CN106251146A - A kind of method of mobile payment and mobile-payment system - Google Patents

A kind of method of mobile payment and mobile-payment system Download PDF

Info

Publication number
CN106251146A
CN106251146A CN201610581937.1A CN201610581937A CN106251146A CN 106251146 A CN106251146 A CN 106251146A CN 201610581937 A CN201610581937 A CN 201610581937A CN 106251146 A CN106251146 A CN 106251146A
Authority
CN
China
Prior art keywords
sub
private key
module
key
pki
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610581937.1A
Other languages
Chinese (zh)
Other versions
CN106251146B (en
Inventor
陆道如
张骁
温泉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hengbao Co Ltd
Original Assignee
Hengbao Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hengbao Co Ltd filed Critical Hengbao Co Ltd
Priority to CN201610581937.1A priority Critical patent/CN106251146B/en
Publication of CN106251146A publication Critical patent/CN106251146A/en
Application granted granted Critical
Publication of CN106251146B publication Critical patent/CN106251146B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a kind of method of mobile payment and mobile-payment system, relate to safety of payment technical field, for improving the safety of payment.This method of mobile payment includes: utilize a main private key, generates N number of different sub-private key, and N is positive integer and meets: N >=2;N number of sub-private key is respectively stored in N number of different mobile terminal;Determine the minimum quantity t of required mobile terminal that Transaction Information is signedmin, wherein tminFor positive integer and meet: tmin> 1;Choosing t mobile terminal from N number of mobile terminal, t is positive integer and meets: tmin≤t≤N;Use the sub-private key of storage in t mobile terminal respectively Transaction Information to be signed, obtain the first signature;All of first signature is integrated, obtains the second signature;Use Your Majesty's key that the second signature is verified.Method of mobile payment provided by the present invention is for paying safely.

