CN108133366B - payment method and payment system of financial card and mobile terminal - Google Patents
payment method and payment system of financial card and mobile terminal Download PDFInfo
- Publication number
- CN108133366B CN108133366B CN201711404519.6A CN201711404519A CN108133366B CN 108133366 B CN108133366 B CN 108133366B CN 201711404519 A CN201711404519 A CN 201711404519A CN 108133366 B CN108133366 B CN 108133366B
- Authority
- CN
- China
- Prior art keywords
- data
- apdu
- platform
- mobile terminal
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3221—Access to banking information through M-devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/352—Contactless payments by cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a payment method, a payment system and a mobile terminal of a financial card, wherein the method comprises the following steps: the mobile terminal sends first APDU data to the first platform; the first platform authenticates the mobile terminal; the first platform decrypts and analyzes the first APDU data to form second APDU data and sends the second APDU data to the card inserting device; the card-inserting device verifies the first platform; the card inserting device extracts the APDU command in the second APDU data and sends the APDU command to the financial card; the financial card sends the processing result of the APDU instruction to the card inserting device; the card inserting device forms first return data and sends the first return data to the first platform; the first platform verifies the card inserting device; the first platform decrypts and analyzes the first return data to form second return data and sends the second return data to the mobile terminal; the mobile terminal verifies the first platform; and the mobile terminal decrypts and analyzes the second return data and sends the second return data to the payment medium to realize payment transaction. The payment transaction can be realized without installing a financial card in the mobile terminal. When the mobile terminal is lost, no economic loss is caused.
Description
Technical Field
The present application relates to the field of communication payment, and in particular, to a payment method and a payment system for a financial card and a mobile terminal.
background
The mobile payment method which is common in the market at present usually carries out payment based on an embedded SE method, and the method uses a mobile phone as a carrier, combines a non-contact SE chip application into the mobile phone, stores all sensitive information in the SE chip, and can realize various applications such as payment, identity authentication, information exchange and the like. Under the normal condition, only the mobile device is required to communicate with the payment terminal, although the payment speed is high, the security during data transmission cannot be guaranteed, and the security of payment is reduced.
Moreover, the mobile device and the SE chip are usually required to be bound together, which greatly facilitates work and life of people, but when the mobile device is lost, the SE card is also lost, which easily causes economic loss.
Disclosure of Invention
a payment method for a financial card, comprising the steps of: the mobile terminal sends encrypted first APDU data to the first platform, wherein the first APDU data comprises an APDU command and mobile terminal equipment information; the first platform verifies the mobile terminal; if the verification is passed, the first platform decrypts and analyzes the first APDU data, adds the ID of the first platform into the first APDU data, reorganizes the first APDU data to form second APDU data, and then sends the second APDU data to the card inserting device; the card inserting device carries out identity verification on the first platform; if the verification is passed, the card inserting device extracts the APDU instruction in the second APDU data and sends the APDU instruction to the financial card corresponding to the account information; the financial card processes the APDU command and sends the processing result to the card inserting device; the card inserting device adds the ID of the card inserting device into a processing result, reorganizes and encrypts the ID to form first return data, and sends the first return data to the first platform; the first platform carries out identity verification on the card inserting device; if the verification is passed, the first platform decrypts and analyzes the first returned data, adds the first platform ID into the first returned data, reorganizes and encrypts the first returned data to form second returned data, and sends the second returned data to the mobile terminal; the mobile terminal carries out identity authentication on the first platform; if the verification is passed, the mobile terminal decrypts and analyzes the second returned data; the mobile terminal extracts the second return data and sends the second return data to the payment medium; and the payment medium and the bank background system carry out data communication to realize payment transaction.
as above, when the offline card payment is realized, the payment medium is a non-contact terminal; the first APDU data further comprises financial card account information and/or user personal identity information; the payment method further comprises the following steps: the non-contact terminal sends third APDU data to the mobile terminal; and the mobile terminal encrypts the third APDU data and reorganizes the third APDU data to form the first APDU data.
