CN106209383A - A kind of method and device of mobile payment security certification - Google Patents

A kind of method and device of mobile payment security certification Download PDF

Info

Publication number
CN106209383A
CN106209383A CN201610557060.2A CN201610557060A CN106209383A CN 106209383 A CN106209383 A CN 106209383A CN 201610557060 A CN201610557060 A CN 201610557060A CN 106209383 A CN106209383 A CN 106209383A
Authority
CN
China
Prior art keywords
signature
message
sent
safety chip
secure payment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610557060.2A
Other languages
Chinese (zh)
Other versions
CN106209383B (en
Inventor
罗胜豪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Shang Lian Payment Network Technology Co Ltd
Original Assignee
Guangdong Shang Lian Payment Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Shang Lian Payment Network Technology Co Ltd filed Critical Guangdong Shang Lian Payment Network Technology Co Ltd
Priority to CN201610557060.2A priority Critical patent/CN106209383B/en
Publication of CN106209383A publication Critical patent/CN106209383A/en
Application granted granted Critical
Publication of CN106209383B publication Critical patent/CN106209383B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Accounting & Taxation (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses the method and device of a kind of mobile payment security certification, method includes: secure payment APP obtains KEY ID from safety chip;Plant front end processor in advance KEY ID and the name of user, type of credential and certificate number to be bound, and binding information is sent to pre-server of planting preserves, plant server in advance and binding success result is returned to secure payment APP of mobile terminal;User sends payment request in secure payment APP of mobile terminal, and after input PIN code, transaction message is sent to safety chip by secure payment APP;After PIN code is verified by safety chip, transaction message is done digital signature and processes, and signature value is sent to signature verification service device carries out sign test, when confirm be to conclude the business in person time, then pay successfully and payment result returned to secure payment APP.The present invention can realize adding the higher digital certificate of level of security or electronic signature, can guarantee that the safety of mobile payment.

Description

A kind of method and device of mobile payment security certification
Technical field
The present invention relates to mobile payment field, particularly to the method and device of a kind of mobile payment security certification.
Background technology
In message transmitting procedure, the simple confidentiality using encryption to ensure data, actually there is also defect, if Sender goes back on one's word suddenly after sending certain information, states that this information is not that oneself sends, denies, although data pass It is secrecy during defeated, but sender's identity of this information cannot be proved, be so unfavorable for the management of communication.
In prior art, the general mode using signature, make information non-repudiation, such as, contract negotiation, bank debits Deng, all have employed the form of user's signature, it was demonstrated that this information occurred really, then, in network communications, generally use number Word signature realizes the non-repudiation of information.
Within 2015, Central Bank has issued " non-banking payment mechanism network payment operational control way (exposure draft) ", this, " way " regulation payment mechanism as used no less than two classes checking key elements, and including the higher digital certificate of level of security or Electronic signature, then can arrange single with client, the odd-numbered day adds up limit voluntarily;Payment mechanism is no less than two class key elements as used, But the most do not include digital certificate, electronic signature, " way " with reference to the People's Bank for business bank, bank card liquidation organization Regulator requirement, it is stipulated that the odd-numbered day adds up 5000 yuan of limits.Therefore, the restriction of defined in " way " to be broken, need During mobile payment, add the higher digital certificate of level of security or electronic signature.But, current technology has not been achievable The higher digital certificate of level of security or electronic signature is added, it is impossible to ensure the safety of mobile payment in mobile payment.
Summary of the invention
The technical problem to be solved in the present invention is, above-mentioned the failing in mobile payment for prior art realizes adding Digital certificate or electronic signature that level of security is higher are it cannot be guaranteed that the defect of safety of mobile payment, it is provided that Yi Zhongneng Realize adding the higher digital certificate of level of security or electronic signature, can guarantee that the mobile payment of the safety of mobile payment is pacified The method and device of full certification.
The technical solution adopted for the present invention to solve the technical problems is: construct the side of a kind of mobile payment security certification Method, comprises the steps:
A) user installs secure payment APP in the terminal, and by described secure payment APP safety in bracelet Chip is initiated to obtain and is planted certificate KEY ID request in advance, and KEY ID is sent to described secure payment APP by described safety chip;
B) described KEY ID and the name of user, type of credential and certificate number are sent to pre-by described secure payment APP Planting front end processor to bind, binding information is sent to pre-server of planting and preserves by described pre-front end processor of planting, and described pre-plants service Binding success result is returned to described secure payment APP by device simultaneously;
C) described user sends payment request in described secure payment APP of its mobile terminal, and searches described KEY ID, Described secure payment APP prompting input PIN code, after described user inputs described PIN code, transaction is reported by described secure payment APP Literary composition is sent to described safety chip;
D) described PIN code is verified by described safety chip, and judges whether by checking, in this way, by payment Display is on the display screen of described bracelet, and user described in vibration reminding, performs step E);Otherwise, described safety chip will be handed over The most failed information is sent to described secure payment APP;
E) described transaction message is done digital signature process by described safety chip, and signature value is sent to signature verification clothes Business device carries out sign test, when confirmation is to conclude the business in person, then pays successfully and payment result returns to described secure payment APP.
In the method for mobile payment security certification of the present invention, described step E) farther include:
E1) described bracelet generates RSA key pair temporarily;Described RSA key is to including private key and PKI;
E2) described private key is saved in described safety chip, and described PKI and transaction message are assembled into signature report Literary composition;
E3) described bracelet uses algorithm set in advance to described signature message by the report being calculated a fixing figure place Literary composition digest value, and the message digest value of described fixing figure place is obtained digital signature after the encryption of described private key;
E4) described digital signature is sent to described signature verification service device, described signature with signature message by described bracelet Authentication server uses algorithm set in advance that described signature message is calculated the first message digest value, then uses described PKI Described digital signature is decrypted and obtains the second message digest value;
E5) described first message digest value and the second message digest value are compared, and judge whether equal, in this way, Determine that described transaction message is from described user;Otherwise, it determines described transaction message is not from described user.
In the method for mobile payment security certification of the present invention, the figure place of described RSA key pair is 1028.
In the method for mobile payment security certification of the present invention, described algorithm set in advance is HASH (Hash) Algorithm.
In the method for mobile payment security certification of the present invention, described secure payment APP wirelessly with Described safety chip carries out communication.
The invention still further relates to the device of a kind of method realizing above-mentioned mobile payment security certification, including:
Request transmitting unit: be used for making user install secure payment APP in the terminal, and by described secure payment APP safety chip in bracelet is initiated to obtain and is planted certificate KEY ID request in advance, and KEY ID is sent to institute by described safety chip State secure payment APP;
Information binding unit: for making described secure payment APP by described KEY ID and the name of user, type of credential Being sent to pre-front end processor of planting with certificate number bind, binding information is sent to pre-server of planting and protects by described pre-front end processor of planting Depositing, binding success result is returned to described secure payment APP by described pre-server of planting simultaneously;
Transaction message transmitting element: for making described user send payment in described secure payment APP of its mobile terminal Request, and search described KEY ID, described secure payment APP prompting input PIN code, after described user inputs described PIN code, institute State secure payment APP and transaction message is sent to described safety chip;
Checking judging unit: be used for making described safety chip that described PIN code to be verified, and judge whether by testing Card, in this way, shows payment on the display screen of described bracelet, and user described in vibration reminding;Otherwise, described safe core The information of Fail Transaction is sent to described secure payment APP by sheet;
Signature unit: be used for making described safety chip that described transaction message to be done digital signature and process, and signature value is sent out Deliver to signature verification service device and carry out sign test, when confirmation is to conclude the business in person, then pays successfully and payment result is returned to institute State secure payment APP.
In the device of the method realizing above-mentioned mobile payment security certification of the present invention, described signature unit enters one Step includes:
RSA key is to generation module: be used for making described bracelet generate RSA key pair temporarily;Described RSA key is to including private Key and PKI;
Preserve and assemble module: for described private key is saved in described safety chip, and by described PKI and transaction report Literary composition is assembled into signature message;
Digital signature acquisition module: be used for making described bracelet use algorithm set in advance to described signature message by calculating Obtain the message digest value of a fixing figure place, and the message digest value of described fixing figure place is obtained after the encryption of described private key Digital signature;
Calculate deciphering module: be used for making described bracelet that with signature message, described digital signature is sent to described signature verification Server, described signature verification service device uses algorithm set in advance that described signature message is calculated the first message digest Value, is then decrypted described digital signature with described PKI and obtains the second message digest value;
Message digest comparison module: for described first message digest value and the second message digest value are compared, and Judge whether equal, in this way, determine that described transaction message is from described user;Otherwise, it determines described transaction message is not from Described user.
In the device of the method realizing above-mentioned mobile payment security certification of the present invention, described RSA key pair Figure place is 1028.
In the device of the method realizing above-mentioned mobile payment security certification of the present invention, described calculation set in advance Method is HASH algorithm.
In the device of the method realizing above-mentioned mobile payment security certification of the present invention, described secure payment APP Wirelessly carry out communication with described safety chip.
Implement the method and device of the mobile payment security certification of the present invention, have the advantages that due to safe core Transaction message is done digital signature and is processed by sector-meeting, and signature value is sent to signature verification service device carries out sign test, when confirming to be When I concludes the business, then pay successfully and payment result is returned to secure payment APP, so it can realize adding level of security relatively High digital certificate or electronic signature, can guarantee that the safety of mobile payment.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing In having technology to describe, the required accompanying drawing used is briefly described, it should be apparent that, the accompanying drawing in describing below is only this Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, also may be used To obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of the method in one embodiment of method and device of mobile payment security certification of the present invention;
Fig. 2 is that in described embodiment, transaction message is done digital signature process by safety chip, and is sent to signature value sign Name authentication server carries out the particular flow sheet of sign test;
Fig. 3 is the structural representation of device in described embodiment.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Describe, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments wholely.Based on Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under not making creative work premise Embodiment, broadly falls into the scope of protection of the invention.
In the method and device embodiment of mobile payment security certification of the present invention, the method for its mobile payment security certification Flow chart as shown in Figure 1.In Fig. 1, the method for this mobile payment security certification comprises the steps:
Step S01 user installs secure payment APP in the terminal, and by secure payment APP peace in bracelet Full chip is initiated to obtain and is planted certificate KEY ID request in advance, and KEY ID is sent to secure payment APP by safety chip: the present embodiment In, bracelet contains the safety chip (i.e. SE) of a CFCA (China's finance authentication center) certification, in each safety chip Mask has unique KEY ID.In this step, user installs secure payment APP in the terminal, and by this secure payment APP safety chip in bracelet is initiated to obtain and is planted certificate KEY ID request in advance, after safety chip receives this request, by safe core KEY ID in sheet is sent to secure payment APP.It is noted that in the present embodiment, mobile terminal can be mobile phone, flat board Computer, notebook or PDA etc..
Before KEY ID and the name of user, type of credential and certificate number are sent to pre-planting by step S02 secure payment APP The machine of putting is bound, and plants front end processor in advance and binding information is sent to pre-server of planting preserves, and planting server in advance simultaneously will binding Successful result returns to secure payment APP: in this step, and secure payment APP is by KEY ID and the name of user, type of credential It is sent to pre-front end processor of planting with certificate number bind, after binding success, plants front end processor in advance and be sent to binding information pre-plant service Device preserves, and plants server in advance and binding success result is returned to secure payment APP simultaneously.So, each bracelet all with User has done uniqueness binding.
Step S03 user sends payment request in secure payment APP of its mobile terminal, and searches KEYID, secure payment APP prompting input PIN code, after user inputs PIN code, transaction message is sent to safety chip by secure payment APP: this step In, user sends payment request in secure payment APP of its mobile terminal, and secure payment APP searches the bracelet of user, if used User at one's side, then in secure payment APP, prompting inputs PIN code, after user inputs PIN code, secure payment APP to the bracelet at family Transaction message is sent to safety chip.
PIN code is verified by step S04 safety chip, and judges whether by checking: in this step, safety chip pair PIN code is verified, and judges whether by checking, namely judges that this PIN code is the most correct, in this way, performs step S06; Otherwise, step S05 is performed.
The information of Fail Transaction is sent to secure payment APP by step S05 safety chip: if the sentencing of above-mentioned steps S04 Disconnected result is no, then perform this step.In this step, the information of Fail Transaction is sent to secure payment APP by safety chip.
Payment is shown on the display screen of bracelet by step S06, and vibration reminding user: if above-mentioned steps S04 Judged result be yes, then perform this step.In this step, just payment shows on the display screen of bracelet, and shakes Remind user.Perform this step, perform step S07.
Transaction message is done digital signature and is processed by step S07 safety chip, and signature value is sent to signature verification service Device carries out sign test, when confirm be to conclude the business in person time, then pay successfully and payment result returned to secure payment APP: this step In, transaction message is done digital signature and is processed by the safety chip in bracelet, and signature value is sent to signature verification service device enters Row sign test, when confirm be user conclude the business time, then pay successfully and payment result returned to secure payment APP.So its Can realize adding the higher digital certificate of level of security or electronic signature, can guarantee that the safety of mobile payment.
For the present embodiment, above-mentioned steps S07 also can refine further, its refinement after flow chart as in figure 2 it is shown, In Fig. 2, above-mentioned steps S07 farther includes:
Step S71 bracelet generates RSA key pair temporarily: in this step, when bracelet is when transacting business checking, can generate temporarily RSA key pair, this RSA key is to including private key and PKI.In the present embodiment, the figure place of RSA key pair is 1028.Certainly, Under the certain situation of the present embodiment, the figure place of RSA key pair can also be other values.
Private key is saved in safety chip by step S72, and PKI and transaction message are assembled into signature message: this step In, private key is saved in safety chip, and PKI and transaction message are assembled into signature message.
Step S73 bracelet uses algorithm set in advance to pluck signature message by the message being calculated a fixing figure place It is worth, and obtains digital signature after the message digest value private key encryption of fixing figure place: in this step, bracelet uses and sets in advance Fixed algorithm to signature message by being calculated the message digest value of a fixing figure place, and by the message digest of this fixing figure place Digital signature is obtained after the encryption of value private key.It is noted that for the message digest value calculated, need at mathematics As long as upper guarantee change signature message in any one, the message digest value recalculated will not correspond with original value. This ensures that there the unalterable feature of transaction message.Above-mentioned algorithm set in advance can be HASH algorithm, naturally it is also possible to Use other algorithms.
Digital signature is sent to signature verification service device with signature message by step S74 bracelet, and signature verification service device makes With algorithm set in advance, signature message is calculated the first message digest value, then with PKI, digital signature is decrypted To the second message digest value: in this step, digital signature is sent to signature verification service device with signature message by bracelet, and signature is tested After card server receives, above-mentioned algorithm set in advance is used signature message to be calculated the first message digest value, then by public affairs Digital signature is decrypted and obtains the second message digest value by key.
First message digest value and the second message digest value are compared by step S75, and judge whether equal: this step In, the first message digest value and the second message digest value are compared, and judges whether equal, in this way, i.e. both are equal, then Perform step S77;Otherwise, step S76 is performed.
Step S76 determines that transaction message is not from user: if the judged result of above-mentioned steps S75 is no, i.e. both Unequal, then perform this step.In this step, determine that transaction message is not from user.
Step S77 determines that transaction message is from user: if the judged result of above-mentioned steps S75 is yes, then perform this step Suddenly.In this step, determine that transaction message is from user." deciphering " message digest can be passed through owing to only having the signer of private key Value generates signature, therefore has safety and non repudiation.
It is noted that in the present embodiment, when secure payment APP carries out communication with safety chip, be by wireless Mode carries out communication.Such as: bluetooth, wifi etc..When use bluetooth approach time, bracelet transact business checking time, safety support Paying APP and can give the Bluetooth chip in bracelet by signature message by bluetooth privately owned news agreement, Bluetooth chip will be according in agreement Holding, send and instruct to safety chip accordingly, safety chip performs dependent instruction again, and returns result to Bluetooth chip, bluetooth The resultant content of return is returned to secure payment APP by bluetooth proprietary protocol by chip again.It is flexible to operation.
The present embodiment further relates to the device of a kind of method realizing above-mentioned mobile payment security certification, and its structural representation is such as Shown in Fig. 3.In Fig. 3, this device includes that request transmitting unit 1, information binding unit 2, transaction message transmitting element 3, checking are sentenced Disconnected unit 4 and signature unit 5;Wherein, request transmitting unit 1 is used for making user install secure payment APP in the terminal, and Initiating to obtain by secure payment APP safety chip in bracelet and plant certificate KEY ID request in advance, safety chip is by KEY ID It is sent to secure payment APP;Information binding unit 2 is for making secure payment APP by KEY ID and the name of user, certificate class Type and certificate number are sent to pre-front end processor of planting and bind, and plant front end processor in advance and binding information is sent to pre-server of planting protects Deposit, plant server in advance and binding success result is returned to secure payment APP simultaneously;Transaction message transmitting element 3 is used for making user Secure payment APP at its mobile terminal sends payment request, and searches KEY ID, secure payment APP prompting input PIN code, After user inputs PIN code, transaction message is sent to safety chip by secure payment APP;Checking judging unit 4 is used for making safe core PIN code is verified by sheet, and judges whether, by checking, in this way, payment to be shown on the display screen of bracelet, and shake Dynamic prompting user;Otherwise, the information of Fail Transaction is sent to secure payment APP by safety chip;Signature unit 5 is used for making safety Transaction message is done digital signature and is processed by chip, and signature value is sent to signature verification service device carries out sign test, when confirming to be When I concludes the business, then pay successfully and payment result is returned to secure payment APP.So it can realize adding level of security relatively High digital certificate or electronic signature, can guarantee that the safety of mobile payment.It is noted that in the present embodiment, safety Pay APP and wirelessly carry out communication with safety chip.
In the present embodiment, signature unit 5 farther includes RSA key and generation module 51, preservation is assembled module 52, numeral Signature acquisition module 53, calculating deciphering module 54 and message digest comparison module 55;Wherein, generation module 51 is used by RSA key Generate RSA key pair in making bracelet temporarily;RSA key is to including private key and PKI, and the figure place of RSA key pair is 1028, also Can be other values;Preserve assembling module 52 to be used for being saved in safety chip private key, and PKI is assembled with transaction message For signature message;Digital signature acquisition module 53 is used for making bracelet use algorithm set in advance to signature message by being calculated The message digest value of one fixing figure place, and obtain digital signature after the message digest value private key encryption of fixing figure place;On Stating algorithm set in advance is HASH algorithm, it is also possible to for other algorithms.Calculate deciphering module 54 to be used for making bracelet by numeral label Name is sent to signature verification service device with signature message, and signature verification service device uses algorithm set in advance to signature message meter Calculate the first message digest value, then with PKI digital signature is decrypted and obtains the second message digest value;Message digest ratio Relatively module 55 is for comparing the first message digest value and the second message digest value, and judges whether equal, in this way, determines Transaction message is from user;Otherwise, it determines transaction message is not from user.Can pass through owing to only having the signer of private key " decipher " message digest value and generate signature, therefore there is safety and non repudiation.
In a word, in the present embodiment, the signature process of digital signature, it is simply that sender is according to information to be sent, with certainly Body private key forms digital signature after encrypting message digest value.Namely user uses the private key of oneself to message digest value in addition Process, own owing to key is only me, this creates the terminal the file that others cannot generate, be also the formation of digital signature, Use digital signature, it is ensured that information is sent by signer oneself signature, and signer can not be denied or is difficult to deny.Connect Debit can verify information Zi not made any amendment after signing and issuing to receiving, the file signed and issued is authentic document.Therefore, Ensure that the safety of payment.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention Within god and principle, any modification, equivalent substitution and improvement etc. made, should be included within the scope of the present invention.

Claims (10)

1. the method for a mobile payment security certification, it is characterised in that comprise the steps:
A) user installs secure payment APP in the terminal, and by described secure payment APP safety chip in bracelet Initiating to obtain and plant certificate KEY ID request in advance, KEY ID is sent to described secure payment APP by described safety chip;
B) before described KEY ID and the name of user, type of credential and certificate number are sent to pre-planting by described secure payment APP The machine of putting is bound, and binding information is sent to pre-server of planting and preserves by described pre-front end processor of planting, described pre-plant server with Time binding success result is returned to described secure payment APP;
C) described user sends payment request in described secure payment APP of its mobile terminal, and searches described KEY ID, described Secure payment APP prompting input PIN code, after described user inputs described PIN code, transaction message is sent out by described secure payment APP Deliver to described safety chip;
D) described PIN code is verified by described safety chip, and judges whether, by checking, in this way, payment to be shown On the display screen of described bracelet, and user described in vibration reminding, perform step E);Otherwise, transaction is lost by described safety chip The information lost is sent to described secure payment APP;
E) described transaction message is done digital signature process by described safety chip, and signature value is sent to signature verification service device Carry out sign test, when confirmation is to conclude the business in person, then pays successfully and payment result is returned to described secure payment APP.
The method of mobile payment security certification the most according to claim 1, it is characterised in that described step E) wrap further Include:
E1) described bracelet generates RSA key pair temporarily;Described RSA key is to including private key and PKI;
E2) described private key is saved in described safety chip, and described PKI and transaction message are assembled into signature message;
E3) described bracelet uses algorithm set in advance to pluck described signature message by the message being calculated a fixing figure place It is worth, and the message digest value of described fixing figure place is obtained digital signature after the encryption of described private key;
E4) described digital signature is sent to described signature verification service device, described signature verification with signature message by described bracelet Server uses algorithm set in advance described signature message to be calculated the first message digest value, then with described PKI to institute State digital signature to be decrypted and obtain the second message digest value;
E5) described first message digest value and the second message digest value are compared, and judge whether equal, in this way, determine Described transaction message is from described user;Otherwise, it determines described transaction message is not from described user.
The method of mobile payment security certification the most according to claim 2, it is characterised in that the position of described RSA key pair Number is 1028.
The method of mobile payment security certification the most according to claim 2, it is characterised in that described algorithm set in advance For HASH algorithm.
5. according to the method for the mobile payment security certification described in Claims 1-4 any one, it is characterised in that described peace The full APP that pays wirelessly carries out communication with described safety chip.
6. the device of the method realizing mobile payment security certification as claimed in claim 1, it is characterised in that including:
Request transmitting unit: be used for making user install secure payment APP in the terminal, and by described secure payment APP Safety chip in bracelet is initiated to obtain and is planted certificate KEY ID request in advance, and KEY ID is sent to described peace by described safety chip Entirely pay APP;
Information binding unit: for making described secure payment APP by described KEY ID and the name of user, type of credential and card Piece number is sent to pre-front end processor of planting and binds, and binding information is sent to pre-server of planting and preserves by described pre-front end processor of planting, Binding success result is returned to described secure payment APP by described pre-server of planting simultaneously;
Transaction message transmitting element: for making described user send payment request in described secure payment APP of its mobile terminal, And search described KEY ID, the prompting of described secure payment APP inputs PIN code, after described user inputs described PIN code, described peace Transaction message is sent to described safety chip by the full APP that pays;
Checking judging unit: be used for making described safety chip that described PIN code to be verified, and judge whether by verifying, as It is payment to be shown on the display screen of described bracelet, and user described in vibration reminding;Otherwise, described safety chip will The information of Fail Transaction is sent to described secure payment APP;
Signature unit: be used for making described safety chip that described transaction message to be done digital signature and process, and signature value is sent to Signature verification service device carries out sign test, when confirmation is to conclude the business in person, then pays successfully and payment result returns to described peace Entirely pay APP.
The device of the method for realization the most according to claim 6 mobile payment security as claimed in claim 1 certification, its Being characterised by, described signature unit farther includes:
RSA key is to generation module: be used for making described bracelet generate RSA key pair temporarily;Described RSA key to include private key and PKI;
Preserve and assemble module: for described private key is saved in described safety chip, and by described PKI and transaction message group Dress is signature message;
Digital signature acquisition module: be used for making described bracelet use algorithm set in advance to described signature message by being calculated The message digest value of one fixing figure place, and the message digest value of described fixing figure place is obtained numeral after the encryption of described private key Signature;
Calculate deciphering module: be used for making described bracelet that with signature message, described digital signature is sent to described signature verification service Device, described signature verification service device uses algorithm set in advance described signature message to be calculated the first message digest value, so With described PKI described digital signature is decrypted afterwards and obtains the second message digest value;
Message digest comparison module: for described first message digest value and the second message digest value are compared, and judge The most equal, in this way, determine that described transaction message is from described user;Otherwise, it determines described transaction message is not from described User.
The device of the method for realization the most according to claim 7 mobile payment security as claimed in claim 1 certification, its Being characterised by, the figure place of described RSA key pair is 1028.
The device of the method for realization the most according to claim 7 mobile payment security as claimed in claim 1 certification, its Being characterised by, described algorithm set in advance is HASH algorithm.
10. according to the mobile payment security certification as claimed in claim 1 of realizing described in claim 6 to 9 any one The device of method, it is characterised in that described secure payment APP wirelessly carries out communication with described safety chip.
CN201610557060.2A 2016-07-13 2016-07-13 A kind of method and device of mobile payment security certification Expired - Fee Related CN106209383B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610557060.2A CN106209383B (en) 2016-07-13 2016-07-13 A kind of method and device of mobile payment security certification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610557060.2A CN106209383B (en) 2016-07-13 2016-07-13 A kind of method and device of mobile payment security certification

Publications (2)

Publication Number Publication Date
CN106209383A true CN106209383A (en) 2016-12-07
CN106209383B CN106209383B (en) 2019-08-23

Family

ID=57475917

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610557060.2A Expired - Fee Related CN106209383B (en) 2016-07-13 2016-07-13 A kind of method and device of mobile payment security certification

Country Status (1)

Country Link
CN (1) CN106209383B (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483210A (en) * 2017-08-08 2017-12-15 中国银行股份有限公司 A kind of data verification method and system
CN107633402A (en) * 2017-09-14 2018-01-26 深圳市华付信息技术有限公司 A kind of method and its system for being used to polymerize certification
CN108449185A (en) * 2018-06-04 2018-08-24 贵州数据宝网络科技有限公司 A kind of data signature security certification system
CN108846662A (en) * 2018-05-29 2018-11-20 数字乾元科技有限公司 wireless payment method and wearable device
CN109284635A (en) * 2018-11-07 2019-01-29 数字钱包(北京)科技有限公司 It is a kind of applied to the method for zero-knowledge proof, hardware device and system
CN109544159A (en) * 2018-11-12 2019-03-29 东莞市大易产业链服务有限公司 A kind of method of quick authority to pay
CN109560932A (en) * 2017-09-25 2019-04-02 北京云海商通科技有限公司 The recognition methods of identity data, apparatus and system
CN111275432A (en) * 2020-01-18 2020-06-12 北京随手精灵科技有限公司 Security authentication method, device and system
CN111710110A (en) * 2020-06-08 2020-09-25 福建慧捷通科技有限公司 Two-dimensional code safety payment equipment
CN113393237A (en) * 2021-05-28 2021-09-14 ***股份有限公司 Secure payment method, positioning terminal, device, system and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778380A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Identity authentication method, device and system
US20140149742A1 (en) * 2012-11-28 2014-05-29 Arnold Yau Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
CN104331796A (en) * 2014-11-04 2015-02-04 北京握奇智能科技有限公司 Wearable device and working method thereof
CN104850990A (en) * 2015-05-27 2015-08-19 拉卡拉支付有限公司 Payment method and system thereof, key terminal and key support system
CN105162605A (en) * 2015-09-28 2015-12-16 东南大学 Digital signature and authentication method
US20160189147A1 (en) * 2012-12-07 2016-06-30 Microsec Szamitastechnikai Fejleszto Zrt Method And System For Authenticating A User

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778380A (en) * 2009-12-31 2010-07-14 卓望数码技术(深圳)有限公司 Identity authentication method, device and system
US20140149742A1 (en) * 2012-11-28 2014-05-29 Arnold Yau Method and system of providing authentication of user access to a computer resource via a mobile device using multiple separate security factors
US20160189147A1 (en) * 2012-12-07 2016-06-30 Microsec Szamitastechnikai Fejleszto Zrt Method And System For Authenticating A User
CN104331796A (en) * 2014-11-04 2015-02-04 北京握奇智能科技有限公司 Wearable device and working method thereof
CN104850990A (en) * 2015-05-27 2015-08-19 拉卡拉支付有限公司 Payment method and system thereof, key terminal and key support system
CN105162605A (en) * 2015-09-28 2015-12-16 东南大学 Digital signature and authentication method

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483210A (en) * 2017-08-08 2017-12-15 中国银行股份有限公司 A kind of data verification method and system
CN107483210B (en) * 2017-08-08 2021-03-16 中国银行股份有限公司 Data verification method and system
CN107633402A (en) * 2017-09-14 2018-01-26 深圳市华付信息技术有限公司 A kind of method and its system for being used to polymerize certification
CN109560932A (en) * 2017-09-25 2019-04-02 北京云海商通科技有限公司 The recognition methods of identity data, apparatus and system
CN108846662A (en) * 2018-05-29 2018-11-20 数字乾元科技有限公司 wireless payment method and wearable device
CN108449185A (en) * 2018-06-04 2018-08-24 贵州数据宝网络科技有限公司 A kind of data signature security certification system
CN109284635A (en) * 2018-11-07 2019-01-29 数字钱包(北京)科技有限公司 It is a kind of applied to the method for zero-knowledge proof, hardware device and system
CN109284635B (en) * 2018-11-07 2020-08-07 数字钱包(北京)科技有限公司 Method, hardware equipment and system applied to zero-knowledge proof
CN109544159A (en) * 2018-11-12 2019-03-29 东莞市大易产业链服务有限公司 A kind of method of quick authority to pay
CN111275432A (en) * 2020-01-18 2020-06-12 北京随手精灵科技有限公司 Security authentication method, device and system
CN111710110A (en) * 2020-06-08 2020-09-25 福建慧捷通科技有限公司 Two-dimensional code safety payment equipment
CN113393237A (en) * 2021-05-28 2021-09-14 ***股份有限公司 Secure payment method, positioning terminal, device, system and storage medium

Also Published As

Publication number Publication date
CN106209383B (en) 2019-08-23

Similar Documents

Publication Publication Date Title
CN106209383B (en) A kind of method and device of mobile payment security certification
US11184343B2 (en) Method for carrying out an authentication
CN109150548B (en) Digital certificate signing and signature checking method and system and digital certificate system
RU2710897C2 (en) Methods for safe generation of cryptograms
CN108809659B (en) Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system
AU2011205391B2 (en) Anytime validation for verification tokens
JP5601729B2 (en) How to log into a mobile radio network
ES2256457T3 (en) COMMUNICATION SYSTEM BETWEEN TERMINALS.
US20150324789A1 (en) Cryptocurrency Virtual Wallet System and Method
TW201741922A (en) Biological feature based safety certification method and device
KR20170134631A (en) User authentication method and apparatus, and wearable device registration method and apparatus
US20110213711A1 (en) Method, system and apparatus for providing transaction verification
US10504109B2 (en) Method for the mutual authentication of entities having previously initiated an online transaction
CN104301110A (en) Authentication method, authentication device and system applied to intelligent terminal
JP2017537421A (en) How to secure payment tokens
CN101770619A (en) Multiple-factor authentication method for online payment and authentication system
US11558199B1 (en) Systems and methods for privacy preserving distributed ledger consensus
CA2355928C (en) Method and system for implementing a digital signature
JP2022517253A (en) Simple authentication method and system using browser web storage
CN107609878B (en) Security authentication method and system for shared automobile
CN106228356A (en) A kind of use bracelet to substitute entity member card to carry out the method and device that pays
CN107491967B (en) Method and system for inputting password through network payment
CN112016926A (en) User identity verification method for secure transaction environment
AU2015200701B2 (en) Anytime validation for verification tokens
JP4148465B2 (en) Electronic value distribution system and electronic value distribution method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190823

Termination date: 20210713