CN106209383A - A kind of method and device of mobile payment security certification - Google Patents
A kind of method and device of mobile payment security certification Download PDFInfo
- Publication number
- CN106209383A CN106209383A CN201610557060.2A CN201610557060A CN106209383A CN 106209383 A CN106209383 A CN 106209383A CN 201610557060 A CN201610557060 A CN 201610557060A CN 106209383 A CN106209383 A CN 106209383A
- Authority
- CN
- China
- Prior art keywords
- signature
- message
- sent
- safety chip
- secure payment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Business, Economics & Management (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention discloses the method and device of a kind of mobile payment security certification, method includes: secure payment APP obtains KEY ID from safety chip;Plant front end processor in advance KEY ID and the name of user, type of credential and certificate number to be bound, and binding information is sent to pre-server of planting preserves, plant server in advance and binding success result is returned to secure payment APP of mobile terminal;User sends payment request in secure payment APP of mobile terminal, and after input PIN code, transaction message is sent to safety chip by secure payment APP;After PIN code is verified by safety chip, transaction message is done digital signature and processes, and signature value is sent to signature verification service device carries out sign test, when confirm be to conclude the business in person time, then pay successfully and payment result returned to secure payment APP.The present invention can realize adding the higher digital certificate of level of security or electronic signature, can guarantee that the safety of mobile payment.
Description
Technical field
The present invention relates to mobile payment field, particularly to the method and device of a kind of mobile payment security certification.
Background technology
In message transmitting procedure, the simple confidentiality using encryption to ensure data, actually there is also defect, if
Sender goes back on one's word suddenly after sending certain information, states that this information is not that oneself sends, denies, although data pass
It is secrecy during defeated, but sender's identity of this information cannot be proved, be so unfavorable for the management of communication.
In prior art, the general mode using signature, make information non-repudiation, such as, contract negotiation, bank debits
Deng, all have employed the form of user's signature, it was demonstrated that this information occurred really, then, in network communications, generally use number
Word signature realizes the non-repudiation of information.
Within 2015, Central Bank has issued " non-banking payment mechanism network payment operational control way (exposure draft) ", this,
" way " regulation payment mechanism as used no less than two classes checking key elements, and including the higher digital certificate of level of security or
Electronic signature, then can arrange single with client, the odd-numbered day adds up limit voluntarily;Payment mechanism is no less than two class key elements as used,
But the most do not include digital certificate, electronic signature, " way " with reference to the People's Bank for business bank, bank card liquidation organization
Regulator requirement, it is stipulated that the odd-numbered day adds up 5000 yuan of limits.Therefore, the restriction of defined in " way " to be broken, need
During mobile payment, add the higher digital certificate of level of security or electronic signature.But, current technology has not been achievable
The higher digital certificate of level of security or electronic signature is added, it is impossible to ensure the safety of mobile payment in mobile payment.
Summary of the invention
The technical problem to be solved in the present invention is, above-mentioned the failing in mobile payment for prior art realizes adding
Digital certificate or electronic signature that level of security is higher are it cannot be guaranteed that the defect of safety of mobile payment, it is provided that Yi Zhongneng
Realize adding the higher digital certificate of level of security or electronic signature, can guarantee that the mobile payment of the safety of mobile payment is pacified
The method and device of full certification.
The technical solution adopted for the present invention to solve the technical problems is: construct the side of a kind of mobile payment security certification
Method, comprises the steps:
A) user installs secure payment APP in the terminal, and by described secure payment APP safety in bracelet
Chip is initiated to obtain and is planted certificate KEY ID request in advance, and KEY ID is sent to described secure payment APP by described safety chip;
B) described KEY ID and the name of user, type of credential and certificate number are sent to pre-by described secure payment APP
Planting front end processor to bind, binding information is sent to pre-server of planting and preserves by described pre-front end processor of planting, and described pre-plants service
Binding success result is returned to described secure payment APP by device simultaneously;
C) described user sends payment request in described secure payment APP of its mobile terminal, and searches described KEY ID,
Described secure payment APP prompting input PIN code, after described user inputs described PIN code, transaction is reported by described secure payment APP
Literary composition is sent to described safety chip;
D) described PIN code is verified by described safety chip, and judges whether by checking, in this way, by payment
Display is on the display screen of described bracelet, and user described in vibration reminding, performs step E);Otherwise, described safety chip will be handed over
The most failed information is sent to described secure payment APP;
E) described transaction message is done digital signature process by described safety chip, and signature value is sent to signature verification clothes
Business device carries out sign test, when confirmation is to conclude the business in person, then pays successfully and payment result returns to described secure payment APP.
