WO2011035515A1 - Procédé et système d'identification pour paiement sans fil - Google Patents

Procédé et système d'identification pour paiement sans fil Download PDF

Info

Publication number
WO2011035515A1
WO2011035515A1 PCT/CN2009/075753 CN2009075753W WO2011035515A1 WO 2011035515 A1 WO2011035515 A1 WO 2011035515A1 CN 2009075753 W CN2009075753 W CN 2009075753W WO 2011035515 A1 WO2011035515 A1 WO 2011035515A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
identification code
paying party
payee
frequency band
Prior art date
Application number
PCT/CN2009/075753
Other languages
English (en)
Chinese (zh)
Inventor
张翌维
彭波
余运波
孙迎彤
Original Assignee
国民技术股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 国民技术股份有限公司 filed Critical 国民技术股份有限公司
Publication of WO2011035515A1 publication Critical patent/WO2011035515A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • G06Q20/3278RFID or NFC payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]

Definitions

  • the present invention relates to the field of communications, and in particular, to an authentication method and system for wireless payment. Background technique
  • the user identification module (Subscr iber Identity Model, SIM card) of the existing mobile communication technology is widely applied to mobile communication terminals.
  • various intelligent circuit modules are added to the SIM card body of ordinary mobile communication terminals by various methods, so that in addition to the basic SIM card function, the SIM card also adds other functions closer to life, the radio frequency.
  • the SIM card is one of the two.
  • the frequency of the radio frequency SIM card is generally 2. 4G.
  • the Chinese patent application with the application number of 200710124354. 7 discloses the related technical content of the radio frequency SIM card, and the radio frequency SIM card adopts the active radio frequency technology, so that the ordinary SIM card can have the wireless payment function such as the electronic wallet, or the consumer application function such as the access control. .
  • the wireless communication distance between the radio frequency SIM card and the radio frequency card reading device (such as the point of sale POS machine) must be controlled at a very high level.
  • a radio frequency SIM card is used as a public transportation charging IC card.
  • the radio frequency SIM card is usually installed in the mobile communication terminal, and is affected by the shielding effect of the mobile communication terminal.
  • the radio frequency transceiver power of the mobile communication terminal of different types is different. . Therefore, it must be different
  • the communication distance is within a suitable range.
  • the Chinese patent application No. 200810142182. 0 discloses a method and a communication system for controlling the communication distance of a radio frequency SIM card by means of tag identification, which has the advantage of utilizing a 13.56 MHz electronic tag attached to the mobile communication terminal.
  • the near-field characteristic is controlled by distance, and when the mobile communication terminal is confirmed to be close enough (generally less than 10 cm), the label is
  • the POS (Point Of Sa le, point of sale) machine can be electronically traded with the RF SIM card in the VHF VHF and above bands not limited to 2.4 GHz.
  • the ordinary electronic tag has a simple structure and only supports some encrypted ciphertext storing the user ID number or number
  • the illegal attacker may hold the forged tag, followed by the radio frequency.
  • the SIM card holder (within a few meters) performs a seemingly "legitimate" consumption on the authorized consumer terminal POS machine, causing the electronic wallet carried by the radio frequency SIM card to suffer significant economic losses. This is mainly due to the far-field characteristics of VHF VHF and higher-band signals, which have strong penetration and propagation capabilities, and are generally required to be transmitted to the outside of a mobile communication terminal for penetration through various media. Communication sensing distance.
  • the attacker can follow the RF SIM card holder, and once the holder reaches the 4 authorized consumer terminal POS machine, the fake tag is used to induce access in the HF band (such as 13.56 MHz). Then, the electronic cash is transferred to the P0S machine through the VHF VHF and above (such as 2.4 GHz), and the attacker can use this to pay and illegally obtain the goods.
  • the HF band such as 13.56 MHz
  • the electronic cash is transferred to the P0S machine through the VHF VHF and above (such as 2.4 GHz), and the attacker can use this to pay and illegally obtain the goods.
  • the technical problem to be solved by the present invention is to provide an authentication method and system for wireless payment, which eliminates security risks in the existing wireless payment technology.
  • the present invention proposes an authentication method for wireless payment, which includes the following steps:
  • the access device of the paying party performs the first identity authentication with the payee, and after the first identity authentication is passed, the payment is performed.
  • the access device of the party and the payee determine the first key, and the first frequency band is in the high frequency HF Frequency band
  • the accessing device of the paying party encrypts the first identification code and the second identification code of the paying party with the first key, and sends the wireless signal of the first frequency band to the paid Decrypting the first key with the first key to obtain a first identification code and a second identification code of the paying party;
  • the payee sends a broadcast through a wireless signal of a second frequency band
  • the content of the broadcast includes a first identification code of the payer
  • the transaction device of the payer receives the broadcast
  • the The first identification code included in the broadcast is compared with the first identification code of the self, and if the same, the response information is sent to the payee by the wireless signal of the second frequency band, and step (d), the second frequency band is performed.
  • VHF VHF, UHF UHF or UHF SHF bands
  • the transaction device of the payer performs a second identity authentication with the payee, and after the second identity authentication is passed, the transaction device of the payer and the payee determine a second key, the payee Transmitting, by the second key, the second identification code of the paying party to the transaction device of the paying party;
