TWI661366B - Method and system for electronic payment - Google Patents
Method and system for electronic payment Download PDFInfo
- Publication number
- TWI661366B TWI661366B TW106100949A TW106100949A TWI661366B TW I661366 B TWI661366 B TW I661366B TW 106100949 A TW106100949 A TW 106100949A TW 106100949 A TW106100949 A TW 106100949A TW I661366 B TWI661366 B TW I661366B
- Authority
- TW
- Taiwan
- Prior art keywords
- information
- payment
- electronic device
- key
- code
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Abstract
本發明係一種以電子裝置進行支付之方法及其系統,係藉於進行支付時,以電子裝置之晶片模組之安全應用程式以金鑰對支付確認資訊進行押碼,而後再由電子裝置將支付確認資訊及押碼發送至第一伺服裝置,藉此提升支付時之安全性。The invention relates to a method and a system for making payment by an electronic device. When a payment is made, a security application of a chip module of the electronic device is used to key the payment confirmation information with a key, and then the electronic device sends the payment confirmation information. The payment confirmation information and bet code are sent to the first servo device, thereby improving the security during payment.
Description
本發明係有關於一種以電子裝置進行支付之方法及其系統,特別係有關於以電子裝置之晶片模組之安全應用程式對支付確認資訊進行押碼之以電子裝置進行支付之方法及其系統。The present invention relates to a method and a system for making payment using an electronic device, and more particularly to a method and a system for making payment with an electronic device by using a security application program of a chip module of the electronic device to make payment confirmation information. .
隨著科技的進步,網際網路逐漸的發展成熟,現今,網際網路已經逐漸的取代信件、電話等傳統的資訊媒介,成為各種資訊的新興載體。例如,電子郵件的使用已經逐漸取代了傳統郵件。With the advancement of technology, the Internet has gradually developed and matured. Today, the Internet has gradually replaced traditional information media such as letters and telephones, and has become an emerging carrier of all kinds of information. For example, the use of email has gradually replaced traditional email.
現代的電子裝置(例如智慧型手機、筆記型電腦、桌上型電腦、個人數位助理等)大多具有連線至網際網路的功能。而生產技術的成熟使得這些電子裝置變的相當平價,到目前為止,幾乎每人至少有一個或是多個的電子裝置。Modern electronic devices (such as smartphones, laptops, desktop computers, personal digital assistants, etc.) are mostly equipped with the ability to connect to the Internet. The maturity of production technology makes these electronic devices quite affordable. So far, almost everyone has at least one or more electronic devices.
由於網際網路的發展與電子裝置的普及化,使得越來越多民眾於購物結帳或是網路購物時使用電子裝置進行支付,因此,多數賣場、便利商店及網站都會提供以電子裝置進行金融交易的功能。Due to the development of the Internet and the popularization of electronic devices, more and more people use electronic devices to pay for shopping or shopping online. Therefore, most stores, convenience stores and websites provide electronic devices for payment. Functions of financial transactions.
通常而言,使用電子裝置進行交易的方法可以分為兩種,其中一種方式是透過電子裝置靠近商家之終端裝置,以電子裝置之近場通訊單元與商家之終端裝置進行連線後,再透過終端裝置與銀行或是第三方支付業者進行支付;另一種方式則是以電子裝置之通訊單元以有線或是無線之方式與商家之伺服裝置進行連線,再透過伺服裝置銀行或是第三方支付業者進行支付。無論使用者選擇以哪一種方式進行金融交易,在電子裝置進行金融交易的同時,電子裝置持有者的使用者的交易資料(例如帳戶、交易金額或交易密碼等)皆會透過有線或無線之方式發送至網際網路上,如此一來,有心人士即可從網際網路上取得這些交易資料,容易有交易資料被竄改使得伺服裝置所收到之交易資不正確的風險,為防止資料於傳輸時會遭到竄改,因此現今多以金鑰對傳輸之資訊進行押碼,接收端於收到資訊後再以金鑰對所收到之資訊進行運算取得另一押碼,並比對兩押碼,當不相符時即可知道資訊於傳輸時有遭到竄改,藉此確保資訊之完整性。Generally speaking, there are two methods for using electronic devices to conduct transactions. One method is to use an electronic device to approach the merchant's terminal device, connect the electronic device's near field communication unit to the merchant's terminal device, and then use the The terminal device pays with the bank or a third-party payment provider; another way is to use the communication unit of the electronic device to connect with the servo device of the merchant by wire or wirelessly, and then pay through the server device bank or third party Operators make payments. No matter which method the user chooses to conduct financial transactions, while the electronic device conducts financial transactions, the transaction information (such as account, transaction amount, or transaction password) of the user of the electronic device holder will be transmitted via wired or wireless. The method is sent to the Internet. In this way, interested people can obtain these transaction data from the Internet. It is easy to tamper with the transaction data and cause the risk of incorrect transaction data received by the servo device. To prevent data from being transmitted during transmission, Will be tampered with, so nowadays, the transmitted information is usually betted with a key. After receiving the information, the receiving end uses the key to calculate the received information to obtain another bet and compare the two bets. , When they do not match, you can know that the information has been tampered with during transmission to ensure the integrity of the information.