Description

A kind of method of mobile payment and mobile-payment system
Technical field
The present invention relates to safety of payment technical field, particularly relate to a kind of method of mobile payment and mobile-payment system.
Background technology
Mobile payment is that a kind of permission user uses mobile terminal (such as, mobile phone) to carry out the commodity consumed or service The Payment Methods paid.
In prior art, for improving the safety of mobile payment, it will usually use numeral to sign during mobile payment Name technology.Specifically, digital signature technology is generally by using a double secret key (i.e. private key and PKI) to realize, wherein, private Key is the private part of cipher key pair, is stored in the mobile terminal of user, and only user is obtained in that, PKI is double secret key Disclosed in part, any be obtained in that per capita.In a transaction, user (i.e. Transaction Information initiator) uses storage to have private Transaction Information is signed by the mobile terminal of key, then sends the Transaction Information after signature to Transaction Information recipient's (example As, bank), Transaction Information recipient uses PKI to verify the signature in Transaction Information.
In above-mentioned existing mobile payment, the mobile terminal having private key owing to having only to a storage just can be to transaction Information is correctly signed, and causes mobile payment to there is bigger security risk, such as, if storage is had private key by user accidentally Mobile terminal lose, then Transaction Information just can correctly be signed by the people finding this mobile terminal, causes user Property loss.
Summary of the invention
It is an object of the invention to provide a kind of method of mobile payment and mobile-payment system, for improving the safety of payment Property.
For reaching above-mentioned purpose, method of mobile payment provided by the present invention adopts the following technical scheme that
A kind of method of mobile payment, this method of mobile payment includes: utilize a main private key, generates N number of different son private Key, N is positive integer and meets: N >=2;N number of described sub-private key is respectively stored in N number of different mobile terminal;Determine friendship Easily information is carried out signing the minimum quantity t of required mobile terminalmin, wherein tminFor positive integer and meet: tmin> 1;From N number of Choosing t mobile terminal in described mobile terminal, t is positive integer and meets: tmin≤t≤N;Use in t described mobile terminal Transaction Information is signed by the sub-private key of storage respectively, obtains and t described sub-private key the first signature one to one;To institute Described first signature having is integrated, and obtains the second signature, and described transaction is believed by described second signature with described main private key Signature obtained by ceasing after signing is identical;Use Your Majesty's key that described second signature is verified.
Additionally, present invention also offers a kind of mobile-payment system, it is used for implementing method of mobile payment as above, should Mobile-payment system includes: sub-private key generation module, is used for utilizing a main private key, generates N number of different sub-private key, and N is just Integer and meet: N >=2;The distribution module being connected with described sub-private key generation module, for depositing N number of described sub-private key respectively Storage is in N number of different mobile terminal;The parameter determination module being connected with described distribution module, is used for determining and enters Transaction Information The minimum quantity t of the mobile terminal needed for row signaturemin, wherein tminFor positive integer and meet: tmin> 1;With described parameter determination The first of module connection chooses module, and for choosing t mobile terminal from N number of described mobile terminal, t is positive integer and expires Foot: tmin≤t≤N;The signature blocks that module is connected is chosen, for using storage in t described mobile terminal with described first Transaction Information is signed by sub-private key respectively, obtains and t described sub-private key the first signature one to one;With described signature The integration module that module connects, for integrating all of described first signature, obtains the second signature, described second signature With with described main private key, described Transaction Information is signed after obtained by signature identical;With testing that described integration module is connected Card module, is used for using Your Majesty's key to verify described second signature.
Owing to method of mobile payment provided by the present invention includes above step, therefore, N number of different mobile terminal divides Cun Chu there is not N number of sub-private key, when Transaction Information is signed, can first determine required shifting that Transaction Information is signed The minimum quantity t of dynamic terminalmin, wherein tminFor positive integer and meet: tmin> 1, then from N number of mobile terminal, choose t movement Terminal, wherein t is positive integer and meets: tmin≤ t≤N, then uses the son of storage in t mobile terminal elected private Transaction Information is signed by key respectively, the most at least to use the sub-private key of storage in two mobile terminals to carry out Transaction Information Signature, obtains and t sub-private key the first signature one to one, then integrates all of first signature, obtain second Signature, wherein the second signature with main private key, Transaction Information is signed after obtained signature identical, be then used by Your Majesty Second signature is verified by key, say, that only has the mobile terminal of sub-private key from N number of storage and at least chooses two, Transaction Information correctly can be signed, even if thus other people in addition to validated user obtain a storage and have son private Transaction Information also cannot correctly be signed by the mobile terminal of key.As the above analysis, movement provided by the present invention Method of payment achieves and only uses multiple storage to have the mobile terminal of sub-private key just can correctly sign Transaction Information Name, has the mobile terminal of sub-private key can correctly sign Transaction Information compared to only needing a storage in prior art Mobile payment mode, hence it is evident that improve the safety of payment.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, embodiment will be described below The accompanying drawing used required in is briefly described, it should be apparent that, the accompanying drawing in describing below is only some of the present invention Embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to attached according to these Figure obtains other accompanying drawing.
