor and the same arithmetic method to generate dCVN2 for comparison to complete the entire authentication process. Generally, the comparison of dCVN2 is done by the authentication service provider. As long as the calculated dCVN2 value in the card falls within the set of dCVN2 values in the setting window of the background authentication server, the authentication is passed. Synchronous processing between the dynamic CVN2 bank card and the system. For a variable time dCVN2 bank card, the background authentication uses a two-way time window; for a variable event dCVN2 bank card, a one-way event window is used. In summary, the present invention realizes CVN 2-bit dynamic display based on various variable factors and algorithms to ensure the security of transactions. In addition, in the embodiment of the present invention, the function module for generating/displaying dCVN2 in the bank card is independent. When the dCVN2 function cannot be used normally, other functions of the bank card should continue to be used normally. The national secret algorithm adopted by the invention has fewer calculation links, and the randomness of the calculation result is better than the DES/3DES international algorithm.  The above examples mainly illustrate the method and device for generating a dynamic credit card security code, bank card and authentication system architecture of the present invention. Although only some of the specific embodiments of the present invention have been described, those of ordinary skill in the art should understand that the present invention can be implemented in many other forms without departing from the spirit and scope of the invention. Therefore, the examples and embodiments shown are to be regarded as illustrative rather than restrictive, and the present invention may cover various modifications without departing from the spirit and scope of the present invention as defined in the appended patent applications. And replace.

1000‧‧‧產生動態信用卡安全碼的方法110-140‧‧‧步驟2000‧‧‧產生動態信用卡安全碼的設備210‧‧‧獲取裝置220‧‧‧替換裝置230‧‧‧加密裝置240‧‧‧產生裝置1000‧‧‧ Method for generating dynamic credit card security code 110-140‧‧‧ Step 2000‧‧‧ Device for generating dynamic credit card security code 210‧‧‧ Acquisition device 220‧‧‧Replacement device 230‧‧‧Encryption device 240‧‧ ‧Generating device

圖1是表示本發明的一個實施例的產生動態信用卡安全碼的方法;   圖2是表示本發明的一個實施例的產生動態信用卡安全碼的設備;   圖3是表示本發明的一個實施例的銀行卡的顯示模組;   圖4是根據本發明的一個實施例的基於SM4演算法的dCVN2產生流程圖;以及   圖5示意性地示出根據本發明的一個實施例的dCVN2的銀行卡的認證流程。1 is a method for generating a dynamic credit card security code according to an embodiment of the present invention; FIG. 2 is a device for generating a dynamic credit card security code according to an embodiment of the present invention;    FIG. 3 is a bank showing an embodiment of the present invention The display module of the card;    FIG. 4 is a flowchart of dCVN2 generation based on the SM4 algorithm according to an embodiment of the present invention; and FIG. 5 schematically shows the authentication process of the dCVN2 bank card according to an embodiment of the present invention .

1000‧‧‧產生動態信用卡安全碼的方法 1000‧‧‧ Method for generating dynamic credit card security code

Claims (17)

一種產生動態信用卡安全碼的方法,其特徵在於,所述方法包括:獲取動態資料元素,用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN;對所述更新的主帳號PAN進行加密,得到第一資料塊;以及基於所述第一資料塊產生所述動態信用卡安全碼。 A method for generating a dynamic credit card security code, characterized in that the method includes: acquiring a dynamic data element, replacing a part of the main account number PAN of the credit card with the dynamic data element, thereby generating an updated main account number PAN; The updated master account PAN is encrypted to obtain a first data block; and the dynamic credit card security code is generated based on the first data block. 如請求項1所述的方法,其中,所述動態資料元素為事件可變因數,使得所述動態信用卡安全碼基於所述事件可變因數的觸發而變化。 The method of claim 1, wherein the dynamic data element is an event variable factor, such that the dynamic credit card security code changes based on the trigger of the event variable factor. 如請求項2所述的方法,其中,所述事件可變因數對應於個人化之後累計至當前的按鍵次數或個人化之後搖晃卡片的次數。 The method according to claim 2, wherein the event variable factor corresponds to the current number of keystrokes accumulated after personalization or the number of times the card is shaken after personalization. 如請求項3所述的方法,其中,所述事件可變因數為8位元數字,並且在所述按鍵次數少於8位元數位時,在所述按鍵次數的資料左邊以二進位數字字0填充。 The method according to claim 3, wherein the event variable factor is an 8-digit number, and when the number of key presses is less than 8-digit digits, a binary digit word is displayed on the left of the data of the number of key presses 0 padding. 如請求項1所述的方法,其中,用所述動態資料元素 替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN包括:用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。 The method according to claim 1, wherein the dynamic data element is used Replacing a part of the primary account number PAN of the credit card to generate an updated primary account number PAN includes replacing the leftmost 8-bit digit construction string of the PAN with the dynamic data element, thereby generating an updated primary account number PAN. 如請求項1所述的方法,其中,對所述更新的主帳號PAN進行加密,得到第一資料塊包括:依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及利用唯一分散金鑰對所述第二資料塊進行加密,從而得到所述第一資料塊。 The method according to claim 1, wherein encrypting the updated primary account number PAN to obtain the first data block includes: sequentially concatenating the updated primary account number PAN, card expiration date, and service code to construct the first A string of characters; by adding 0 to the right of the first string of characters, the first string of characters is expanded to a second data block of 256 bits; and the second data block is encrypted using a unique distributed key To obtain the first data block. 如請求項1所述的方法,其中,基於所述第一資料塊產生所述動態信用卡安全碼包括:從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。 The method according to claim 1, wherein generating the dynamic credit card security code based on the first data block includes: selecting digits from 0 to 9 from left to right in the first data block and selecting the selected digits Align the left to get the third data block; select the hexadecimal A to F from the first data block from left to right, and convert it to decimal system minus 10 to get the fourth data block ; Splicing the fourth data block to the right of the third data block to obtain a fifth data block; and selecting the leftmost 3 digits of the fifth data block as the dynamic credit card security code. 如請求項1所述的方法,其中,所述動態資料元素為時間可變因數,所述時間可變因數基於當前時間而確定。 The method of claim 1, wherein the dynamic data element is a time variable factor, and the time variable factor is determined based on the current time. 一種產生動態信用卡安全碼的設備,其特徵在於,所述設備包括:獲取裝置,用於獲取動態資料元素,替換裝置,用於用所述動態資料元素替換所述信用卡的主帳號PAN的一部分,從而產生更新的主帳號PAN;加密裝置,用於對所述更新的主帳號PAN進行加密,得到第一資料塊;以及產生裝置,用於基於所述第一資料塊產生所述動態信用卡安全碼。 An apparatus for generating a dynamic credit card security code, characterized in that the apparatus includes: acquiring means for acquiring dynamic data elements, and replacing means for replacing a part of the main account number PAN of the credit card with the dynamic data elements, Thereby generating an updated primary account number PAN; an encryption device for encrypting the updated primary account number PAN to obtain a first data block; and a generating device for generating the dynamic credit card security code based on the first data block . 如請求項9所述的設備,其中,所述替換裝置配置成用所述動態資料元素替換所述PAN的最左邊的8位元數位構建字串,從而產生更新的主帳號PAN。 