然而,當電子裝置對所要傳輸之資訊進行押碼運算時,在運算時會將金鑰載入電子裝置之記憶體中,在這同時,若電子裝置遭惡意程式入侵,惡意程式即可獲得此金鑰,勢必會造成相當的交易風險。However, when the electronic device performs a cryptographic calculation on the information to be transmitted, the key is loaded into the memory of the electronic device during the calculation. At the same time, if the electronic device is invaded by a malicious program, the malicious program can obtain this. Keys are bound to cause considerable trading risks.
本發明之主要目的,係提供一種以電子裝置進行支付之方法及其系統,藉由電子裝置之晶片模組之識別資訊取得傳輸金鑰,第一伺服裝置以傳輸金鑰加密第一金鑰,並發送加密後之第一金鑰至電子裝置,於進行交易時,以晶片模組之安全應用程式以第一金鑰對支付確認資訊進行押碼。The main object of the present invention is to provide a method and system for making payment by an electronic device. The transmission key is obtained by the identification information of the chip module of the electronic device, and the first servo device encrypts the first key with the transmission key. The encrypted first key is sent to the electronic device. When the transaction is performed, the security application of the chip module is used to secure the payment confirmation information with the first key.
為達上述之指稱之各目的與功效,本發明之一實施例係揭示一種以電子裝置進行支付之方法,其步驟包含由電子裝置發送訂單資訊至消費伺服裝置,消費伺服裝置發送支付請求資訊至電子裝置,電子裝置之支付應用程式依據支付請求資訊產生支付確認資訊,電子裝置之應用程式從電子裝置之儲存單元取得至少一第一金鑰其中之一,並使用安全應用程式以第一金鑰及支付確認資訊計算取得第一押碼,發送支付確認資訊及第一押碼至消費伺服裝置,消費伺服裝置發送支付確認資訊及第一押碼至第一伺服裝置,第一伺服裝置以第一金鑰及支付確認資訊計算取得第二押碼,比對第一押碼及第二押碼以確定該支付確認資訊之完整性。In order to achieve the aforementioned purposes and effects, an embodiment of the present invention discloses a method for making payment by an electronic device. The steps include sending the order information from the electronic device to the consumer server, and the consumer server sending the payment request information to The electronic device, the payment application of the electronic device generates payment confirmation information according to the payment request information, the application of the electronic device obtains at least one of the first keys from the storage unit of the electronic device, and uses the security application to use the first key And the payment confirmation information is calculated to obtain the first bet code, and the payment confirmation information and the first bet code are sent to the consumption servo device, the consumption servo device sends the payment confirmation information and the first bet code to the first servo device, and the first servo device uses the first The key and payment confirmation information are calculated to obtain the second bet code, and the first bet code and the second bet code are compared to determine the integrity of the payment confirmation information.
於本發明之一實施例中,其中於應用程式從儲存單元中取得至少第一金鑰其中之一之步驟前,該方法更包含:安全應用程式僅可正常處理屬於識別資訊對應晶片模組之第一金鑰。In an embodiment of the present invention, before the step of obtaining at least one of the first keys from the storage unit by the application program, the method further includes: the security application program can only normally process the chip module belonging to the identification information corresponding chip module. First key.
於本發明之一實施例中,其中電子裝置之支付應用程式從電子裝置之儲存單元取得至少一第一金鑰其中之一之步驟前,該方法更包含:設定電子裝置之晶片模組之安全應用程式之傳輸金鑰,其中傳輸金鑰是依據晶片模組之識別資訊計算取得,發送識別資訊至第一伺服裝置,第一伺服裝置依據識別資訊計算取得傳輸金鑰,第一伺服裝置依據傳輸金鑰加密至少一第一金鑰計算取得至少一加密資訊,發送至少一加密資訊至電子裝置,應用程式儲存加密後第一金鑰於電子裝置之儲存單元。In an embodiment of the present invention, before the payment application of the electronic device obtains one of the at least one first key from the storage unit of the electronic device, the method further includes: setting the security of the chip module of the electronic device The transmission key of the application. The transmission key is calculated and obtained based on the identification information of the chip module, and the identification information is sent to the first servo device. The first servo device is calculated and obtained the transmission key, and the first servo device is calculated based on the transmission. Key encryption encrypts at least one first key, calculates at least one encrypted information, sends at least one encrypted information to the electronic device, and the application stores the encrypted first key in the storage unit of the electronic device.
於本發明之一實施例中,其中第一伺服裝置依據識別資訊以一演算法取得傳輸金鑰。In an embodiment of the present invention, the first servo device obtains a transmission key by an algorithm based on the identification information.
於本發明之一實施例中,其中識別資訊為唯一識別碼。In one embodiment of the present invention, the identification information is a unique identification code.