As above, when online payment is implemented, the payment medium is an online payment platform, and the data communication between the payment medium and the bank background system includes: the online payment platform carries out identity verification on the mobile terminal, and if the mobile terminal passes the verification, second return data is received; and the online payment platform receives the second return data and sends the second return data to the bank background system.
As above, wherein the mobile terminal includes an NFC controller and an APP client; the NFC controller receives third APDU data and sends the third APDU data to the APP client; the APP client receives the third APDU data, reorganizes and encrypts the third APDU data to form first APDU data, and sends the first APDU data to the first platform; the APP client receives the second return data, decrypts and analyzes the second return data, extracts the second return data and sends the second return data to the NFC controller; the NFC controller sends the second return data to the contactless terminal.
As above, when the offline card-swiping payment is realized, the first APDU data includes an APDU command, a PIN code input by the user through the contactless terminal, and mobile terminal device information.
a payment system comprises a mobile terminal, a first platform, a card inserting device and a financial card; the mobile terminal is in communication connection with the first platform and is used for receiving the first APDU data, sending the first APDU data to the first platform and decrypting the received second return data for data communication with the first platform; the first platform is in communication connection with the card inserting device and is used for receiving the first APDU data, decrypting and analyzing the first APDU data and sending second APDU data to the card inserting device; the card inserting device is connected with the financial card and used for receiving second APDU data, extracting APDU instructions and sending the APDU instructions to the financial card, encrypting a received processing result and sending the encrypted processing result to the first platform; the financial card is used for receiving and processing the APDU command and sending the processing result of the APDU command to the card inserting device.
The system also comprises a non-contact terminal and an online payment platform; the non-contact terminal is used for communicating with the bank background system, sending APDU data to the mobile terminal and receiving second return data sent by the mobile terminal; and the online payment platform is used for decrypting and analyzing the second returned data and carrying out data communication with the bank background system.
a mobile terminal comprises a first APDU data sending module, a first platform identity verification module, a second return data receiving module, a second return data decryption analysis module, a second return data extraction module and a second return data sending module; the first APDU data sending module is used for sending the first APDU data to the first platform; the first platform identity authentication module is used for authenticating the identity of the first platform; the second return data receiving module is used for receiving second return data; the second returned data decryption and analysis module is connected with the second returned data receiving module and used for decrypting and analyzing the second returned data if the verification is passed; the second return data extraction module is connected with the second return data decryption analysis module and used for extracting second return data; the second return data sending module is connected with the second return data extracting module and used for sending the second return data to the payment medium.
As above, the mobile terminal further includes a third APDU data receiving module, a third APDU data encrypting module, and a third APDU data reorganizing module; the third APDU data receiving module is used for receiving third APDU data sent by the non-contact terminal; the third APDU data encryption module is connected with the third APDU data receiving module and used for encrypting the third APDU command; the third APDU data reorganizing module is connected with the third APDU data encrypting module and is used for reorganizing the encrypted third APDU data to form the first APDU data.
as above, wherein the mobile terminal includes an NFC controller and an APP client; the NFC controller comprises a third APDU data receiving module, a third APDU data sending module, a third return data receiving module and a second return data sending module; the APP client comprises a fourth APDU data receiving module, a first APDU data forming module, a first APDU data sending module, a first platform identity verification module, a second return data receiving module, a second return data decryption and analysis module, a second return data extraction module, a fourth return data sending module and a fifth return data sending module; the third APDU data receiving module is used for receiving third APDU data sent by the non-contact terminal; the third APDU data sending module is connected with the third APDU data receiving module and used for sending third APDU data to the APP client; the third return data receiving module is used for receiving second return data sent by the APP client; the fourth APDU data receiving module is connected with the third APDU data sending module and used for receiving third APDU data sent by the NFC controller; the first APDU data forming module is connected with the fourth APDU data receiving module and is used for reorganizing the received third APDU data into first APDU data; the fourth return data sending module is respectively connected with the second return data extracting module and the third return data receiving module and is used for sending second return data to the NFC controller; and the fifth return data sending module is connected with the second return data extracting module and used for sending the extracted second return data to the online payment platform.
