WO2014063546A1 - Procédé et dispositif de traitement de demande d'accès à des données venant d'un terminal mobile - Google Patents

Procédé et dispositif de traitement de demande d'accès à des données venant d'un terminal mobile Download PDF

Info

Publication number
WO2014063546A1
WO2014063546A1 PCT/CN2013/083846 CN2013083846W WO2014063546A1 WO 2014063546 A1 WO2014063546 A1 WO 2014063546A1 CN 2013083846 W CN2013083846 W CN 2013083846W WO 2014063546 A1 WO2014063546 A1 WO 2014063546A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
request
mobile terminal
data access
processing
Prior art date
Application number
PCT/CN2013/083846
Other languages
English (en)
Chinese (zh)
Inventor
柴洪峰
鲁志军
何朔
郑建宾
刘国宝
万四爽
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2014063546A1 publication Critical patent/WO2014063546A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4012Verifying personal identification numbers [PIN]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/42Confirmation, e.g. check or permission by the legal debtor of payment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Definitions

  • the P0S terminal can initiate an interaction and debit operation to the electronic cash application at will; in the mobile terminal environment, since the mobile terminal is an untrusted entity, if it is still accepted according to the current electronic cash application The interaction of the process will inevitably lead to the electronic cash application being accessed by the illegal client and deducting the money, which will bring the corresponding property loss to the cardholder.
  • the offline transaction deduction voucher information is generated and saved on the P0S terminal for later clearing, and the same, if the offline transaction deduction voucher information is stored in the mobile
  • the terminal will also be illegally tampered with and stolen.
  • the present invention provides a method of processing a data access request from a mobile terminal in a data storage device, comprising: receiving a request for data access to the data storage device; The initiator of the request submits an identity authentication request; verifying the identity authentication content input by the initiator in response to the identity authentication request; reflecting the result of the verification by changing the state of the one-time session identifier, wherein the one-time session identifier
  • the status is in a state of failing verification each time a processing data access request is received; if the verification is passed, the modification request for the data is approved and executed, and the modified content is recorded in the status information table; and the encryption is issued at the mobile terminal
  • the encrypted service request is responded only when the encrypted service request contains information corresponding to the record in the status information table.
  • the method of processing a data access request from a mobile terminal wherein the data is electronic cash account data, the modification request is caused by a transaction of the electronic cash account, and the value of the data modification is an authorization of the transaction
  • the amount information, the status information table is an offline transaction completion status information table, which includes at least an application transaction counter and the authorized amount.
  • the method for processing a data access request from a mobile terminal further includes performing encryption and message verification code calculation on the transaction data information in which the matching record exists in the status information table, and transmitting the calculation result to the background system.
  • the data storage device in the method of processing a data access request from a mobile terminal is an IC card.
  • the data stored in the data storage device in the method of processing a data access request from a mobile terminal is electronic cash account data.
  • the encryption algorithm used in the step of encrypting transaction data information in which the matching record exists in the state information table in the method for processing a data access request from the mobile terminal is a symmetric algorithm or an asymmetric algorithm, and the transaction data
  • the information is the debit memo from the method for processing the data access request from the mobile terminal, and the encrypted message is also sent to the background for verification.
  • the offline transaction completion status information table in the method of processing a data access request from a mobile terminal only supports the application itself to perform insertion and deletion operations.
  • the step of processing the modified content into the status information table in the method for processing a data access request from the mobile terminal includes inserting the application transaction counter corresponding to the transaction and the authorized amount into the offline transaction. Complete the status information table.