本發明之另一實施例係揭示一種以電子裝置進行支付之方法,其步驟包含:輸入訂單資訊至終端裝置,終端裝置發送支付請求資訊至電子裝置,電子裝置之支付應用程式依據支付請求資訊產生支付確認資訊,電子裝置之支付應用程式從儲存單元中取得至少一加密第一金鑰其中之一,支付應用程式以加密第一金鑰及支付確認資訊呼叫安全應用程式,計算取得第一押碼,發送支付確認資訊及第一押碼至終端裝置,終端裝置發送支付確認資訊及第一押碼至消費伺服裝置,消費伺服裝置發送支付確認資訊及第一押碼至第一伺服裝置,支付應用程式發送支付確認資訊及第一押碼至終端裝置,終端裝置發送支付確認資訊及第一押碼至消費伺服裝置,消費伺服裝置發送支付確認資訊及第一押碼至第一伺服裝置,第一伺服裝置以第一金鑰及支付確認資訊計算取得第二押碼,比對第一押碼及第二押碼以確定支付確認資訊之完整性。Another embodiment of the present invention discloses a method for making payment by an electronic device. The steps include: inputting order information to a terminal device, the terminal device sending payment request information to the electronic device, and a payment application program of the electronic device is generated according to the payment request information Payment confirmation information. The payment application of the electronic device obtains one of the at least one encrypted first key from the storage unit. The payment application encrypts the first key and the payment confirmation information calls the security application to calculate and obtain the first bet code. , Send payment confirmation information and the first bet code to the terminal device, the terminal device sends payment confirmation information and the first bet code to the consumer server device, the consumption servo device sends payment confirmation information and the first bet code to the first server device, and the payment application The program sends the payment confirmation information and the first bet code to the terminal device. The terminal device sends the payment confirmation information and the first bet code to the consumption server device. The consumption server device sends the payment confirmation information and the first bet code to the first server device. The server device calculates the first key with the first key and payment confirmation information. Charge code than the code for the first charge and the second charge codes to determine the payment to confirm the integrity of the information.
本發明之另一實施例係揭示用以執行以電子裝置進行支付之方法之系統。Another embodiment of the present invention discloses a system for performing a method for making a payment with an electronic device.
為使 貴審查委員對本發明之特徵及所達成之功效有更進一步之瞭解與認識,謹佐以較佳之實施例及配合詳細之說明,說明如後:In order to make the reviewing committee members have a better understanding and understanding of the features of the present invention and the effects achieved, we would like to provide a better embodiment and a detailed description with the following description:
先前之技術中,由於當電子裝置對所要傳輸之資訊進行押碼運算時,在運算時會將金鑰載入電子裝置之記憶體中若電子裝置遭惡意程式入侵,惡意程式即可獲得此金鑰,會造成相當的交易風險。In the prior art, when an electronic device performs a bet operation on the information to be transmitted, a key is loaded into the memory of the electronic device during the calculation. If the electronic device is invaded by a malicious program, the malicious program can obtain this gold. Key, will cause considerable transaction risk.
在此說明本發明之第一實施例之以電子裝置進行支付之方法之流程,請參閱第一圖,其係為本發明之第一實施例之以電子裝置進行支付之方法之流程圖。如圖所示,本實施例之以電子裝置進行支付之方法其步驟包含:The flow of the method for making payment by an electronic device according to the first embodiment of the present invention is described here. Please refer to the first diagram, which is a flowchart of the method of making payment by an electronic device according to the first embodiment of the present invention. As shown in the figure, the steps of the method for paying by an electronic device in this embodiment include:
步驟S1:設定傳輸金鑰;Step S1: Set a transmission key;
步驟S3:第一伺服裝置取得傳輸金鑰;Step S3: the first servo device obtains a transmission key;
步驟S5:取得至少一加密資訊;Step S5: obtaining at least one encrypted information;
步驟S7:儲存至少一加密資訊;Step S7: Store at least one encrypted information;
步驟S9:發送支付請求資訊;Step S9: Send the payment request information;
步驟S11:取得第一金鑰;Step S11: obtaining a first key;
步驟S13:取得第一押碼;Step S13: obtaining the first bet code;
步驟S15:取得第二押碼;以及Step S15: obtaining a second bet code; and
步驟S17;比對第一押碼及第二押碼。Step S17; compare the first bet and the second bet.
接著說明為達成本發明之第一實施例之以電子裝置進行支付之方法所需之系統,請參閱第二圖,其係為本發明之第一實施例之以電子裝置進行支付之方法之系統示意圖。如圖所示,本發明之以電子裝置進行支付之方法所需之系統包含:一電子裝置1、一第一伺服裝置3及一消費伺服裝置5。電子裝置1包含一晶片模組101,一通訊單元103及一儲存單元105。上述之電子裝置1及第一伺服裝置3可為智慧型手機、個人數位助理(PDA)、平板電腦、筆記型電腦、桌上型電腦、工作站等電子裝置。上述之消費伺服裝置5可為一購物平台之伺服裝置或一商店之伺服裝置,其可為智慧型手機、個人數位助理(PDA)、平板電腦、筆記型電腦、桌上型電腦、工作站等電子裝置。Next, the system required to achieve the payment method by the electronic device in the first embodiment of the present invention will be described. Please refer to the second figure, which is the system of the payment method by the electronic device according to the first embodiment of the present invention. schematic diagram. As shown in the figure, the system required by the electronic device for payment method of the present invention includes: an electronic device 1, a first servo device 3, and a consumer servo device 5. The electronic device 1 includes a chip module 101, a communication unit 103 and a storage unit 105. The electronic device 1 and the first servo device 3 can be electronic devices such as a smart phone, a personal digital assistant (PDA), a tablet computer, a notebook computer, a desktop computer, and a workstation. The aforementioned consumer servo device 5 may be a servo device of a shopping platform or a servo device of a store, which may be an electronic device such as a smart phone, a personal digital assistant (PDA), a tablet computer, a notebook computer, a desktop computer, a workstation, etc. Device.