The technical effects of the embodiments of the present application are as follows:
(1) The mobile terminal does not need to be provided with a financial card for payment transaction, and the payment transaction can be realized only by placing the financial card at home or in other safe environments without carrying about.
(2) Sensitive information of the financial card for payment transaction is not stored in the mobile terminal, and economic loss of the financial account is avoided when the mobile terminal is lost.
(3) Because the payment transaction is a remote transaction, the data transmission process is safer by depending on a hardware security unit, and even if the first platform or the online payment platform is attacked, the financial card and the card inserting device only need to be separated, so that financial loss can be avoided.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and other drawings can be obtained by those skilled in the art according to the drawings.
FIG. 1 is a schematic diagram of the internal structure of a payment system provided herein;
FIG. 2 is a flow chart of an offline payment transaction provided by the present application;
FIG. 3 is a flow chart of an online payment transaction provided herein;
Fig. 4 is a schematic internal structure diagram of a mobile terminal provided in the present application;
Fig. 5 is a schematic internal structure diagram of an NFC controller provided in the present application;
fig. 6 is a schematic internal structure diagram of an APP client provided in the present application;
Detailed Description
The technical solutions in the embodiments of the present invention are clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The application provides a payment system of a financial card, which can realize online payment transaction and offline payment transaction. As shown in fig. 1, the payment system includes a mobile terminal 101, a first platform 102, a card insertion device 103, a financial card 104, and a payment medium 105.
the mobile terminal 101 is communicatively connected to a first platform 102 for data communication therewith.
The first platform 102 is communicatively coupled to a card-insertion device 103 for data communication therewith.
the card insertion device 103 is connected with the financial card 104 for data communication with the financial card.
The financial card 104 is used for receiving and processing the APDU command and sending the processing result of the APDU command to the card-inserting device.
the payment medium 105 is in communication connection with the mobile terminal 101, and is used for performing data communication with a bank background system to complete payment transaction.
Preferably, the mobile terminal 101 comprises an NFC controller and an APP client.
Example one
The embodiment provides an offline payment transaction process, as shown in fig. 1, which includes the following specific steps:
step S210: and the non-contact terminal receives a payment transaction instruction input by the merchant and sends third APDU data to the mobile terminal according to the payment transaction instruction.
Illustratively, the contactless terminal performs data communication with the mobile terminal through a contactless communication protocol TYPE a or TYPE B.
as an embodiment, the third APDU data includes a first APDU instruction, the content of which is determined according to the type of the payment transaction instruction.
illustratively, the first APDU instruction may be a select AID, GPO, READ RECORD, internal authentication, GAC instruction, etc. instruction for financial transactions that is internally organized by the contactless terminal; or an APDU instruction (such as external authentication and script instruction in financial transaction) organized according to data received from the bank background system when the contactless terminal interacts with the bank background system.
As another embodiment, when the offline card-swiping payment requires a PIN code, the first APDU data includes the first APDU command, the PIN code input by the user via the contactless terminal, and the mobile terminal device information.
illustratively, the mobile terminal device information is a mobile phone number used by the user.
preferably, the first APDU data may further include financial card account information and/or user personal identification information.
Specifically, the user personal identity information is information such as an identification number and a user name of the user.
step S220: and the mobile terminal receives the third APDU data, reorganizes and encrypts the third APDU data to form first APDU data and sends the first APDU data to the first platform.
Specifically, the NFC controller receives the third APDU data and sends the third APDU data to the APP client, and the APP client receives the third APDU data, reorganizes and encrypts the third APDU data to form the first APDU data, and sends the first APDU data to the first platform.
As an embodiment, the mobile terminal encrypts the first APDU data using the private key SK of the asymmetric algorithm RSA or ECC.
illustratively, the first APDU data includes first APDU instructions, mobile terminal device information, account information of the financial card, and/or user personal identification information.
Specifically, the individual identification information includes a user name and a user identification number.
