WO2014063546A1 - Procédé et dispositif de traitement de demande d'accès à des données venant d'un terminal mobile - Google Patents
Procédé et dispositif de traitement de demande d'accès à des données venant d'un terminal mobile Download PDFInfo
- Publication number
- WO2014063546A1 WO2014063546A1 PCT/CN2013/083846 CN2013083846W WO2014063546A1 WO 2014063546 A1 WO2014063546 A1 WO 2014063546A1 CN 2013083846 W CN2013083846 W CN 2013083846W WO 2014063546 A1 WO2014063546 A1 WO 2014063546A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- request
- mobile terminal
- data access
- processing
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4012—Verifying personal identification numbers [PIN]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/42—Confirmation, e.g. check or permission by the legal debtor of payment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Definitions
- the P0S terminal can initiate an interaction and debit operation to the electronic cash application at will; in the mobile terminal environment, since the mobile terminal is an untrusted entity, if it is still accepted according to the current electronic cash application The interaction of the process will inevitably lead to the electronic cash application being accessed by the illegal client and deducting the money, which will bring the corresponding property loss to the cardholder.
- the offline transaction deduction voucher information is generated and saved on the P0S terminal for later clearing, and the same, if the offline transaction deduction voucher information is stored in the mobile
- the terminal will also be illegally tampered with and stolen.
- the present invention provides a method of processing a data access request from a mobile terminal in a data storage device, comprising: receiving a request for data access to the data storage device; The initiator of the request submits an identity authentication request; verifying the identity authentication content input by the initiator in response to the identity authentication request; reflecting the result of the verification by changing the state of the one-time session identifier, wherein the one-time session identifier
- the status is in a state of failing verification each time a processing data access request is received; if the verification is passed, the modification request for the data is approved and executed, and the modified content is recorded in the status information table; and the encryption is issued at the mobile terminal
- the encrypted service request is responded only when the encrypted service request contains information corresponding to the record in the status information table.
- the method of processing a data access request from a mobile terminal wherein the data is electronic cash account data, the modification request is caused by a transaction of the electronic cash account, and the value of the data modification is an authorization of the transaction
- the amount information, the status information table is an offline transaction completion status information table, which includes at least an application transaction counter and the authorized amount.
- the method for processing a data access request from a mobile terminal further includes performing encryption and message verification code calculation on the transaction data information in which the matching record exists in the status information table, and transmitting the calculation result to the background system.
- the data storage device in the method of processing a data access request from a mobile terminal is an IC card.
- the data stored in the data storage device in the method of processing a data access request from a mobile terminal is electronic cash account data.
- the encryption algorithm used in the step of encrypting transaction data information in which the matching record exists in the state information table in the method for processing a data access request from the mobile terminal is a symmetric algorithm or an asymmetric algorithm, and the transaction data
- the information is the debit memo from the method for processing the data access request from the mobile terminal, and the encrypted message is also sent to the background for verification.
- the offline transaction completion status information table in the method of processing a data access request from a mobile terminal only supports the application itself to perform insertion and deletion operations.
- the step of processing the modified content into the status information table in the method for processing a data access request from the mobile terminal includes inserting the application transaction counter corresponding to the transaction and the authorized amount into the offline transaction. Complete the status information table.
- the present invention provides an apparatus for processing a data access request from a mobile terminal in a data storage device, comprising: a receiving device that receives a request for data access to the data storage device; and an identity authentication initiating device
- the originator of the request proposes an identity authentication request
- the verification device verifies the identity authentication content input by the initiator in response to the identity authentication request
- - the risk certificate result recording device reflects by changing the state of the one-time session identifier a result of the verification, wherein the status of the one-time session identifier is in a state of failing verification each time a processing data access request is received; modifying the device, if approved, approving and executing the modification request for the data, and Modify content record
- the encryption service request response means, when the mobile terminal issues an encryption service request, responding to the encryption service only when the encryption service request includes information corresponding to the record in the status information table request.
- the debit payment can be effectively prevented from being accessed by the malicious program without obtaining the authorization of the card holder, the offline transaction data of the non-book can be effectively prevented from being encrypted, and the electronic cash offline transaction can be effectively prevented.
- the data was illegally stolen and tampered with during the process of being sent to the background. From a broader perspective, the present invention provides more secure access to data in data storage devices.
- FIG. 1 shows the steps of a method of processing a data access request from a mobile terminal
- FIG. 2 shows an offline transaction completion status information table
- Fig. 3 shows the processing performed on the offline transaction completion status information table.
- an electronic computing device can include one or more processors that perform one or more particular functions.
- Electronic cash transactions can be viewed as a process of processing data in a data storage device.
- Electronic cash transactions under the contact interface the first can be forced to insert Cardperson offline personal identification number (PIN) verification.
- PIN personal identification number
- the mechanism On the mobile terminal, when the client interacts with the electronic cash, the mechanism will have the following functions: (1) authentication of the cardholder identity; (2) authentication of the client accessing the electronic cash application.
- the "Cardholder PIN Verification Pass” is introduced here.
- This flag is a one-time session flag, that is, the flag is reset to invalid each time an electronic cash application is selected.
- the card's electronic cash application will set the "cardholder PIN verification pass sign", which will be used in the electronic cash application to generate one of the basis for approval of the offline transaction ciphertext. .
- step S106 includes performing encryption, deleting the corresponding record from the status information table, and returning the encrypted result to the mobile terminal.
- the device in the data storage device that processes the data access request from the mobile terminal may include a receiving device, an identity authentication initiating device, a verifying device, and a verification result recording device.
- the mobile terminal accessing data in the data storage device includes a requesting device, a verification input device, a data access device, and a result receiving device.
- the requesting device issues a request for data access to the data storage device;
- the verification input device is for inputting the identity authentication content;
- the data access device accesses and modifies the data in the data storage device; and
- the result receiving device receives the modified data in the data storage device.
- a smart card equipped with electronic cash receives an electronic cash debit operation process after receiving an application ciphertext command.
- the electronic cash payment transaction is performed on the mobile terminal through the contact interface.
- the client decides to apply the corresponding transaction to the card according to the behavior analysis result of the card, the card is on the card.
- the electronic cash application After receiving the request, the electronic cash application performs the following processing: first, it is checked whether the cardholder PIN verification pass flag is set. If the result of the check is "No", then return directly without debit processing. If the result of the check is "Yes", then the authorized amount is deducted and the balance of the electronic cash is updated later.
- an offline transaction completion status information table is introduced here.
- the structure of the table is shown in Figure 2.
- the size of the table is not fixed and can be set according to actual needs. As a preferred mode, the size can be set to five. At the same time, the content of the field can also be expanded according to actual needs. This table is maintained by the application itself and is not readable or writable externally.
- the application transaction counter value and the authorized amount corresponding to the transaction are inserted into the table.
- the card When the card external entity requests the offline transaction data encryption service to the card electronic cash application, the card first determines whether the offline transaction belongs to the consumer transaction of the account after receiving the data, and the judgment base mainly includes the primary account and the issuing bank. Account information such as application data and electronic cash issuing bank authorization code. If the result of the judgment is "No”, then an error verification code is returned; if the result of the judgment is "Yes”, then it is judged whether there is a matching record. If the result of the judgment is "No”, then the error face code is returned. If the result of the judgment is "Yes”, then it is judged whether the authorized amount is the same.
- a secure transmission key system is also introduced to encrypt offline transaction data and message authentication code (MAC) calculation.
- the encryption algorithm used may be a symmetric algorithm or an asymmetric algorithm.
- the secure transmission key system includes at least the following keys: (1) an encryption key for offline transaction voucher data, and also calculates a corresponding MAC; (2) an externally provided transmission message encryption key; (3) external The provided transmission "3 ⁇ 4 text MAC calculation key.
- the transaction voucher data contains the content involved in the record in the status information table, thereby realizing the legality of requesting the encrypted content. Sexuality and uniqueness are certified.
- the electronic cash flow through the exhibition needs to provide the following secure operation interfaces: (1) offline transaction voucher data encryption and MAC calculation operation interface; (2) externally provided transmission message encryption interface; (3) externally provided transmission message MAC computing interface.
- the above security key system may be symmetric or ⁇ based asymmetric.
- this method can be implemented in hardware, firmware, software, or any combination thereof.
- devices can be in one or more application specific integrated circuits (AS ICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable Gate arrays (FPGAs), processors, controllers, microcontrollers, microprocessors, electronics, or other device units designed to perform functions such as those described herein, or any combination thereof.
- AS ICs application specific integrated circuits
- DSPs digital signal processors
- DSPDs digital signal processing devices
- PLDs programmable logic devices
- FPGAs field programmable Gate arrays
- processors controllers, microcontrollers, microprocessors, electronics, or other device units designed to perform functions such as those described herein, or any combination thereof.
- the methods can be implemented with modules that perform the functions described herein or any combination thereof.
- any machine readable shield that tangibly embodying instructions can be used in implementing such methods.
- software or code may be stored in the memory and executed by the processing unit.
- the memory can be implemented in the processing unit and/or external to the processing unit.
- memory refers to any type of long-term, short-term, volatile, non-volatile, or other memory, and is not limited to any particular type of memory or the number of memories or types of storage media.
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- General Business, Economics & Management (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Storage Device Security (AREA)
Abstract
L'invention concerne un procédé de traitement de demande d'accès à des données venant d'un terminal mobile, lequel procédé consiste à : recevoir une demande d'accès à des données transmise vers un dispositif de stockage de données; effectuer une demande d'authentification d'identification; vérifier le contenu d'authentification d'identification; renvoyer le résultat de vérification en changeant l'état de l'identifiant de session unique; si la vérification réussit, autoriser et exécuter la demande de modification de données, et enregistrer le contenu de modification dans une table d'informations d'état; et lorsque le terminal mobile émet une demande de service de cryptage, répondre à la demande de service de cryptage uniquement si celle-ci contient les informations correspondant à un enregistrement dans la table d'informations d'état. La présente invention permet de résoudre le problème d'accès et de retrait de de monnaie électronique par un programme malveillant.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210412344.4 | 2012-10-25 | ||
CN201210412344.4A CN103778535B (zh) | 2012-10-25 | 2012-10-25 | 处理来自移动终端的数据访问请求的设备和方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014063546A1 true WO2014063546A1 (fr) | 2014-05-01 |
Family
ID=50543983
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2013/083846 WO2014063546A1 (fr) | 2012-10-25 | 2013-09-19 | Procédé et dispositif de traitement de demande d'accès à des données venant d'un terminal mobile |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN103778535B (fr) |
WO (1) | WO2014063546A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016141865A1 (fr) * | 2015-03-11 | 2016-09-15 | 中国银联股份有限公司 | Procédé de transmission de données destiné à un paiement mobile en champ proche, et équipement utilisateur |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101394615A (zh) * | 2007-09-20 | 2009-03-25 | 中国银联股份有限公司 | 一种基于pki技术的移动支付终端及支付方法 |