In the method for mobile payment security certification of the present invention, described step E) farther include:
E1) described bracelet generates RSA key pair temporarily;Described RSA key is to including private key and PKI;
E2) described private key is saved in described safety chip, and described PKI and transaction message are assembled into signature report
Literary composition;
E3) described bracelet uses algorithm set in advance to described signature message by the report being calculated a fixing figure place
Literary composition digest value, and the message digest value of described fixing figure place is obtained digital signature after the encryption of described private key;
E4) described digital signature is sent to described signature verification service device, described signature with signature message by described bracelet
Authentication server uses algorithm set in advance that described signature message is calculated the first message digest value, then uses described PKI
Described digital signature is decrypted and obtains the second message digest value;
E5) described first message digest value and the second message digest value are compared, and judge whether equal, in this way,
Determine that described transaction message is from described user;Otherwise, it determines described transaction message is not from described user.
In the method for mobile payment security certification of the present invention, the figure place of described RSA key pair is 1028.
In the method for mobile payment security certification of the present invention, described algorithm set in advance is HASH (Hash)
Algorithm.
In the method for mobile payment security certification of the present invention, described secure payment APP wirelessly with
Described safety chip carries out communication.
The invention still further relates to the device of a kind of method realizing above-mentioned mobile payment security certification, including:
Request transmitting unit: be used for making user install secure payment APP in the terminal, and by described secure payment
APP safety chip in bracelet is initiated to obtain and is planted certificate KEY ID request in advance, and KEY ID is sent to institute by described safety chip
State secure payment APP;
Information binding unit: for making described secure payment APP by described KEY ID and the name of user, type of credential
Being sent to pre-front end processor of planting with certificate number bind, binding information is sent to pre-server of planting and protects by described pre-front end processor of planting
Depositing, binding success result is returned to described secure payment APP by described pre-server of planting simultaneously;
Transaction message transmitting element: for making described user send payment in described secure payment APP of its mobile terminal
Request, and search described KEY ID, described secure payment APP prompting input PIN code, after described user inputs described PIN code, institute
State secure payment APP and transaction message is sent to described safety chip;
Checking judging unit: be used for making described safety chip that described PIN code to be verified, and judge whether by testing
Card, in this way, shows payment on the display screen of described bracelet, and user described in vibration reminding;Otherwise, described safe core
The information of Fail Transaction is sent to described secure payment APP by sheet;
Signature unit: be used for making described safety chip that described transaction message to be done digital signature and process, and signature value is sent out
Deliver to signature verification service device and carry out sign test, when confirmation is to conclude the business in person, then pays successfully and payment result is returned to institute
State secure payment APP.
In the device of the method realizing above-mentioned mobile payment security certification of the present invention, described signature unit enters one
Step includes:
RSA key is to generation module: be used for making described bracelet generate RSA key pair temporarily;Described RSA key is to including private
Key and PKI;
Preserve and assemble module: for described private key is saved in described safety chip, and by described PKI and transaction report
Literary composition is assembled into signature message;
Digital signature acquisition module: be used for making described bracelet use algorithm set in advance to described signature message by calculating
Obtain the message digest value of a fixing figure place, and the message digest value of described fixing figure place is obtained after the encryption of described private key
Digital signature;
Calculate deciphering module: be used for making described bracelet that with signature message, described digital signature is sent to described signature verification
Server, described signature verification service device uses algorithm set in advance that described signature message is calculated the first message digest
Value, is then decrypted described digital signature with described PKI and obtains the second message digest value;
Message digest comparison module: for described first message digest value and the second message digest value are compared, and
Judge whether equal, in this way, determine that described transaction message is from described user;Otherwise, it determines described transaction message is not from
Described user.
In the device of the method realizing above-mentioned mobile payment security certification of the present invention, described RSA key pair
Figure place is 1028.
In the device of the method realizing above-mentioned mobile payment security certification of the present invention, described calculation set in advance
Method is HASH algorithm.
In the device of the method realizing above-mentioned mobile payment security certification of the present invention, described secure payment APP
Wirelessly carry out communication with described safety chip.
Implement the method and device of the mobile payment security certification of the present invention, have the advantages that due to safe core
Transaction message is done digital signature and is processed by sector-meeting, and signature value is sent to signature verification service device carries out sign test, when confirming to be
When I concludes the business, then pay successfully and payment result is returned to secure payment APP, so it can realize adding level of security relatively
High digital certificate or electronic signature, can guarantee that the safety of mobile payment.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, also may be used
To obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of the method in one embodiment of method and device of mobile payment security certification of the present invention;
Fig. 2 is that in described embodiment, transaction message is done digital signature process by safety chip, and is sent to signature value sign
Name authentication server carries out the particular flow sheet of sign test;
Fig. 3 is the structural representation of device in described embodiment.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Describe, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments wholely.Based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under not making creative work premise
Embodiment, broadly falls into the scope of protection of the invention.
In the method and device embodiment of mobile payment security certification of the present invention, the method for its mobile payment security certification
Flow chart as shown in Figure 1.In Fig. 1, the method for this mobile payment security certification comprises the steps:
Step S01 user installs secure payment APP in the terminal, and by secure payment APP peace in bracelet
Full chip is initiated to obtain and is planted certificate KEY ID request in advance, and KEY ID is sent to secure payment APP by safety chip: the present embodiment
In, bracelet contains the safety chip (i.e. SE) of a CFCA (China's finance authentication center) certification, in each safety chip
Mask has unique KEY ID.In this step, user installs secure payment APP in the terminal, and by this secure payment
APP safety chip in bracelet is initiated to obtain and is planted certificate KEY ID request in advance, after safety chip receives this request, by safe core
KEY ID in sheet is sent to secure payment APP.It is noted that in the present embodiment, mobile terminal can be mobile phone, flat board
Computer, notebook or PDA etc..
Before KEY ID and the name of user, type of credential and certificate number are sent to pre-planting by step S02 secure payment APP
The machine of putting is bound, and plants front end processor in advance and binding information is sent to pre-server of planting preserves, and planting server in advance simultaneously will binding
Successful result returns to secure payment APP: in this step, and secure payment APP is by KEY ID and the name of user, type of credential
It is sent to pre-front end processor of planting with certificate number bind, after binding success, plants front end processor in advance and be sent to binding information pre-plant service
Device preserves, and plants server in advance and binding success result is returned to secure payment APP simultaneously.So, each bracelet all with
User has done uniqueness binding.
Step S03 user sends payment request in secure payment APP of its mobile terminal, and searches KEYID, secure payment
APP prompting input PIN code, after user inputs PIN code, transaction message is sent to safety chip by secure payment APP: this step
In, user sends payment request in secure payment APP of its mobile terminal, and secure payment APP searches the bracelet of user, if used
User at one's side, then in secure payment APP, prompting inputs PIN code, after user inputs PIN code, secure payment APP to the bracelet at family
Transaction message is sent to safety chip.
PIN code is verified by step S04 safety chip, and judges whether by checking: in this step, safety chip pair
PIN code is verified, and judges whether by checking, namely judges that this PIN code is the most correct, in this way, performs step S06;
Otherwise, step S05 is performed.
The information of Fail Transaction is sent to secure payment APP by step S05 safety chip: if the sentencing of above-mentioned steps S04
Disconnected result is no, then perform this step.In this step, the information of Fail Transaction is sent to secure payment APP by safety chip.
Payment is shown on the display screen of bracelet by step S06, and vibration reminding user: if above-mentioned steps S04
Judged result be yes, then perform this step.In this step, just payment shows on the display screen of bracelet, and shakes
Remind user.Perform this step, perform step S07.
Transaction message is done digital signature and is processed by step S07 safety chip, and signature value is sent to signature verification service
Device carries out sign test, when confirm be to conclude the business in person time, then pay successfully and payment result returned to secure payment APP: this step
In, transaction message is done digital signature and is processed by the safety chip in bracelet, and signature value is sent to signature verification service device enters
Row sign test, when confirm be user conclude the business time, then pay successfully and payment result returned to secure payment APP.So its
Can realize adding the higher digital certificate of level of security or electronic signature, can guarantee that the safety of mobile payment.
For the present embodiment, above-mentioned steps S07 also can refine further, its refinement after flow chart as in figure 2 it is shown,
In Fig. 2, above-mentioned steps S07 farther includes:
Step S71 bracelet generates RSA key pair temporarily: in this step, when bracelet is when transacting business checking, can generate temporarily
RSA key pair, this RSA key is to including private key and PKI.In the present embodiment, the figure place of RSA key pair is 1028.Certainly,
Under the certain situation of the present embodiment, the figure place of RSA key pair can also be other values.
Private key is saved in safety chip by step S72, and PKI and transaction message are assembled into signature message: this step
In, private key is saved in safety chip, and PKI and transaction message are assembled into signature message.
Step S73 bracelet uses algorithm set in advance to pluck signature message by the message being calculated a fixing figure place
It is worth, and obtains digital signature after the message digest value private key encryption of fixing figure place: in this step, bracelet uses and sets in advance
Fixed algorithm to signature message by being calculated the message digest value of a fixing figure place, and by the message digest of this fixing figure place
Digital signature is obtained after the encryption of value private key.It is noted that for the message digest value calculated, need at mathematics
As long as upper guarantee change signature message in any one, the message digest value recalculated will not correspond with original value.
This ensures that there the unalterable feature of transaction message.Above-mentioned algorithm set in advance can be HASH algorithm, naturally it is also possible to
Use other algorithms.
Digital signature is sent to signature verification service device with signature message by step S74 bracelet, and signature verification service device makes
With algorithm set in advance, signature message is calculated the first message digest value, then with PKI, digital signature is decrypted
To the second message digest value: in this step, digital signature is sent to signature verification service device with signature message by bracelet, and signature is tested
After card server receives, above-mentioned algorithm set in advance is used signature message to be calculated the first message digest value, then by public affairs
Digital signature is decrypted and obtains the second message digest value by key.
First message digest value and the second message digest value are compared by step S75, and judge whether equal: this step
In, the first message digest value and the second message digest value are compared, and judges whether equal, in this way, i.e. both are equal, then
Perform step S77;Otherwise, step S76 is performed.
Step S76 determines that transaction message is not from user: if the judged result of above-mentioned steps S75 is no, i.e. both
Unequal, then perform this step.In this step, determine that transaction message is not from user.
Step S77 determines that transaction message is from user: if the judged result of above-mentioned steps S75 is yes, then perform this step
Suddenly.In this step, determine that transaction message is from user." deciphering " message digest can be passed through owing to only having the signer of private key
Value generates signature, therefore has safety and non repudiation.
It is noted that in the present embodiment, when secure payment APP carries out communication with safety chip, be by wireless
Mode carries out communication.Such as: bluetooth, wifi etc..When use bluetooth approach time, bracelet transact business checking time, safety support
Paying APP and can give the Bluetooth chip in bracelet by signature message by bluetooth privately owned news agreement, Bluetooth chip will be according in agreement
Holding, send and instruct to safety chip accordingly, safety chip performs dependent instruction again, and returns result to Bluetooth chip, bluetooth
The resultant content of return is returned to secure payment APP by bluetooth proprietary protocol by chip again.It is flexible to operation.
The present embodiment further relates to the device of a kind of method realizing above-mentioned mobile payment security certification, and its structural representation is such as
Shown in Fig. 3.In Fig. 3, this device includes that request transmitting unit 1, information binding unit 2, transaction message transmitting element 3, checking are sentenced
Disconnected unit 4 and signature unit 5;Wherein, request transmitting unit 1 is used for making user install secure payment APP in the terminal, and
Initiating to obtain by secure payment APP safety chip in bracelet and plant certificate KEY ID request in advance, safety chip is by KEY ID
It is sent to secure payment APP;Information binding unit 2 is for making secure payment APP by KEY ID and the name of user, certificate class
Type and certificate number are sent to pre-front end processor of planting and bind, and plant front end processor in advance and binding information is sent to pre-server of planting protects
Deposit, plant server in advance and binding success result is returned to secure payment APP simultaneously;Transaction message transmitting element 3 is used for making user
Secure payment APP at its mobile terminal sends payment request, and searches KEY ID, secure payment APP prompting input PIN code,
After user inputs PIN code, transaction message is sent to safety chip by secure payment APP;Checking judging unit 4 is used for making safe core
PIN code is verified by sheet, and judges whether, by checking, in this way, payment to be shown on the display screen of bracelet, and shake
Dynamic prompting user;Otherwise, the information of Fail Transaction is sent to secure payment APP by safety chip;Signature unit 5 is used for making safety
Transaction message is done digital signature and is processed by chip, and signature value is sent to signature verification service device carries out sign test, when confirming to be
When I concludes the business, then pay successfully and payment result is returned to secure payment APP.So it can realize adding level of security relatively
High digital certificate or electronic signature, can guarantee that the safety of mobile payment.It is noted that in the present embodiment, safety
Pay APP and wirelessly carry out communication with safety chip.
In the present embodiment, signature unit 5 farther includes RSA key and generation module 51, preservation is assembled module 52, numeral
Signature acquisition module 53, calculating deciphering module 54 and message digest comparison module 55;Wherein, generation module 51 is used by RSA key
Generate RSA key pair in making bracelet temporarily;RSA key is to including private key and PKI, and the figure place of RSA key pair is 1028, also
Can be other values;Preserve assembling module 52 to be used for being saved in safety chip private key, and PKI is assembled with transaction message
For signature message;Digital signature acquisition module 53 is used for making bracelet use algorithm set in advance to signature message by being calculated
The message digest value of one fixing figure place, and obtain digital signature after the message digest value private key encryption of fixing figure place;On
Stating algorithm set in advance is HASH algorithm, it is also possible to for other algorithms.Calculate deciphering module 54 to be used for making bracelet by numeral label
Name is sent to signature verification service device with signature message, and signature verification service device uses algorithm set in advance to signature message meter
Calculate the first message digest value, then with PKI digital signature is decrypted and obtains the second message digest value;Message digest ratio
Relatively module 55 is for comparing the first message digest value and the second message digest value, and judges whether equal, in this way, determines
Transaction message is from user;Otherwise, it determines transaction message is not from user.Can pass through owing to only having the signer of private key
" decipher " message digest value and generate signature, therefore there is safety and non repudiation.
In a word, in the present embodiment, the signature process of digital signature, it is simply that sender is according to information to be sent, with certainly
Body private key forms digital signature after encrypting message digest value.Namely user uses the private key of oneself to message digest value in addition
Process, own owing to key is only me, this creates the terminal the file that others cannot generate, be also the formation of digital signature,
Use digital signature, it is ensured that information is sent by signer oneself signature, and signer can not be denied or is difficult to deny.Connect
Debit can verify information Zi not made any amendment after signing and issuing to receiving, the file signed and issued is authentic document.Therefore,
Ensure that the safety of payment.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Within god and principle, any modification, equivalent substitution and improvement etc. made, should be included within the scope of the present invention.
Claims (10)
1. the method for a mobile payment security certification, it is characterised in that comprise the steps:
A) user installs secure payment APP in the terminal, and by described secure payment APP safety chip in bracelet
Initiating to obtain and plant certificate KEY ID request in advance, KEY ID is sent to described secure payment APP by described safety chip;
B) before described KEY ID and the name of user, type of credential and certificate number are sent to pre-planting by described secure payment APP
The machine of putting is bound, and binding information is sent to pre-server of planting and preserves by described pre-front end processor of planting, described pre-plant server with
Time binding success result is returned to described secure payment APP;
C) described user sends payment request in described secure payment APP of its mobile terminal, and searches described KEY ID, described
Secure payment APP prompting input PIN code, after described user inputs described PIN code, transaction message is sent out by described secure payment APP
Deliver to described safety chip;
D) described PIN code is verified by described safety chip, and judges whether, by checking, in this way, payment to be shown
On the display screen of described bracelet, and user described in vibration reminding, perform step E);Otherwise, transaction is lost by described safety chip
The information lost is sent to described secure payment APP;
E) described transaction message is done digital signature process by described safety chip, and signature value is sent to signature verification service device
Carry out sign test, when confirmation is to conclude the business in person, then pays successfully and payment result is returned to described secure payment APP.
The method of mobile payment security certification the most according to claim 1, it is characterised in that described step E) wrap further
Include:
E1) described bracelet generates RSA key pair temporarily;Described RSA key is to including private key and PKI;
E2) described private key is saved in described safety chip, and described PKI and transaction message are assembled into signature message;
E3) described bracelet uses algorithm set in advance to pluck described signature message by the message being calculated a fixing figure place
It is worth, and the message digest value of described fixing figure place is obtained digital signature after the encryption of described private key;
E4) described digital signature is sent to described signature verification service device, described signature verification with signature message by described bracelet
Server uses algorithm set in advance described signature message to be calculated the first message digest value, then with described PKI to institute
State digital signature to be decrypted and obtain the second message digest value;
E5) described first message digest value and the second message digest value are compared, and judge whether equal, in this way, determine
Described transaction message is from described user;Otherwise, it determines described transaction message is not from described user.
The method of mobile payment security certification the most according to claim 2, it is characterised in that the position of described RSA key pair
Number is 1028.
The method of mobile payment security certification the most according to claim 2, it is characterised in that described algorithm set in advance
For HASH algorithm.
5. according to the method for the mobile payment security certification described in Claims 1-4 any one, it is characterised in that described peace
The full APP that pays wirelessly carries out communication with described safety chip.
6. the device of the method realizing mobile payment security certification as claimed in claim 1, it is characterised in that including:
Request transmitting unit: be used for making user install secure payment APP in the terminal, and by described secure payment APP
Safety chip in bracelet is initiated to obtain and is planted certificate KEY ID request in advance, and KEY ID is sent to described peace by described safety chip
Entirely pay APP;
Information binding unit: for making described secure payment APP by described KEY ID and the name of user, type of credential and card
Piece number is sent to pre-front end processor of planting and binds, and binding information is sent to pre-server of planting and preserves by described pre-front end processor of planting,
Binding success result is returned to described secure payment APP by described pre-server of planting simultaneously;
Transaction message transmitting element: for making described user send payment request in described secure payment APP of its mobile terminal,
And search described KEY ID, the prompting of described secure payment APP inputs PIN code, after described user inputs described PIN code, described peace
Transaction message is sent to described safety chip by the full APP that pays;
Checking judging unit: be used for making described safety chip that described PIN code to be verified, and judge whether by verifying, as
It is payment to be shown on the display screen of described bracelet, and user described in vibration reminding;Otherwise, described safety chip will
The information of Fail Transaction is sent to described secure payment APP;
Signature unit: be used for making described safety chip that described transaction message to be done digital signature and process, and signature value is sent to
Signature verification service device carries out sign test, when confirmation is to conclude the business in person, then pays successfully and payment result returns to described peace
Entirely pay APP.
The device of the method for realization the most according to claim 6 mobile payment security as claimed in claim 1 certification, its
Being characterised by, described signature unit farther includes:
RSA key is to generation module: be used for making described bracelet generate RSA key pair temporarily;Described RSA key to include private key and
PKI;
Preserve and assemble module: for described private key is saved in described safety chip, and by described PKI and transaction message group
Dress is signature message;
Digital signature acquisition module: be used for making described bracelet use algorithm set in advance to described signature message by being calculated
The message digest value of one fixing figure place, and the message digest value of described fixing figure place is obtained numeral after the encryption of described private key
Signature;
Calculate deciphering module: be used for making described bracelet that with signature message, described digital signature is sent to described signature verification service
Device, described signature verification service device uses algorithm set in advance described signature message to be calculated the first message digest value, so
With described PKI described digital signature is decrypted afterwards and obtains the second message digest value;
Message digest comparison module: for described first message digest value and the second message digest value are compared, and judge
The most equal, in this way, determine that described transaction message is from described user;Otherwise, it determines described transaction message is not from described
User.
The device of the method for realization the most according to claim 7 mobile payment security as claimed in claim 1 certification, its
Being characterised by, the figure place of described RSA key pair is 1028.
The device of the method for realization the most according to claim 7 mobile payment security as claimed in claim 1 certification, its
Being characterised by, described algorithm set in advance is HASH algorithm.
10. according to the mobile payment security certification as claimed in claim 1 of realizing described in claim 6 to 9 any one
The device of method, it is characterised in that described secure payment APP wirelessly carries out communication with described safety chip.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610557060.2A CN106209383B (en) | 2016-07-13 | 2016-07-13 | A kind of method and device of mobile payment security certification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610557060.2A CN106209383B (en) | 2016-07-13 | 2016-07-13 | A kind of method and device of mobile payment security certification |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106209383A true CN106209383A (en) | 2016-12-07 |
CN106209383B CN106209383B (en) | 2019-08-23 |
Family
ID=57475917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610557060.2A Expired - Fee Related CN106209383B (en) | 2016-07-13 | 2016-07-13 | A kind of method and device of mobile payment security certification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106209383B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483210A (en) * | 2017-08-08 | 2017-12-15 | 中国银行股份有限公司 | A kind of data verification method and system |
CN107633402A (en) * | 2017-09-14 | 2018-01-26 | 深圳市华付信息技术有限公司 | A kind of method and its system for being used to polymerize certification |
CN108449185A (en) * | 2018-06-04 | 2018-08-24 | 贵州数据宝网络科技有限公司 | A kind of data signature security certification system |
CN108846662A (en) * | 2018-05-29 | 2018-11-20 | 数字乾元科技有限公司 | wireless payment method and wearable device |
CN109284635A (en) * | 2018-11-07 | 2019-01-29 | 数字钱包(北京)科技有限公司 | It is a kind of applied to the method for zero-knowledge proof, hardware device and system |
CN109544159A (en) * | 2018-11-12 | 2019-03-29 | 东莞市大易产业链服务有限公司 | A kind of method of quick authority to pay |
CN109560932A (en) * | 2017-09-25 | 2019-04-02 | 北京云海商通科技有限公司 | The recognition methods of identity data, apparatus and system |
CN111275432A (en) * | 2020-01-18 | 2020-06-12 | 北京随手精灵科技有限公司 | Security authentication method, device and system |
CN111710110A (en) * | 2020-06-08 | 2020-09-25 | 福建慧捷通科技有限公司 | Two-dimensional code safety payment equipment |
CN113393237A (en) * | 2021-05-28 | 2021-09-14 | ***股份有限公司 | Secure payment method, positioning terminal, device, system and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101778380A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Identity authentication method, device and system |
US20140149742A1 (en) * | 2012-11-28 | 2014-05-29 | Arnold Yau | Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors |
CN104331796A (en) * | 2014-11-04 | 2015-02-04 | 北京握奇智能科技有限公司 | Wearable device and working method thereof |
CN104850990A (en) * | 2015-05-27 | 2015-08-19 | 拉卡拉支付有限公司 | Payment method and system thereof, key terminal and key support system |
CN105162605A (en) * | 2015-09-28 | 2015-12-16 | 东南大学 | Digital signature and authentication method |
US20160189147A1 (en) * | 2012-12-07 | 2016-06-30 | Microsec Szamitastechnikai Fejleszto Zrt | Method And System For Authenticating A User |
-
2016
- 2016-07-13 CN CN201610557060.2A patent/CN106209383B/en not_active Expired - Fee Related
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101778380A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Identity authentication method, device and system |
US20140149742A1 (en) * | 2012-11-28 | 2014-05-29 | Arnold Yau | Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors |
US20160189147A1 (en) * | 2012-12-07 | 2016-06-30 | Microsec Szamitastechnikai Fejleszto Zrt | Method And System For Authenticating A User |
CN104331796A (en) * | 2014-11-04 | 2015-02-04 | 北京握奇智能科技有限公司 | Wearable device and working method thereof |
CN104850990A (en) * | 2015-05-27 | 2015-08-19 | 拉卡拉支付有限公司 | Payment method and system thereof, key terminal and key support system |
CN105162605A (en) * | 2015-09-28 | 2015-12-16 | 东南大学 | Digital signature and authentication method |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483210A (en) * | 2017-08-08 | 2017-12-15 | 中国银行股份有限公司 | A kind of data verification method and system |
CN107483210B (en) * | 2017-08-08 | 2021-03-16 | 中国银行股份有限公司 | Data verification method and system |
CN107633402A (en) * | 2017-09-14 | 2018-01-26 | 深圳市华付信息技术有限公司 | A kind of method and its system for being used to polymerize certification |
CN109560932A (en) * | 2017-09-25 | 2019-04-02 | 北京云海商通科技有限公司 | The recognition methods of identity data, apparatus and system |
CN108846662A (en) * | 2018-05-29 | 2018-11-20 | 数字乾元科技有限公司 | wireless payment method and wearable device |
CN108449185A (en) * | 2018-06-04 | 2018-08-24 | 贵州数据宝网络科技有限公司 | A kind of data signature security certification system |
CN109284635A (en) * | 2018-11-07 | 2019-01-29 | 数字钱包(北京)科技有限公司 | It is a kind of applied to the method for zero-knowledge proof, hardware device and system |
CN109284635B (en) * | 2018-11-07 | 2020-08-07 | 数字钱包(北京)科技有限公司 | Method, hardware equipment and system applied to zero-knowledge proof |
CN109544159A (en) * | 2018-11-12 | 2019-03-29 | 东莞市大易产业链服务有限公司 | A kind of method of quick authority to pay |
CN111275432A (en) * | 2020-01-18 | 2020-06-12 | 北京随手精灵科技有限公司 | Security authentication method, device and system |
CN111710110A (en) * | 2020-06-08 | 2020-09-25 | 福建慧捷通科技有限公司 | Two-dimensional code safety payment equipment |
CN113393237A (en) * | 2021-05-28 | 2021-09-14 | ***股份有限公司 | Secure payment method, positioning terminal, device, system and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106209383B (en) | 2019-08-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106209383B (en) | A kind of method and device of mobile payment security certification | |
US11184343B2 (en) | Method for carrying out an authentication | |
CN109150548B (en) | Digital certificate signing and signature checking method and system and digital certificate system | |
RU2710897C2 (en) | Methods for safe generation of cryptograms | |
CN108809659B (en) | Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system | |
AU2011205391B2 (en) | Anytime validation for verification tokens | |
JP5601729B2 (en) | How to log into a mobile radio network | |
ES2256457T3 (en) | COMMUNICATION SYSTEM BETWEEN TERMINALS. | |
US20150324789A1 (en) | Cryptocurrency Virtual Wallet System and Method | |
TW201741922A (en) | Biological feature based safety certification method and device | |
KR20170134631A (en) | User authentication method and apparatus, and wearable device registration method and apparatus | |
US20110213711A1 (en) | Method, system and apparatus for providing transaction verification | |
US10504109B2 (en) | Method for the mutual authentication of entities having previously initiated an online transaction | |
CN104301110A (en) | Authentication method, authentication device and system applied to intelligent terminal | |
JP2017537421A (en) | How to secure payment tokens | |
CN101770619A (en) | Multiple-factor authentication method for online payment and authentication system | |
US11558199B1 (en) | Systems and methods for privacy preserving distributed ledger consensus | |
CA2355928C (en) | Method and system for implementing a digital signature | |
JP2022517253A (en) | Simple authentication method and system using browser web storage | |
CN107609878B (en) | Security authentication method and system for shared automobile | |
CN106228356A (en) | A kind of use bracelet to substitute entity member card to carry out the method and device that pays | |
CN107491967B (en) | Method and system for inputting password through network payment | |
CN112016926A (en) | User identity verification method for secure transaction environment | |
AU2015200701B2 (en) | Anytime validation for verification tokens | |
JP4148465B2 (en) | Electronic value distribution system and electronic value distribution method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190823 Termination date: 20210713 |