  • the present invention provides an apparatus for processing a data access request from a mobile terminal in a data storage device, comprising: a receiving device that receives a request for data access to the data storage device; and an identity authentication initiating device
  • the originator of the request proposes an identity authentication request
  • the verification device verifies the identity authentication content input by the initiator in response to the identity authentication request
  • - the risk certificate result recording device reflects by changing the state of the one-time session identifier a result of the verification, wherein the status of the one-time session identifier is in a state of failing verification each time a processing data access request is received; modifying the device, if approved, approving and executing the modification request for the data, and Modify content record
  • the encryption service request response means, when the mobile terminal issues an encryption service request, responding to the encryption service only when the encryption service request includes information corresponding to the record in the status information table request.
  • the debit payment can be effectively prevented from being accessed by the malicious program without obtaining the authorization of the card holder, the offline transaction data of the non-book can be effectively prevented from being encrypted, and the electronic cash offline transaction can be effectively prevented.
  • the data was illegally stolen and tampered with during the process of being sent to the background. From a broader perspective, the present invention provides more secure access to data in data storage devices.
  • FIG. 1 shows the steps of a method of processing a data access request from a mobile terminal
  • FIG. 2 shows an offline transaction completion status information table
  • Fig. 3 shows the processing performed on the offline transaction completion status information table.
  • an electronic computing device can include one or more processors that perform one or more particular functions.
  • Electronic cash transactions can be viewed as a process of processing data in a data storage device.
  • Electronic cash transactions under the contact interface the first can be forced to insert Cardperson offline personal identification number (PIN) verification.
  • PIN personal identification number
  • the mechanism On the mobile terminal, when the client interacts with the electronic cash, the mechanism will have the following functions: (1) authentication of the cardholder identity; (2) authentication of the client accessing the electronic cash application.
  • the "Cardholder PIN Verification Pass” is introduced here.
  • This flag is a one-time session flag, that is, the flag is reset to invalid each time an electronic cash application is selected.
  • the card's electronic cash application will set the "cardholder PIN verification pass sign", which will be used in the electronic cash application to generate one of the basis for approval of the offline transaction ciphertext. .
  • step S106 includes performing encryption, deleting the corresponding record from the status information table, and returning the encrypted result to the mobile terminal.
  • the device in the data storage device that processes the data access request from the mobile terminal may include a receiving device, an identity authentication initiating device, a verifying device, and a verification result recording device.
  • the mobile terminal accessing data in the data storage device includes a requesting device, a verification input device, a data access device, and a result receiving device.
  • the requesting device issues a request for data access to the data storage device;
  • the verification input device is for inputting the identity authentication content;
  • the data access device accesses and modifies the data in the data storage device; and
  • the result receiving device receives the modified data in the data storage device.
  • a smart card equipped with electronic cash receives an electronic cash debit operation process after receiving an application ciphertext command.
  • the electronic cash payment transaction is performed on the mobile terminal through the contact interface.
  • the client decides to apply the corresponding transaction to the card according to the behavior analysis result of the card, the card is on the card.
  • the electronic cash application After receiving the request, the electronic cash application performs the following processing: first, it is checked whether the cardholder PIN verification pass flag is set. If the result of the check is "No", then return directly without debit processing. If the result of the check is "Yes", then the authorized amount is deducted and the balance of the electronic cash is updated later.
  • an offline transaction completion status information table is introduced here.
  • the structure of the table is shown in Figure 2.