Step S230: the first platform receives the first APDU data and carries out identity authentication on the mobile terminal.
specifically, the first platform stores the mobile terminal device information, and when it is detected that the received mobile terminal device information is consistent with the internally stored mobile terminal device information, the verification is passed.
And if the verification fails, the first platform returns error information.
If the verification is passed, step S240 is executed: and the first platform decrypts and analyzes the first APDU data, adds the first platform ID into the first APDU data, reorganizes the first APDU data to form second APDU data, and then sends the second APDU data to the card inserting device.
As an embodiment, the first platform decrypts the first APDU data using the public key PK of the asymmetric algorithm RSA or ECC.
step S250: and the card inserting device performs identity verification on the first platform.
Specifically, a plurality of platform IDs are pre-stored in the card insertion device, and when the ID of the first platform is verified to be one of the platform IDs, the verification is passed.
If the verification fails, the card-inserting device returns an error message.
if the verification is passed, step S260 is executed: and the card inserting device receives the second APDU data, extracts the first APDU instruction in the second APDU data and sends the first APDU instruction to the financial card corresponding to the account information.
as an example, the card-inserting device communicates data with the financial card through ISO/IEC 7816-3 protocol T0 or T1.
Step S270: the financial card processes the first APDU command and sends a first processing result to the card inserting device.
Step S280: and the card inserting device receives the first processing result, adds the ID of the card inserting device into the first processing result, reorganizes and encrypts the ID to form first return data, and sends the first return data to the first platform.
step S290: the first platform carries out identity verification on the card inserting device.
Specifically, the first platform stores the ID of the card-plugging device in advance, and when the ID of the card-plugging device received by verification is consistent with the ID of the card-plugging device stored locally, the verification is passed.
And if the verification fails, the first platform returns error information.
if the verification is passed, step S2100 is executed: and the first platform decrypts and analyzes the first return data, adds the first platform ID into the first return data, reorganizes and encrypts the first return data to form second return data, and sends the second return data to the mobile terminal.
step S2110: and the mobile terminal performs identity authentication on the first platform.
Specifically, the mobile terminal prestores the ID of the first platform, and when the received first platform ID is verified to be consistent with the locally stored ID, the verification is passed.
And if the verification is not passed, the mobile terminal returns error information.
If the verification is passed, step S2120 is executed: and the mobile terminal receives the second return data and decrypts and analyzes the second return data.
Specifically, the APP client in the mobile terminal decrypts and analyzes the second returned data.
Step S2130: and the mobile terminal extracts the second return data and sends the second return data to the non-contact terminal.
Specifically, the APP client in the mobile terminal extracts the second return data and sends the second return data to the NFC controller, and the NFC controller sends the second return data to the contactless terminal.
Step S2140: and the non-contact terminal and the bank background system carry out data communication to realize payment transaction.
Example two
The embodiment provides an online payment transaction process, which specifically includes the following steps as shown in fig. 3:
step S310: and the mobile terminal sends a payment instruction, organizes and encrypts the fourth APDU data and sends the fourth APDU data to the first platform.
Specifically, the APP client organizes and encrypts the fourth APDU data and sends the fourth APDU data to the first platform.
as an embodiment, the fourth APDU data includes a second APDU command, account information of the financial card, and user personal identification information, and the second APDU command is determined according to the payment command type.
For example, if the payment instruction type is earmark, the second APDU instruction may be select AID, GPO, READ RECORD, GAC, internal authentication, script instruction putdata.
Step S320: and the first platform receives the fourth APDU data and authenticates the mobile terminal.
Specifically, the first platform stores the mobile terminal device information, and when it is detected that the received mobile terminal device information is consistent with the internally stored mobile terminal device information, the verification is passed.
and if the verification fails, the first platform returns error data.
If the verification is passed, step S330 is executed: and the first platform decrypts and analyzes the fourth APDU data, adds the first platform ID into the fourth APDU data, reorganizes the fourth APDU data to form fifth APDU data, and then sends the fifth APDU data to the card inserting device.