接著說明晶片模組101,晶片模組101包含有一安全應用程式1011,安全應用程式1011可以是於晶片模組101出廠時預先安裝於晶片模組101;亦可透過電子裝置可讀取之儲存媒介(例如唯讀記憶體、快閃式記憶體、硬式磁碟、軟式磁碟、固態硬碟、光碟、隨身碟或磁帶等)將安全應用程式1011安裝於晶片模組101;亦可透過空中傳輸(OTA,Over-the-air)之方式將安全應用程式1011安裝於晶片模組101。其中,晶片模組101包含一處理單元,處理單元為一可進行算術及邏輯運算之電子元件。Next, the chip module 101 is described. The chip module 101 includes a security application program 1011. The security application program 1011 may be pre-installed on the chip module 101 when the chip module 101 leaves the factory; the storage medium may also be read by an electronic device. (Such as read-only memory, flash memory, hard disk, floppy disk, solid state disk, optical disk, flash drive, or tape, etc.) Install the security application 1011 on the chip module 101; it can also be transmitted through the air (OTA, Over-the-air) method installs the security application 1011 on the chip module 101. The chip module 101 includes a processing unit, and the processing unit is an electronic component capable of performing arithmetic and logical operations.
於本發明之一實施例中,晶片模組101可為SIM卡(用戶身份模塊(SIM,Subscriber Identity Module)或其他具有運算功能之晶片模組(例如8051晶片、ARM晶片)。In one embodiment of the present invention, the chip module 101 may be a SIM card (Subscriber Identity Module (SIM) or other chip module having computing functions (such as an 8051 chip or an ARM chip).
於本發明之一實施例中,晶片模組101可為其他具有處理單元之晶片。In one embodiment of the present invention, the wafer module 101 may be another wafer having a processing unit.
接著說明通訊單元103,通訊單元103可以有線或無線之方式連接上網際網路或其他電子裝置、伺服裝置連線。Next, the communication unit 103 will be described. The communication unit 103 can be connected to the Internet or other electronic devices or servo devices by wired or wireless means.
接著說明儲存單元105,儲存單元105可為資料庫、硬式磁碟、軟式磁碟、固態硬碟、快閃式記憶體(Flash Memory)、唯讀記憶體(Read-Only Memory)、磁帶、光碟、可由網路存取之資料庫、雲端儲存空間或其他可儲存資料之儲存設備。Next, the storage unit 105 will be described. The storage unit 105 may be a database, a hard disk, a floppy disk, a solid-state hard disk, a flash memory, a read-only memory, a magnetic tape, and an optical disk. , A network-accessible database, cloud storage, or other storage device that can store data.
以下將說明本發明之第一實施例之以電子裝置進行支付之方法執行時之流程,請搭配第一圖及第二圖。The following describes the flow of the method for performing payment by an electronic device according to the first embodiment of the present invention. Please match the first and second figures.
於步驟S1中,設定傳輸金鑰,依據晶片模組101之一識別資訊以一演算法運算取得一傳輸金鑰,並寫入安全應用程式,其中傳輸金鑰可以是於晶片模組101出廠時即寫入晶片模組101之安全應用程式,亦可是透過OTA之方式將傳輸金鑰寫入安全應用程式,亦可是當以OTA之方式將安全應用程式1011安裝於晶片模組101時一同將傳輸金鑰寫入安全應用程式,亦可是以電子裝置可讀取之儲存媒介將傳輸金鑰寫入安全應用程式。其中識別資訊為晶片模組101之一唯一識別碼。上述之演算法可為區塊加密法、串流加密法、雜湊函式演算法等。In step S1, a transmission key is set, and a transmission key is obtained by an algorithm based on the identification information of one of the chip modules 101 and written into the security application program. The transmission key may be when the chip module 101 leaves the factory. That is, the security application program written in the chip module 101 can also be written into the security application program via OTA, or it can be transmitted together when the security application program 1011 is installed in the chip module 101 by OTA. The key is written into the secure application, or the transmission key can be written into the secure application in a storage medium readable by the electronic device. The identification information is a unique identification code of the chip module 101. The above algorithms can be block encryption method, stream encryption method, hash function algorithm, etc.
於本發明之一實施例中,傳輸金鑰是由一傳輸金鑰運算電子裝置以上述之演算法運算產生,並由上述之方法寫入安全應用程式1011。In one embodiment of the present invention, the transmission key is generated by a transmission key calculation electronic device using the algorithm described above, and written into the security application program 1011 by the method described above.
於步驟S3中,第一伺服裝置取得傳輸金鑰,電子裝置透過通訊單元103發送晶片模組101之識別資訊至第一伺服裝置3,第一伺服裝置依據所收到之晶片模組101之識別資訊以一演算法運算取得傳輸金鑰。換言之,第一伺服裝置3會以上述之演算法運算取得傳輸金鑰。In step S3, the first servo device obtains the transmission key, and the electronic device sends the identification information of the wafer module 101 to the first servo device 3 through the communication unit 103. The first servo device is based on the identification of the received wafer module 101. The information is calculated by an algorithm to obtain the transmission key. In other words, the first servo device 3 obtains the transmission key by the algorithm operation described above.