The apparatus of claim 9, wherein the replacement device is configured to replace the leftmost 8-bit digit construction string of the PAN with the dynamic data element, thereby generating an updated master account number PAN. 如請求項9所述的設備,其中,所述加密裝置包括:串接單元,用於依次串接所述更新的主帳號PAN、卡片失效日期、服務代碼,以構建第一字串;擴展單元,用於通過在所述第一字串的右側補0,將所述第一字串擴展為256位元的第二資料塊;以及加密單元,用於利用唯一分散金鑰對所述第二資料塊 進行加密,從而得到所述第一資料塊。 The device according to claim 9, wherein the encryption device includes: a concatenating unit for sequentially concatenating the updated primary account number PAN, card expiration date, and service code to construct a first character string; an expansion unit , Used to expand the first string to a 256-bit second data block by padding 0 to the right of the first string; and an encryption unit, used to uniquely decentralize the key to the second Data block Encrypt to obtain the first data block. 如請求項9所述的設備,其中,所述產生裝置配置成從所述第一資料塊中從左至右選出0到9的數位並將選出的數位左靠齊,從而得到第三資料塊;從所述第一資料塊中從左至右選出16進制中A到F,並將其轉換成10進制減去10,從而得到第四資料塊;將所述第四資料塊拼接到所述第三資料塊的右側,得到第五資料塊;以及將所述第五資料塊最左邊的3個數位選擇作為所述動態信用卡安全碼。 The apparatus according to claim 9, wherein the generating means is configured to select digits from 0 to 9 from left to right in the first data block and align the selected digits to the left to obtain a third data block ; Select A to F in hexadecimal from left to right in the first data block, and convert it to decimal 10 minus 10, to get a fourth data block; splice the fourth data block to To the right of the third data block, a fifth data block is obtained; and the three leftmost digits of the fifth data block are selected as the dynamic credit card security code. 如請求項9所述的設備,其中,所述動態資料元素為事件可變因數,使得所述動態信用卡安全碼基於所述事件可變因數的觸發而變化。 The device of claim 9, wherein the dynamic data element is an event variable factor, such that the dynamic credit card security code changes based on the trigger of the event variable factor. 一種銀行卡,其特徵在於,所述銀行卡包括:顯示模組,所述顯示模組包括顯示主控晶片,其中所述顯示主控晶片包括如請求項9至13中任一項所述的產生動態信用卡安全碼的設備。 A bank card, characterized in that the bank card includes: a display module, the display module includes a display main control chip, wherein the display main control chip includes any one of the items 9 to 13 A device that generates a dynamic credit card security code. 如請求項14所述的銀行卡,其中,所述顯示模組還包括:顯示介質;電池,用於對所述顯示介質和所述顯示主控晶片進行供電; 個人化天線,用於寫入卡片初始化參數;以及按鍵。 The bank card according to claim 14, wherein the display module further includes: a display medium; a battery for powering the display medium and the display main control chip; Personalized antenna for writing card initialization parameters; and keys. 一種由發卡行認證伺服器執行的認證方法,其特徵在於,所述方法包括:接收來自支付網路的卡片資料,其中所述卡片資料包括卡號、有效期和動態信用卡安全碼;根據主帳號PAN或發卡行識別碼BIN將卡片識別為動態可變卡,並將所述卡片資料路由到動態可變認證系統進行認證;以及從所述動態可變認證系統接收認證結果,所述認證結果包括所述動態信用卡安全碼是否落在所述動態可變認證系統設定的視窗內。 An authentication method performed by a card issuing bank authentication server, characterized in that the method includes: receiving card data from a payment network, wherein the card data includes a card number, an expiration date, and a dynamic credit card security code; according to the main account number PAN or The card issuer identification code BIN identifies the card as a dynamically variable card and routes the card data to the dynamically variable authentication system for authentication; and receives an authentication result from the dynamically variable authentication system, the authentication result including the Whether the dynamic credit card security code falls within the window set by the dynamic variable authentication system. 如請求項16所述的認證方法,其中,所述動態可變認證系統對於時間可變的動態可變卡使用雙向時間視窗,而對於事件可變的動態可變卡使用單向事件視窗。 The authentication method according to claim 16, wherein the dynamic variable authentication system uses a bidirectional time window for a time variable dynamic variable card and a unidirectional event window for an event variable dynamic variable card.
TW107140034A 2017-11-15 2018-11-12 Method and equipment for generating dynamic credit card security code, bank card and authentication method TWI696088B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201711128382.6A CN108134667B (en) 2017-11-15 2017-11-15 Method and equipment for generating dynamic credit card security code and bank card
??201711128382.6 2017-11-15
CN201711128382.6 2017-11-15