Step S340: the card inserting device carries out identity verification on the first platform;
Specifically, a plurality of platform IDs are pre-stored in the card insertion device, and when the ID of the first platform is verified to be one of the platform IDs, the verification is passed.
If the verification fails, the card-inserting device returns an error message.
if the verification is passed, step S350 is executed: the card inserting device receives the fifth APDU data, extracts a second APDU instruction in the fifth APDU data and sends the second APDU instruction to the financial card corresponding to the account information;
step S360: the financial card processes the second APDU command and sends a second processing result to the card inserting device;
Step S370: the card inserting device receives the second processing result, adds the ID of the card inserting device into the second processing result, reorganizes and encrypts the second processing result to form third return data, and sends the third return data to the first platform;
Step S380: the first platform carries out identity verification on the card inserting device;
Specifically, the first platform stores the ID of the card-plugging device in advance, and when the ID of the card-plugging device received by verification is consistent with the ID of the card-plugging device stored locally, the verification is passed.
And if the verification fails, the first platform returns error information.
if the verification is passed, step S390 is executed: and the first platform decrypts and analyzes the third return data, adds the first platform ID into the third return data, reorganizes and encrypts the third return data to form fourth return data, and sends the fourth return data to the mobile terminal.
step S3100: and the mobile terminal performs identity authentication on the first platform.
Specifically, the mobile terminal stores the ID of the first platform in advance, and when the received first platform ID is verified to be consistent with the locally stored ID, the verification is passed.
and if the verification is not passed, the mobile terminal returns error information.
If the verification is passed, step S3110 is executed: and the mobile terminal receives the fourth return data and decrypts and analyzes the fourth return data.
Specifically, the APP client in the mobile terminal decrypts and analyzes the fourth returned data.
Step S3120: the mobile terminal extracts the fourth return data and sends the fourth return data to the online payment platform.
specifically, the APP client in the mobile terminal extracts the fourth returned data and sends the fourth returned data to the online payment platform.
Step S3130: and the online payment platform carries out identity verification on the mobile terminal.
Specifically, the on-line payment platform stores personal identity information of the mobile terminal, and when the received personal identity information is detected to be consistent with the internally stored personal identity information, the verification is passed.
And if the verification fails, the online payment platform returns error information.
If the verification is passed, execute step S3140: and the online payment platform receives the fourth returned data and sends the fourth returned data to the bank background system to realize payment transaction.
As shown in fig. 4, the mobile terminal includes an NFC controller 401 and an APP client 402.
The NFC controller 401 is configured to transmit data between the contactless terminal and the APP client.
The APP client 402 is used for transmitting a non-contact terminal instruction or transmitting an own organization instruction to the first platform, and sending the return data of the first platform to the payment medium, so that the payment medium interacts with the bank background system, and the transaction is completed.
As shown in fig. 5, the NFC controller 401 includes a third APDU data receiving module 501, a third APDU data transmitting module 502, a third return data receiving module 503, and a second return data transmitting module 504.
The third APDU data receiving module 501 is configured to receive third APDU data sent by the contactless terminal.
The third APDU data sending module 502 is connected to the third APDU data receiving module 501, and is configured to send third APDU data to the APP client.
The third return data receiving module 503 is configured to receive second return data sent by the APP client.
The second return data sending module 504 is connected to the second return data receiving module 503, and is configured to send the received second return data to the contactless terminal.
As shown in fig. 6, the APP client includes a fourth APDU data receiving module 601, a first APDU data forming module 602, a first APDU data sending module 603, a first platform identity verifying module 604, a second return data receiving module 605, a second return data decrypting and parsing module 606, a second return data extracting module 607, a fourth return data sending module 608, and a fifth return data sending module 609.
the fourth APDU data receiving module 601 is configured to receive third APDU data sent by the NFC controller.
the first APDU data forming module 602 is connected to the fourth APDU data receiving module 601, and is configured to reorganize and encrypt the received third APDU data to form the first APDU data.
The first APDU data sending module 603 is connected to the first APDU data forming module 602, and is configured to send the encrypted first APDU data or the fourth APDU data to the first platform.
The first platform identity verification module 604 is used to verify the identity of the first platform.
The second return data receiving module 605 is connected to the first platform identity verifying module 604, and is configured to receive the second return data or the fourth return data sent by the first platform if the first platform identity verification passes.
The second return data decryption and analysis module 606 is connected to the second return data receiving module 605, and is configured to decrypt and analyze the received second return data or fourth return data.
The second return data extraction module 607 is connected to the second return data decryption module 606, and is configured to extract the decrypted and analyzed second return data or fourth return data.
the fourth return data sending module 608 is connected to the second return data extracting module 607, and is configured to send the extracted second return data to the NFC controller.
The fifth return data sending module 609 is connected to the second return data extracting module 607, and is configured to send the extracted fourth return data to the online payment platform.
the technical effects of the embodiments of the present application are as follows:
(1) The mobile terminal does not need to be provided with a financial card for payment transaction, and the payment transaction can be realized only by placing the financial card at home or in other safe environments without carrying about.
(2) Sensitive information of the financial card for payment transaction is not stored in the mobile terminal, and economic loss of the financial account is avoided when the mobile terminal is lost.
(3) because the payment transaction is a remote transaction, the data transmission process is safer by depending on a hardware security unit, and even if the first platform or the online payment platform is attacked, the financial card and the card inserting device only need to be separated, so that financial loss can be avoided.
While the preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the equivalent techniques of the present application, the present application is intended to include such modifications and variations as well.
Claims (10)
1. a method for payment of a financial card, comprising the steps of:
The mobile terminal receives third APDU data sent by the non-contact terminal according to the payment transaction instruction, and encrypts the third APDU data to form first APDU data;
The mobile terminal sends encrypted first APDU data to the first platform, wherein the first APDU data comprises an APDU command and mobile terminal equipment information;
The first platform verifies the mobile terminal;
If the verification is passed, the first platform decrypts and analyzes the first APDU data, adds the first platform ID into the first APDU data, reorganizes the first APDU data to form second APDU data, and then sends the second APDU data to the card inserting device;
The card inserting device carries out identity verification on the first platform;
if the verification is passed, the card inserting device extracts the APDU instruction in the second APDU data and sends the APDU instruction to the financial card corresponding to the account information;
The financial card processes the APDU instruction and sends a processing result to the card inserting device;
The card inserting device adds the ID of the card inserting device into the processing result, reorganizes and encrypts the ID to form first return data, and sends the first return data to the first platform;
the first platform carries out identity verification on the card-inserting device;
if the verification is passed, the first platform decrypts and analyzes the first returned data, adds the first platform ID into the first returned data, reorganizes and encrypts the first returned data to form second returned data, and sends the second returned data to the mobile terminal;
The mobile terminal carries out identity authentication on the first platform;
if the verification is passed, the mobile terminal decrypts and analyzes the second returned data;
The mobile terminal extracts the second return data and sends the second return data to a payment medium;
The payment medium and the bank background system carry out data communication to realize payment transaction;
Wherein the first APDU data further includes account information of the financial card and/or user personal identity information.
2. The payment method of a financial card as claimed in claim 1, wherein, when the offline card-swiping payment is realized, the payment medium is a non-contact terminal; the first APDU data also comprises financial card account information and/or user personal identity information;
The payment method further comprises the following steps:
The non-contact terminal sends third APDU data to the mobile terminal;
And the mobile terminal encrypts the third APDU data and reorganizes the third APDU data to form the first APDU data.
3. The payment method of the financial card as claimed in claim 1, wherein when the online payment is realized, the payment medium is an online payment platform, and the data communication between the payment medium and the bank background system includes:
The online payment platform carries out identity verification on the mobile terminal, and if the mobile terminal passes the verification, the second return data is accepted;
And the online payment platform receives the second return data and sends the second return data to the bank background system.