於步驟S5中,取得至少一加密資訊,第一伺服裝置3取得至少一第一金鑰,並依據傳輸金鑰加密所取得之第一金鑰取得至少一加密資訊,並將加密資訊發送至電子裝置1。其中,第一金鑰可以從第一伺服裝置3之儲存單元中取得或者是第一伺服裝置3以演算法運算產生(例如區塊加密法、串流加密法、雜湊函式演算法)或者以隨機函數產生。In step S5, at least one encrypted information is obtained, the first server device 3 obtains at least one first key, obtains at least one encrypted information according to the first key obtained by the transmission key encryption, and sends the encrypted information to the electronic装置 1。 Device 1. The first key can be obtained from the storage unit of the first servo device 3 or can be generated by the first servo device 3 by an arithmetic operation (for example, block encryption method, stream encryption method, hash function algorithm) or by Random function generation.
於步驟S7中,儲存至少一加密資訊,電子裝置1取得至少一加密資訊,並將所取得之至少一加密資訊儲存於儲存單元105中。由於本實施例是用以加密的傳輸金鑰是依據識別資訊以演算法運算所產生,並非是由電子裝置1直接將傳輸金鑰發送至第一伺服裝置3,因此,既使有心人士於網際網路上竊取電子裝置1發送至第一伺服裝置3的識別資訊,在無法得知電子裝置1及第一伺服裝置3所使用之演算法及演算法之運算參數的情況下依然無法取得用以加密第一金鑰之傳輸金鑰。In step S7, at least one encrypted information is stored. The electronic device 1 obtains at least one encrypted information, and stores the obtained at least one encrypted information in the storage unit 105. Since the transmission key used for encryption in this embodiment is generated by arithmetic operation based on the identification information, it is not that the electronic device 1 directly transmits the transmission key to the first servo device 3, therefore, even if the interested person is online, The identification information sent by the electronic device 1 to the first servo device 3 is stolen on the network, and the algorithm used by the electronic device 1 and the first servo device 3 cannot be obtained without being used to encrypt the algorithm. The transfer key for the first key.
而後,當要以電子裝置進行支付時,於步驟S9,發送支付請求資訊,電子裝置1透過通訊單元103連線至消費伺服裝置5並發送一訂單資訊至消費伺服裝置5,消費伺服裝置5依據訂單資訊取得對應訂單資訊之一支付金額,並依據支付金額發送一支付請求資訊至電子裝置1。Then, when payment is to be made by the electronic device, in step S9, payment request information is sent. The electronic device 1 connects to the consumption servo device 5 through the communication unit 103 and sends an order information to the consumption servo device 5. The consumption servo device 5 is based on The order information obtains a payment amount corresponding to one of the order information, and sends a payment request information to the electronic device 1 according to the payment amount.
於步驟S11,取得第一金鑰,電子裝置1之一支付應用程式依據支付請求資訊產生一支付確認資訊並從儲存單元105取得至少一加密資訊其中之一,將支付確認資訊及至少一加密資訊其中之一發送至安全應用程式1011,安全應用程式1011以傳輸金鑰解密所取得之加密資訊,以取得至少一第一金鑰其中之一。In step S11, a first key is obtained, and a payment application of the electronic device 1 generates a payment confirmation information according to the payment request information and obtains one of the at least one encrypted information from the storage unit 105. The payment confirmation information and the at least one encrypted information are obtained. One of them is sent to the security application 1011. The security application 1011 decrypts the obtained encrypted information by using the transmission key to obtain one of the at least one first key.
於步驟S13,取得第一押碼,安全應用程式1011依據所取得之第一金鑰對支付確認資訊進行運算產生一第一押碼(MAC,message authentication code)並回送至支付應用程式,支付應用程式將支付確認資訊及第一押碼發送至消費伺服裝置5,消費伺服裝置5則將支付確認資訊及第一押碼發送至第一伺服裝置3。In step S13, the first bet code is obtained, and the security application 1011 calculates the payment confirmation information according to the obtained first key to generate a first bet code (MAC, message authentication code) and returns it to the payment application, and the payment application The program sends the payment confirmation information and the first bet code to the consumption servo device 5, and the consumption server device 5 sends the payment confirmation information and the first bet code to the first servo device 3.
於步驟S15,取得第二押碼,第一伺服裝置3取得對應於電子裝置1之第一金鑰,進一步而言,第一伺服裝置3是從第一伺服裝置3之儲存單元中取得對應電子裝置1之第一金鑰。第一伺服裝置3依據第一金鑰運算支付確認資訊取得一第二押碼。In step S15, the second bet code is obtained, and the first servo device 3 obtains the first key corresponding to the electronic device 1. Further, the first servo device 3 obtains the corresponding electron from the storage unit of the first servo device 3. First key of device 1. The first servo device 3 calculates the payment confirmation information according to the first key to obtain a second bet code.
於步驟S17,比對第一押碼及第二押碼,第一伺服裝置3比對第一押碼及第二押碼,以確認支付確認資訊之完整性,當第一押碼對應第二押碼時,則第一伺服裝置3依據支付確認資訊進行支付。In step S17, the first bet code and the second bet code are compared, and the first servo device 3 compares the first bet code and the second bet code to confirm the integrity of the payment confirmation information. When the first bet code corresponds to the second bet code, When the code is staked, the first servo device 3 performs payment according to the payment confirmation information.
