WO2012113189A1 - Mobile payment system, mobile terminal and method for realizing mobile payment service - Google Patents

Mobile payment system, mobile terminal and method for realizing mobile payment service Download PDF

Info

Publication number
WO2012113189A1
WO2012113189A1 PCT/CN2011/075959 CN2011075959W WO2012113189A1 WO 2012113189 A1 WO2012113189 A1 WO 2012113189A1 CN 2011075959 W CN2011075959 W CN 2011075959W WO 2012113189 A1 WO2012113189 A1 WO 2012113189A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
mobile payment
mobile
mobile terminal
terminal
Prior art date
Application number
PCT/CN2011/075959
Other languages
French (fr)
Chinese (zh)
Inventor
梁国和
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012113189A1 publication Critical patent/WO2012113189A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • G06Q20/108Remote banking, e.g. home banking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/60Subscription-based services using application servers or record carriers, e.g. SIM application toolkits

Definitions

  • the present invention relates to the field of communications, and in particular to a mobile payment system, a mobile terminal, and a method for implementing a mobile payment service.
  • Mobile payment refers to a commercial transaction conducted by a transaction partner through a mobile phone, a PDA (Personal Digital Assistant) or the like for a certain commodity or service.
  • Mobile payment is a way to allow users to use the terminal (usually a mobile phone) to pay for the goods or services they consume. Users can recharge, shop online, bet on lottery, etc. at any time, anywhere, and at will.
  • Mobile payment services can be divided into remote payment and on-site payment.
  • Remote payment refers to the long-distance payment behavior of users based on terminals and mobile communication networks through web pages, SMS, STK (SIM TOOL KIT, User Identification Application Development Tools). Such as: Internet shopping, game lottery, utility payment, etc.
  • On-site payment refers to the user's use of the built-in payment account terminal.
  • the service type of the payment transaction such as NFC, is completed by means of a "swipe card”.
  • NFC Near Field Communication, Near Field Communication
  • Mobile payment terminals are one of the trends in the future. The advantage is that it can be paid anywhere, anytime, securely, reliably, and conveniently.
  • the mobile payment value chain is complex, including operators, payment service providers (such as banks, UnionPay, etc.), application providers (bus, campus, public utilities, etc.), equipment providers (terminal manufacturers, card suppliers). , chip providers, etc.), system integrators, merchants and end users, payment services vary, the interests of all parties are different; the operating systems supported by the terminal are diverse, including Symbian, Linux, Windows mobile,
  • a primary object of the present invention is to provide a method for implementing a mobile payment system, a mobile terminal, and a mobile payment service, so as to at least solve the above-mentioned problem that the payment service is complicated due to the differentiation of the mobile terminal.
  • a mobile payment system comprising: a mobile payment server and a mobile terminal; wherein the mobile terminal comprises: a virtual desktop control module configured to send a connection request to a mobile payment server through a remote control protocol, And providing identity information to the mobile payment server through the remote control protocol, and presenting the mobile payment service according to the control of the mobile payment server, and feeding back the transaction operation information of the user to the mobile payment server; the virtual drive control module is configured to drive and control the virtual desktop control The module presents hardware required for the current service; the mobile payment module is configured to complete the mobile payment service according to the control of the mobile payment server; the virtual desktop control module; the mobile payment server includes: an authentication module, configured to receive a connection request of the mobile terminal, according to The identity information provided by the mobile terminal authenticates the identity of the mobile terminal; the mobile payment platform module is configured to establish a virtual machine for the mobile terminal after the mobile terminal passes the authentication of the authentication module, VM control over mobile payment services presented on the mobile terminal, and execute the current business transaction in
  • the mobile payment platform module includes: a storage unit configured to store hardware function information of the mobile terminal; a service encryption unit configured to generate a service plus password stream according to the hardware function information stored by the storage unit, and encrypt the current service by using the service plus password stream, And sending the encrypted current service to the mobile terminal;
  • the virtual desktop control module includes: a service decryption unit, configured to generate a service decryption flow according to the hardware function information of the mobile terminal, and decrypt the received current service by using the service decryption stream, and present The current business after decryption.
  • the service encryption unit includes: a service plus password stream generation subunit, configured to generate a service plus password stream in a picture or video format according to the hardware function information stored by the storage unit; the service decryption unit includes: a service decryption stream generation subunit, Set the hardware function information of the mobile terminal to generate a service decryption stream in a picture or video format.
  • the system further includes: an acceptance terminal and an acceptance terminal management device; the mobile terminal further includes: a near field communication module configured to perform mobile payment service communication with the acceptance terminal to complete an on-site payment service; the acceptance terminal is set to be managed through the acceptance terminal
  • the device uploads the transaction operation information of the on-site payment service to the mobile payment platform module of the mobile payment server; and accepts the terminal management device, and sets the transaction operation information of the on-site payment service between the receiving terminal and the mobile payment server.
  • a mobile terminal including: a virtual desktop control module configured to send a connection request to a mobile payment server through a remote control protocol, and provide identity information to a mobile payment server through a remote control protocol, and according to a mobile payment server control Presenting a mobile payment service, and feeding back the transaction operation information of the user to the mobile payment server; the virtual drive control module is configured to drive and control the virtual desktop control module to present hardware required for the current service; and the mobile payment module is set to be based on the mobile payment server Control completes the mobile payment service.
  • the virtual desktop control module includes: a service decryption unit, configured to generate a service decryption stream according to hardware function information of the mobile terminal when the current service received is encrypted by using the service encryption stream, and decrypt the traffic using the service decryption stream The current service received presents the decrypted current service; wherein the service plus password stream is generated by the mobile payment server according to the hardware function information of the mobile terminal.
  • the service decryption unit includes: a service decryption stream generation subunit, configured to generate a service or password stream in a picture or video format by hardware function information of the mobile terminal.
  • the mobile terminal further includes: a near field communication module configured to perform mobile payment service communication with the receiving terminal to complete the on-site payment service.
  • a method for implementing a mobile payment service including: a mobile terminal sends a connection request to a mobile payment server by using a remote control protocol; and after receiving the connection request, the mobile payment server acquires identity information of the mobile terminal. And authenticating the identity of the mobile terminal according to the identity information, after the authentication is passed, establishing a virtual machine for the mobile terminal, and controlling the mobile payment service to be presented on the mobile terminal by using the virtual machine; the mobile terminal receiving the transaction operation information of the user, and paying to the mobile terminal The server feeds back the transaction operation information; the mobile payment server performs the current service according to the transaction operation information, and performs account management on the current service.
  • the mobile payment server controls the mobile payment service to be presented on the mobile terminal by using the virtual machine.
  • the mobile payment server generates a service plus password stream according to the stored hardware function information of the mobile terminal, and uses the service plus password stream to encrypt the current service, and the encrypted service is encrypted.
  • the current service is sent to the mobile terminal.
  • the mobile terminal After receiving the current service, the mobile terminal generates a service decryption stream according to its own hardware function information, and uses the service decryption stream to decrypt the current service and present the decrypted current service.
  • the service encryption password stream and the service decryption password stream are both picture or video formats.
  • the mobile payment server is used to establish a virtual machine for the mobile terminal, and the running procedure of the mobile payment service is set on the mobile payment server, thereby solving the problem that the payment service is complicated due to the differentiation of the mobile terminal, regardless of the mobile terminal.
  • What type is it, as long as it has basic display and The communication interface can realize various mobile payment services, and the deployment of the mobile payment service is simple, and the customer experience satisfaction is improved.
  • FIG. 1 is a block diagram showing the structure of a mobile payment system according to a first embodiment of the present invention
  • FIG. 2 is a block diagram showing the structure of a mobile payment system according to a second embodiment of the present invention
  • Figure 4 is a block diagram showing the structure of another mobile payment system according to Embodiment 3 of the present invention
  • Figure 5 is a block diagram showing the structure of a mobile terminal according to Embodiment 4 of the present invention
  • Figure 6 is a block diagram of the mobile terminal according to Embodiment 4 of the present invention
  • the mobile payment service is performed based on the virtualization technology, and the mobile payment application running environment is transferred from the terminal side to the server side.
  • the terminal only needs to support common functions such as virtual desktop program, virtual drive control and mobile payment, and can support various payment services deployed on the server side.
  • an embodiment of the present invention provides a mobile payment system, a mobile terminal, and a method for implementing a mobile payment service.
  • Embodiment 1 This embodiment provides a mobile payment system. Referring to FIG. 1, the system includes a mobile payment server 10 and a mobile terminal 20.
  • the mobile terminal 20 includes: a virtual desktop control module 202, a virtual drive control module 204, and a mobile device.
  • Payment module 206 the functions of each module are as follows:
  • the virtual desktop control module 202 is configured to send a connection request to the mobile payment server 10 through the remote control protocol, and provide identity information to the mobile payment server 10 through the remote control protocol, and present the mobile payment service according to the control of the mobile payment server 10, to the mobile
  • the payment server 10 feeds back the transaction operation information of the user.
  • the identity information of the mobile terminal in this embodiment may be the login account and password of the mobile terminal user, and is used to authenticate the identity of the user.
  • the virtual desktop control module 202 presents the mobile payment.
  • the manner of the service may be various, for example, the mobile payment service is presented by voice, or the mobile payment service is displayed in the form of a picture or a text, and the mobile payment service may also be played by video; the virtual drive control module 204 and the virtual desktop control module 202 Connected, configured to drive and control the virtual desktop control module 202 to present hardware required for the current service; the hardware may be an LCD (Liquid Crystal Display), or other hardware; the mobile payment module 206, and the virtual desktop
  • the module 202 is connected to be configured to complete the mobile payment service according to the control of the mobile payment server.
  • the mobile payment server 10 includes: an authentication module 102, a mobile payment platform module 104 and an account platform module 106.
  • each module The functions of each module are as follows: the authentication module 102, setting To receive the connection request of the mobile terminal 20, the identity of the mobile terminal 20 is authenticated according to the identity information provided by the mobile terminal 20; the authentication module 102 may be specifically a security authentication management center, and centrally authenticate each terminal user;
  • the module 104 is connected to the authentication module 102, and is configured to establish a virtual machine for the mobile terminal 20 after being authenticated by the authentication module 102, and the mobile payment service is controlled by the virtual machine to be presented on the mobile terminal 20, and according to the mobile terminal 20
  • the feedback transaction operation information executes the current service;
  • the account platform module 106 is connected to the mobile payment platform module 104 and configured to perform account management on the current service performed by the mobile payment platform module 104.
  • the mobile terminal 20 of the present embodiment includes the above-described mobile payment function in addition to the mobile communication function.
  • the mobile payment platform module 104 of this embodiment provides a virtual machine for each mobile terminal, and sets a resource pool and a virtual device. Each virtual machine runs a mobile terminal instance, and the mobile payment service runs on the hosted virtual machine, and the virtual machine controls the mobile terminal through the remote control protocol.
  • Virtualization technologies currently include monthly server virtualization, application virtualization, and desktop virtualization. At present, technologies such as network virtualization and video card virtualization are rapidly developing. For physical devices supporting virtualization technology, it is easy to implement IAAS (Infrastructure As Service) to realize cloud computing.
  • IAAS Infrastructure As Service
  • the mobile payment server of the embodiment sets the running program of the mobile payment service on the mobile payment server by setting up the virtual machine for the mobile terminal, and solves the payment service realization caused by the difference of the mobile terminal (for example, the operating system is different).
  • Complex problem no matter what type of mobile terminal, as long as it has basic display and communication interface functions, it can realize various mobile payment services.
  • the software upgrade of mobile payment service in this mode only needs mobile payment.
  • the server operates, is simple to implement, and improves customer experience satisfaction. Considering that the security mechanism in the related mobile payment technology still faces Trojan hijacking and phishing or man-in-the-middle attacks, such as digital certificate or dynamic token two-factor authentication, there is still a security risk. Therefore, this embodiment uses the associated hardware associated with the mobile terminal hardware.
  • the mobile payment platform module 104 includes: a storage unit and a service encryption unit, wherein: the storage unit is configured to store hardware function information of the mobile terminal 20; wherein the hardware function information may include: LCD size, resolution, Codec ( Codec) Supports information such as codec format;
  • the mobile payment server can obtain the hardware function information of each mobile terminal offline, for example, when the mobile user signs the mobile payment service with the operator, or obtains through other secure channels.
  • the hardware function information of the mobile terminal; the service encryption unit is connected to the storage unit, and is configured to generate a service plus password stream according to the hardware function information stored by the storage unit, and encrypt the current service by using the service plus password stream, ⁇ !
  • the encrypted current service is sent to the mobile terminal 20;
  • the virtual desktop control module 202 includes: a service decryption unit, configured to generate a service decryption stream by using the hardware function information of the mobile terminal 20, and decrypt the received current service by using the service decryption stream. , presenting the decrypted current business.
  • the service encryption unit includes: a service plus password stream generation subunit, configured to generate a service or password stream in a picture or video format by hardware function information stored in the storage unit;
  • the service decryption unit includes: a service decryption stream generation subunit,
  • the hardware function information of the mobile terminal 20 is set to generate a service decryption stream in a picture or video format.
  • the mobile payment platform module 104 retains hardware function information of the mobile terminal through the storage unit, such as
  • the payment platform module 104 transmits the transaction information and the user information to the end user through the securely encrypted video or picture through the virtual desktop technology. Because each terminal has different presentation (eg, display) and different image/video processing, it becomes impossible to attack by phishing or man-in-the-middle. Even if the malicious terminal intercepts the current service, because it does not have the hardware function information of the real mobile terminal, the malicious terminal cannot decrypt the service information. At this time, the displayed content will be garbled, so that the malicious user cannot complete the information.
  • Embodiment 2 This embodiment provides a mobile payment system, which includes the mobile terminal and the mobile payment server shown in Embodiment 1.
  • the mobile terminal includes a virtual desktop control module 202 and a virtual drive control module 204.
  • the mobile payment module 206 the functions of the modules are basically the same as those in the first embodiment, except that the mobile payment module 206 further includes: a security unit 262, which is a mobile banking that can support remote payment, or can be supported. Pay NFC on site, such as SIM (User Identification Card) for security unit.
  • SIM User Identification Card
  • the virtual desktop control module 202 of this embodiment is provided with a virtual desktop program, and the program communicates with the server (ie, the mobile payment server 10 described above) through a remote control protocol.
  • the authentication and security control is performed by the authentication module 102 on the server, and the virtual drive control is performed according to the mobile payment service requirement, and the service is presented on the mobile terminal 20.
  • the mobile terminal 20 of the present embodiment supports virtual drive control.
  • the virtual machine can operate the virtual audio and video device and the I/O (input/output) interface through the remote control protocol.
  • the virtual desktop program is rendered.