Fig. 1 is the schematic flow sheet one of the method for mobile payment in the embodiment of the present invention;
Fig. 2 is the schematic flow sheet two of the method for mobile payment in the embodiment of the present invention;
Fig. 3 is the schematic flow sheet three of the method for mobile payment in the embodiment of the present invention;
Fig. 4 is the schematic flow sheet four of the method for mobile payment in the embodiment of the present invention;
Fig. 5 is the module diagram one of the mobile-payment system in the embodiment of the present invention;
Fig. 6 is the module diagram two of the mobile-payment system in the embodiment of the present invention;
Fig. 7 is the module diagram three of the mobile-payment system in the embodiment of the present invention;
Fig. 8 is the module diagram four of the mobile-payment system in the embodiment of the present invention.
Description of reference numerals:
1-private key generation module;2-distributes module;3-parameter determination module;
4-first chooses module;5-signature blocks;6-integrates module;
7-authentication module;8-first sub-PKI generation module;9-second chooses module;
10-the first computing module;Transmission module on 11-first;The 12-webserver;
13-the first download module;The sub-authentication module of 14-first;15-removing module;
16-second sub-PKI generation module;17-the 3rd chooses module;Transmission module on 18-second;
19-the second download module;20-the second computing module;The sub-authentication module of 21-second;
22-dealing money acquiring unit;23-minimum quantity determines unit.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Describe, it is clear that described embodiment is a part of embodiment of the present invention rather than whole embodiments wholely.Based on this Embodiment in bright, the every other enforcement that those of ordinary skill in the art are obtained under not making creative work premise Example, broadly falls into the scope of protection of the invention.
Embodiment one
Embodiments provide a kind of method of mobile payment, as it is shown in figure 1, this method of mobile payment includes:
Step S1, utilizing a main private key, generate N number of different sub-private key, N is positive integer and meets: N >=2;
Such as, utilize a main private key, generate 3 different sub-private keys, the most sub-private key A, sub-private key B, sub-private key C.Wherein, main private key refers to the private part that Transaction Information can correctly be signed by a cipher key pair, also That is, signature obtained after using main private key to sign Transaction Information can be by a cipher key pair and this main private key Corresponding Your Majesty's key institute correct verification.Specifically, Shamir's Secret Sharing algorithm can be used a main private Key is divided into 3 different sub-private keys.It should be noted that above-mentioned Shamir's Secret Sharing algorithm refers to existing Technology, the most no longer repeats.
Step S2, N number of sub-private key is respectively stored in N number of different mobile terminal;
Such as, above-mentioned sub-private key A, sub-private key B, sub-private key C are stored respectively to mobile phone, Intelligent bracelet and bluetooth Key. Wherein, bluetooth Key is a kind of hardware device including bluetooth module and Digital Signature module, and it can be received by bluetooth module Transaction Information, and use the sub-private key in Digital Signature module that the Transaction Information received is signed, and by bluetooth mould Transaction Information after signature is back to Transaction Information initiator by block.Additionally, mobile terminal can also be worn for intelligent watch etc. Wear equipment, or be notebook computer, digit broadcasting receiver and PDA (Personal Digital Assistant, individual number Word assistant) etc. terminal unit.
Step S3, determine the minimum quantity t of required mobile terminal that Transaction Information is signedmin, wherein, tminFor just Integer and meet: tmin> 1;
Sign the minimum quantity t of required mobile terminal to Transaction InformationminCan carry out according to actual needs flexibly Ground is arranged, but tminNeed to meet: tmin> 1, say, that at least need two storages to have the mobile terminal of sub-private key can Transaction Information is correctly signed.
Step S4, choosing t mobile terminal from N number of mobile terminal, wherein t is positive integer and meets: tmin≤t≤N;
Such as, t is worked asminWhen=2, then from above-mentioned mobile phone, Intelligent bracelet and bluetooth Key, choose t mobile terminal exist such as Under several situations: only choose mobile phone and Intelligent bracelet;Only choose mobile phone and bluetooth Key;Only choose Intelligent bracelet and bluetooth Key; Choose mobile phone, Intelligent bracelet and bluetooth Key.
In step S5, t mobile terminal of use, Transaction Information is signed by the sub-private key of storage respectively, obtains and t Sub-private key the first signature one to one;
For example, it is possible to first use Hash function (hash function) to generate the summary of Transaction Information Transaction Information (Digest), use the sub-private key A in mobile phone and the sub-private key B in Intelligent bracelet that summary is encrypted the most respectively, generate The signature of sub-private key A and the signature of sub-private key B.
Step S6, all of first signature is integrated, obtains the second signature, the second signature with main private key to transaction Information sign after obtained by signature identical.
It is, for example possible to use Shamir's Secret Sharing algorithm is by the signature of above-mentioned sub-private key A and sub-private key B Signature integrate, obtain the second signature, this second signature with main private key, Transaction Information is signed after obtained by Sign identical, say, that the second signature can be by the cipher key pair Your Majesty key institute correct verification corresponding with main private key.
If it should be noted that in step s 5, employ the sub-private key in k (k < t) individual mobile terminal to Transaction Information Sign, obtain and k sub-private key the first signature one to one, the most in step s 6, according to Shamir's Secret Sharing algorithmic rule, it is impossible to obtain the second signature by the first signature of above-mentioned k sub-private key.Such as, t is worked asminWhen=2, Storage is only used to have the mobile phone of sub-private key A, storage to have the Intelligent bracelet of sub-private key B and storage to have in bluetooth Key of sub-private key C Transaction Information cannot correctly be signed by a kind of terminal unit, and reason is, according to Shamir's Secret Sharing algorithmic rule, works as tminWhen=2, it is impossible to obtain the second signature by the first signature of 1 sub-private key.
Second signature is verified by step S7, use Your Majesty's key.
The method of mobile payment provided due to the embodiment of the present invention includes above step, therefore, and N number of different mobile end In end, storage has N number of sub-private key respectively, when signing Transaction Information, can first determine and Transaction Information carries out institute of signing The minimum quantity t of the mobile terminal neededmin, wherein tminFor positive integer and meet: tmin> 1, then choose t from N number of mobile terminal Individual mobile terminal, wherein t is positive integer and meets: tmin≤ t≤N, then uses in t mobile terminal elected and stores Sub-private key respectively Transaction Information is signed, the most at least to use in two mobile terminals the private key of storage to transaction letter Breath is signed, and obtains and t sub-private key the first signature one to one, then integrates all of first signature, To the second signature, wherein the second signature with main private key, Transaction Information is signed after obtained signature identical, then make With Your Majesty's key, the second signature is verified, say, that only have the mobile terminal of sub-private key from N number of storage and at least choose Two, Transaction Information correctly can be signed, even if thus other people in addition to validated user obtain a storage Transaction Information also cannot correctly be signed by the mobile terminal having sub-private key.As the above analysis, the embodiment of the present invention The method of mobile payment provided achieves and only uses multiple storage to have the mobile terminal of sub-private key just can be to Transaction Information Correctly sign, have the mobile terminal of sub-private key can Transaction Information be entered compared to prior art only needs a storage The mobile payment mode that row is correctly signed, hence it is evident that improve the safety of payment.
Further, as in figure 2 it is shown, in above-mentioned steps S1, utilize a main private key, generate N number of different sub-private key it After, the method for mobile payment that the embodiment of the present invention is provided also includes:
Step S11, utilize N number of sub-private key, generate N number of with the most sub-PKI of sub-private key;
Such as, when utilizing a main private key to generate sub-private key A, sub-private key B and sub-private key C, these 3 sub-private keys are utilized to divide Sheng Cheng i.e. not generate 3 sub-PKIs with each the most sub-PKI D, sub-PKI E, sub-PKI F.
Step S12, from N number of sub-PKI, choose t sub-PKI.
Such as, in above-mentioned steps S4, when choosing two mobile terminals from mobile phone, Intelligent bracelet and bluetooth Key, then Correspondingly, in this step, need to choose 2 sub-PKIs from above-mentioned 3 sub-PKIs.That is, sub-PKI choose below existence Several situations: choose sub-PKI D and sub-PKI E;Choose sub-PKI D and sub-PKI F;Choose sub-PKI E and sub-PKI F.
Step S13, utilize t sub-PKI to calculate a Your Majesty's key matched with main private key, and utilize this Your Majesty's key Generate public key certificate;
Such as, in above-mentioned steps S12, from sub-PKI D, sub-PKI E and sub-PKI F, select sub-PKI D and sub-PKI E Time, the most in this step, it is possible to use sub-PKI D and sub-PKI E calculates a Your Majesty's key matched with main private key, i.e. counts This Your Majesty's key calculated can be verified with the signature in the Transaction Information after main private key signature, say, that by above-mentioned second The definition of signature understands, and this Your Majesty's key calculated can verify the second signature, then utilizes this Your Majesty's key to generate PKI Certificate.Additionally, after this step, the method for mobile payment that the embodiment of the present invention is provided can also include: step 131, general During calculating, produced intermediate data is deleted, to avoid disabled user to utilize these intermediate data to obtain sub-PKI, thus Improve the safety of mobile payment.
Step S14, public key certificate is uploaded to the webserver;
In order to make Transaction Information recipient can obtain public key certificate, will disclose by this public key certificate, PKI can be demonstrate,proved Book is uploaded to the webserver.Certainly, mode disclosed in public key certificate being not limited to the above, those skilled in the art can The most rationally to select.
If the method for mobile payment that the embodiment of the present invention is provided includes above step, then above-mentioned steps S7, use Your Majesty Second signature is verified and specifically be may include that by key
Step S15, from the webserver, download public key certificate, and utilize this public key certificate to recover Your Majesty's key;
When Transaction Information recipient needs to verify the second signature, such as, bank needs to be transmitted across client When the Transaction Information come is verified, bank can send and download request to the webserver, and the webserver please according to download Asking and send public key certificate to bank, bank utilizes this public key certificate to recover Your Majesty's key.
Second signature is verified by Your Majesty's key that step S16, use recover to obtain from public key certificate.
Such as, Transaction Information recipient can be with the Your Majesty's key recovering to obtain from public key certificate to second in Transaction Information Signature is decrypted, and obtains the first summary of Transaction Information, and uses Hash function to obtain the of Transaction Information Transaction Information Two summaries, contrast the first summary and the second summary, if the two is consistent, then it represents that the second signature is verified, if two Person is inconsistent, then it represents that the authentication failed to the second signature.
In the case of another is optional, as it is shown on figure 3, in above-mentioned steps S1, utilize a main private key, generate N number of After different sub-private keys, the method for mobile payment that the embodiment of the present invention is provided also includes:
Step S101, utilize N number of sub-private key, generate N number of with the most sub-PKI of sub-private key;
Such as, when utilizing a main private key to generate sub-private key A, sub-private key B and sub-private key C, these 3 sub-private keys are utilized to divide Sheng Cheng i.e. not generate 3 sub-PKIs with each the most sub-PKI D, sub-PKI E, sub-PKI F.
Step S102, from N number of sub-PKI, choose t sub-PKI;
Such as, in above-mentioned steps S4, when choosing two mobile terminals from mobile phone, Intelligent bracelet and bluetooth Key, then Correspondingly, in this step, need to choose 2 sub-PKIs from above-mentioned 3 sub-PKIs.That is, sub-PKI choose below existence Several situations: choose sub-PKI D and sub-PKI E;Choose sub-PKI D and sub-PKI F;Choose sub-PKI E and sub-PKI F.
Step S103, t sub-PKI is uploaded to the webserver;
In order to make Transaction Information recipient can obtain selected all sub-PKI, all sub-PKI that will be selected Open, selected all sub-PKI all can be uploaded to the webserver.Such as, by selected in above-mentioned steps S102 Sub-PKI E and sub-PKI F be all uploaded to the webserver.Certainly, by mode not office disclosed in selected all sub-PKI Being limited to the above, those skilled in the art can the most rationally select.
If the moving method that the embodiment of the present invention is provided includes above step, then above-mentioned steps S7, use Your Majesty's key pair Second signature carries out verifying and specifically may include that
Step S104, from the webserver, download all of t sub-PKI;
When Transaction Information recipient needs to verify the second signature, such as, bank needs to be transmitted across client When the Transaction Information come is verified, bank can send and download request to the webserver, and the webserver please according to download Ask and all of t sub-PKI is all sent to bank.Such as, the sub-PKI being uploaded to the webserver in step s 103 is Sub-PKI E and sub-PKI F, then bank needs all to be downloaded by sub-PKI E and sub-PKI F from the webserver.
T the sub-PKI that step S105, utilization download to calculates a Your Majesty's key matched with main private key;
Such as, bank can utilize the above-mentioned sub-PKI E downloaded to and sub-PKI F to calculate one to match with main private key Your Majesty's key.
Second signature is verified by step S106, use Your Majesty's key.
The detailed description of the invention of this step is similar with the embodiment of above-mentioned steps S16, the most no longer repeats.
Additionally, as shown in Figure 4, above-mentioned steps S3, determine the minimum of required mobile terminal that Transaction Information is signed Quantity tminSpecifically may include that
Step S31, the dealing money determined in Transaction Information;
Step S32, according to dealing money, determine tminNumerical value, wherein, dealing money is the biggest, tminNumerical value the biggest.
Such as, when utilizing a main private key to generate 10 sub-private keys, then these 10 sub-private keys are respectively stored in 10 Time in different mobile terminals, if the transaction amount of money in Transaction Information is relatively big (such as, 100,000 RMB), in order to increase shifting The dynamic safety paid, can be by tminNumerical value be set to 8, correspondingly, in above-mentioned steps S4, need to use 8 stored above Transaction Information is signed by mobile terminal respectively that have sub-private key.If the transaction amount of money in Transaction Information is less (such as, 100 RMB), for increasing the motility of mobile payment, can be by tminNumerical value be set to 2, correspondingly, in above-mentioned steps S4 In, only need 2 mobile terminals having sub-private key stored above respectively Transaction Information to be signed.Therefore, when in Transaction Information Dealing money bigger time, can be by tminNumerical value be configured to relatively big, to increase the safety of mobile payment;Work as Transaction Information In dealing money less time, can be by tminNumerical value be configured to less, to increase the motility of mobile payment.
For ease of it will be appreciated by those skilled in the art that three kinds of the following method of mobile payment that the embodiment of the present invention is provided Application scenarios explanation for example.
Application scenarios one, a user has 3 mobile terminals, such as mobile phone, Intelligent bracelet and bluetooth Key, then can be in order to Generate 3 sub-private keys with a main private key, then these 3 sub-private keys are respectively stored in mobile phone, Intelligent bracelet and bluetooth Key In, N=3 the most in this case.If by tminWhen being set as 2, when user wants correctly to sign a transaction information Time, the most at least need to use any two mobile terminal in mobile phone, Intelligent bracelet and bluetooth Key that this Transaction Information is entered respectively Row signature.Now, even if mobile phone is lost by user accidentally, the people finding this mobile phone also can only use this mobile phone to enter Transaction Information Row signature, from the safety having influence on mobile payment without the loss because of mobile phone.
Application scenarios two, an enterprise needs to assign 3 people to be jointly managed the Transaction Information of enterprise, it is desirable to every time Transaction at least needs 2 individual consents just to allow transaction to be smoothed out.At this point it is possible to utilize a main private key to generate 3 sub-private keys, Then these 3 sub-private keys are respectively stored in these 3 respective mobile phones of people, N=3 the most in this case.Further, will tminIt is set as 2, thus when enterprise needs to carry on a deal, the mobile phone at least needing 2 people's storages to have sub-private key is the most right It is the most permissible that Transaction Information carries out signature.
Application scenarios three, a pair man and wife jointly manages family assets.At this point it is possible to deposit respectively in this mobile phone to man and wife Containing 2 sub-private keys, these 2 sub-private keys utilize a main private key to generate, N=2 the most in this case.Further, By tminIt is set as 2, thus when family assets is carried on a deal by needs, needs couple to store the hands of sub-private key It is the most permissible that machine respectively Transaction Information carries out signature.
Embodiment two
Embodiments provide a kind of mobile-payment system, for implementing the mobile payment side as described in embodiment one Method, as it is shown in figure 5, this mobile-payment system includes: sub-private key generation module 1, is used for utilizing a main private key, generate N number of not Same sub-private key, N is positive integer and meets: N >=2;The distribution module 2 being connected with sub-private key generation module 1, for by N number of son Private key is respectively stored in N number of different mobile terminal;The parameter determination module 3 being connected with distribution module 2, is used for determining friendship Easily information is carried out signing the minimum quantity t of required mobile terminalmin, wherein tminFor positive integer and meet: tmin> 1;With parameter Determining that module 3 connects first chooses module 4, for choosing t mobile terminal from N number of mobile terminal, t is positive integer and expires Foot: tmin≤t≤N;The signature blocks 5 that module 4 is connected is chosen, for using the sub-private key of storage in t mobile terminal with first Respectively Transaction Information is signed, obtain and t sub-private key the first signature one to one;Whole with what signature blocks 5 was connected Compound module 6, for integrating all of first signature, obtains the second signature, and second signs and with main private key to transaction letter Signature obtained by ceasing after signing is identical;The authentication module 7 being connected with integration module 6, is used for using Your Majesty's key to second Signature is verified.
The mobile-payment system provided due to the embodiment of the present invention includes with upper module, therefore, it can first pass through son private Key generation module 1 utilizes a main private key, generates N number of different sub-private key, and N is positive integer and meets: N >=2, then by distribution This N number of sub-private key is respectively stored in N number of different mobile terminal by module 2, then is determined transaction by parameter determination module 3 Information is carried out signing the minimum quantity t of required mobile terminalmin, wherein tminFor positive integer and meet: tmin> 1, then passes through First chooses module 4 chooses t mobile terminal from this N number of mobile terminal, and wherein t is positive integer and meets: tmin≤ t≤N, Use in above-mentioned t mobile terminal the private key of storage respectively Transaction Information to be signed by signature blocks 5 again, obtain and T sub-private key the first signature one to one, then passes through integration module 6 and integrates all of first signature, obtains the Two signatures, wherein the second signature with main private key, Transaction Information is signed after obtained signature identical, pass through the most again Authentication module 7 uses Your Majesty's key to verify the second signature, say, that only have the mobile end of sub-private key from N number of storage End is at least chosen two, Transaction Information correctly can be signed, though thus other people in addition to validated user Obtaining a storage has the mobile terminal of sub-private key also cannot correctly sign Transaction Information.As the above analysis, The mobile-payment system that the embodiment of the present invention is provided achieves and only uses multiple storage to have the mobile terminal of sub-private key just may be used So that Transaction Information correctly to be signed, there is the mobile terminal of sub-private key compared to prior art only needs a storage The mobile payment mode that Transaction Information is correctly signed, hence it is evident that improve the safety of payment.
Alternatively, as shown in Figure 6, the mobile-payment system that the embodiment of the present invention is provided also includes: generate with sub-private key The first sub-PKI generation module 8 that module 1 connects, is used for utilizing N number of sub-private key, generates N number of and sub-private key PKI;Second be connected with sub-PKI generation module chooses module 9, for choosing t sub-PKI from N number of sub-PKI;With Two choose the first computing module 10 that module 9 connects, for utilizing t sub-PKI to calculate a master matched with main private key PKI, and utilize Your Majesty's key to generate public key certificate;Transmission module 11 on first be connected with the first computing module 10, for by PKI Certificate is uploaded to the webserver 12;Authentication module 7 includes the first download module 13 and the first sub-authentication module 14, wherein, One download module 13 is connected with the webserver 12, for downloading public key certificate from the webserver 12, and utilizes this PKI Warrant recovery goes out Your Majesty's key;First sub-authentication module 14 is connected with the first download module 13, for recovering to obtain from public key certificate Your Majesty's key to second signature verify.
Alternatively, as shown in Figure 6, the mobile-payment system that the embodiment of the present invention is provided also includes: calculate mould with first The removing module 15 that block 10 connects, for deleting intermediate data produced by calculating process.
Alternatively, as it is shown in fig. 7, the mobile-payment system that the embodiment of the present invention is provided also includes: generate with sub-private key The second sub-PKI generation module 16 that module 1 connects, is used for utilizing N number of sub-private key, generates N number of and sub-private key PKI;The 3rd be connected with the second sub-PKI generation module 16 chooses module 17, public for choosing t son from N number of sub-PKI Key;Transmission module 18 on choose with the 3rd that module 17 is connected second, for being uploaded to the webserver 12 by t sub-PKI;Test Card module 7 includes the second download module the 19, second computing module 20 and the second sub-authentication module 21, wherein, the second download module 19 are connected with the webserver 12, for downloading all of t sub-PKI from the webserver 12;Second computing module 20 with Second download module 19 connects, for utilizing the t downloaded to a sub-PKI to calculate a Your Majesty's key matched with main private key; Second sub-authentication module 21 is connected with the second computing module 20, is used for using Your Majesty's key to verify the second signature.
Alternatively, as shown in Figure 8, parameter determination module 3 specifically may include that dealing money acquiring unit 22, for really Determine the dealing money in Transaction Information;The minimum quantity being connected with dealing money acquiring unit 22 determines unit 23, for basis Dealing money, determines the minimum quantity t of required mobile terminal of signing Transaction Informationmin, wherein, dealing money is the biggest, tminNumerical value the biggest.
It should be noted that process when mobile-payment system moves payment, see mobile payment in embodiment one The associated description of method can obtain, and the most no longer repeats.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited thereto, and any Those familiar with the art, in the technical scope that the invention discloses, can readily occur in change or replace, should contain Cover within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with described scope of the claims.

Claims (10)

1. a method of mobile payment, it is characterised in that described method of mobile payment includes:
Utilizing a main private key, generate N number of different sub-private key, N is positive integer and meets: N >=2;
N number of described sub-private key is respectively stored in N number of different mobile terminal;
Determine the minimum quantity t of required mobile terminal that Transaction Information is signedmin, wherein tminFor positive integer and meet: tmin> 1;
Choosing t mobile terminal from N number of described mobile terminal, wherein, t is positive integer and meets: tmin≤t≤N;
Use the sub-private key of storage in t described mobile terminal respectively Transaction Information to be signed, obtain son described with t private Key the first signature one to one;
Integrating all of described first signature, obtain the second signature, described second signs and with described main private key to institute State the signature obtained by after Transaction Information is signed identical;
Use Your Majesty's key that described second signature is verified.
Method of mobile payment the most according to claim 1, it is characterised in that in the step generating N number of different sub-private key Afterwards, described method of mobile payment also includes:
Utilize N number of described sub-private key, generate the N number of and described the most sub-PKI of sub-private key;
T sub-PKI is chosen from N number of described sub-PKI;
Utilize t described sub-PKI to calculate a Your Majesty's key matched with described main private key, and utilize described Your Majesty's key raw Become public key certificate;
Described public key certificate is uploaded to the webserver;
The described step using Your Majesty's key to verify described second signature specifically includes:
From the described webserver, download described public key certificate, and utilize described public key certificate to recover described Your Majesty's key;
Use the Your Majesty's key recovering to obtain from described public key certificate that described second signature is verified.
Method of mobile payment the most according to claim 2, it is characterised in that calculate one utilizing t described sub-PKI After the step of Your Majesty's key that individual and described main private key matches, described method of mobile payment also includes:
During calculating, produced intermediate data is deleted.
Method of mobile payment the most according to claim 1, it is characterised in that in the step generating N number of different sub-private key Afterwards, described method of mobile payment also includes:
Utilize N number of described sub-private key, generate the N number of and described the most sub-PKI of sub-private key;
T sub-PKI is chosen from N number of described sub-PKI;
T described sub-PKI is uploaded to the webserver;
The described step using Your Majesty's key to verify described second signature specifically includes:
T described sub-PKI is downloaded from the described webserver;
The t downloaded to a described sub-PKI is utilized to calculate a Your Majesty's key matched with described main private key;
Use described Your Majesty's key that described second signature is verified.
Method of mobile payment the most according to claim 1, it is characterised in that determine Transaction Information is signed required The minimum quantity t of mobile terminalminStep specifically include:
Determine the dealing money in described Transaction Information;
According to described dealing money, determine tminNumerical value, wherein, described dealing money is the biggest, tminNumerical value the biggest.
6. a mobile-payment system, for implementing the method for mobile payment described in any one of claim 1~5, its feature exists In, described mobile-payment system includes:
Sub-private key generation module, is used for utilizing a main private key, generates N number of different sub-private key, and N is positive integer and meets: N >= 2;
The distribution module being connected with described sub-private key generation module, for being respectively stored in N number of different by N number of described sub-private key In mobile terminal;
The parameter determination module being connected with described distribution module, for determining required mobile terminal of signing Transaction Information Minimum quantity tmin, wherein tminFor positive integer and meet: tmin> 1;
First be connected with described parameter determination module chooses module, mobile whole for choosing t from N number of described mobile terminal End, t is positive integer and meets: tmin≤t≤N;
The signature blocks that module is connected is chosen, for using the sub-private key of storage in t described mobile terminal to divide with described first Other Transaction Information is signed, obtain and t described sub-private key the first signature one to one;
The integration module being connected with described signature blocks, for integrating all of described first signature, obtains the second label Name, described second signature with described main private key, described Transaction Information is signed after obtained signature identical;
The authentication module being connected with described integration module, is used for using Your Majesty's key to verify described second signature.
Mobile-payment system the most according to claim 6, it is characterised in that described mobile-payment system also includes:
The the first sub-PKI generation module being connected with described sub-private key generation module, is used for utilizing N number of described sub-private key, generates N Individual with the described the most sub-PKI of sub-private key;
Second be connected with described sub-PKI generation module chooses module, public for choosing t son from N number of described sub-PKI Key;
Choose, with described second, the first computing module that module is connected, be used for utilizing t described sub-PKI to calculate one and institute State Your Majesty's key that main private key matches, and utilize described Your Majesty's key to generate public key certificate;
Transmission module on first be connected with described first computing module, for being uploaded to the webserver by described public key certificate;
Described authentication module includes the first download module and the first sub-authentication module, and wherein, described first download module is with described The webserver connects, and for downloading described public key certificate from the described webserver, and utilizes described public key certificate to recover Go out described Your Majesty's key;Described first sub-authentication module is connected with described first download module, for recovering from described public key certificate Described second signature is verified by the Your Majesty's key obtained.
Mobile-payment system the most according to claim 7, it is characterised in that described mobile-payment system also includes: with institute State the removing module that the first computing module connects, for being deleted by intermediate data produced by calculating process.
Mobile-payment system the most according to claim 6, it is characterised in that described mobile-payment system also includes:
The the second sub-PKI generation module being connected with described sub-private key generation module, is used for utilizing N number of described sub-private key, generates N Individual with the described the most sub-PKI of sub-private key;
The 3rd be connected with described second sub-PKI generation module chooses module, for choosing t son from N number of described sub-PKI PKI;
Transmission module on choose with the described 3rd that module is connected second, for being uploaded to the webserver by t described sub-PKI;
Described authentication module includes the second download module, the second computing module and the second sub-authentication module, wherein, described second time Carry module to be connected with the described webserver, for downloading all of t described sub-PKI from the described webserver;Described Second computing module is connected with described second download module, for utilize the t that downloads to described sub-PKI calculate one with Your Majesty's key that described main private key matches;Described second sub-authentication module is connected with described second computing module, is used for using institute State Your Majesty's key described second signature is verified.
Mobile-payment system the most according to claim 6, it is characterised in that described parameter determination module specifically includes:
Dealing money acquiring unit, for determining the dealing money in Transaction Information;
The minimum quantity being connected with described dealing money acquiring unit determines unit, and for according to described dealing money, it is right to determine Described Transaction Information is carried out signing the minimum quantity t of required mobile terminalmin, wherein, described dealing money is the biggest, tminNumber It is worth the biggest.
CN201610581937.1A 2016-07-21 2016-07-21 A kind of method of mobile payment and mobile-payment system Active CN106251146B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610581937.1A CN106251146B (en) 2016-07-21 2016-07-21 A kind of method of mobile payment and mobile-payment system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610581937.1A CN106251146B (en) 2016-07-21 2016-07-21 A kind of method of mobile payment and mobile-payment system