至此即完成本發明之第一實施例之以電子裝置進行支付之方法,由於第一押碼是於晶片模組101中之安全應用程式1011運算產生,因此,在進行運算無須將第一金鑰載入電子裝置1之記憶體中,即便電子裝置遭到惡意程式入侵,進而使惡意程式常駐於電子裝置之記憶體中,但由於晶片模組101之記憶體並不與電子裝置之記憶體共用,惡意程式依然無法取得晶片模組101中之第一金鑰,藉此可以提升支付之安全性。This completes the method of electronic device payment in the first embodiment of the present invention. Since the first bet code is generated by the security application program 1011 in the chip module 101, it is not necessary to perform the calculation with the first key Loaded into the memory of the electronic device 1, even if the electronic device is invaded by a malicious program, so that the malicious program resides in the memory of the electronic device, but since the memory of the chip module 101 is not shared with the memory of the electronic device However, the malicious program still cannot obtain the first key in the chip module 101, thereby improving the security of payment.
由於第一金鑰不容易被有心人士竊取,因此以本實施例所揭示之方法進行支付時更具有安全性。舉例而言,若是有心人士想要竄改支付確認資訊時,由於缺少第一金鑰,則無法產生對應竄改後支付確認資訊之第一押碼,因此當第一伺服裝置依據竄改後之支付確認資訊以第一金鑰運算取得第二押碼後,在比對第一押碼及第二押碼時,第一伺服裝置會檢測出第一押碼並未對應於第二押碼,及代表支付確認資訊不完整,此時代表支付確認資訊遭到竄改,則第一伺服裝置不進行對應支付確認資訊之支付。Since the first key is not easy to be stolen by a person with intention, it is more secure when making a payment by the method disclosed in this embodiment. For example, if a person interested in tampering with the payment confirmation information, due to the lack of the first key, the first bet code corresponding to the tampered payment confirmation information cannot be generated. Therefore, when the first servo device is based on the tampered payment confirmation information, After obtaining the second bet code using the first key operation, when comparing the first bet code and the second bet code, the first servo device will detect that the first bet code does not correspond to the second bet code and pay on behalf of The confirmation information is incomplete. At this time, it means that the payment confirmation information has been tampered with, and the first servo device does not perform payment corresponding to the payment confirmation information.
於本發明之一實施例中,第一伺服裝置3依據支付確認資訊進行支付之方式可為從電子裝置1所對應之帳戶中扣除對應支付確認資訊之金額,並將所扣除之金額匯入消費伺服裝置5所對應之帳戶中,或者第一伺服裝置3從電子裝置1所對應之***或金融卡中扣除對應支付確認資訊之金額,並將所扣除之金額匯入消費伺服裝置5所對應之帳戶中,或者第一伺服裝置3從電子裝置1所對應之帳戶中之匯出對應支付確認資訊之金額至消費伺服裝置5所對應之帳戶中。In an embodiment of the present invention, the method for the first servo device 3 to make a payment according to the payment confirmation information may be to deduct the amount of the corresponding payment confirmation information from the account corresponding to the electronic device 1, and remit the deducted amount into the consumption. In the account corresponding to the servo device 5, or the first servo device 3 deducts the amount of the corresponding payment confirmation information from the credit or debit card corresponding to the electronic device 1, and remits the deducted amount to the corresponding amount in the consumption server device 5. In the account, or the first servo device 3 remits the corresponding payment confirmation information from the account corresponding to the electronic device 1 to the account corresponding to the consumption server device 5.
以下舉例說明本發明之第一實施例用於實際生活中之例子,請搭配第一圖及第二圖。使用者持有之智慧型手機(相當於電子裝置1)之SIM卡(相當於晶片模組101)於出廠時即依據SIM卡之序號(相當於識別資訊)寫入一傳輸金鑰至SIM卡中之一安全應用程式(相當於安全應用程式1011)(相當於步驟S1)。智慧型手機發送序號至第一伺服裝置(相當於第一伺服裝置3),第一伺服裝置依據序號以演算法運算取得傳輸金鑰(相當於步驟S3)。第一伺服裝置3從資料庫中取得至少一第一金鑰,並依據傳輸金鑰加密所取得之至少一第一金鑰取得至少一加密資訊,並將至少一加密資訊發送至智慧型手機(相當於步驟S5)。智慧型手機取得加密資訊後,支付應用程式將加密資訊儲存於金鑰資料庫中(相當於步驟S7)。The following illustrates the example of the first embodiment of the present invention used in actual life, please match the first picture and the second picture. The SIM card (equivalent to chip module 101) of the smart phone (equivalent to electronic device 1) held by the user writes a transmission key to the SIM card based on the serial number of the SIM card (equivalent to identification information) when leaving the factory. One of the security applications (equivalent to the security application 1011) (equivalent to step S1). The smart phone sends a serial number to the first servo device (equivalent to the first servo device 3), and the first servo device obtains the transmission key by an algorithm based on the serial number (equivalent to step S3). The first server device 3 obtains at least one first key from the database, obtains at least one encrypted information according to the at least one first key obtained by the transmission key encryption, and sends the at least one encrypted information to the smart phone ( Corresponds to step S5). After the smartphone obtains the encrypted information, the payment application stores the encrypted information in the key database (equivalent to step S7).
