WO2017028404A1 - Procédé, dispositif et terminal mobile pour transmettre des informations de transaction - Google Patents

Procédé, dispositif et terminal mobile pour transmettre des informations de transaction Download PDF

Info

Publication number
WO2017028404A1
WO2017028404A1 PCT/CN2015/096659 CN2015096659W WO2017028404A1 WO 2017028404 A1 WO2017028404 A1 WO 2017028404A1 CN 2015096659 W CN2015096659 W CN 2015096659W WO 2017028404 A1 WO2017028404 A1 WO 2017028404A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
verification information
information
legitimate
verification
Prior art date
Application number
PCT/CN2015/096659
Other languages
English (en)
Chinese (zh)
Inventor
陈柳章
Original Assignee
深圳市文鼎创数据科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市文鼎创数据科技有限公司 filed Critical 深圳市文鼎创数据科技有限公司
Publication of WO2017028404A1 publication Critical patent/WO2017028404A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Definitions

  • the embodiments of the present invention belong to the field of wireless communications, and in particular, to a method, an apparatus, and a mobile terminal for transmitting transaction information.
  • the current method for transmitting transaction information mainly uses Bluetooth communication between two devices (the first device and the second device) to transmit transaction information. Since the communication distance of Bluetooth can reach 10 meters, two Bluetooth-enabled devices can be paired within 10 meters to complete the transmission of transaction information.
  • a wide range of communicable distances greatly facilitates the use of users, but peers also increase the risk of illegally acquiring transaction information: because within the effective communication range of Bluetooth, there may be multiple A device is paired with the connected device, and therefore, the user cannot determine whether the transaction information generated by the first device is output to the second device or to other devices.
  • the communication distance of Bluetooth can be adjusted by adjusting the transmission power, the communication distance is also affected by the sensitivity of the receiving device. For example, if the transmission function of the Bluetooth is adjusted to the device A, the ⁇ can be received only in the lm range. At the same transmit power, device B may still receive Bluetooth signals within 5m.
  • the existing transaction information transmission method is less secure, and the transaction information is illegally acquired.
  • Embodiments of the present invention provide a method, a device, and a mobile terminal for transmitting transaction information, which are intended to solve the problem that the existing transaction information transmission method has low security and the transaction information is illegally acquired. Problem solution
  • An embodiment of the present invention is implemented by the method for transmitting transaction information, where the method includes:
  • Another object of the embodiments of the present invention is to provide a transaction information sending apparatus, where the apparatus includes:
  • a verification information receiving unit configured to receive verification information sent by the mobile terminal by short-distance communication
  • a verification information verification unit configured to verify, according to the verification information, whether the mobile terminal is a legal mobile terminal
  • the transaction information sending unit is configured to send transaction information to the legal mobile terminal after the mobile terminal is a legitimate mobile terminal.
  • Another object of the embodiments of the present invention is to provide a mobile terminal, where the mobile terminal includes:
  • the verification information sending unit is configured to send the verification information to the information security device by means of short-distance communication, so that the information security device verifies whether the mobile terminal is a legitimate mobile terminal according to the verification information.
  • the transaction information receiving unit is configured to receive transaction information that is sent by the information security device after determining that the mobile terminal is a legitimate mobile terminal.
  • the information security device can verify the validity of the mobile terminal by verifying the verification information, and then judge The transaction information is sent out after the mobile terminal is legal, so that the sent transaction information can be accurately transmitted to the mobile terminal, which reduces the risk of the transaction information being illegally intercepted.
  • FIG. 1 is a flowchart of a method for transmitting transaction information according to a first embodiment of the present invention
  • FIG. 2 is a structural diagram of a transaction information transmitting apparatus according to a second embodiment of the present invention.
  • FIG. 3 is a structural diagram of a mobile terminal according to a third embodiment of the present invention. Embodiments of the invention
  • the verification information sent by the mobile terminal by means of short-distance communication is received, and the mobile terminal is verified as a legal mobile terminal according to the verification information, and the mobile terminal is a legal mobile terminal. ⁇ , sending transaction information to the legitimate mobile terminal.
  • Embodiment 1 is a diagrammatic representation of Embodiment 1:
  • FIG. 1 is a flowchart of a method for transmitting transaction information according to a first embodiment of the present invention, which is described in detail as follows:
  • Step S1 receiving the verification information sent by the mobile terminal by means of short-distance communication.
  • the short-distance communication methods include: acoustic communication, near field communication (Near Field
  • the sound wave can control the effective range of the communication within the range that is desired to be communicated by adjusting the transmission power, for example, within 10 cm, and most of the mobile terminals within the 10 cm range are visible, and therefore, can be filtered as much as possible.
  • the verification information sent by the non-legitimate mobile terminal thereby improving the reliability of the source of the verification information.
  • the effective communication range is 20 cm at a frequency of 13.56 MHz.
  • visible light communication it is only necessary to block light when it is necessary to control the communication range of visible light.
  • the verifying information that is sent by the receiving mobile terminal by means of short-distance communication specifically includes: receiving the verification information that is sent by the mobile terminal by means of voice communication.
  • the verification information received by the information security device may be pre-stored in the mobile terminal, or may be sent to the mobile terminal first, and then sent by the mobile terminal, when sent to the mobile device for the information security device.
  • Terminal ⁇ before the receiving the verification information sent by the mobile terminal, the following steps are included
  • the verification information may be a random number generated by a random function, Data that can be agreed in advance by the information security device and the mobile terminal, such as a unique identifier of the mobile terminal.
  • the verification information may be unencrypted information or encrypted information.
  • the verification information can be sent to the mobile terminal by means of Bluetooth communication or other short-range communication.
  • Step S12 Verify, according to the verification information, whether the mobile terminal is a legitimate mobile terminal.
  • the verifying whether the mobile terminal is a valid mobile terminal according to the verification information specifically includes:
  • the mobile terminal After the verification information is the same as the stored standard verification information, the mobile terminal is determined to be a legitimate mobile terminal, otherwise, the mobile terminal is determined to be an illegal mobile terminal.
  • the information security device should store standard verification information in advance or pre-store a function for generating standard verification information. For example, if the verification information is sent by the information security device to the mobile terminal, the verification information needs to be stored as the standard verification information after the information security device sends the verification information. If the verification information is generated by the mobile terminal, the information security device also needs to be The function is stored, and after receiving the verification information sent by the mobile terminal, the same function is used to generate a standard verification information under the same conditions as the mobile terminal generates the verification information.
  • the verifying whether the mobile terminal is a valid mobile terminal according to the verification information includes:
  • the preset decryption algorithm is an algorithm for decrypting the verification information agreed with the mobile terminal.
  • the algorithm may be a symmetric algorithm (DES or AES, etc.) or an asymmetric algorithm (RSA or ECC, etc.); those skilled in the art It can be understood that when a symmetric algorithm or an asymmetric algorithm is used, it is also necessary to preset a corresponding key. For example, if the verification information is encrypted by public key, after the verification information is received, the verification information is decrypted by using the corresponding private key.
  • Step S13 Send the transaction information to the legal mobile terminal after the mobile terminal is a legitimate mobile terminal.
  • the transaction information includes: when the information security device is a POS device, the transaction information includes account information (such as an account number and a password); when the information security device is a Bluetooth shield, the transaction information includes a signature; When the information security device is a dynamic token, the transaction information includes a dynamic password.
  • the transaction information may also include the purchased item information and the like, which are not limited herein.
  • the verification information sent by the mobile terminal by means of short-distance communication is received, and it is verified whether the mobile terminal is a legal mobile terminal according to the verification information, and the mobile terminal is legal.
  • the mobile terminal transmits transaction information to the legitimate mobile terminal. Since the verification information sent by the short-distance communication is more secure and reliable, the information security device can verify the validity of the mobile terminal by verifying the verification information, and then issue the transaction information after determining that the mobile terminal is legal. Thereby, the sent transaction information can be accurately transmitted to the mobile terminal, which reduces the risk of the transaction information being illegally intercepted.
  • the size of the sequence numbers of the foregoing processes does not mean the order of execution sequence, and the execution order of each process should be determined by its function and internal logic, and should not be taken to the embodiment of the present invention.
  • the implementation process constitutes any limitation.
  • Embodiment 2 is a diagrammatic representation of Embodiment 1
  • FIG. 2 is a structural diagram of a transaction information transmitting apparatus according to a second embodiment of the present invention.
  • the transaction information transmitting apparatus can be applied to various information security devices, such as a POS machine, a Bluetooth shield. Or a dynamic token or the like, for the convenience of explanation, only parts related to the embodiment of the present invention are shown.
  • the transaction information transmitting apparatus includes: a verification information receiving unit 21, a verification information verifying unit 22, and a transaction information transmitting unit 23. among them:
  • the verification information receiving unit 21 is configured to receive verification information that is sent by the mobile terminal by short-distance communication.
  • the manner of short-distance communication includes: acoustic wave communication, NFC communication, visible light communication, infrared communication, and the like.
  • the effective communication distances of the above-mentioned communication methods are very short in order to control the source of the verification information. Reliability.
  • the verification information receiving unit 21 is specifically configured to receive verification information that is sent by the mobile terminal by means of voice communication.
  • the verification information may be pre-stored in the mobile terminal, or may be sent to the mobile terminal for the information security device, and then sent by the mobile terminal.
  • the transaction information sending apparatus includes:
  • the verification information sending unit is configured to send the verification information to the mobile terminal.
  • the verification information may be generated by a function, or may be data agreed by the information security device and the mobile terminal in advance, such as a unique identifier of the mobile terminal.
  • the verification information may be unencrypted information or encrypted information.
  • the verification information verification unit 22 is configured to verify, according to the verification information, whether the mobile terminal is a legitimate mobile terminal.
  • the verification information verification unit 22 includes:
  • a verification information comparison module configured to compare the verification information with the stored standard verification information.
  • the first mobile terminal legality determining module is configured to determine that the mobile terminal is a legitimate mobile terminal after the verification information is the same as the stored standard verification information, otherwise, determine that the mobile terminal is an illegal mobile terminal.
  • the verification information verification unit 22 includes:
  • the verification information decryption module is configured to decrypt the verification information according to a preset decryption algorithm.
  • the preset decryption algorithm is an algorithm for decrypting the verification information agreed with the mobile terminal.
  • a decryption result comparison module configured to compare the decrypted result with the stored standard verification information.
  • the second mobile terminal legality determining module is configured to determine that the mobile terminal is a legitimate mobile terminal after the decryption result is the same as the stored standard verification information, otherwise, determine that the mobile terminal is an illegal mobile terminal.
  • the transaction information sending unit 23 is configured to send a transaction letter after the mobile terminal is a legitimate mobile terminal Interested in the legitimate mobile terminal.
  • the transaction information includes: when the information security device is a POS device, the transaction information includes account information (such as an account number, a password); when the information security device is a Bluetooth shield, the transaction information includes a signature; When the information security device is a dynamic token, the transaction information includes a dynamic password.
  • the transaction information may also include the purchased item information and the like, which are not limited herein.
  • the information security device can verify the validity of the mobile terminal by verifying the verification information, and further It is judged that the mobile terminal issues the transaction information after being legal, so that the sent transaction information can be accurately transmitted to the mobile terminal, which reduces the risk that the transaction information is illegally intercepted.
  • Embodiment 3 is a diagrammatic representation of Embodiment 3
  • FIG. 3 is a structural diagram of a mobile terminal provided by a third embodiment of the present invention, including a mobile phone, a smart phone, a laptop computer, a digital broadcast terminal, a PDA (Personal Digital Assistant), P MP (portable multimedia player), navigation system, etc.
  • the embodiment described in the present specification can be applied to fixed terminals such as digital televisions, desktop computers, etc., except when applied only to mobile terminals. For the convenience of explanation, only parts related to the embodiment of the present invention are shown.
  • the mobile terminal includes:
  • the verification information sending unit 31 is configured to send the verification information to the information security device by means of short-distance communication, so that the information security device verifies whether the mobile terminal is a legitimate mobile terminal according to the verification information.
  • the manner of short-distance communication includes: acoustic wave communication, NFC communication, visible light communication, infrared communication, and the like.
  • the effective communication distances of the above-listed communication methods are very short in order to control the reliability of the source of the verification information.
  • the verification information sending unit 31 is configured to send the verification information to the information security device by means of voice communication, so that the information security device verifies whether the mobile terminal is a legitimate mobile terminal according to the verification information.
  • the verification information may be pre-stored in the mobile terminal, or may be sent to the mobile terminal first, and then sent by the mobile terminal.
  • the mobile terminal when the information security device is first sent to the mobile terminal, the mobile terminal includes: [0078]
  • the verification information receiving unit is configured to receive the verification information sent by the information security device.
  • the verification information may be generated by a function, or may be data agreed by the information security device and the mobile terminal in advance, such as a unique identifier of the mobile terminal.
  • the verification information may be unencrypted information or encrypted information.
  • the transaction information receiving unit 32 is configured to receive transaction information that is sent by the information security device after determining that the mobile terminal is a legitimate mobile terminal.
  • the transaction information includes: when the information security device is a POS device, the transaction information includes account information (such as an account number, a password); when the information security device is a Bluetooth shield, the transaction information includes a signature; When the information security device is a dynamic token, the transaction information includes a dynamic password.
  • the transaction information may also include the purchased item information and the like, which are not limited herein.
  • the verification information sent by means of short-distance communication is more secure and reliable, it is convenient for the information security device to judge the legitimacy of the mobile terminal that sends the verification information, and thus the information security After the device determines that the mobile terminal is legal, the transaction information is sent, so that the mobile terminal can accurately receive the transaction information, thereby reducing the risk that the transaction information is illegally intercepted.
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division, and the actual implementation may have another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored, or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the unit described as a separate component may or may not be physically distributed, and the component displayed as a unit may or may not be a physical unit, that is, may be located in one place, or may be distributed to multiple On the network unit. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the functions, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium.
  • the technical solution of the present invention which is essential or contributes to the prior art, or a part of the technical solution, may be embodied in the form of a software product, which is stored in a storage medium, including
  • the instructions are used to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a USB flash drive, a removable hard disk, a read only memory (ROM, Read-Only)
  • RAM random access memory
  • disk disk or optical disk, and other media that can store program code.

Abstract

L'invention concerne un procédé, un dispositif et un terminal mobile pour transmettre des informations de transaction. Le procédé consiste : à recevoir des informations d'authentification transmises par un terminal mobile par l'intermédiaire d'une communication à courte portée (S11) ; à authentifier, selon les informations d'authentification, si le terminal mobile est un terminal mobile légitime ou non (S12) ; si le terminal mobile est un terminal mobile légitime, alors à transmettre des informations de transaction au terminal mobile légitime (S13). Le procédé peut réduire le risque d'interception illicite d'informations de transaction.
PCT/CN2015/096659 2015-08-18 2015-12-08 Procédé, dispositif et terminal mobile pour transmettre des informations de transaction WO2017028404A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510507678.3 2015-08-18
CN201510507678.3A CN105184558B (zh) 2015-08-18 2015-08-18 交易信息发送方法、装置以及移动终端

Publications (1)

Publication Number Publication Date
WO2017028404A1 true WO2017028404A1 (fr) 2017-02-23

Family

ID=54906620

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/096659 WO2017028404A1 (fr) 2015-08-18 2015-12-08 Procédé, dispositif et terminal mobile pour transmettre des informations de transaction

Country Status (2)

Country Link
CN (1) CN105184558B (fr)
WO (1) WO2017028404A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105813076A (zh) * 2016-03-10 2016-07-27 北京芯杰科技有限公司 一种通信方法及装置
CN108418834A (zh) * 2018-04-04 2018-08-17 成都鹏业软件股份有限公司 一种物联网设备身份验证方法
CN111461705A (zh) * 2020-03-10 2020-07-28 北京达龙上东文化艺术传播有限责任公司 一种硬件钱包的验证方法和装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1514573A (zh) * 2003-04-24 2004-07-21 徐文祥 身份认证方法及其身份认证系统
US20090075592A1 (en) * 2005-12-16 2009-03-19 Sebastian Nystrom Method and device for controlling and providing indications of communication events
CN102271012A (zh) * 2011-08-18 2011-12-07 中兴通讯股份有限公司 近场通信终端、系统及方法
CN102546571A (zh) * 2010-12-31 2012-07-04 国民技术股份有限公司 一种身份认证系统及认证方法
CN103927655A (zh) * 2014-05-04 2014-07-16 谢宇杰 基于蓝牙的智能设备支付方法及系统

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101385429B1 (ko) * 2011-09-07 2014-04-15 주식회사 팬택 Nfc를 이용하는 전자 계약의 개인 인증 방법, 이를 수행하기 위한 인증 서버 및 단말기
KR20130035472A (ko) * 2011-09-30 2013-04-09 삼성전기주식회사 소프트웨어 불법복제 방지 시스템 및 소프트웨어 불법복제 방지 방법
CN103679975A (zh) * 2012-09-10 2014-03-26 中国电信股份有限公司 一种用于移动终端的支付方法和系统
CN104301288B (zh) * 2013-07-16 2017-11-10 中钞信用卡产业发展有限公司 在线身份认证、在线交易验证、在线验证保护的方法与系统
CN103812657B (zh) * 2013-12-31 2015-02-18 深圳光启创新技术有限公司 认证方法
CN104363589A (zh) * 2014-12-09 2015-02-18 北京大唐智能卡技术有限公司 一种身份认证的方法、装置和终端

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1514573A (zh) * 2003-04-24 2004-07-21 徐文祥 身份认证方法及其身份认证系统
US20090075592A1 (en) * 2005-12-16 2009-03-19 Sebastian Nystrom Method and device for controlling and providing indications of communication events
CN102546571A (zh) * 2010-12-31 2012-07-04 国民技术股份有限公司 一种身份认证系统及认证方法
CN102271012A (zh) * 2011-08-18 2011-12-07 中兴通讯股份有限公司 近场通信终端、系统及方法
CN103927655A (zh) * 2014-05-04 2014-07-16 谢宇杰 基于蓝牙的智能设备支付方法及系统

Also Published As

Publication number Publication date
CN105184558A (zh) 2015-12-23
CN105184558B (zh) 2019-02-01

Similar Documents

Publication Publication Date Title
TWI655875B (zh) Method for establishing wireless communication connection, communication master device, communication slave device, server and system
CN109150548B (zh) 一种数字证书签名、验签方法及系统、数字证书系统
WO2017045539A1 (fr) Procédé et dispositif d'authentification d'identité
US11501294B2 (en) Method and device for providing and obtaining graphic code information, and terminal
US10025920B2 (en) Enterprise triggered 2CHK association
US8214890B2 (en) Login authentication using a trusted device
US10033701B2 (en) Enhanced 2CHK authentication security with information conversion based on user-selected persona
WO2015180691A1 (fr) Procédé et dispositif d'accord sur des clés pour informations de validation
WO2015192670A1 (fr) Procédé d'authentification d'identité d'utilisateur, terminal et terminal de service
KR20150132471A (ko) 미디어 바인딩을 사용하는 안전한 모바일 결제
KR20160097323A (ko) Nfc 인증 메커니즘
TW201824809A (zh) 資訊安全的驗證方法、裝置和系統
US8918844B1 (en) Device presence validation
EP3668120A1 (fr) Dispositif d'aide auditive doté d'un mode de service et procédé associé
CN112823503B (zh) 一种数据访问方法、数据访问装置及移动终端
WO2014201907A1 (fr) Procédé et système de signature électronique
WO2015158172A1 (fr) Carte d'identification de l'identité d'un utilisateur
WO2014187206A1 (fr) Procédé et système pour sauvegarder une clé privée dans un jeton de signature électronique
WO2021051941A1 (fr) Procédé et appareil de traitement d'informations
WO2024031868A1 (fr) Procédé d'authentification de la sécurité d'un dispositif sur la base d'un chiffrement d'attribut et son appareil associé
WO2012034339A1 (fr) Procédé et terminal mobile pour la réalisation d'un paiement en réseau
CN106411520B (zh) 一种虚拟资源数据的处理方法、装置及系统
WO2015109958A1 (fr) Procédé de traitement de données basé sur une clé de négociation, et téléphone mobile
WO2017028404A1 (fr) Procédé, dispositif et terminal mobile pour transmettre des informations de transaction
TWI827906B (zh) 訊息傳輸系統以及應用其中之使用者裝置與資訊安全硬體模組

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15901607

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15901607

Country of ref document: EP

Kind code of ref document: A1