  • the transaction device of the payer decrypts the second identification code with the second key, compares it with its own second identification code, and if the same, performs a payment transaction with the payee.
  • the foregoing method may further have the following features, in the step (a) and the step (d), the first identity authentication and/or the second identity authentication adopt a symmetric key mode and an asymmetric key mode.
  • the first identity authentication and/or the second identity authentication adopt a symmetric key mode and an asymmetric key mode.
  • the foregoing method may further have the following feature.
  • the determining manner of the first key is one of the following four modes:
  • a symmetric key is stored in the access device and the payee of the paying party, and the two parties use the symmetric key as the first key;
  • a symmetric key is stored in the access device and the payee of the paying party, and the first key is obtained by deriving the symmetric key;
  • an asymmetric key pair is stored in the access device and the payee of the paying party, and the two parties respectively use one of the asymmetric key pairs as the first key;
  • the access device of the payer and the payee perform key agreement through an asymmetric key mechanism to obtain the first key.
  • the foregoing method may further have the following feature.
  • the asymmetric symmetric key mechanism is a Diffie-He l lman key exchange method implemented by using a large modulus power or an elliptic curve.
  • the above method may further have the following features: the first identification code of the payer and the easy device.
  • the foregoing method may further have the following feature, in the step (c), the first identifier of the paying party included in the broadcast content is a plaintext or a ciphertext, and when the ciphertext is ciphertext, the ciphertext
  • the key is a symmetric key or an asymmetric key.
  • the foregoing method may further have the following feature, in the step (d), the determining method of the second key is: the trusted party generates a random number R, and sends the encrypted transaction device to the paying party. The transaction device decrypts to obtain the random number R, and the random number R is the second key.
  • the present invention also provides an authentication system for wireless payment, including a payer and a payee, the payer includes an access device and a transaction device, and the payee includes a first read/write module. And a second read/write module, wherein:
  • the access device stores a first identification code and a second identification code of the paying party, and is configured to establish a connection with the first read/write module by using a wireless signal of the first frequency band; and then the first read
  • the writing module performs the first identity authentication; after the first identity authentication is passed, determining the first key, and encrypting the first identifier and the second identifier of the paying party by using the first key, a radio signal of a frequency band is sent to the first read/write module, and the first frequency band is in a high frequency HF frequency band;
  • the first read/write module is configured to perform first identity authentication with the access device. After the first identity authentication is passed, the first key is determined; and the access device is encrypted by using the first key. Obtaining, after decrypting, obtaining the first identification code and the second identification code of the paying party, and transmitting the first identification code and the second identification code to the second read/write module;
  • the second read/write module is configured to receive a first identification code and a second identification code of the paying party transmitted by the first read/write module, and send a broadcast by using a wireless signal of a second frequency band, where the broadcast content a first identification code including the paying party; performing a second identity authentication with the transaction device; after the second identity authentication is passed, determining a second key, using the second identification code of the paying party Transmitting the second key to the transaction device; performing a payment transaction with the transaction device; the second frequency band is in a VHF, UHF UHF or UHF SHF band;
  • the transaction device stores a first identification code and a second identification code of the paying party, and is configured to receive a broadcast sent by the second read/write module, obtain the first identification code included in the broadcast, and save the same with the self.
  • the first identification code is compared, and if the same, the wireless signal of the second frequency band is sent to the second read/write module, and then the second identity authentication is performed with the second read/write module.
  • After passing, determining the second key receiving the information encrypted by the second read/write module with the second key, decrypting to obtain the second identification code of the paying party, and comparing with the second identification code saved by itself And if the same, perform a payment transaction with the second read/write module.
  • the above method may further have the following feature: the paying party is a mobile communication terminal having a radio frequency SIM card, and the transaction device is a radio frequency SIM card of the mobile communication terminal.
  • the above method may further have the following feature, the access device being attached to the inside of the casing of the mobile communication terminal or outside the casing or the surface of the battery.
  • the foregoing method may further have the following feature: the access device is an independent entity, and a distance between the access device and the mobile communication terminal is kept within a set range.
  • the authentication method and system for wireless payment of the invention not only meets the requirements of wireless payment distance control, but also ensures information security of the wireless payment process, eliminates security risks, and avoids payment to the wireless The payer causes economic losses.
  • FIG. 1 is a flowchart of an authentication method for wireless payment according to the present invention
  • FIG. 2 is a structural diagram of an authentication system for wireless payment according to the present invention.
  • FIG. 3 is a schematic diagram of a configuration of a mobile communication terminal in an authentication system for wireless payment according to the present invention
  • FIG. 4 is a schematic diagram of application layer connections and mutual relationships of components of a mobile communication terminal in an authentication system for wireless payment according to the present invention
  • FIG. 5 is a schematic diagram of an interaction process in an authentication system for wireless payment according to the present invention. detailed description
  • the main idea of the present invention is to allow a mobile communication terminal and a POS machine when the distance between a mobile communication terminal (payer) having a radio frequency SIM card and a radio frequency card reading device (payee) such as a POS machine satisfies the distance control requirement.
  • Communication and communication first perform identity authentication and security authentication. After the mobile communication terminal confirms that the POS machine is a legitimate payee, the mobile communication terminal and the POS machine are allowed to perform wireless payment transactions.
  • the identity authentication technology is generally used to identify the identity of the item, and can distinguish the real information from the forged and tampered information, so that the communication parties can mutually trust each other's identity information, and then perform sensitive information communication or sensitive operations.
  • the invention sets the condition that the radio frequency SIM card performs electronic transaction, the POS machine determines the identity of the access device of the mobile communication terminal in the access frequency band, and then acquires the identification codes ID1 and ID2 of the radio frequency SIM card by using the encrypted link, and issues the ID1.
  • the POS machine In plaintext or ciphertext, only the radio frequency SIM card conforming to the identification code responds and performs mutual identity authentication and key agreement with the POS machine. Then the POS machine must send the encrypted ID2, and then allow the electronic to be performed according to a standardized process. transaction.
  • the authentication method for wireless payment of the present invention uses dual frequency band for authentication, user access by means of an access frequency band (not limited to the high frequency HF frequency band of 13.56 MHz), and by means of a transaction frequency band (not Limited to 2. 4GHz VHF, UHF UHF, very high frequency SHF band) for wireless payment information transmission.
  • an access frequency band not limited to the high frequency HF frequency band of 13.56 MHz
  • a transaction frequency band not Limited to 2. 4GHz VHF, UHF UHF, very high frequency SHF band
  • the authentication system for wireless payment of the present invention includes a mobile communication terminal (payer) and a POS machine (payee), wherein the mobile communication terminal carries an access device (working in the HF band) and a radio frequency SIM card (working at High frequency VHF and above).
  • the RF S IM card is used to load electronic money information.
  • the RF SIM card uses active RF technology to enable ordinary SIM cards to have mobile payment functions such as electronic wallets.
  • the RF SIM card can be electronically traded with the POS machine, and its communication uses VHF VHF and above. Since the wireless signals of the VHF and above frequency bands have good penetration and propagation, the RF SIM card is generally placed inside the mobile communication terminal, and the P0S machine can sense the RF at a long distance (1 to 5 meters). SIM card, if not using proximity sensing control will not be conducive to the security of electronic transactions.
  • the access device of the mobile communication terminal operates in the HF band. Because of the poor signal propagation in this band, the air signal can be sensed only at a short distance (generally within 10 cm). This feature is suitable for the transaction distance control of the radio frequency SIM card. . That is, only when the access device of the mobile communication terminal is close enough to the POS machine, the POS machine senses the access device of the mobile communication terminal, and at this time, the radio frequency SIM card on the terminal matching the access device can be controlled. Implement the transaction.
  • the access device of the mobile communication terminal can be attached to the outer casing of the mobile communication terminal or close to the outer casing, such as the battery surface of the mobile communication terminal,
  • the inside of the casing, the outside of the casing, or the access device of the mobile communication terminal may be an independent individual, and the distance between the access device and the mobile communication terminal is kept within a set range (the setting range should satisfy the access device and the POS machine)
  • the distance between the mobile communication terminal and the POS machine can be regarded as the distance between the mobile communication terminal and the POS machine.
  • the HF band not limited to 13.56 MHz is called the access band (ie, the first band); the VHF, UHF UHF, and very high frequency SHF bands not limited to 2.4 GHz are called the trading band. (ie the second frequency band).
  • the authentication method and system for wireless payment of the present invention will be described with a mobile communication terminal having a radio frequency SIM card representing a wireless payment payment party and a POS machine representing a wireless payment payment party.
  • the authentication method and system for wireless payment of the present invention are equally applicable to a payer other than a mobile communication terminal and a payee other than the POS machine.
  • the authentication method for wireless payment of the present invention includes the following steps:
  • Step 100 In the initial stage, before the mobile communication terminal is in communication with the POS machine, the access device of the mobile communication terminal is sensed by the POS machine in a short range (generally within 10 cm), and the sensing search is performed by accessing the frequency band.
  • Wireless signal In the initial stage, before the mobile communication terminal is in communication with the POS machine, the access device of the mobile communication terminal is sensed by the POS machine in a short range (generally within 10 cm), and the sensing search is performed by accessing the frequency band.
  • the mobile communication terminal used in the authentication method for wireless payment of the present invention not only has a radio frequency SIM card capable of performing a wireless payment function, but also sets a mobile terminal access device for identity authentication, and the access device has a cryptographic sense. Identity authentication, data encryption/decryption.
  • the reading and writing module works in the access frequency band, hereinafter referred to as a first reading and writing module, for determining whether the mobile communication terminal enters the access range at a close distance (the access range can be preset), and is used for
  • the mobile communication terminal access device performs identity authentication of the access frequency band, and further acquires an identification code of the radio frequency SIM card in the mobile communication terminal (hereinafter referred to as an identification code of the mobile communication terminal for simplicity).
  • the read/write module of the radio frequency SIM card of the terminal works in the transaction frequency band, and is hereinafter referred to as a second read/write module, which can be used after the mobile terminal access device provides the identification code of the mobile communication terminal, and the radio frequency
  • the SIM card performs secure electronic transactions in the VHF VHF and above.
  • Step 101 The access device (operating in the access frequency band) of the mobile communication terminal establishes a connection with the POS machine by using the wireless signal of the access frequency band;
  • Step 102 The access device of the mobile communication terminal and the POS machine perform identity authentication of the access frequency band, and confirm whether the identity of the two parties is legal. If the authentication is passed (ie, the identity of both parties is confirmed to be legal), the steps are performed.
  • the identity authentication of both parties can be performed by means of a true random number generator and a symmetric or asymmetric cryptosystem.
  • the identity authentication in this step can be one of the following two ways:
  • the first method includes the following steps:
  • Both sides A and B of the authentication have symmetric keys, and B sends the request authentication information to A: (12) A randomly generates a string Ra, which is returned to B;
  • (1 3) B encrypts the received string Ra with its own key, and generates a random string Rb, — and transmits it to A;
  • Mode 2 is based on the signature verification technology of asymmetric public key system, including signature verification technology based on RSA or elliptic curve.
  • Step 103 The access device of the mobile communication terminal and the POS machine determine the communication key of the access frequency band.
  • the generation mode of the communication key of the access frequency band may be one of the following four modes: (I) communication Both sides (here, the access device of the mobile communication terminal and the POS machine) have a symmetric cryptographic operation function, and the communication key is directly a symmetric key shared by both parties. Since symmetric encryption is used, the access device of the mobile communication terminal and the POS machine have The same communication key is the secret key, that is, the access device of the mobile communication terminal and the POS machine store a symmetric key, and the symmetric key is used as the communication key of the access frequency band;
  • Both sides of the communication have a symmetric cryptographic operation function, and the communication key is derived from the symmetric key shared by both parties, which is called a process key, and the process key is performed each time the identity authentication of step 102 is performed. Both change, but both parties guarantee that the same process key is used for symmetric encryption during communication.
  • the communication key of the incoming frequency band is derived by deriving the symmetric key;
  • Both sides of the communication have an asymmetric cryptographic operation function, the communication key is directly an asymmetric key pair, and the mobile communication terminal access device and the POS machine each have one, but the key pair is not public or private, and is not disclosed.
  • the secret key that is, the access device of the mobile communication terminal and the POS machine store an asymmetric key pair, and the two parties respectively use one of the asymmetric key pairs as the communication key of the access frequency band;
  • Both sides of the communication have an asymmetric cryptographic operation function, and the communication key is obtained by the two parties performing key agreement.
  • the key negotiation method adopts an asymmetric cryptographic method, and the method includes but is not limited to adopting a large modulus power or ellipse.
  • the Diff ie-Hel lman key exchange implemented by the curve, the key negotiation result is used as the communication key, and is the secret key, that is, the access device of the mobile communication terminal and the POS machine perform key negotiation through the asymmetric key mechanism to obtain the key access.
  • the communication key for the band is the secret key, that is, the access device of the mobile communication terminal and the POS machine perform key negotiation through the asymmetric key mechanism to obtain the key access.
  • Step 104 The access device of the mobile communication terminal performs the secure communication of the access frequency band with the POS machine, and the POS machine obtains the identification codes ID1 and ID2 of the mobile communication terminal, specifically, the access device of the mobile communication terminal is determined by the access device in step 103.
  • the communication key encrypts the identification codes ID1 and ID2, and then transmits the wireless signals of the access frequency band to the POS machine, and the POS machine decrypts the communication key determined in step 103 to obtain the identification codes ID1 and ID2 of the mobile communication terminal;
  • the identifier ID1 may be consistent with the identity code of the mobile communication terminal access device, or may be inconsistent.
  • the identification code of the mobile communication terminal is divided into two parts ID1 and ID2, and when the mobile communication terminal is issued, the radio frequency SIM card and the access device of the mobile communication terminal are simultaneously implanted for the two components (radio frequency SIM card and access)
  • the device is bound to an electronic consumer unit, and only when the radio frequency SIM card and the access device with the consistent identification code are close to the legitimate consumer terminal POS machine, the electronic transaction can be performed.
  • Step 105 The POS machine sends a broadcast containing the plaintext or ciphertext of the ID1 by using a wireless signal of the transaction frequency band;
  • the key may be a symmetric key or an asymmetric key pair on the radio frequency SIM card and the POS machine, and is the root key of the communication between the high frequency VHF and the above frequency band, and the key may be pre-positioned into the radio frequency SIM.
  • the card is determined by the POS machine or by key agreement.
  • Step 106 After receiving the broadcast, the radio frequency SIM card of the mobile communication terminal acquires the identification code ID1 in the broadcast, and then compares the identification code ID1 with the identification code ID1 saved in the self. If the same, the radio frequency SIM card is described. Legally, the radio frequency SIM card sends a response message to the POS machine through the wireless signal of the transaction frequency band, that is, the legal radio frequency SIM card responds to the broadcast, if not, the process returns to step 100;
  • radio frequency SIM cards in the broadcast range in step 105 are received and decrypted to obtain a radio frequency SIM card identification code ID1, but only the radio frequency SIM card having the identification code responds.
  • Step 107 The radio frequency SIM card of the mobile communication terminal and the POS machine perform identity authentication of the transaction frequency band to confirm whether the identity of the two parties is legal. If the authentication is passed (ie, the identity of both parties is confirmed to be legal), step 108 is performed, otherwise the alarm is returned to step 100;
  • Step 108 The radio frequency SIM card of the mobile communication terminal and the POS machine generate a process key, that is, a communication key of the transaction frequency band;
  • the communication key for the trading band can be generated by:
  • the RF SIM card decrypts the random number R as the process key.
  • the communication key of the transaction band can also be generated by other means.
  • Step 109 The transaction frequency band is prevented from being induced, and the POS machine sends the ID card to the radio frequency SIM card by using the process key encryption identification code ID2 generated in step 108.
  • the process key decrypted in step 108 is used to decrypt and obtain ID2, and then The ID2 saved in the self is compared, if it is the same, it is determined that the legally paired mobile terminal access device is close to the POS machine, and step 110 is performed; otherwise, the process returns to step 100;
  • Step 110 The radio frequency SIM card of the mobile communication terminal and the POS machine perform a legal electronic cash office Access to electronic transactions such as wireless payments.
  • the transaction key used in the electronic transaction process is independent of all keys in the security certification phase described above.
  • the present invention uses the mobile communication terminal access device (which is not limited to the 13.56 MHz HF band) with the identity authentication function to replace the electronic tag, so that the access process performs both identity authentication and identity recognition. And through the secure information exchange mechanism to combine the entire transaction process, so that the mobile communication terminal terminal access link and the electronic transaction link have the same level of security level, which effectively guarantees the information security of the wireless mobile payment system.
  • the present invention also proposes an authentication system for wireless payment for performing the above-described authentication method for wireless payment.
  • 2 is a structural diagram of an authentication system for wireless payment according to the present invention.
  • the authentication system for wireless payment of the present invention includes a mobile communication terminal 210 (payer) and an electronic consumer terminal POS machine 220 (payee)
  • the mobile communication terminal 210 includes an access device 211 (an access device of the payer) and a radio frequency SIM card 212 (a transaction device of the payer), and the POS machine 220 includes a first read/write module 221 and a second read/write module. 222 , where:
  • the access device 211 stores a first identification code ID1 and a second identification code ID2 of the mobile communication terminal 210 for establishing a connection with the first read/write module 221 by using a wireless signal of the access frequency band; and then with the first read/write module
  • the first identity authentication is performed.
  • the first key ie, the communication key of the access frequency band, the same below
  • the first identification code ID1 and the second identifier of the mobile communication terminal 210 are determined.
  • the code ID2 is encrypted by the first key
  • the wireless signal that is connected to the frequency band is sent to the first read/write module 221, and the access frequency band is a high frequency HF frequency band;
  • the first read/write module 221 is configured to perform first identity authentication with the access device 211. After the first identity authentication is passed, the first key is determined; and the information that the access device 211 encrypts with the first key is obtained, and decrypted.
  • the first identification code ID1 and the second identification code ID2 of the mobile communication terminal 210 are transmitted to the second read/write module 222;
  • the second read/write module 222 is configured to receive the first identification code ID1 and the second identification code ID2 of the mobile communication terminal 210 transmitted by the first read/write module 221, and send a broadcast by using a wireless signal of the transaction frequency band.
  • the content of the broadcast includes the first identification code ID1 of the mobile communication terminal 210; the second identity authentication is performed with the radio frequency SIM card 212; after the second identity authentication is passed, the second key (ie, the communication key of the aforementioned transaction band is determined, And the second identification code ID2 of the mobile communication terminal 210 is encrypted by the second key and sent to the radio frequency SIM card 212; the payment transaction is performed with the radio frequency SIM card 212; the transaction frequency band includes the VHF VHF, the UHF UHF , ultra-high frequency SHF band;
  • the radio frequency SIM card 212 stores the first identification code ID1 and the second identification code ID2 of the mobile communication terminal 210 for receiving the broadcast sent by the second read/write module 222, and obtaining the first identification code included in the broadcast, and ID1 and itself.
  • the saved first identification code ID1 is compared. If the same, the wireless signal of the transaction frequency band is sent to the second read/write module 222, and then the second identity verification module 222 performs the second identity authentication. After the second identity authentication is passed, the second identity authentication is performed.
  • Determining the second key receiving the information encrypted by the second read/write module 222 with the second key, decrypting and obtaining the second identification code ID2 of the mobile communication terminal 210, and comparing with the second identification code ID2 saved by itself, if The same is followed by a payment transaction with the second read/write module 222.
  • the access device 211 may be attached to the inside of the casing of the mobile communication terminal 210 or outside the casing or the surface of the battery, or may be an independent entity, connected to the casing of the mobile communication terminal 210 through a rope, or connected by a connection of various materials. Outside the communication terminal 210, the distance between the access device 211 and the mobile communication terminal 210 is maintained within the set range.
  • FIG. 3 is a schematic diagram of a configuration of a mobile communication terminal in an authentication system for wireless payment according to the present invention.
  • an access device 211 and a radio frequency SIM card 212 are configured in the mobile communication terminal 210.
  • the access device 211 is configured to access the communication and identity authentication of the frequency band
  • the radio frequency SIM card 212 is used for communication and identity authentication of the transaction frequency band.
  • FIG. 4 is a schematic diagram of application layer connection and mutual relationship of various components of a mobile communication terminal in an authentication system for wireless payment according to the present invention.
  • the radio frequency SIM card 212 is inside the mobile communication terminal 210, and the access device 211 is attached. Or a housing connected to the mobile communication terminal 210 or a shallow gap in the mobile communication terminal 210, and the radio frequency SIM card 212 bound to a mobile communication terminal 210
  • the access device 211 has the same identification code ID1 and ID2 and is implanted at the release stage.
  • FIG. 5 is a schematic diagram of an interaction process in an authentication system for wireless payment according to the present invention. As shown in FIG.
  • a short-range search an identity authentication (access band), and an identification code are performed between the POS machine 220 and the access device 211.
  • the POS machine 220 and the RF SIM card 212 perform processes such as remote distance search, identity authentication (transaction frequency band), anti-induction, and electronic transaction security interaction.
  • the first key, the second key determination manner, and the first identity authentication and the second identity authentication method are the same as the foregoing authentication method for wireless payment according to the present invention. , will not repeat them here.
  • the paying party in the present invention may not be limited to a mobile communication terminal, and may also be other devices having a wireless payment function, such as a personal digital assistant PDA having a wireless payment function.
  • the payee may not be limited to the POS. It can also be other devices with RF card reading function.
  • the authentication system for wireless payment of the present invention meets the requirements of wireless payment distance control, ensures information security of the wireless payment process, eliminates security risks, and avoids economic loss to the payment party of wireless payment.
  • the present invention replaces a simple electronic tag with a mobile communication terminal access device having a cryptographic operation capability, and can only make the POS machine and the radio frequency after the mobile communication terminal access device and the POS machine perform cryptographically significant identity authentication.
  • the SIM card is authenticated again, and then consumes, recharges, etc., and the whole process has a higher security level;
  • the RF SIM card uses two IDs of ID1 and ID2, where ID1 is used for the trading band.
  • ID1 is used for the trading band.
  • Wallet search which can be transmitted in plaintext or ciphertext mode; after the identity authentication of the POS machine and the radio frequency SIM card in the transaction frequency band is completed, the POS machine sends ID2 for the radio frequency SIM card to determine that the legally paired mobile communication terminal access device has been triggered.
  • the P0S machine is swiping, and the P0S machine is legal.
  • ID2 must be sent in cipher text mode, using process key encryption to ensure that the key of each transaction changes randomly, thus effectively avoiding the possibility that the legitimate POS machine is illegally modified to replay the radio frequency SIM card.
  • the authentication method of the present invention does not conflict with a standardized electronic transaction process, but is pre-processed before electronic transactions, and identity authentication or signature verification in electronic transactions can be directly transplanted;
  • the whole set of safety mechanism and safety system adopted by the invention not only brings security and safety consumer psychology to the users, but also promotes the continuous advancement and promotion of the dual-band wireless payment system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention porte sur un procédé d'identification pour paiement sans fil. Lorsque la distance entre le terminal de communication mobile (210) qui comporte une carte SIM à fréquence radio (212) et un dispositif de lecture de carte à fréquence radio tel qu'une machine de point de vente (220), etc., satisfait aux exigences de commande à distance, la communication entre le terminal de communication mobile (210) et la machine de point de vente (220) est permise. Premièrement, une authentification d'identification et une certification de sécurité sont exécutées durant la communication, après quoi il est vérifié que la machine de point de vente (220) est un terminal légal pour le paiement par le terminal de communication mobile (210), et la transaction de paiement sans fil entre le terminal de communication mobile (210) et la machine de point de vente (220) est autorisée.
PCT/CN2009/075753 2009-09-25 2009-12-21 Procédé et système d'identification pour paiement sans fil WO2011035515A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910307741.3 2009-09-25
CN200910307741.3A CN102034321B (zh) 2009-09-25 2009-09-25 一种用于无线支付的认证方法及系统

Publications (1)

Publication Number Publication Date
WO2011035515A1 true WO2011035515A1 (fr) 2011-03-31

Family

ID=43795311

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/075753 WO2011035515A1 (fr) 2009-09-25 2009-12-21 Procédé et système d'identification pour paiement sans fil

Country Status (2)

Country Link
CN (1) CN102034321B (fr)
WO (1) WO2011035515A1 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150583A (zh) * 2011-12-07 2013-06-12 国民技术股份有限公司 一种终端通信方法及系统
CN104955030A (zh) * 2014-03-31 2015-09-30 中国移动通信集团公司 一种手机收单的方法、装置及终端
EP2837104A4 (fr) * 2012-04-10 2015-12-16 Google Inc Détection d'un branchement de communication par le biais d'une surveillance de signaux
US10134025B2 (en) 2011-09-18 2018-11-20 Google Llc One-click offline buying

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103093541B (zh) * 2011-10-31 2016-04-20 国民技术股份有限公司 一种移动支付距离控制系统及方法
CN103136668A (zh) * 2011-11-28 2013-06-05 中兴通讯股份有限公司 终端支付方法、终端和支付平台
CN102542698B (zh) * 2011-12-27 2014-03-12 浙江省电力公司 一种电力移动缴费终端安全防护方法
CN102750790A (zh) * 2012-06-27 2012-10-24 福建联迪商用设备有限公司 无线pos位置监控的方法
CN103679931A (zh) * 2012-09-07 2014-03-26 中国移动通信集团贵州有限公司 一种射频信号传输电路、非接触式支付终端及支付方法
CN103686729B (zh) * 2013-12-05 2016-12-07 何文秀 一种用身份证进行自助注册的手机银行认证方法及系统
CN103927803B (zh) * 2014-04-21 2016-06-01 西南交通大学 基于有源射频识别的电动门锁控制系统
JP6432231B2 (ja) * 2014-09-11 2018-12-05 セイコーエプソン株式会社 無線通信の設定方法、無線通信システム、及び、記録装置
CN105681377B (zh) * 2014-11-19 2019-07-16 腾讯科技(深圳)有限公司 一种数据转移方法及相关设备、系统
CN105913583A (zh) * 2016-05-23 2016-08-31 北京孔方同鑫科技有限公司 一种基于身份核实且能为纸币除菌的自动交易系统
CN108429723B (zh) * 2017-02-15 2021-08-20 百度在线网络技术(北京)有限公司 访问控制方法和装置
CN108038995A (zh) * 2017-12-08 2018-05-15 四川安亮科技有限公司 用于金融身份验证的终端机
WO2019178828A1 (fr) * 2018-03-23 2019-09-26 深圳市大疆创新科技有限公司 Procédé, appareil et système de commande
CN109754241B (zh) * 2018-12-27 2022-02-22 恒宝股份有限公司 一种硬钱包及基于硬钱包的验证方法
CN110912686B (zh) * 2019-10-15 2023-05-05 福建联迪商用设备有限公司 一种安全通道的密钥的协商方法及系统