4. the payment method of a financial card as claimed in claim 2, wherein the mobile terminal includes an NFC controller and an APP client;
The NFC controller receives the third APDU data and sends the third APDU data to the APP client; the APP client receives the third APDU data, reorganizes and encrypts the third APDU data to form first APDU data, and sends the first APDU data to the first platform;
the APP client receives the second return data, decrypts and analyzes the second return data, extracts the second return data and sends the second return data to the NFC controller; and the NFC controller sends the second return data to the non-contact terminal.
5. a payment method for a financial card as claimed in claim 2, wherein the first APDU data includes an APDU command, a PIN code inputted by a user via the contactless terminal and the mobile terminal device information when the offline card payment is implemented.
6. A payment system is characterized by comprising a mobile terminal, a first platform, a card inserting device and a financial card;
The mobile terminal is in communication connection with the first platform and is used for receiving first APDU data, sending the first APDU data to the first platform and decrypting the received second return data; the mobile terminal receives third APDU data sent by the non-contact terminal according to the payment transaction instruction, and encrypts the third APDU data to form first APDU data; the first platform decrypts and analyzes the first return data, adds the first platform ID into the first return data, reorganizes and encrypts the first return data to form second return data;
the first platform is in communication connection with the card inserting device and is used for receiving the first APDU data, decrypting and analyzing the first APDU data and sending second APDU data to the card inserting device;
The card inserting device is connected with the financial card and used for receiving the second APDU data, extracting an APDU command and sending the APDU command to the financial card, encrypting a received processing result and sending the encrypted processing result to the first platform;
The financial card is used for receiving and processing the APDU command and sending the processing result of the APDU command to the card inserting device;
The first APDU data further includes account information of the financial card and/or user personal identification information.
7. The payment system of claim 6, further comprising a contactless terminal and an online payment platform;
The non-contact terminal is used for communicating with a bank background system, sending third APDU data to the mobile terminal and receiving the second return data sent by the mobile terminal;
and the online payment platform is used for decrypting and analyzing the second return data and carrying out data communication with the bank background system.
8. A mobile terminal is characterized by comprising a first APDU data sending module, a first platform identity verification module, a second return data receiving module, a second return data decryption and analysis module, a second return data extraction module and a second return data sending module;
the first APDU data sending module is used for receiving third APDU data sent by the non-contact terminal according to the payment transaction instruction, encrypting the third APDU data to form first APDU data and sending the first APDU data to the first platform; the first APDU data comprises account information of a financial card and/or personal identity information of a user;
The first platform identity authentication module is used for authenticating the identity of the first platform;
The second return data receiving module is used for receiving second return data; the first platform decrypts and analyzes the first return data, adds the first platform ID into the first return data, reorganizes and encrypts the first return data to form second return data;
The second returned data decryption and analysis module is connected with the second returned data receiving module and used for decrypting and analyzing the second returned data if the verification is passed;
the second return data extraction module is connected with the second return data decryption analysis module and used for extracting the second return data;
The second return data sending module is connected with the second return data extracting module and used for sending the second return data to a payment medium.
9. The mobile terminal of claim 8, wherein the mobile terminal further comprises a third APDU data receiving module, a third APDU data encrypting module, a third APDU data reorganizing module;
The third APDU data receiving module is configured to receive the third APDU data sent by the contactless terminal;
The third APDU data encryption module is connected with the third APDU data receiving module and is used for encrypting the third APDU command;
the third APDU data reorganizing module is connected to the third APDU data encrypting module, and is configured to reorganize the encrypted third APDU data to form the first APDU data.