CN102118745A (zh) * | 2011-01-14 | 2011-07-06 | 中国工商银行股份有限公司 | 一种移动支付数据安全加密方法、装置及手机 |
CN102665208A (zh) * | 2012-04-06 | 2012-09-12 | 中国工商银行股份有限公司 | 移动终端、终端银行业务安全认证方法及系统 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2858145A1 (fr) * | 2003-07-24 | 2005-01-28 | France Telecom | Procede et systeme de double authentification securise d'un utilisateur lors de l'acces a un service par l'intermediaire d'un reseau ip |
CN1889419B (zh) * | 2005-06-30 | 2010-05-05 | 联想(北京)有限公司 | 一种实现加密的方法及装置 |
CN1963854A (zh) * | 2006-11-27 | 2007-05-16 | 北京握奇数据系统有限公司 | 一种缩短电子货币消费交易时间的方法 |
-
2012
- 2012-10-25 CN CN201210412344.4A patent/CN103778535B/zh active Active
-
2013
- 2013-09-19 WO PCT/CN2013/083846 patent/WO2014063546A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101394615A (zh) * | 2007-09-20 | 2009-03-25 | 中国银联股份有限公司 | 一种基于pki技术的移动支付终端及支付方法 |
CN102118745A (zh) * | 2011-01-14 | 2011-07-06 | 中国工商银行股份有限公司 | 一种移动支付数据安全加密方法、装置及手机 |
CN102665208A (zh) * | 2012-04-06 | 2012-09-12 | 中国工商银行股份有限公司 | 移动终端、终端银行业务安全认证方法及系统 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016141865A1 (fr) * | 2015-03-11 | 2016-09-15 | 中国银联股份有限公司 | Procédé de transmission de données destiné à un paiement mobile en champ proche, et équipement utilisateur |
Also Published As
Publication number | Publication date |
---|---|
CN103778535A (zh) | 2014-05-07 |
CN103778535B (zh) | 2017-08-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018137302A1 (fr) | Procédé et dispositif d'ajout de carte bancaire | |
US10083442B1 (en) | Software PIN entry | |
US10586229B2 (en) | Anytime validation tokens | |
CN106875173B (zh) | 一种认证交易的方法 | |
US20130054473A1 (en) | Secure Payment Method, Mobile Device and Secure Payment System | |
US10223690B2 (en) | Alternative account identifier | |
EP2098985A2 (fr) | Architecture sûre pour lecteurs financiers | |
WO2020020329A1 (fr) | Portefeuille numérique permettant une transaction hors-ligne anonyme ou avec nom réel et procédé d'utilisation | |
AU2008206394A1 (en) | Generation systems and methods for transaction identifiers having biometric keys associated therewith | |
CA2686280A1 (fr) | Methode et systeme pour autorisation de paiement et presentation de carte au moyen d'identites emises d'avance | |
CN115004208A (zh) | 利用密码技术生成条形码 | |
US20160086168A1 (en) | Establishing communication between a reader application and a smart card emulator | |
WO2016044882A1 (fr) | Transfert sécurisé de données de paiement | |
BR112018010287B1 (pt) | Método para autenticação de um usuário para uma dada operação,função, ação e/ou processo a ser assegurado, dispositivo para a autenticação de um usuário para uma dada operação, função, ação e/ou processo a ser assegurado,servidor para a autenticação de um usuário para uma dada operação, função, ação e/ou processo a ser assegurado, e sistema, para autenticação de um usuário para uma dada operação, função, ação e/ou processo a ser assegurado | |
TWI715833B (zh) | 一種空中發卡方法、裝置、計算設備、電腦可讀存儲介質及電腦程式產品 | |
US11727403B2 (en) | System and method for payment authentication | |
CN106330888A (zh) | 一种保证互联网线上支付安全性的方法及装置 | |
GB2508207A (en) | Controlling access to secured data stored on a mobile device | |
KR101625065B1 (ko) | 휴대단말기에서의 사용자 인증방법 | |
WO2019237258A1 (fr) | Procédé interactif de monnaie numérique, support physique de monnaie numérique, dispositif terminal et support de stockage | |
WO2014063546A1 (fr) | Procédé et dispositif de traitement de demande d'accès à des données venant d'un terminal mobile | |
AU2015200701B2 (en) | Anytime validation for verification tokens | |
US20170124561A1 (en) | Methods, devices and systems for authorizing an age-restricted interaction | |
US12033142B2 (en) | Authenticator app for consent architecture | |
CN115439108A (zh) | 一种交易处理方法及装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13849805 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/08/2015) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 13849805 Country of ref document: EP Kind code of ref document: A1 |