Publications (2)

Publication Number Publication Date
CN106251146A true CN106251146A (en) 2016-12-21
CN106251146B CN106251146B (en) 2018-04-10

Family

ID=57603631

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610581937.1A Active CN106251146B (en) 2016-07-21 2016-07-21 A kind of method of mobile payment and mobile-payment system

Country Status (1)

Country Link
CN (1) CN106251146B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109816362A (en) * 2019-01-28 2019-05-28 杭州复杂美科技有限公司 Red packet processing method, equipment and storage medium
WO2020181427A1 (en) * 2019-03-08 2020-09-17 云图有限公司 Signing method, device, and system employing secure multi-party computation
CN113765657A (en) * 2017-08-28 2021-12-07 创新先进技术有限公司 Key data processing method and device and server

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101056173A (en) * 2007-05-22 2007-10-17 周弘懿 A RSA based joint electronic signature method
CN101416439A (en) * 2006-04-06 2009-04-22 英特尔公司 Supporting multiple key ladders using a common private key set

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101416439A (en) * 2006-04-06 2009-04-22 英特尔公司 Supporting multiple key ladders using a common private key set
CN101056173A (en) * 2007-05-22 2007-10-17 周弘懿 A RSA based joint electronic signature method

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113765657A (en) * 2017-08-28 2021-12-07 创新先进技术有限公司 Key data processing method and device and server
CN113765657B (en) * 2017-08-28 2023-10-24 创新先进技术有限公司 Key data processing method, device and server
CN109816362A (en) * 2019-01-28 2019-05-28 杭州复杂美科技有限公司 Red packet processing method, equipment and storage medium
CN109816362B (en) * 2019-01-28 2021-07-06 杭州复杂美科技有限公司 Red packet processing method, device and storage medium
WO2020181427A1 (en) * 2019-03-08 2020-09-17 云图有限公司 Signing method, device, and system employing secure multi-party computation

Also Published As

Publication number Publication date
CN106251146B (en) 2018-04-10

Similar Documents

Publication Publication Date Title
US10102526B1 (en) Method and system for blockchain-based combined identity, ownership, integrity and custody management
CN112215608B (en) Data processing method and device
CN100399737C (en) Method of data protection
CN109409122A (en) File memory method and its electronic equipment, storage medium
EP3983979A1 (en) Dynamic off-chain digital currency transaction processing
CN111160915B (en) Riding code verification method and device, traffic code scanning equipment and terminal equipment
KR20180115768A (en) Encryption method and system for secure extraction of data from a block chain
CN1636353A (en) A method, system and computer program product for secure ticketing in a communications device
CN104901931A (en) certificate management method and device
KR102227578B1 (en) Method for serving certificate based on zero knowledge proof by using blockchain network, and server and terminal for using them
US20230259899A1 (en) Method, participant unit, transaction register and payment system for managing transaction data sets
CN113474804A (en) Transaction and account verification method, device and storage medium of digital currency
CN112700250B (en) Identity authentication method, device and system in financial scene
EP2736214A1 (en) Controlling application access to mobile device functions
CN106251146A (en) A kind of method of mobile payment and mobile-payment system
KR20180052838A (en) Method for Operating Safety Remittance by using Unchangeable Double Record based on Verification of the Remittee
CN104063668A (en) Application installation package signing system and method
Draper et al. Security applications and challenges in blockchain
CN114514550A (en) Partitioning requests into blockchains
CN106856431A (en) Improved ECDSA and sign test method
Bender et al. Privacy-friendly revocation management without unique chip identifiers for the German national ID card
US20230267426A1 (en) Payment system, coin register, participant unit, transaction register, monitoring register and method for payment with electronic coin data sets
EP3178073B1 (en) Security management system for revoking a token from at least one service provider terminal of a service provider system
KR20180054974A (en) Method for Operating Mobile Lending and Borrowing based on Verification of the Remittee
CN111294315B (en) Block chain-based security authentication method, block chain-based security authentication device, block chain-based security authentication equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant