WO2013023499A1 - Mobile phone payment security control method and system - Google Patents

Mobile phone payment security control method and system Download PDF

Info

Publication number
WO2013023499A1
WO2013023499A1 PCT/CN2012/078151 CN2012078151W WO2013023499A1 WO 2013023499 A1 WO2013023499 A1 WO 2013023499A1 CN 2012078151 W CN2012078151 W CN 2012078151W WO 2013023499 A1 WO2013023499 A1 WO 2013023499A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile phone
data
security token
payment
security
Prior art date
Application number
PCT/CN2012/078151
Other languages
French (fr)
Chinese (zh)
Inventor
罗攀峰
韩英彬
霍国杰
Original Assignee
广州广电运通金融电子股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 广州广电运通金融电子股份有限公司 filed Critical 广州广电运通金融电子股份有限公司
Publication of WO2013023499A1 publication Critical patent/WO2013023499A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3226Use of secure elements separate from M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3215Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a plurality of channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to the field of financial technology, and in particular, to a mobile phone payment security control method and system.
  • Mobile payment also known as mobile payment, is a way for mobile users to use their mobile terminals (usually mobile phones) to pay for goods or services they consume.
  • mobile terminals usually mobile phones
  • domestic commercial banks have opened their own mobile banking in some areas, providing convenient personalized financial services and fast payment channels for mobile phone users.
  • the overall security status of mobile payment is not satisfactory. How to ensure the security of mobile payment has become the focus of attention of users and banks.
  • the related parties of mobile payment mainly include: acquirer system, mobile billing system, mobile banking and shopping website.
  • acquirer system refers to the settlement unit or enterprise that collects the purchase price from major banks and UnionPay systems
  • the mobile phone billing system is the mobile phone holder that supports mobile payment, and belongs to the entity of the issuer
  • mobile banking is one of the trading platforms.
  • the transaction process is as follows: (1) trading platform access authentication; (2) the merchant or website inputs a specific collection amount according to the purchased goods; (3) the customer uses the mobile phone to the trading platform Import their identity information; (4) The trading platform submits the merchant and customer information to the bank back office for corresponding settlement.
  • the security protection method for mobile payment is: The payment account is bound to the mobile phone, and the static password and the dynamic password based on the short message are used for identity authentication.
  • the existing mobile payment authentication method has the following disadvantages: When paying by mobile phone, the payment account and the mobile phone must be bound, if the mobile phone is accidentally lost, and the payment password set by the user is too
  • the embodiment of the invention provides a mobile phone payment security control method and system, which can reduce the risk of fraudulent use of the user identity, the transaction information being tombed and the account funds being stolen, and improve the security of the mobile payment.
  • the mobile phone imports user payment data, and transmits the user payment data to the security token through a voice channel.
  • the security token invokes a built-in encryption algorithm and key data, performs encryption processing on the user payment data, and returns the encrypted user payment data and corresponding digital signature information to the mobile phone.
  • the mobile phone transmits the encrypted user payment data and the corresponding digital signature information to the transaction platform.
  • the security token is a 25mm earphone plug or a 35mm earphone plug conforming to the YD/T 1538-2006 5.1.2.6 specification, and is connected to the voice interface of the mobile phone.
  • a protocol converter, a micro control unit and a memory are disposed on the security token;
  • the protocol converter is configured to perform analog-to-digital conversion on data transmitted by the mobile phone, filter out the sound signal, and transmit the signal to the micro control unit for authentication or encryption processing;
  • the protocol converter is further configured to perform digital-to-analog conversion on the authenticated or encrypted data, generate a voice signal, and transmit the voice signal to the mobile phone through the voice channel;
  • the memory includes a transaction data storage area, a program storage area, and a key storage area that can only be read and written, and is used to store transaction data, encryption algorithms, and key data, respectively.
  • the mobile payment system provided by the embodiment of the invention includes a mobile phone, a security token and an online banking server;
  • the mobile phone is used to log in to the transaction platform to establish a communication connection with the online banking server; and the mobile phone has a voice interface for accessing the security token;
  • the mobile phone is further configured to send the authentication information and the user payment data to the security token;
  • the security token stores an encryption algorithm and key data, and is used to authenticate the authentication information sent by the mobile phone, to the mobile phone Sending user payment data for encryption processing, and returning the encrypted user payment data and corresponding digital signature information to the mobile phone;
  • the mobile phone transmits the encrypted user payment data and the corresponding digital signature information to the online banking server.
  • the security token includes a headphone plug, a switch, a protocol converter, a micro control unit, a memory, and a power source;
  • the earphone plug is connected to a voice interface of the mobile phone
  • the switch is disposed at the earphone plug, and when the earphone plug is connected to the mobile phone, the switch is turned on, and the power is turned on;
  • the protocol converter is respectively connected to the earphone plug and the micro control unit for converting data and filtering out the sound signal;
  • the memory is connected to the micro control unit for storing an encryption algorithm and key data; the micro control unit receives data of the mobile phone through a voice channel, and reads an encryption algorithm and key data from the memory. And performing encryption authentication processing on the data.
  • the encryption algorithm and the key data are stored in the security token.
  • the mobile phone and the security token establish communication through the voice channel, and the mobile phone payment data needs to be authenticated and encrypted through the security token, thereby reducing the user identity.
  • the voice interface is a universal interface of the mobile phone, and the security token is connected to the mobile phone through the voice channel, which is highly versatile.
  • FIG. 3 1 is a schematic flowchart of a mobile phone payment security control method according to Embodiment 1 of the present invention
  • FIG. 2 is a schematic structural diagram of a mobile phone payment system according to Embodiment 2 of the present invention
  • FIG. 3 is a schematic structural diagram of a security token according to Embodiment 3 of the present invention.
  • FIG. 4 is a schematic diagram of an interface of a mobile phone and a security token according to Embodiment 4 of the present invention
  • FIG. 5 is a schematic diagram of a workflow of a mobile payment system according to Embodiment 5 of the present invention.
  • FIG. 1 it is a schematic flowchart of a mobile phone payment security control method according to Embodiment 1 of the present invention. The method includes the following steps:
  • the transaction platform corresponds to an online banking server; when the mobile phone logs into the trading platform, a communication connection is established with the online banking server.
  • the mobile phone imports the user payment data, and transmits the user payment data to the security token through the voice channel;
  • the security token invokes the built-in encryption algorithm and key data, encrypts the user payment data, and returns the encrypted user payment data and the corresponding digital signature information to the mobile phone;
  • the mobile phone transmits the encrypted user data and the corresponding digital signature information to the transaction platform.
  • step S1 the transaction platform and the security token use the RSA security protocol for mutual authentication, including:
  • the mobile phone login trading platform obtains the authentication information, and transmits the authentication information to the security token;
  • the authentication information includes a random number, and the random number is encrypted by the public key and then encrypted by the public key
  • the security token reads the random number from the authentication information, and calls the built-in HASH algorithm to calculate the random number, and obtains a digital summary of the random number;
  • the security token reads the ciphertext from the authentication information, and decrypts the ciphertext by using the built-in private key; compares the decrypted data with the digital digest, and if the two are the same, the transaction platform is determined to be legal; otherwise, the S16 is executed. ;
  • the security token performs HASH calculation on the random number and the authentication parameter, and then encrypts the data calculated by the HASH with the private key, and returns the encrypted data to the mobile phone, and the mobile phone transmits the data to the transaction platform;
  • the transaction platform decrypts the data returned by the security token with the public key, compares the decrypted data with the corresponding HASH information, and if the same, determines that the security token is legal; otherwise, executing S16;
  • the user payment data includes account information, password information, and transaction information.
  • the security token encrypts the user payment data using a TLS, SSL or RSA encryption algorithm.
  • the security token uses a 25mm headphone plug or a 35mm headphone plug that conforms to the YD/T 1538-2006 5.1.2.6 specification to access the voice interface of the handset.
  • a protocol converter, a micro control unit and a memory are arranged on the security token; the protocol converter is used for inputting analog-to-digital conversion of the data transmitted by the mobile phone, filtering out the sound signal, and transmitting the signal to the micro control unit for authentication or encryption processing; The converter is also used for digital-to-analog conversion of the authenticated or encrypted data to generate a voice signal, which is then transmitted to the mobile phone through the voice channel.
  • the memory includes a transaction data storage area, a program storage area, and a key storage area that can only be read and written, and is used to store transaction data, encryption algorithms, and key data, respectively.
  • the mobile phone payment security control method provided by the embodiment of the invention can be applied to a mobile phone payment system, which can reduce the risk of fraudulent use of the user identity, transaction information being tombed and account funds stolen, and improve the security of mobile payment.
  • FIG. 2 is a schematic structural diagram of a mobile payment system according to Embodiment 2 of the present invention.
  • the mobile payment security protection device provided in this embodiment includes: a mobile phone 10, a security token 20, and an online banking server 30. Among them, the mobile phone 10 is used to log in to the trading platform, and the online banking service
  • the server 30 establishes a communication connection; and the mobile phone 10 has a voice interface 11 for accessing the security token 20.
  • the mobile phone 10 is further configured to send the authentication information and the user payment data to the security token 20;
  • the security token 20 stores an encryption algorithm and key data for authenticating the authentication information sent by the mobile phone 10, encrypting the user payment data sent by the mobile phone 10, and encrypting the processed user payment data and corresponding numbers.
  • the signature information is returned to the mobile phone 10;
  • the mobile phone 10 transmits the encrypted user payment data and the corresponding digital signature information to the online banking server 30.
  • the security token 20 includes a headphone plug 21, a switch 22, a protocol converter 23, a micro control unit 24, a memory 25, and a power source 26;
  • the earphone plug 21 is connected with the voice interface 11 of the mobile phone 10 to establish a voice channel;
  • the power source 26 uses a +5V button electronic battery
  • the switch 22 is disposed at the earphone plug 21, and when the earphone plug 21 is connected to the mobile phone 10, the switch 22 is turned on, and the power is turned on;
  • the protocol converter 23 is respectively connected to the earphone plug 21 and the micro control unit 24 for converting data and filtering out the sound signal;
  • the memory 25 is connected to the micro control unit 24 for storing the encryption algorithm and the key data.
  • the micro control unit 24 receives the data of the mobile phone through the voice channel, and reads the encryption algorithm and the key data from the memory 25 to encrypt and authenticate the data. deal with.
  • the memory 25 of the security token is a flash memory, including a transaction data storage area, a program storage area, and a key storage area that can only be read and written.
  • the transaction data storage area is used for storing transaction data of the mobile phone payment;
  • the program storage area is used for storing the processing procedure of the bank authentication protocol (ie, the encryption algorithm);
  • the key storage area is for storing the key data.
  • FIG. 3 is a schematic structural diagram of a security token according to Embodiment 3 of the present invention.
  • the earphone plug 21 of the security token 20 includes a data input terminal I and a data output terminal 0;
  • the protocol converter 23 includes an analog to digital converter and a digital to analog converter.
  • the data input terminal I is connected to the analog to digital converter, and the data output terminal 0 is connected to the digital to analog converter.
  • the voice interface of the mobile phone is a 25mm headphone channel interface or a 35mm headphone channel interface conforming to the YD/T 1538-2006 5.1.2.6 specification.
  • FIG. 4 is a schematic diagram of an interface between a mobile phone and a security token according to Embodiment 4 of the present invention.
  • the voice interface 11 of the mobile phone includes a left channel 1, a right channel 2, a GND return line 3, a receiver MIC port 4, and a receiver MIC port 5.
  • the voice interface 11 of the mobile phone is connected to the earphone plug 21 of the security token, the left channel 1 and the right channel 2 are both connected to the data input terminal I of the security token; the MIC port 4 of the receiver and the MIC port 5 of the receiver are both secure.
  • the data output 0 of the token is connected.
  • the security token supports hot plugging technology.
  • the switch is turned on, the system starts to supply power, all devices start to work, the micro control unit MCU loads the program from the flash memory, and reads the key data. .
  • the data that needs to be authenticated and encrypted is transmitted to the security token.
  • the security token receives the authentication information data transmitted from the headphone channel, the analog-to-digital converter converts and filters the data to shield the sound data.
  • the carrier frequency of the authentication information data is much higher than the sound frequency, so the filtering technique can be used to filter out the sound.
  • the MCU of the security token encrypts the received data information, and authenticates the data according to the key in the FLASH memory. If the authentication passes, the encrypted digital signature information is returned, and the related transaction information is stored in the flash. In memory.
  • the MCU of the security token transmits the encrypted and processed data to the digital-to-analog converter, converts it into a voice signal, and sends it to the mobile phone through the voice channel, and then sends it to the mobile banking server for authentication.
  • FIG. 5 is a schematic diagram showing the workflow of a mobile payment system according to Embodiment 5 of the present invention.
  • the workflow of the mobile payment system is as follows:
  • the mobile phone login trading platform establishes a communication connection with the online banking server;
  • the mobile phone obtains a security certificate of the trading platform
  • the security token authenticates the security certificate according to the built-in encryption algorithm and key data; this step is a two-way authentication process of the security token and the transaction platform;
  • 5105 Determine whether the two-way authentication is passed; if yes, execute S106; otherwise, execute S108; S106, start a secure transaction platform;
  • the secure trading platform requires a security token to authenticate and encrypt mobile payment related data to improve mobile payment security
  • the mobile phone imports user payment data, and transmits the user payment data to a security token
  • the general trading platform refers to the mobile payment transaction according to the traditional method, and does not require a security token to authenticate and encrypt the data;
  • the security token invokes the built-in encryption algorithm and key data, encrypts the user payment data, and returns the encrypted user payment data and the corresponding digital signature information to the mobile phone;
  • the mobile phone submits the encrypted user data and the corresponding digital signature information to the online banking server;
  • the online banking server feeds back the transaction result to the mobile phone.
  • the mobile phone payment security control method and system provided by the embodiments of the present invention store the encryption algorithm and the key data in the security token.
  • the mobile phone and the security token establish communication through the voice channel, and need to pass the security token pair.
  • Mobile payment data is authenticated and encrypted, thereby reducing
  • the low user identity is fraudulently used, the transaction information is being altered by the tomb and the account funds are stolen.
  • the voice interface is a universal interface of the mobile phone, and the security token is connected to the mobile phone through the voice channel, which is highly versatile.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephone Function (AREA)

Abstract

A mobile phone payment security control method and system. The method includes: logging onto a transaction platform via a mobile phone and accessing a security token via the voice channel of the mobile phone; the transaction platform and the security token performing bidirectional authentication; after the bidirectional authentication is passed, the mobile phone importing user payment data, and transmitting the user payment data to the security token via the voice channel; the security token invoking an encryption algorithm and key data embedded therein, encrypting the user payment data, and returning to the mobile phone the encrypted user payment data and the corresponding digital signature information; and the mobile phone transmitting to the transaction platform the encrypted user payment data and the corresponding digital signature information. Applying the embodiments of the present invention can reduce the risks that the user identity is forged, the transaction information is tampered and the account fund is stolen, improving the security of mobile phone payment.

Description

手机支付安全控制方法及系统  Mobile payment security control method and system
本申请要求于 2011 年 08 月 17 日提交中国专利局、 申请号为 201110235656.8、发明名称为"手机支付安全控制方法及系统"的中国专利申 请的优先权, 其全部内容通过引用结合在本申请中。  The present application claims priority to Chinese Patent Application No. 201110235656.8, entitled "Mobile Payment Security Control Method and System", filed on August 17, 2011, the entire contents of which is incorporated herein by reference. .
技术领域 Technical field
本发明涉及金融技术领域, 尤其涉及一种手机支付安全控制方法及系 统。  The present invention relates to the field of financial technology, and in particular, to a mobile phone payment security control method and system.
背景技术 Background technique
手机支付也称为移动支付( Mobile Payment ), 是移动用户使用其移动 终端(通常是手机)对所消费的商品或服务进行账务支付的一种服务方式。 国内各商业银行先后在一些地区开通了自己的手机银行, 为移动手机用户 提供方便的个性化金融服务和快捷的支付渠道。 但是, 手机支付的总体安 全状况并不能令人满意, 如何确保手机支付安全, 成为了用户和银行的关 注焦点。  Mobile payment, also known as mobile payment, is a way for mobile users to use their mobile terminals (usually mobile phones) to pay for goods or services they consume. Domestic commercial banks have opened their own mobile banking in some areas, providing convenient personalized financial services and fast payment channels for mobile phone users. However, the overall security status of mobile payment is not satisfactory. How to ensure the security of mobile payment has become the focus of attention of users and banks.
手机支付的关联方主要包括: 收单方系统、 手机发单系统、 手机银行 和购物网站。 其中, 收单方系统是指各大银行、 银联系统等收集货款的结 算单位或者企业; 手机发单系统是支持手机支付的手机持有人, 属于发单 方的实体; 手机银行是交易平台之一。  The related parties of mobile payment mainly include: acquirer system, mobile billing system, mobile banking and shopping website. Among them, the acquirer system refers to the settlement unit or enterprise that collects the purchase price from major banks and UnionPay systems; the mobile phone billing system is the mobile phone holder that supports mobile payment, and belongs to the entity of the issuer; mobile banking is one of the trading platforms.
用户使用手机支付时, 其交易流程如下: (1 )交易平台接入认证; ( 2 ) 商家或者网站根据购买的货物, 向交易平台输入具体的收款金额; (3 )顾 客通过手机向交易平台导入其身份信息; (4 ) 交易平台将商家和客户信息 提交到银行后台, 进行对应的结算。 目前, 用于手机支付的安全保护方法 是: 支付账户和手机进行绑定, 采用静态密码和基于短信的动态密码进行 身份认证。  When a user pays by mobile phone, the transaction process is as follows: (1) trading platform access authentication; (2) the merchant or website inputs a specific collection amount according to the purchased goods; (3) the customer uses the mobile phone to the trading platform Import their identity information; (4) The trading platform submits the merchant and customer information to the bank back office for corresponding settlement. Currently, the security protection method for mobile payment is: The payment account is bound to the mobile phone, and the static password and the dynamic password based on the short message are used for identity authentication.
现有的手机支付认证方法存在如下缺点: 使用手机支付时, 支付账户 和手机必须进行绑定, 如果手机不慎丟失, 而用户设置的支付密码又过于  The existing mobile payment authentication method has the following disadvantages: When paying by mobile phone, the payment account and the mobile phone must be bound, if the mobile phone is accidentally lost, and the payment password set by the user is too
1 筒单, 会很容易被他人盗用账户。 而且, 当前手机病毒已能通过监听键盘 记录、 拦截墓改网络数据包来窃取用户支付账户密码, 或者非法墓改交易 信息, 甚至可以通过模拟按键达到恶意消费或转账的目的。 1 The order will be easily stolen by others. Moreover, the current mobile phone virus has been able to steal the user's payment account password by intercepting the keyboard record, intercepting the tomb-changing network data packet, or illegally changing the transaction information, and even can achieve the purpose of malicious consumption or transfer through the analog button.
发明内容 Summary of the invention
本发明实施例提出一种手机支付安全控制方法及系统, 能够降低用户 身份被冒用、 交易信息被墓改和账户资金被盗的风险, 提高手机支付的安 全性。  The embodiment of the invention provides a mobile phone payment security control method and system, which can reduce the risk of fraudulent use of the user identity, the transaction information being tombed and the account funds being stolen, and improve the security of the mobile payment.
本发明实施例提供的手机支付安全控制方法, 包括:  The mobile phone payment security control method provided by the embodiment of the invention includes:
Sl、 通过手机登陆交易平台, 且所述手机的语音通道接入安全令牌; 所述交易平台和所述安全令牌进行双向认证;  Sl, logging in to the trading platform through the mobile phone, and the voice channel of the mobile phone accesses the security token; the transaction platform and the security token perform mutual authentication;
52、 双向认证通过后, 所述手机导入用户支付数据, 并通过语音通道 将所述用户支付数据传送至所述安全令牌;  After the two-way authentication is passed, the mobile phone imports user payment data, and transmits the user payment data to the security token through a voice channel.
53、 所述安全令牌调用内置的加密算法和密钥数据, 对所述用户支付 数据进行加密处理, 将加密处理后的用户支付数据及相应的数字签名信息 返回所述手机;  53. The security token invokes a built-in encryption algorithm and key data, performs encryption processing on the user payment data, and returns the encrypted user payment data and corresponding digital signature information to the mobile phone.
54、 所述手机将加密处理后的用户支付数据及相应的数字签名信息传 送至交易平台。  54. The mobile phone transmits the encrypted user payment data and the corresponding digital signature information to the transaction platform.
其中,所述安全令牌采用符合 YD/T 1538-2006 5.1.2.6规范的 25mm耳 机插头或 35mm耳机插头, 接入所述手机的语音接口。  The security token is a 25mm earphone plug or a 35mm earphone plug conforming to the YD/T 1538-2006 5.1.2.6 specification, and is connected to the voice interface of the mobile phone.
进一步的, 在所述安全令牌上设置有协议转换器、 微控制单元和存储 器;  Further, a protocol converter, a micro control unit and a memory are disposed on the security token;
所述协议转换器用于对手机传送过来的数据进模数转换, 滤除声音信 号, 再传送给所述微控制单元进行认证或加密处理;  The protocol converter is configured to perform analog-to-digital conversion on data transmitted by the mobile phone, filter out the sound signal, and transmit the signal to the micro control unit for authentication or encryption processing;
所述协议转换器还用于对认证或加密处理后的数据进数模转换, 生成 语音信号, 再通过语音通道传送至手机;  The protocol converter is further configured to perform digital-to-analog conversion on the authenticated or encrypted data, generate a voice signal, and transmit the voice signal to the mobile phone through the voice channel;
所述存储器包括交易数据存储区、 程序存储区和只能读不能写的密钥 存储区, 分别用于保存交易数据、 加密算法和密钥数据。  The memory includes a transaction data storage area, a program storage area, and a key storage area that can only be read and written, and is used to store transaction data, encryption algorithms, and key data, respectively.
2 相应地, 本发明实施例提供的手机支付系统, 包括手机、 安全令牌和 网上银行服务器; 2 Correspondingly, the mobile payment system provided by the embodiment of the invention includes a mobile phone, a security token and an online banking server;
所述手机用于登陆交易平台, 与所述网上银行服务器建立通信连接; 且所述手机具有语音接口, 用于接入所述安全令牌;  The mobile phone is used to log in to the transaction platform to establish a communication connection with the online banking server; and the mobile phone has a voice interface for accessing the security token;
所述手机还用于将认证信息和用户支付数据发送给安全令牌; 所述安全令牌存储有加密算法和密钥数据, 用于对所述手机发送的认 证信息进行认证, 对所述手机发送的用户支付数据进行加密处理, 并将加 密处理后的用户支付数据及相应的数字签名信息返回所述手机;  The mobile phone is further configured to send the authentication information and the user payment data to the security token; the security token stores an encryption algorithm and key data, and is used to authenticate the authentication information sent by the mobile phone, to the mobile phone Sending user payment data for encryption processing, and returning the encrypted user payment data and corresponding digital signature information to the mobile phone;
所述手机将加密处理后的用户支付数据及相应的数字签名信息传送至 所述网上银行服务器。  The mobile phone transmits the encrypted user payment data and the corresponding digital signature information to the online banking server.
进一步的, 所述安全令牌包括耳机插头、 开关、 协议转换器、 微控制 单元、 存储器和电源;  Further, the security token includes a headphone plug, a switch, a protocol converter, a micro control unit, a memory, and a power source;
所述耳机插头与所述手机的语音接口连接;  The earphone plug is connected to a voice interface of the mobile phone;
所述开关设置在所述耳机插头处, 当所述耳机插头接入手机时, 开关 打开, 接通电源;  The switch is disposed at the earphone plug, and when the earphone plug is connected to the mobile phone, the switch is turned on, and the power is turned on;
所述协议转换器分别与所述耳机插头、 微控制单元相连接, 用于对数 据进行转换, 并滤除声音信号;  The protocol converter is respectively connected to the earphone plug and the micro control unit for converting data and filtering out the sound signal;
所述存储器与所述微控制单元连接, 用于存储加密算法和密钥数据; 所述微控制单元通过语音通道接收所述手机的数据, 并从所述存储器 中读取加密算法和密钥数据, 对所述数据进行加密认证处理。  The memory is connected to the micro control unit for storing an encryption algorithm and key data; the micro control unit receives data of the mobile phone through a voice channel, and reads an encryption algorithm and key data from the memory. And performing encryption authentication processing on the data.
本发明实施例提供的手机支付安全控制方法及系统, 具有如下有益效 果:  The mobile phone payment security control method and system provided by the embodiments of the present invention have the following beneficial effects:
在安全令牌中存储加密算法和密钥数据; 当使用手机支付时,手机与 安全令牌通过语音通道建立通信, 需要通过安全令牌对手机支付数据进行 认证、 加密, 从而降低用户身份被冒用、 交易信息被墓改和账户资金被盗 的风险。 而且, 语音接口是手机的通用接口, 安全令牌通过语音通道接入 手机, 通用性强。  The encryption algorithm and the key data are stored in the security token. When the mobile phone uses the mobile phone to pay, the mobile phone and the security token establish communication through the voice channel, and the mobile phone payment data needs to be authenticated and encrypted through the security token, thereby reducing the user identity. The risk of using the transaction information to be altered by the tomb and the account funds being stolen. Moreover, the voice interface is a universal interface of the mobile phone, and the security token is connected to the mobile phone through the voice channel, which is highly versatile.
附图说明 DRAWINGS
3 图 1是本发明实施例一提供的手机支付安全控制方法的流程示意图; 图 2是本发明实施例二提供的手机支付系统的结构示意图; 3 1 is a schematic flowchart of a mobile phone payment security control method according to Embodiment 1 of the present invention; FIG. 2 is a schematic structural diagram of a mobile phone payment system according to Embodiment 2 of the present invention;
图 3是本发明实施例三提供的安全令牌的结构示意图;  3 is a schematic structural diagram of a security token according to Embodiment 3 of the present invention;
图 4是本发明实施例四提供的手机和安全令牌的接口示意图; 图 5是本发明实施例五提供的手机支付系统的工作流程示意图。  4 is a schematic diagram of an interface of a mobile phone and a security token according to Embodiment 4 of the present invention; and FIG. 5 is a schematic diagram of a workflow of a mobile payment system according to Embodiment 5 of the present invention.
具体实施方式 detailed description
下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进 行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是全部的实施例。 基于本发明中的实施例, 本领域普通技术人员在没 有作出创造性劳动前提下所获得的所有其他实施例, 都属于本发明保护的 范围。  The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
参见图 1 , 是本发明实施例一提供的手机支付安全控制方法的流程示 意图, 该方法包括以下步骤:  Referring to FIG. 1 , it is a schematic flowchart of a mobile phone payment security control method according to Embodiment 1 of the present invention. The method includes the following steps:
Sl、 通过手机登陆交易平台, 且所述手机的语音通道接入安全令牌; 交易平台和安全令牌进行双向认证;  Sl, login to the trading platform through the mobile phone, and the voice channel of the mobile phone accesses the security token; the transaction platform and the security token perform two-way authentication;
其中,所述交易平台对应于网上银行服务器; 当手机登陆交易平台后, 即与网上银行服务器建立通信连接。  The transaction platform corresponds to an online banking server; when the mobile phone logs into the trading platform, a communication connection is established with the online banking server.
52、 双向认证通过后, 手机导入用户支付数据, 并通过语音通道将用 户支付数据传送至安全令牌;  52. After the two-way authentication is passed, the mobile phone imports the user payment data, and transmits the user payment data to the security token through the voice channel;
53、 安全令牌调用内置的加密算法和密钥数据, 对用户支付数据进行 加密处理,将加密处理后的用户支付数据及相应的数字签名信息返回手机; 53. The security token invokes the built-in encryption algorithm and key data, encrypts the user payment data, and returns the encrypted user payment data and the corresponding digital signature information to the mobile phone;
54、 手机将加密处理后的用户支付数据及相应的数字签名信息传送至 交易平台。 54. The mobile phone transmits the encrypted user data and the corresponding digital signature information to the transaction platform.
具体的, 在步骤 S1中, 交易平台和安全令牌采用 RSA安全协议进行 双向认证, 包括:  Specifically, in step S1, the transaction platform and the security token use the RSA security protocol for mutual authentication, including:
Sll、手机登陆交易平台,获取认证信息,将认证信息传送至安全令牌; 认证信息包含一个随机数, 以及该随机数经过 HASH计算后再由公钥加密  Sll, the mobile phone login trading platform, obtains the authentication information, and transmits the authentication information to the security token; the authentication information includes a random number, and the random number is encrypted by the public key and then encrypted by the public key
4 而获得的密文; 4 Obtained ciphertext;
512、 安全令牌从认证信息中读取随机数, 调用内置的 HASH算法对 随机数进行计算, 获得随机数的数字摘要;  512. The security token reads the random number from the authentication information, and calls the built-in HASH algorithm to calculate the random number, and obtains a digital summary of the random number;
513、安全令牌从认证信息中读取密文,调用内置的私钥对密文进行解 密; 将解密获得的数据与数字摘要进行比较, 若两者相同, 则判定交易平 台合法; 否则执行 S16;  513. The security token reads the ciphertext from the authentication information, and decrypts the ciphertext by using the built-in private key; compares the decrypted data with the digital digest, and if the two are the same, the transaction platform is determined to be legal; otherwise, the S16 is executed. ;