接續上述,使用者以智慧型手機連線至一購物網站(相當於消費伺服裝置5),並於購物網站瀏覽商品後以智慧型手機訂購一商品,此時智慧型手機發送一對應於訂購之商品之訂單資訊至購物網站,購物網站收到訂單資訊後依據商品之金額發送一支付請求資訊置智慧型手機(相當於步驟S9)。智慧型手機之一支付應用程式依據支付請求資訊產生一支付確認資訊並從金鑰資料庫中取得至少一加密資訊其中之一,並將支付確認資訊及所取得之加密資訊發送至安全應用程式,安全應用程式以傳輸金鑰解密所取得之加密資訊,取得至少一第一金鑰其中之一(相當於步驟S11)。Following the above, the user connects to a shopping website (equivalent to the consumer server device 5) with a smart phone, and orders a product with the smart phone after browsing the product on the shopping website. At this time, the smart phone sends a The order information of the product is sent to the shopping website. After receiving the order information, the shopping website sends a payment request information to the smartphone according to the amount of the product (equivalent to step S9). A payment application of one of the smart phones generates a payment confirmation information according to the payment request information and obtains at least one of the encrypted information from the key database, and sends the payment confirmation information and the obtained encrypted information to the secure application, The security application decrypts the obtained encrypted information by using the transmission key to obtain one of the at least one first key (equivalent to step S11).
接續上述,安全應用程式依據第一金鑰對支付確認資訊進行運算產生第一押碼並回送至支付應用程式,支付應用程式將支付確認資訊及第一押碼發送至購物網站,購物網站則將支付確認資訊及第一押碼發送至第一伺服裝置(相當於步驟S13)。第一伺服裝置取得對應於智慧型手機之第一金鑰,第一伺服裝置依據第一金鑰運算支付確認資訊取得第二押碼(相當於步驟S15)。第一伺服裝置比對第一押碼及第二押碼,並確認第一押碼對應第二押碼後,第一伺服裝置從智慧型手機之使用者之帳戶中扣除商品之金額,並將扣除之金額匯入購物網站之帳戶中(相當於步驟S17)。Following the above, the security application calculates the payment confirmation information according to the first key to generate the first bet code and sends it back to the payment application. The payment application sends the payment confirmation information and the first bet code to the shopping website, and the shopping website sends The payment confirmation information and the first bet code are sent to the first servo device (equivalent to step S13). The first server device obtains a first key corresponding to the smart phone, and the first server device obtains a second bet code based on the first key to calculate the payment confirmation information (equivalent to step S15). After the first servo device compares the first bet code and the second bet code, and confirms that the first bet code corresponds to the second bet code, the first servo device deducts the amount of the product from the account of the user of the smartphone, and The deducted amount is transferred to the account of the shopping website (equivalent to step S17).
接著說明本發明之第二實施例之以電子裝置進行支付之方法,請參閱第三圖,其係為本發明之第二實施例之以電子裝置進行支付之方法所需之系統。如圖所示,本實施例之系統與第二實施例之系統差異在於:本實施例之系統更包含:一終端裝置7。於本實施例中消費伺服裝置5為一店家之伺服裝置,終端裝置7可為店家之收銀機或POS機等電子裝置。消費伺服裝置5與終端裝置7透過有線或無線之方式連線。Next, the method for making payment by an electronic device according to the second embodiment of the present invention will be described. Please refer to FIG. 3, which is a system required by the method of making payment by an electronic device according to the second embodiment of the present invention. As shown in the figure, the system of this embodiment is different from the system of the second embodiment in that the system of this embodiment further includes: a terminal device 7. In this embodiment, the consumer servo device 5 is a servo device of a store, and the terminal device 7 may be an electronic device such as a cash register or a POS machine of the store. The consumer servo device 5 and the terminal device 7 are connected in a wired or wireless manner.
於本實施例中,於步驟S9,於終端裝置7輸入一訂單資訊,終端裝置7依據訂單資訊之支付金額發送一支付請求資訊至電子裝置1。In this embodiment, in step S9, an order information is input in the terminal device 7, and the terminal device 7 sends a payment request information to the electronic device 1 according to the payment amount of the order information.
於本實施例中,於步驟S13安全應用程式1011依據所取得之第一金鑰對支付確認資訊進行運算產生一第一押碼並回送至支付應用程式,支付應用程式將支付確認資訊及第一押碼發送至終端裝置7,終端裝置7發送支付確認資訊及第一押碼至消費伺服裝置5,消費伺服裝置5則將支付確認資訊及第一押碼發送至第一伺服裝置3。In this embodiment, in step S13, the security application 1011 calculates the payment confirmation information according to the obtained first key, generates a first bet code, and sends it back to the payment application. The payment application sends the payment confirmation information and the first The bet code is sent to the terminal device 7, the terminal device 7 sends the payment confirmation information and the first bet code to the consumption servo device 5, and the consumption server device 5 sends the payment confirmation information and the first bet code to the first servo device 3.
於本實施例中,終端裝置7可透過有線網路、無線網路或近場通訊之方式發送支付請求資訊至電子裝置1。In this embodiment, the terminal device 7 may send the payment request information to the electronic device 1 through a wired network, a wireless network, or a near field communication.
惟以上所述者,僅為本發明之較佳實施例而已,並非用來限定本發明實施之範圍,舉凡依本發明申請專利範圍所述之形狀、構造、特徵及精神所為之均等變化與修飾,均應包括於本發明之申請專利範圍內。However, the above are only preferred embodiments of the present invention, and are not intended to limit the scope of implementation of the present invention. For example, all changes and modifications of the shapes, structures, features, and spirits in accordance with the scope of the patent application for the present invention are made. Shall be included in the scope of patent application of the present invention.
本發明係實為一具有新穎性、進步性及可供產業利用者,應符合我國專利法所規定之專利申請要件無疑,爰依法提出發明專利申請,祈 鈞局早日賜准專利,至感為禱。The invention is truly a novel, progressive, and industrially available user, which should meet the patent application requirements stipulated by the Chinese Patent Law. No doubt, the invention patent application was submitted in accordance with the law. prayer.
1‧‧‧電子裝置1‧‧‧ electronic device
101‧‧‧晶片模組101‧‧‧Chip Module
1011‧‧‧安全應用程式1011‧‧‧ Security App
103‧‧‧通訊單元103‧‧‧communication unit
105‧‧‧儲存單元105‧‧‧Storage unit
107‧‧‧支付應用程式107‧‧‧ payment app
3‧‧‧第一伺服裝置3‧‧‧The first servo device
5‧‧‧消費伺服裝置5‧‧‧Consumer Servo Device
7‧‧‧終端裝置7‧‧‧ terminal device
第一圖:其係為本發明之第一實施例之以電子裝置進行支付之方法之流程圖; 第二圖:其係為本發明之第一實施例之以電子裝置進行支付之方法之系統示意圖;以及 第三圖:其係為本發明之第二實施例之以電子裝置進行支付之方法之系統示意圖。First diagram: It is a flowchart of a method for making payment by an electronic device according to the first embodiment of the present invention; Second diagram: It is a system of a method of making payment by an electronic device according to the first embodiment of the present invention A schematic diagram; and a third diagram: a system diagram of a method for performing payment by an electronic device according to a second embodiment of the present invention.
Claims (16)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106100949A TWI661366B (en) | 2017-01-12 | 2017-01-12 | Method and system for electronic payment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106100949A TWI661366B (en) | 2017-01-12 | 2017-01-12 | Method and system for electronic payment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201826185A TW201826185A (en) | 2018-07-16 |
| TWI661366B true TWI661366B (en) | 2019-06-01 |
Family
ID=63639952
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW106100949A TWI661366B (en) | 2017-01-12 | 2017-01-12 | Method and system for electronic payment |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI661366B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103443813A (en) * | 2010-12-14 | 2013-12-11 | 极限移动有限公司 | Authenticating transactions using a mobile device identifier |
| US20150019443A1 (en) * | 2013-07-15 | 2015-01-15 | John Sheets | Secure remote payment transaction processing |
| TWI529640B (en) * | 2015-02-16 | 2016-04-11 | jian-gang Yang | Action payment method and action payment equipment |
| CN106031207A (en) * | 2013-12-02 | 2016-10-12 | 万事达卡国际股份有限公司 | Method and system for secure tranmission of remote notification service messages to mobile devices without secure elements |
| TWM549906U (en) * | 2017-01-12 | 2017-10-01 | Modern Times Financial Information Co Ltd | System using electronic device for payment |
-
2017
- 2017-01-12 TW TW106100949A patent/TWI661366B/en active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103443813A (en) * | 2010-12-14 | 2013-12-11 | 极限移动有限公司 | Authenticating transactions using a mobile device identifier |
| US20150019443A1 (en) * | 2013-07-15 | 2015-01-15 | John Sheets | Secure remote payment transaction processing |
| CN106031207A (en) * | 2013-12-02 | 2016-10-12 | 万事达卡国际股份有限公司 | Method and system for secure tranmission of remote notification service messages to mobile devices without secure elements |
| TWI529640B (en) * | 2015-02-16 | 2016-04-11 | jian-gang Yang | Action payment method and action payment equipment |
| TWM549906U (en) * | 2017-01-12 | 2017-10-01 | Modern Times Financial Information Co Ltd | System using electronic device for payment |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201826185A (en) | 2018-07-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11861603B2 (en) | Tokenizing sensitive data | |
| JP6703510B2 (en) | Method and system for generating an advanced storage key without a secure element in a mobile device | |
| KR101809221B1 (en) | Method and system for secure authentication of user and mobile device without secure elements | |
| KR102325361B1 (en) | Method and system for secure transmission of remote notification service messages to mobile devices without secure elements | |
| CN107077670B (en) | Method and apparatus for transmitting and processing transaction message, computer readable storage medium | |
| CN105046479B (en) | Trusted service manager architecture and method | |
| US20220188808A1 (en) | Tap to autofill card data | |
| TWI688909B (en) | Mobile payment method, device and system | |
| TW201608499A (en) | Transaction device, transaction system using the same and transaction method using the same | |
| US11507939B2 (en) | Contactless card tap pay for offline transactions | |
| WO2017076173A1 (en) | Mobile terminal, trade confirmation method and apparatus therefor, and smart card | |
| TWM549906U (en) | System using electronic device for payment | |
| TWI661366B (en) | Method and system for electronic payment | |
| US20170061431A1 (en) | Systems and Methods of Securing MO/TO Processing | |
| CN105405010B (en) | Transaction device, transaction system using the same and transaction method | |
| TWI678674B (en) | Ticket top-up system, method and mobile apparatus |