  • the size of the table is not fixed and can be set according to actual needs. As a preferred mode, the size can be set to five. At the same time, the content of the field can also be expanded according to actual needs. This table is maintained by the application itself and is not readable or writable externally.
  • the application transaction counter value and the authorized amount corresponding to the transaction are inserted into the table.
  • the card When the card external entity requests the offline transaction data encryption service to the card electronic cash application, the card first determines whether the offline transaction belongs to the consumer transaction of the account after receiving the data, and the judgment base mainly includes the primary account and the issuing bank. Account information such as application data and electronic cash issuing bank authorization code. If the result of the judgment is "No”, then an error verification code is returned; if the result of the judgment is "Yes”, then it is judged whether there is a matching record. If the result of the judgment is "No”, then the error face code is returned. If the result of the judgment is "Yes”, then it is judged whether the authorized amount is the same.
  • a secure transmission key system is also introduced to encrypt offline transaction data and message authentication code (MAC) calculation.
  • the encryption algorithm used may be a symmetric algorithm or an asymmetric algorithm.
  • the secure transmission key system includes at least the following keys: (1) an encryption key for offline transaction voucher data, and also calculates a corresponding MAC; (2) an externally provided transmission message encryption key; (3) external The provided transmission "3 ⁇ 4 text MAC calculation key.
  • the transaction voucher data contains the content involved in the record in the status information table, thereby realizing the legality of requesting the encrypted content. Sexuality and uniqueness are certified.
  • the electronic cash flow through the exhibition needs to provide the following secure operation interfaces: (1) offline transaction voucher data encryption and MAC calculation operation interface; (2) externally provided transmission message encryption interface; (3) externally provided transmission message MAC computing interface.
  • the above security key system may be symmetric or ⁇ based asymmetric.
  • this method can be implemented in hardware, firmware, software, or any combination thereof.
  • devices can be in one or more application specific integrated circuits (AS ICs), digital signal processors (DSPs), digital signal processing devices (DSPDs), programmable logic devices (PLDs), field programmable Gate arrays (FPGAs), processors, controllers, microcontrollers, microprocessors, electronics, or other device units designed to perform functions such as those described herein, or any combination thereof.
  • AS ICs application specific integrated circuits
  • DSPs digital signal processors
  • DSPDs digital signal processing devices
  • PLDs programmable logic devices
  • FPGAs field programmable Gate arrays
  • processors controllers, microcontrollers, microprocessors, electronics, or other device units designed to perform functions such as those described herein, or any combination thereof.
  • the methods can be implemented with modules that perform the functions described herein or any combination thereof.
  • any machine readable shield that tangibly embodying instructions can be used in implementing such methods.
  • software or code may be stored in the memory and executed by the processing unit.
  • the memory can be implemented in the processing unit and/or external to the processing unit.
  • memory refers to any type of long-term, short-term, volatile, non-volatile, or other memory, and is not limited to any particular type of memory or the number of memories or types of storage media.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de traitement de demande d'accès à des données venant d'un terminal mobile, lequel procédé consiste à : recevoir une demande d'accès à des données transmise vers un dispositif de stockage de données; effectuer une demande d'authentification d'identification; vérifier le contenu d'authentification d'identification; renvoyer le résultat de vérification en changeant l'état de l'identifiant de session unique; si la vérification réussit, autoriser et exécuter la demande de modification de données, et enregistrer le contenu de modification dans une table d'informations d'état; et lorsque le terminal mobile émet une demande de service de cryptage, répondre à la demande de service de cryptage uniquement si celle-ci contient les informations correspondant à un enregistrement dans la table d'informations d'état. La présente invention permet de résoudre le problème d'accès et de retrait de de monnaie électronique par un programme malveillant.
PCT/CN2013/083846 2012-10-25 2013-09-19 Procédé et dispositif de traitement de demande d'accès à des données venant d'un terminal mobile WO2014063546A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201210412344.4 2012-10-25
CN201210412344.4A CN103778535B (zh) 2012-10-25 2012-10-25 处理来自移动终端的数据访问请求的设备和方法