10. the mobile terminal of claim 8, wherein the mobile terminal comprises an NFC controller and an APP client; the NFC controller comprises a third APDU data receiving module, a third APDU data sending module, a third return data receiving module and a second return data sending module; the APP client comprises a fourth APDU data receiving module, a first APDU data forming module, a first APDU data sending module, a first platform identity verification module, a second return data receiving module, a second return data decryption and analysis module, a second return data extraction module, a fourth return data sending module and a fifth return data sending module;
the third APDU data receiving module is configured to receive the third APDU data sent by the contactless terminal;
The third APDU data sending module is connected to the third APDU data receiving module, and is configured to send the third APDU data to the APP client;
The third return data receiving module is configured to receive the second return data sent by the APP client;
The fourth APDU data receiving module is connected to the third APDU data sending module and configured to receive the third APDU data sent by the NFC controller;
the first APDU data forming module is connected to the fourth APDU data receiving module, and is configured to reorganize the received third APDU data to form the first APDU data;
the fourth return data sending module is respectively connected with the second return data extracting module and the third return data receiving module, and is used for sending the second return data to the NFC controller; and the fifth return data sending module is connected with the second return data extracting module and used for sending the extracted second return data to the online payment platform.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711404519.6A CN108133366B (en) | 2017-12-22 | 2017-12-22 | payment method and payment system of financial card and mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711404519.6A CN108133366B (en) | 2017-12-22 | 2017-12-22 | payment method and payment system of financial card and mobile terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108133366A CN108133366A (en) | 2018-06-08 |
| CN108133366B true CN108133366B (en) | 2019-12-17 |
Family
ID=62391437
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711404519.6A Active CN108133366B (en) | 2017-12-22 | 2017-12-22 | payment method and payment system of financial card and mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108133366B (en) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480725A (en) * | 2010-11-30 | 2012-05-30 | ***股份有限公司 | Remote payment method |
| US9038894B2 (en) * | 2012-11-20 | 2015-05-26 | Cellco Partnership | Payment or other transaction through mobile device using NFC to access a contactless transaction card |
| CN106251323A (en) * | 2015-12-22 | 2016-12-21 | 深圳超多维光电子有限公司 | Method, device and the electronic equipment of a kind of bore hole three-dimensional tracking |
| CN105844817A (en) * | 2016-03-23 | 2016-08-10 | 上海易码信息科技有限公司 | Remote offline financial card payment method used in NFC POC terminals |
-
2017
- 2017-12-22 CN CN201711404519.6A patent/CN108133366B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108133366A (en) | 2018-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113168747B (en) | System and method for password authentication of contactless cards | |
| US9904919B2 (en) | Verification of portable consumer devices | |
| US7891560B2 (en) | Verification of portable consumer devices | |
| CN104217327B (en) | A kind of financial IC card internet terminal and its method of commerce | |
| US20160117673A1 (en) | System and method for secured transactions using mobile devices | |
| US20130226812A1 (en) | Cloud proxy secured mobile payments | |
| EP3017580B1 (en) | Signatures for near field communications | |
| KR20170134631A (en) | User authentication method and apparatus, and wearable device registration method and apparatus | |
| US20130173477A1 (en) | Storing and forwarding credentials securely from one RFID device to another | |
| CN106527673A (en) | Method and apparatus for binding wearable device, and electronic payment method and apparatus | |
| CN107784499B (en) | Secure payment system and method of near field communication mobile terminal | |
| US20150142666A1 (en) | Authentication service | |
| CN104079562B (en) | A kind of safety certifying method and relevant apparatus based on payment terminal | |
| US20150142669A1 (en) | Virtual payment chipcard service | |
| JP2017537421A (en) | How to secure payment tokens | |
| CN112602104A (en) | System and method for password authentication of contactless cards | |
| CN106603496A (en) | Data transmission protection method, intelligent card, server, and communication system | |
| US20150142667A1 (en) | Payment authorization system | |
| CN101334884A (en) | Method and system for enhancing bank transfer safety | |
| CN113168631A (en) | System and method for password authentication of contactless cards | |
| CN102307188A (en) | Subscriber identity module (SIM)-based universal serial bus (USB) key encryption/decryption system and encryption/decryption method | |
| CN113792561B (en) | NFC electronic tag verification method and terminal | |
| CN104125064A (en) | Dynamic password authentication method, client and authentication system | |
| CN102622642A (en) | Blank smart card device issuance system | |
| US20210342819A1 (en) | Contactless card with multiple rotating security keys |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |