WO2009039771A1 - Terminal de paiement mobile et procédé de paiement basé sur la technologie pki - Google Patents

Terminal de paiement mobile et procédé de paiement basé sur la technologie pki Download PDF

Info

Publication number
WO2009039771A1
WO2009039771A1 PCT/CN2008/072402 CN2008072402W WO2009039771A1 WO 2009039771 A1 WO2009039771 A1 WO 2009039771A1 CN 2008072402 W CN2008072402 W CN 2008072402W WO 2009039771 A1 WO2009039771 A1 WO 2009039771A1
Authority
WO
WIPO (PCT)
Prior art keywords
smart card
terminal
digital certificate
mobile
card reader
Prior art date
Application number
PCT/CN2008/072402
Other languages
English (en)
Chinese (zh)
Inventor
Guilin Peng
Xiaohan Yuan
Yong Min
Mingming Ge
Original Assignee
China Unionpay Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co., Ltd. filed Critical China Unionpay Co., Ltd.
Publication of WO2009039771A1 publication Critical patent/WO2009039771A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3227Aspects of commerce using mobile devices [M-devices] using secure elements embedded in M-devices

Definitions

  • the present invention relates to the application technology of digital certificates, and in particular to a mobile payment terminal and payment method based on the technology.
  • Mobile payment also known as mobile payment, is a payment service that bundles a mobile phone number with a bank card number.
  • the mobile payment service is mainly based on the identity authentication mechanism of the static payment password, and is carried out by means of short message and WAP (Wireless Application Protocol).
  • the identity authentication mechanism based on the static payment password refers to an authentication mechanism that allows the user to perform payment after the banking system authenticates the static information such as the login password and payment password of the mobile phone user.
  • the business of static passwords is convenient and easy to use.
  • this identity authentication mechanism has the following problems: If the user does not apply for mobile payment service, important information such as the bank card number and payment password of the user is leaked or stolen.
  • the acquirer Since the acquirer does not have a bank card, it is not possible to withdraw money from the refused or self-service terminal; if the acquirer uses online banking, since the current online banking is very strict with the user, only the card number and the payment password cannot be paid; In this case, the acquirer will use the obtained card number and payment password to apply for registration of the mobile payment service, and then use the mobile phone to implement payment operations such as transfer or consumption. Therefore, the identity authentication mechanism based on the static payment password is less secure. In recent years, a large number of cardholder funds have been stolen by others.
  • mobile payment mainly adopts SMS and WAP.
  • SMS payment mode the payment content (including the payment password) is completely plain text and is easily stolen during the transmission process.
  • WAP mode although the transmission technology is used on the transmission channel of the mobile phone to the banking system, it is required. After the WAP gateway decrypts and implements the protocol conversion, there is also a security problem in this link, so it is impossible to encrypt the end-to-end (mobile phone - I-line system).
  • the current mobile payment service has risks in the identity authentication mechanism and information transmission mechanism. Hidden dangers. With the continuous development of mobile payment services, these deficiencies may pose potential business risks.
  • the technical problem to be solved by the present invention is to provide a mobile payment terminal and a payment method based on PKI technology, so as to solve the problem that the current mobile payment service has potential risks in the identity authentication mechanism and the information transmission mechanism.
  • the present invention discloses the following technical solutions:
  • a mobile payment terminal includes:
  • a smart card reader for reading and writing and clearing smart cards
  • a terminal chip for adding a control function, configured to control the smart card reader to access the smart card; and a data interface, configured to provide data communication between the terminal chip and the external device.
  • the data interface includes a data line interface, and/or an infrared interface, and/or a Bluetooth interface, and/or a remote wireless interface.
  • the terminal further includes: a terminal kit installed on the external device to provide the terminal control and communication function, and adding, downloading, deleting and applying functions of the digital certificate in the kit.
  • the terminal When the smart card is external, the terminal further includes: a slot for providing a connection between the smart card and the smart card reader/writer.
  • the smart card can store multiple digital certificates.
  • a method for downloading a digital certificate to the mobile terminal includes:
  • the mobile terminal initiates a download request and sends it to the server through an external device; the terminal chip controls the smart card reader to write the digital certificate to the smart card.
  • the method further comprises: requesting the user to input the smart card access password and verifying.
  • the manner in which the mobile terminal initiates the download request comprises: directly initiating at the mobile terminal, and the terminal chip sends the download request to the external device through the data interface; or triggering the download function provided by the terminal kit installed in the external device to initiate.
  • a method for downloading a digital certificate to the mobile terminal includes: The mobile terminal initiates a download request by using a WAP mode;
  • the terminal chip sends the request to the server through the remote wireless interface, and receives the digital certificate returned by the server;
  • the terminal chip controls the smart card reader to write the digital certificate to the smart card.
  • the method further comprises: requesting the user to input the smart card access password and verifying.
  • a method for applying a digital certificate in the above mobile terminal comprising:
  • the mobile terminal initiates a certificate application request by using a WAP method
  • the terminal chip controls the smart card reader to access the smart card, and the smart card uses the digital certificate to sign and encrypt the transaction data;
  • the terminal chip sends the encrypted data to the server through a remote wireless interface to establish a payment channel of the mobile terminal.
  • the smart card reader further includes: requesting the user to input the smart card access password and verifying.
  • a method for applying a digital certificate in the above mobile terminal comprising:
  • the user initiates a certificate application request through the external device, and the external device sends the request to the terminal chip through the data interface;
  • the terminal chip controls the smart card reader to access the smart card, and the smart card uses the digital certificate to sign and encrypt the transaction data;
  • the terminal chip sends the encrypted data to the server through an external device to establish an online payment channel.
  • the smart card reader further includes: requesting the user to input the smart card access password and verifying.
  • a method for deleting a digital certificate from the mobile terminal includes:
  • the terminal chip controls the smart card reader to remove the digital certificate from the smart card.
  • the method further includes: requesting the user to input the smart card access password and verifying.
  • PKI Public Key Infrastructure
  • the method further includes: requesting the user to input the smart card access password and verifying.
  • the following technical effects are disclosed:
  • the embodiment of the present invention provides a secure mobile payment terminal based on PKI (Public Key Infrastructure) technology, by adding a smart card in the terminal. And adding a control function to the smart card in the terminal chip, the digital certificate can be downloaded into the smart card. Based on this, the user can use the mobile terminal to complete secure mobile payment.
  • PKI Public Key Infrastructure
  • a digital certificate-based mobile payment security verification mechanism can be established to comprehensively improve the security of mobile payment, avoiding the misappropriation of cardholder funds due to insufficient static password verification mechanism; on the other hand, the security of transaction data can be established.
  • the transmission mechanism avoids the payment of data by the cardholder in clear text, and ensures the security of the cardholder's funds.
  • USB KEY is a smart storage device, which can be used for storing the online banking certificate, and can be digitally Signature and signature verification operations
  • USB KEY technology has been widely adopted to ensure payment security.
  • USB KEY has high security
  • some cardholders also use static passwords, file certificates and other security-level methods because of the high cost and restrictions on network application.
  • make online payments In addition, the USB KEY is not a must-have item, and it is not convenient for the card holder to carry it. After adopting the invention, since the mobile terminal is a device carried by the card holder, and does not require additional application fees and costs, it is more convenient and practical than the USB KEY.
  • FIG. 1 is a rear view of a secure payment mobile phone based on PKI technology according to an embodiment of the present invention
  • FIG. 2 is a logical structural diagram of the secure payment mobile phone shown in FIG.
  • FIG. 3 is a flowchart of downloading a digital certificate to a secure payment mobile phone in an online mode according to an embodiment of the present invention
  • FIG. 4 is a flowchart of downloading a digital certificate to a secure payment mobile phone in a wireless mode according to an embodiment of the present invention
  • FIG. 5 is a flowchart of performing mobile payment according to an embodiment of the present invention.
  • PKI is the abbreviation of "Public Key Infrastructure", which means “public key infrastructure”. It is a versatile security infrastructure realized by the principle and technology of asymmetric cryptography. PKI uses the digital certificate to identify the identity of the key holder. Through the standardized management of the key, the organization establishes and maintains a trustworthy system environment for the organization, transparently providing identity authentication, data confidentiality and integrity to the application system. Non-repudiation and other necessary security guarantees to meet the security needs of various application systems. Simply put, PKI is a system that provides public key encryption and digital signature services, in order to automatically manage keys and certificates, and to ensure the confidentiality, authenticity, integrity and non-repudiation of digital information transmission on the Internet. PKI technology is the core of information security technology and the key and basic technology of e-commerce. The basic technologies of PKI include encryption, digital signatures, data integrity mechanisms, digital envelopes, dual digital signatures, and more.
  • the embodiment of the invention provides a secure mobile payment terminal based on PKI technology.
  • the digital certificate can be downloaded to the mobile terminal, and a digital certificate-based mobile payment security verification mechanism is established.
  • the user can use the mobile terminal to complete secure mobile payment; on the other hand, when connecting the external device using a data line or an interface such as infrared or Bluetooth, the user can also use the mobile terminal instead of the USB KEY to realize secure online payment. .
  • FIG. 1 it is a rear view (removing the back cover and the battery) of the secure payment mobile phone based on the PKI technology according to the embodiment of the present invention.
  • the secure payment mobile phone adds a smart IC card 1, an IC card slot 2, a contact IC card reader (not shown), and the like, and has the following functions:
  • the smart IC card 1 is a type of IC card (integrated circuit card), which is a CPU card in which a microprocessor chip CPU, a storage unit (including a random access memory RAM, a program memory ROM, and a user data memory EEPROM) and a solidification are integrated.
  • the smart IC card 1 is equivalent to an independent single chip microcomputer system.
  • the size of the IC card is equivalent to the size of the SIM card, and is a security chip independent of the SIM card.
  • the digital certificate is stored in the EEPROM storage area, and the digital signature and data encryption algorithm are built in the chip operating system COS, and the application process of using the digital certificate for signature encryption in the payment process is completed in the smart IC card 1. Therefore, the data read from the mobile phone is the data encrypted by the signature, and the security is higher.
  • the smart IC card 1 can store multiple digital certificates, depending on the EEPROM capacity. Depending on the amount.
  • the IC card slot 2 is placed in a position juxtaposed with the SIM card slot to provide insertion or removal of the smart IC card 1.
  • the contact IC card reader can read and write the smart IC card 1 through a plurality of metal contacts located in the slot.
  • the smart IC card 1 is installed in the mobile phone by inserting the IC card slot 2, and the smart IC card 1 can also be moved to other mobile terminals having similar functions.
  • the smart IC card 1 can also be solidified in the mobile phone, but this method lacks flexibility.
  • the mobile phone shown in FIG. 1 adds a control program of the IC card reader/writer in the operating system of the mobile phone chip (the mobile phone core hardware, the non-SIM card or the smart IC card 1 storing the certificate in this embodiment).
  • the mobile phone chip can access the smart card 1 by controlling the IC card reader through the mobile phone operating system.
  • the mobile phone shown in FIG. 1 communicates with an external device through the data interface 3, and the data interface 3 refers to a data line interface or a wireless interface such as infrared or Bluetooth.
  • the phone also has a built-in remote wireless application module for data exchange between the mobile phone and the remote server.
  • the phone is also equipped with a PC kit, and a CD is attached to the phone.
  • the content on the CD is the PC kit.
  • the PC Suite is a software that connects and synchronizes the phone to the computer. It is installed on a computer connected to the phone to help manage the phone.
  • foreign trade machines such as Nokia, Samsung, Sony Ericsson, etc.
  • the smart IC card 1 since the smart IC card 1 is added to the mobile phone, the corresponding control function is also added in the PC suite.
  • the mobile phone When the mobile phone is connected to the computer through a data line or an interface such as infrared or Bluetooth, the new one in the PC suite can be used. Certificate download, delete or apply features.
  • FIG. 2 it is a logical structural diagram of the secure payment mobile phone shown in FIG. 1, illustrating the logical relationship between various components of the mobile phone.
  • the mobile phone chip 5 with the control function is added to control the IC card reader/writer 4 to access the smart IC card 1, and the IC card reader/writer 4 performs operations such as reading, writing, and erasing the smart IC card 1.
  • the mobile phone chip 5 is connected to the USB interface of the external computer through the data line interface 3, or is connected to the infrared and Bluetooth interfaces of the external computer through the infrared and Bluetooth interface 3 for data exchange.
  • the WAP mode the hand
  • the machine chip 5 realizes connection communication with the remote wireless server through the wireless application module 6. Based on the secure payment handset described above, the digital certificate application process implemented by the mobile phone will be described below.
  • the embodiment of the present invention provides two ways to download a digital certificate into a mobile phone, which is an online mode and a wireless mode, respectively.
  • the mobile phone In the online mode, first connect the mobile phone to the computer through the data cable or infrared, Bluetooth, etc., and then download the digital certificate to the smart IC card in the mobile phone through the relevant online banking page.
  • Mobile users can choose to download the certificate through the mobile app, or they can initiate a certificate download on the PC through the PC Suite.
  • the mobile phone application refers to a corresponding download menu provided in the operation interface after adding a smart IC card in the mobile phone, and the user selects to initiate a download request. The detailed steps are as follows:
  • Step 301 The user initiates a digital certificate download request directly on the mobile phone through the mobile phone application, or connects the mobile phone to the computer through a data line or infrared, Bluetooth, etc., and then applies for downloading the certificate through the certificate download function in the mobile phone PC suite on the computer end;
  • Step 302 If the request is initiated by the mobile phone application, the mobile phone chip sends the certificate download request to the computer through a data line or an interface such as infrared or Bluetooth; if the PC suite is used to initiate the request, the step is omitted;
  • Step 303 the mobile phone suite program in the computer applies for downloading the digital certificate through the online banking web page;
  • Step 304 the mobile phone suite program in the computer receives the digital certificate issued by the server;
  • Step 305 the mobile phone suite program in the computer passes the digital certificate through the data. Line or infrared, Bluetooth and other interfaces are sent back to the phone;
  • Step 306 the mobile phone chip sends a write request to the smart IC card through the IC card reader/writer; Step 307, the IC card reader/writer requests the user to input the IC card access password;
  • Step 308 the user inputs an access password
  • Step 309 the IC card operating system verifies that the access password is correct, and writes the digital certificate into the special certificate storage area.
  • step 307 is a preferred step of the embodiment, that is, the mobile phone user needs to set a password to protect the access to the smart IC card, and only the correct password can be input to complete the certificate download.
  • the user accesses the 4 page through the WAP mode, and then downloads the digital certificate to the mobile phone through the over-the-air download.
  • the detailed steps are as follows:
  • Step 401 The user logs in to the bank WAP page through the mobile phone to apply for downloading the digital certificate; Step 402, the mobile phone chip sends the certificate download request to the remote bank host through the wireless application module;
  • Step 403 the bank host returns the required digital certificate to the mobile phone
  • Step 404 the mobile phone chip sends a write request to the IC card through the IC card reader/writer;
  • the IC card reader/writer requests the user to input an IC card access password
  • Step 406 The user inputs an access password.
  • Step 407 the IC card operating system verifies that the access password is correct, and writes the digital certificate into the special certificate storage area.
  • Asymmetric encryption uses not the same key for encryption and decryption, and usually requires two keys: a public key and a private key.
  • the public key and the private key are a pair, the private key is saved by the encrypting party, and the public key is disclosed to all users.
  • This way of publicizing the public key solves the security problem in the key exchange process. If the data is encrypted with a private key, it can only be decrypted with the corresponding public key. When the encrypting party uses its own private key for data encryption, it is equivalent to digital signature on the data.
  • the decrypting party decrypts the data with the public key. Since the private key is only encrypted, if the decrypting party can decrypt it normally, it indicates that the data must be encrypted. Side, the encryption party can't deny it, and it guarantees that the data is not faked and not modified during the transmission.
  • the smart IC card in the process of downloading the digital certificate, the smart IC card will obtain the only cardholder private key owned by the cardholder and obtain the server public key; then, in the process of applying the digital certificate, the use of the digital certificate
  • the cardholder private key is used to sign the transaction data, and then the server public key is used for encrypted transmission.
  • the server After the server receives the encrypted data, it first decrypts the transmitted data by using the server private key, and then uses the cardholder's public key to check the transaction data (including the process of verifying the identity of the other party and the process of verifying the integrity of the data). , thus confirming the identity of the cardholder and ensuring the security of data transmission.
  • the cardholder private key and the cardholder public key are a pair of asymmetric keys, and the server private key and the server public key are another pair of asymmetric keys.
  • the cardholder performs mobile payment through the WAP method.
  • the cardholder enters an access password in the secure payment handset, the mobile phone chip accesses the smart IC card, uses the cardholder private key to sign the transaction data, and then encrypts the transmission using the server public key.
  • the detailed steps are as follows:
  • Step 501 The user logs in to the bank WAP page through the mobile phone, inputs the identity and transaction information to be submitted, and selects the user certificate;
  • Step 502 The mobile phone chip notifies the IC card reader/writer of the certificate application request
  • the IC card reader/writer requires the user to input an IC card access password
  • Step 504 the user inputs an access password.
  • Step 505 The IC card reader/writer submits the certificate application request and the access password to the smart IC card.
  • Step 507 the IC card reader/writer returns the signature encrypted data to the mobile phone chip
  • Step 508 The mobile phone chip submits the signed transaction data to the remote banking host through the wireless application module.
  • Step 509 the bank host returns a transaction response, establishes an encrypted channel, and continues subsequent data communication.
  • the security of the mobile payment is comprehensively improved, and the cardholder funds are prevented from being stolen by others due to insufficient static password verification mechanism.
  • a secure transmission mechanism for transaction data is established, which avoids the transmission of cardholder transaction data in clear text and protects the cardholder's funds security.
  • the secure payment mobile phone can replace the USB KEY and become the identity token for the cardholder to complete the online payment.
  • the cardholder first connects the phone to the computer via a data cable or an interface such as infrared or Bluetooth, and enables a control switch that allows the application to access the smart IC card.
  • the mobile PC Suite automatically reads the application data encrypted by the digital certificate and the cardholder's private key from the mobile smart IC card; after the secure connection is established, the server
  • the process of performing encrypted communication is the same as the traditional USB KEY. The detailed steps are as follows:
  • Step 601 the user connects the computer to the mobile phone through a data line or infrared, Bluetooth, etc., and Log in to the online banking web page on the computer, enter the identity and transaction information to be submitted, and select the mobile digital certificate;
  • Step 602 The mobile phone PC suite in the computer submits a certificate application request to the mobile phone chip through the data interface;
  • Step 603 The mobile phone chip notifies the IC card reader/writer of the certificate application request
  • the IC card reader/writer requires the user to input the smart IC card access password through the mobile phone interface or the PC suite;
  • Step 605 the user inputs an access password.
  • Step 606 the IC card reader/writer submits the digital certificate application request and the access password to the smart IC card chip;
  • Step 607 the smart IC card verifies that the access password is correct, and uses the digital certificate to sign and encrypt the data to be submitted, and returns it to the IC card reader/writer;
  • Step 608 the IC card reader/writer returns the encrypted data to the mobile phone chip
  • Step 609 the mobile phone chip returns the encrypted data to the computer through the data interface
  • Step 610 The computer submits the signed transaction data to the online banking host through the Internet;
  • Step 611 the bank host returns a transaction response, establishes an encrypted channel, and continues subsequent data communication.
  • USB KEY technology has been widely adopted to ensure payment security. Although most cardholders have realized that USB KEY has high security, some cardholders also use static passwords, file certificates and other security-level methods because of the high cost and restrictions on network application. Make online payments. Moreover, the USB KEY is not a must-have item, and it is not convenient for the card holder to carry it. After adopting the invention, since the mobile terminal such as a mobile phone is a device carried by the card holder, and does not require additional application cost and cost, it is more convenient and practical than the USB KEY.
  • the cardholder can delete the digital certificate and private key stored in the smart card chip through the mobile phone application or PC suite.
  • the correct cardholder password is entered before deletion. Proceed as follows:
  • Step 701 the user selects to delete the digital certificate through the mobile phone application, or on the computer through the mobile phone PC suite;
  • Step 702 the mobile phone chip sends a delete request to the IC card reader/writer; if it is through the mobile phone PC
  • the suite initiates a delete request, and the PC suite program sends the request to the mobile phone chip through the mobile data interface;
  • Step 703 the IC card reader/writer requires the user to input an IC card access password
  • Step 704 the user inputs an access password.
  • Step 705 The IC card reader/writer submits the deletion certificate request and the access password to the smart IC card chip, and the IC card determines that the access password is correct, and deletes the designated digital certificate.

Abstract

L'invention porte sur un terminal de paiement mobile et sur un procédé de paiement basé sur la technologie d'infrastructure à clé publique (PKI) qui résolvent le problème selon lequel un risque de problème caché apparaît dans le mécanisme d'authentification d'identité et le mécanisme de transfert d'informations pour le service de paiement de collecte actuel. Le terminal de paiement mobile comprend : une carte intelligente (1), pour stocker et appliquer un certificat numérique ; un équipement de lecture et d'écriture de carte intelligente (4), pour effectuer une opération de lecture, d'écriture et d'annulation sur la carte intelligente (1) ; une puce de terminal (5) ajoutant une fonction de commande, pour commander le lecteur de carte intelligente (4) afin d'accéder à la carte intelligente (1) ; une interface de données (3), pour permettre la communication de données entre la puce de terminal (5) et un équipement périphérique. Un utilisateur utilisant le terminal de paiement mobile peut télécharger le certificat numérique dans la carte intelligente, et réaliser le paiement mobile complet. Et lorsque le terminal de paiement mobile communique avec l'équipement périphérique par l'intermédiaire de l'interface telle qu'un bus de données ou infrarouge, Bluetooth, etc., l'utilisateur peut utiliser le terminal de paiement mobile pour réaliser le paiement en réseau à la place de la clé USB.
PCT/CN2008/072402 2007-09-20 2008-09-18 Terminal de paiement mobile et procédé de paiement basé sur la technologie pki WO2009039771A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710046313A CN101394615B (zh) 2007-09-20 2007-09-20 一种基于pki技术的移动支付终端及支付方法
CN200710046313.0 2007-09-20

Publications (1)

Publication Number Publication Date
WO2009039771A1 true WO2009039771A1 (fr) 2009-04-02

Family

ID=40494639

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/072402 WO2009039771A1 (fr) 2007-09-20 2008-09-18 Terminal de paiement mobile et procédé de paiement basé sur la technologie pki

Country Status (2)

Country Link
CN (1) CN101394615B (fr)
WO (1) WO2009039771A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104050105A (zh) * 2013-03-11 2014-09-17 魏如隆 机敏资料加密演算储存装置
CN108921561A (zh) * 2018-08-27 2018-11-30 河南芯盾网安科技发展有限公司 一种基于硬件加密的数字热钱包

Families Citing this family (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102300211A (zh) * 2010-06-22 2011-12-28 国民技术股份有限公司 一种具有智能密钥功能的移动终端和智能密钥系统及方法
CN101938520B (zh) * 2010-09-07 2015-01-28 中兴通讯股份有限公司 一种基于移动终端签名的远程支付系统及方法
CN102404115A (zh) * 2010-09-16 2012-04-04 林新格 用sd卡实现wap手机银行系统中手机与服务器的双向安全认证的方法及其系统
CN101957958A (zh) * 2010-09-19 2011-01-26 中兴通讯股份有限公司 一种实现网络支付的方法及手机终端
CN102075524B (zh) * 2010-12-28 2013-04-17 广东楚天龙智能卡有限公司 一种通过智能卡开展数字媒体互动业务的方法
CN102547681B (zh) * 2010-12-31 2015-03-25 国民技术股份有限公司 一种智能密钥装置和身份认证方法
CN102118394A (zh) * 2011-01-24 2011-07-06 郑州信大捷安信息技术有限公司 基于双界面安全智能卡的网上银行远程支付的安全认证方法
CN102685073B (zh) * 2011-03-11 2016-04-27 中国移动通信集团公司 安全支付方法和移动终端
CN102769846A (zh) 2011-05-04 2012-11-07 中国银联股份有限公司 一种用户终端及支付系统
CN102238193A (zh) * 2011-08-09 2011-11-09 深圳市德卡科技有限公司 数据认证方法及使用该方法的系统
CN102387255B (zh) * 2011-10-25 2014-07-23 北京中清怡和科技有限公司 一种利用智能卡处理第三方扩展业务数据的方法与装置
CN103107881B (zh) * 2011-11-11 2017-02-08 中兴通讯股份有限公司 智能卡的访问方法、装置及系统
CN103108323B (zh) * 2011-11-11 2017-08-11 中兴通讯股份有限公司 安全性操作执行系统及执行方法
CN102693480B (zh) * 2012-05-11 2015-06-17 福建联迪商用设备有限公司 具有读卡功能的移动终端及移动终端支付方法
CN102768744B (zh) * 2012-05-11 2016-03-16 福建联迪商用设备有限公司 一种远程安全支付方法和系统
CN102831519A (zh) * 2012-07-27 2012-12-19 郑州信大捷安信息技术股份有限公司 面向苹果移动设备的安全智能密码系统及其网银交易方法
CN103577740A (zh) * 2012-08-02 2014-02-12 中国移动通信集团公司 一种实现安全通信的方法和智能移动终端
CN102779303A (zh) * 2012-08-07 2012-11-14 上海方付通商务服务有限公司 一种基于手机的无线支付系统及方法
JP6711623B2 (ja) * 2012-08-21 2020-06-17 バンクインテル エセ.アー 移動体電話アプリケーションを介した移動体電話による非接触発券/支払を可能にするための方法及びシステム
CN103701762B (zh) * 2012-09-28 2017-04-19 中国银联股份有限公司 安全性信息交互系统、设备及方法
CN103778535B (zh) * 2012-10-25 2017-08-25 中国银联股份有限公司 处理来自移动终端的数据访问请求的设备和方法
CN103118058B (zh) * 2012-11-09 2016-03-23 福建联迪商用设备有限公司 一种pc套件透传及缓存下载的方法
CN103023642B (zh) * 2012-11-22 2016-02-24 中兴通讯股份有限公司 一种移动终端及其数字证书功能实现方法
CN103873241B (zh) * 2012-12-11 2017-06-23 中国银联股份有限公司 安全盾、数字证书管理系统和方法
CN103368743A (zh) * 2013-07-08 2013-10-23 深圳市文鼎创数据科技有限公司 多功能智能卡及其身份认证方法和运行方法
CN103345686A (zh) * 2013-07-16 2013-10-09 北京旋极信息技术股份有限公司 一种移动支付设备
CN103413220A (zh) * 2013-08-08 2013-11-27 天地融科技股份有限公司 一种信息输出方法、装置及信息处理方法、系统
CN103580870A (zh) * 2013-11-07 2014-02-12 李宾 一种手机身份认证终端
CN103905443A (zh) * 2014-03-31 2014-07-02 北京握奇数据系统有限公司 一种验证装置、系统及注册、验证方法
CN105023154A (zh) * 2014-04-21 2015-11-04 航天信息股份有限公司 基于多功能金融ic卡的电子支付方法和装置
CN104281945A (zh) * 2014-09-16 2015-01-14 马洁韵 一种移动安全支付系统和安全支付方法
CN105117904A (zh) * 2014-11-17 2015-12-02 中兴通讯股份有限公司 移动终端支付交易的方法、移动终端、服务提供商及系统
CN104680374A (zh) * 2014-12-23 2015-06-03 东莞职业技术学院 基于pki安全体系的uim卡智能终端支付方法
CN107111729A (zh) * 2015-11-03 2017-08-29 国民技术股份有限公司 通信卡网银key及其工作方法
CN106570697B (zh) * 2016-10-31 2020-01-10 北京小米移动软件有限公司 移动终端支付验证方法及装置以及安全认证工具
JP7158830B2 (ja) 2017-06-08 2022-10-24 キヤノン株式会社 情報処理装置、情報処理装置の制御方法、及び、プログラム
CN110008682B (zh) * 2019-03-31 2020-12-29 西安邮电大学 一种基于pki更新不同类型存储介质中的数据的方法
CN111970120B (zh) * 2020-07-27 2024-03-26 山东华芯半导体有限公司 一种基于openssl的加密卡安全应用机制的实现方法
CN114650140A (zh) * 2020-12-21 2022-06-21 国民科技(深圳)有限公司 执行电子签名的移动终端、服务器和执行电子签名的方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1745519A (zh) * 2002-12-07 2006-03-08 健康乐园株式会社 具有ic卡结算功能的移动通信终端
KR20070092783A (ko) * 2006-03-09 2007-09-14 주식회사 아이캐시 개인용 디지털통신 단말기에서 집적회로카드를 이용한신용카드결제 방법 및 시스템
FR2898423A1 (fr) * 2006-03-07 2007-09-14 Jean Marc Liotier Procede securise de configuration d'un dispositif de generation de signature electronique.

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1516508A (zh) * 2003-01-08 2004-07-28 �δ��� 数字证书存储及使用新方法
CN100438409C (zh) * 2006-06-22 2008-11-26 北京飞天诚信科技有限公司 具有金融交易报文处理能力的智能卡及其工作方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1745519A (zh) * 2002-12-07 2006-03-08 健康乐园株式会社 具有ic卡结算功能的移动通信终端
FR2898423A1 (fr) * 2006-03-07 2007-09-14 Jean Marc Liotier Procede securise de configuration d'un dispositif de generation de signature electronique.
KR20070092783A (ko) * 2006-03-09 2007-09-14 주식회사 아이캐시 개인용 디지털통신 단말기에서 집적회로카드를 이용한신용카드결제 방법 및 시스템

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104050105A (zh) * 2013-03-11 2014-09-17 魏如隆 机敏资料加密演算储存装置
CN108921561A (zh) * 2018-08-27 2018-11-30 河南芯盾网安科技发展有限公司 一种基于硬件加密的数字热钱包
CN108921561B (zh) * 2018-08-27 2023-11-21 河南芯盾网安科技发展有限公司 一种基于硬件加密的数字热钱包

Also Published As

Publication number Publication date
CN101394615B (zh) 2012-10-17
CN101394615A (zh) 2009-03-25

Similar Documents

Publication Publication Date Title
WO2009039771A1 (fr) Terminal de paiement mobile et procédé de paiement basé sur la technologie pki
CN101916388B (zh) 智能sd卡及利用该智能sd进行移动支付的方法
EP1688859B1 (fr) Système d'authentification d' une application
KR100791432B1 (ko) 액세스 코드들의 세트를 사용자 디바이스에 제공하는 방법및 장치
JP4391375B2 (ja) 情報管理装置および方法、並びにプログラム
EP2158716B1 (fr) Liaison de licences de contenu à des dispositifs de stockage portables
EP2634703B1 (fr) Dispositif à mémoire amovible et système et procédé de traitement de données basés sur le dispositif
EP2218029B1 (fr) Authentification basée sur la carte à puce d'un téléphone mobile
WO2020192698A1 (fr) Procédés de sauvegarde sécurisée de données et de récupération sécurisée, et dispositif électronique
KR20160024185A (ko) SE(Secure element)를 이용한 암호화폐 관리 시스템 및 그 방법
WO2012031433A1 (fr) Système et procédé de paiement à distance basé sur un terminal mobile
US20070288387A1 (en) Method and apparatus for effecting the return of a rights management object
WO2006111626A2 (fr) Procédé et dispositif d'acces a une carte sim logée dans un terminal mobile
KR100411448B1 (ko) 공개키 기반구조의 개인키와 인증서를 저장하는 광학기록매체의 발급방법 및 발급시스템
CA2914956C (fr) Systeme et procede de chiffrement
EP2308014A1 (fr) Architectures et procédés de gestionnaire de services de confiance (tsm)
JP2017537421A (ja) 支払いトークンのセキュリティを確保する方法
CN103812649B (zh) 机卡接口的安全访问控制方法与系统、手机终端
EP1862948A1 (fr) Carte CI avec client OTP
WO2022078367A1 (fr) Procédé de chiffrement et de déchiffrement de clé secrète de paiement, procédé d'authentification de paiement et dispositif terminal
US20040243815A1 (en) System and method of distributing and controlling rights of digital content
WO2008080431A1 (fr) Système et procédé permettant d'obtenir des objets de droits sur des contenus et module sécurisé conçu pour leur implémentation
JP2001076059A (ja) 決済システム
WO2008154872A1 (fr) Terminal mobile, procédé et système pour télécharger des informations de carte de banque ou des informations d'application de paiement
JP6499369B1 (ja) オンラインサービス提供システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08800896

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08800896

Country of ref document: EP

Kind code of ref document: A1