514、 安全令牌对随机数和认证参数进行 HASH 计算, 再用私钥对 HASH计算后的数据进行加密, 并将加密后的数据返回手机, 由手机传送 至交易平台;  514. The security token performs HASH calculation on the random number and the authentication parameter, and then encrypts the data calculated by the HASH with the private key, and returns the encrypted data to the mobile phone, and the mobile phone transmits the data to the transaction platform;
S15、交易平台用公钥对安全令牌返回的数据进行解密,将解密后的数 据与相应的 HASH信息进行比较, 若相同, 则判定安全令牌合法; 否则执 行 S16;  S15. The transaction platform decrypts the data returned by the security token with the public key, compares the decrypted data with the corresponding HASH information, and if the same, determines that the security token is legal; otherwise, executing S16;
S16、 终止手机支付业务。  S16. Terminate the mobile payment service.
其中, 用户支付数据包括账户信息、 密码信息和交易信息。 在步骤 S3 中, 安全令牌采用 TLS、 SSL或 RSA加密算法对用户支付数据进行加密。  The user payment data includes account information, password information, and transaction information. In step S3, the security token encrypts the user payment data using a TLS, SSL or RSA encryption algorithm.
更为具体的, 安全令牌采用符合 YD/T 1538-2006 5.1.2.6规范的 25mm 耳机插头或 35mm耳机插头, 接入所述手机的语音接口。  More specifically, the security token uses a 25mm headphone plug or a 35mm headphone plug that conforms to the YD/T 1538-2006 5.1.2.6 specification to access the voice interface of the handset.
在安全令牌上设置有协议转换器、 微控制单元和存储器; 协议转换器 用于对手机传送过来的数据进模数转换, 滤除声音信号, 再传送给微控制 单元进行认证或加密处理; 协议转换器还用于对认证或加密处理后的数据 进数模转换, 生成语音信号, 再通过语音通道传送至手机。  A protocol converter, a micro control unit and a memory are arranged on the security token; the protocol converter is used for inputting analog-to-digital conversion of the data transmitted by the mobile phone, filtering out the sound signal, and transmitting the signal to the micro control unit for authentication or encryption processing; The converter is also used for digital-to-analog conversion of the authenticated or encrypted data to generate a voice signal, which is then transmitted to the mobile phone through the voice channel.
存储器包括交易数据存储区、 程序存储区和只能读不能写的密钥存储 区, 分别用于保存交易数据、 加密算法和密钥数据。  The memory includes a transaction data storage area, a program storage area, and a key storage area that can only be read and written, and is used to store transaction data, encryption algorithms, and key data, respectively.
本发明实施例提供的手机支付安全控制方法可应用于手机支付系统 中, 能够降低用户身份被冒用、 交易信息被墓改和账户资金被盗的风险, 提高手机支付的安全性。  The mobile phone payment security control method provided by the embodiment of the invention can be applied to a mobile phone payment system, which can reduce the risk of fraudulent use of the user identity, transaction information being tombed and account funds stolen, and improve the security of mobile payment.
参见图 2, 是本发明实施例二提供的手机支付系统的结构示意图。 本实施例提供的手机支付安全保护装置包括: 手机 10、 安全令牌 20 和网上银行服务器 30。 其中, 手机 10用于登陆交易平台, 与网上银行服  FIG. 2 is a schematic structural diagram of a mobile payment system according to Embodiment 2 of the present invention. The mobile payment security protection device provided in this embodiment includes: a mobile phone 10, a security token 20, and an online banking server 30. Among them, the mobile phone 10 is used to log in to the trading platform, and the online banking service
5 务器 30建立通信连接;且手机 10具有语音接口 11 ,用于接入安全令牌 20。 手机 10还用于将认证信息和用户支付数据发送给安全令牌 20; 5 The server 30 establishes a communication connection; and the mobile phone 10 has a voice interface 11 for accessing the security token 20. The mobile phone 10 is further configured to send the authentication information and the user payment data to the security token 20;
安全令牌 20存储有加密算法和密钥数据, 用于对手机 10发送的认证 信息进行认证,对手机 10发送的用户支付数据进行加密处理, 并将加密处 理后的用户支付数据及相应的数字签名信息返回手机 10;  The security token 20 stores an encryption algorithm and key data for authenticating the authentication information sent by the mobile phone 10, encrypting the user payment data sent by the mobile phone 10, and encrypting the processed user payment data and corresponding numbers. The signature information is returned to the mobile phone 10;
手机 10 将加密处理后的用户支付数据及相应的数字签名信息传送至 网上银行服务器 30。  The mobile phone 10 transmits the encrypted user payment data and the corresponding digital signature information to the online banking server 30.
具体的, 如图 2所示, 安全令牌 20包括耳机插头 21、 开关 22、 协议 转换器 23、 微控制单元 24、 存储器 25和电源 26; 如下:  Specifically, as shown in FIG. 2, the security token 20 includes a headphone plug 21, a switch 22, a protocol converter 23, a micro control unit 24, a memory 25, and a power source 26;
耳机插头 21与手机 10的语音接口 11连接, 建立语音通道;  The earphone plug 21 is connected with the voice interface 11 of the mobile phone 10 to establish a voice channel;
优选的, 电源 26采用 +5V的钮扣电子电池;  Preferably, the power source 26 uses a +5V button electronic battery;
开关 22设置在耳机插头 21处, 当耳机插头 21接入手机 10时, 开关 22打开, 接通电源;  The switch 22 is disposed at the earphone plug 21, and when the earphone plug 21 is connected to the mobile phone 10, the switch 22 is turned on, and the power is turned on;
协议转换器 23分别与耳机插头 21、 微控制单元 24相连接, 用于对数 据进行转换, 并滤除声音信号;  The protocol converter 23 is respectively connected to the earphone plug 21 and the micro control unit 24 for converting data and filtering out the sound signal;
存储器 25与微控制单元 24连接, 用于存储加密算法和密钥数据; 微控制单元 24通过语音通道接收手机的数据, 并从存储器 25中读取 加密算法和密钥数据, 对数据进行加密认证处理。  The memory 25 is connected to the micro control unit 24 for storing the encryption algorithm and the key data. The micro control unit 24 receives the data of the mobile phone through the voice channel, and reads the encryption algorithm and the key data from the memory 25 to encrypt and authenticate the data. deal with.
优选的, 安全令牌的存储器 25为 flash存储器, 包括交易数据存储区、 程序存储区和只能读不能写的密钥存储区。 其中, 交易数据存储区用于存 储手机支付的交易数据;程序存储区用于存储银行认证协议的处理程序(即 加密算法); 密钥存储区用于存储密钥数据。  Preferably, the memory 25 of the security token is a flash memory, including a transaction data storage area, a program storage area, and a key storage area that can only be read and written. The transaction data storage area is used for storing transaction data of the mobile phone payment; the program storage area is used for storing the processing procedure of the bank authentication protocol (ie, the encryption algorithm); and the key storage area is for storing the key data.
参见图 3, 是本发明实施例三提供的安全令牌的结构示意图。  FIG. 3 is a schematic structural diagram of a security token according to Embodiment 3 of the present invention.
更为具体的, 安全令牌 20的耳机插头 21包括数据输入端 I和数据输 出端 0; 协议转换器 23包括模数转换器和数模转换器。 其中, 数据输入端 I与模数转换器连接, 数据输出端 0与数模转换器连接。  More specifically, the earphone plug 21 of the security token 20 includes a data input terminal I and a data output terminal 0; the protocol converter 23 includes an analog to digital converter and a digital to analog converter. The data input terminal I is connected to the analog to digital converter, and the data output terminal 0 is connected to the digital to analog converter.
优选的, 手机的语音接口是符合 YD/T 1538-2006 5.1.2.6规范的 25mm 耳机通道接口或 35mm耳机通道接口。  Preferably, the voice interface of the mobile phone is a 25mm headphone channel interface or a 35mm headphone channel interface conforming to the YD/T 1538-2006 5.1.2.6 specification.
参见图 4, 是本发明实施例四提供的手机和安全令牌的接口示意图。  FIG. 4 is a schematic diagram of an interface between a mobile phone and a security token according to Embodiment 4 of the present invention.
6 手机的语音接口 11 包括左声道 1、 右声道 2、 GND回线 3、 受话器 MIC口 4和受话器 MIC口 5。 当手机的语音接口 11接入安全令牌的耳机 插头 21后, 左声道 1、 右声道 2均与安全令牌的数据输入端 I连接; 受话 器 MIC口 4、 受话器 MIC口 5均与安全令牌的数据输出端 0连接。 6 The voice interface 11 of the mobile phone includes a left channel 1, a right channel 2, a GND return line 3, a receiver MIC port 4, and a receiver MIC port 5. When the voice interface 11 of the mobile phone is connected to the earphone plug 21 of the security token, the left channel 1 and the right channel 2 are both connected to the data input terminal I of the security token; the MIC port 4 of the receiver and the MIC port 5 of the receiver are both secure. The data output 0 of the token is connected.
本发明提供的安全令牌的工作过程如下:  The working process of the security token provided by the present invention is as follows:
( 1 )、 加电  (1), power up
安全令牌支持热插拔技术, 当安全令牌插入到手机的语音接口后, 开 关打开, 系统开始供电, 所有设备开始工作, 微控制单元 MCU从 flash存 储器中加载程序, 并读取密钥数据。  The security token supports hot plugging technology. When the security token is inserted into the voice interface of the mobile phone, the switch is turned on, the system starts to supply power, all devices start to work, the micro control unit MCU loads the program from the flash memory, and reads the key data. .
( 2 )、 认证信息数据的接收  (2), receiving of authentication information data
手机与安全令牌的通道建立后, 将需要进行认证加密的数据传送至安 全令牌。 安全令牌接收到耳机通道传输过来的认证信息数据后, 模数转换 器对数据进行转换并过滤, 屏蔽声音数据。  After the channel of the mobile phone and the security token is established, the data that needs to be authenticated and encrypted is transmitted to the security token. After the security token receives the authentication information data transmitted from the headphone channel, the analog-to-digital converter converts and filters the data to shield the sound data.
具体实施时, 认证信息数据的载波频率远高于声音频率, 因此可以采 用滤波技术滤除声音。  In the specific implementation, the carrier frequency of the authentication information data is much higher than the sound frequency, so the filtering technique can be used to filter out the sound.
( 3 )、 认证信息数据的处理  (3) Processing of authentication information data
安全令牌的 MCU对接收到的数据信息进行加密处理, 并根据 FLASH 存储器中的密钥对数据进行认证, 若认证通过, 则返回加密后的数字签名 信息, 并将相关的交易信息储存到 flash存储器中。  The MCU of the security token encrypts the received data information, and authenticates the data according to the key in the FLASH memory. If the authentication passes, the encrypted digital signature information is returned, and the related transaction information is stored in the flash. In memory.
( 4 )、 数据发送  (4), data transmission
安全令牌的 MCU将经过加密认证处理后的数据传送到数模转换器, 转换成语音信号, 并通过语音通道发送到手机上, 再由手机发送至手机银 行服务器上进行认证。  The MCU of the security token transmits the encrypted and processed data to the digital-to-analog converter, converts it into a voice signal, and sends it to the mobile phone through the voice channel, and then sends it to the mobile banking server for authentication.
( 5 )、 去电  (5), go to electricity
从手机上拔下安全令牌, 开关断开, 电源将停止供电, MCU安全关闭 系统。  Remove the security token from the phone, the switch is disconnected, the power supply will stop supplying power, and the MCU will safely shut down the system.
本发明实施例在安全令牌中存储有加密算法和密钥数据, 用户使用手 机支付时, 需要通过安全令牌对手机支付数据进行认证、 加密, 从而降低 用户身份被冒用和账户资金被盗的风险, 提高手机支付的安全性。 参见图 5 ,是本发明实施例五提供的手机支付系统的工作流程示意图。 手机支付系统的工作流程如下: In the embodiment of the present invention, the encryption algorithm and the key data are stored in the security token. When the user uses the mobile phone to pay, the user needs to authenticate and encrypt the mobile payment data through the security token, thereby reducing the user identity being fraudulently used and the account funds being stolen. The risk of improving the security of mobile payment. FIG. 5 is a schematic diagram showing the workflow of a mobile payment system according to Embodiment 5 of the present invention. The workflow of the mobile payment system is as follows:
5101、 手机登陆交易平台, 与网上银行服务器建立通信连接;  5101. The mobile phone login trading platform establishes a communication connection with the online banking server;
5102、 手机获取交易平台安全证书;  5102. The mobile phone obtains a security certificate of the trading platform;
S103、 判断手机的语音接口是否接入安全令牌; 若是, 则执行 S104; 否则执行 S108;  S103, determining whether the voice interface of the mobile phone accesses the security token; if yes, executing S104; otherwise, executing S108;
5104、 安全令牌根据内置的加密算法和密钥数据, 对所述安全证书进 行认证; 此步骤为安全令牌与交易平台的双向认证过程;  5104. The security token authenticates the security certificate according to the built-in encryption algorithm and key data; this step is a two-way authentication process of the security token and the transaction platform;
5105、 判断双向认证是否通过; 若是, 则执行 S106; 否则执行 S108; S106、 启动安全交易平台;  5105. Determine whether the two-way authentication is passed; if yes, execute S106; otherwise, execute S108; S106, start a secure transaction platform;
安全交易平台需要安全令牌对手机支付相关数据进行认证和加密, 以 提高手机支付安全性;  The secure trading platform requires a security token to authenticate and encrypt mobile payment related data to improve mobile payment security;
S107、 手机导入用户支付数据, 并将所述用户支付数据传送至安全令 牌;  S107. The mobile phone imports user payment data, and transmits the user payment data to a security token;
S108、 启动通用交易平台;  S108, starting a general trading platform;
通用交易平台是指按照传统方法进行手机支付交易, 不需要安全令牌 对数据进行认证和加密;  The general trading platform refers to the mobile payment transaction according to the traditional method, and does not require a security token to authenticate and encrypt the data;
S109、 判断手机的语音接口是否接入安全令牌; 若是, 则执行 S111 ; 否则执行 S110;  S109. Determine whether the voice interface of the mobile phone is connected to the security token; if yes, execute S111; otherwise, execute S110;
S110、 关闭安全交易平台, 切换到通用交易平台;  S110, closing the secure trading platform, switching to the universal trading platform;
5111、 安全令牌调用内置的加密算法和密钥数据, 对用户支付数据进 行加密处理, 将加密处理后的用户支付数据及相应的数字签名信息返回手 机;  5111. The security token invokes the built-in encryption algorithm and key data, encrypts the user payment data, and returns the encrypted user payment data and the corresponding digital signature information to the mobile phone;
5112、 手机将加密处理后的用户支付数据及相应的数字签名信息提交 给网上银行服务器;  5112. The mobile phone submits the encrypted user data and the corresponding digital signature information to the online banking server;
5113、 网上银行服务器向手机反馈交易结果。  5113. The online banking server feeds back the transaction result to the mobile phone.
本发明实施例提供的手机支付安全控制方法及系统, 在安全令牌中存 储加密算法和密钥数据; 当使用手机支付时, 手机与安全令牌通过语音通 道建立通信, 需要通过安全令牌对手机支付数据进行认证、 加密, 从而降  The mobile phone payment security control method and system provided by the embodiments of the present invention store the encryption algorithm and the key data in the security token. When the mobile phone uses the mobile phone to pay, the mobile phone and the security token establish communication through the voice channel, and need to pass the security token pair. Mobile payment data is authenticated and encrypted, thereby reducing
8 低用户身份被冒用、 交易信息被墓改和账户资金被盗的风险。 而且, 语音 接口是手机的通用接口, 安全令牌通过语音通道接入手机, 通用性强。 8 The low user identity is fraudulently used, the transaction information is being altered by the tomb and the account funds are stolen. Moreover, the voice interface is a universal interface of the mobile phone, and the security token is connected to the mobile phone through the voice channel, which is highly versatile.
以上所述是本发明的优选实施方式, 应当指出, 对于本技术领域的普 通技术人员来说, 在不脱离本发明原理的前提下, 还可以做出若干改进和 润饰, 这些改进和润饰也视为本发明的保护范围。  The above is a preferred embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and retouchings without departing from the principles of the present invention. These improvements and retouchings are also considered. It is the scope of protection of the present invention.
9 9

Claims

1、 一种手机支付安全控制方法, 其特征在于, 包括: A mobile phone payment security control method, characterized in that:
51、 通过手机登陆交易平台, 且所述手机的语音通道接入安全令牌; 所述交易平台和所述安全令牌进行双向认证; 51. Log in to the transaction platform through the mobile phone, and the voice channel of the mobile phone accesses the security token; the transaction platform and the security token perform mutual authentication;
52、 双向认证通过后, 所述手机导入用户支付数据, 并通过语音通道 将所述用户支付数据传送至所述安全令牌;  After the two-way authentication is passed, the mobile phone imports user payment data, and transmits the user payment data to the security token through a voice channel.
53、 所述安全令牌调用内置的加密算法和密钥数据, 对所述用户支付 数据进行加密处理, 将加密处理后的用户支付数据及相应的数字签名信息 返回所述手机;  53. The security token invokes a built-in encryption algorithm and key data, performs encryption processing on the user payment data, and returns the encrypted user payment data and corresponding digital signature information to the mobile phone.
54、 所述手机将加密处理后的用户支付数据及相应的数字签名信息传 送至交易平台。  54. The mobile phone transmits the encrypted user payment data and the corresponding digital signature information to the transaction platform.
2、 如权利要求 1所述的手机支付安全控制方法, 其特征在于, 在所述 步骤 S1中, 所述交易平台和所述安全令牌采用 RSA安全协议进行双向认 证, 包括:  The mobile phone payment security control method according to claim 1, wherein in the step S1, the transaction platform and the security token are authenticated by using an RSA security protocol, including:
511、 手机登陆交易平台, 获取认证信息, 将所述认证信息传送至安全 令牌; 所述认证信息包含一个随机数, 以及该随机数经过 HASH计算后再 由公钥加密而获得的密文;  511. The mobile phone logs in to the transaction platform, obtains the authentication information, and transmits the authentication information to the security token. The authentication information includes a random number, and the ciphertext obtained by the HASH calculation and then encrypted by the public key;
512、 安全令牌从所述认证信息中读取随机数, 调用内置的 HASH算 法对所述随机数进行计算, 获得所述随机数的数字摘要;  512. The security token reads a random number from the authentication information, and invokes a built-in HASH algorithm to calculate the random number to obtain a digital digest of the random number.
513、安全令牌从所述认证信息中读取密文,调用内置的私钥对所述密 文进行解密; 将解密获得的数据与所述数字摘要进行比较, 若两者相同, 则判定交易平台合法; 否则执行 S16;  513. The security token reads the ciphertext from the authentication information, and decrypts the ciphertext by calling the built-in private key; comparing the decrypted data with the digital digest, and if the two are the same, determining the transaction. The platform is legal; otherwise, execute S16;
514、 安全令牌对所述随机数和认证参数进行 HASH计算, 再用私钥 对 HASH计算后的数据进行加密, 并将加密后的数据返回手机, 由手机传 送至交易平台;  514. The security token performs HASH calculation on the random number and the authentication parameter, and then encrypts the HASH calculated data by using a private key, and returns the encrypted data to the mobile phone, and the mobile phone transmits the data to the transaction platform;
515、交易平台用公钥对所述安全令牌返回的数据进行解密,将解密后 的数据与相应的 HASH信息进行比较, 若相同, 则判定安全令牌合法; 否  515. The transaction platform decrypts the data returned by the security token by using a public key, and compares the decrypted data with the corresponding HASH information. If the same, the security token is legally determined;
10 则执行 S16; 10 Then execute S16;
S16、 终止手机支付业务。  S16. Terminate the mobile payment service.
3、 如权利要求 2所述的手机支付安全控制方法, 其特征在于, 所述用 户支付数据包括账户信息、 密码信息和交易信息。  3. The mobile payment security control method according to claim 2, wherein the user payment data comprises account information, password information, and transaction information.
4、 如权利要求 3所述的手机支付安全控制方法, 其特征在于, 在所述 步骤 S3中, 所述安全令牌采用 TLS、 SSL或 RSA加密算法对所述用户支 付数据进行加密。  The mobile phone payment security control method according to claim 3, wherein in the step S3, the security token encrypts the user payment data by using a TLS, SSL or RSA encryption algorithm.
5、 如权利要求 1 ~ 4任一项所述的手机支付安全控制方法, 其特征在 于,所述安全令牌采用符合 YD/T 1538-2006 5.1.2.6规范的 25mm耳机插头 或 35mm耳机插头, 接入所述手机的语音接口。  The mobile phone payment security control method according to any one of claims 1 to 4, wherein the security token is a 25mm earphone plug or a 35mm earphone plug conforming to the YD/T 1538-2006 5.1.2.6 specification. Access the voice interface of the mobile phone.
6、 如权利要求 5所述的手机支付安全控制方法, 其特征在于, 在所述 安全令牌上设置有协议转换器、 微控制单元和存储器;  6. The mobile payment security control method according to claim 5, wherein a protocol converter, a micro control unit, and a memory are disposed on the security token;
所述协议转换器用于对手机传送过来的数据进模数转换, 滤除声音信 号, 再传送给所述微控制单元进行认证或加密处理;  The protocol converter is configured to perform analog-to-digital conversion on data transmitted by the mobile phone, filter out the sound signal, and transmit the signal to the micro control unit for authentication or encryption processing;
所述协议转换器还用于对认证或加密处理后的数据进数模转换, 生成 语音信号, 再通过语音通道传送至手机;  The protocol converter is further configured to perform digital-to-analog conversion on the authenticated or encrypted data, generate a voice signal, and transmit the voice signal to the mobile phone through the voice channel;
所述存储器包括交易数据存储区、 程序存储区和只能读不能写的密钥 存储区, 分别用于保存交易数据、 加密算法和密钥数据。  The memory includes a transaction data storage area, a program storage area, and a key storage area that can only be read and written, and is used to store transaction data, encryption algorithms, and key data, respectively.
7、 一种手机支付系统, 其特征在于, 包括手机、 安全令牌和网上银行 服务器;  7. A mobile payment system, comprising: a mobile phone, a security token, and an online banking server;
所述手机用于登陆交易平台, 与所述网上银行服务器建立通信连接; 且所述手机具有语音接口, 用于接入所述安全令牌;  The mobile phone is used to log in to the transaction platform to establish a communication connection with the online banking server; and the mobile phone has a voice interface for accessing the security token;
所述手机还用于将认证信息和用户支付数据发送给安全令牌; 所述安全令牌存储有加密算法和密钥数据, 用于对所述手机发送的认 证信息进行认证, 对所述手机发送的用户支付数据进行加密处理, 并将加 密处理后的用户支付数据及相应的数字签名信息返回所述手机;  The mobile phone is further configured to send the authentication information and the user payment data to the security token; the security token stores an encryption algorithm and key data, and is used to authenticate the authentication information sent by the mobile phone, to the mobile phone Sending user payment data for encryption processing, and returning the encrypted user payment data and corresponding digital signature information to the mobile phone;
所述手机将加密处理后的用户支付数据及相应的数字签名信息传送至 所述网上银行服务器。  The mobile phone transmits the encrypted user payment data and the corresponding digital signature information to the online banking server.
11 11
8、 如权利要求 7所述的手机支付系统, 其特征在于, 所述安全令牌包 括耳机插头、 开关、 协议转换器、 微控制单元、 存储器和电源; 8. The mobile payment system according to claim 7, wherein the security token comprises a headphone plug, a switch, a protocol converter, a micro control unit, a memory, and a power source;
所述耳机插头与所述手机的语音接口连接;  The earphone plug is connected to a voice interface of the mobile phone;
所述开关设置在所述耳机插头处, 当所述耳机插头接入手机时, 开关 打开, 接通电源;  The switch is disposed at the earphone plug, and when the earphone plug is connected to the mobile phone, the switch is turned on, and the power is turned on;
所述协议转换器分别与所述耳机插头、 微控制单元相连接, 用于对数 据进行转换, 并滤除声音信号;  The protocol converter is respectively connected to the earphone plug and the micro control unit for converting data and filtering out the sound signal;
所述存储器与所述微控制单元连接, 用于存储加密算法和密钥数据; 所述微控制单元通过语音通道接收所述手机的数据, 并从所述存储器 中读取加密算法和密钥数据, 对所述数据进行加密认证处理。  The memory is connected to the micro control unit for storing an encryption algorithm and key data; the micro control unit receives data of the mobile phone through a voice channel, and reads an encryption algorithm and key data from the memory. And performing encryption authentication processing on the data.
9、 如权利要求 8所述的手机支付系统, 其特征在于, 所述手机的语音 接口是符合 YD/T 1538-2006 5.1.2.6规范的 25mm耳机通道接口或 35mm耳 机通道接口。  9. The mobile payment system according to claim 8, wherein the voice interface of the mobile phone is a 25 mm earphone channel interface or a 35 mm earphone channel interface conforming to the YD/T 1538-2006 5.1.2.6 specification.
10、 如权利要求 8所述的手机支付系统, 其特征在于, 所述安全令牌 的存储器为 flash存储器, 包括交易数据存储区、程序存储区和只能读不能 写的密钥存储区。  10. The mobile payment system according to claim 8, wherein the memory of the security token is a flash memory, and includes a transaction data storage area, a program storage area, and a key storage area that can only be read and written.
12 12
PCT/CN2012/078151 2011-08-17 2012-07-04 Mobile phone payment security control method and system WO2013023499A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110235656.8 2011-08-17
CN2011102356568A CN102254264A (en) 2011-08-17 2011-08-17 Security control method and security control system of mobile payment

Publications (1)

Publication Number Publication Date
WO2013023499A1 true WO2013023499A1 (en) 2013-02-21

Family

ID=44981509

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/078151 WO2013023499A1 (en) 2011-08-17 2012-07-04 Mobile phone payment security control method and system

Country Status (2)

Country Link
CN (1) CN102254264A (en)
WO (1) WO2013023499A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981654A (en) * 2019-03-28 2019-07-05 安信数字(广州)科技有限公司 Digital identity generation method and device
US10990957B2 (en) 2017-01-03 2021-04-27 Advanced New Technologies Co., Ltd. Scan and pay method and device utilized in mobile apparatus
US11127009B2 (en) 2015-04-07 2021-09-21 Omnyway, Inc. Methods and systems for using a mobile device to effect a secure electronic transaction
US11250414B2 (en) 2019-08-02 2022-02-15 Omnyway, Inc. Cloud based system for engaging shoppers at or near physical stores
US11468432B2 (en) 2019-08-09 2022-10-11 Omnyway, Inc. Virtual-to-physical secure remote payment to a physical location

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102254264A (en) * 2011-08-17 2011-11-23 广州广电运通金融电子股份有限公司 Security control method and security control system of mobile payment
CN102685704B (en) * 2012-05-16 2015-06-03 北京钱袋宝支付技术有限公司 Method and system for mobile phone trading
US8639619B1 (en) 2012-07-13 2014-01-28 Scvngr, Inc. Secure payment method and system
HUP1200524A2 (en) 2012-09-12 2014-05-28 Cellum Global Innovacios Es Szolgaltato Zrt Mobile payment system application, as well as method of creating and using mobile payment
CN103731266B (en) * 2012-10-12 2017-05-10 北京微智全景信息技术有限公司 Method and system for authenticating electronic certificate
CN103237306A (en) * 2013-04-02 2013-08-07 程雪莲 Usbkey of cellphone identity authentication terminal and application of Usbkey
CN103281186B (en) * 2013-05-08 2016-02-03 上海众人网络安全技术有限公司 A kind of dynamic token based on Android system, transaction system and method
CN103338119B (en) * 2013-06-08 2014-12-31 腾讯科技(深圳)有限公司 Voice channel distribution method and voice system
US8770478B2 (en) 2013-07-11 2014-07-08 Scvngr, Inc. Payment processing with automatic no-touch mode selection
CN103455914A (en) * 2013-08-30 2013-12-18 深圳数字电视国家工程实验室股份有限公司 Safety authentication method and remote controller and television payment system using same
CN103839157A (en) * 2014-02-25 2014-06-04 中国联合网络通信集团有限公司 Electronic payment method, device and system
CN104166918B (en) * 2014-08-20 2017-08-25 齐鲁工业大学 Safe payment method based on audio button
CN104200366A (en) * 2014-09-15 2014-12-10 长沙市梦马软件有限公司 Voice payment authentication method and system
CN104702411B (en) * 2015-03-14 2017-12-29 丁贤根 Have the token design method of mobile payment security certification and mobile phone loss alarm concurrently
CN104702412B (en) * 2015-03-14 2018-02-02 丁贤根 Mobile payment mobile telephone external AI security certification systems and its implementation
CN105050081B (en) * 2015-08-19 2017-03-22 腾讯科技(深圳)有限公司 Method, device and system for connecting network access device to wireless network access point
US20170200155A1 (en) * 2016-01-11 2017-07-13 Mastercard International Incorporated Generating and sending encrypted payment data messages between computing devices to effect a transfer of funds
KR102305943B1 (en) 2016-09-23 2021-09-27 애플 인크. Managing credentials of multiple users on an electronic device
CN107274173A (en) * 2017-05-11 2017-10-20 吴世贵 A kind of sound wave payment method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841417A (en) * 2010-03-12 2010-09-22 李勇 Electronic signature device supporting short-distance wireless communication technology and method for ensuring safety of electronic transaction by applying same
CN201846343U (en) * 2010-09-25 2011-05-25 北京天地融科技有限公司 Electronic signature tool communicating with mobile phone through speech mode
CN102254264A (en) * 2011-08-17 2011-11-23 广州广电运通金融电子股份有限公司 Security control method and security control system of mobile payment
CN202221590U (en) * 2011-08-17 2012-05-16 广州广电运通金融电子股份有限公司 Mobile phone payment safety protection device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101236496A (en) * 2007-01-29 2008-08-06 展讯通信(上海)有限公司 Software consistency detector methods and apparatus
CN102004977A (en) * 2009-09-02 2011-04-06 深圳市证通电子股份有限公司 Safe network payment method and system
CN102118251B (en) * 2011-01-24 2013-01-02 郑州信大捷安信息技术股份有限公司 Security authentication method for internet banking remote payment based on multi-interface intelligent safety card

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101841417A (en) * 2010-03-12 2010-09-22 李勇 Electronic signature device supporting short-distance wireless communication technology and method for ensuring safety of electronic transaction by applying same
CN201846343U (en) * 2010-09-25 2011-05-25 北京天地融科技有限公司 Electronic signature tool communicating with mobile phone through speech mode
CN102254264A (en) * 2011-08-17 2011-11-23 广州广电运通金融电子股份有限公司 Security control method and security control system of mobile payment
CN202221590U (en) * 2011-08-17 2012-05-16 广州广电运通金融电子股份有限公司 Mobile phone payment safety protection device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11127009B2 (en) 2015-04-07 2021-09-21 Omnyway, Inc. Methods and systems for using a mobile device to effect a secure electronic transaction
US10990957B2 (en) 2017-01-03 2021-04-27 Advanced New Technologies Co., Ltd. Scan and pay method and device utilized in mobile apparatus
CN109981654A (en) * 2019-03-28 2019-07-05 安信数字(广州)科技有限公司 Digital identity generation method and device
US11250414B2 (en) 2019-08-02 2022-02-15 Omnyway, Inc. Cloud based system for engaging shoppers at or near physical stores
US11468432B2 (en) 2019-08-09 2022-10-11 Omnyway, Inc. Virtual-to-physical secure remote payment to a physical location

Also Published As

Publication number Publication date
CN102254264A (en) 2011-11-23

Similar Documents

Publication Publication Date Title
WO2013023499A1 (en) Mobile phone payment security control method and system
EP2859488B1 (en) Enterprise triggered 2chk association
CN101916388B (en) Smart SD card and method for using same for mobile payment
CA2875563C (en) Enchanced 2chk authentication security with query transactions
CN201600745U (en) Electronic payment terminal and service equipment provided with same
WO2015161699A1 (en) Secure data interaction method and system
CN106027501B (en) A kind of system and method for being traded safety certification in a mobile device
US20110103586A1 (en) System, Method and Device To Authenticate Relationships By Electronic Means
WO2015085809A1 (en) Mobile payment security system with wireless data private network physically isolated from internet
CN101901517A (en) Fingerprint payment certificate server, fingerprint payment method and system thereof
CN101216923A (en) A system and method to enhance the data security of e-bank dealings
CN102202300A (en) System and method for dynamic password authentication based on dual channels
CN101770619A (en) Multiple-factor authentication method for online payment and authentication system
CN102195932A (en) Method and system for realizing network identity authentication based on two pieces of isolation equipment
WO2009094949A1 (en) Creditable remote service method and system
CN101916476A (en) Mobile data transmission method based on combination of SD (Secure Digital) encrypted card and short-distance wireless communication technology
CN101304569A (en) Mobile authentication system based on intelligent mobile phone
CN103152180A (en) Authenticated encryption equipment and method with wireless communication function
CN203278851U (en) Authenticated encryption device with wireless communication function
CN202221590U (en) Mobile phone payment safety protection device
WO2011140710A1 (en) Method and service platform for implementing funds transfer using mobile terminal
CN103051640A (en) Bluetooth-based online banking safety equipment and data communication method thereof
CN204741571U (en) A safety certificate device, system and wearable equipment for mobile terminal
TWI753102B (en) Real-name authentication service system and real-name authentication service method
WO2011060739A1 (en) Security system and method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12823294

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12823294

Country of ref document: EP

Kind code of ref document: A1