  • the virtual drive control module includes communication module control such as 2G/3G, WiFi, and hardware drivers such as a button/touch screen, LCD, Audio, and camera; and also includes driving control of the mobile payment module 206.
  • the above remote control protocol is a communication protocol between the mobile terminal and the server, and the remote control protocol on the general-purpose PC can be transplanted to the mobile terminal, such as a VDI (Virtual Desktop Infrastructure) protocol.
  • VDI Virtual Desktop Infrastructure
  • the server payment application can be presented on the terminal side through the wireless link, that is, the desktop virtualization control is implemented; the wireless link can be completed by wireless communication methods such as 2G/3G cellular network and WiFi. Through this embodiment, various types of payment services can be easily deployed.
  • the mobile terminal only needs to provide a universal button/touch screen, LCD, and mobile payment module to support various payment services; avoid adding security modules or terminals because of different payment services.
  • the mobile payment server 10 of this embodiment includes: an authentication module 102 (which may also be a security authentication management center;), a mobile payment platform module 104, and an account platform module 106. Functions and embodiments of each module
  • the mobile terminal generally has a security unit, which can be used as a physical card for a password card, a digital certificate, etc., and thus can be based on a unified security authentication of the security unit. Since the payment application runs on the server, the mobile terminal 20 can present the image or video on the mobile terminal through the remote communication protocol, so the secure logic path based on the image/video encryption technology can be established between the payment platform and the mobile terminal. , Data transmission protection through image/video encryption technology.
  • the hardware function information of each mobile terminal 20, such as LCD size, resolution, Codec (codec) supporting codec format and the like, are retained in the mobile payment platform module 104 of the server.
  • the mobile payment platform delivers transaction information and user information to the end user through securely encrypted video or pictures through virtual desktop technology. Because each terminal displays differently and the image/video processing is different, it effectively prevents the attack of the phishing or middleman.
  • the mobile payment platform module 104 is an operation platform for performing payment services such as consumption, recharge, transfer/remittance, inquiry, etc. Through this platform, management of the end user and the payment application can be realized, and the payment application platform and other application-related platforms can be realized. Interface, this platform will have significant differences depending on the payment application scenario.
  • the account platform module 106 is responsible for centralized management of the terminal payment service system account; provides centralized clearing and settlement functions; is responsible for managing customer payment service accounts and account security information; and has a transaction risk control mechanism, a quota control function, and a parameter configuration function. Since each terminal corresponds to one virtual machine on the mobile payment platform, there will be a large number of virtual machines, and different virtual machines can load different mobile payment applications, such as bus cards and 4 line cards. So you can use the cloud computing platform to provide computing and storage resources for virtual machines. Applying the system provided in this embodiment, the method for implementing the remote mobile payment service is as follows: 1) Before the end user uses the mobile payment, the terminal user signs a contract with the operator to obtain the identity authentication security product. Such as a password card, a digital certificate, etc. carried on a security chip on the terminal. Security products here include SIM/SD cards, as well as external USB keys.
  • the mobile terminal accesses the server through the remote control protocol (ie, the mobile payment server), the terminal user inputs the login account and password to perform user identity authentication. 3) After the authentication is passed, the mobile payment platform module creates a virtual machine for the terminal user, and presents the mobile payment service on the mobile terminal through the virtual desktop technology.
  • the remote control protocol ie, the mobile payment server
  • This embodiment uses a general digital certificate in which a PKI (Public Key Infrastructure) is implemented in a security chip.
  • Digital certificates are based on the public key infrastructure KPI system, including digital encryption, digital signatures, non-repudiation, data integrity and identity authentication.
  • the interaction information between the mobile terminal and the server is divided into two types according to content, one is based on image or video information, and the other is common signaling.
  • the information of the image or video can use an encryption key different from the signaling. It can also be combined with image/video encryption compression technology, such as the codec of the security unit 262 and the image/video accelerator hardware to achieve unique encryption mode for each end user.
  • the virtualization technology can provide different payment services according to the needs of the end user, and complete multi-application service management.
  • the new payment service can be supported by a simple application upgrade of the server, thereby greatly shortening the deployment time and promotion cost of the new service.
  • the mobile payment service runs on the mobile payment platform based on virtualization technology, which is separated from the security authentication management center and the account platform, which simplifies the authentication process, ensures the security of the system, and improves the deployment capability of the payment service.
  • Example 3 The mobile payment system provided by the above embodiments 1 and 2 is mainly for the remote mobile payment service.
  • the actual mobile payment service also includes the on-site payment service.
  • the mobile terminal can be equivalent to a bank card or a bus card.
  • the embodiment provides a mobile payment system.
  • the mobile payment system includes the mobile payment server 10 and the mobile terminal 20 shown in Embodiment 1.
  • the system further includes: the receiving terminal 30 and The receiving terminal management device 40;
  • the mobile terminal 20 further includes: a near field communication module 208 configured to perform mobile payment service communication with the receiving terminal 30 to complete an on-site payment service; and the receiving terminal 30 is configured to pay on-site payment through the acceptance terminal management device 40.
  • the transaction operation information of the service is uploaded to the mobile payment platform module of the mobile payment server 10;
  • the acceptance terminal 30 includes an electronic payment system side device such as a POS machine, a reader, and a gate, and the mobile terminal 20 communicates with the acceptance terminal 30 through the NFC antenna.
  • the terminal management device accepts the traditional terminal service and management functions, and uploads the transaction operation information to the mobile payment platform module.
  • the reception terminal management device 40 is provided to transfer transaction operation information of the on-site payment service between the acceptance terminal 30 and the mobile payment server 10.
  • the mobile payment module 206 in the mobile terminal 20 can be deleted, and the near field communication module 208 is directly connected to the virtual desktop control module 202.
  • the near field communication module 208 may include a security unit (for example, a SIM card;), an NFC CLF (NFC radio frequency front end), and an NFC antenna.
  • a security unit for example, a SIM card;
  • NFC CLF NFC radio frequency front end
  • NFC antenna an NFC antenna.
  • the system structure of this mode is as shown in FIG. 4, and the specific functions are the same as above. No longer.
  • the mobile terminal of this embodiment communicates with the mobile payment server through a remote control protocol, which may be a remote control protocol on a general-purpose PC, such as a VDI protocol.
  • the desktop of the application server can be restored to the mobile terminal side through the wireless link, that is, the desktop virtual control is realized; the specific communication uses the wireless mode such as 2G/3G cellular network and WiFi.
  • the mobile terminal accesses the mobile payment server and needs to undergo security authentication.
  • the security authentication management center ie, the authentication module
  • the security authentication management center completes unified authentication and security management, provides user identity authentication and authorization, and ensures confidentiality of transaction data transmission. Sex and authenticity, guarantee the integrity of the transmission of transaction data in the mobile network and the non-repudiation of the transaction.
  • the implementation method of the NFC transaction is as follows: 1) Before the mobile terminal user uses mobile payment, sign the contract with the operator to obtain the identity authentication security product. Such as a password card, a digital certificate, etc. carried on a security chip on the mobile terminal.
  • the security product here is a SIM card or an SD card.
  • the mobile payment platform launches the corresponding payment application for the end user.
  • the end user selects the transaction item, and needs to be further authenticated by the digital certificate because of the funds and accounts involved, wherein the PKI is implemented in the security chip.
  • the terminal user information, the transaction information, and the confirmation code present the mobile payment service on the mobile terminal through virtual desktop technology.
  • the information is encrypted by image/video.
  • the hardware function information of the mobile terminal is introduced in the encryption technology.
  • the mobile terminal decodes the received information and displays it to the terminal user, and the content displayed by the user performs corresponding operations, for example: inputting a confirmation code through the mobile terminal.
  • the acceptance terminal management device After the mobile payment platform completes the business processing, the acceptance terminal management device notifies the acceptance terminal that the transaction is successful.
  • the on-site payment service in this embodiment is implemented based on the virtualization technology, and can provide different payment services according to the needs of the terminal user, and complete multi-application service management; the new payment service can be supported by the simple application upgrade of the server, thereby greatly shortening the new service. Deployment time and promotion costs.
  • the mobile payment service runs on the mobile payment platform based on virtualization technology, which is separated from the security authentication management center and the account platform, which simplifies the authentication process, ensures the security of the system, and improves the deployment capability of the payment service.
  • Embodiment 4 This embodiment provides a mobile terminal. Referring to FIG.
  • the mobile terminal includes: a virtual desktop control module 52 configured to send a connection request to a mobile payment server through a remote control protocol, and send a mobile payment through a remote control protocol.
  • the server provides identity information, as well as mobile
  • the control of the payment server presents the mobile payment service, and the user's transaction operation information is fed back to the mobile payment server.
  • the virtual desktop control module 52 can present the mobile payment service in various ways, such as presenting the mobile payment service by voice, or by using a picture or text.
  • the form displays the mobile payment service, and can also play the mobile payment service in a video manner;
  • the virtual drive control module 54 is connected to the virtual desktop control module 52, and is configured to drive and control the hardware required by the virtual desktop control module 52 to present the current service;
  • the mobile payment module 56 is connected to the virtual desktop control module 52 and configured to complete the mobile payment service according to the control of the mobile payment server.
  • the encryption and decryption technology used in this embodiment combines the hardware function information of the mobile terminal, wherein the hardware function information includes: LCD size, resolution, Codec (codec), support codec format Such information, such that the mobile payment server can implement a unique encryption method for each end user according to the information, such as adding/decrypting with the security chip and the image/video accelerator hardware. Because each terminal is displayed in a different way and the image/video processing is different, it becomes impossible to attack by phishing or man-in-the-middle. Even if the malicious terminal intercepts the current service, because it does not have the hardware function information of the real mobile terminal, the malicious terminal cannot decrypt the service information.
  • the hardware function information includes: LCD size, resolution, Codec (codec), support codec format
  • the virtual desktop control module 52 includes: a service decryption unit, configured to generate a service decryption stream according to hardware function information of the mobile terminal when the received current service is encrypted by using the service encryption stream, and use the service decryption code.
  • the stream decrypts the received current service and presents the decrypted current service.
  • the service decryption unit includes: a service decryption stream generation subunit, configured to generate a service or password stream in a picture or video format by hardware function information of the mobile terminal.
  • the mobile terminal of the present embodiment further includes: a near field communication module configured to perform mobile payment service communication with the acceptance terminal to complete the on-site payment service.
  • a near field communication module configured to perform mobile payment service communication with the acceptance terminal to complete the on-site payment service.
  • the running program of the mobile payment service of the embodiment is set on the mobile payment server, and solves the problem that the payment service is complicated due to the difference of the mobile terminal (for example, the operating system is different), regardless of the type of the mobile terminal. As long as it has basic display and communication interfaces, ie A variety of mobile payment services can be implemented.
  • the software upgrade of the mobile payment service in this mode only needs to operate on the mobile payment server, which is simple to implement and improves customer experience satisfaction.
  • Embodiment 5 This embodiment provides a method for implementing a mobile payment service. The method is described by using the system provided in Embodiment 1 or Embodiment 2. Referring to FIG. 6, the method includes the following steps: Step S602: The terminal sends a connection request to the mobile payment server through the remote control protocol. Step S604: After receiving the connection request, the mobile payment server acquires the identity information of the mobile terminal, and authenticates the identity of the mobile terminal according to the identity information. After the authentication is passed, the terminal is authenticated.
  • the mobile terminal establishes a virtual machine, and the mobile payment service is displayed on the mobile terminal by using the virtual machine; the mobile terminal can present the mobile payment service in various manners, for example, presenting the mobile payment service by voice, or displaying the mobile in the form of a picture or a text.
  • the payment service can also play the mobile payment service in a video manner; step S606, the mobile terminal receives the transaction operation information of the user, and feeds back the transaction operation information to the mobile payment server; Step S608, the mobile payment server performs the current service according to the transaction operation information, and For the current Services account management.
  • the mobile payment server controls the mobile payment service to be presented on the mobile terminal by using the virtual machine.
  • the mobile payment server generates a service plus password stream according to the stored hardware function information of the mobile terminal, and uses the service plus password stream to encrypt the current service, and the encrypted service is encrypted.
  • the current service is sent to the mobile terminal.
  • the mobile terminal After receiving the current service, the mobile terminal generates a service decryption stream according to its own hardware function information, and uses the service decryption stream to decrypt the current service and present the decrypted current service.
  • the above service plus password stream and service decryption stream are both picture or video formats.
  • the embodiment uses the encryption and decryption technology to combine the hardware function information of the mobile terminal, wherein the hardware function information includes: LCD size, resolution, Codec (codec) support codec format
  • the hardware function information includes: LCD size, resolution, Codec (codec) support codec format
  • codec codec
  • the mobile payment server of the embodiment sets the running program of the mobile payment service on the mobile payment server by setting up the virtual machine for the mobile terminal, and solves the payment service realization caused by the difference of the mobile terminal (for example, the operating system is different).
  • Complex problem no matter what type of mobile terminal, as long as it has basic display and communication interface functions, it can realize various mobile payment services.
  • the software upgrade of mobile payment service in this mode only needs mobile payment.
  • the server operates, is simple to implement, and improves customer experience satisfaction.
  • the embodiment of the present invention mainly uses the virtual machine technology to transfer the payment service program originally on the mobile terminal to the server side, so that the mobile terminal can have the basic display and communication interface as long as it has the basic display and communication interface.
  • a variety of mobile payment services are implemented.
  • the software upgrade of the mobile payment service in this mode only needs to operate on the mobile payment server, which is simple to implement and improves customer experience satisfaction.
  • the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • the computing device may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein.
  • the steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module.
  • the invention is not limited to any specific combination of hardware and software.
  • the above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Technology Law (AREA)
  • Marketing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A mobile payment system, a mobile terminal (20) and a method for realizing mobile payment service are provided. The system comprises a mobile payment server (10) and the mobile terminal (20), wherein the mobile terminal (20) comprises a virtual desktop control module (202), a virtual driving control module (204) and a mobile payment module (206); and the mobile payment server (10) comprises an authentication module (102), a mobile payment platform module (104) and an account platform module (106). The system solves the problem that the payment service is complicatedly realized due to mobile terminal difference, and various mobile payment services can be realized if only basic display and communication interfaces are provided no matter which type of mobile terminal is used. Deployment of the mobile payment service is easy to be realized, and customer experience satisfaction is enhanced.

Description

移动支付系统、 移动终端及移动支付业务的实现方法 技术领域 本发明涉及通信领域, 具体而言, 涉及一种移动支付系统、 移动终端及移 动支付业务的实现方法。 背景技术 移动支付是指交易双方为了某种商品或者业务通过手机、 PDA ( Personal Digital Assistant, 个人数字助理) 等终端进行的商业交易。 移动支付是允许用 户使用终端 (通常是手机) 对所消费的商品或业务进行账务支付的一种方式, 用户可以随时、 随地、 随意地进行充值缴费、 网上购物、 投注彩票等业务。 移动支付业务可分为远程支付和现场支付。 远程支付是指用户基于终端和 移动通信网络, 通过网页、 短信、 STK ( SIM TOOL KIT, 用户识别应用开发 工具) 等方式远距离完成支付行为。 如: 互联网购物、 游戏彩票、 公用事业缴 费等。 现场支付则是指用户使用内置支付账户终端, 在安装了支持该业务的 POS ( Point Of Sale, 销售终端)机的商家中, 通过形如"刷卡"的方式完成支付 交易的业务类型, 如 NFC ( Near Field Communication, 近场通信) 电子 4 包业 务。 随着 3G, WiFi, 移动互联网及智能终端的快速发展促使了移动支付的发 展。 终端尤其是手机是可以代表实名身份的信任工具, 移动支付终端是未来终 端发展的趋势之一。 其优势在于可以实现随时随地支付、 安全、 可靠、 便捷支 付等。 但也存在以下问题: 移动支付价值链复杂, 包括运营商、 支付服务商 (比如银行, 银联等)、 应用提供商 (公交、 校园、 公共事业等)、 设备提供商 (终端厂商, 卡供应商, 芯片提供商等)、 系统集成商、 商家和终端用户, 支付业务各异, 各方利益诉 求不同; 终端支持的操作系统多种多样, 包括 Symbian、 Linux, Windows mobile、 TECHNICAL FIELD The present invention relates to the field of communications, and in particular to a mobile payment system, a mobile terminal, and a method for implementing a mobile payment service. BACKGROUND OF THE INVENTION Mobile payment refers to a commercial transaction conducted by a transaction partner through a mobile phone, a PDA (Personal Digital Assistant) or the like for a certain commodity or service. Mobile payment is a way to allow users to use the terminal (usually a mobile phone) to pay for the goods or services they consume. Users can recharge, shop online, bet on lottery, etc. at any time, anywhere, and at will. Mobile payment services can be divided into remote payment and on-site payment. Remote payment refers to the long-distance payment behavior of users based on terminals and mobile communication networks through web pages, SMS, STK (SIM TOOL KIT, User Identification Application Development Tools). Such as: Internet shopping, game lottery, utility payment, etc. On-site payment refers to the user's use of the built-in payment account terminal. In the merchants that install the POS (Point Of Sale) machine that supports the service, the service type of the payment transaction, such as NFC, is completed by means of a "swipe card". ( Near Field Communication, Near Field Communication) Electronic 4 package business. With the rapid development of 3G, WiFi, mobile internet and smart terminals, the development of mobile payment has been promoted. Terminals, especially mobile phones, are trust tools that can represent real names. Mobile payment terminals are one of the trends in the future. The advantage is that it can be paid anywhere, anytime, securely, reliably, and conveniently. However, the following problems also exist: The mobile payment value chain is complex, including operators, payment service providers (such as banks, UnionPay, etc.), application providers (bus, campus, public utilities, etc.), equipment providers (terminal manufacturers, card suppliers). , chip providers, etc.), system integrators, merchants and end users, payment services vary, the interests of all parties are different; the operating systems supported by the terminal are diverse, including Symbian, Linux, Windows mobile,
BREW等, 业务支持差异艮大, 终端客户端软件面临适配多款终端问题, 导致 部署支付业务复杂化。 发明内容 本发明的主要目的在于提供一种移动支付系统、 移动终端及移动支付业务 的实现方法, 以至少解决上述因移动终端差异化导致的支付业务实现较复杂的 问题。 根据本发明的一个方面, 提供了一种移动支付系统, 包括: 移动支付服务 器和移动终端; 其中, 该移动终端包括: 虚拟桌面控制模块, 设置为通过远程 控制协议向移动支付服务器发送连接请求, 并通过远程控制协议向移动支付服 务器提供身份信息, 以及根据移动支付服务器的控制呈现移动支付业务, 并向 移动支付服务器反馈用户的交易操作信息; 虚拟驱动控制模块, 设置为驱动并 控制虚拟桌面控制模块呈现当前业务所需的硬件; 移动支付模块, 设置为根据 移动支付服务器的控制完成移动支付业务; 虚拟桌面控制模块; 该移动支付服 务器包括: 认证模块, 设置为接收移动终端的连接请求, 根据移动终端提供的 身份信息对移动终端的身份进行认证; 移动支付平台模块, 设置为移动终端通 过认证模块的认证后, 为移动终端建立虚拟机, 通过虚拟机控制移动支付业务 呈现在移动终端上, 并根据移动终端反馈的交易操作信息执行当前业务; 账户 平台模块, 设置为对移动支付平台模块执行的当前业务进行账户管理。 其中, 移动支付平台模块包括: 存储单元, 设置为存储移动终端的硬件功 能信息; 业务加密单元, 设置为根据存储单元存储的硬件功能信息生成业务加 密码流, 使用业务加密码流加密当前业务, 将加密后的当前业务发送给移动终 端; 上述虚拟桌面控制模块包括: 业务解密单元, 设置为根据移动终端的硬件 功能信息生成业务解密码流, 使用业务解密码流解密接收到的当前业务, 呈现 解密后的当前业务。 其中, 业务加密单元包括: 业务加密码流生成子单元, 设置为根据存储单 元存储的硬件功能信息生成图片或视频格式的业务加密码流; 上述业务解密单 元包括: 业务解密码流生成子单元, 设置为 居移动终端的硬件功能信息生成 图片或视频格式的业务解密码流。 其中, 该系统还包括: 受理终端和受理终端管理设备; 移动终端还包括: 近场通信模块,设置为与受理终端进行移动支付业务通信,完成现场支付业务; 受理终端, 设置为通过受理终端管理设备将现场支付业务的交易操作信息上传 至移动支付服务器的移动支付平台模块; 受理终端管理设备, 设置为转发受理 终端与移动支付服务器间的现场支付业务的交易操作信息。 根据本发明的另一 方面, 提供了一种移动终端, 包括: 虚拟桌面控制模块, 设置为通过远程控制 协议向移动支付服务器发送连接请求, 并通过远程控制协议向移动支付服务器 提供身份信息, 以及根据移动支付服务器的控制呈现移动支付业务, 并向移动 支付服务器反馈用户的交易操作信息; 虚拟驱动控制模块, 设置为驱动并控制 虚拟桌面控制模块呈现当前业务所需的硬件; 移动支付模块, 设置为根据移动 支付服务器的控制完成移动支付业务。 其中, 虚拟桌面控制模块包括: 业务解密单元, 设置为接收到的当前业务 为使用业务加密码流加密后的信息时, 根据移动终端的硬件功能信息生成业务 解密码流,使用业务解密码流解密接收到的当前业务,呈现解密后的当前业务; 其中, 业务加密码流是移动支付服务器根据移动终端的硬件功能信息生成的。 其中, 上述业务解密单元包括: 业务解密码流生成子单元, 设置为 居移 动终端的硬件功能信息生成图片或视频格式的业务解密码流。 其中, 该移动终端还包括: 近场通信模块, 设置为与受理终端进行移动支 付业务通信, 完成现场支付业务。 根据本发明的另一方面, 提供了一种移动支付业务的实现方法, 包括: 移 动终端通过远程控制协议向移动支付服务器发送连接请求; 移动支付服务器接 收到连接请求后, 获取移动终端的身份信息, 根据该身份信息对移动终端的身 份进行认证, 认证通过后, 为该移动终端建立虚拟机, 通过虚拟机控制移动支 付业务呈现在移动终端上; 移动终端接收用户的交易操作信息, 向移动支付服 务器反馈交易操作信息; 移动支付服务器根据交易操作信息执行当前业务, 并 对当前业务进行账户管理。 其中, 移动支付服务器通过虚拟机控制移动支付业务呈现在移动终端上包 括: 移动支付服务器根据存储的移动终端的硬件功能信息生成业务加密码流, 使用业务加密码流加密当前业务, 将加密后的当前业务发送给移动终端; 移动 终端接收到当前业务后, 根据自身的硬件功能信息生成业务解密码流, 使用业 务解密码流解密当前业务, 呈现解密后的当前业务。 其中, 上述业务加密码流和业务解密码流均为图片或视频格式。 通过本发明, 釆用移动支付服务器为移动终端建立虚拟机, 将移动支付业 务的运行程序设置在移动支付服务器上, 解决了因移动终端差异化导致的支付 业务实现较复杂的问题, 无论移动终端是哪种类型, 只要其具备基本的显示与 通信接口, 即可实现各种移动支付业务, 移动支付业务的部署实现简单, 提高 了客户体验满意度。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不 当限定。 在附图中: 图 1是 居本发明实施例 1的移动支付系统的结构框图; 图 2是 居本发明实施例 2的移动支付系统的结构框图; 图 3是 居本发明实施例 3的移动支付系统的结构框图; 图 4是 居本发明实施例 3的另一种移动支付系统的结构框图; 图 5是才艮据本发明实施例 4的移动终端的结构框图; 以及 图 6是根据本发明实施例 5的移动支付业务的实现方法流程图。 具体实施方式 下文中将参考附图并结合实施例来详细说明本发明。 需要说明的是, 在不 冲突的情况下, 本申请中的实施例及实施例中的特征可以相互组合。 本发明实施例基于虚拟化技术进行移动支付业务, 与终端客户端方式不 同, 本发明实施例将移动支付应用运行环境从终端侧转移到月艮务器侧。 而终端 只需要支持虚拟桌面程序、 虚拟驱动控制以及移动支付等通用功能, 就可以支 持部署在服务器侧上的各种支付业务。 基于此, 本发明实施例提供了一种移动 支付系统、 移动终端及移动支付业务的实现方法。 实施例 1 本实施例提供了一种移动支付系统, 参见图 1 , 该系统包括移动支付服务 器 10和移动终端 20; 其中, 移动终端 20包括: 虚拟桌面控制模块 202、 虚拟 驱动控制模块 204和移动支付模块 206; 各模块的功能如下: 虚拟桌面控制模块 202 ,设置为通过远程控制协议向移动支付服务器 10发 送连接请求, 并通过远程控制协议向移动支付服务器 10提供身份信息, 以及 根据移动支付服务器 10的控制呈现移动支付业务, 向移动支付服务器 10反馈 用户的交易操作信息; 其中, 本实施例的移动终端的身份信息可以为该移动终端用户的登陆账户 及密码, 用以对用户的身份进行认证; 虚拟桌面控制模块 202呈现移动支付业务的方式可以有多种, 例如以语音 方式呈现移动支付业务, 或者以图片或文字形式显示移动支付业务, 还可以以 视频方式播放移动支付业务; 虚拟驱动控制模块 204 , 与虚拟桌面控制模块 202相连, 设置为驱动并控 制虚拟桌面控制模块 202呈现当前业务所需的硬件;该硬件可以是 LCD( Liquid Crystal Display, 液晶显示), 也可以是其它硬件; 移动支付模块 206 , 与虚拟桌面控制模块 202相连, 设置为根据移动支付 服务器的控制完成移动支付业务; 移动支付服务器 10包括: 认证模块 102、 移动支付平台模块 104和账户平 台模块 106 , 各模块的功能如下: 认证模块 102 , 设置为接收移动终端 20的连接请求, 根据移动终端 20提 供的身份信息对移动终端 20的身份进行认证; 认证模块 102可以具体为安全认证管理中心, 集中对每个终端用户进行身 份认证; 移动支付平台模块 104 , 与认证模块 102相连, 设置为移动终端 20通过认 证模块 102的认证后, 为移动终端 20建立虚拟机, 通过该虚拟机控制移动支 付业务呈现在移动终端 20上, 并根据移动终端 20反馈的交易操作信息执行当 前业务; 账户平台模块 106 , 与移动支付平台模块 104相连, 设置为对移动支付平 台模块 104执行的当前业务进行账户管理。 本实施例的移动终端 20 除了具备移动通信功能外, 还具备上述移动支付 功能。 本实施例的移动支付平台模块 104为每个移动终端提供一个虚拟机, 并设 置资源池及虚拟设备。 每个虚拟机运行一个移动终端实例, 移动支付业务在托 管的虚拟机上运行, 通过远程控制协议完成虚拟机对移动终端的控制。 虚拟化技术当前主要包括月艮务器虚拟化、 应用虚拟化、 桌面虚拟化等。 目 前网络虚拟化, 显卡虚拟化等技术都在快速发展, 对于支持虚拟化技术的物理 设备, 将易于实现 IAAS ( Infrastructure As Service, 基础服务), 实现真正意义 的云计算。 本实施例的移动支付服务器通过为移动终端建立虚拟机, 将移动支付业务 的运行程序设置在移动支付服务器上, 解决了因移动终端差异化 (例如, 操作 系统存在差异)导致的支付业务实现较复杂的问题,无论移动终端是哪种类型 , 只要其具备基本的显示与通信接口等功能, 即可实现各种移动支付业务, 同时, 该方式下的移动支付业务的软件升级只需要对移动支付服务器进行操作, 实现 简单, 提高了客户体验满意度。 考虑到相关移动支付技术中的安全机制依然面临木马劫持和钓鱼或中间 人攻击, 如数字证书或动态令牌双因子认证仍有安全隐患, 因此, 本实施例釆 用与移动终端硬件相关联的加 /解密方法。基于此,移动支付平台模块 104包括: 存储单元和业务加密单元, 其中: 存储单元, 设置为存储移动终端 20 的硬件功能信息; 其中, 该硬件功能 信息可以包括: LCD大小, 分辨率, Codec (编解码器) 支持编解码格式等相 关信息; 移动支付服务器可以通过离线方式获取每个移动终端的硬件功能信息, 例 如, 在移动用户与运营商签约移动支付业务时获取, 或者通过其它安全通道获 取移动终端的硬件功能信息; 业务加密单元, 与存储单元相连, 设置为根据存储单元存储的硬件功能信 息生成业务加密码流, 使用该业务加密码流加密当前业务, ^!夺加密后的当前业 务发送给移动终端 20; 虚拟桌面控制模块 202 包括: 业务解密单元, 设置为 居移动终端 20的 硬件功能信息生成业务解密码流, 使用业务解密码流解密接收到的当前业务, 呈现解密后的当前业务。 优选地, 业务加密单元包括: 业务加密码流生成子单元, 设置为 居存储 单元存储的硬件功能信息生成图片或视频格式的业务加密码流; 业务解密单元包括: 业务解密码流生成子单元, 设置为 居移动终端 20 的硬件功能信息生成图片或视频格式的业务解密码流。 移动支付平台模块 104 通过存储单元保留移动终端的硬件功能信息, 如BREW, etc., the difference in service support is large, and the terminal client software is faced with a variety of terminal problems, which complicates the deployment payment service. SUMMARY OF THE INVENTION A primary object of the present invention is to provide a method for implementing a mobile payment system, a mobile terminal, and a mobile payment service, so as to at least solve the above-mentioned problem that the payment service is complicated due to the differentiation of the mobile terminal. According to an aspect of the present invention, a mobile payment system is provided, comprising: a mobile payment server and a mobile terminal; wherein the mobile terminal comprises: a virtual desktop control module configured to send a connection request to a mobile payment server through a remote control protocol, And providing identity information to the mobile payment server through the remote control protocol, and presenting the mobile payment service according to the control of the mobile payment server, and feeding back the transaction operation information of the user to the mobile payment server; the virtual drive control module is configured to drive and control the virtual desktop control The module presents hardware required for the current service; the mobile payment module is configured to complete the mobile payment service according to the control of the mobile payment server; the virtual desktop control module; the mobile payment server includes: an authentication module, configured to receive a connection request of the mobile terminal, according to The identity information provided by the mobile terminal authenticates the identity of the mobile terminal; the mobile payment platform module is configured to establish a virtual machine for the mobile terminal after the mobile terminal passes the authentication of the authentication module, VM control over mobile payment services presented on the mobile terminal, and execute the current business transaction in accordance with the operation information of the mobile terminal feedback; account platform module, set account management for the implementation of mobile payment platform module current business. The mobile payment platform module includes: a storage unit configured to store hardware function information of the mobile terminal; a service encryption unit configured to generate a service plus password stream according to the hardware function information stored by the storage unit, and encrypt the current service by using the service plus password stream, And sending the encrypted current service to the mobile terminal; the virtual desktop control module includes: a service decryption unit, configured to generate a service decryption flow according to the hardware function information of the mobile terminal, and decrypt the received current service by using the service decryption stream, and present The current business after decryption. The service encryption unit includes: a service plus password stream generation subunit, configured to generate a service plus password stream in a picture or video format according to the hardware function information stored by the storage unit; the service decryption unit includes: a service decryption stream generation subunit, Set the hardware function information of the mobile terminal to generate a service decryption stream in a picture or video format. The system further includes: an acceptance terminal and an acceptance terminal management device; the mobile terminal further includes: a near field communication module configured to perform mobile payment service communication with the acceptance terminal to complete an on-site payment service; the acceptance terminal is set to be managed through the acceptance terminal The device uploads the transaction operation information of the on-site payment service to the mobile payment platform module of the mobile payment server; and accepts the terminal management device, and sets the transaction operation information of the on-site payment service between the receiving terminal and the mobile payment server. Another according to the invention In a aspect, a mobile terminal is provided, including: a virtual desktop control module configured to send a connection request to a mobile payment server through a remote control protocol, and provide identity information to a mobile payment server through a remote control protocol, and according to a mobile payment server control Presenting a mobile payment service, and feeding back the transaction operation information of the user to the mobile payment server; the virtual drive control module is configured to drive and control the virtual desktop control module to present hardware required for the current service; and the mobile payment module is set to be based on the mobile payment server Control completes the mobile payment service. The virtual desktop control module includes: a service decryption unit, configured to generate a service decryption stream according to hardware function information of the mobile terminal when the current service received is encrypted by using the service encryption stream, and decrypt the traffic using the service decryption stream The current service received presents the decrypted current service; wherein the service plus password stream is generated by the mobile payment server according to the hardware function information of the mobile terminal. The service decryption unit includes: a service decryption stream generation subunit, configured to generate a service or password stream in a picture or video format by hardware function information of the mobile terminal. The mobile terminal further includes: a near field communication module configured to perform mobile payment service communication with the receiving terminal to complete the on-site payment service. According to another aspect of the present invention, a method for implementing a mobile payment service is provided, including: a mobile terminal sends a connection request to a mobile payment server by using a remote control protocol; and after receiving the connection request, the mobile payment server acquires identity information of the mobile terminal. And authenticating the identity of the mobile terminal according to the identity information, after the authentication is passed, establishing a virtual machine for the mobile terminal, and controlling the mobile payment service to be presented on the mobile terminal by using the virtual machine; the mobile terminal receiving the transaction operation information of the user, and paying to the mobile terminal The server feeds back the transaction operation information; the mobile payment server performs the current service according to the transaction operation information, and performs account management on the current service. The mobile payment server controls the mobile payment service to be presented on the mobile terminal by using the virtual machine. The mobile payment server generates a service plus password stream according to the stored hardware function information of the mobile terminal, and uses the service plus password stream to encrypt the current service, and the encrypted service is encrypted. The current service is sent to the mobile terminal. After receiving the current service, the mobile terminal generates a service decryption stream according to its own hardware function information, and uses the service decryption stream to decrypt the current service and present the decrypted current service. The service encryption password stream and the service decryption password stream are both picture or video formats. Through the invention, the mobile payment server is used to establish a virtual machine for the mobile terminal, and the running procedure of the mobile payment service is set on the mobile payment server, thereby solving the problem that the payment service is complicated due to the differentiation of the mobile terminal, regardless of the mobile terminal. What type is it, as long as it has basic display and The communication interface can realize various mobile payment services, and the deployment of the mobile payment service is simple, and the customer experience satisfaction is improved. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram showing the structure of a mobile payment system according to a first embodiment of the present invention; FIG. 2 is a block diagram showing the structure of a mobile payment system according to a second embodiment of the present invention; Figure 4 is a block diagram showing the structure of another mobile payment system according to Embodiment 3 of the present invention; Figure 5 is a block diagram showing the structure of a mobile terminal according to Embodiment 4 of the present invention; and Figure 6 is a block diagram of the mobile terminal according to Embodiment 4 of the present invention; A flowchart of a method for implementing a mobile payment service according to Embodiment 5 of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, the present invention will be described in detail with reference to the accompanying drawings. It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. In the embodiment of the present invention, the mobile payment service is performed based on the virtualization technology, and the mobile payment application running environment is transferred from the terminal side to the server side. The terminal only needs to support common functions such as virtual desktop program, virtual drive control and mobile payment, and can support various payment services deployed on the server side. Based on this, an embodiment of the present invention provides a mobile payment system, a mobile terminal, and a method for implementing a mobile payment service. Embodiment 1 This embodiment provides a mobile payment system. Referring to FIG. 1, the system includes a mobile payment server 10 and a mobile terminal 20. The mobile terminal 20 includes: a virtual desktop control module 202, a virtual drive control module 204, and a mobile device. Payment module 206; the functions of each module are as follows: The virtual desktop control module 202 is configured to send a connection request to the mobile payment server 10 through the remote control protocol, and provide identity information to the mobile payment server 10 through the remote control protocol, and present the mobile payment service according to the control of the mobile payment server 10, to the mobile The payment server 10 feeds back the transaction operation information of the user. The identity information of the mobile terminal in this embodiment may be the login account and password of the mobile terminal user, and is used to authenticate the identity of the user. The virtual desktop control module 202 presents the mobile payment. The manner of the service may be various, for example, the mobile payment service is presented by voice, or the mobile payment service is displayed in the form of a picture or a text, and the mobile payment service may also be played by video; the virtual drive control module 204 and the virtual desktop control module 202 Connected, configured to drive and control the virtual desktop control module 202 to present hardware required for the current service; the hardware may be an LCD (Liquid Crystal Display), or other hardware; the mobile payment module 206, and the virtual desktop The module 202 is connected to be configured to complete the mobile payment service according to the control of the mobile payment server. The mobile payment server 10 includes: an authentication module 102, a mobile payment platform module 104 and an account platform module 106. The functions of each module are as follows: the authentication module 102, setting To receive the connection request of the mobile terminal 20, the identity of the mobile terminal 20 is authenticated according to the identity information provided by the mobile terminal 20; the authentication module 102 may be specifically a security authentication management center, and centrally authenticate each terminal user; The module 104 is connected to the authentication module 102, and is configured to establish a virtual machine for the mobile terminal 20 after being authenticated by the authentication module 102, and the mobile payment service is controlled by the virtual machine to be presented on the mobile terminal 20, and according to the mobile terminal 20 The feedback transaction operation information executes the current service; the account platform module 106 is connected to the mobile payment platform module 104 and configured to perform account management on the current service performed by the mobile payment platform module 104. The mobile terminal 20 of the present embodiment includes the above-described mobile payment function in addition to the mobile communication function. The mobile payment platform module 104 of this embodiment provides a virtual machine for each mobile terminal, and sets a resource pool and a virtual device. Each virtual machine runs a mobile terminal instance, and the mobile payment service runs on the hosted virtual machine, and the virtual machine controls the mobile terminal through the remote control protocol. Virtualization technologies currently include monthly server virtualization, application virtualization, and desktop virtualization. At present, technologies such as network virtualization and video card virtualization are rapidly developing. For physical devices supporting virtualization technology, it is easy to implement IAAS (Infrastructure As Service) to realize cloud computing. The mobile payment server of the embodiment sets the running program of the mobile payment service on the mobile payment server by setting up the virtual machine for the mobile terminal, and solves the payment service realization caused by the difference of the mobile terminal (for example, the operating system is different). Complex problem, no matter what type of mobile terminal, as long as it has basic display and communication interface functions, it can realize various mobile payment services. At the same time, the software upgrade of mobile payment service in this mode only needs mobile payment. The server operates, is simple to implement, and improves customer experience satisfaction. Considering that the security mechanism in the related mobile payment technology still faces Trojan hijacking and phishing or man-in-the-middle attacks, such as digital certificate or dynamic token two-factor authentication, there is still a security risk. Therefore, this embodiment uses the associated hardware associated with the mobile terminal hardware. / decryption method. Based on this, the mobile payment platform module 104 includes: a storage unit and a service encryption unit, wherein: the storage unit is configured to store hardware function information of the mobile terminal 20; wherein the hardware function information may include: LCD size, resolution, Codec ( Codec) Supports information such as codec format; The mobile payment server can obtain the hardware function information of each mobile terminal offline, for example, when the mobile user signs the mobile payment service with the operator, or obtains through other secure channels. The hardware function information of the mobile terminal; the service encryption unit is connected to the storage unit, and is configured to generate a service plus password stream according to the hardware function information stored by the storage unit, and encrypt the current service by using the service plus password stream, ^! The encrypted current service is sent to the mobile terminal 20; the virtual desktop control module 202 includes: a service decryption unit, configured to generate a service decryption stream by using the hardware function information of the mobile terminal 20, and decrypt the received current service by using the service decryption stream. , presenting the decrypted current business. Preferably, the service encryption unit includes: a service plus password stream generation subunit, configured to generate a service or password stream in a picture or video format by hardware function information stored in the storage unit; the service decryption unit includes: a service decryption stream generation subunit, The hardware function information of the mobile terminal 20 is set to generate a service decryption stream in a picture or video format. The mobile payment platform module 104 retains hardware function information of the mobile terminal through the storage unit, such as
LCD大小, 分辨率, Codec (编解码器) 支持编解码格式等相关信息, 这样移 动支付服务器便可以根据该信息实现每个终端用户独特加密方式, 如通过安全 芯片与图像 /视频加速器硬件配合加 /解密。 支付平台模块 104通过虚拟桌面技 术将交易信息, 用户信息通过安全加密的视频或图片传递给终端用户。 因为每 个终端的呈现(例如, 显示)方式不同、 图像 /视频处理不同, 使通过钓鱼或中 间人攻击变得不能。 即使恶意终端截获当前的业务, 因其不具备真正移动终端 的硬件功能信息, 所以该恶意终端上将无法对该业务信息进行解密, 此时, 显 示的内容将会使乱码, 这样恶意用户无法完成当前业务, 增强了移动支付业务 的安全性。 实施例 2 本实施例提供了一种移动支付系统, 该系统包括实施例 1所示的移动终端 和移动支付服务器, 参见图 2, 该移动终端上包括虚拟桌面控制模块 202、 虚 拟驱动控制模块 204和移动支付模块 206; 各模块的功能与实施例 1 中基本相 同, 不同之处在于, 移动支付模块 206还包括: 安全单元 262 , 移动支付模块 即可以支持远程支付的手机银行, 也可以是支持现场支付 NFC, 如安全单元釆 用 SIM (用户识别卡) 等。 本实施例的虚拟桌面控制模块 202中设置有虚拟桌面程序, 该程序通过远 程控制协议与服务器(即上述移动支付服务器 10 )进行通信。 通过服务器上的 认证模块 102进行认证及安全控制,并根据移动支付业务要求对虚拟驱动控制, 将业务呈现在移动终端 20上。 本实施例的移动终端 20支持虚拟驱动控制, 在对应用程序透明的情况下, 虚拟机上能够通过远程控制协议, 对虚拟音视频设备和 I/O (输入 /输出)接口 的操作, 并通过虚拟桌面程序进行呈现。 其中, 虚拟驱动控制模块包括 2G/3G、 WiFi 等通信模块控制及按键 /触摸屏、 LCD、 Audio (视频)、 Camera (照相) 等硬件驱动; 也包括对移动支付模块 206的驱动控制。 上述远程控制协议为移动终端与服务器的通信协议, 可将通用 PC上的远 程控制协议移植到移动终端上, 如 VDI ( Virtual Desktop Infrastructure, 虚拟桌 面框架)协议。 通过远程控制协议可以把服务器支付应用通过无线链路呈现在 终端侧, 即实现桌面虚拟化控制; 无线链路可通过 2G/3G蜂窝网、 WiFi等无 线通信方式完成。 通过本实施例可以轻松部署各类支付业务, 移动终端只需要提供通用的按 键 /触摸屏、 LCD 及移动支付模块等驱动即可以支持各种不同的支付业务; 避 免因为支付业务不同增加安全模块或终端客户端程序。 本实施例的移动支付服务器 10包括: 认证模块 102 (也可以是安全认证管 理中心;)、 移动支付平台模块 104和账户平台模块 106 , 各模块的功能与实施例LCD size, resolution, Codec (codec) support codec format and other related information, so mobile payment server can achieve unique encryption method for each end user based on this information, such as through security chip and image / video accelerator hardware / decryption. The payment platform module 104 transmits the transaction information and the user information to the end user through the securely encrypted video or picture through the virtual desktop technology. Because each terminal has different presentation (eg, display) and different image/video processing, it becomes impossible to attack by phishing or man-in-the-middle. Even if the malicious terminal intercepts the current service, because it does not have the hardware function information of the real mobile terminal, the malicious terminal cannot decrypt the service information. At this time, the displayed content will be garbled, so that the malicious user cannot complete the information. The current business enhances the security of mobile payment services. Embodiment 2 This embodiment provides a mobile payment system, which includes the mobile terminal and the mobile payment server shown in Embodiment 1. Referring to FIG. 2, the mobile terminal includes a virtual desktop control module 202 and a virtual drive control module 204. And the mobile payment module 206; the functions of the modules are basically the same as those in the first embodiment, except that the mobile payment module 206 further includes: a security unit 262, which is a mobile banking that can support remote payment, or can be supported. Pay NFC on site, such as SIM (User Identification Card) for security unit. The virtual desktop control module 202 of this embodiment is provided with a virtual desktop program, and the program communicates with the server (ie, the mobile payment server 10 described above) through a remote control protocol. The authentication and security control is performed by the authentication module 102 on the server, and the virtual drive control is performed according to the mobile payment service requirement, and the service is presented on the mobile terminal 20. The mobile terminal 20 of the present embodiment supports virtual drive control. In the case of being transparent to the application, the virtual machine can operate the virtual audio and video device and the I/O (input/output) interface through the remote control protocol. The virtual desktop program is rendered. The virtual drive control module includes communication module control such as 2G/3G, WiFi, and hardware drivers such as a button/touch screen, LCD, Audio, and camera; and also includes driving control of the mobile payment module 206. The above remote control protocol is a communication protocol between the mobile terminal and the server, and the remote control protocol on the general-purpose PC can be transplanted to the mobile terminal, such as a VDI (Virtual Desktop Infrastructure) protocol. Through the remote control protocol, the server payment application can be presented on the terminal side through the wireless link, that is, the desktop virtualization control is implemented; the wireless link can be completed by wireless communication methods such as 2G/3G cellular network and WiFi. Through this embodiment, various types of payment services can be easily deployed. The mobile terminal only needs to provide a universal button/touch screen, LCD, and mobile payment module to support various payment services; avoid adding security modules or terminals because of different payment services. Client program. The mobile payment server 10 of this embodiment includes: an authentication module 102 (which may also be a security authentication management center;), a mobile payment platform module 104, and an account platform module 106. Functions and embodiments of each module
1基本相同本实施例通过安全认证管理中心完成统一的认证及安全管理。 移动 终端一般都有安全单元, 可以作为口令卡, 数字证书等物理^载, 因此可以基 于安全单元统一的安全认证。 因为支付应用运行在上述月艮务器上, 移动终端 20通过远程通信协议可以 将图像或视频呈现在移动终端上, 所以可以在支付平台与移动终端建立起基于 图像 /视频加密技术的安全逻辑通路, 通过图像 /视频加密技术进行数据传输保 护。 在服务器的移动支付平台模块 104 中保留各个移动终端 20的硬件功能信 息, 如 LCD大小, 分辨率, Codec (编解码器) 支持编解码格式等相关信息。 可以才艮据硬件功能信息实现每个终端用户独特加密方式, 如通过安全芯片与图 像 /视频加速器硬件配合加 /解密。 移动支付平台通过虚拟桌面技术将交易信息, 用户信息通过安全加密的视频或图片传递给终端用户。 因为每个终端的显示方 式不同、 图像 /视频处理不同, 因而有效地防范了钓鱼或中间人的攻击。 移动支付平台模块 104是进行消费、 充值、 转账 /汇款、 查询等支付业务的 操作平台, 通过这个平台, 可以实现对终端用户和支付应用的管理, 并实现与 支付应用提供平台和其他应用相关平台的接口, 这个平台根据不同的支付应用 场景会有明显差异。 上述帐户平台模块 106负责终端支付业务系统账户集中管理; 提供集中清 算和结算的功能; 负责管理客户支付业务账户与账户安全信息; 并具有交易风 险控制机制、 额度控制功能及参数配置功能。 由于每个终端在移动支付平台上对应于一个虚拟机, 会有大量虚拟机, 不 同虚拟机可加载不同移动支付应用, 如公交卡、 4艮行卡业务。 因此可利用云计 算平台, 为虚拟机提供计算和存储资源。 应用本实施例提供的系统, 远程移动支付业务的实现方法如下: 1 ) 终端用户使用移动支付前, 跟运营商进行签约, 获得身份认证的安全 产品。 如承载在终端上的安全芯片上的口令卡, 数字证书等。 这里的安全产品 包括 SIM卡 /SD卡, 以及外接 USB key (密钥设备) 等。 1 Basically the same embodiment This embodiment completes unified authentication and security management through the security certification management center. The mobile terminal generally has a security unit, which can be used as a physical card for a password card, a digital certificate, etc., and thus can be based on a unified security authentication of the security unit. Since the payment application runs on the server, the mobile terminal 20 can present the image or video on the mobile terminal through the remote communication protocol, so the secure logic path based on the image/video encryption technology can be established between the payment platform and the mobile terminal. , Data transmission protection through image/video encryption technology. The hardware function information of each mobile terminal 20, such as LCD size, resolution, Codec (codec) supporting codec format and the like, are retained in the mobile payment platform module 104 of the server. It is possible to implement a unique encryption method for each end user according to the hardware function information, such as adding/decrypting with the security chip and the image/video accelerator hardware. The mobile payment platform delivers transaction information and user information to the end user through securely encrypted video or pictures through virtual desktop technology. Because each terminal displays differently and the image/video processing is different, it effectively prevents the attack of the phishing or middleman. The mobile payment platform module 104 is an operation platform for performing payment services such as consumption, recharge, transfer/remittance, inquiry, etc. Through this platform, management of the end user and the payment application can be realized, and the payment application platform and other application-related platforms can be realized. Interface, this platform will have significant differences depending on the payment application scenario. The account platform module 106 is responsible for centralized management of the terminal payment service system account; provides centralized clearing and settlement functions; is responsible for managing customer payment service accounts and account security information; and has a transaction risk control mechanism, a quota control function, and a parameter configuration function. Since each terminal corresponds to one virtual machine on the mobile payment platform, there will be a large number of virtual machines, and different virtual machines can load different mobile payment applications, such as bus cards and 4 line cards. So you can use the cloud computing platform to provide computing and storage resources for virtual machines. Applying the system provided in this embodiment, the method for implementing the remote mobile payment service is as follows: 1) Before the end user uses the mobile payment, the terminal user signs a contract with the operator to obtain the identity authentication security product. Such as a password card, a digital certificate, etc. carried on a security chip on the terminal. Security products here include SIM/SD cards, as well as external USB keys.
2 ) 当移动终端通过远程控制协议接入服务器 (即移动支付服务器), 终端 用户输入登陆账户及密码, 进行用户身份认证。 3 ) 认证通过后, 移动支付平台模块为该终端用户建立虚拟机, 通过虚拟 桌面技术将移动支付业务呈现在移动终端上。 2) When the mobile terminal accesses the server through the remote control protocol (ie, the mobile payment server), the terminal user inputs the login account and password to perform user identity authentication. 3) After the authentication is passed, the mobile payment platform module creates a virtual machine for the terminal user, and presents the mobile payment service on the mobile terminal through the virtual desktop technology.
4 ) 用户选择交易项目, 因涉及资金及账户, 考虑到安全问题, 需要进一 步进行身份认证。 本实施例使用通用的数字证书, 其中 PKI ( Public Key Infrastructure, 公钥基础设施) 在安全芯片中实现。 数字证书是基于公共密钥 基础设施 KPI体系, 包括数字加密, 数字签名, 防抵赖, 数据完整性和身份鉴 别所需的密钥和认证实施统一集中化管理。 进一步, 将移动终端与服务器之间的交互信息按内容分为两种, 一种是基 于图像或视频的信息, 一种是普通信令。 图像或视频的信息可以釆用与信令不 同的加密密钥。 也可以结合图像 /视频加密压缩技术, 如通过安全单元 262与图 像 /视频加速器硬件配合釆用特点的编解码, 实现每个终端用户独特加密方式。 因为安全芯片及每个终端图像 /视频处理不同,加上可以釆用私有的远程控制协 议。 本实施例釆用虚拟化技术可以按终端用户需要提供不同的支付业务, 完成 多应用业务管理。 通过服务器简单应用升级就可以支持新支付业务, 从而大大 缩短的新业务部署时间以及推广成本。 同时, 移动支付业务运行在基于虚拟化 技术的移动支付平台,与安全认证管理中心和账户平台分开, 简化了认证流程, 保证系统的安全, 提高了支付业务部署能力。 实施例 3 上述实施例 1和 2提供的移动支付系统主要是针对远程移动支付业务而言 的, 实际上的移动支付业务还包括现场支付业务, 此时, 移动终端可以相当于 银行卡或公交卡等。 基于此, 本实施例提供了一种移动支付系统, 参见图 3 , 该移动支付系统除了包括实施例 1所示的移动支付服务器 10和移动终端 20夕卜, 该系统还包括: 受理终端 30和受理终端管理设备 40; 移动终端 20还包括: 近场通信模块 208 , 设置为与受理终端 30进行移动 支付业务通信, 完成现场支付业务; 受理终端 30 , 设置为通过受理终端管理设备 40将现场支付业务的交易操 作信息上传至移动支付服务器 10的移动支付平台模块; 受理终端 30包括 POS机、 阅读器、 闸机等电子支付系统侧设备, 移动终 端 20通过 NFC天线与受理终端 30进行通信。 受理终端管理设备除完成传统 受理终端服务与管理功能, 并上传交易操作信息到移动支付平台模块。 受理终端管理设备 40 ,设置为转发受理终端 30与移动支付服务器 10间的 现场支付业务的交易操作信息。 另外, 若该移动终端仅设置为现场移动支付业务, 不需要支持远程移动支 付业务, 则移动终端 20 中的移动支付模块 206可以删除, 直接将近场通信模 块 208与虚拟桌面控制模块 202相连, 此情况下, 近场通信模块 208可以包括 安全单元 (例如, 釆用 SIM卡;)、 NFC CLF ( NFC射频前端) 与 NFC天线, 这种方式的系统结构如图 4所示, 具体功能同上, 这里不再赘述。 本实施例的移动终端与移动支付服务器间通过远程控制协议进行通信, 该 协议可以是通用 PC上的远程控制协议移植到移动终端上, 如 VDI协议。 通过 远程控制协议可以 fc 艮务器侧应用的桌面通过无线链路复现在移动终端侧, 即 实现桌面虚拟控制; 具体通信釆用 2G/3G蜂窝网、 WiFi等无线方式。 移动终端接入移动支付服务器需要经过安全认证, 本实施例的由服务器上 的安全认证管理中心 (即认证模块 ) 完成统一的认证及安全管理, 提供用户身 份认证及授权, 保证交易数据传输的保密性和真实性, 保证交易数据在移动网 络中传输的完整性和交易的不可否认性。 应用本实施例提供的系统, NFC交易的实现方法如下: 1 ) 移动终端用户使用移动支付前, 跟运营商进行签约, 获得身份认证的 安全产品。 如承载在移动终端上的安全芯片上的口令卡, 数字证书等。 这里的 安全产品为 SIM卡或 SD卡。 4) The user selects the transaction item, and because of the funds and accounts involved, in consideration of security issues, further identity authentication is required. This embodiment uses a general digital certificate in which a PKI (Public Key Infrastructure) is implemented in a security chip. Digital certificates are based on the public key infrastructure KPI system, including digital encryption, digital signatures, non-repudiation, data integrity and identity authentication. Further, the interaction information between the mobile terminal and the server is divided into two types according to content, one is based on image or video information, and the other is common signaling. The information of the image or video can use an encryption key different from the signaling. It can also be combined with image/video encryption compression technology, such as the codec of the security unit 262 and the image/video accelerator hardware to achieve unique encryption mode for each end user. Because the security chip and each terminal image/video processing are different, plus the private remote control protocol can be used. In this embodiment, the virtualization technology can provide different payment services according to the needs of the end user, and complete multi-application service management. The new payment service can be supported by a simple application upgrade of the server, thereby greatly shortening the deployment time and promotion cost of the new service. At the same time, the mobile payment service runs on the mobile payment platform based on virtualization technology, which is separated from the security authentication management center and the account platform, which simplifies the authentication process, ensures the security of the system, and improves the deployment capability of the payment service. Example 3 The mobile payment system provided by the above embodiments 1 and 2 is mainly for the remote mobile payment service. The actual mobile payment service also includes the on-site payment service. At this time, the mobile terminal can be equivalent to a bank card or a bus card. Based on this, the embodiment provides a mobile payment system. Referring to FIG. 3, the mobile payment system includes the mobile payment server 10 and the mobile terminal 20 shown in Embodiment 1. The system further includes: the receiving terminal 30 and The receiving terminal management device 40; the mobile terminal 20 further includes: a near field communication module 208 configured to perform mobile payment service communication with the receiving terminal 30 to complete an on-site payment service; and the receiving terminal 30 is configured to pay on-site payment through the acceptance terminal management device 40. The transaction operation information of the service is uploaded to the mobile payment platform module of the mobile payment server 10; the acceptance terminal 30 includes an electronic payment system side device such as a POS machine, a reader, and a gate, and the mobile terminal 20 communicates with the acceptance terminal 30 through the NFC antenna. The terminal management device accepts the traditional terminal service and management functions, and uploads the transaction operation information to the mobile payment platform module. The reception terminal management device 40 is provided to transfer transaction operation information of the on-site payment service between the acceptance terminal 30 and the mobile payment server 10. In addition, if the mobile terminal is only configured as a mobile payment service in the field and does not need to support the remote mobile payment service, the mobile payment module 206 in the mobile terminal 20 can be deleted, and the near field communication module 208 is directly connected to the virtual desktop control module 202. In this case, the near field communication module 208 may include a security unit (for example, a SIM card;), an NFC CLF (NFC radio frequency front end), and an NFC antenna. The system structure of this mode is as shown in FIG. 4, and the specific functions are the same as above. No longer. The mobile terminal of this embodiment communicates with the mobile payment server through a remote control protocol, which may be a remote control protocol on a general-purpose PC, such as a VDI protocol. Through the remote control protocol, the desktop of the application server can be restored to the mobile terminal side through the wireless link, that is, the desktop virtual control is realized; the specific communication uses the wireless mode such as 2G/3G cellular network and WiFi. The mobile terminal accesses the mobile payment server and needs to undergo security authentication. In this embodiment, the security authentication management center (ie, the authentication module) on the server completes unified authentication and security management, provides user identity authentication and authorization, and ensures confidentiality of transaction data transmission. Sex and authenticity, guarantee the integrity of the transmission of transaction data in the mobile network and the non-repudiation of the transaction. Applying the system provided in this embodiment, the implementation method of the NFC transaction is as follows: 1) Before the mobile terminal user uses mobile payment, sign the contract with the operator to obtain the identity authentication security product. Such as a password card, a digital certificate, etc. carried on a security chip on the mobile terminal. The security product here is a SIM card or an SD card.
2 ) 移动终端靠近受理终端感受到磁场时, 通过远程控制协议接入移动支 付服务器, 移动终端用户输入登陆账户及密码, 进行终端用户的身份认证。 2) When the mobile terminal feels the magnetic field close to the receiving terminal, access the mobile payment server through the remote control protocol, and the mobile terminal user inputs the login account and the password to authenticate the identity of the terminal user.
3 ) 认证通过后, 移动支付平台为该终端用户启动相应的支付应用。 可选 的, 终端用户选择交易项目, 因涉及资金及账户, 需要通过数字证书进一步身 份认证, 其中, PKI在安全芯片中实现。 3) After the authentication is passed, the mobile payment platform launches the corresponding payment application for the end user. Optionally, the end user selects the transaction item, and needs to be further authenticated by the digital certificate because of the funds and accounts involved, wherein the PKI is implemented in the security chip.
4 ) 等待移动终端用户从受理终端输入交易密码 (现场通过 POS机等受理 终端输入 )„ 4) Wait for the mobile terminal user to enter the transaction password from the acceptance terminal (on-site input through the POS machine, etc.) „
5 ) 移动支付平台判定账户有效后, 将本次终端用户信息、 交易信息, 及 确认码通过虚拟桌面技术将移动支付业务呈现在移动终端上, 为了增强安全 性, 这些信息釆用图像 /视频加密技术, 该加密技术中引入了该移动终端的硬件 功能信息。 6 ) 移动终端对接收到的信息进行解码后显示给终端用户, 用户 居显示 的内容进行相应操作, 例如: 通过移动终端输入确认码。 5) After the mobile payment platform determines that the account is valid, the terminal user information, the transaction information, and the confirmation code present the mobile payment service on the mobile terminal through virtual desktop technology. For enhanced security, the information is encrypted by image/video. Technology, the hardware function information of the mobile terminal is introduced in the encryption technology. 6) The mobile terminal decodes the received information and displays it to the terminal user, and the content displayed by the user performs corresponding operations, for example: inputting a confirmation code through the mobile terminal.
7 ) 移动支付平台完成业务处理后, 通过受理终端管理设备通知受理终端 交易成功。 本实施例的现场支付业务是基于虚拟化技术完成的, 可以按终端用户需要 提供不同的支付业务, 完成多应用业务管理; 通过服务器简单应用升级就可以 支持新支付业务, 从而大大缩短的新业务部署时间以及推广成本。 同时, 移动 支付业务运行在基于虚拟化技术的移动支付平台, 与安全认证管理中心和账户 平台分开, 简化了认证流程, 保证系统的安全, 提高了支付业务部署能力。 实施例 4 本实施例提供了一种移动终端, 参见图 5 , 该移动终端包括: 虚拟桌面控制模块 52 ,设置为通过远程控制协议向移动支付服务器发送连 接请求, 并通过远程控制协议向移动支付服务器提供身份信息, 以及根据移动 支付服务器的控制呈现移动支付业务, 向移动支付服务器反馈用户的交易操作 信息; 虚拟桌面控制模块 52 呈现移动支付业务的方式可以有多种, 例如以语音 方式呈现移动支付业务, 或者以图片或文字形式显示移动支付业务, 还可以以 视频方式播放移动支付业务; 虚拟驱动控制模块 54 , 与虚拟桌面控制模块 52相连, 设置为驱动并控制 虚拟桌面控制模块 52呈现当前业务所需的硬件; 该硬件可以是 LCD等; 移动支付模块 56 , 与虚拟桌面控制模块 52相连, 设置为根据移动支付服 务器的控制, 完成移动支付业务。 为了增强移动支付业务的安全性, 本实施例釆用的加解密技术结合了移动 终端的硬件功能信息, 其中, 硬件功能信息包括: LCD 大小, 分辨率, Codec (编解码器) 支持编解码格式等相关信息, 这样移动支付服务器便可以根据该 信息实现每个终端用户独特加密方式,如通过安全芯片与图像 /视频加速器硬件 配合加 /解密。 因为每个终端的显示方式不同、 图像 /视频处理不同, 使通过钓 鱼或中间人攻击变得不能。 即使恶意终端截获当前的业务, 因其不具备真正移 动终端的硬件功能信息, 所以该恶意终端上将无法对该业务信息进行解密, 此 时, 显示的内容将会使乱码, 这样恶意用户无法完成当前业务, 增强了移动支 付业务的安全性。 基于此, 虚拟桌面控制模块 52 包括: 业务解密单元, 设置 为接收到的当前业务为使用业务加密码流加密后的信息时, 根据移动终端的硬 件功能信息生成业务解密码流, 使用业务解密码流解密接收到的当前业务, 呈 现解密后的当前业务。 优选地, 上述业务解密单元包括: 业务解密码流生成子单元, 设置为 居 移动终端的硬件功能信息生成图片或视频格式的业务解密码流。 考虑到移动支付业务除了远程应用外, 还有现场应用的需求, 基于此, 本 实施例的移动终端还包括: 近场通信模块, 设置为与受理终端进行移动支付业 务通信, 完成现场支付业务。 具体现场支付业务的实现可以参考实施例 3 , 这 里不再赘述。 本实施例的移动支付业务的运行程序设置在移动支付服务器上, 解决了因 移动终端差异化 (例如, 操作系统存在差异)导致的支付业务实现较复杂的问 题, 无论移动终端是哪种类型, 只要其具备基本的显示与通信接口等功能, 即 可实现各种移动支付业务, 同时, 该方式下的移动支付业务的软件升级只需要 对移动支付服务器进行操作, 实现简单, 提高了客户体验满意度。 实施例 5 本实施例提供了一种移动支付业务的实现方法, 该方法以应用实施例 1或 实施例 2提供的系统为例进行说明, 参见图 6, 该方法包括以下步骤: 步骤 S602, 移动终端通过远程控制协议向移动支付艮务器发送连接请求; 步骤 S604,移动支付服务器接收到连接请求后,获取移动终端的身份信息, 根据身份信息对移动终端的身份进行认证, 认证通过后, 为移动终端建立虚拟 机, 通过虚拟机控制移动支付业务呈现在移动终端上; 该移动终端呈现移动支付业务的方式可以有多种, 例如以语音方式呈现移 动支付业务, 或者以图片或文字形式显示移动支付业务, 还可以以视频方式播 放移动支付业务; 步骤 S606 , 移动终端接收用户的交易操作信息, 向移动支付服务器反馈该 交易操作信息; 步骤 S608, 移动支付服务器根据交易操作信息执行当前业务, 并对当前业 务进行账户管理。 其中, 移动支付服务器通过虚拟机控制移动支付业务呈现在移动终端上包 括: 移动支付服务器根据存储的移动终端的硬件功能信息生成业务加密码流, 使用业务加密码流加密当前业务, 将加密后的当前业务发送给移动终端; 移动 终端接收到当前业务后, 根据自身的硬件功能信息生成业务解密码流, 使用业 务解密码流解密当前业务, 呈现解密后的当前业务。 上述业务加密码流和业务解密码流均为图片或视频格式。 为了增强移动支付业务的安全性, 本实施例釆用了加解密技术结合了移动 终端的硬件功能信息, 其中, 硬件功能信息包括: LCD大小, 分辨率, Codec (编解码器) 支持编解码格式等相关信息, 这样移动支付服务器便可以根据该 信息实现每个终端用户独特加密方式,如通过安全芯片与图像 /视频加速器硬件 配合加 /解密。 因为每个终端的显示方式不同、 图像 /视频处理不同, 使通过钓 鱼或中间人攻击变得不能。 即使恶意终端截获当前的业务, 因其不具备真正移 动终端的硬件功能信息, 所以该恶意终端上将无法对该业务信息进行解密, 此 时, 显示的内容将会使乱码, 这样恶意用户无法完成当前业务, 增强了移动支 付业务的安全性。 本实施例的移动支付服务器通过为移动终端建立虚拟机, 将移动支付业务 的运行程序设置在移动支付服务器上, 解决了因移动终端差异化 (例如, 操作 系统存在差异)导致的支付业务实现较复杂的问题,无论移动终端是哪种类型, 只要其具备基本的显示与通信接口等功能, 即可实现各种移动支付业务, 同时, 该方式下的移动支付业务的软件升级只需要对移动支付服务器进行操作, 实现 简单, 提高了客户体验满意度。 从以上的描述中可以看出, 本发明实施例主要釆用了虚拟机技术, 将原来 在移动终端上的支付业务程序转移到服务器侧, 使移动终端只要具备基本的显 示与通信接口, 即可实现各种移动支付业务, 同时, 该方式下的移动支付业务 的软件升级只需要对移动支付服务器进行操作, 实现简单, 提高了客户体验满 意度。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可以 用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多 个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码 来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 并且在某些 情况下, 可以以不同于此处的顺序执行所示出或描述的步骤, 或者将它们分别 制作成各个集成电路模块, 或者将它们中的多个模块或步骤制作成单个集成电 路模块来实现。 这样, 本发明不限制于任何特定的硬件和软件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领 域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的 ^"神和原则 之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之 内。 7) After the mobile payment platform completes the business processing, the acceptance terminal management device notifies the acceptance terminal that the transaction is successful. The on-site payment service in this embodiment is implemented based on the virtualization technology, and can provide different payment services according to the needs of the terminal user, and complete multi-application service management; the new payment service can be supported by the simple application upgrade of the server, thereby greatly shortening the new service. Deployment time and promotion costs. At the same time, the mobile payment service runs on the mobile payment platform based on virtualization technology, which is separated from the security authentication management center and the account platform, which simplifies the authentication process, ensures the security of the system, and improves the deployment capability of the payment service. Embodiment 4 This embodiment provides a mobile terminal. Referring to FIG. 5, the mobile terminal includes: a virtual desktop control module 52 configured to send a connection request to a mobile payment server through a remote control protocol, and send a mobile payment through a remote control protocol. The server provides identity information, as well as mobile The control of the payment server presents the mobile payment service, and the user's transaction operation information is fed back to the mobile payment server. The virtual desktop control module 52 can present the mobile payment service in various ways, such as presenting the mobile payment service by voice, or by using a picture or text. The form displays the mobile payment service, and can also play the mobile payment service in a video manner; the virtual drive control module 54 is connected to the virtual desktop control module 52, and is configured to drive and control the hardware required by the virtual desktop control module 52 to present the current service; The mobile payment module 56 is connected to the virtual desktop control module 52 and configured to complete the mobile payment service according to the control of the mobile payment server. In order to enhance the security of the mobile payment service, the encryption and decryption technology used in this embodiment combines the hardware function information of the mobile terminal, wherein the hardware function information includes: LCD size, resolution, Codec (codec), support codec format Such information, such that the mobile payment server can implement a unique encryption method for each end user according to the information, such as adding/decrypting with the security chip and the image/video accelerator hardware. Because each terminal is displayed in a different way and the image/video processing is different, it becomes impossible to attack by phishing or man-in-the-middle. Even if the malicious terminal intercepts the current service, because it does not have the hardware function information of the real mobile terminal, the malicious terminal cannot decrypt the service information. At this time, the displayed content will be garbled, so that the malicious user cannot complete the information. The current business enhances the security of mobile payment services. Based on this, the virtual desktop control module 52 includes: a service decryption unit, configured to generate a service decryption stream according to hardware function information of the mobile terminal when the received current service is encrypted by using the service encryption stream, and use the service decryption code. The stream decrypts the received current service and presents the decrypted current service. Preferably, the service decryption unit includes: a service decryption stream generation subunit, configured to generate a service or password stream in a picture or video format by hardware function information of the mobile terminal. The mobile terminal of the present embodiment further includes: a near field communication module configured to perform mobile payment service communication with the acceptance terminal to complete the on-site payment service. For the implementation of the specific on-site payment service, refer to Embodiment 3, and details are not described herein again. The running program of the mobile payment service of the embodiment is set on the mobile payment server, and solves the problem that the payment service is complicated due to the difference of the mobile terminal (for example, the operating system is different), regardless of the type of the mobile terminal. As long as it has basic display and communication interfaces, ie A variety of mobile payment services can be implemented. At the same time, the software upgrade of the mobile payment service in this mode only needs to operate on the mobile payment server, which is simple to implement and improves customer experience satisfaction. Embodiment 5 This embodiment provides a method for implementing a mobile payment service. The method is described by using the system provided in Embodiment 1 or Embodiment 2. Referring to FIG. 6, the method includes the following steps: Step S602: The terminal sends a connection request to the mobile payment server through the remote control protocol. Step S604: After receiving the connection request, the mobile payment server acquires the identity information of the mobile terminal, and authenticates the identity of the mobile terminal according to the identity information. After the authentication is passed, the terminal is authenticated. The mobile terminal establishes a virtual machine, and the mobile payment service is displayed on the mobile terminal by using the virtual machine; the mobile terminal can present the mobile payment service in various manners, for example, presenting the mobile payment service by voice, or displaying the mobile in the form of a picture or a text. The payment service can also play the mobile payment service in a video manner; step S606, the mobile terminal receives the transaction operation information of the user, and feeds back the transaction operation information to the mobile payment server; Step S608, the mobile payment server performs the current service according to the transaction operation information, and For the current Services account management. The mobile payment server controls the mobile payment service to be presented on the mobile terminal by using the virtual machine. The mobile payment server generates a service plus password stream according to the stored hardware function information of the mobile terminal, and uses the service plus password stream to encrypt the current service, and the encrypted service is encrypted. The current service is sent to the mobile terminal. After receiving the current service, the mobile terminal generates a service decryption stream according to its own hardware function information, and uses the service decryption stream to decrypt the current service and present the decrypted current service. The above service plus password stream and service decryption stream are both picture or video formats. In order to enhance the security of the mobile payment service, the embodiment uses the encryption and decryption technology to combine the hardware function information of the mobile terminal, wherein the hardware function information includes: LCD size, resolution, Codec (codec) support codec format Such information, such that the mobile payment server can implement a unique encryption method for each end user according to the information, such as adding/decrypting with the security chip and the image/video accelerator hardware. Because each terminal is displayed in a different way and the image/video processing is different, it becomes impossible to attack by phishing or man-in-the-middle. Even if a malicious terminal intercepts the current business because it does not have a real move The hardware function information of the mobile terminal, so the malicious terminal cannot decrypt the service information. At this time, the displayed content will be garbled, so that the malicious user cannot complete the current service, and the security of the mobile payment service is enhanced. The mobile payment server of the embodiment sets the running program of the mobile payment service on the mobile payment server by setting up the virtual machine for the mobile terminal, and solves the payment service realization caused by the difference of the mobile terminal (for example, the operating system is different). Complex problem, no matter what type of mobile terminal, as long as it has basic display and communication interface functions, it can realize various mobile payment services. At the same time, the software upgrade of mobile payment service in this mode only needs mobile payment. The server operates, is simple to implement, and improves customer experience satisfaction. As can be seen from the above description, the embodiment of the present invention mainly uses the virtual machine technology to transfer the payment service program originally on the mobile terminal to the server side, so that the mobile terminal can have the basic display and communication interface as long as it has the basic display and communication interface. A variety of mobile payment services are implemented. At the same time, the software upgrade of the mobile payment service in this mode only needs to operate on the mobile payment server, which is simple to implement and improves customer experience satisfaction. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device and, in some cases, may be different from the order herein. The steps shown or described are performed, or they are separately fabricated into individual integrated circuit modules, or a plurality of modules or steps are fabricated as a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种移动支付系统, 包括移动支付服务器和移动终端;  A mobile payment system, comprising a mobile payment server and a mobile terminal;
所述移动终端包括: 虚拟桌面控制模块, 设置为通过远程控制协议向所述移动支付服务 器发送连接请求, 并通过所述远程控制协议向所述移动支付服务器提供 身份信息, 以及根据所述移动支付服务器的控制呈现移动支付业务, 并 向所述移动支付服务器反馈用户的交易操作信息;  The mobile terminal includes: a virtual desktop control module configured to send a connection request to the mobile payment server through a remote control protocol, and provide identity information to the mobile payment server through the remote control protocol, and according to the mobile payment The control of the server presents a mobile payment service, and feeds back the transaction operation information of the user to the mobile payment server;
虚拟驱动控制模块, 设置为驱动并控制所述虚拟桌面控制模块呈现 当前业务所需的硬件;  a virtual drive control module, configured to drive and control the hardware required by the virtual desktop control module to present a current service;
移动支付模块, 设置为根据所述移动支付服务器的控制完成移动支 付业务;  a mobile payment module, configured to complete a mobile payment service according to control of the mobile payment server;
所述移动支付服务器包括:  The mobile payment server includes:
认证模块, 设置为接收所述移动终端的连接请求, 居所述移动终 端提供的身份信息对所述移动终端的身份进行认证;  An authentication module, configured to receive a connection request of the mobile terminal, and verify identity of the mobile terminal by using identity information provided by the mobile terminal;
移动支付平台模块, 设置为所述移动终端通过所述认证模块的认证 后, 为所述移动终端建立虚拟机, 通过所述虚拟机控制所述移动支付模 块完成移动支付业务, 将所述移动支付业务呈现在所述移动终端上, 并 根据所述移动终端反馈的交易操作信息执行当前业务;  a mobile payment platform module, configured to establish a virtual machine for the mobile terminal after the mobile terminal is authenticated by the authentication module, and control the mobile payment service by the virtual machine to complete the mobile payment service, and the mobile payment service The service is presented on the mobile terminal, and performs a current service according to the transaction operation information fed back by the mobile terminal;
账户平台模块, 设置为对所述移动支付平台模块执行的当前业务进 行账户管理。  The account platform module is configured to perform account management on the current service performed by the mobile payment platform module.
2. 根据权利要求 1所述的系统, 其中, 2. The system of claim 1 wherein
所述移动支付平台模块包括: 存储单元, 设置为存储所述移动终端 的硬件功能信息; 业务加密单元, 设置为根据所述存储单元存储的所述 硬件功能信息生成业务加密码流, 使用所述业务加密码流加密所述当前 业务, 将加密后的所述当前业务发送给所述移动终端;  The mobile payment platform module includes: a storage unit configured to store hardware function information of the mobile terminal; a service encryption unit configured to generate a service plus password stream according to the hardware function information stored by the storage unit, using the The service plus password stream encrypts the current service, and sends the encrypted current service to the mobile terminal;
所述虚拟桌面控制模块包括: 业务解密单元, 设置为 居所述移动 终端的硬件功能信息生成业务解密码流, 使用所述业务解密码流解密接 收到的所述当前业务, 呈现解密后的所述当前业务。 The virtual desktop control module includes: a service decryption unit configured to generate a service decryption stream for hardware function information of the mobile terminal, decrypt the received current service by using the service decryption stream, and present the decrypted State the current business.
3. 根据权利要求 2所述的系统, 其中, 3. The system according to claim 2, wherein
所述业务加密单元包括: 业务加密码流生成子单元, 设置为 居所 述存储单元存储的所述硬件功能信息生成图片或视频格式的业务加密码 流;  The service encryption unit includes: a service plus password stream generation subunit, configured to generate a service plus password stream in a picture or video format by using the hardware function information stored in the storage unit;
所述业务解密单元包括: 业务解密码流生成子单元, 设置为 居所 述移动终端的硬件功能信息生成图片或视频格式的业务解密码流。  The service decryption unit includes: a service decryption stream generation subunit, configured to generate a service decryption stream in a picture or video format by hardware function information of the mobile terminal.
4. 根据权利要求 1-3任一项所述的系统, 其中, 所述系统还包括: 受理终 端和受理终端管理设备; The system according to any one of claims 1 to 3, wherein the system further comprises: an acceptance terminal and an acceptance terminal management device;
所述移动终端还包括: 近场通信模块, 设置为与所述受理终端进行 移动支付业务通信, 完成现场支付业务;  The mobile terminal further includes: a near field communication module configured to perform mobile payment service communication with the acceptance terminal to complete an on-site payment service;
所述受理终端, 设置为通过所述受理终端管理设备将现场支付业务 的交易操作信息上传至所述移动支付服务器的所述移动支付平台模块; 所述受理终端管理设备, 设置为转发所述受理终端与所述移动支付 服务器间的现场支付业务的交易操作信息。  The receiving terminal is configured to upload transaction operation information of the on-site payment service to the mobile payment platform module of the mobile payment server by the receiving terminal management device; and the receiving terminal management device is configured to forward the receiving Transaction operation information of the on-site payment service between the terminal and the mobile payment server.
5. —种移动终端, 包括: 5. A mobile terminal, comprising:
虚拟桌面控制模块, 设置为通过远程控制协议向移动支付服务器发 送连接请求, 并通过所述远程控制协议向所述移动支付服务器提供身份 信息, 以及根据所述移动支付服务器的控制呈现移动支付业务, 并向所 述移动支付服务器反馈用户的交易操作信息;  a virtual desktop control module, configured to send a connection request to a mobile payment server through a remote control protocol, and provide identity information to the mobile payment server through the remote control protocol, and present a mobile payment service according to control of the mobile payment server, And feeding back the transaction operation information of the user to the mobile payment server;
虚拟驱动控制模块, 设置为驱动并控制所述虚拟桌面控制模块呈现 当前业务所需的硬件;  a virtual drive control module, configured to drive and control the hardware required by the virtual desktop control module to present a current service;
移动支付模块, 设置为根据所述移动支付服务器的控制完成移动支 付业务。  The mobile payment module is arranged to complete the mobile payment service according to the control of the mobile payment server.
6. 根据权利要求 5所述的移动终端, 其中, 所述虚拟桌面控制模块包括: 业务解密单元, 设置为接收到的当前业务为使用业务加密码流加密 后的信息时, 根据所述移动终端的硬件功能信息生成业务解密码流, 使 用所述业务解密码流解密所述接收到的当前业务, 呈现解密后的所述当 前业务; 其中, 所述业务加密码流是所述移动支付艮务器 -据所述移动 终端的硬件功能信息生成的。 The mobile terminal according to claim 5, wherein the virtual desktop control module comprises: a service decryption unit, configured to: when the received current service is information encrypted by using a service plus password stream, according to the mobile terminal The hardware function information generates a service decryption stream, and uses the service decryption stream to decrypt the received current service, and presents the decrypted current service; wherein the service plus password stream is the mobile payment service The device is generated according to the hardware function information of the mobile terminal.
7. 居权利要求 6所述的移动终端, 其中, 所述业务解密单元包括: 业务解密码流生成子单元, 设置为根据所述移动终端的硬件功能信 息生成图片或视频格式的业务解密码流。 The mobile terminal of claim 6, wherein the service decryption unit comprises: a service decryption stream generation subunit, configured to generate a service decryption stream in a picture or video format according to hardware function information of the mobile terminal. .
8. 根据权利要求 5-7任一项所述的移动终端, 其中, 所述移动终端还包括: 近场通信模块, 设置为与受理终端进行移动支付业务通信, 完成现 场支付业务。 The mobile terminal according to any one of claims 5-7, wherein the mobile terminal further comprises: a near field communication module configured to perform mobile payment service communication with the receiving terminal to complete the on-site payment service.
9. 一种移动支付业务的实现方法, 包括: 9. A method for implementing a mobile payment service, comprising:
移动终端通过远程控制协议向移动支付服务器发送连接请求; 移动支付服务器接收到所述连接请求后, 获取所述移动终端的身份 信息, 根据所述身份信息对所述移动终端的身份进行认证, 认证通过后, 为所述移动终端建立虚拟机, 通过所述虚拟机控制所述移动支付业务呈 现在所述移动终端上;  The mobile terminal sends a connection request to the mobile payment server by using a remote control protocol; after receiving the connection request, the mobile payment server acquires identity information of the mobile terminal, and authenticates the identity of the mobile terminal according to the identity information, and authenticates After being passed, a virtual machine is established for the mobile terminal, and the mobile payment service is controlled by the virtual machine to be presented on the mobile terminal;
所述移动终端接收用户的交易操作信息, 向所述移动支付服务器反 馈所述交易操作信息;  Receiving, by the mobile terminal, transaction operation information of the user, and feeding back the transaction operation information to the mobile payment server;
所述移动支付服务器根据所述交易操作信息执行当前业务, 并对所 述当前业务进行账户管理。  The mobile payment server performs a current service according to the transaction operation information, and performs account management on the current service.
10. 根据权利要求 9所述的方法, 其中, 所述移动支付服务器通过所述虚拟 机控制所述移动支付业务呈现在所述移动终端上包括: 10. The method according to claim 9, wherein the controlling, by the mobile payment server, the mobile payment service to be presented on the mobile terminal by using the virtual machine comprises:
所述移动支付服务器根据存储的所述移动终端的硬件功能信息生成 业务加密码流, 使用所述业务加密码流加密当前业务, 将加密后的所述 当前业务发送给所述移动终端;  The mobile payment server generates a service plus password stream according to the stored hardware function information of the mobile terminal, encrypts the current service by using the service plus password stream, and sends the encrypted current service to the mobile terminal;
所述移动终端接收到所述当前业务后, 根据自身的硬件功能信息生 成业务解密码流, 使用所述业务解密码流解密所述当前业务, 呈现解密 后的所述当前业务。  After receiving the current service, the mobile terminal generates a service decryption stream according to its own hardware function information, and uses the service decryption stream to decrypt the current service, and presents the decrypted current service.
11. 根据权利要求 10所述的方法, 其中, 所述业务加密码流和所述业务解密 码流均为图片或视频格式。 11. The method according to claim 10, wherein the service encryption stream and the service decryption code stream are both picture or video formats.
PCT/CN2011/075959 2011-02-23 2011-06-20 Mobile payment system, mobile terminal and method for realizing mobile payment service WO2012113189A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110043330.5A CN102103778B (en) 2011-02-23 2011-02-23 Mobile payment system, mobile terminal and method for realizing mobile payment service
CN201110043330.5 2011-02-23

Publications (1)

Publication Number Publication Date
WO2012113189A1 true WO2012113189A1 (en) 2012-08-30

Family

ID=44156517

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/075959 WO2012113189A1 (en) 2011-02-23 2011-06-20 Mobile payment system, mobile terminal and method for realizing mobile payment service

Country Status (2)

Country Link
CN (1) CN102103778B (en)
WO (1) WO2012113189A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104202746A (en) * 2014-08-13 2014-12-10 中兴通讯股份有限公司 Processing method and device of near field communication data service
US10990957B2 (en) 2017-01-03 2021-04-27 Advanced New Technologies Co., Ltd. Scan and pay method and device utilized in mobile apparatus
US11004061B2 (en) 2006-09-24 2021-05-11 Rfcyber Corporation Method and apparatus for payments between two mobile devices

Families Citing this family (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101831404B1 (en) * 2011-08-11 2018-02-22 엘지전자 주식회사 Mobile terminal and payment method for mobile terminal
CN102938120B (en) * 2011-08-15 2016-08-10 徐雷 IMS trading payment system
CN102984189B (en) 2011-09-07 2017-04-19 华为技术有限公司 Wireless network and implementation method and terminal thereof
CN102402742A (en) * 2011-12-02 2012-04-04 苏州慧飞信息科技有限公司 Charging system based on online banking
CN103294723A (en) * 2012-03-02 2013-09-11 腾讯科技(深圳)有限公司 Mobile payment method and system based on mobile search
CN102610045B (en) * 2012-03-22 2014-11-26 瑞达信息安全产业股份有限公司 Trustable mobile payment system and mobile payment method
CN103049705B (en) * 2012-06-08 2016-08-03 深圳市朗科科技股份有限公司 A kind of based on virtualized method for secure storing, terminal and system
CN102750770A (en) * 2012-06-28 2012-10-24 中福在线(北京)网络科技有限公司 Wireless video lottery terminal system based on cloud computing platform
CN102968841A (en) * 2012-12-07 2013-03-13 江苏新彩软件有限公司 Cell phone lottery betting method based on NFC (Near Field Communication)
CN103905606A (en) * 2012-12-24 2014-07-02 联想(北京)有限公司 Information processing method, information processing device and information processing system
CN103065240B (en) * 2013-01-11 2018-04-27 中兴通讯股份有限公司 A kind of mobile payment processing method and system
CN104038469B (en) 2013-03-07 2017-12-29 中国银联股份有限公司 Equipment for safety information interaction
CN103220347B (en) * 2013-04-01 2015-09-23 无锡成电科大科技发展有限公司 CRP cloud exchange method
CN103426084A (en) * 2013-07-24 2013-12-04 牟大同 Electronic payment system and remote-based or near-field-based payment method
CN104637192B (en) * 2013-11-07 2018-08-14 华为技术有限公司 A kind of stored value card and its application method, mobile terminal and electronic ticket transaction system
CN104702566B (en) * 2013-12-06 2021-08-06 苏州海博智能系统有限公司 Authorized use method and device of virtual equipment
CN104008351B (en) * 2014-05-06 2017-03-15 武汉天喻信息产业股份有限公司 Window application completeness check system, method and device
CN104268749B (en) * 2014-09-05 2016-04-27 深圳光启智能光子技术有限公司 A kind of payment system
CN104318428B (en) * 2014-09-25 2018-06-19 华为软件技术有限公司 The method and apparatus for realizing secured mobile payment
CN105989656A (en) * 2014-11-07 2016-10-05 天地融科技股份有限公司 Data interaction method
CN104601555A (en) * 2014-12-30 2015-05-06 中国航天科工集团第二研究院七〇六所 Trusted security control method of virtual cloud terminal
CN107153533A (en) * 2016-03-04 2017-09-12 深圳市深信服电子科技有限公司 Application call method and system based on Android virtual system
CN106600257A (en) * 2016-08-15 2017-04-26 孔文国 Security-unit-based near-filed payment data exchange system and method of mobile device
CN109933395A (en) * 2019-02-22 2019-06-25 北京易讯通信息技术股份有限公司 A kind of application method based on Pos machine in KVM desktop virtualization

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1717746A1 (en) * 2005-04-28 2006-11-02 NEC Corporation Payment system, paying method and program
CN101093566A (en) * 2006-06-23 2007-12-26 联想(北京)有限公司 Safe mobile payment system, device and method
CN101131756A (en) * 2006-08-24 2008-02-27 联想(北京)有限公司 Security authentication system, device and method for electric cash charge of mobile paying device
CN100444657C (en) * 2003-06-24 2008-12-17 Lg电信株式会社 System for mobile interactive financial transaction using mobile communication terminal
US20090043647A1 (en) * 2007-08-08 2009-02-12 Korea Smart Card Co., Ltd. Metthod to activate electronic payment means in mobile terminal and activity server thereof
WO2009035824A2 (en) * 2007-09-10 2009-03-19 Microsoft Corporation Mobile wallet and digital payment

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100365261B1 (en) * 2000-03-02 2002-12-18 주식회사 로직플랜트 Web drive system
CN100512271C (en) * 2004-08-31 2009-07-08 中国科学院计算技术研究所 Distributed device reorienting system and method in terminal network environment
CN101217566B (en) * 2008-01-07 2012-09-12 方科峰 Mobile traffic digital IP information platform
KR100987256B1 (en) * 2008-04-11 2010-10-12 (주) 아이티비엠지 Appratus for providing interactive service in ubiquitous environment
CN101661653A (en) * 2009-07-23 2010-03-03 烟台麦特电子有限公司 Mobile payment method and vehicle-mounted intelligent terminal device thereof
KR20110040604A (en) * 2009-10-14 2011-04-20 삼성전자주식회사 Cloud server, client terminal, device, method for operating cloud server and method for operating client terminal
KR101117923B1 (en) * 2010-04-30 2012-02-29 최백준 Terminal server apparatus and method for supporting electronic commerce using internet secure payment in server based computing system of terminal environment
CN101977183B (en) * 2010-10-09 2013-06-12 江苏博智软件科技有限公司 High reliable digital content service method applicable to multiclass terminal equipment
CN101977190B (en) * 2010-10-25 2013-05-08 北京中科联众科技股份有限公司 Digital content encryption transmission method and server side

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100444657C (en) * 2003-06-24 2008-12-17 Lg电信株式会社 System for mobile interactive financial transaction using mobile communication terminal
EP1717746A1 (en) * 2005-04-28 2006-11-02 NEC Corporation Payment system, paying method and program
CN101093566A (en) * 2006-06-23 2007-12-26 联想(北京)有限公司 Safe mobile payment system, device and method
CN101131756A (en) * 2006-08-24 2008-02-27 联想(北京)有限公司 Security authentication system, device and method for electric cash charge of mobile paying device
US20090043647A1 (en) * 2007-08-08 2009-02-12 Korea Smart Card Co., Ltd. Metthod to activate electronic payment means in mobile terminal and activity server thereof
WO2009035824A2 (en) * 2007-09-10 2009-03-19 Microsoft Corporation Mobile wallet and digital payment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11004061B2 (en) 2006-09-24 2021-05-11 Rfcyber Corporation Method and apparatus for payments between two mobile devices
CN104202746A (en) * 2014-08-13 2014-12-10 中兴通讯股份有限公司 Processing method and device of near field communication data service
US10990957B2 (en) 2017-01-03 2021-04-27 Advanced New Technologies Co., Ltd. Scan and pay method and device utilized in mobile apparatus

Also Published As

Publication number Publication date
CN102103778B (en) 2014-04-30
CN102103778A (en) 2011-06-22

Similar Documents

Publication Publication Date Title
WO2012113189A1 (en) Mobile payment system, mobile terminal and method for realizing mobile payment service
US10594498B2 (en) Method and service-providing server for secure transmission of user-authenticating information
TWI676945B (en) Method and device for binding wearable device, electronic payment method and device
KR101621254B1 (en) Payment method, computer readable recording medium and system using virtual number based on otp
KR101957840B1 (en) Terminal and method for mobile payment with trusted execution environment
CN105190661B (en) Secure mobile payment using media binding
EP2859488B1 (en) Enterprise triggered 2chk association
JP6482601B2 (en) Management of secure transactions between electronic devices and service providers
CN105027107A (en) Secure virtual machine migration
JP6552714B2 (en) Data processing method and system, and wearable electronic device
TW201319976A (en) Secure authentication method and system for online transactions
US20140279115A1 (en) Mobile payment using cloud computing
CN103986837A (en) Information processing method and device
CN109345241B (en) Code scanning payment method and system
CN109660534B (en) Multi-merchant-based security authentication method and device, electronic equipment and storage medium
GB2515057A (en) System and Method for Obtaining a Digital Signature
CN110149354A (en) A kind of encryption and authentication method and device based on https agreement
WO2017083961A1 (en) Coordinator managed payments
CN202696901U (en) Mobile terminal identity authentication system based on digital certificate
Wrona et al. Mobile payments—state of the art and open problems
JP2013187698A (en) Secret information transmission method and system for transmitting different pieces of secret information from terminal to each company server
CN105160531B (en) Transaction data processing method and processing device
WO2023160667A1 (en) Security authentication method, apparatus and system for digital currency transaction
US8819431B2 (en) Methods and device for electronic entities for the exchange and use of rights
CN114549206A (en) Transaction anti-repudiation method, system, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11859046

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11859046

Country of ref document: EP

Kind code of ref document: A1