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2457263A1 (fr) * 2003-02-11 2004-08-11 Bahram Seyed Zahir Azami Systeme facilitant les transactions d'achat par reseau sans fil
WO2004104725A2 (fr) * 2003-05-20 2004-12-02 Ipdc, L.L.C. Procede de codage d'instructions jetables (dce) utilise dans des systemes d'information a des fins de securite et de protection de l'anonymat
CN1835007A (zh) * 2006-04-07 2006-09-20 浙江通普通信技术有限公司 基于移动通信网络的移动支付方法
CN101048790A (zh) * 2004-08-25 2007-10-03 Sk电信有限公司 利用移动通信终端的认证和支付系统及方法
CN101359383A (zh) * 2008-09-23 2009-02-04 中国移动通信集团广东有限公司 一种基于移动通信的非接触卡应用管理系统及管理方法
CN101458794A (zh) * 2007-12-10 2009-06-17 国际商业机器公司 增强支付安全性的系统及其方法以及支付中心

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101309142B (zh) * 2008-05-20 2011-08-10 郝志勤 同时支持近距离和远距离通信的系统及方法
CN101369365A (zh) * 2008-06-17 2009-02-18 王美金 基于内置证书和虚拟信用卡的手机的pos系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2457263A1 (fr) * 2003-02-11 2004-08-11 Bahram Seyed Zahir Azami Systeme facilitant les transactions d'achat par reseau sans fil
WO2004104725A2 (fr) * 2003-05-20 2004-12-02 Ipdc, L.L.C. Procede de codage d'instructions jetables (dce) utilise dans des systemes d'information a des fins de securite et de protection de l'anonymat
CN101048790A (zh) * 2004-08-25 2007-10-03 Sk电信有限公司 利用移动通信终端的认证和支付系统及方法
CN1835007A (zh) * 2006-04-07 2006-09-20 浙江通普通信技术有限公司 基于移动通信网络的移动支付方法
CN101458794A (zh) * 2007-12-10 2009-06-17 国际商业机器公司 增强支付安全性的系统及其方法以及支付中心
CN101359383A (zh) * 2008-09-23 2009-02-04 中国移动通信集团广东有限公司 一种基于移动通信的非接触卡应用管理系统及管理方法

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10134025B2 (en) 2011-09-18 2018-11-20 Google Llc One-click offline buying
CN103150583A (zh) * 2011-12-07 2013-06-12 国民技术股份有限公司 一种终端通信方法及系统
EP2837104A4 (fr) * 2012-04-10 2015-12-16 Google Inc Détection d'un branchement de communication par le biais d'une surveillance de signaux
CN104955030A (zh) * 2014-03-31 2015-09-30 中国移动通信集团公司 一种手机收单的方法、装置及终端

Also Published As

Publication number Publication date
CN102034321B (zh) 2013-01-30
CN102034321A (zh) 2011-04-27

Similar Documents

Publication Publication Date Title
WO2011035515A1 (fr) Procédé et système d'identification pour paiement sans fil
US11336642B2 (en) Self-authenticating chips
US8762742B2 (en) Security architecture for using host memory in the design of a secure element
CN103501191B (zh) 一种基于nfc近场通信技术的移动支付装置及其方法
US8826397B2 (en) Secure remote authentication through an untrusted network
US9589152B2 (en) System and method for sensitive data field hashing
WO2015161699A1 (fr) Procédé et système d'interaction de données sécurisés
US20130009756A1 (en) Verification using near field communications
TW201428529A (zh) 基於nfc的指紋認證系統及指紋認證方法
CN104951937A (zh) 一种移动设备之间的鉴权方法和鉴权系统
KR20060125835A (ko) 모바일 단말기를 이용하여 전자 트랜잭션을 수행하기 위한방법 및 시스템
US9792592B2 (en) Portable electronic device for exchanging values and method of using such a device
CN101859453A (zh) 一种基于短信的智能卡挂失方法及系统
WO2011050549A1 (fr) Procédé et système pour authentifier un paiement sans fil à double bande sur la base d'un acheminement transparent
WO2008154872A1 (fr) Terminal mobile, procédé et système pour télécharger des informations de carte de banque ou des informations d'application de paiement
US8290870B2 (en) Method and device for exchanging values between personal portable electronic entities
CN107545431A (zh) 交易授权方法和系统以及交易方法和系统
US10810296B2 (en) Communication apparatus, communication method, and communication system
JP4729187B2 (ja) カード管理システムの使用方法、カードホルダ、カード、カード管理システム
Fu et al. Scheme and secure protocol of mobile payment based on RFID
CN107545432A (zh) 交易授权方法和系统以及交易方法和系统
KR20160137802A (ko) 비접촉 매체 연동 기반 서버형 일회용코드를 이용한 거래 연동 인증 방법
KR20150055196A (ko) 거래정보와 서버 측 난수코드를 이용한 거래 인증 방법

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09849701

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 31/07/2012)

122 Ep: pct application non-entry in european phase

Ref document number: 09849701

Country of ref document: EP

Kind code of ref document: A1