Publications (1)

Publication Number Publication Date
WO2014063546A1 true WO2014063546A1 (fr) 2014-05-01

Family

ID=50543983

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2013/083846 WO2014063546A1 (fr) 2012-10-25 2013-09-19 Procédé et dispositif de traitement de demande d'accès à des données venant d'un terminal mobile

Country Status (2)

Country Link
CN (1) CN103778535B (fr)
WO (1) WO2014063546A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016141865A1 (fr) * 2015-03-11 2016-09-15 中国银联股份有限公司 Procédé de transmission de données destiné à un paiement mobile en champ proche, et équipement utilisateur

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101394615A (zh) * 2007-09-20 2009-03-25 中国银联股份有限公司 一种基于pki技术的移动支付终端及支付方法
CN102118745A (zh) * 2011-01-14 2011-07-06 中国工商银行股份有限公司 一种移动支付数据安全加密方法、装置及手机
CN102665208A (zh) * 2012-04-06 2012-09-12 中国工商银行股份有限公司 移动终端、终端银行业务安全认证方法及系统

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2858145A1 (fr) * 2003-07-24 2005-01-28 France Telecom Procede et systeme de double authentification securise d'un utilisateur lors de l'acces a un service par l'intermediaire d'un reseau ip
CN1889419B (zh) * 2005-06-30 2010-05-05 联想(北京)有限公司 一种实现加密的方法及装置
CN1963854A (zh) * 2006-11-27 2007-05-16 北京握奇数据系统有限公司 一种缩短电子货币消费交易时间的方法

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101394615A (zh) * 2007-09-20 2009-03-25 中国银联股份有限公司 一种基于pki技术的移动支付终端及支付方法
CN102118745A (zh) * 2011-01-14 2011-07-06 中国工商银行股份有限公司 一种移动支付数据安全加密方法、装置及手机
CN102665208A (zh) * 2012-04-06 2012-09-12 中国工商银行股份有限公司 移动终端、终端银行业务安全认证方法及系统

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016141865A1 (fr) * 2015-03-11 2016-09-15 中国银联股份有限公司 Procédé de transmission de données destiné à un paiement mobile en champ proche, et équipement utilisateur

Also Published As

Publication number Publication date
CN103778535A (zh) 2014-05-07
CN103778535B (zh) 2017-08-25

Similar Documents

Publication Publication Date Title
WO2018137302A1 (fr) Procédé et dispositif d'ajout de carte bancaire
US10083442B1 (en) Software PIN entry
US10586229B2 (en) Anytime validation tokens
CN106875173B (zh) 一种认证交易的方法
US20130054473A1 (en) Secure Payment Method, Mobile Device and Secure Payment System
US10223690B2 (en) Alternative account identifier
EP2098985A2 (fr) Architecture sûre pour lecteurs financiers
WO2020020329A1 (fr) Portefeuille numérique permettant une transaction hors-ligne anonyme ou avec nom réel et procédé d'utilisation
AU2008206394A1 (en) Generation systems and methods for transaction identifiers having biometric keys associated therewith
CA2686280A1 (fr) Methode et systeme pour autorisation de paiement et presentation de carte au moyen d'identites emises d'avance
CN115004208A (zh) 利用密码技术生成条形码
US20160086168A1 (en) Establishing communication between a reader application and a smart card emulator
WO2016044882A1 (fr) Transfert sécurisé de données de paiement
BR112018010287B1 (pt) Método para autenticação de um usuário para uma dada operação,função, ação e/ou processo a ser assegurado, dispositivo para a autenticação de um usuário para uma dada operação, função, ação e/ou processo a ser assegurado,servidor para a autenticação de um usuário para uma dada operação, função, ação e/ou processo a ser assegurado, e sistema, para autenticação de um usuário para uma dada operação, função, ação e/ou processo a ser assegurado
TWI715833B (zh) 一種空中發卡方法、裝置、計算設備、電腦可讀存儲介質及電腦程式產品
US11727403B2 (en) System and method for payment authentication
CN106330888A (zh) 一种保证互联网线上支付安全性的方法及装置
GB2508207A (en) Controlling access to secured data stored on a mobile device
KR101625065B1 (ko) 휴대단말기에서의 사용자 인증방법
WO2019237258A1 (fr) Procédé interactif de monnaie numérique, support physique de monnaie numérique, dispositif terminal et support de stockage
WO2014063546A1 (fr) Procédé et dispositif de traitement de demande d'accès à des données venant d'un terminal mobile
AU2015200701B2 (en) Anytime validation for verification tokens
US20170124561A1 (en) Methods, devices and systems for authorizing an age-restricted interaction
US12033142B2 (en) Authenticator app for consent architecture
CN115439108A (zh) 一种交易处理方法及装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 13849805

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 20/08/2015)

122 Ep: pct application non-entry in european phase

Ref document number: 13849805

Country of ref document: EP

Kind code of ref document: A1