Publications (2)

Publication Number Publication Date
TW201923641A TW201923641A (en) 2019-06-16
TWI696088B true TWI696088B (en) 2020-06-11

Family

ID=62388695

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107140034A TWI696088B (en) 2017-11-15 2018-11-12 Method and equipment for generating dynamic credit card security code, bank card and authentication method

Country Status (3)

Country Link
CN (1) CN108134667B (en)
TW (1) TWI696088B (en)
WO (1) WO2019096021A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108134667B (en) * 2017-11-15 2021-05-11 中国银联股份有限公司 Method and equipment for generating dynamic credit card security code and bank card
CN108234110B (en) * 2017-12-29 2019-07-12 飞天诚信科技股份有限公司 Credit card and its working method
US10713649B1 (en) * 2019-07-09 2020-07-14 Capital One Services, Llc System and method enabling mobile near-field communication to update display on a payment card
SG10202101039TA (en) * 2021-02-01 2021-03-30 Capital One Services Llc Simplify virtual card numbers

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188079A (en) * 2011-12-29 2013-07-03 智慧光科技股份有限公司 Dynamic safety code authentication method and intelligent card device thereof
CN105874495A (en) * 2013-07-24 2016-08-17 维萨国际服务协会 Systems and methods for communicating risk using token assurance data
TW201737173A (en) * 2016-01-29 2017-10-16 速卡集團有限公司 Apparatus and method for external controlling a digital transaction processing unit (DTPU)

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101093554A (en) * 2007-06-04 2007-12-26 李惠科 Card with realtime biological identification system
US8615468B2 (en) * 2010-01-27 2013-12-24 Ca, Inc. System and method for generating a dynamic card value
US20140279555A1 (en) * 2013-03-14 2014-09-18 Nagraid Security, Inc. Dynamically allocated security code system for smart debt and credit cards
CN103646473B (en) * 2013-12-29 2016-06-29 福建今日特价网络有限公司 A kind of card-free payment system of automatic teller machine of bank
US20150371234A1 (en) * 2014-02-21 2015-12-24 Looppay, Inc. Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data
CN106204024A (en) * 2016-07-19 2016-12-07 上海易码信息科技有限公司 Method of mobile payment under a kind of line
CN108134667B (en) * 2017-11-15 2021-05-11 中国银联股份有限公司 Method and equipment for generating dynamic credit card security code and bank card

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103188079A (en) * 2011-12-29 2013-07-03 智慧光科技股份有限公司 Dynamic safety code authentication method and intelligent card device thereof
CN105874495A (en) * 2013-07-24 2016-08-17 维萨国际服务协会 Systems and methods for communicating risk using token assurance data
TW201737173A (en) * 2016-01-29 2017-10-16 速卡集團有限公司 Apparatus and method for external controlling a digital transaction processing unit (DTPU)

Also Published As

Publication number Publication date
CN108134667B (en) 2021-05-11
TW201923641A (en) 2019-06-16
CN108134667A (en) 2018-06-08
WO2019096021A1 (en) 2019-05-23

Similar Documents

Publication Publication Date Title
US11941591B2 (en) Device including encrypted data for expiration date and verification value creation
TWI696088B (en) Method and equipment for generating dynamic credit card security code, bank card and authentication method
CA2691789C (en) System and method for account identifier obfuscation
US8898089B2 (en) Dynamic verification value system and method
US20180189790A1 (en) Method and system using candidate dynamic data elements
EP3171540B1 (en) Key delivery system and method
US20200314644A1 (en) Encryption key exchange process using access device
KR101364210B1 (en) Verification error reduction system
KR101150241B1 (en) Method and system for authorizing a transaction using a dynamic authorization code
US8527427B2 (en) Method and system for performing a transaction using a dynamic authorization code
US20100179909A1 (en) User defined udk
KR20020076750A (en) Payment method and system to input payment information to mobile phone
AU2016228185B2 (en) Key delivery system and method
AU2015200719B2 (en) Key delivery system and method
WO2024077127A1 (en) Messaging flow for remote interactions using secure data
KR20170114725A (en) Method for data security using key synchronization and data securuty system using the same